The Perfect Server - Debian Wheezy (Apache2, BIND, Dovecot, ISPConfig 3)

Version 1.0
Author: Falko Timme
Follow me on Twitter
Last edited 05/07/2013

This tutorial shows how to prepare a Debian Wheezy server (with Apache2, BIND, Dovecot) for the installation of ISPConfig 3, and how to install ISPConfig 3. ISPConfig 3 is a webhosting control panel that allows you to configure the following services through a web browser: Apache or nginx web server, Postfix mail server, Courier or Dovecot IMAP/POP3 server, MySQL, BIND or MyDNS nameserver, PureFTPd, SpamAssassin, ClamAV, and many more. This setup covers Apache (instead of nginx), BIND (instead of MyDNS), and Dovecot (instead of Courier).

Please note that this setup does not work for ISPConfig 2! It is valid for ISPConfig 3 only!

I do not issue any guarantee that this will work for you!

 

1 Requirements

To install such a system you will need the following:

 

2 Preliminary Note

In this tutorial I use the hostname server1.example.com with the IP address 192.168.0.100 and the gateway 192.168.0.1. These settings might differ for you, so you have to replace them where appropriate.

 

3 The Base System

Insert your Debian Wheezy network installation CD into your system and boot from it. Select Install (this will start the text installer - if you prefer a graphical installer, select Graphical install):

Choose your language:

Then select your location:

If you've selected an uncommon combination of language and location (like English as the language and Germany as the location, as in my case), the installer might tell you that there is no locale defined for this combination; in this case you have to select the locale manually. I select en_US.UTF-8 here:

Choose a keyboard layout:

The installer checks the installation CD, your hardware, and configures the network with DHCP if there is a DHCP server in the network:

Enter the hostname. In this example, my system is called server1.example.com, so I enter server1:

Enter your domain name. In this example, this is example.com:

Afterwards, give the root user a password:

Confirm that password to avoid typos:

Create a normal user account, for example the user Administrator with the user name administrator (don't use the user name admin as it is a reserved name on Debian Wheezy):

Share this page:

74 Comment(s)

Add comment

Comments

From: at: 2013-05-23 16:49:06


I do everything excatly like described here in the tutorial. I was not able to send Mails. After some hours of searching, I found the solution:  

In Debian 7 /etc/postfix/main.cf has this entry by default:

inet_interfaces = loopback-only

change this, with

inet_interfaces = all

Restart postfix, and you're able to send Mails.

From: Jan at: 2013-07-16 14:52:14

I just installed a Debian 7.1 server (16.7.2013) and this is not needed anymore - it's fixed in an update.

Thanks to the OP though.

From: at: 2013-10-21 16:24:20

Mannnnnyyyyy THX suther,

 that was also my problem.... 

From: Anonymous at: 2013-11-09 05:41:09

I can confirm this!

Clean install of Debian 7.0.

Then apt-get update &&  apt-get upgrade && apt-get dist-upgrade

 Then following The Perfect Server - Debian Wheezy (Apache2, BIND, Dovecot, ISPConfig 3)

Results in  inet_interfaces = loopback-only in /etc/postfix/main.cf, which prohibits all incoming emails and causes hours of troubleshooting.

This guide needs to be updated.

From: insink71 at: 2013-07-10 14:33:37

As of 7.1 (Debian Wheezy), dependency based boot is used by default; so for example in step 11 of your tutorial, in lieu of:

update-rc.d -f spamassassin remove

you would use:

insserv -rf spamassasin

otherwise you get a lil message:

update-rc.d: using dependency based boot sequencing

and the init.rc isn't updated.

 

Rob

From: Jan at: 2013-07-16 14:58:03

There is a typo the correct command is:


insserv -rf spamassassin


(one s is missing in OP)

From: Thomas CARTER at: 2013-09-01 14:21:47

I had :
Clamav signatures not found in /var/lib/clamav ... failed!
Please retrieve them using freshclam ... failed!
Then run '/etc/init.d/clamav-daemon start' ... failed!

I ran freshclam and /etc/init.d/clamav-daemon start as suggested and it worked. 

