There is a new version of this tutorial available for CentOS 7.6.

The Perfect Server – CentOS 7 (Apache2, Dovecot, ISPConfig 3) - Page 3

23 Install Roundcube webmail

To install the Roundcube webmail client, run...

yum -y install roundcubemail

Change the roundcubemail configuration file as follows:

vi /etc/httpd/conf.d/roundcubemail.conf
#
# Round Cube Webmail is a browser-based multilingual IMAP client
#

Alias /roundcubemail /usr/share/roundcubemail
Alias /webmail /usr/share/roundcubemail

# Define who can access the Webmail
# You can enlarge permissions once configured

#<Directory /usr/share/roundcubemail/>
#    <IfModule mod_authz_core.c>
#        # Apache 2.4
#        Require local
#    </IfModule>
#    <IfModule !mod_authz_core.c>
#        # Apache 2.2
#        Order Deny,Allow
#        Deny from all
#        Allow from 127.0.0.1
#        Allow from ::1
#    </IfModule>
#</Directory>

<Directory /usr/share/roundcubemail/>
        Options none
        AllowOverride Limit
        Require all granted
</Directory>

# Define who can access the installer
# keep this secured once configured

#<Directory /usr/share/roundcubemail/installer/>
#    <IfModule mod_authz_core.c>
#        # Apache 2.4
#        Require local
#    </IfModule>
#    <IfModule !mod_authz_core.c>
#        # Apache 2.2
#        Order Deny,Allow
#        Deny from all
#        Allow from 127.0.0.1
#        Allow from ::1
#    </IfModule>
#</Directory>

<Directory /usr/share/roundcubemail/installer>
        Options none
        AllowOverride Limit
        Require all granted
</Directory>


# Those directories should not be viewed by Web clients.
<Directory /usr/share/roundcubemail/bin/>
    Order Allow,Deny
    Deny from all
</Directory>
<Directory /usr/share/roundcubemail/plugins/enigma/home/>
    Order Allow,Deny
    Deny from all
</Directory>
~

Restart Apache:

systemctl restart httpd.service

Now we need a database for roundcube mail, we will initialise it as follows:

mysql -u root -p

At mariadb prompt use:

CREATE DATABASE roundcubedb;
CREATE USER [email protected] IDENTIFIED BY 'roundcubepassword';
GRANT ALL PRIVILEGES on roundcubedb.* to [email protected] ;
FLUSH PRIVILEGES;
exit

I am using details for roundcube database as a test, please replace the values as per your choice for security reasons.

Now we will install the roundcube on browser at http://192.168.1.100/roundcubemail/installer

Now fill the entries for the

nano /etc/roundcubemail/config.inc.php
<?php

/* Local configuration for Roundcube Webmail */

// ----------------------------------
// SQL DATABASE
// ----------------------------------
// Database connection string (DSN) for read+write operations
// Format (compatible with PEAR MDB2): db_provider://user:[email protected]/database
// Currently supported db_providers: mysql, pgsql, sqlite, mssql or sqlsrv
// For examples see http://pear.php.net/manual/en/package.database.mdb2.intro-dsn.php
// NOTE: for SQLite use absolute path: 'sqlite:////full/path/to/sqlite.db?mode=0646'
$config['db_dsnw'] = 'mysql://roundcubeuser:[email protected]/roundcubedb';

// ----------------------------------
// IMAP
// ----------------------------------
// The mail host chosen to perform the log-in.
// Leave blank to show a textbox at login, give a list of hosts
// to display a pulldown menu or set one host as string.
// To use SSL/TLS connection, enter hostname with prefix ssl:// or tls://
// Supported replacement variables:
// %n - hostname ($_SERVER['SERVER_NAME'])
// %t - hostname without the first part
// %d - domain (http hostname $_SERVER['HTTP_HOST'] without the first part)
// %s - domain name after the '@' from e-mail address provided at login screen
// For example %n = mail.domain.tld, %t = domain.tld
// WARNING: After hostname change update of mail_host column in users table is
//          required to match old user data records with the new host.
$config['default_host'] = 'localhost';

// provide an URL where a user can get support for this Roundcube installation
// PLEASE DO NOT LINK TO THE ROUNDCUBE.NET WEBSITE HERE!
$config['support_url'] = '';

// this key is used to encrypt the users imap password which is stored
// in the session record (and the client cookie if remember password is enabled).
// please provide a string of exactly 24 chars.
$config['des_key'] = 'FHgaM7ihtMkM1cBwckOcxPdT';

