The Perfect Server - CentOS 6.3 x86_64 (Apache2, Dovecot, ISPConfig 3) - Page 3

4 Adjust /etc/hosts

Next we edit /etc/hosts. Make it look like this:

vi /etc/hosts

127.0.0.1   localhost localhost.localdomain localhost4 localhost4.localdomain4
192.168.0.100   server1.example.com     server1

::1         localhost localhost.localdomain localhost6 localhost6.localdomain6

 

5 Configure The Firewall

(You can skip this chapter if you have already disabled the firewall at the end of the basic system installation.)

I want to install ISPConfig at the end of this tutorial which comes with its own firewall. That's why I disable the default CentOS firewall now. Of course, you are free to leave it on and configure it to your needs (but then you shouldn't use any other firewall later on as it will most probably interfere with the CentOS firewall).

Run

system-config-firewall

and disable the firewall.

To check that the firewall has really been disabled, you can run

iptables -L

afterwards. The output should look like this:

[root@server1 ~]# iptables -L
Chain INPUT (policy ACCEPT)
target     prot opt source               destination

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination
[root@server1 ~]#

 

6 Disable SELinux

SELinux is a security extension of CentOS that should provide extended security. In my opinion you don't need it to configure a secure system, and it usually causes more problems than advantages (think of it after you have done a week of trouble-shooting because some service wasn't working as expected, and then you find out that everything was ok, only SELinux was causing the problem). Therefore I disable it (this is a must if you want to install ISPConfig later on).

Edit /etc/selinux/config and set SELINUX=disabled:

vi /etc/selinux/config

# This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
#     enforcing - SELinux security policy is enforced.
#     permissive - SELinux prints warnings instead of enforcing.
#     disabled - No SELinux policy is loaded.
SELINUX=disabled
# SELINUXTYPE= can take one of these two values:
#     targeted - Targeted processes are protected,
#     mls - Multi Level Security protection.
SELINUXTYPE=targeted

Afterwards we must reboot the system:

reboot

 

7 Enable Additional Repositories And Install Some Software

First we import the GPG keys for software packages:

rpm --import /etc/pki/rpm-gpg/RPM-GPG-KEY*

Then we enable the RPMforge and EPEL repositories on our CentOS system as lots of the packages that we are going to install in the course of this tutorial are not available in the official CentOS 6.3 repositories:

rpm --import http://dag.wieers.com/rpm/packages/RPM-GPG-KEY.dag.txt

cd /tmp
wget http://pkgs.repoforge.org/rpmforge-release/rpmforge-release-0.5.2-2.el6.rf.x86_64.rpm
rpm -ivh rpmforge-release-0.5.2-2.el6.rf.x86_64.rpm

(If the above link doesn't work anymore, you can find the current version of rpmforge-release here: http://packages.sw.be/rpmforge-release/)

rpm --import https://fedoraproject.org/static/0608B895.txt
wget http://dl.fedoraproject.org/pub/epel/6/x86_64/epel-release-6-7.noarch.rpm
rpm -ivh epel-release-6-7.noarch.rpm

yum install yum-priorities

Edit /etc/yum.repos.d/epel.repo...

vi /etc/yum.repos.d/epel.repo

... and add the line priority=10 to the [epel] section:

[epel]
name=Extra Packages for Enterprise Linux 6 - $basearch
#baseurl=http://download.fedoraproject.org/pub/epel/6/$basearch
mirrorlist=https://mirrors.fedoraproject.org/metalink?repo=epel-6&arch=$basearch
failovermethod=priority
enabled=1
priority=10
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-6
[...]

Then we update our existing packages on the system:

yum update

Now we install some software packages that are needed later on:

yum groupinstall 'Development Tools'

 

8 Quota

(If you have chosen a different partitioning scheme than I did, you must adjust this chapter so that quota applies to the partitions where you need it.)

