The Perfect Server - CentOS 6.3 x86_64 (Apache2, Courier, ISPConfig 3) - Page 3

4 Adjust /etc/hosts

Next we edit /etc/hosts. Make it look like this:

vi /etc/hosts   localhost localhost.localdomain localhost4 localhost4.localdomain4     server1

::1         localhost localhost.localdomain localhost6 localhost6.localdomain6


5 Configure The Firewall

(You can skip this chapter if you have already disabled the firewall at the end of the basic system installation.)

I want to install ISPConfig at the end of this tutorial which comes with its own firewall. That's why I disable the default CentOS firewall now. Of course, you are free to leave it on and configure it to your needs (but then you shouldn't use any other firewall later on as it will most probably interfere with the CentOS firewall).



and disable the firewall.

To check that the firewall has really been disabled, you can run

iptables -L

afterwards. The output should look like this:

[root@server1 ~]# iptables -L
Chain INPUT (policy ACCEPT)
target     prot opt source               destination

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination
[root@server1 ~]#


6 Disable SELinux

SELinux is a security extension of CentOS that should provide extended security. In my opinion you don't need it to configure a secure system, and it usually causes more problems than advantages (think of it after you have done a week of trouble-shooting because some service wasn't working as expected, and then you find out that everything was ok, only SELinux was causing the problem). Therefore I disable it (this is a must if you want to install ISPConfig later on).

Edit /etc/selinux/config and set SELINUX=disabled:

vi /etc/selinux/config

# This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
#     enforcing - SELinux security policy is enforced.
#     permissive - SELinux prints warnings instead of enforcing.
#     disabled - No SELinux policy is loaded.
# SELINUXTYPE= can take one of these two values:
#     targeted - Targeted processes are protected,
#     mls - Multi Level Security protection.

Afterwards we must reboot the system:



7 Enable Additional Repositories And Install Some Software

First we import the GPG keys for software packages:

rpm --import /etc/pki/rpm-gpg/RPM-GPG-KEY*

Then we enable the RPMforge and EPEL repositories on our CentOS system as lots of the packages that we are going to install in the course of this tutorial are not available in the official CentOS 6.3 repositories:

rpm --import

cd /tmp
rpm -ivh rpmforge-release-0.5.2-2.el6.rf.x86_64.rpm

(If the above link doesn't work anymore, you can find the current version of rpmforge-release here:

rpm --import
rpm -ivh epel-release-6-7.noarch.rpm

yum install yum-priorities

Edit /etc/yum.repos.d/epel.repo...

vi /etc/yum.repos.d/epel.repo

... and add the line priority=10 to the [epel] section:

name=Extra Packages for Enterprise Linux 6 - $basearch

Then we update our existing packages on the system:

yum update

Now we install some software packages that are needed later on:

yum groupinstall 'Development Tools'


8 Quota

(If you have chosen a different partitioning scheme than I did, you must adjust this chapter so that quota applies to the partitions where you need it.)

To install quota, we run this command:

yum install quota

Edit /etc/fstab and add ,usrjquota=aquota.user,,jqfmt=vfsv0 to the / partition (/dev/mapper/vg_server1-lv_root):

vi /etc/fstab

# /etc/fstab
# Created by anaconda on Wed Jul 11 17:52:57 2012
# Accessible filesystems, by reference, are maintained under '/dev/disk'
# See man pages fstab(5), findfs(8), mount(8) and/or blkid(8) for more info
/dev/mapper/vg_server1-lv_root /                       ext4    defaults,usrjquota=aquota.user,,jqfmt=vfsv0        1 1
UUID=806910a1-dbdf-4746-bd94-cbe73ce81493 /boot                   ext4    defaults        1 2
/dev/mapper/vg_server1-lv_swap swap                    swap    defaults        0 0
tmpfs                   /dev/shm                tmpfs   defaults        0 0
devpts                  /dev/pts                devpts  gid=5,mode=620  0 0
sysfs                   /sys                    sysfs   defaults        0 0
proc                    /proc                   proc    defaults        0 0

Then run

mount -o remount /

quotacheck -avugm
quotaon -avug

to enable quota.