// ----------------------------------
// PLUGINS
// ----------------------------------
// List of active plugins (in plugins/ directory)
$config['plugins'] = array();

// Set the spell checking engine. Possible values:
// - 'googie'  - the default
// - 'pspell'  - requires the PHP Pspell module and aspell installed
// - 'enchant' - requires the PHP Enchant module
// - 'atd'     - install your own After the Deadline server or check with the people at http://www.afterthedeadline.com before using their API
// Since Google shut down their public spell checking service, you need to 
// connect to a Nox Spell Server when using 'googie' here. Therefore specify the 'spellcheck_uri'
$config['spellcheck_engine'] = 'pspell';

Then press on the button "continue" in the web installer. On the following page, press on the button "Initialize database".

Finally, disable the Roundecubemail installer. Change the apacheroundcubemail configuration file:

vi /etc/httpd/conf.d/roundcubemail.conf
#
# Round Cube Webmail is a browser-based multilingual IMAP client
#

Alias /roundcubemail /usr/share/roundcubemail
Alias /webmail /usr/share/roundcubemail

# Define who can access the Webmail
# You can enlarge permissions once configured

#<Directory /usr/share/roundcubemail/>
#    <IfModule mod_authz_core.c>
#        # Apache 2.4
#        Require local
#    </IfModule>
#    <IfModule !mod_authz_core.c>
#       # Apache 2.2
#        Order Deny,Allow
#        Deny from all
#        Allow from 127.0.0.1
#        Allow from ::1
#    </IfModule>
#</Directory>

<Directory /usr/share/roundcubemail/>
        Options none
        AllowOverride Limit
        Require all granted
</Directory>

# Define who can access the installer
# keep this secured once configured

<Directory /usr/share/roundcubemail/installer/>
    <IfModule mod_authz_core.c>
        # Apache 2.4
       Require local
   </IfModule>
    <IfModule !mod_authz_core.c>
        # Apache 2.2
        Order Deny,Allow
        Deny from all
       Allow from 127.0.0.1
        Allow from ::1
    </IfModule>
</Directory>

# Those directories should not be viewed by Web clients.
<Directory /usr/share/roundcubemail/bin/>
    Order Allow,Deny
    Deny from all
</Directory>
<Directory /usr/share/roundcubemail/plugins/enigma/home/>
    Order Allow,Deny
    Deny from all
</Directory>
~

Restart Apache:

systemctl restart httpd.service

 

24 Install ISPConfig 3

Download the current ISPConfig 3 version and install it. The ISPConfig installer will configure all services like Postfix, Dovecot, etc. for you. A manual setup as required for ISPConfig 2 is not necessary anymore.

You now also have the possibility to let the installer create an SSL vhost for the ISPConfig control panel, so that ISPConfig can be accessed using https:// instead of http://. To achieve this, just press ENTER when you see this question: Do you want a secure (SSL) connection to the ISPConfig web interface (y,n) [y]:.

To install ISPConfig 3 from the latest released version, do this:

cd /tmp
wget http://www.ispconfig.org/downloads/ISPConfig-3-stable.tar.gz
tar xfz ISPConfig-3-stable.tar.gz
cd ispconfig3_install/install/

The next step is to run

php -q install.php

This will start the ISPConfig 3 installer:

[[email protected] install]# php -q install.php


--------------------------------------------------------------------------------
 _____ ___________   _____              __ _         ____
|_   _/  ___| ___ \ /  __ \            / _(_)       /__  \
  | | \ `--.| |_/ / | /  \/ ___  _ __ | |_ _  __ _    _/ /
  | |  `--. \  __/  | |    / _ \| '_ \|  _| |/ _` |  |_ |
 _| |_/\__/ / |     | \__/\ (_) | | | | | | | (_| | ___\ \
 \___/\____/\_|      \____/\___/|_| |_|_| |_|\__, | \____/
                                              __/ |
                                             |___/
--------------------------------------------------------------------------------


>> Initial configuration

Operating System: Redhat or compatible, unknown version.

    Following will be a few questions for primary configuration so be careful.
    Default values are in [brackets] and can be accepted with <ENTER>.
    Tap in "quit" (without the quotes) to stop the installer.


