The Perfect Server - Debian Squeeze (Debian 6.0) With BIND, Dovecot & Nginx [ISPConfig 3] - Page 7
This tutorial exists for these OS versions
- Debian 10 (Buster)
- Debian 9 (Stretch)
- Debian 8 (Jessie)
- Debian 7 (Wheezy)
- Debian 6 (Squeeze)
On this page
21 Install ISPConfig 3
Before you start the ISPConfig installation ensure that Apache is stopped because phpMyAdmin will have installed Apache as a dependency. Should Apache2 already be installed on the system stop it now:
/etc/init.d/apache2 stop
and remove Apache's system startup links if you have not already done so in a previous step:
insserv -r apache2
Make sure that nginx is running:
/etc/init.d/nginx restart
If you have both Apache and nginx installed, the installer asks you which one you want to use: Apache and nginx detected. Select server to use for ISPConfig: (apache,nginx) [apache]:
Type nginx. If only Apache or nginx are installed, this is automatically detected by the installer, and no question is asked.
To install ISPConfig 3 from the latest released version, do this:
cd /tmp
wget http://www.ispconfig.org/downloads/ISPConfig-3-stable.tar.gz
tar xfz ISPConfig-3-stable.tar.gz
cd ispconfig3_install/install/
The next step is to run
php -q install.php
This will start the ISPConfig 3 installer. The installer will configure all services like Postfix, Dovecot, etc. for you. A manual setup as required for ISPConfig 2 (perfect setup guides) is not necessary.
root@server1:/tmp/ispconfig3_install/install# php -q install.php
--------------------------------------------------------------------------------
_____ ___________ _____ __ _ ____
|_ _/ ___| ___ \ / __ \ / _(_) /__ \
| | \ `--.| |_/ / | / \/ ___ _ __ | |_ _ __ _ _/ /
| | `--. \ __/ | | / _ \| '_ \| _| |/ _` | |_ |
_| |_/\__/ / | | \__/\ (_) | | | | | | | (_| | ___\ \
\___/\____/\_| \____/\___/|_| |_|_| |_|\__, | \____/
__/ |
|___/
--------------------------------------------------------------------------------
>> Initial configuration
Operating System: Debian or compatible, unknown version.
Following will be a few questions for primary configuration so be careful.
Default values are in [brackets] and can be accepted with <ENTER>.
Tap in "quit" (without the quotes) to stop the installer.
Select language (en,de) [en]: <-- ENTER
Installation mode (standard,expert) [standard]: <-- ENTER
Full qualified hostname (FQDN) of the server, eg server1.domain.tld [server1.example.com]: <-- ENTER
MySQL server hostname [localhost]: <-- ENTER
MySQL root username [root]: <-- ENTER
MySQL root password []: <-- yourrootsqlpassword
MySQL database to create [dbispconfig]: <-- ENTER
MySQL charset [utf8]: <-- ENTER
Apache and nginx detected. Select server to use for ISPConfig: (apache,nginx) [apache]: <-- nginx
Generating a 2048 bit RSA private key
........+++
.......+++
writing new private key to 'smtpd.key'
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [AU]: <-- ENTER
State or Province Name (full name) [Some-State]: <-- ENTER
Locality Name (eg, city) []: <-- ENTER
Organization Name (eg, company) [Internet Widgits Pty Ltd]: <-- ENTER
Organizational Unit Name (eg, section) []: <-- ENTER
Common Name (eg, YOUR name) []: <-- ENTER
Email Address []: <-- ENTER
Configuring Jailkit
Configuring SASL
Configuring PAM
Configuring Courier
Configuring Spamassassin
Configuring Amavisd
Configuring Getmail
Configuring Pureftpd
Configuring BIND
Configuring nginx
Configuring Vlogger
Configuring Apps vhost
Configuring Bastille Firewall
Configuring Fail2ban
Installing ISPConfig
ISPConfig Port [8080]: <-- ENTER
Do you want a secure (SSL) connection to the ISPConfig web interface (y,n) [y]: <-- ENTER
Generating RSA private key, 4096 bit long modulus
.............................................................................++
........................................................................................................................++
e is 65537 (0x10001)
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [AU]: <-- ENTER
State or Province Name (full name) [Some-State]: <-- ENTER
Locality Name (eg, city) []: <-- ENTER
Organization Name (eg, company) [Internet Widgits Pty Ltd]: <-- ENTER
Organizational Unit Name (eg, section) []: <-- ENTER
Common Name (eg, YOUR name) []: <-- ENTER
Email Address []: <-- ENTER
Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []: <-- ENTER
An optional company name []: <-- ENTER
writing RSA key
Configuring DBServer
Installing ISPConfig crontab
no crontab for root
no crontab for getmail
Restarting services ...
Rather than invoking init scripts through /etc/init.d, use the service(8)
utility, e.g. service mysql restart
Since the script you are attempting to invoke has been converted to an
Upstart job, you may also use the stop(8) and then start(8) utilities,
e.g. stop mysql ; start mysql. The restart(8) utility is also available.
mysql stop/waiting
mysql start/running, process 2463
* Stopping Postfix Mail Transport Agent postfix
...done.
* Starting Postfix Mail Transport Agent postfix
...done.
* Stopping SASL Authentication Daemon saslauthd
...done.
* Starting SASL Authentication Daemon saslauthd
...done.
Stopping amavisd: amavisd-new.
Starting amavisd: amavisd-new.
* Stopping ClamAV daemon clamd
...done.
* Starting ClamAV daemon clamd
Bytecode: Security mode set to "TrustSigned".
...done.
* Stopping Courier authentication services authdaemond
...done.
