The Perfect Server - CentOS 7 x86_64 (nginx, Dovecot, ISPConfig 3) - Page 3

23 Install RoundcubeMail

To install the Roundcube webmail client, run...

yum -y install roundcubemail

ISPConfig contains a default webmail alias for squirremail inside its apps vhost. We will use that alias for the more modern roundcube, so we create a symlink with the name squirrelmail in /usr/share

ln -s /usr/share/roundcubemail /usr/share/squirrelmail

After you have installed ISPConfig 3, you can access RoundcubeMail as follows:

The ISPConfig apps vhost on port 8081 for nginx comes with a /webmail alias configuration, so you can use  http://server1.example.com:8081/webmail to access RoundcubeMail.

If you want to use a /webmail or /roundcubemail alias that you can use from your web sites, this is a bit more complicated than for Apache because nginx does not have global aliases (i.e., aliases that can be defined for all vhosts). Therefore you have to define these aliases for each vhost from which you want to access SquirrelMail.

To do this, paste the following into the nginx Directives field on the Options tab of the web site in ISPConfig:

To do this, paste the following into the nginx Directives field on the Options tab of the web site in ISPConfig:

        location /roundcubemail {
               root /usr/share/;
               index index.php index.html index.htm;
               location ~ ^/roundcubemail/(.+\.php)$ {
                       try_files $uri =404;
                       root /usr/share/;
                       fastcgi_pass 127.0.0.1:9000;
                       fastcgi_index index.php;
                       fastcgi_param SCRIPT_FILENAME $request_filename;
                       include /etc/nginx/fastcgi_params;
                       fastcgi_param PATH_INFO $fastcgi_script_name;
                       fastcgi_buffer_size 128k;
                       fastcgi_buffers 256 4k;
                       fastcgi_busy_buffers_size 256k;
                       fastcgi_temp_file_write_size 256k;
                       fastcgi_intercept_errors on;
               }
               location ~* ^/roundcubemail/(.+\.(jpg|jpeg|gif|css|png|js|ico|html|xml|txt))$ {
                       root /usr/share/;
               }
        }
        location /webmail {
               rewrite ^/* /roundcubemail last;
        }

If you use https instead of http for your vhost, you should add the line fastcgi_param HTTPS on; to your RoundcubeMail configuration like this:

        location /roundcubemail {
               root /usr/share/;
               index index.php index.html index.htm;
               location ~ ^/roundcubemail/(.+\.php)$ {
                       try_files $uri =404;
                       root /usr/share/;
                       fastcgi_pass 127.0.0.1:9000;
                       fastcgi_param HTTPS on; # <-- add this line
                       fastcgi_index index.php;
                       fastcgi_param SCRIPT_FILENAME $request_filename;
                       include /etc/nginx/fastcgi_params;
                       fastcgi_param PATH_INFO $fastcgi_script_name;
                       fastcgi_buffer_size 128k;
                       fastcgi_buffers 256 4k;
                       fastcgi_busy_buffers_size 256k;
                       fastcgi_temp_file_write_size 256k;
                       fastcgi_intercept_errors on;
               }
               location ~* ^/roundcubemail/(.+\.(jpg|jpeg|gif|css|png|js|ico|html|xml|txt))$ {
                       root /usr/share/;
               }
        }
        location /webmail {
               rewrite ^/* /roundcubemail last;
        }

