The Perfect Server - Fedora 13 x86_64 [ISPConfig 3] - Page 3

4 Adjust /etc/hosts

Next we edit /etc/hosts. Make it look like this:

vi /etc/hosts

127.0.0.1       localhost.localdomain   localhost
192.168.0.100   server1.example.com server1
::1         localhost localhost.localdomain localhost6 localhost6.localdomain6

It is important that you add a line for server1.example.com and remove server1.example.com and server1 from the 127.0.0.1 line.

 

5 Configure The Firewall

(You can skip this chapter if you have already disabled the firewall at the end of the basic system installation.)

I want to install ISPConfig at the end of this tutorial which comes with its own firewall. That's why I disable the default Fedora firewall now. Of course, you are free to leave it on and configure it to your needs (but then you shouldn't use any other firewall later on as it will most probably interfere with the Fedora firewall).

Run

system-config-firewall

and disable the firewall.

To check that the firewall has really been disabled, you can run

iptables -L

afterwards. The output should look like this:

[root@server1 ~]# iptables -L
Chain INPUT (policy ACCEPT)
target     prot opt source               destination

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination
[root@server1 ~]#

 

6 Disable SELinux

SELinux is a security extension of Fedora that should provide extended security. In my opinion you don't need it to configure a secure system, and it usually causes more problems than advantages (think of it after you have done a week of trouble-shooting because some service wasn't working as expected, and then you find out that everything was ok, only SELinux was causing the problem). Therefore I disable it (this is a must if you want to install ISPConfig later on).

Edit /etc/selinux/config and set SELINUX=disabled:

vi /etc/selinux/config

# This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
#     enforcing - SELinux security policy is enforced.
#     permissive - SELinux prints warnings instead of enforcing.
#     disabled - No SELinux policy is loaded.
SELINUX=disabled
# SELINUXTYPE= can take one of these two values:
#     targeted - Targeted processes are protected,
#     mls - Multi Level Security protection.
SELINUXTYPE=targeted


Afterwards we must reboot the system:

reboot

 

7 Install Some Software

Next we update our existing packages on the system:

yum update

Now we install some software packages that are needed later on:

yum groupinstall 'Development Tools'

yum groupinstall 'Development Libraries'

 

8 Journaled Quota

(If you have chosen a different partitioning scheme than I did, you must adjust this chapter so that quota applies to the partitions where you need it.)

To install quota, we run this command:

yum install quota

Edit /etc/fstab and add ,usrjquota=aquota.user,grpjquota=aquota.group,jqfmt=vfsv0 to the / partition (/dev/mapper/vg_server1-lv_root):

vi /etc/fstab

#
# /etc/fstab
# Created by anaconda on Mon May 31 16:25:30 2010
#
# Accessible filesystems, by reference, are maintained under '/dev/disk'
# See man pages fstab(5), findfs(8), mount(8) and/or blkid(8) for more info
#
/dev/mapper/vg_server1-lv_root /                       ext4    defaults,usrjquota=aquota.user,grpjquota=aquota.group,jqfmt=vfsv0        1 1
UUID=732ef9e2-879b-4196-a9e4-95402cf29505 /boot                   ext4    defaults        1 2
/dev/mapper/vg_server1-lv_swap swap                    swap    defaults        0 0
tmpfs                   /dev/shm                tmpfs   defaults        0 0
devpts                  /dev/pts                devpts  gid=5,mode=620  0 0
sysfs                   /sys                    sysfs   defaults        0 0
proc                    /proc                   proc    defaults        0 0

Then run

touch /aquota.user /aquota.group
chmod 600 /aquota.*
mount -o remount /

quotacheck -avugm
quotaon -avug

to enable quota.

 

9 Install Apache, MySQL, phpMyAdmin

This can all be installed with one single command:

yum install ntp httpd mysql-server php php-mysql php-mbstring php-mcrypt phpMyAdmin

Share this page:

12 Comment(s)

Add comment

Comments

From: at: 2010-06-19 14:41:47

Has anyone actually managed to get a Squirrelmail login page for Fedora 13?

I've tried the Fedora 13/ISPConfig3 howto once as written, for an x86-64 PC, and twice using i686 architecture (not replacing lib with lib64).

 All three attempts had as a show-stopper, the non-appearance of Squirrelmail at <http://server1.example.com/webmail>, or at the equivalent address.

Fortunately the CentOS x86-64 equivalent eventually worked, so I'm not under pressure, but it still seems extremely curious that the same issue - lack of any kind of Squirrelmail login interface - hit three different machines running the Fedora 13 - ISPConfig howto.
Neither the configuration test nor the Squirrelmail login work. The config test at <http://server1.example.com/src/configtest.php> fails saying:

"Not Found

The requested URL /src/configtest.php was not found on this server."

- and the login page doesn't appear either. Instead,  at <http://server1.example.com/webmail> we find:

"Unable to connect

 Firefox can't establish a connection to the server at server1.example.com." [or the IP address, or localhost].


