The Perfect Server - CentOS 6.4 x86_64 (nginx, Dovecot, ISPConfig 3) - Page 4

11 Install Dovecot

Dovecot can be installed as follows:

yum install dovecot dovecot-mysql
mkdir /etc/dovecot
touch /etc/dovecot/dovecot-sql.conf
ln -s /etc/dovecot/dovecot-sql.conf /etc/dovecot-sql.conf

Now create the system startup links and start Dovecot:

chkconfig --levels 235 dovecot on
/etc/init.d/dovecot start

 

12 Install Postfix

Postfix can be installed as follows:

yum install postfix

Then turn off Sendmail and start Postfix:

chkconfig --levels 235 sendmail off
chkconfig --levels 235 postfix on
/etc/init.d/sendmail stop
/etc/init.d/postfix restart

 

13 Install Getmail

Getmail can be installed as follows:

yum install getmail

 

14 Install Amavisd-new, SpamAssassin, And ClamAV

To install amavisd-new, spamassassin and clamav, run the following command:

yum install amavisd-new spamassassin clamav clamd unzip bzip2 unrar perl-DBD-mysql

Then we start freshclam, amavisd, and clamd.amavisd:

sa-update
chkconfig --levels 235 amavisd on
chkconfig --del clamd
chkconfig --levels 235 clamd.amavisd on
/usr/bin/freshclam
/etc/init.d/amavisd start
/etc/init.d/clamd.amavisd start

 

15 Install Nginx, PHP5 (PHP-FPM), And Fcgiwrap

Nginx is available as a package for CentOS 6.4 (from EPEL) which we can install as follows:

yum install nginx

Add the following section to the http {} section in /etc/nginx/nginx.conf (before any include lines) which determines if the visitor uses http or https and sets the $https variable accordingly - this is needed because the nginx version coming with CentOS is 1.0.15, and the $https variable was introduced in nginx in version 1.1.11, and ISPConfig makes use of this variable:

vi /etc/nginx/nginx.conf

[...]
http {
[...]
    ## Detect when HTTPS is used
    map $scheme $https {
      default off;
      https on;
    }
[...]
}
[...]

If Apache2 is already installed on the system, stop it now...

/etc/init.d/httpd stop

... and remove Apache's system startup links:

chkconfig --del httpd

Then we create the system startup links for nginx and start it:

chkconfig --levels 235 nginx on
/etc/init.d/nginx start

(If both Apache2 and nginx are installed, the ISPConfig 3 installer will ask you which one you want to use - answer nginx in this case. If only one of these both is installed, ISPConfig will do the necessary configuration automatically.)

We can make PHP5 work in nginx through PHP-FPM (PHP-FPM (FastCGI Process Manager) is an alternative PHP FastCGI implementation with some additional features useful for sites of any size, especially busier sites). We can install php-fpm together with php-cli and some PHP5 modules like php-mysql which you need if you want to use MySQL from your PHP scripts as follows:

yum install php-fpm php-cli php-mysql php-gd php-imap php-ldap php-odbc php-pear php-xml php-xmlrpc php-pecl-apc php-magickwand php-magpierss php-mbstring php-mcrypt php-mssql php-shout php-snmp php-soap php-tidy

Next we open /etc/php.ini...

vi /etc/php.ini

... and change the error reporting (so that notices aren't shown any longer):

[...]
;error_reporting = E_ALL & ~E_DEPRECATED & ~E_STRICT
error_reporting = E_ALL & ~E_NOTICE
[...]

Also set cgi.fix_pathinfo=0:

vi /etc/php.ini

[...]
; cgi.fix_pathinfo provides *real* PATH_INFO/PATH_TRANSLATED support for CGI.  PHP's
; previous behaviour was to set PATH_TRANSLATED to SCRIPT_FILENAME, and to not grok
; what PATH_INFO is.  For more information on PATH_INFO, see the cgi specs.  Setting
; this to 1 will cause PHP CGI to fix its paths to conform to the spec.  A setting
; of zero causes PHP to behave as before.  Default is 1.  You should fix your scripts
; to use SCRIPT_FILENAME rather than PATH_TRANSLATED.
; http://www.php.net/manual/en/ini.core.php#ini.cgi.fix-pathinfo
cgi.fix_pathinfo=0
[...]

