The Perfect Server - Debian Squeeze (Debian 6.0) With BIND, Dovecot & Nginx [ISPConfig 3] - Page 4
This tutorial exists for these OS versions
- Debian 10 (Buster)
- Debian 9 (Stretch)
- Debian 8 (Jessie)
- Debian 7 (Wheezy)
- Debian 6 (Squeeze)
On this page
10 Install Postfix, Dovecot, Saslauthd, MySQL, phpMyAdmin, rkhunter, binutils
You can install Postfix, Dovecot, Saslauthd, MySQL, phpMyAdmin, rkhunter, and binutils with a single command:
apt-get install postfix postfix-mysql postfix-doc mysql-client mysql-server openssl getmail4 rkhunter binutils dovecot-imapd dovecot-pop3d sudo
You will be asked the following questions:
General type of mail configuration: <-- Internet Site
System mail name: <-- server1.example.com
New password for the MySQL "root" user: <-- yourrootsqlpassword
Repeat password for the MySQL "root" user: <-- yourrootsqlpassword
We want MySQL to listen on all interfaces, not just localhost, therefore we edit /etc/mysql/my.cnf and comment out the line bind-address = 127.0.0.1:
vi /etc/mysql/my.cnf
[...] # Instead of skip-networking the default is now to listen only on # localhost which is more compatible and is not less secure. #bind-address = 127.0.0.1 [...] |
Then restart MySQL:
/etc/init.d/mysql restart
Now check that networking is enabled. Run
netstat -tap | grep mysql
The output should look similar to this:
root@server1:~# netstat -tap | grep mysql
tcp 0 0 *:mysql *:* LISTEN 10617/mysqld
root@server1:~#
11 Install Amavisd-new, SpamAssassin, And Clamav
To install amavisd-new, SpamAssassin, and ClamAV, run:
apt-get install amavisd-new spamassassin clamav clamav-daemon zoo unzip bzip2 arj nomarch lzop cabextract apt-listchanges libnet-ldap-perl libauthen-sasl-perl clamav-docs daemon libio-string-perl libio-socket-ssl-perl libnet-ident-perl zip libnet-dns-perl
The ISPConfig 3 setup script uses amavisd which loads the SpamAssassin filter library internally, so we you stop SpamAssassin to free up some RAM:
/etc/init.d/spamassassin stop
update-rc.d -f spamassassin remove
12 Install Nginx, PHP5 (PHP-FPM), And Fcgiwrap
Nginx is available as a package from the Dotdeb repository (the packages on official nginx repo do not work with ISPConfig 3 at the time of writing) so to install it run the following command:
apt-get install nginx
Apache should not be installed by this stage although it is pulled as a depedency for phpMyAdmin later on in the tutorial. Remove Apache with:
apt-get purge apache2 apache2.2-common apache2-doc apache2-mpm-prefork apache2-utils
and any other related packages. You can also run:
apt-get autoremove
to make sure any unnecessary packages are purged.
To make PHP5 work in nginx through PHP-FPM (FastCGI Process Manager) as an alternative to the PHP FastCGI implementation with some additional features catering for websites of any size, especially heavier traffic, install it as follows:
apt-get install php5-fpm
PHP-FPM is a daemon process, with the init script /etc/init.d/php5-fpm, that runs a FastCGI server on port 9000.
To add MySQL support to PHP, we can install the php5-mysql package. You might need some additional PHP5 modules as well to support the enhanced features of your web applications. You can search for available PHP5 modules like this:
apt-cache search php5
If you are not bothered about disk space or whether they are necessary to install or not, you can install them all:
apt-get install php5-mysql php5-curl php5-gd php5-intl php-pear php5-imagick php5-imap php5-mcrypt php5-memcache php5-ming php5-ps php5-pspell php5-recode php5-snmp php5-sqlite php5-tidy php5-xmlrpc php5-xsl
or delete those that you know you do not need.
APC is a free and open-source PHP opcode cacher for caching and optimizing PHP intermediate code. It is similar to other PHP opcode cachers, such as eAccelerator and XCache. It is strongly recommended to have one of these installed to speed up your PHP pages.
APC can be installed as follows:
apt-get install php-apc
Now restart PHP-FPM:
/etc/init.d/php5-fpm restart
Fcgiwrap is a CGI wrapper that should work also for complex CGI scripts and can be used for shared hosting environments because it allows each vhost to use its own cgi-bin directory. For CGI support in nginx you must install Fcgiwrap package as follows:
apt-get install fcgiwrap
After the installation, the fcgiwrap daemon should already be started; its socket is /var/run/fcgiwrap.socket. If it is not running you can use the /etc/init.d/fcgiwrap script to start it.
