The Perfect Server - OpenSUSE 11.2 x86_64 [ISPConfig 3]

Version 1.0
Author: Falko Timme
Follow me on Twitter
Last edited 11/16/2009

This is a detailed description about how to set up an OpenSUSE 11.2 64bit (x86_64) server that offers all services needed by ISPs and hosters: Apache web server (SSL-capable) with PHP, CGI and SSI support, Postfix mail server with SMTP-AUTH, TLS and virtual mail users, MyDNS DNS server, Pureftpd FTP server, MySQL server, Courier POP3/IMAP, Quota, Firewall, etc.

I will use the following software:

  • Web Server: Apache 2.2 with PHP 5
  • Database Server: MySQL
  • Mail Server: Postfix with virtual users
  • DNS Server: MyDNS
  • FTP Server: pureftpd
  • POP3/IMAP: Courier-POP3/Courier-IMAP.
  • Webalizer for web site statistics

In the end you should have a system that works reliably and is easily manageable with the ISPConfig 3 control panel. The following guide is for the 64bit version of OpenSUSE.

I want to say first that this is not the only way of setting up such a system. There are many ways of achieving this goal but this is the way I take. I do not issue any guarantee that this will work for you!

Notice: This guide if for ISPConfig 3.0.1 or newer. It is not suitable for ISPConfig 2.x

 

1 Requirements

To install such a system you will need the following:

 

2 Preliminary Note

In this tutorial I use the hostname server1.example.com with the IP address 192.168.0.100 and the gateway 192.168.0.1. These settings might differ for you, so you have to replace them where appropriate.

 

3 The Base System

Boot from your OpenSUSE 11.2 DVD and select Installation:

Select your language, keyboard layout and accept the licence terms:

The installer analyzes your hardware and builds the software repository cache:

Select New Installation:

Select the region and timezone:

We select Other > Minimal Server Selection (Text Mode) here as we want to install a server without X-Window desktop. The X-Window system is not necessary to run the server and would slow down the system. We will do all administration tasks on the shell or through an SSH connection, e.g. via PuTTY from a remote desktop.

Share this page:

9 Comment(s)

Add comment

Comments

From: z14mx at: 2010-01-29 08:09:41

7 Install some basic packes and the compilers that we need later

Run

yast2 -i findutils readline libgcc glibc-devel findutils-locate gcc flex lynx compat-readline4 db-devel wget gcc-c++ subversion make vim telnet cron iptables iputils man man-pages nano pico

I first want to thank you for your great post, and ask you since I have problems when I write that the server says

follow packages haven't been found on the medium: db-deve1       glibc-dev1

and this is the same, thanks for your attention

yast2 -i postfix postfix-mysql mysql mysql-client courier-imap courier-authlib courier-authlib-mysql python cron cyrus-sasl cyrus-sasl-crammd5 cyrus-sasl-digestmd5 cyrus-sasl-gssapi cyrus-sasl-otp cyrus-sasl-plain cyrus-sasl-saslauthd libmysqlclient-devel pwgen

From: Tom at: 2010-01-26 22:24:58

Hi,

at first thanks for this guideline!

I had to make the following changes in order to get thing work:

  Error (mail.log)
  ...temporary failure. Command output: /usr/bin/maildrop: Cannot set my user or group id

  Resolution
  Change user vmail via yast:
  Set home dir to /var/vmail incl. change owner option
  Lookup uid and guid of vmail in yast and set this in ispconfig accordingly
  ----
  Error
  Jan 26 14:40:02 tbonetom postfix/smtpd[26747]: warning: no entropy for TLS key generation: disabling TLS support
  Jan 26 14:45:03 tbonetom postfix/smtpd[27153]: warning: connect to private/tlsmgr: No such file or directory
  Jan 26 14:45:03 tbonetom postfix/smtpd[27153]: warning: problem talking to server private/tlsmgr: No such file or

  Resolution
  you have to uncomment
    tlsmgr unix - - n 1000? 1 tlsmgr
  in /etc/postfix/master.cf
  Restart postfix
  ----
  Error
  authentication failure (in mail.log from smtp session)
 