If you use both http and https for your vhost, you can use the $https variable - go to the nginx Directives field again, and instead of fastcgi_param HTTPS on; you add the line fastcgi_param HTTPS $https; so that you can use RoundcubeMail for both http and https requests:

        location /roundcubemail {
               root /usr/share/;
               index index.php index.html index.htm;
               location ~ ^/roundcubemail/(.+\.php)$ {
                       try_files $uri =404;
                       root /usr/share/;
                       fastcgi_pass 127.0.0.1:9000;
                       fastcgi_param HTTPS $https; # <-- add this line
                       fastcgi_index index.php;
                       fastcgi_param SCRIPT_FILENAME $request_filename;
                       include /etc/nginx/fastcgi_params;
                       fastcgi_param PATH_INFO $fastcgi_script_name;
                       fastcgi_buffer_size 128k;
                       fastcgi_buffers 256 4k;
                       fastcgi_busy_buffers_size 256k;
                       fastcgi_temp_file_write_size 256k;
                       fastcgi_intercept_errors on;
               }
               location ~* ^/roundcubemail/(.+\.(jpg|jpeg|gif|css|png|js|ico|html|xml|txt))$ {
                       root /usr/share/;
               }
        }
        location /webmail {
               rewrite ^/* /squirrelmail last;
        }

 

Now we need a database for roundcube mail, we will initialise it as follows:

mysql -u root -p

At mariadb prompt use:

CREATE DATABASE roundcubedb;
CREATE USER [email protected] IDENTIFIED BY 'roundcubepassword';
GRANT ALL PRIVILEGES on roundcubedb.* to [email protected] ;
FLUSH PRIVILEGES;
exit

I am using details for roundcube database as a test, please replace the values as per your choice for security reasons. We will finish the roundcube installation after we installed ISPConfig.

24 Install ISPConfig 3

Before you start the ISPConfig installation, make sure that Apache is stopped (if it is installed - it is possible that some of your installed packages have installed Apache as a dependency without you knowing). If Apache2 is already installed on the system, stop it now...

systemctl stop httpd.service

... and remove Apache's system startup links:

systemctl disable httpd.service

Make sure that nginx is running:

systemctl restart nginx.service

(If you have both Apache and nginx installed, the installer asks you which one you want to use: Apache and nginx detected. Select server to use for ISPConfig: (apache,nginx) [apache]:

Type nginx. If only Apache or nginx are installed, this is automatically detected by the installer, and no question is asked.)

Download the current ISPConfig 3 version and install it. The ISPConfig installer will configure all services like Postfix, Dovecot, etc. for you. A manual setup as required for ISPConfig 2 is not necessary anymore.

You now also have the possibility to let the installer create an SSL vhost for the ISPConfig control panel, so that ISPConfig can be accessed using https:// instead of http://. To achieve this, just press ENTER when you see this question: Do you want a secure (SSL) connection to the ISPConfig web interface (y,n) [y]:.

To install ISPConfig 3 from the latest released version, do this:

cd /tmp
wget http://www.ispconfig.org/downloads/ISPConfig-3-stable.tar.gz
tar xfz ISPConfig-3-stable.tar.gz
cd ispconfig3_install/install/

The next step is to run

php -q install.php

This will start the ISPConfig 3 installer:

[[email protected] install]# php -q install.php


--------------------------------------------------------------------------------
 _____ ___________   _____              __ _         ____
|_   _/  ___| ___ \ /  __ \            / _(_)       /__  \
  | | \ `--.| |_/ / | /  \/ ___  _ __ | |_ _  __ _    _/ /
  | |  `--. \  __/  | |    / _ \| '_ \|  _| |/ _` |  |_ |
 _| |_/\__/ / |     | \__/\ (_) | | | | | | | (_| | ___\ \
 \___/\____/\_|      \____/\___/|_| |_|_| |_|\__, | \____/
                                              __/ |
                                             |___/
--------------------------------------------------------------------------------


>> Initial configuration

Operating System: Redhat or compatible, unknown version.

    Following will be a few questions for primary configuration so be careful.
    Default values are in [brackets] and can be accepted with <ENTER>.
    Tap in "quit" (without the quotes) to stop the installer.