To install quota, we run this command:

yum install quota

Edit /etc/fstab and add ,usrjquota=aquota.user,grpjquota=aquota.group,jqfmt=vfsv0 to the / partition (/dev/mapper/vg_server1-lv_root):

vi /etc/fstab

#
# /etc/fstab
# Created by anaconda on Wed Jul 11 17:52:57 2012
#
# Accessible filesystems, by reference, are maintained under '/dev/disk'
# See man pages fstab(5), findfs(8), mount(8) and/or blkid(8) for more info
#
/dev/mapper/vg_server1-lv_root /                       ext4    defaults,usrjquota=aquota.user,grpjquota=aquota.group,jqfmt=vfsv0        1 1
UUID=806910a1-dbdf-4746-bd94-cbe73ce81493 /boot                   ext4    defaults        1 2
/dev/mapper/vg_server1-lv_swap swap                    swap    defaults        0 0
tmpfs                   /dev/shm                tmpfs   defaults        0 0
devpts                  /dev/pts                devpts  gid=5,mode=620  0 0
sysfs                   /sys                    sysfs   defaults        0 0
proc                    /proc                   proc    defaults        0 0

Then run

mount -o remount /

quotacheck -avugm
quotaon -avug

to enable quota.

 

9 Install Apache, MySQL, phpMyAdmin

We can install the needed packages with one single command:

yum install ntp httpd mod_ssl mysql-server php php-mysql php-mbstring phpmyadmin

 

10 Install Dovecot

Dovecot can be installed as follows:

yum install dovecot dovecot-mysql

Now create the system startup links and start Dovecot:

chkconfig --levels 235 dovecot on
/etc/init.d/dovecot start

 

11 Install Postfix

Postfix can be installed as follows:

yum install postfix

Then turn off Sendmail and start Postfix and MySQL:

chkconfig --levels 235 mysqld on
/etc/init.d/mysqld start

chkconfig --levels 235 sendmail off
chkconfig --levels 235 postfix on
/etc/init.d/sendmail stop
/etc/init.d/postfix restart

 

12 Install Getmail

Getmail can be installed as follows:

yum install getmail

Share this page:

19 Comment(s)

Add comment

Comments

From: Dylan Myers at: 2012-08-11 06:32:05

Anyone who uses this tutorial should be aware of this bug with the changes ISPConfig3 makes to dovecot on Fedora/CentOS installs:
http://bugtracker.ispconfig.org/index.php?do=details&task_id=2367

From: Anonymous at: 2012-07-16 15:11:18

You'll also need to install php-common

 yum install php-common

From: Jack at: 2013-01-05 16:55:42

EPEL name has been upgraded to: http://dl.fedoraproject.org/pub/epel/6/x86_64/epel-release-6-8.noarch.rpm

From: at: 2013-01-20 16:21:31

Yum installed dovecot 2.0.9.el6_1.1

and  dovecot-mysql 2.0.9-2.el6_1.1

 This seems to cause a failure in amavis:

amavis[8819]: (08819-01-10) Blocked MTA-BLOCKED in maillog

I have tried 

mv /etc/dovecot/dovecot.conf /etc/dovecot/dovecot.conf.org

cp /etc/dovecot.conf /etc/dovecot/dovecot.conf

 

service dovecot restart

service amavisd restart

service postfix restart

 

# this seems to have worked ok for me - mail now being sent out.

From: at: 2013-01-29 20:31:31

I was having errors in my maillog as follows;

Jan 29 20:18:45 centos postfix/smtpd[25440]: warning: SASL: Connect to private/auth failed: No such file or directory
Jan 29 20:18:45 centos postfix/smtpd[25440]: fatal: no SASL authentication mechanisms

The comment above from DFen;

mv /etc/dovecot/dovecot.conf /etc/dovecot/dovecot.conf.org
cp /etc/dovecot.conf /etc/dovecot/dovecot.conf
 
This fixed my issues

From: noro at: 2012-10-02 18:26:04

hi,
pureftp dont use certificat in /etc/ssl/private/
but in /etc/pki/pure-ftpd

commnad for generate certificate:
openssl req -x509 -nodes -days 7300 -newkey rsa:2048 -keyout /etc/pki/pure-ftpd/pure-ftpd.pem -out /etc/pki/pure-ftpd/pure-ftpd.pem

thanks for this tutorial

From: MLK Dual Production at: 2012-12-16 15:53:37

Thank you for the helpful and well explained tutorial.
For some reason the link to download mod_ruby (wget http://www.modruby.net/archive/mod_ruby-1.3.0.tar.gz) is not working.