From: The redbaron at: 2013-12-04 01:55:57

You have to run in first this command line:

freshclam

then check the log in /var/log/clamav/freshclam.log

 If it's work. you can run clamav without error in launching this command:

/etc/init.d/clamav-daemon start

That's all

 

From: at: 2013-09-25 07:59:30

PuTTY could be used after the Network Interfaces are set correctly and the Network were restarted. It wasn't work for me as suggested after point 4 were completed.

From: Gandalf4711 at: 2013-12-04 21:55:54

If you may encounter problems in Debian 7 at mySQL restart like:

/usr/bin/mysql: Unknown OS character set 'ISO-8859-15'.
/usr/bin/mysql: Switching to the default character set 'latin1'.

you probably configured your locales with @Euro ....

Fill in the following in the /etc/mysql/debian.cnf file, in the client part:

 default-character-set=latin1

Then restart mysql....

From: at: 2013-12-30 12:25:51

Hey Gandalf. You missed installation of char-sets before you installed mysql.

Try this...

dpkg-reconfigure locales
locale-gen
export LC_ALL=en_US.UTF-8
update-locale LC_ALL="en_US.UTF-8"

From: at: 2014-01-07 12:52:01


In Debian 7.3 Wheezy the sources.list is set by default:
 
deb http://ftp.th.debian.org/debian/ wheezy main non-free contrib
deb-src http://ftp.th.debian.org/debian/ wheezy main non-free contrib

deb http://security.debian.org/ wheezy/updates main contrib non-free
deb-src http://security.debian.org/ wheezy/updates main contrib non-free

# wheezy-updates, previously known as 'volatile'
deb http://ftp.th.debian.org/debian/ wheezy-updates main contrib non-free
deb-src http://ftp.th.debian.org/debian/ wheezy-updates main contrib non-free

 

 

From: at: 2014-01-25 02:39:28

On fresh installation of Debian Wheezy 7.3, we need to comment out the DVD source in source.list, or we will get this message:
 
root@debian:/tmp# apt-get install ntp ntpdate
Reading package lists... Done
[...]
Do you want to continue [Y/n]? y
Media change: please insert the disc labeled
 'Debian GNU/Linux 7.3.0 _Wheezy_ - Official amd64 DVD Binary-1 20131215-04:56'
in the drive '/media/cdrom/' and press enter

From: at: 2014-02-01 22:01:25

System mail name: <-- server1.example.com
 should be:
System mail name: <-- example.com
because postfix as for FQDN of the system, not server name. 
 
 

From: admin at: 2014-02-02 13:35:34

The tutorial is correct. You have to enter server1.example.com here. If you would use example.com , then the mail System will fail later as you cant use example.com  for mailboxes in ispconfig as all mailboxes are virtual postfix domains and a domain in postfix may not be lisetd as virtual domain and system domain.

From: Ulrich at: 2013-05-14 13:00:09

tried this three days ago. worked perfect. just a few notices:

1.  The language selections within page 1, step 3 are slightly different

2.  The user account for non-administrative activities shouldn't be "Administrator" (page 1, step 3)

3. Page 4, Step 12.2: This step is not possible, because libapache2-mod-fastcgi is a non-free package. I skipped this step.

 

 

From: at: 2013-06-02 09:47:32

to 3.: non-free is added to source.list in this howto!

From: Anonymous at: 2013-09-10 20:06:23

To make MySQL more secure, strongly recommend to run this command to remove test database and access, etc.: mysql_secure_installation

From: inattendu at: 2014-02-04 14:22:57

Jailkit à été mis à jour (version 2.17)


Le nouveau lien : --> JAILKIT v2.17

La page source : http://olivier.sessink.nl/jailkit/index.html#download

Merci pour cet excellent tutoriel.