Select language (en,de) [en]:
 <-- ENTER

Installation mode (standard,expert) [standard]: <-- ENTER

Full qualified hostname (FQDN) of the server, eg server1.domain.tld  [server1.example.com]: <-- ENTER

MySQL server hostname [localhost]: <-- ENTER

MySQL root username [root]: <-- ENTER

MySQL root password []: <-- yourrootsqlpassword

MySQL database to create [dbispconfig]: <-- ENTER

MySQL charset [utf8]: <-- ENTER

Apache and nginx detected. Select server to use for ISPConfig: (apache,nginx) [apache]: <-- nginx

Generating a 2048 bit RSA private key
......................................................................+++
...............................................+++
writing new private key to 'smtpd.key'
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [XX]:
 <-- ENTER
State or Province Name (full name) []: <-- ENTER
Locality Name (eg, city) [Default City]: <-- ENTER
Organization Name (eg, company) [Default Company Ltd]: <-- ENTER
Organizational Unit Name (eg, section) []: <-- ENTER
Common Name (eg, your name or your server's hostname) []: <-- ENTER
Email Address []: <-- ENTER
Configuring Jailkit
Configuring Dovecot
Configuring Spamassassin
Configuring Amavisd
Configuring Getmail
Configuring Pureftpd
Configuring BIND
Configuring nginx
Configuring Vlogger
Configuring Apps vhost
Configuring Bastille Firewall
Configuring Fail2ban
Installing ISPConfig
ISPConfig Port [8080]:
 <-- ENTER

Do you want a secure (SSL) connection to the ISPConfig web interface (y,n) [y]: <-- ENTER

Generating RSA private key, 4096 bit long modulus
...........................................................++
...........................................................................++
e is 65537 (0x10001)
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [XX]:
 <-- ENTER
State or Province Name (full name) []: <-- ENTER
Locality Name (eg, city) [Default City]: <-- ENTER
Organization Name (eg, company) [Default Company Ltd]: <-- ENTER
Organizational Unit Name (eg, section) []: <-- ENTER
Common Name (eg, your name or your server's hostname) []: <-- ENTER
Email Address []: <-- ENTER

Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:
 <-- ENTER
An optional company name []: <-- ENTER
writing RSA key
Configuring DBServer
Installing ISPConfig crontab
no crontab for root
no crontab for getmail
Restarting services ...
Stopping mysqld:                                           [  OK  ]
Starting mysqld:                                           [  OK  ]
Shutting down postfix:                                     [  OK  ]
Starting postfix:                                          [  OK  ]
Stopping saslauthd:                                        [FAILED]
Starting saslauthd:                                        [  OK  ]
Shutting down amavisd: Daemon [1554] terminated by SIGTERM
                                                           [  OK  ]
amavisd stopped
Starting amavisd:                                          [  OK  ]

Stopping clamd.amavisd:                                    [  OK  ]
Starting clamd.amavisd:                                    [  OK  ]
Stopping Dovecot Imap:                                     [  OK  ]
Starting Dovecot Imap:                                     [  OK  ]
Reloading php-fpm:                                         [  OK  ]
Reloading nginx:                                           [  OK  ]
Stopping pure-ftpd:                                        [  OK  ]
Starting pure-ftpd:                                        [  OK  ]
Installation completed.
[[email protected] install]#

To fix the Mailman errors you might get during the ISPConfig installation, open /usr/lib/mailman/Mailman/mm_cfg.py...

vi /usr/lib/mailman/Mailman/mm_cfg.py

... and set DEFAULT_SERVER_LANGUAGE = 'en':

[...]
#-------------------------------------------------------------
# The default language for this server.
DEFAULT_SERVER_LANGUAGE = 'en'
[...]

Restart Mailman:

systemctl restart mailman.service

Now I will finish the RoundcubeMail installation. Open the following URL in your browser:

http://192.168.0.100:8081/roundcubemail/installer

you will be greeted by the RoundcubeMail web installer, scroll down the page and click next:

Then enter the database details of the roundcubedb database that we created in chapter 23 here:

An set the SMTP server to localhost and set your preferred language

and click on "Create config" to go to the next page.