(Please read http://wiki.nginx.org/Pitfalls to find out why you should do this.)

In addition to that, in order to avoid errors like

[08-Aug-2011 18:07:08] PHP Warning: phpinfo(): It is not safe to rely on the system's timezone settings. You are *required* to use the date.timezone setting or the date_default_timezone_set() function. In case you used any of those methods and you are still getting this warning, you most likely misspelled the timezone identifier. We selected 'Europe/Berlin' for 'CEST/2.0/DST' instead in /usr/share/nginx/html/info.php on line 2

... in /var/log/php-fpm/www-error.log when you call a PHP script in your browser, you should set date.timezone in /etc/php.ini:

[...]
[Date]
; Defines the default timezone used by the date functions
; http://www.php.net/manual/en/datetime.configuration.php#ini.date.timezone
date.timezone = "Europe/Berlin"
[...]

You can find out the correct timezone for your system by running:

cat /etc/sysconfig/clock

[root@server1 tmp]# cat /etc/sysconfig/clock
ZONE="Europe/Berlin"
[root@server1 tmp]#

Next create the system startup links for php-fpm and start it:

chkconfig --levels 235 php-fpm on
/etc/init.d/php-fpm start

PHP-FPM is a daemon process (with the init script /etc/init.d/php-fpm) that runs a FastCGI server on port 9000.

To get CGI support in nginx, we install Fcgiwrap.

Fcgiwrap is a CGI wrapper that should work also for complex CGI scripts and can be used for shared hosting environments because it allows each vhost to use its own cgi-bin directory.

As there's no fcgiwrap package for CentOS 6.4, we must build it ourselves. First we install some prerequisites:

yum install fcgi-devel

Now we can build fcgiwrap as follows:

cd /usr/local/src/
git clone git://github.com/gnosek/fcgiwrap.git
cd fcgiwrap
autoreconf -i
./configure
make
make install

This installs fcgiwrap to /usr/local/sbin/fcgiwrap.

Next we install the spawn-fcgi package which allows us to run fcgiwrap as a daemon:

yum install spawn-fcgi

Open /etc/sysconfig/spawn-fcgi...

vi /etc/sysconfig/spawn-fcgi

... and modify the file as follows:

# You must set some working options before the "spawn-fcgi" service will work.
# If SOCKET points to a file, then this file is cleaned up by the init script.
#
# See spawn-fcgi(1) for all possible options.
#
# Example :
#SOCKET=/var/run/php-fcgi.sock
#OPTIONS="-u apache -g apache -s $SOCKET -S -M 0600 -C 32 -F 1 -P /var/run/spawn-fcgi.pid -- /usr/bin/php-cgi"

FCGI_SOCKET=/var/run/fcgiwrap.socket
FCGI_PROGRAM=/usr/local/sbin/fcgiwrap
FCGI_USER=apache
FCGI_GROUP=apache
FCGI_EXTRA_OPTIONS="-M 0770"
OPTIONS="-u $FCGI_USER -g $FCGI_GROUP -s $FCGI_SOCKET -S $FCGI_EXTRA_OPTIONS -F 1 -P /var/run/spawn-fcgi.pid -- $FCGI_PROGRAM"

Now add the user nginx to the group apache:

usermod -a -G apache nginx

Create the system startup links for spawn-fcgi...

chkconfig --levels 235 spawn-fcgi on

... and start it as follows:

/etc/init.d/spawn-fcgi start

You should now find the fcgiwrap socket in /var/run/fcgiwrap.socket, owned by the user and group apache (some scripts, e.g. Mailman, expect to be run by the user/group apache, that's why we don't run spawn-fcgi as user/group nginx, but instead add nginx to the apache group).