From: at: 2014-02-13 03:40:09

I think php5-ldap should be added to 

12 Install Apache2, PHP5, phpMyAdmin, FCGI, suExec, Pear, And mcrypt

From: Alberto Rivera Duque at: 2014-02-25 14:32:48

I installed several times ISPConfig and virtual domains do not work.
To exit the UEFI bios everything worked fine, but once installed everything tells me that the port *: 80 and *: 433 are not open, in fact does not show when installed apache web. I am very lost. Until now I had worked well with the plates 775 and Xeon procesasores. The motherboard I installed asus P8 Z77 is-V LX with I3 processor and 8gb of ram. 4 hd 1tb in raid 5. 
The operating system is 64-bit debian whezzy


A greeting and thanks.

From: admin at: 2014-02-26 07:15:46

Ist unlikely that your Problem is related to the Hardware of your Server. Please post your Problem in the Forum, so that we can try to help you to find out whats wrong.

From: at: 2014-02-26 09:32:20

# /etc/init.d/fail2ban restart

 and i get this

[ ok ] Restarting authentication failure monitor: fail2ban.

From: Anonymous at: 2014-07-30 18:03:16

Resolv : Status of authentication failure monitor:fail2ban is not running ... failed!

Edit : /etc/fail2ban/jail.local change filter   = pureftpd  to filter   = pure-ftpd

From: at: 2014-02-26 09:33:43

:~# /etc/init.d/fail2ban restart

[ ok ] Restarting authentication failure monitor: fail2ban.

 

why :( 

From: Thomas CARTER at: 2014-04-10 19:19:53

12.2 PHP-FPM

apt-get install libapache2-mod-fastcgi php5-fpm

On an OVH Kimsufit, I got : Package libapache2-mod-fastcgi is not available, but is referred to by another package.

Thanks to http://blog.haza.fr/etape-3-apache-php, I did :

vim /etc/apt/sources.list

Add following 2 lines :

deb http://ftp.fr.debian.org/debian/ wheezy non-free

deb-src http://ftp.fr.debian.org/debian/ wheezy non-free


and it worked.

From: Julio_EH at: 2014-07-29 19:39:06

and then :

apt-get update

 

From: Anonymous at: 2014-10-20 12:45:41

or:

apt-get install libapache2-mod-fcgid  php5-fpm

From: Thilo at: 2014-08-16 10:22:07


If you want to protect websites with fail2ban which are controlled by ISPConfig you must keep in mind that each of these websites has its own logs, e.g. /var/log/ispconfig/httpd/domain.tld/error.log

This must be respected in your jail.local for the property 'logpath'. More than one paths can be specified here.

Example:

[apache-nohome]
enabled  = true
port     = http,https
filter   = apache-nohome
logpath  = /var/log/ispconfig/httpd/*/*error.log
          /var/log/apache*/*error.log
maxretry = 6
findtime = 3600     ; 1 hour

Thanks for this nice article.

Kind regards
Thilo 

From: at: 2014-11-10 21:32:05

Hi,

Thanks for this great tutorial!

With filezilla, I'm very often disconnected when I browse through directories. I'm using a standard connection (not TLS) with the default port. I created a conf file to increase the default timeout to 60 minutes without success. Finally, I have the issue on two different servers with this installation.

Does anyone has an idea? Thanks by advance.

 

 

From: at: 2014-11-14 14:24:29

libapache2-mod-suphp has been removed from Testing (Jessie) and unstable (Sid) because there is no upstream activity and it has become a security risk.  Please see thread located here....

http://www.howtoforge.com/forums/showpost.php?p=321556&postcount=3 

From: mariaczi at: 2013-05-08 12:35:09

Actually, in Debian Wheezy squirrelmail have problem with regional characters (function htmlspecialchars from php v5.4)

From: William Van Hefner at: 2013-06-13 11:55:42

You might want to try installing some of the optional Squirrelmail plugins. They should be installable directly from the debian wheezy repository. In particular, try:

 apt-get install squirrelmail-compatibility squirrelmail-decode

Some plugins require that you activate them by running squirrelmail-config and choosing option #8. There are also some additional plugins and templates available on the Squirrelmail official website, if those don't help. If you want to get really fancy, there are also some vendors selling enhanced Squirrelmail templates and interfaces as well. They might offer commercial support for more specific problems.