* Starting Courier authentication services authdaemond
...done.
* Stopping Courier IMAP server imapd
...done.
* Starting Courier IMAP server imapd
...done.
* Stopping Courier IMAP-SSL server imapd-ssl
...done.
* Starting Courier IMAP-SSL server imapd-ssl
...done.
* Stopping Courier POP3 server...
...done.
* Starting Courier POP3 server...
...done.
* Stopping Courier POP3-SSL server...
...done.
* Starting Courier POP3-SSL server...
...done.
* Restarting Mailman master qrunner mailmanctl
* Waiting...
...fail!
The master qrunner lock could not be acquired because it appears as if another
master qrunner is already running.
...done.
* Reloading PHP5 FastCGI Process Manager php5-fpm
...done.
Reloading nginx configuration: nginx.
Restarting ftp server: Running: /usr/sbin/pure-ftpd-mysql-virtualchroot -l mysql:/etc/pure-ftpd/db/mysql.conf -l pam -8 UTF-8 -O clf:/var/log/pure-ftpd/transfer.log -D -H -b -A -E -u 1000 -Y 1 -B
Installation completed.
You have mail in /var/mail/root
root@server1:/tmp/ispconfig3_install/install#
The installer automatically configures all underlying services, so no manual configuration is needed.
You now also have the possibility to let the installer create an SSL vhost for the ISPConfig control panel, so that ISPConfig can be accessed using https:// instead of http://. To achieve this, just press ENTER when you see this question: Do you want a secure (SSL) connection to the ISPConfig web interface (y,n) [y]:.
You can then access ISPConfig 3 under http(s)://server1.example.com:8080/ or http(s)://192.168.0.100:8080/ ( http or https depends on what you chose during installation). Log in with the username admin and the password admin (you should change the default password and possibly edit the admin username after your first login):
If your browser indicates a 502 Bad Gateway error, just restart PHP-FPM and try the URL again:
/etc/init.d/php5-fpm restart
It can take a couple of minutes for the control panel to be accessible. The system should be ready to be used except if you have an error in your mail.log then read the note below.
21.1 ISPConfig 3 Manual
In order to learn how to use ISPConfig 3, I strongly recommend to download the ISPConfig 3 Manual.
On about 300 pages, it covers the concept behind ISPConfig (admin, resellers, clients), explains how to install and update ISPConfig 3, includes a reference for all forms and form fields in ISPConfig together with examples of valid inputs, and provides tutorials for the most common tasks in ISPConfig 3. It also lines out how to make your server more secure and comes with a troubleshooting section at the end.
21.2 ISPConfig Monitor App For Android
With the ISPConfig Monitor App, you can check your server status and find out if all services are running as expected. You can check TCP and UDP ports and ping your servers. In addition to that you can use this app to request details from servers that have ISPConfig installed (please note that the minimum installed ISPConfig 3 version with support for the ISPConfig Monitor App is 3.0.3.3!); these details include everything you know from the Monitor module in the ISPConfig Control Panel (e.g. services, mail and system logs, mail queue, CPU and memory info, disk usage, quota, OS details, RKHunter log, etc.), and of course, as ISPConfig is multiserver-capable, you can check all servers that are controlled from your ISPConfig master server.
For download and usage instructions, please visit http://www.ispconfig.org/ispconfig-3/ispconfig-monitor-app-for-android/.
22 Additional Notes
22.1 It is likely that emails are not sent or received so to correct this follow the steps below.
Postfix/Dovecot - warning SASL: Connect to private/auth failed: No such file or directory
Error: Postfix/Dovecot - warning: SASL: Connect to private/auth failed: No such file or directory
Similar error messages will appear in your mail log (cat /var/log/mail.log):
Aug 23 15:55:01 server1 postfix/smtpd[15194]: warning: SASL: Connect to private/auth failed: No such file or directory
Aug 23 15:55:01 server1 postfix/smtpd[15194]: fatal: no SASL authentication mechanisms
Aug 23 15:55:02 server1 postfix/master[3979]: warning: process /usr/libexec/postfix/smtpd pid 15194 exit status 1
Aug 23 15:55:02 server1 postfix/master[3979]: warning: /usr/libexec/postfix/smtpd: bad command startup -- throttling
Solution (this config should already exist after this tutorial):
Open your dovecot.conf /etc/dovecot/dovecot.conf, and make sure you have the following lines in it:
vi /etc/dovecot/dovecot.conf
[...] client { path = /var/spool/postfix/private/auth mode = 0660 user = postfix group = postfix } [...] |
Restart Dovecot.
Then check if /var/spool/postfix/private/auth got created:
ls -l /var/spool/postfix/private/auth
Also make sure you add the following line into your /etc/postfix/main.cf file, sensibly on the line next to readme_directory = /usr/share/doc/postfix and restart postfix.
[...] queue_directory = /var/spool/postfix [...] |
/etc/init.d/postfix restart
22.1 OpenVZ
If the Debian server that you have just set up in this tutorial is an OpenVZ container (virtual machine), you should do this on the host system, assuming that the ID of the OpenVZ container is 101, replace it with the correct VPSID on your system:
VPSID=101
for CAP in CHOWN DAC_READ_SEARCH SETGID SETUID NET_BIND_SERVICE NET_ADMIN SYS_CHROOT SYS_NICE CHOWN DAC_READ_SEARCH SETGID SETUID NET_BIND_SERVICE NET_ADMIN SYS_CHROOT SYS_NICE
do
vzctl set $VPSID --capability ${CAP}:on --save
done
23 Links
- Debian: http://www.debian.org/
- ISPConfig: http://www.ispconfig.org/