Select language (en,de) [en]: <-- ENTER

Installation mode (standard,expert) [standard]: <-- ENTER

Full qualified hostname (FQDN) of the server, eg server1.domain.tld  [server1.example.com]: <-- ENTER

MySQL server hostname [localhost]: <-- ENTER

MySQL root username [root]: <-- ENTER

MySQL root password []: <-- yourrootsqlpassword

MySQL database to create [dbispconfig]: <-- ENTER

MySQL charset [utf8]: <-- ENTER

Generating a 2048 bit RSA private key
..........................................................+++
................................+++
writing new private key to 'smtpd.key'
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [XX]: <-- ENTER
State or Province Name (full name) []: <-- ENTER
Locality Name (eg, city) [Default City]: <-- ENTER
Organization Name (eg, company) [Default Company Ltd]: <-- ENTER
Organizational Unit Name (eg, section) []: <-- ENTER
Common Name (eg, your name or your server's hostname) []: <-- ENTER
Email Address []: <-- ENTER
Configuring Jailkit
Configuring Dovecot
Configuring Spamassassin
Configuring Amavisd
Configuring Getmail
Configuring Pureftpd
Configuring BIND
Configuring Apache
Configuring Vlogger
Configuring Apps vhost
Configuring Bastille Firewall
Configuring Fail2ban
Installing ISPConfig
ISPConfig Port [8080]: <-- ENTER

Do you want a secure (SSL) connection to the ISPConfig web interface (y,n) [y]: <-- ENTER

Generating RSA private key, 4096 bit long modulus
.....................++
.......++
e is 65537 (0x10001)
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [XX]: <-- ENTER
State or Province Name (full name) []: <-- ENTER
Locality Name (eg, city) [Default City]: <-- ENTER
Organization Name (eg, company) [Default Company Ltd]: <-- ENTER
Organizational Unit Name (eg, section) []: <-- ENTER
Common Name (eg, your name or your server's hostname) []: <-- ENTER
Email Address []: <-- ENTER

Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []: <-- ENTER
An optional company name []: <-- ENTER
writing RSA key
Configuring DBServer
Installing ISPConfig crontab
no crontab for root
no crontab for getmail
Restarting services ...
Stopping mysqld:                                           [  OK  ]
Starting mysqld:                                           [  OK  ]
Shutting down postfix:                                     [  OK  ]
Starting postfix:                                          [  OK  ]
Stopping saslauthd:                                        [FAILED]
Starting saslauthd:                                        [  OK  ]
Waiting for the process [1424] to terminate
Shutting down amavisd: Daemon [1424] terminated by SIGTERM
                                                           [  OK  ]
amavisd stopped
Starting amavisd:                                          [  OK  ]

Stopping clamd.amavisd:                                    [  OK  ]
Starting clamd.amavisd:                                    [  OK  ]
Stopping Dovecot Imap:                                     [  OK  ]
Starting Dovecot Imap:                                     [  OK  ]
Stopping httpd:                                            [  OK  ]
[Thu Mar 14 14:12:32 2013] [warn] NameVirtualHost *:80 has no VirtualHosts
Starting httpd:                                            [  OK  ]
Stopping pure-ftpd:                                        [  OK  ]
Starting pure-ftpd:                                        [  OK  ]
Installation completed.
[[email protected] install]#

The error message "usage: doveadm [-Dv] [-f <formatter>] <command> [<args>]" can be ignored, in case that you get it during ispconfig installation.

To fix the Mailman errors you might get during the ISPConfig installation, open /usr/lib/mailman/Mailman/mm_cfg.py...

vi /usr/lib/mailman/Mailman/mm_cfg.py

... and set DEFAULT_SERVER_LANGUAGE = 'en':

[...]
#-------------------------------------------------------------  
# The default language for this server.  
DEFAULT_SERVER_LANGUAGE = 'en'
[...]

Restart Mailman:

systemctl restart mailman.service

Afterwards you can access ISPConfig 3 under http(s)://server1.example.com:8080/ or http(s)://192.168.1.100:8080/ (http or https depends on what you chose during installation). Log in with the username admin and the password admin (you should change the default password after your first login):

The system is now ready to be used.

 

 

25 Links

Share this page:

Suggested articles

11 Comment(s)

Add comment

Comments

By: Anonymous
Reply  

I really do like ISPconfig, but is it really necessary that all/most files have the execution bit set? This is the case for the ISPconfig installation itself as well as the files for the clients in the web directory.

 I installed according to the documentation, said y to

Do you want a secure (SSL) connection to the ISPConfig web interface (y,n) [y]

but SSL is not enabled.