Open the file /etc/roundcubemail/config.inc.php on the shell:

nano /etc/roundcubemail/config.inc.php

and paste the configuration that is shown in the web installer into that file and save the file.

<?php

/* Local configuration for Roundcube Webmail */

// ----------------------------------
// SQL DATABASE
// ----------------------------------
// Database connection string (DSN) for read+write operations
// Format (compatible with PEAR MDB2): db_provider://user:[email protected]/database
// Currently supported db_providers: mysql, pgsql, sqlite, mssql or sqlsrv
// For examples see http://pear.php.net/manual/en/package.database.mdb2.intro-dsn.php
// NOTE: for SQLite use absolute path: 'sqlite:////full/path/to/sqlite.db?mode=0646'
$config['db_dsnw'] = 'mysql://roundcubeuser:[email protected]/roundcubedb';

// ----------------------------------
// IMAP
// ----------------------------------
// The mail host chosen to perform the log-in.
// Leave blank to show a textbox at login, give a list of hosts
// to display a pulldown menu or set one host as string.
// To use SSL/TLS connection, enter hostname with prefix ssl:// or tls://
// Supported replacement variables:
// %n - hostname ($_SERVER['SERVER_NAME'])
// %t - hostname without the first part
// %d - domain (http hostname $_SERVER['HTTP_HOST'] without the first part)
// %s - domain name after the '@' from e-mail address provided at login screen
// For example %n = mail.domain.tld, %t = domain.tld
// WARNING: After hostname change update of mail_host column in users table is
//          required to match old user data records with the new host.
$config['default_host'] = 'localhost';

// ----------------------------------
// SMTP
// ----------------------------------
// SMTP server host (for sending mails).
// To use SSL/TLS connection, enter hostname with prefix ssl:// or tls://
// If left blank, the PHP mail() function is used
// Supported replacement variables:
// %h - user's IMAP hostname
// %n - hostname ($_SERVER['SERVER_NAME'])
// %t - hostname without the first part
// %d - domain (http hostname $_SERVER['HTTP_HOST'] without the first part)
// %z - IMAP domain (IMAP hostname without the first part)
// For example %n = mail.domain.tld, %t = domain.tld
$config['smtp_server'] = 'localhost';

// provide an URL where a user can get support for this Roundcube installation
// PLEASE DO NOT LINK TO THE ROUNDCUBE.NET WEBSITE HERE!
$config['support_url'] = '';

// this key is used to encrypt the users imap password which is stored
// in the session record (and the client cookie if remember password is enabled).
// please provide a string of exactly 24 chars.
$config['des_key'] = 'lsd7O6Xl_SAPcDf*yH4rL$&h';

// ----------------------------------
// PLUGINS
// ----------------------------------
// List of active plugins (in plugins/ directory)
$config['plugins'] = array();

// the default locale setting (leave empty for auto-detection)
// RFC1766 formatted language name like en_US, de_DE, de_CH, fr_FR, pt_BR
$config['language'] = 'en_US';

// Set the spell checking engine. Possible values:
// - 'googie'  - the default
// - 'pspell'  - requires the PHP Pspell module and aspell installed
// - 'enchant' - requires the PHP Enchant module
// - 'atd'     - install your own After the Deadline server or check with the people at http://www.afterthedeadline.com before using their API
// Since Google shut down their public spell checking service, you need to 
// connect to a Nox Spell Server when using 'googie' here. Therefore specify the 'spellcheck_uri'
$config['spellcheck_engine'] = 'pspell';

Then go back to the web installer and click on the continue button. On this page, click on "initialize database":

The page should look like this after successfull initialisation of the database:

To protect the RoundcubeMail configuration from unauthorized modifications, I'll remove the installer folder by running this command on the shell:

rm -rf /usr/share/roundcubemail/installer

 

 

25 First ISPConfig Login

Afterwards you can access ISPConfig 3 under http(s)://server1.example.com:8080/ or http(s)://192.168.0.100:8080/ (http or https depends on what you chose during installation). Log in with the username admin and the password admin (you should change the default password after your first login):

Next we have to adjust the BIND configuartion paths in ISPConfig. Click on "System" in the upper menu, then on "Server config" in the right menu. In the list that appears then on the left side, click on the server name.