 

 

From: Jan at: 2013-07-16 15:25:24

just tiny little typo:

squirrelmail-configure

From: Makoa at: 2013-10-30 07:44:50

Hello everybody.

Thinks for the tutorial.

I have some problems with squirrelmail, I have this message when i connect on it: "ERROR Unknown user or password incorrect".

Please helps me.

From: Anonymous at: 2014-12-21 20:01:58

I have the same problem

 

From: inattendu at: 2013-05-21 00:23:55

Merci pour ce tutoriel très complet qui m'a permi de réeussir mon installation du premier coup, ce site est génial !

howtoforge... une référence !

inattendu.

From: Jérémy at: 2013-05-21 20:54:24

I could successfully install ISP Config, Dovecot and Postfix, but there is one issue with incoming mails... I can't get mails from outside (Gmail, Hotmail, etc.). Could anyone help me to go through?

From: Pavel at: 2013-05-23 21:52:48

Check Your /etc/postfix/main.cf file for option mydestination. It shouldn't have Your hostname. It should looks like:
...
mydestination = localhost, localhost.localdomain
...

Hope it helps,
Pavel

From: Pavel at: 2013-05-23 21:47:22

If You have problem with https protocol:
107 (net::ERR_SSL_PROTOCOL_ERROR) or ssl_error_rx_record_too_long
just need to ensite default-ssl vhost in apache2:
a2ensite default-ssl
 
good luck

From: at: 2014-08-28 20:57:41

Good catch Pavel! This is a great feature which should be done above in the main docs just to allow SquirrelMail to be done with https.

From: Anonymous at: 2013-07-07 09:55:18

i was able to install everything without a single issue. Thank you,sir!

From: Tomek at: 2013-07-16 08:25:03

Thank you for all of yours tutorials. I'm comming here many times, thank you for your great job :-)

From: Grefu at: 2013-09-12 11:17:32

All ok without errors, but panel still doesn't run. I get "connection interrupt while loading". If I navigate on http://x.x.x.x:8080 it loads squirrelmail webpage http://x.x.x.x:8080/src/login.php. If I navigate on https get that error message.

From: Kenny at: 2013-09-22 19:36:42

Everything set up nicely on a Debian Wheezy server running on Amazon EC2 with no significant issues.  Thanks for the helpful tutorial.

From: Anonymous at: 2013-10-07 22:05:07

Hallo,

 Hab soweit alles richtig und nach der Anleitung gemacht.

 Jedoch kann ich alles nur unter der Lokalein ip erreichen. Also 192.168.0.100

Wozu macht man das dann mit der example.com Domain? Oder muss die Domain tatsächlich vorhanden sein?

 Danke im Voraus 

 

From: Gaurav Saluja at: 2013-10-11 03:43:59

hello i have recently installed ispconfig using this tutorial 

 it was working fine and it is showing 350MB ram consuming 


 then i rebooted the vps , and poof all processess gone and the memory is now 6 MB only

 no process is loading now, so i just want to know the list of services to start as i am new to debian and ispconfig, also how to make sure that each service will start at reboot , will chkconfig httpd on  , similar command will work?

 please mail me at gaurav@saluja.asia

From: Anonymous at: 2014-12-24 17:52:21

http://www.howtoforge.com/forums/showthread.php?t=67920

From: Sevage at: 2013-10-15 07:01:21

Hallo,

 auch ich habe wieder mal dieses geniale Tut durchgearbeitet (gleich auf 2 Servern) und musste heute feststellen, dass ich im Squirrelmail keine Anhänge an Mails anhängen kann. Auf beiden Servern nicht!

Kann jemand diesen Fehler bestätigen?

