The Perfect Server - CentOS 6.4 x86_64 (Apache2, Dovecot, ISPConfig 3) - Page 4

13 Set MySQL Passwords And Configure phpMyAdmin

Set passwords for the MySQL root account:

mysql_secure_installation

[root@server1 tmp]# mysql_secure_installation




NOTE: RUNNING ALL PARTS OF THIS SCRIPT IS RECOMMENDED FOR ALL MySQL
      SERVERS IN PRODUCTION USE!  PLEASE READ EACH STEP CAREFULLY!


In order to log into MySQL to secure it, we'll need the current
password for the root user.  If you've just installed MySQL, and
you haven't set the root password yet, the password will be blank,
so you should just press enter here.

Enter current password for root (enter for none):
OK, successfully used password, moving on...

Setting the root password ensures that nobody can log into the MySQL
root user without the proper authorisation.

Set root password? [Y/n]
 <-- ENTER
New password: <-- yourrootsqlpassword
Re-enter new password: <-- yourrootsqlpassword
Password updated successfully!
Reloading privilege tables..
 ... Success!


By default, a MySQL installation has an anonymous user, allowing anyone
to log into MySQL without having to have a user account created for
them.  This is intended only for testing, and to make the installation
go a bit smoother.  You should remove them before moving into a
production environment.

Remove anonymous users? [Y/n]
 <-- ENTER
 ... Success!

Normally, root should only be allowed to connect from 'localhost'.  This
ensures that someone cannot guess at the root password from the network.

Disallow root login remotely? [Y/n]
 <-- ENTER
 ... Success!

By default, MySQL comes with a database named 'test' that anyone can
access.  This is also intended only for testing, and should be removed
before moving into a production environment.

Remove test database and access to it? [Y/n]
 <-- ENTER
 - Dropping test database...
 ... Success!
 - Removing privileges on test database...
 ... Success!

Reloading the privilege tables will ensure that all changes made so far
will take effect immediately.

Reload privilege tables now? [Y/n]
 <-- ENTER
 ... Success!

Cleaning up...



All done!  If you've completed all of the above steps, your MySQL
installation should now be secure.

Thanks for using MySQL!


[root@server1 tmp]#

Now we configure phpMyAdmin. We change the Apache configuration so that phpMyAdmin allows connections not just from localhost (by commenting out the <Directory "/usr/share/phpmyadmin"> stanza):

vi /etc/httpd/conf.d/phpmyadmin.conf

#
#  Web application to manage MySQL
#

#<Directory "/usr/share/phpmyadmin">
#  Order Deny,Allow
#  Deny from all
#  Allow from 127.0.0.1
#</Directory>

Alias /phpmyadmin /usr/share/phpmyadmin
Alias /phpMyAdmin /usr/share/phpmyadmin
Alias /mysqladmin /usr/share/phpmyadmin

Next we change the authentication in phpMyAdmin from cookie to http:

vi /usr/share/phpmyadmin/config.inc.php

[...]
/* Authentication type */
$cfg['Servers'][$i]['auth_type'] = 'http';
[...]

Then we create the system startup links for Apache and start it:

chkconfig --levels 235 httpd on
/etc/init.d/httpd start

Now you can direct your browser to http://server1.example.com/phpmyadmin/ or http://192.168.0.100/phpmyadmin/ and log in with the user name root and your new root MySQL password.

 

14 Install Amavisd-new, SpamAssassin And ClamAV

To install amavisd-new, spamassassin and clamav, run the following command:

yum install amavisd-new spamassassin clamav clamd unzip bzip2 unrar perl-DBD-mysql

Then we start freshclam, amavisd, and clamd.amavisd:

sa-update
chkconfig --levels 235 amavisd on
chkconfig --del clamd
chkconfig --levels 235 clamd.amavisd on
/usr/bin/freshclam
/etc/init.d/amavisd start
/etc/init.d/clamd.amavisd start

 

15 Installing Apache2 With mod_php, mod_fcgi/PHP5, And suPHP

ISPConfig 3 allows you to use mod_php, mod_fcgi/PHP5, cgi/PHP5, and suPHP on a per website basis.