 

By:
Reply  

If you choose to use a secure (SSL) connection to the ISPConfig web interface and you open http://server1.example.com:8080 you'll get a message to direct to https

You can solve this simply by the following steps:

1 - nano /etc/httpd/conf/sites-available/ispconfig.vhost

2 - Add before </VirtualHost> the following line;

[…]
ErrorDocument 400 "<script>document.location.href='https://server1.example.com:8080/';</script><a href='https://server1.example.com:8080/'>https://server1.example.com:8080/</a>"
</VirtualHost>
[…]

Note: server1.example.com must be hardcoded.


3 - systemctl restart httpd.service

When you point your webbrowser to http://server1.example.com it will automatically redirect to https://server1.example.com

By: Anonymous
Reply  

If I do this, the only result is an error in the browser, because ISPC did not configure SSL on port 8080. There are some SSL directives in the ispconfig.vhost but they are not active due to some #'s. Also one of these lines points to a non existent file.

By: admin
Reply  

This just means that you havent activated ssl during ispconfig Installation. The ispconfig installer asks if you want to use ssl or not, if you choose no, then the vhost on port 8080 has no ssl and you can not Forward to ssl then off course.

To activate ssl at a later time, download the ispconfig.tar.gz, unpack it and run the update.php script in the instal Folder. Choose to recreate the ssl certificate when the updater asks you.

By: Anonymous
Reply  

Maybe I mad an error the other day. Today's installation worked with SSL. If you want, you can delete my comments concerning SSL.

By: Sami Onur Zaim
Reply  

Works flawless. Thanks for the effort.

By: Anonymous
Reply  

Before Ispconfig installation, everything works fine including /webmail or /phpmyadmin url according to this guide. As soon as i install ispconfig the following url does not work:   http://x.x.x.x/webmail  or http://x.x.x.x/phpmyadmin      when i checked apache log, it does not show anything.
 
 

 

 

By: Jackouille-CH
Reply  

Congratulations for that excellent step by step installation guide.

It works fine for me except with SMTPS (TLS is not accepted by my server). What should I modifiy in my config ?

I already open a thread onto support page but I am still waiting for an answer before beeing able to go in production.

By: Doug L
Reply  

If you want to backup your email messages and mysql database, go to etc/cron.daily folder, create a file called backup.cron (or name it what you like), in the file paste:

#!/bin/bash#Purpose = Backup of Important Data#Created on 1-6-2016#Version 1.0#STARTfind /home/yourfolder/backups/* -mtime +5 -exec rm -f {} \;TIME=`date +%b-%d-%y` # This Command will add date in Backup File Name.FILENAME=backup-$TIME.tar.gz # Here i define Backup file name format.SRCDIR1=/usr/local # Source Directory 1.SRCDIR2=/var/www # Source Directory 2.SRCDIR3=/var/vmail  # Source Directory 3.SRCDIR4=/var/lib/mysql  # dir 4DESDIR=/home/yourfolder/backups # Destination of backup files.tar -cvpzf $DESDIR/$FILENAME $SRCDIR1 $SRCDIR2 $SRCDIR3 $SRCDIR4#END

(change yourfolder and other paths as you like)

this will keep the last 5 days of data in compressed backups in that folder. I use an SFTP synch program to login and download them locally each night.

By: Jonathon Gilbert
Reply  

errors with guide:

 

Centos7 Aspos

 

Section 7 

link to download "epel"

https://dl.fedoraproject.org/pub/epel/7/x86_64/Packages/e/epel-release-7-11.noarch.rpm

 

Skiped section 8 - quota

 

page one successful

 

section 14

# Example come already commented out

 

 

section 15

needed to install wget - yum install wget

 

use this for patch instead:

wget -O patchingsuphp.patch https://www.webhostinghero.com/downloads/php/suphp.patch

patch -Np1 -d suphp-0.7.2 < patchingsuphp.patch

cd suphp-0.7.2

autoreconf -if

 

 

skipped 16 due to having SFTP access already runing using key

 

 

17 use:

 "yum install bind bind-utils"

not - "yum -y install bind bind-utils"

 

24 - ispconfig install

asks for password during install accept default password. - but record it as this is your ispconfig admin password

By: Cesar Vasquez M
Reply  

Good night, upgrade to Version: 3.1.13p1 and I noticed that in the rouncube, the autoresponder configuration did not appear at all, I set a message from the IPSConfig, I went back to the roundcube and the autoresponder message appeared but when I checked to disable it The error "Soap Error: autoresponder_end_date_isgreater".I wanted to see if I find any errors in the roundcube and I wanted to enter / installer and I do not remember how to re-enable it ...thank youbest regards

Cesar