 

15.1 Additional PHP Versions

Starting with the ISPConfig 3.0.5, it is possible to have multiple PHP versions on one server (selectable through ISPConfig) which can be run through FastCGI and PHP-FPM. The procedure of building additional PHP versions on CentOS is described in this tutorial: How To Use Multiple PHP Versions (PHP-FPM & FastCGI) With ISPConfig 3 (CentOS 6.3)

Share this page:

21 Comment(s)

Add comment

Comments

From: Coupon Code Swap at: 2013-10-20 16:40:07

 Use the latest rpmforge. Otherwise you will run into dependency errors for some modules while installing PHP-FPM:

cd /tmp
wget http://pkgs.repoforge.org/rpmforge-release/rpmforge-release-0.5.3-1.el6.rf.x86_64.rpm
rpm -ivh rpmforge-release-0.5.3-1.el6.rf.x86_64.rpm

From: Anonymous at: 2013-09-23 13:56:00

Before building fcgiwrap you need to install some tools first:

yum install autoconf automake libtool

 

From: Ivan at: 2013-10-07 20:50:14

Hello, i found i small missing in your great tutorial. Before "cd /usr/local/src/
git clone git://github.com/gnosek/fcgiwrap.git"  you have to mention how git should be installed, because there is not git there and it does not work. thank you. Ivan.
 

 

From: selva at: 2013-10-26 03:24:33

 I can open the directory src. But I can process this possion. PLease help me. THanks

git clone git://github.com/gnosek/fcgiwrap.git

From: at: 2014-07-14 02:48:02

Use 'https' instead of 'git' as below.

git clone https://github.com/gnosek/fcgiwrap.git

From: Coupon Code Swap at: 2013-10-20 16:34:07

If you plan on running Drupal or another CMS, you may want to include this in the html section while configuring the nginx.conf file to avoid getting 502 Bad Gateway errors:

 

vi /etc/nginx/nginx.conf

 

fastcgi_buffers 8 16k;
fastcgi_buffer_size 32k;

From: Anonymous at: 2013-12-21 17:55:51

cp /etc/dovecot/dovecot-sql.conf /etc/

From: at: 2013-12-26 01:40:16

Hi,

 Can anyone show me how to enable mod re_write for drupal and joomla site? I've search for a few days and nothing comes up. I have multiple sites running Drupal on LAMP, and now I'm trying to migrate these sites to LEMP with ISPConfig.

From: at: 2014-05-04 22:40:13

You will end up with a very old version of nginx if you install from epel. To get the latest version, do this:

 vi /etc/yum.repos.d/nginx.repo

paste and save:

[nginx]
name=nginx repo
baseurl=http://nginx.org/packages/centos/6/$basearch/
gpgcheck=0
enabled=1
priority=10

yum update

chkconfig --levels 235 nginx on

/etc/init.d/nginx start

From: Arkadiusz Zug at: 2014-08-14 08:22:46

If you would like to use newest version of postfix 2.11.* and MariaDB 10.* you can use Axivo repo:

 rpm -ivh --nosignature http://rpm.axivo.com/redhat/axivo-release-6-1.noarch.rpm

 Tested by me and working

From: Fabricio Rabelo at: 2013-09-30 12:48:25

Hi, I followed all the tutorial alright. Almost all functions are running ok, but the server isn't generating statistics both AWStats as Webalizer. Someone can help me? Thanks.

From: Drew at: 2014-04-24 00:54:22

I found webalizer working first, but after switching to awstats, I get a 404.  Then when I switch back to webalizer and wait 35 mins (so I can re-login), nothing changes and I get the same 404 as in awstats.

The 404 gets displayed 'below' the awstats "Jump to previous stats" header.

 

In IspConfig > System > Server Config > Web > Awstats Settings the following are the default settings :-

:- /etc/awstats
awstats data folder:- /var/lib/awstats
awstats.pl script:- /usr/lib/cgi-bin/awstats.pl
awstats_buildstaticpages.pl script:- /usr/share/awstats/tools/awstats_buildstaticpages.pl
 
I checked these locations and I found the following:-
  • /etc/awstats does have the conf files.
  • /var/lib/awstats doesn't exist
  • /usr/lib/cgi-bin doesn't exist
  • /usr/share/awstats/tools/ is empty using ls -la
  • /etc/nginx/sites-available/mydomain.com.vhost contains 'location ^~ /awstats-icon {
                alias /usr/share/awstats/icon;
            }' which is not correct as only the tools directory lives in /usr/share/awstats.  There is an icon directory here '/var/www/awstats/icon', but this too doesn't have a awstats-icon.