That's it! Now when you create an nginx vhost, ISPConfig 3 will take care of the correct vhost configuration.
13 Install phpMyAdmin And Configure HTTPS For Vhosts
To install phpMyAdmin run the following command:
apt-get install phpmyadmin
You will be prompted with the following questions:
Web server to reconfigure automatically: <-- select none (because only apache2 and lighttpd are available as options)
Configure database for phpmyadmin with dbconfig-common? <-- No
If you selected 'Yes' then you will get an error that can be read about on this link: http://serverfault.com/questions/341116/setting-up-phpmyadmin-got-a-mysql-syntax-error
Because Apache2 is installed as part of a phpMyAdmin dependency, stop it now with:
/etc/init.d/apache2 stop
and remove Apache's system startup links:
insserv -r apache2
Start nginx afterwards:
/etc/init.d/nginx start
You can now find phpMyAdmin in the /usr/share/phpmyadmin/ directory.
After you have installed ISPConfig 3, you can access phpMyAdmin as follows:
The ISPConfig 3 apps vhost on port 8081 for nginx comes with a phpMyAdmin configuration, so you can use http://server1.example.com:8081/phpmyadmin or http://server1.example.com:8081/phpMyAdmin to access phpMyAdmin.
If you want to use a /phpmyadmin or /phpMyAdmin alias that you can use from your web sites, this is a bit more complicated than for Apache 2 because nginx does not have global aliases (aliases that can be defined for all vhosts). Therefore you have to define the aliases for each vhost so that you can access with phpMyAdmin on your specified URI.
To do this, paste the following into the nginx Directives field on the Options tab of each web site in ISPConfig3 (after you installed it later on in the tutorial):
location /phpmyadmin { root /usr/share/; index index.php index.html index.htm; location ~ ^/phpmyadmin/(.+\.php)$ { try_files $uri =404; root /usr/share/; fastcgi_pass 127.0.0.1:9000; fastcgi_index index.php; fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; include /etc/nginx/fastcgi_params; fastcgi_buffer_size 128k; fastcgi_buffers 256 4k; fastcgi_busy_buffers_size 256k; fastcgi_temp_file_write_size 256k; fastcgi_intercept_errors on; } location ~* ^/phpmyadmin/(.+\.(jpg|jpeg|gif|css|png|js|ico|html|xml|txt))$ { root /usr/share/; } } location /phpMyAdmin { rewrite ^/* /phpmyadmin last; } |
If you use https instead of http for your vhost, you should add the line fastcgi_param HTTPS on, to your phpMyAdmin configuration like this:
location /phpmyadmin {
root /usr/share/;
index index.php index.html index.htm;
location ~ ^/phpmyadmin/(.+\.php)$ {
try_files $uri =404;
root /usr/share/;
fastcgi_pass 127.0.0.1:9000;
fastcgi_param HTTPS on; # <-- add this line
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include /etc/nginx/fastcgi_params;
fastcgi_buffer_size 128k;
fastcgi_buffers 256 4k;
fastcgi_busy_buffers_size 256k;
fastcgi_temp_file_write_size 256k;
fastcgi_intercept_errors on;
}
location ~* ^/phpmyadmin/(.+\.(jpg|jpeg|gif|css|png|js|ico|html|xml|txt))$ {
root /usr/share/;
}
}
location /phpMyAdmin {
rewrite ^/* /phpmyadmin last;
}
|
It is pretty dubious whether you would like to transfer data and passwords in cleartext to phpMyAdmin or other applications that you would like to keep secure. So to use both http and https for your vhost you should to add the following section to the http {} section in /etc/nginx/nginx.conf, before any include lines, this determines whether the visitor uses http or https and sets the $fastcgi_https variable. Use this in your phpMyAdmin configuration accordingly:
vi /etc/nginx/nginx.conf
[...] http { [...] ## Detect when HTTPS is used map $scheme $fastcgi_https { default off; https on; } [...] } [...] |
Do not forget to reload nginx afterwards:
/etc/init.d/nginx reload
Then go to the nginx Directives field again, and instead of fastcgi_param HTTPS on, you add the line fastcgi_param HTTPS $fastcgi_https, so that you can use phpMyAdmin for both http and https requests:
location /phpmyadmin {
root /usr/share/;
index index.php index.html index.htm;
location ~ ^/phpmyadmin/(.+\.php)$ {
try_files $uri =404;
root /usr/share/;
fastcgi_pass 127.0.0.1:9000;
fastcgi_param HTTPS $fastcgi_https; # <-- add this line