Go to the "DNS" tab of the form:

and enter the DNS paths as follows:

BIND zonefiles directory: /var/named
BIND named.conf path: /etc/named.conf
BIND named.conf.local path: /etc/named.conf.local

The system is now ready to be used.

 

If you want to use IPv6 addresses with your nginx vhosts, please do the following before you create IPv6 vhosts in ISPConfig:

Open /etc/sysctl.conf...

vi /etc/sysctl.conf

... and add the line net.ipv6.bindv6only = 1:

[...]
net.ipv6.bindv6only = 1

Run...

sysctl -p

... afterwards for the change to take effect.

 

 

Share this page:

3 Comment(s)

Add comment

Comments

From:

I have fourth Gen i5 CPU and unable to install CentOS on my System any solutions it gives error unsupported hardware.

 Regards,

From: BLWedge09

I really would like to use Centos 7 for this new project that I'm working on, but I've tried this install 4 times now on a VPS (2 with minimal image and 2 with regular image) and WHile I really never see any problems during the lead-up to the ispconfig install, it never works as expected when I'm done.  

The ispconfig install ends like this:

Please enter the following 'extra' attributes

to be sent with your certificate request

A challenge password []:

An optional company name []:

writing RSA key

Configuring DBServer

Installing ISPConfig crontab

no crontab for root

no crontab for getmail

Restarting services ...

Job for amavisd.service failed. See 'systemctl status amavisd.service' and 'journalctl -xn' for details.

 

Installation completed.

 

For reference, the output from systemctl status amavisd.service is:

 systemctl -l status amavisd.service

amavisd.service - Amavisd-new is an interface between MTA and content checkers.

   Loaded: loaded (/usr/lib/systemd/system/amavisd.service; enabled)

   Active: failed (Result: start-limit) since Mon 2015-07-20 14:07:14 EDT; 13min ago

     Docs: http://www.ijs.si/software/amavisd/#doc

  Process: 773 ExecStart=/usr/sbin/amavisd -c /etc/amavisd/amavisd.conf (code=exited, status=255)

 

Jul 20 14:07:14 bully systemd[1]: Failed to start Amavisd-new is an interface between MTA and content checkers..

Jul 20 14:07:14 bully systemd[1]: Unit amavisd.service entered failed state.

Jul 20 14:07:14 bully systemd[1]: amavisd.service holdoff time over, scheduling restart.

Jul 20 14:07:14 bully systemd[1]: Stopping Amavisd-new is an interface between MTA and content checkers....

Jul 20 14:07:14 bully systemd[1]: Starting Amavisd-new is an interface between MTA and content checkers....

Jul 20 14:07:14 bully systemd[1]: amavisd.service start request repeated too quickly, refusing to start.

Jul 20 14:07:14 bully systemd[1]: Failed to start Amavisd-new is an interface between MTA and content checkers..

 

Jul 20 14:07:14 bully systemd[1]: Unit amavisd.service entered failed state.

 

I get the impression that the ispconfig install didn't actually finish. No matter what I have tried, any connection to port 8080 or 8081 give a connection refused.  I can connect to port 80 and see the default nginx page.  The firewall is diabled as is selinux.  Any ideas as to what else to try?

From: RHITNL

Had the same problem.

Try run;

iptables -A INPUT -p tcp -m tcp --dport 8080 -j ACCEPT

 

iptables -A INPUT -p tcp -m tcp --dport 8081 -j ACCEPTand then 

service iptables restartto open default firewall of CentOS 7.x

Worked for me :)