From: at: 2013-11-27 08:44:40

Ja, bei mir auch

Solution:

http://www.howtoforge.com/forums/showpost.php?p=267993&postcount=2

From: German at: 2013-11-18 17:56:43

hello first congratulate you for this wonderful guide. I followed all your steps one by one and at the end I sent an email to a gmail account of mine but I do not get. any advice? thanks

From: Ayhan DEL? at: 2014-03-17 01:40:03

thank you very much

From: Anonymous at: 2014-03-26 15:43:31

Many thanks for this walk through, i am a total noob when it comes to this and this made it simple and easy to do, Im now all set up and going :)

 

Keep up the great work

From: at: 2014-04-29 22:06:34

Hello
Nice Tutorial, i would apreciate to have Roundcube instand of  SquirrelMail.
have a nice day
vincent

From: Michel at: 2014-06-14 19:00:31

Hello,

I re-installed the debian server but now I have the big problem that I am not able to configurate the mailsettings in ispconfig3.

 When I push the button email, then I get the sidebar of email but I can not do anything with it.

I think that something is changed in debian but I can not figure out what is changed and why I can not setup my mail anymore.

  I followed this manual by the letter and I tried to install the server for 4 times now but still get the same problem.

 I assume that I am not the only person with this problem, Has anybody ideas how to solve this?

 Greetings, Michel

 

 

From: admin at: 2014-06-14 19:38:18

The guide works fine in latest Debian, I installed it yesterday for a Client and it worked fine. I guess your mistake is that you did not use the alias "webmail" for squirrelmail as described in the guide. If you use "mail" as alias, then the Problem that you describe occurs as your "mail" alias will Redirect requests to the ispconfig mail module to squirrelmail.

From: Michel at: 2014-06-16 16:05:57

Hello,

 I did use the alias "webmail" for squirrelmail, I also installed this server on a 32 bit machine and there everything works fine, only not on my 64 bit system.

From: Jim at: 2014-06-24 20:46:03

Hi i configured server in VPS, later on dedicated server (16 GB ram, xeon CPU) - Debian... but if i have any virtualhosts i have big problem... load page speed is realy slow (3s+)... i tested in pingdom and its realy big wait time in first step (load main url)... cpu is idle, ram is free.. any idea? i try deactivate plugin in apache, php.. but no change... sites are o WP (i set W3 total cache - small improvements, but still big time in wait time)... Thanks for idea
 

 

 

From: Anonymous at: 2014-11-09 22:04:58

I follow your tutorial and step by step worked but i have VERY HIGH CPU USAGE ... any ideea?

From: Mark Ferguson at: 2014-11-23 17:55:26

I'm not the guy to post comments but here I want to applaud to the instruction. Not only get's it ISPConfig fully installed and working but also the POSTFIX/dovecot crap works like a clockwork.
I got this VPS and tried CentOS first but always got stuck with the Postfix stuff, especially the SMTP and outside world email.
Then I switched to Debian Wheezy and used this installation procedure and all works fine.
Also my CPU usage is very low, the hosted pages rocket fast and the memory usage under 1 GB.
Excellent job and thank you so much - again

 

 

From: Oscar at: 2014-12-20 11:09:05

Hello,

Can someone explain me the part in the additional notes about OpenVZ container at the end of the guide?

I'm running a VPS bought from Ovh and I know it is an OpenVz container, but I don't understand what I should have to do or modify?

is it a configuration file, a command or what?

Thanks in advance

From: at: 2014-12-24 16:28:36

Congratulations on an excellent tutorial.  Very easy to follow (with Debian/Wheezy preinstalled in my case.)

A small suggestion.  I think the preferred way to manage services is the "service" command rather than /etc/init.d...

For example:

service apache2 reload
service bind9 restart

and so on.

Thank you,

From: at: 2014-12-25 04:30:39

As of 2014-12-24 I experienced problems with the Postfix configuration.  As configured following the tutorial it would not accept any mail.

I edited /etc/postfix/main.cf, removing all "hash:" look-ups.  Then

service postfix reload

Now I can send and receive email with Squirrel Mail

This might create problems for local system accounts unless you add the local domain and user mailboxes via the ISPconfig console.

 

 

From: Been Told at: 2015-01-10 22:15:32

Stuck on point 15 on page 4.

The fstab file on my OVH vServer looks like this:

proc  /proc       proc    defaults    0    0

none  /dev/pts    devpts  rw          0    0

none  /dev/shm    tmpfs   rw          0    0

Where should I add the additional text? 