We can install Apache2with mod_php5, mod_fcgid, and PHP5 as follows:

yum install php php-devel php-gd php-imap php-ldap php-mysql php-odbc php-pear php-xml php-xmlrpc php-pecl-apc php-mbstring php-mcrypt php-mssql php-snmp php-soap php-tidy curl curl-devel perl-libwww-perl ImageMagick libxml2 libxml2-devel mod_fcgid php-cli httpd-devel

Next we open /etc/php.ini...

vi /etc/php.ini

... and change the error reporting (so that notices aren't shown any longer) and uncomment cgi.fix_pathinfo=1:

[...]
;error_reporting = E_ALL & ~E_DEPRECATED
error_reporting = E_ALL & ~E_NOTICE
[...]
; cgi.fix_pathinfo provides *real* PATH_INFO/PATH_TRANSLATED support for CGI.  PHP's
; previous behaviour was to set PATH_TRANSLATED to SCRIPT_FILENAME, and to not grok
; what PATH_INFO is.  For more information on PATH_INFO, see the cgi specs.  Setting
; this to 1 will cause PHP CGI to fix its paths to conform to the spec.  A setting
; of zero causes PHP to behave as before.  Default is 1.  You should fix your scripts
; to use SCRIPT_FILENAME rather than PATH_TRANSLATED.
; http://www.php.net/manual/en/ini.core.php#ini.cgi.fix-pathinfo
cgi.fix_pathinfo=1
[...]

Next we install suPHP (there is a mod_suphp package available in the repositories, but unfortunately it isn't compatible with ISPConfig, therefore we have to build suPHP ourselves):

cd /tmp
wget http://suphp.org/download/suphp-0.7.1.tar.gz
tar xvfz suphp-0.7.1.tar.gz
cd suphp-0.7.1/
./configure --prefix=/usr --sysconfdir=/etc --with-apr=/usr/bin/apr-1-config --with-apxs=/usr/sbin/apxs --with-apache-user=apache --with-setid-mode=owner --with-php=/usr/bin/php-cgi --with-logfile=/var/log/httpd/suphp_log --enable-SUPHP_USE_USERGROUP=yes
make
make install

Then we add the suPHP module to our Apache configuration...

vi /etc/httpd/conf.d/suphp.conf

LoadModule suphp_module modules/mod_suphp.so

... and create the file /etc/suphp.conf as follows:

vi /etc/suphp.conf

[global]
;Path to logfile
logfile=/var/log/httpd/suphp.log
;Loglevel
loglevel=info
;User Apache is running as
webserver_user=apache
;Path all scripts have to be in
docroot=/
;Path to chroot() to before executing script
;chroot=/mychroot
; Security options
allow_file_group_writeable=true
allow_file_others_writeable=false
allow_directory_group_writeable=true
allow_directory_others_writeable=false
;Check wheter script is within DOCUMENT_ROOT
check_vhost_docroot=true
;Send minor error messages to browser
errors_to_browser=false
;PATH environment variable
env_path=/bin:/usr/bin
;Umask to set, specify in octal notation
umask=0077
; Minimum UID
min_uid=100
; Minimum GID
min_gid=100

[handlers]
;Handler for php-scripts
x-httpd-suphp="php:/usr/bin/php-cgi"
;Handler for CGI-scripts
x-suphp-cgi="execute:!self"

Finally we restart Apache:

/etc/init.d/httpd restart

 

15.1 Ruby

Starting with version 3.0.3, ISPConfig 3 has built-in support for Ruby. Instead of using CGI/FastCGI, ISPConfig depends on mod_ruby being available in the server's Apache.

For CentOS 6.4, there's no mod_ruby package available, so we must compile it ourselves. First we install some prerequisites:

yum install httpd-devel ruby ruby-devel

Next we download and install mod_ruby as follows:

cd /tmp
wget http://fossies.org/unix/www/apache_httpd_modules/mod_ruby-1.3.0.tar.gz
tar zxvf mod_ruby-1.3.0.tar.gz
cd mod_ruby-1.3.0/
./configure.rb --with-apr-includes=/usr/include/apr-1
make
make install

Finally we must add the mod_ruby module to the Apache configuration, so we create the file /etc/httpd/conf.d/ruby.conf...

vi /etc/httpd/conf.d/ruby.conf

LoadModule ruby_module modules/mod_ruby.so
RubyAddPath /1.8

... and restart Apache:

/etc/init.d/httpd restart

(If you leave out the RubyAddPath /1.8 directive, you will see errors like the following ones in Apache's error log when you call Ruby files:

[Thu May 26 02:05:05 2011] [error] mod_ruby: ruby:0:in `require': no such file to load -- apache/ruby-run (LoadError)
[Thu May 26 02:05:05 2011] [error] mod_ruby: failed to require apache/ruby-run
[Thu May 26 02:05:05 2011] [error] mod_ruby: error in ruby

)

 

15.2 Python

To install mod_python, we simply run...

yum install mod_python

... and restart Apache afterwards:

/etc/init.d/httpd restart

 

15.3 WebDAV

WebDAV should already be enabled, but to check this, open /etc/httpd/conf/httpd.conf and make sure that the following three modules are active:

vi /etc/httpd/conf/httpd.conf

[...]
LoadModule auth_digest_module modules/mod_auth_digest.so
[...]
LoadModule dav_module modules/mod_dav.so
[...]
LoadModule dav_fs_module modules/mod_dav_fs.so
[...]

If you have to modify /etc/httpd/conf/httpd.conf, don't forget to restart Apache afterwards:

/etc/init.d/httpd restart

 

15.4 Additional PHP Versions

Starting with the ISPConfig 3.0.5, it is possible to have multiple PHP versions on one server (selectable through ISPConfig) which can be run through FastCGI and PHP-FPM. The procedure of building additional PHP versions on CentOS is described in this tutorial: How To Use Multiple PHP Versions (PHP-FPM & FastCGI) With ISPConfig 3 (CentOS 6.3)

 

16 Install PureFTPd

PureFTPd can be installed with the following command:

yum install pure-ftpd

Then create the system startup links and start PureFTPd:

chkconfig --levels 235 pure-ftpd on
/etc/init.d/pure-ftpd start

Now we configure PureFTPd to allow FTP and TLS sessions. FTP is a very insecure protocol because all passwords and all data are transferred in clear text. By using TLS, the whole communication can be encrypted, thus making FTP much more secure.

OpenSSL is needed by TLS; to install OpenSSL, we simply run:

yum install openssl

Open /etc/pure-ftpd/pure-ftpd.conf...

vi /etc/pure-ftpd/pure-ftpd.conf

If you want to allow FTP and TLS sessions, set TLS to 1:

[...]
# This option can accept three values :
# 0 : disable SSL/TLS encryption layer (default).
# 1 : accept both traditional and encrypted sessions.
# 2 : refuse connections that don't use SSL/TLS security mechanisms,
#     including anonymous sessions.
# Do _not_ uncomment this blindly. Be sure that :
# 1) Your server has been compiled with SSL/TLS support (--with-tls),
# 2) A valid certificate is in place,
# 3) Only compatible clients will log in.

TLS                      1
[...]

In order to use TLS, we must create an SSL certificate. I create it in /etc/ssl/private/, therefore I create that directory first:

mkdir -p /etc/ssl/private/

Afterwards, we can generate the SSL certificate as follows:

openssl req -x509 -nodes -days 7300 -newkey rsa:2048 -keyout /etc/ssl/private/pure-ftpd.pem -out /etc/ssl/private/pure-ftpd.pem

Country Name (2 letter code) [XX]: <-- Enter your Country Name (e.g., "DE").
State or Province Name (full name) []:
<-- Enter your State or Province Name.
Locality Name (eg, city) [Default City]:
<-- Enter your City.
Organization Name (eg, company) [Default Company Ltd]:
<-- Enter your Organization Name (e.g., the name of your company).
Organizational Unit Name (eg, section) []:
<-- Enter your Organizational Unit Name (e.g. "IT Department").
Common Name (eg, your name or your server's hostname) []:
<-- Enter the Fully Qualified Domain Name of the system (e.g. "server1.example.com").
Email Address []:
<-- Enter your Email Address.

Change the permissions of the SSL certificate:

chmod 600 /etc/ssl/private/pure-ftpd.pem

Finally restart PureFTPd:

/etc/init.d/pure-ftpd restart

That's it. You can now try to connect using your FTP client; however, you should configure your FTP client to use TLS.