Here is one that works

wget http://fossies.org/unix/www/apache_httpd_modules/mod_ruby-1.3.0.tar.gz
 

From: Anonymous at: 2012-12-19 09:45:54

mirror:http://ftp.riken.go.jp/pub/FreeBSD/distfiles/ruby/mod_ruby-1.3.0.tar.gz 


Thank for walkthrough

From: Anonymous at: 2013-03-31 00:04:26

I found that on some setups phpmyadmin and squirrelmail can't load. By editing the "squirrelmail.conf" and "phpmyadmin.conf" file in "/etc/httpd/conf" and adding

<Directory "/usr/share/phpmyadmin">

  <IfModule prefork.c>

LoadModule php5_module modules/libphp5.so

</IfModule>

<IfModule !prefork.c>

  LoadModule php5_module modules/libphp5-zts.so

</IfModule>



#

# Cause the PHP interpreter to handle files with a .php extension.

#

<FilesMatch \.php$>

    SetHandler application/x-httpd-php

</FilesMatch>

  Order Allow,Deny

  Allow from all

</Directory>

From: CanaDave at: 2012-07-14 23:37:56

...you should mention that when you start named:

/etc/init.d/named start

...it takes a few minutes to generate a key...I thought it was crashed so I Ctrl-C'd it a couple of times then eventually I found how to generate the key manually:

]# rndc-confgen -a

]# chmod 666 /etc/rndc.key

then

]# chkconfig --levels 235 named on
]# /etc/init.d/named start

...I don't know if it would have generated the key on its own, it did say 'Generate Key': but seemed to be waiting for input from me.

Anyway, cool walkthrough...I set it up in a VM in Hyper-V...

 

From: Pedro Rocha at: 2012-09-27 10:15:18

Vlogger seems no longer available, is there any alternative or does ispconfig really need this?

From: life_watcher at: 2013-01-10 03:54:29

Great tutorial! Thank you!

a little addition - fail2ban seems to conflict with bastille and disable firewall set by ISPConfig (with uses bastille to manage iptables). As result no active firewall except fail2ban rules... I had to remove fail2ban to make it working...

Thank you! 

 

From: at: 2013-01-11 12:17:30

i will sugest fail2ban + APF  and just disable the ispconfig firewall ( only if you have CLI access )

From: Anonymous at: 2012-09-22 02:36:42

Thank you !

 Best TUTORIAL I'v found online, up-to-date everything just works, unlike many other - half-finished tutorials!!!!

Thanks for your time. 

 

From: Mike at: 2012-09-29 23:56:03

Simply awesome. Thank you. Only wish I would have come across this information 3 days ago.

From: Anonymous at: 2013-02-07 04:55:07

SAME HERE!

From: Gijsbert at: 2012-10-21 18:02:48

It's a good tutorial, but I found 2 things that doesn't seem to be right:

1) During the installation of webalizer and awstats an error occurs "No package awstats available". I have no idea where to get it, I checked the art, dag and epel repositories, but no awstats (anymore) :(

2) On a 64-bits Centos 6.3 OS, when installing mod_python the apache error log shows:

[Sun Oct 21 17:48:08 2012] [error] python_init: Python version mismatch, expected '2.6.5', found '2.6.6'.
[Sun Oct 21 17:48:08 2012] [error] python_init: Python executable found '/usr/bin/python'.
[Sun Oct 21 17:48:08 2012] [error] python_init: Python path being used '/usr/lib64/python26.zip:/usr/lib64/python2.6/:/usr/lib64/python2.6/plat-linux2:/usr/lib64/python2.6/lib-tk:/usr/lib64/python2.6/lib-old:/usr/lib64/python2.6/lib-dynload'.

I heard that it's better to remove mod_python and use mod_wsgi instead. I tried this and the errors are gone. However it does show a warning in the error_log:

[Sun Oct 21 20:00:08 2012] [warn] mod_wsgi: Compiled for Python/2.6.2.
[Sun Oct 21 20:00:08 2012] [warn] mod_wsgi: Runtime using Python/2.6.6.

Maybe you can rewrite the manual for these 2 issues so it will be even better in the (near) future!

From: Anonymous at: 2013-02-26 19:30:04

After Install ISPCONFIG 3 ,admin painel show apache test page...help

From: at: 2013-03-30 17:45:19