9 Install Apache, MySQL, phpMyAdmin

We can install the needed packages with one single command:

yum install ntp httpd mod_ssl mysql-server php php-mysql php-mbstring phpmyadmin

Share this page:

23 Comment(s)

Add comment


From: at: 2013-01-17 18:01:28

Can this process be used to install ISPConfig 3 on CentOS 6 32bit versions?

Please Reply!

From: oakleeman at: 2012-09-20 19:00:38

Heads up that if your HDD is bigger than 50GB or so in size the CentOS 6.3 install will create a 45GB or so / partition and then setup the rest as /home. If this isn't what you want then check the box to review the partitioning layout and delete the /home lv and increase the size of the / lv. 

This bites me in the rear every time I follow Falko's guides for CentOS 6 and forget about the partition issue until I get to the step for editing fstab for quota...then I have to delete the VM hard-disk and start over since that is faster for me then extending the lv.  

From: Dizfunkshunal at: 2013-01-10 20:33:03


epel-release-6-7.noarch.rpm  all instances



From: ally at: 2013-07-20 13:20:18

Also if installing on OpenVZ it's a different process for enabling quotas. Has to be enabled by the sys admin or hardware node admin for  your container.

From: Emo at: 2014-03-08 09:22:15

its now https:// , http:// is not working anymore.

From: Payne at: 2013-10-21 01:26:33

Another note, in order to get the RepoForge repositories to work correctly (in step 7) I had to follow instructions on the following link:

Hope that helps!


From: admin at: 2012-07-28 07:54:01

It's no mistake - the tutorial is working for me exactly as written.

From: Anonymous at: 2012-07-27 16:02:29

After the build process, the rpm packages can be found in $HOME/rpm/RPMS/x86_64 ($HOME/rpm/RPMS/i686 if you are on an i686 system):

has to correct in 

After the build process, the rpm packages can be found in $HOME/rpmbuild/RPMS/x86_64 ($HOME/rpmbuild/RPMS/i686 if you are on an i686 system):


From: Mike at: 2012-11-24 14:24:13

Postfix would not receive incoming emails or respond to telnet into port 25.  The maillog showed:

fatal : no SASL authentication method available

The fix was to install missing package cyrus-sasl-plain:

yum install cyrus-sasl-plain

After restarting postfix, incoming emails started to arrive.

From: at: 2013-03-03 22:45:47

Just something of note here:

Courier by default will limit the number of connections per ip to 4.  Most email clients use 5 connections per email account.  See the problem?

Make sure to just update this now to get it out of the way so you aren't wondering later why you can't connect to your IMAP account and start blaming ISPConfig for it

What value should you use for max connections per ip?

Generally speaking, for the ip with the most email accounts:


Then you can just update the config and restart courier and you'll never have to worry about this later (unless the max number of email accounts for an ip increases)

TIP:  If you have your mail setup on your phone and ipad and both are using the same internet ip as your laptop you now have 3 email clients per account instead of just 1.  Either turn off your mail at home on your phone/ipad or increase your MAXPERIP to compensate. 

I like to use 105 for my default MAXPERIP (7 accounts per ip, 3 devices per account):

sed -i 's/MAXPERIP=4/MAXPERIP=105/g' /usr/lib/courier-imap/etc/imapd
service courier-imap restart

From: r4faga at: 2012-09-04 23:06:07

when i try to do make on suphp, there is make it a error. And dont install. 
g++ -DOPT_CONFIGFILE=\"/etc/suphp.conf\" -g -O2 -o suphp API.o API_Helper.o API_Linux.o API_Linux_Logger.o Application.o CommandLine.o Configuration.o Environment.o Exception.o File.o GroupInfo.o IOException.o IniFile.o IniSection.o KeyNotFoundException.o Logger.o LookupException.o OutOfRangeException.o PathMatcher.o ParsingException.o PointerException.o SecurityException.o SoftException.o SystemException.o UserInfo.o Util.o
make[3]: se sale del directorio `/tmp/suphp-0.7.1/src'
make[2]: se sale del directorio `/tmp/suphp-0.7.1/src'
make[1]: se sale del directorio `/tmp/suphp-0.7.1/src'
make[1]: se ingresa al directorio `/tmp/suphp-0.7.1'
make[1]: No se hace nada para `all-am'.
make[1]: se sale del directorio `/tmp/suphp-0.7.1'