Share this page:

48 Comment(s)

Add comment

Comments

From: Brett at: 2013-07-08 09:23:26

I spent an afternoon following the guide to the letter, after trying previously, and ended up with a partially working server. Second time round, I realised the problem wasn't me.

Once you get to the end, exhausted and excited... go back and read the comments to figure out issues with Dovecot setup, Postfix setup, Pro-FTP, SSL certificates to name a few. If you're here like I was (because you NEED a guide for this stuff) consider yourself warned.

A sincere thanks to the Falko who put this guide together. Please work out the niggling bugs and it'll be worthy of the title 'Perfect Server'. Some of them are just a copy and paste from the comments into the guide so that they're not missed.

From: at: 2013-11-22 02:08:53

Hello,

Here is the guide on how to make this setup to serve ASP.NET pages.

Kind regards,
Donatas

From: at: 2014-03-06 19:40:22

I have installed this tutorial with Centos 6.5!

 One problem: You must uninstall eaccelerator... or delete file eaccelerator.ini from /etc/php.d becaouse it will not work with fasctgi (for Ispconfig)

few hours to discover the problem....

 

 

 

From: Anonymous at: 2013-10-09 11:09:26

A minimal install of CentOS does not include system-config-network. If network settings were not specified during the installer config, the network will need to be brought up with ip addr and ip route commands or by editing config files.

From: at: 2014-06-05 09:53:51

You can always install them using the following command.

yum install -y  system-config-firewall-tui system-config-network-tui

From: Anonymous at: 2013-03-15 19:22:23


Line:
rpm --import http://dag.wieers.com/rpm/packages/RPM-GPG-KEY.dag.txt ??

 change:

http://apt.sw.be/RPM-GPG-KEY.dag.txt

From: Paolo at: 2013-03-15 20:16:03

Pay attention: to have a correct SASL authentication, add the following to the service auth section of /etc/dovecot/conf.d/10-master.conf

  unix_listener auth-master {

    mode = 0660
    user = vmail
    group = vmail
  }

 ans check in every file in the /etc/dovecot/conf.d/ directory for the new correct path of dovecot.conf and dovecot-sql.conf

From: bkraul at: 2013-06-10 16:52:47

Paolo, could you please explain what you mean in your last statement,

check in every file in the /etc/dovecot/conf.d/ directory for the new correct path of dovecot.conf and dovecot-sql.conf?

What is the path changed from and to? I can't find any reference on this page pointing to a path change for the conf files. Thanks!

From: rod at: 2013-11-03 14:24:21

SquirrelMail will not login, found on web need the two following lines added to your instructions

ln -s /etc/dovecot/dovecot-sql.conf /etc/dovecot-sql.conf
ln -s /etc/dovecot/dovecot.conf /etc/dovecot.conf

Regards,

And nice instructions!

From: at: 2014-02-04 21:12:36

Such a wonderful & complete tutorial.

I followed every step of it. Now my VPS is up and running perfectly. During the installation I got only 2 errors. I have posted it at http://www.howtoforge.com/forums/showthread.php?t=64860 expecting a fix.

 Thank you Falco Timme.

 

From: Anonymous at: 2013-05-10 21:14:14

That's it. You can now try to connect using your FTP client; however, you should configure your FTP client to use TLS. Followed STEP by STEP and can't FTP

connects ok takes root & password and shows the certificate (by not showing the details I added)

then keep gettingwhen waiting for folders to show

Critical Error

Cannot connect to server

From: at: 2013-05-29 18:54:20

the Link for wget http://fossies.org/unix/www/apache_httpd_modules/mod_ruby-1.3.0.tar.gz

is broken but I was able to use this zip file:

http://fossies.org/unix/www/apache_httpd_modules/mod_ruby-1.3.0.zip

http://fossies.org/linux/www/apache_httpd_modules/mod_ruby-1.3.0.tar.gz/

http://fossies.org/linux/www/apache_httpd_modules/mod_ruby-1.3.0.tar.gz/

 

The folder /linux changed for /unix and it looks like they didn't update the path

 

From: LinuxMan at: 2013-07-20 00:34:46

You can actually use the following link to get mod_ruby..

wget http://ftp.riken.jp/FreeBSD/distfiles/ruby/mod_ruby-1.3.0.tar.gz

 

From: Diego at: 2013-09-23 14:04:25

Then we create the system startup links for Apache and start it:

chkconfig --levels 235 httpd on
/etc/init.d/httpd start

Now you can direct your browser to http://server1.example.com/phpmyadmin/ or http://192.168.0.100/phpmyadmin/ and log in with the user name root and your new root MySQL password.