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include /etc/nginx/fastcgi_params;
fastcgi_buffer_size 128k;
fastcgi_buffers 256 4k;
fastcgi_busy_buffers_size 256k;
fastcgi_temp_file_write_size 256k;
fastcgi_intercept_errors on;
}
location ~* ^/phpmyadmin/(.+\.(jpg|jpeg|gif|css|png|js|ico|html|xml|txt))$ {
root /usr/share/;
}
}
location /phpMyAdmin {
rewrite ^/* /phpmyadmin last;
}
|
14 Install Mailman
Since version 3.0.4, ISPConfig also allows you to manage (create/modify/delete) Mailman mailing lists. If you want to make use of this feature install Mailman as follows:
apt-get install mailman
Before we can start Mailman a first mailing list called mailman must be created:
newlist mailman
root@server1:~# newlist mailman
Enter the email of the person running the list: <-- admin email address, e.g. [email protected]
Initial mailman password: <-- admin password for the mailman list
To finish creating your mailing list, you must edit your /etc/aliases or
an equivalent file by adding the following lines:
## mailman mailing list
mailman: "|/var/lib/mailman/mail/mailman post mailman"
mailman-admin: "|/var/lib/mailman/mail/mailman admin mailman"
mailman-bounces: "|/var/lib/mailman/mail/mailman bounces mailman"
mailman-confirm: "|/var/lib/mailman/mail/mailman confirm mailman"
mailman-join: "|/var/lib/mailman/mail/mailman join mailman"
mailman-leave: "|/var/lib/mailman/mail/mailman leave mailman"
mailman-owner: "|/var/lib/mailman/mail/mailman owner mailman"
mailman-request: "|/var/lib/mailman/mail/mailman request mailman"
mailman-subscribe: "|/var/lib/mailman/mail/mailman subscribe mailman"
mailman-unsubscribe: "|/var/lib/mailman/mail/mailman unsubscribe mailman"
Hit enter to notify mailman owner... <-- ENTER
root@server1:~#
Open /etc/aliases afterwards:
vi /etc/aliases
and add the following lines:
[...] mailman: "|/var/lib/mailman/mail/mailman post mailman" mailman-admin: "|/var/lib/mailman/mail/mailman admin mailman" mailman-bounces: "|/var/lib/mailman/mail/mailman bounces mailman" mailman-confirm: "|/var/lib/mailman/mail/mailman confirm mailman" mailman-join: "|/var/lib/mailman/mail/mailman join mailman" mailman-leave: "|/var/lib/mailman/mail/mailman leave mailman" mailman-owner: "|/var/lib/mailman/mail/mailman owner mailman" mailman-request: "|/var/lib/mailman/mail/mailman request mailman" mailman-subscribe: "|/var/lib/mailman/mail/mailman subscribe mailman" mailman-unsubscribe: "|/var/lib/mailman/mail/mailman unsubscribe mailman" |
Run newaliases and restart Postfix:
newaliases
/etc/init.d/postfix restart
Then start the Mailman daemon:
/etc/init.d/mailman start
After you have installed ISPConfig 3, you can access Mailman as follows:
The ISPConfig apps vhost on port 8081 for nginx comes with a Mailman configuration, so you can use http://server1.example.com:8081/cgi-bin/mailman/admin/<listname> or http://server1.example.com:8081/cgi-bin/mailman/listinfo/<listname> to access Mailman.
If you want to use Mailman from your individual web sites, the configuration is a bit more complicated than for Apache because nginx does not have global aliases (defining aliases that subsequently work for all hosts, e.g. domain.tld/definedalias). Therefore you have to define the aliases for each vhost from which you want to access Mailman.
To do this, paste the following into the nginx Directives field after ISPConfig is installed on the Options tab of each the website:
location /cgi-bin/mailman { root /usr/lib/; fastcgi_split_path_info (^/cgi-bin/mailman/[^/]*)(.*)$; include /etc/nginx/fastcgi_params; fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; fastcgi_param PATH_INFO $fastcgi_path_info; fastcgi_param PATH_TRANSLATED $document_root$fastcgi_path_info; fastcgi_intercept_errors on; fastcgi_pass unix:/var/run/fcgiwrap.socket; } location /images/mailman { alias /usr/share/images/mailman; } location /pipermail { alias /var/lib/mailman/archives/public; autoindex on; } |
This defines the alias /cgi-bin/mailman/ for your vhost, which means you can access the Mailman admin interface for a list at http://<vhost>/cgi-bin/mailman/admin/<listname>, and the web page for users of a mailing list can be found at http://<vhost>/cgi-bin/mailman/listinfo/<listname>.
Under http://<vhost>/pipermail you can find the mailing list archives.