 

From: Daniel M. Sanchez at: 2015-02-05 18:41:00

Hi, Im new in Linux, trying to set it up in EC2 from Amazon.  I tried it following the Centos tutorial, but after reboots it suddenly worked, so now trying with Debian. 

My first question here is... the instance will have a local private IP and a public ip assigned by the Elastic IP manager. Whichone do I have to set in the Network Configuration to make it accessible though the web?

thanks.

From: Tim at: 2015-02-22 10:27:35

I installed ISPConfig on Debian 7.8. I can't send mails (mailclient or squirrelmail). Receiving is not a problem. the postfix config was set to inet_interfaces = all 

by default. The mail client doesn't connect. Can anybody help me?

From: Joey at: 2015-02-22 23:19:44

Just ran updates and my server stopped sending/receiving as well. My configuration has been the same for many years, just ran an update and noticed no mail.

 

I tried to logon to my horde webmail and page is now blank with empty header or nav bar.

 

mail.log

debian dovecot: imap-login: Disconnected (disconnected before greeting, waited 0 secs): user=<>, rip=127.0.0.1, lip=127.0.0.1, secured, session=<2YMYH64PpwB/AAAB>Feb 22 06:30:04 debian postfix/smtpd[29191]: connect from localhost[127.0.0.1]Feb 22 06:30:04 debian postfix/smtpd[29191]: lost connection after CONNECT from localhost[127.0.0.1]Feb 22 06:30:04 debian postfix/smtpd[29191]: disconnect from localhost[127.0.0.1]Feb 22 06:30:04 debian dovecot: pop3-login: Disconnected (no auth attempts in 1 secs): user=<>, rip=127.0.0.1, lip=127.0.0.1, secured, session=<3zggH64PPwB/AAAB>

 

From: fakebot at: 2015-02-28 04:53:56

What would cause "Could not resolve" for apt-get during step 12? Since enabling Apache mods Could not resolve happens for every apt-get.

From: Ben at: 2015-03-12 15:38:13

I'm reading this toturial today, and now we have Debian 7.8.0 I have 3 questions...1) will I get in trouble following this tutorial that was written with Debian 7.0.02) Page 2 - when you say... simply choose Standard system utilities and SSH server for now we'll install the rest later will I get myself in trouble if I check "Debian desktop environment"3) page 3 #10General type of mail configuration: do you mean put in litteraly "Internet Site" or put "example.com"

From: till at: 2015-03-12 15:58:43

1) The tutorial is fully compatible with all Debian 7.x versions.

2) You can do that, but it will slow down your server. Therefor you normally wont install a Desktop on a Linux server.

3) This is an option that you select, you will see that when you follow the tutorial.

From: Gianluca Pericoli at: 2015-03-26 00:28:08

to have xxxx.com/phpmyadmin you also need to:

ln -s /etc/phpmyadmin/apache.conf /etc/apache2/conf.d/phpmyadmin.conf service apache2 reload

From: peppi at: 2015-03-27 19:40:30

nice tuto

after 1000x trying to install this pannel it finally worked

however 2 errors

1 is the jail.local file when i add that fail 2 ban wont start

2 is again that terrible warning [Fri Mar 27 20:29:57 2015] [warn] NameVirtualHost *:443 has no VirtualHosts

i can not figure out why i get this error

i did everything like described here and missed nothing everything went 110% until i got to the very last detail to secure the pannel

 

i am searching my ass of on the web for 5 days now and i just canot figure out what this problem is

i hope some one can answer this last question and the jail.local error

From: till at: 2015-03-29 14:15:34

Regarding 1) Tro to use copy/paste. There ust be an error / typo in your file as the jail.local file from the tutorial above works fine. Just used it last week.

 

Regarding 2) This is no error, so no need to change anything. This message just means "Apache is is configured for SSL vhosts but you did not add one yet". So this is just a info message thats hows the correct installation of your server.

From: LuxeMat at: 2015-03-28 06:48:50

base-installer: error: exiting on error base-installer/kernel/failed-installer