There is a new version of this tutorial available for Debian 10 (Buster).

The Perfect Server - Debian Squeeze (Debian 6.0) With BIND, Dovecot & Nginx [ISPConfig 3] - Page 7

21 Install ISPConfig 3

Before you start the ISPConfig installation ensure that Apache is stopped because phpMyAdmin will have installed Apache as a dependency. Should Apache2 already be installed on the system stop it now:

/etc/init.d/apache2 stop

and remove Apache's system startup links if you have not already done so in a previous step:

insserv -r apache2

Make sure that nginx is running:

/etc/init.d/nginx restart

If you have both Apache and nginx installed, the installer asks you which one you want to use: Apache and nginx detected. Select server to use for ISPConfig: (apache,nginx) [apache]:

Type nginx. If only Apache or nginx are installed, this is automatically detected by the installer, and no question is asked.

To install ISPConfig 3 from the latest released version, do this:

cd /tmp
wget http://www.ispconfig.org/downloads/ISPConfig-3-stable.tar.gz
tar xfz ISPConfig-3-stable.tar.gz
cd ispconfig3_install/install/

The next step is to run

php -q install.php

This will start the ISPConfig 3 installer. The installer will configure all services like Postfix, Dovecot, etc. for you. A manual setup as required for ISPConfig 2 (perfect setup guides) is not necessary.

root@server1:/tmp/ispconfig3_install/install# php -q install.php


--------------------------------------------------------------------------------
 _____ ___________   _____              __ _         ____
|_   _/  ___| ___ \ /  __ \            / _(_)       /__  \
  | | \ `--.| |_/ / | /  \/ ___  _ __ | |_ _  __ _    _/ /
  | |  `--. \  __/  | |    / _ \| '_ \|  _| |/ _` |  |_ |
 _| |_/\__/ / |     | \__/\ (_) | | | | | | | (_| | ___\ \
 \___/\____/\_|      \____/\___/|_| |_|_| |_|\__, | \____/
                                              __/ |
                                             |___/
--------------------------------------------------------------------------------


>> Initial configuration

Operating System: Debian or compatible, unknown version.

    Following will be a few questions for primary configuration so be careful.
    Default values are in [brackets] and can be accepted with <ENTER>.
    Tap in "quit" (without the quotes) to stop the installer.


Select language (en,de) [en]:
 <-- ENTER

Installation mode (standard,expert) [standard]: <-- ENTER

Full qualified hostname (FQDN) of the server, eg server1.domain.tld  [server1.example.com]: <-- ENTER

MySQL server hostname [localhost]: <-- ENTER

MySQL root username [root]: <-- ENTER

MySQL root password []: <-- yourrootsqlpassword

MySQL database to create [dbispconfig]: <-- ENTER

MySQL charset [utf8]: <-- ENTER

Apache and nginx detected. Select server to use for ISPConfig: (apache,nginx) [apache]: <-- nginx

Generating a 2048 bit RSA private key
........+++
.......+++
writing new private key to 'smtpd.key'
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [AU]:
 <-- ENTER
State or Province Name (full name) [Some-State]: <-- ENTER
Locality Name (eg, city) []: <-- ENTER
Organization Name (eg, company) [Internet Widgits Pty Ltd]: <-- ENTER
Organizational Unit Name (eg, section) []: <-- ENTER
Common Name (eg, YOUR name) []: <-- ENTER
Email Address []: <-- ENTER
Configuring Jailkit
Configuring SASL
Configuring PAM
Configuring Courier
Configuring Spamassassin
Configuring Amavisd
Configuring Getmail
Configuring Pureftpd
Configuring BIND
Configuring nginx
Configuring Vlogger
Configuring Apps vhost
Configuring Bastille Firewall
Configuring Fail2ban
Installing ISPConfig
ISPConfig Port [8080]:
 <-- ENTER

Do you want a secure (SSL) connection to the ISPConfig web interface (y,n) [y]: <-- ENTER

Generating RSA private key, 4096 bit long modulus
.............................................................................++
........................................................................................................................++
e is 65537 (0x10001)
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [AU]:
 <-- ENTER
State or Province Name (full name) [Some-State]: <-- ENTER
Locality Name (eg, city) []: <-- ENTER
Organization Name (eg, company) [Internet Widgits Pty Ltd]: <-- ENTER
Organizational Unit Name (eg, section) []: <-- ENTER
Common Name (eg, YOUR name) []: <-- ENTER
Email Address []: <-- ENTER

Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:
 <-- ENTER
An optional company name []: <-- ENTER
writing RSA key
Configuring DBServer
Installing ISPConfig crontab
no crontab for root
no crontab for getmail
Restarting services ...
Rather than invoking init scripts through /etc/init.d, use the service(8)
utility, e.g. service mysql restart