It is almost as though the aliases (like webmail for /usr/share/squirrelmail) aren't being established. But the files in /etc/httpd/conf.d are certainly being read, because if I enable server-info, it tells me so.

Besides the Squirrelmail issue, webalyzer doesn't run. Firefox tells me I'm forbidden to access http://server1.example.com/usage.

But, both the phpMyAdmin and the ISPConfig pages do appear. It's not ISPConfig which is causing the Squirrelmail problem because it's installed and tested before ISPConfig is even downloaded.

One other peculiarity: some system users (vmail, getmail, ispapps, and ispconfig)  appear in the Fedora login screen now. I think that's because they have user ID numbers greater than the limit in Fedora for system users (499).

User 500 is always present (it's the one you set during install). vmail has user ID 5000. The others seem to take the user ID from the last ID you created (typically then, 501, 502, and 503).

Can anyone duplicate this? Any ideas?

From: Nick at: 2010-07-08 12:48:17

Try to install mod_ssl!

From: Anonymous at: 2011-10-07 12:26:42

thx. installing mod_ssl helped me with fedora 15 + ispcfg 3 as well

From: at: 2010-07-14 15:51:58

If you select the DNS Name Server category of software to install then "bind-chroot" will be installed. In step 17 there are instructions to install "bind". If both are installed then BIND (named) will not start because named will not be able to find the file named.conf.locate. Even if you create a blank "named.conf.local" in /etc or use ISPConfig web admin to create the file named still will not start. See also, related comments on PG5.

From: Pierre at: 2010-07-19 16:42:10

I don't get the option where I get to choose what to install or not install. I saw on another page where a person was complaining about the fact that the live CD doesn't allow older machines to configure setup as one would want. Sort of idiotic if you think about it! After all Linux is the ideal web server and if you have an older machine laying around you want to setup to tinker on, you won't want any type of GUI. So my question is HOW DO I GET AROUND THIS?

 I have an old Pentium 4 (1.4 GHz) I don't want Gnome or any interface, just the good old command prompt. Unfortunately, I'm a novice and I can't figure out how to get around this.

 Thanks for your help.

From: at: 2010-07-07 00:40:21

After completing all steps in this series and logging in to ISPConfig3 as admin I found that in the 'Monitor' section there was 1 error marked in red.  Clicking on 'more' information revealed that 'MyDNS' was not running. Although MyDNS is not installed as part of this procedure. I assumed that was mis-labeled and that BIND was not starting.

I tried to start BIND (named) manually but it gave an error, stated that the file /etc/named.conf.local was missing which it was missing. But I used the ISPConfig3 to add a client then logged in as that client and created a DNS zone and the named.conf.local file was created.

But when trying to start 'named' I still get the error that /etc/named.conf.local is missing even though it is there. It had the group as 'root' instead of named like the other named.* files had so I chgrp on named.conf.local to named but BIND still won't start and gives the same error that /etc/named.conf.local is missing even though it is present.

If I comment out the include in named.conf for named.conf.local named starts without error even though in the ISPConfig MyDNS still shows 'offline'.

Another file included by named.conf is named.rfc1912.zones it is present and is not mentioned in the error message.

The only difference that I can see is that the permissions on named.rfc1912.zones is "-rw-r-----." were on named.conf.local the perms are "-rw-r--r--" NOTE the period is missing. I have no idea what the period in the permissions list is for but that is the only difference I can see between the two files.

So, how can I fix this and what is the period in the permissions list for?

From: at: 2010-07-19 06:25:27

BIND runs in a chroot environment at /var/named

So the path you are looking for is /var/named/etc/named.conf.local

From: at: 2010-07-14 17:39:43

To get suphp to work I had to add quotes:

x-httpd-suphp=php:/usr/bin/php-cgi
to:
x-httpd-suphp="php:/usr/bin/php-cgi"

refer to

http://www.howtoforge.com/forums/showthread.php?t=47203

From: Serge at: 2010-09-13 20:39:43

Hello,

I was wondering php-mhash is no longer in fedora 13 in fact its stopped since late fc11.

in your install notes you refer to yum php-mhash.... do you have an alternative or this can be skipped?

From: Serge at: 2010-09-12 18:38:13

Hello,

I was wondering php-mhash is no longer in fedora 13 in fact its stopped since late fc11.

in your install notes you refer to yum php-mhash.... do you have an alternative or this can be skipped?

From: Anonymous at: 2010-10-11 14:52:00

Why do you people keep using the comments forms when it specifically says not to? You are not going to get your questions answered here.

From: moodz at: 2010-09-17 08:09:17

If you really want it to work properly look in /tmp/ispconfig3_install/install/dist/conf ... you will see a number of conf files ... I copied the fedora9.conf to fedora13.conf and voila ! the DNS bit starts working !!

Oh and mydns will install OK from yum ....

# yum install mydns

 Otherwise it all works OK.