I did all the same with this guide, but i got error: 

 

Forbidden

You don't have permission to access /phpmyadmin on this server.

How could i fix it, please?

It only works at local remote with 127.0.0.1/phpmyadmin

From: Sofd at: 2014-03-19 10:23:31

Edit your httpd.conf file as follows:

# nano /etc/httpd/conf/httpd.conf

Add the following lines here:

<Directory "/usr/share/phpmyadmin">
    Order allow,deny
    Allow from all
</Directory>

Issue the following command:

# service httpd restart

If your problem is not solved then disable your SELinux.

From: Anonymous at: 2014-06-06 01:01:49

UPDATE -- 

 I found that I had several NameVirtualHost for the same ports (*80 and *443). I removed NameVirtualHost from /etc/httpd/conf/sites-available/ispconfig.conf and restarted apache with no error.

From: Anonymous at: 2013-10-06 11:25:33

hello, i've following all of thats tutorial. at the beginning there is no problem with my SFTP, when i finished install my Centos, i can use SSH and SFTP. but after i install the other software like this tutorial said, and i finished following this tutorial, why my root and other user cannot connect via SFTP and FTP?

my root still can access ssh.

any solution?

From: pd at: 2013-10-23 15:24:50

Can you tell my, why the version of su_php is not compatilbe with ispconfig?

From: Anonymous at: 2013-11-23 00:08:48

-> Finished Dependency Resolution
Error: Package: amavisd-new-2.8.0-4.el6.noarch (epel)
           Requires: /etc/clamd.d
           Available: clamd-0.98-2.el6.x86_64 (epel)
               Not found
           Installed: clamd-0.98-2.el6.rf.x86_64 (@rpmforge)
               Not found
 ----------------------------------------------------------------------------------------------

SOLUTION:

 yum install amavisd-new spamassassin clamav clamd unzip bzip2 unrar perl-DBD-mysql --disablerepo=epel

From: Anonymous at: 2014-01-17 22:54:00

In step 13 before you can run mysql_secure_installation, mysql must be running. To start it running type: /sbin/service mysqld start You will see output like this: Initializing MySQL database: Installing MySQL system tables... OK Filling help tables... OK To start mysqld at boot time you have to copy support-files/mysql.server to the right place for your system PLEASE REMEMBER TO SET A PASSWORD FOR THE MySQL root USER ! To do so, start the server, then issue the following commands: /usr/bin/mysqladmin -u root password 'new-password' /usr/bin/mysqladmin -u root -h test.centos6564.home password 'new-password' Alternatively you can run: /usr/bin/mysql_secure_installation which will also give you the option of removing the test databases and anonymous user created by default. This is strongly recommended for production servers. See the manual for more instructions. You can start the MySQL daemon with: cd /usr ; /usr/bin/mysqld_safe & You can test the MySQL daemon with mysql-test-run.pl cd /usr/mysql-test ; perl mysql-test-run.pl Please report any problems with the /usr/bin/mysqlbug script! [ OK ] Starting mysqld: [ OK ]

From: 2 thingies at: 2014-02-21 17:03:36


I was stuck at 

 ./configure --prefix=/usr --sysconfdir=/etc --with-apr=/usr/bin/apr-1-config --with-apxs=/usr/sbin/apxs --with-apache-user=apache --with-setid-mode=owner --with-php=/usr/bin/php-cgi --with-logfile=/var/log/httpd/suphp_log --enable-SUPHP_USE_USERGROUP=yes

i was missing some packets so I did

yum groupinstall "Development Tools"

yum install apr apr-util apr-iconv apr-devel openssl-devel pcre httpd httpd-devel

 and only then i could go on

 

From: Martin Ledvina at: 2013-09-25 21:40:16

Always include a list of dependencies when installing outside of upstream providers:

Can't locate Date/Format.pm in @INC (@INC contains: /usr/local/lib64/perl5 /usr/local/share/perl5 /usr/lib64/perl5/vendor_perl /usr/share/perl5/vendor_perl /usr/lib64/perl5 /usr/share/perl5) at /usr/local/ispconfig/server/scripts/vlogger line 148.
BEGIN failed--compilation aborted at /usr/local/ispconfig/server/scripts/vlogger line 148.
piped log program ' /usr/local/ispconfig/server/scripts/vlogger -s access.log -t "%Y%m%d-access.log" /var/log/ispconfig/httpd' failed unexpectedly

Which is a result of badly written requirements.