Since the script you are attempting to invoke has been converted to an
Upstart job, you may also use the stop(8) and then start(8) utilities,
e.g. stop mysql ; start mysql. The restart(8) utility is also available.
mysql stop/waiting
mysql start/running, process 2463
 * Stopping Postfix Mail Transport Agent postfix
   ...done.
 * Starting Postfix Mail Transport Agent postfix
   ...done.
 * Stopping SASL Authentication Daemon saslauthd
   ...done.
 * Starting SASL Authentication Daemon saslauthd
   ...done.
Stopping amavisd: amavisd-new.
Starting amavisd: amavisd-new.
 * Stopping ClamAV daemon clamd
   ...done.
 * Starting ClamAV daemon clamd
Bytecode: Security mode set to "TrustSigned".
   ...done.
 * Stopping Courier authentication services authdaemond
   ...done.
 * Starting Courier authentication services authdaemond
   ...done.
 * Stopping Courier IMAP server imapd
   ...done.
 * Starting Courier IMAP server imapd
   ...done.
 * Stopping Courier IMAP-SSL server imapd-ssl
   ...done.
 * Starting Courier IMAP-SSL server imapd-ssl
   ...done.
 * Stopping Courier POP3 server...
   ...done.
 * Starting Courier POP3 server...
   ...done.
 * Stopping Courier POP3-SSL server...
   ...done.
 * Starting Courier POP3-SSL server...
   ...done.
 * Restarting Mailman master qrunner mailmanctl
 * Waiting...
   ...fail!
The master qrunner lock could not be acquired because it appears as if another
master qrunner is already running.

   ...done.
 * Reloading PHP5 FastCGI Process Manager php5-fpm
   ...done.
Reloading nginx configuration: nginx.
Restarting ftp server: Running: /usr/sbin/pure-ftpd-mysql-virtualchroot -l mysql:/etc/pure-ftpd/db/mysql.conf -l pam -8 UTF-8 -O clf:/var/log/pure-ftpd/transfer.log -D -H -b -A -E -u 1000 -Y 1 -B
Installation completed.
You have mail in /var/mail/root
root@server1:/tmp/ispconfig3_install/install#

The installer automatically configures all underlying services, so no manual configuration is needed.

You now also have the possibility to let the installer create an SSL vhost for the ISPConfig control panel, so that ISPConfig can be accessed using https:// instead of http://. To achieve this, just press ENTER when you see this question: Do you want a secure (SSL) connection to the ISPConfig web interface (y,n) [y]:.

You can then access ISPConfig 3 under http(s)://server1.example.com:8080/ or http(s)://192.168.0.100:8080/ ( http or https depends on what you chose during installation). Log in with the username admin and the password admin (you should change the default password and possibly edit the admin username after your first login):

If your browser indicates a 502 Bad Gateway error, just restart PHP-FPM and try the URL again:

/etc/init.d/php5-fpm restart

It can take a couple of minutes for the control panel to be accessible. The system should be ready to be used except if you have an error in your mail.log then read the note below.

 

 

22 Additional Notes

22.1 It is likely that emails are not sent or received so to correct this follow the steps below.

Postfix/Dovecot - warning SASL: Connect to private/auth failed: No such file or directory

Error: Postfix/Dovecot - warning: SASL: Connect to private/auth failed: No such file or directory

Similar error messages will appear in your mail log (cat /var/log/mail.log):

Aug 23 15:55:01 server1 postfix/smtpd[15194]: warning: SASL: Connect to private/auth failed: No such file or directory
Aug 23 15:55:01 server1 postfix/smtpd[15194]: fatal: no SASL authentication mechanisms
Aug 23 15:55:02 server1 postfix/master[3979]: warning: process /usr/libexec/postfix/smtpd pid 15194 exit status 1
Aug 23 15:55:02 server1 postfix/master[3979]: warning: /usr/libexec/postfix/smtpd: bad command startup -- throttling

Solution (this config should already exist after this tutorial):

Open your dovecot.conf /etc/dovecot/dovecot.conf, and make sure you have the following lines in it:

vi /etc/dovecot/dovecot.conf
[...]
client {
       path = /var/spool/postfix/private/auth
       mode = 0660
       user = postfix
       group = postfix
}
[...]

Restart Dovecot.

Then check if /var/spool/postfix/private/auth got created:

ls -l /var/spool/postfix/private/auth

Also make sure you add the following line into your /etc/postfix/main.cf file, sensibly on the line next to readme_directory = /usr/share/doc/postfix and restart postfix.

[...]
queue_directory = /var/spool/postfix
[...]
/etc/init.d/postfix restart

 

22.1 OpenVZ

If the Debian server that you have just set up in this tutorial is an OpenVZ container (virtual machine), you should do this on the host system, assuming that the ID of the OpenVZ container is 101, replace it with the correct VPSID on your system:

VPSID=101
for CAP in CHOWN DAC_READ_SEARCH SETGID SETUID NET_BIND_SERVICE NET_ADMIN SYS_CHROOT SYS_NICE CHOWN DAC_READ_SEARCH SETGID SETUID NET_BIND_SERVICE NET_ADMIN SYS_CHROOT SYS_NICE
do
  vzctl set $VPSID --capability ${CAP}:on --save
done

 

Share this page:

6 Comment(s)