From: Martin at: 2012-09-27 09:33:22

You ask us to remove original init script from rc.* and add


 however there is no such file included (Centos 5.3 following every step to my knowledge)


From: at: 2012-12-05 19:02:04

i had 2 installations were i had to

 cp /etc/awstats/awstats.model.conf /etc/awstats/awstats.conf

for awstats to work. info @

From: JNPerez at: 2013-04-25 15:46:24

the link for the mod_ruby-1.3.0.tar.gz is down... Use this mirror



From: at: 2013-05-27 23:04:36

Make sure you do not leave /etc/named.conf unconfigured.   By default you are offering recursive name service to the whole world.   You'll notice this one day when you run top and see named using up 50%+ CPU because some bots are using your Bind for DNS DDoS attacks.   Rather than leave the configuration file as the default, at very least update it to the following to protect yourself, your clients, and the victims:

include "/etc/rndc.key";

controls {
        inet allow { localhost; } keys { "rndc-key"; };

// named.conf for Red Hat caching-nameserver

acl "trusted" {;

options {
        directory "/var/named";
        dump-file "/var/named/data/cache_dump.db";
        statistics-file "/var/named/data/named_stats.txt";
        allow-recursion { trusted; };
        allow-notify { trusted; };
        allow-transfer { trusted; };
        forwarders {; };

Above config found at:

From: Alex at: 2012-10-11 16:05:11


I am in  vi   /etc/aliases file and try to add what it says , but I can't write pipe key  after 


mailman:    " 


could anyone can tell me how to enter pipe key  in vi editor?





From: at: 2013-06-19 08:24:34


I get this error when I try to login to webmail;  ERROR: Connection dropped by IMAP server.. 


The problem is resolved.  I had not installed ISPConfig yet when I tried to access and check the mail server.  After I installed the ISPConfig, I was able to connect, send and receive mail.  

From: sth at: 2014-06-15 06:14:16

I have followed the instructions as per the instructions for  "Perfect Server - Centros 6.3 x 86_64...:

Apart from a hiccup in find in the  "mod_ruby" file (eventually found one at another site) all appears to have gone well except that I do not appear to be able to run Firefox.

It seems that Firefox was not installed as part of the "Basic Server" set up when Centros was installed and indicated on page two of the instructions.  ANy way Firefox is easy enough to install.  However, when I try to start Firefox either as root or the user I get a message

cannot open display: :0

 Have tried    export DISPLAY=:0   with no result

Have installed xorg.x11-server-utils     An sill get no result.


Any one any ideas as to how to fix this and be able to run Fix so I can check the Webmail asn WEB Admis screens as shown in the instructions?



From: at: 2012-07-31 15:44:13

After all check, if bastille-firewall works:

iptables -L

If not, You can start it by typing:

/etc/init.d/bastille-firewall start

and configure: 

chkconfig --levels 235 bastille-firewall on

Now, You can check firewall again:

iptables -L

On all of my servers configured with the articles "CentOS/ISPC3 Perfect Server": 5.7, 6.0, 6.2, 6.3 from, never Bastille firewall start automatically. 

From: hb at: 2012-10-11 15:37:41

we just us one, so why should be download two DVDs ?

From: at: 2013-03-19 03:42:45

in the end when this is all set up and working for the most part, I have one problem.


Basically ftp into the correct area, then when trying to browse to the page it runs some cached version rather than the actual file that's been uploaded.  This has nothing to do with the client side cache as I've tried it on at least 5-10 machines which have never even been to the domain :(

 ANY help would be sincerely appreciated.

From: Anonymous at: 2013-08-06 18:52:54

after a fair bit of prodding I fixed this myself.

basically in ispconfig 3 it was a small tweak.

From: Ergec at: 2013-06-26 16:30:12

Let say we have a solid network, only one website on the server and we ignore the security weakness of the php code.

 How secure is this particulat setup for direct attacks? Of course there is no immune system but is it solid enough to serve an important website?