 How I diagnosed it:

yum whatprovides *Date/Format.pm

yum install :perl-TimeDate-1.16-11.1.el6.noarch

 

From: at: 2013-10-10 09:56:37

Thank you. That's a great command to remember. Very helpful!

From: Natan at: 2013-11-01 12:33:37

Hi. I performed the settings as described on the website but can not access via ssh. I created customer - website - shell access in ISPConfig but can not login in PuTTY.
I'm testing the server in the local network with 2 computers (one windows 7 and centos 6.4). By Filezilla can access the sites via FTP tests normally, but SSH does not work.
Can you help me?

From: rlonghofer at: 2013-12-09 23:59:51

If you have done a minimual install of centos you need to also install jwhois otherwise you will not have any info in the emails from fail to ban on the ip address

From: at: 2013-03-21 20:22:37

Look out for this error! Mar 21 22:11:32 server1 clamd[18414]: Self checking every 600 seconds. Mar 21 22:11:33 server1 dovecot: master: Warning: Killed with signal 15 (by pid=18417 uid=0 code=kill) Mar 21 22:11:35 server1 dovecot: master: Dovecot v2.0.9 starting up (core dumps disabled) Mar 21 22:12:10 server1 postfix/smtpd[18526]: connect from localhost[::1] Mar 21 22:12:10 server1 dovecot: auth: Error: Can't open configuration file /etc/dovecot-sql.conf: No such file or directory Mar 21 22:12:10 server1 dovecot: master: Error: service(auth): command startup failed, throttling Mar 21 22:12:10 server1 dovecot: log: Error: service(auth): child 18528 returned error 89 (Fatal failure) Mar 21 22:12:10 server1 postfix/smtpd[18526]: fatal: no SASL authentication mechanisms Mar 21 22:12:11 server1 postfix/master[18347]: warning: process /usr/libexec/postfix/smtpd pid 18526 exit status 1 Mar 21 22:12:11 server1 postfix/master[18347]: warning: /usr/libexec/postfix/smtpd: bad command startup -- throttling it happend to me both on 64Bit and 32Bit it stats that "/etc/dovecot-sql.conf" is not found thats true the file is in /etc/dovecot/dovecot-sql.conf open /etc/dovecot/dovecot.conf and replace. passdb { ## args = /etc/dovecot-sql.conf args = /etc/dovecot/dovecot-sql.conf driver = sql } userdb { ## args = /etc/dovecot-sql.conf args = /etc/dovecot/dovecot-sql.conf driver = sql } !!Allso the squirrelmail is configurated for courier but the Howto installs dovecot!! any ways keep it up..! nice work straightforward for newbie on CentOS

From: Kian Mayne at: 2013-05-25 12:05:37

Thank you so much, I wasn't eagle-eyed enough to notice the /etc/dovecot-sql.conf - /etc/dovecot/dovecot-sql.conf discrepancy!

 Dovecot is finally working :) Thanks a lot

From: at: 2013-07-27 19:06:22

Hi, 

 Thank you for this solution, it's been one week I am stuggling finally made it

Thanks  

From: Anonymous at: 2014-05-16 10:45:05

another solution

ln -s /etc/dovecot/dovecot-sql.conf /etc/dovecot-sql.conf

ln -s /etc/dovecot/dovecot.conf /etc/dovecot.conf

From: Anonymous at: 2013-12-16 06:16:25

Thank you!  I spent the last two hours trying to figure this out!  I appreciate you posting the fix!

From: almereyda at: 2013-12-30 21:49:49

Someone should file a bug report. Maybe I'll do that in the next days.

Because this fix did it for me, too, on a fresh install.

Still I'm wondering why ISPConfig 3.0.5.4 is taking so long, as many bugs are already known and/or fixed.

Thanks for providing the solution, @psykosen.