 
Awstats was installed as per the guidelines here in this perfect server setup:-
yum install webalizer awstats perl-DateTime-Format-HTTP perl-DateTime-Format-Builder.
 
Hope this helps the powers that be, to be able to remedy this situation atm.
 
Cheers to all
 
 

 

From: admin at: 2014-04-24 07:10:17

Statistics are genarated once every day in the early morning hours. you have to wait until the next day before you can use awstats before Switch the statistics engine.

Switching the stats engine removes all previous statistisc, so when you Switch back, the webalizer stats will not be available until the next day as well.

From: Coupon Code Swap at: 2013-10-20 16:57:18

After installing ISPConfig, the TLS setting for pure-ftpd may be commented out again. If so, redo the setting for TLS:

 

vi /etc/pure-ftpd/pure-ftpd.conf

 TLS                      1

From: Anonymous at: 2013-11-09 01:10:48

This is a very important step to prevent DDoS attacks. While editing the named.conf file, recursion should be turned off and an additional line should be added.

 vi /etc/named.conf

//
// named.conf
//
// Provided by Red Hat bind package to configure the ISC BIND named(8) DNS
// server as a caching only nameserver (as a localhost DNS resolver only).
//
// See /usr/share/doc/bind*/sample/ for example named configuration files.
//
options {
        listen-on port 53 { any; };
        listen-on-v6 port 53 { any; };
        directory       "/var/named";
        dump-file       "/var/named/data/cache_dump.db";
        statistics-file "/var/named/data/named_stats.txt";
        memstatistics-file "/var/named/data/named_mem_stats.txt";
        allow-query     { any; };
        recursion no;
        additional-from-cache no;
};
logging {
        channel default_debug {
                file "data/named.run";
                severity dynamic;
        };
};
zone "." IN {
        type hint;
        file "named.ca";
};
include "/etc/named.conf.local";

service named restart

For reference and additional configuration options:

http://www.team-cymru.org/Services/Resolvers/

http://www.team-cymru.org/Services/Resolvers/instructions.html

And a useful tool to check your DNS configuration:

http://www.intodns.com

Create the file /etc/named.conf.local that is included at the end of /etc/named.conf (/et

From: Coupon Code Swap at: 2013-10-28 19:26:06

The mail server will not be functioning because a conf file is not linked correctly. Run the following commands to get dovecot up and running:

ln -s /etc/dovecot/dovecot-sql.conf /etc/dovecot-sql.conf
ln -s /etc/dovecot/dovecot.conf /etc/dovecot.conf

From: Anonymous at: 2014-01-12 14:43:58

I have looked everywhere in ispconfig and I can find the options to have /phpmyadmin instead of :8081/phpmyadmin. Any help would be great.

From: at: 2014-03-12 09:01:26

If you would like to use this manual to configure your CentOS 6.5 version (I couldn't find 6.5 manual) probably you stop on named service step:

 While you try to start:

/etc/init.d/named start

 

system prompt you:

Generating /etc/rndc.key

all you need is paste:

rndc-confgen -a -r /dev/urandom

 

then:

/etc/init.d/named restart

 

helped me :)

From: at: 2014-05-04 23:31:56

to install latest version of jailkit, do this:

cd /tmp
wget http://olivier.sessink.nl/jailkit/jailkit-2.17.tar.gz
tar xvfz jailkit-2.17.tar.gz
cd jailkit-2.17
./configure
make
make install
cd ..
rm -rf jailkit-2.17*

From: Dimitris at: 2015-02-25 21:33:33

Can someone explain to me how can i use only https with phpmyadmin and not both http and https?

Trying to make it more secure but still no luck. I read this tutorial but i can't get it to work.. Any ideas?

From: Lefteros at: 2015-04-24 13:23:40

failed to mention that epel is needed for fail2ban and others

rpm -Uvh http://dl.fedoraproject.org/pub/epel/6/x86_64/epel-release-6-8.noarch.rpm