  Resolution
  Do not do this from the how-to:
  ..............................................................................
  Next I install the pam_mysql module from source. pam_mysql is not available
  from the main OpenSUSE repository and the package from the build service did
  not work for me.

  yast2 -i pam-devel pam-32bit pam-devel-32bit pam-modules-32bit

  cd /tmp
  wget http://heanet.dl.sourceforge.net/sourceforge/pam-mysql/pam_mysql-0.7RC1.tar.gz
  tar xvfz pam_mysql-0.7RC1.tar.gz
  cd pam_mysql-0.7RC1
  ./configure
  make
  make install
  rm -rf /tmp/pam_mysql-0.7RC1
  rm /tmp/pam_mysql-0.7RC1.tar.gz
  ..............................................................................
 
  BUT THIS:
  rpm -i http://download.opensuse.org/repositories/home:/buschmann23/openSUSE_11.2/x86_64/pam_mysql-0.7RC1-12.1.x86_64.rpm
  respective the most recent version. The link can be found here:
  http://software.opensuse.org/search
  Search for pam_mysql and select the x86_64 version for 64bit installations

From: Blazonj at: 2010-04-05 23:03:43

Now I install some rpm packages which are not available from the OpenSUSE main repositories.

cd /tmp
rpm -i http://download.opensuse.org/repositories/server:/mail/openSUSE_11.2/noarch/getmail-4.13.0-1.1.noarch.rpm
rpm --force -i http://download.opensuse.org/repositories/server:/mail/openSUSE_11.2/x86_64/maildrop-2.2.0-2.9.x86_64.rpm

Warnings like warning: /var/tmp/rpm-tmp.OW27Dr: Header V3 DSA signature: NOKEY, key ID 367fe7fc can be ignored.

 

Everything went really smooth with the exception of the link in the above referenced section which is broken due to a newer version. the new link is: http://download.opensuse.org/repositories/server:/mail/openSUSE_11.2/noarch/getmail-4.16.0-1.1.noarch.rpm

 

Thanks for tutorial!

From: blathori at: 2010-07-14 13:39:48

Now only have this in the repositories:

http://download.opensuse.org/repositories/server:/mail/openSUSE_11.2/noarch/getmail-4.20.0-1.1.noarch.rpm

i supose is the same awever  it give me a warning:

/var/tmp/rpm-tmp.qK8ilu: Header V3 DSA signature: NOKEY, key ID 367fe7fc

but that can be ignored   ;) (seek in tutorial)

From: Anonymous at: 2009-12-08 16:18:25

Hi, you state:

  * In my opinion you don't need it to configure a secure system

people is probably already be looking for servers configured by you, for fun and profit, lol

  * think of it after you have done a week of trouble-shooting because some service wasn't working as expected, and then you find out that everything was ok, only AppArmor was causing the problem

Never heard of AppArmor complain mode? Using a technology implies being able to use that technology. AppArmor is great, and you won't spend a week in torubleshooting, if you know how to use it.

A "perfect" setup, in my book, includes security, especially if you're building a server which offers services to the Internet (but not only).

Your setup may be good, but quite far from perfect.

JMTC, Javier

 

From: Anonymous at: 2010-06-13 11:39:55

I find it very difficult to deal with AppArmor and the above configuration, because of lack of time. If AppArmor important, could you please maybe extend this tutorial by adding AppArmor configuration tutorial?

From: at: 2010-01-19 21:27:42

Hello all and pardon the noob, stupid questions. I need to know where one would drop this server in a 3 legged network. External Firewall, "dmz servers", internal Firewall and private network. Can someone provide a visio diagram on this complete with sample ip addresses? (ie 192.168.x.x or 10.10.x.x)

From: Anonymous at: 2010-03-09 13:58:35

To run Mydns after Mysql just add mydns to Runlevel 2.

Then you won't get any errors, like mydns can't connect to the database.

From: Anonymous at: 2010-06-13 11:42:05

This is not exactly so on OpenSUSE, but to start mydns after mysql change in mydns script this line:

From:

# Required-Start:    \$syslog \$remote_fs

To:

# Required-Start:    \$syslog \$remote_fs mysql

Then, if you have already added the service, use chkconfig --del mydns   and   chkconfig --add mydns  again. This will fix the dependency.