From: andrewf at: 2013-04-02 13:58:08

I have been running a virtual server setup using your most excellent guides for a couple of years now (it was an open-suse, Apache, courier, ispconfig3 configuration) but one of the many sites I run may have been compromised today.

It was a Drupal site, and my "blind-panic"  response was to restore from the last known good DB backup which immediately resolved the problems on that specific site. As it is a security related site, it tends to be a target and I had noticed a concerted attempt to breach it over about a 3 hour period from the same IP address.

Anyway, what I would like to see added to the tutorial (and applicable to all of them), in a an approximate order of priority, is how to:

  1. Add Tripwire (or AFICK, etc) to the install/configuration
  2. Add mod_security and mod_evasive to the Apache setup
  3.  Add separate DB and mail servers, especially behind a DMZ.
  4. Configure partitions so your web sites were on a separate partition (disc/LVM) and the effect that has on quota configuration where file uploads are a major consideration else the DB files where it is mainly content driven, and hence the (typically) /var partition for MySQL databases, whether an "all in one" server or separated by role.
  5. Setup the email notifications (both local and via a 3rd party such as gmail) for all the alerting including rkhunter, clamav, and tripwire.
  6. Optimal configuration of Apache log files for use by AWStats

These are (I feel) pretty small changes to this "most excellent" tutorial, and given I run 18 web sites from 1 virtual server, + 10 other virtual development machines from Windows XP, through Win7 to Server 2008 R2 and Windows 8 all on a box with 2 Tb of disc and 16 Gb ram which cost me AU$800 to build, it is not a high-end system, but well within the reach of most people.

 I would be more than happy to help with the tutorial updates.

 

From: Anonymous at: 2014-12-09 18:23:41

Thanks for the additional info for further securing.

 +1 for adding it to the guide(s)

From: linuxuzerno1 at: 2013-05-26 15:15:36


SquirrelMail Configuration : Read: config.php
---------------------------------------------------------
While we have been building SquirrelMail, we have discovered some
preferences that work better with some servers that don't work so
well with others. If you select your IMAP server, this option will
set some pre-defined settings for that server.
Please note that you will still need to go through and make sure
everything is correct. This does not change everything. There are
only a few settings that this will change.
Please select your IMAP server:
bincimap = Binc IMAP server
courier = Courier IMAP server
cyrus = Cyrus IMAP server
dovecot = Dovecot Secure IMAP server
exchange = Microsoft Exchange IMAP server
hmailserver = hMailServer
macosx = Mac OS X Mailserver
mercury32 = Mercury/32
uw = University of Washington's IMAP server
gmail = IMAP access to Google mail (Gmail) accounts
quit = Do not change anything

Command >> <-- dovecot


SquirrelMail Configuration : Read: config.php
---------------------------------------------------------
While we have been building SquirrelMail, we have discovered some
preferences that work better with some servers that don't work so
well with others. If you select your IMAP server, this option will
set some pre-defined settings for that server.
Please note that you will still need to go through and make sure
everything is correct. This does not change everything. There are
only a few settings that this will change.
Please select your IMAP server:
bincimap = Binc IMAP server
courier = Courier IMAP server
cyrus = Cyrus IMAP server
dovecot = Dovecot Secure IMAP server
exchange = Microsoft Exchange IMAP server
hmailserver = hMailServer
macosx = Mac OS X Mailserver
mercury32 = Mercury/32
uw = University of Washington's IMAP server
gmail = IMAP access to Google mail (Gmail) accounts
quit = Do not change anything

Command >> courier

imap_server_type = courier
default_folder_prefix = INBOX.
trash_folder = Trash
sent_folder = Sent
draft_folder = Drafts
show_prefix_option = false
default_sub_of_inbox = false
show_contain_subfolders_option = false
optional_delimiter = .
delete_folder = true
Press enter to continue... <-- press ENTER

Ignore the second set of instructions! 

(unless they get deleted)

From: Jamie Bond at: 2013-08-15 23:16:05

Thank you for this very useful guide! Kind Regards.

