The Perfect Server - Fedora 10 [ISPConfig 3]

Version 1.1
Author: Falko Timme
Last edited 03/16/2010

This tutorial shows how to prepare a Fedora 10 server for the installation of ISPConfig 3, and how to install ISPConfig 3. ISPConfig 3 is a webhosting control panel that allows you to configure the following services through a web browser: Apache web server, Postfix mail server, MySQL, MyDNS nameserver, PureFTPd, SpamAssassin, ClamAV, and many more.

Please note that this setup does not work for ISPConfig 2! It is valid for ISPConfig 3 only!

I do not issue any guarantee that this will work for you!

 

1 Requirements

To install such a system you will need the following:

 

2 Preliminary Note

In this tutorial I use the hostname server1.example.com with the IP address 192.168.0.100 and the gateway 192.168.0.1. These settings might differ for you, so you have to replace them where appropriate.

 

3 Install The Base System

Boot from your Fedora 10 DVD. Select Install or upgrade an existing system:

It can take a long time to test the installation media so we skip this test here:

The welcome screen of the Fedora installer appears. Click on Next:

Choose your language next:

Select your keyboard layout:

I'm installing Fedora 10 on a fresh system, so I answer Yes to the question Would you like to initialize this drive, erasing ALL DATA?:

Fill in the hostname of the server:

Choose your time zone:

Give root a password:

Next we do the partitioning. Select Remove Linux partitions on selected drives and create default layout. This will give you a small /boot partition and a large / partition which is fine for our purposes:

Select Write changes to disk:

The hard drive is being formatted:

Share this page:

8 Comment(s)

Add comment

Comments

From: at: 2009-04-18 09:18:37

Make shure alle softwareupdates and fixes are done before installing ISPConfig 3 at the end.

I've had some trouble with the fc10 recommended Postfix update (2.2.5.6-1). After the update the config for Postfix is wrong.

Also, MyDNS is available in a more recent version (1.2.8.25) where the .conf setup is slightly different (but file is at the same location)

From: G. Lohmann at: 2009-05-06 20:24:25

First of all, thanks for the work and the great HowTo for that!

However some remarks:

- 6 Disable SELinux

NOPE ... don't give this as the best advice, especially as some people may run in a virtual server environment where they could not disable it at all. I know the first confrontation with SELinux is harsh and filled with a lot of warnings and errors but it is easy to get around that.

For example:

If you have you freshly install ISPConfig and it is up and running, you may get a lot of warnings about vlogger. It will even not work as expected. The warning:

... vlogger has no access to potential wrong marked files (./localhost.localdomain) ...

sound a bit cryptic but fact is that vlogger can not write to the logging directory to write to e.g. 'localhost.localdomain-access.log', as there are rights missing.

if you do:

/var/log# ls -alZ
drwx------  root      root   system_u:object_r:httpd_log_t:s0 httpd
drwxr-xr-x  root      root   unconfined_u:object_r:var_log_t:s0 ispconfig

The entry for the user 'unconfined_u' (nobody) and for the type 'var_log_t' (inherited logging type) is already not that good. Reason is that it is a perl script like a CGI, called by apache and running with the user rights of httpd and therefore is restricted to write to that folder. As we can see for the log folder of httpd has already a different type 'httpd_log_t'.

But two single lines for changing this control settings already solve all your warnings and errors with vlogger:

/var/log# chcon -R -u system_u ispconfig
/var/log# chcon -R -t httpd_sys_script_rw_t ispconfig

The type 'httpd_sys_script_rw_t' is telling SELinux that scripts called by apache are allowed to (r)ead and (w)rite to that folder.

The example above is the most common reason for errors. That specific programs or scripts called by them and do not have write or read access to unknown folders or files that may even not belong to them.

ISPConfig should not disable but benefit from those rights as it for example would allow to 'jail' Client configurations into their own environment by defining own types for each single Client.

I am even still a beginner in SELinux, but if I find some time I will try to write a list of needed control settings to get ISPConfig completely running without the need to shutting it down.

From: antoine at: 2009-08-17 22:39:11

make sure you also install:

yum install cyrus-sasl-plain

 else you get errors in mail and it won't work

From: G. Lohmann at: 2009-05-06 20:54:27

about "visudo"

I am not a geek with sudo but if I run visudo it already write:

## Sudoers allows particular users to run various commands as
## the root user, without needing the root password.

Which would mean that:

compileuser ALL=(ALL) ALL

will probably give away all the same rights to this user as like root himself, making a second root user that even not need to type the root password. If that is true I not need sudo at all but can directly act as root. Moreover I created a potential security lack!

Fact is, except of installing an rpm package to the system I normaly not need root rights at all. A default user in Fedora can run tools like 'make', 'gcc', 'rpmbuild' and even 'rpm -Uvh my_package.src.rpm' without any additional rights.

For installing a single package it should be sufficient enough to to a

# su -c 'rpm -Uvh my_package.rpm'

which would ask me for the root password before installing but should not hurt for that single file. If you already work anyway as a root user we can do the install directly and not need to bother about sudo, but then the question is why I use sudo at all.

Also a good idea might be to use on fedora

# yum localinstall my_package.rpm

which does the same as the rpm install but keep track of the package in yum and as well install dependency if necessary.

From: Martin at: 2014-07-01 11:32:41

I tried to install it on CentOS 6.5 but unsuccesfull. I installed
courier-unicode-1.1.tar.bz2 and then I tried to install
courier-authlib-0.66.1.20140114.tar.bz2 but not well.
I got error: 
"The Courier Unicode Library appears not to be installed. You may need to
install a separate development subpackage, in addition to the main package
error: Bad exit status from /var/tmp/rpm-tmp.LecCXX (%prep)". 
 
I don´t know what I can do for now because unicode devel I installed succesfull but still
is missing. Could somebody help me, please?

From: Anonymous at: 2009-04-14 12:06:46

The MyDNS software does not work with this install, the software will not start at boot due to setup problem.

Check http://mydns.bboy.net/ for the solution!

From: klerik at: 2009-08-13 15:32:06

Thanks for this howto ...

From: incubus at: 2009-08-30 14:43:23

Thanks - a very nice how to - it worked perfect!!!