From: at: 2013-09-06 18:24:40

 hello I just followed the tutorial for centos 6.4 but I have the page Defaux apache I can not have access to the page ispconfig

 

 https://212.76.139.94:8080/ 

From: ANRES at: 2013-12-17 22:15:09

I followed the manual but I can not enter ispconfig web site, enter the default can help me?

thanks

From: Gyrocode at: 2014-02-07 15:11:23

I went back and reviewed users' comments for previous versions of this tutorial. Here is what I found here.

php-eaccelerator conflicts with Apache and causes the error. It can be removed by running the following commands:

rpm -e php-eaccelerator
service httpd restart

From: Kaan Varol at: 2013-12-27 17:29:01

Thank You for this great tutorial. Much much appreciated.

From: Erik at: 2014-01-02 15:20:47

 First:  GREAT STUFF!  I really appreciate your work in this package and it really does KICK ASS!

 Second:  Postfix kept coming up with "fatal: open database /etc/postfix/virtual.db: No such file or directory" and was unable to start properly.

 The solution was "postmap /etc/postfix/virtual" to build the virtual.db then restart postfix.

Thanks again!

From: Anonymous at: 2014-02-06 22:00:32

                 

              Hi , i have used 'Perfect server Centos 6.3 with Courier' with for Centos 6.5

The problem appears when i add a ssl website . The ssl certificate is working but the page still remains default Apache 2 . Doesn't change like when you add a http website with ispconfig 3, and because of that i cannot acces https pages , it tells me that it cannot be found.

 

Not Found

The requested URL /admin/ was not found on this server.


Apache/2.2.15 (CentOS) Server at www.domain.com Port 443

 The site is working fine when it is only with http

From: Thevan at: 2014-03-03 11:26:29

HI

 Has followed the installation guide without any error, But when put for example  http://192.168.0.136:8080/  i am getting 

 

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>400 Bad Request</title>
</head><body>
<h1>Bad Request</h1>
<p>Your browser sent a request that this server could not understand.<br />
Reason: You're speaking plain HTTP to an SSL-enabled server port.<br />
Instead use the HTTPS scheme to access this URL, please.<br />
<blockquote>Hint: <a href="https://redirector-sjl.enom.com:8080/"><b>https://redirector-sjl.enom.com:8080/</b></a></blockquote></p>
</body></html>
 
If put  http://192.168.0.136:8080/ 
I am getting apache test page only 
 
Please advise 
Thanks 

 


From: Anonymous at: 2014-06-05 23:33:44

Same issue. when i go to my server with :8080, no response. Just apache test page. Please advise!!!!!!!

From: at: 2014-03-03 11:33:50

setup without any error , but when access http://192.168.0.136:8080/

getting belwo page only 

 

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>400 Bad Request</title>
</head><body>
<h1>Bad Request</h1>
<p>Your browser sent a request that this server could not understand.<br />
Reason: You're speaking plain HTTP to an SSL-enabled server port.<br />
Instead use the HTTPS scheme to access this URL, please.<br />
<blockquote>Hint: <a href="https://redirector-sjl.enom.com:8080/"><b>https://redirector-sjl.enom.com:8080/</b></a></blockquote></p>
</body></html>

Please help

Thanks

From: faizan at: 2014-04-28 08:32:29

Dear All,

While i am running step 24.(entering url )..it was generating error saying that..error 404 not found 

From: dendic at: 2014-04-29 12:43:35

I am a novice. What should I install with ISPConfig 3 if the web server is set by the existing farm servers.I already have separate mail server  in system farm  room. What do I need to install the software import the ispconfig 3  with already existing mail server '(postfix, dovecot, GetMail, mailman.squirellmail??)

 My aim is to this Web server set up several websites with which you could make several email addresses and email addresses that I cherish the already existing mail server in the server room.

From: dendic at: 2014-05-02 07:55:36

Can someone put an example configuration file main.cf  if I have to relayhost separate mail server system in the hall and I just need to add a (local) for option mydomain = myserver.mydomain.com.local    in etc/postfix/ main.cf  

From: Lucasc at: 2014-10-06 19:00:22

I'm getting:

 

Internal Server Error

The server encountered an internal error or misconfiguration and was unable to complete your request.

 

Please contact the server administrator, webmaster@localhost and inform them of the time the error occurred, and anything you might have done that may have caused the error.

More information about this error may be available in the server error log.

 

When trying to access: http://mydomain.com:8080

 How to fix it, please?

 Thank you!