The Perfect Server - Ubuntu 11.04 [ISPConfig 3] - Page 3

4 Get root Privileges

After the reboot you can login with your previously created username (e.g. administrator). Because we must run all the steps from this tutorial with root privileges, we can either prepend all commands in this tutorial with the string sudo, or we become root right now by typing

sudo su

(You can as well enable the root login by running

sudo passwd root

and giving root a password. You can then directly log in as root, but this is frowned upon by the Ubuntu developers and community for various reasons. See http://ubuntuforums.org/showthread.php?t=765414.)

 

5 Install The SSH Server (Optional)

If you did not install the OpenSSH server during the system installation, you can do it now:

apt-get install ssh openssh-server

From now on you can use an SSH client such as PuTTY and connect from your workstation to your Ubuntu 11.04 server and follow the remaining steps from this tutorial.

 

6 Install vim-nox (Optional)

I'll use vi as my text editor in this tutorial. The default vi program has some strange behaviour on Ubuntu and Debian; to fix this, we install vim-nox:

apt-get install vim-nox

(You don't have to do this if you use a different text editor such as joe or nano.)

 

7 Configure The Network

Because the Ubuntu installer has configured our system to get its network settings via DHCP, we have to change that now because a server should have a static IP address. Edit /etc/network/interfaces and adjust it to your needs (in this example setup I will use the IP address 192.168.0.100):

vi /etc/network/interfaces

# This file describes the network interfaces available on your system
# and how to activate them. For more information, see interfaces(5).

# The loopback network interface
auto lo
iface lo inet loopback

# The primary network interface
auto eth0
iface eth0 inet static
        address 192.168.0.100
        netmask 255.255.255.0
        network 192.168.0.0
        broadcast 192.168.0.255
        gateway 192.168.0.1

Then restart your network:

/etc/init.d/networking restart

Then edit /etc/hosts. Make it look like this:

vi /etc/hosts

127.0.0.1       localhost.localdomain   localhost
192.168.0.100   server1.example.com     server1

# The following lines are desirable for IPv6 capable hosts
::1     ip6-localhost ip6-loopback
fe00::0 ip6-localnet
ff00::0 ip6-mcastprefix
ff02::1 ip6-allnodes
ff02::2 ip6-allrouters

Now run

echo server1.example.com > /etc/hostname
/etc/init.d/hostname restart

Afterwards, run

hostname
hostname -f

Both should show server1.example.com now.

 

8 Edit /etc/apt/sources.list And Update Your Linux Installation

Edit /etc/apt/sources.list. Comment out or remove the installation CD from the file and make sure that the universe and multiverse repositories are enabled. It should look like this:

vi /etc/apt/sources.list

#

# deb cdrom:[Ubuntu-Server 11.04 _Natty Narwhal_ - Release amd64 (20110426)]/ natty main restricted

#deb cdrom:[Ubuntu-Server 11.04 _Natty Narwhal_ - Release amd64 (20110426)]/ natty main restricted

# See http://help.ubuntu.com/community/UpgradeNotes for how to upgrade to
# newer versions of the distribution.
deb http://de.archive.ubuntu.com/ubuntu/ natty main restricted
deb-src http://de.archive.ubuntu.com/ubuntu/ natty main restricted

## Major bug fix updates produced after the final release of the
## distribution.
deb http://de.archive.ubuntu.com/ubuntu/ natty-updates main restricted
deb-src http://de.archive.ubuntu.com/ubuntu/ natty-updates main restricted

## N.B. software from this repository is ENTIRELY UNSUPPORTED by the Ubuntu
## team. Also, please note that software in universe WILL NOT receive any
## review or updates from the Ubuntu security team.
deb http://de.archive.ubuntu.com/ubuntu/ natty universe
deb-src http://de.archive.ubuntu.com/ubuntu/ natty universe
deb http://de.archive.ubuntu.com/ubuntu/ natty-updates universe
deb-src http://de.archive.ubuntu.com/ubuntu/ natty-updates universe

## N.B. software from this repository is ENTIRELY UNSUPPORTED by the Ubuntu
## team, and may not be under a free licence. Please satisfy yourself as to
## your rights to use the software. Also, please note that software in
## multiverse WILL NOT receive any review or updates from the Ubuntu
## security team.
deb http://de.archive.ubuntu.com/ubuntu/ natty multiverse
deb-src http://de.archive.ubuntu.com/ubuntu/ natty multiverse
deb http://de.archive.ubuntu.com/ubuntu/ natty-updates multiverse
deb-src http://de.archive.ubuntu.com/ubuntu/ natty-updates multiverse

## Uncomment the following two lines to add software from the 'backports'
## repository.
## N.B. software from this repository may not have been tested as
## extensively as that contained in the main release, although it includes
## newer versions of some applications which may provide useful features.
## Also, please note that software in backports WILL NOT receive any review
## or updates from the Ubuntu security team.
# deb http://de.archive.ubuntu.com/ubuntu/ natty-backports main restricted universe multiverse
# deb-src http://de.archive.ubuntu.com/ubuntu/ natty-backports main restricted universe multiverse

deb http://security.ubuntu.com/ubuntu natty-security main restricted
deb-src http://security.ubuntu.com/ubuntu natty-security main restricted
deb http://security.ubuntu.com/ubuntu natty-security universe
deb-src http://security.ubuntu.com/ubuntu natty-security universe
deb http://security.ubuntu.com/ubuntu natty-security multiverse
deb-src http://security.ubuntu.com/ubuntu natty-security multiverse

## Uncomment the following two lines to add software from Canonical's
## 'partner' repository.
## This software is not part of Ubuntu, but is offered by Canonical and the
## respective vendors as a service to Ubuntu users.
# deb http://archive.canonical.com/ubuntu natty partner
# deb-src http://archive.canonical.com/ubuntu natty partner

## Uncomment the following two lines to add software from Ubuntu's
## 'extras' repository.
## This software is not part of Ubuntu, but is offered by third-party
## developers who want to ship their latest software.
# deb http://extras.ubuntu.com/ubuntu natty main
# deb-src http://extras.ubuntu.com/ubuntu natty main

Then run

apt-get update

to update the apt package database and

apt-get upgrade

to install the latest updates (if there are any). If you see that a new kernel gets installed as part of the updates, you should reboot the system afterwards:

reboot

 

9 Change The Default Shell

/bin/sh is a symlink to /bin/dash, however we need /bin/bash, not /bin/dash. Therefore we do this:

dpkg-reconfigure dash

Use dash as the default system shell (/bin/sh)? <-- No

If you don't do this, the ISPConfig installation will fail.

 

10 Disable AppArmor

AppArmor is a security extension (similar to SELinux) that should provide extended security. In my opinion you don't need it to configure a secure system, and it usually causes more problems than advantages (think of it after you have done a week of trouble-shooting because some service wasn't working as expected, and then you find out that everything was ok, only AppArmor was causing the problem). Therefore I disable it (this is a must if you want to install ISPConfig later on).

We can disable it like this:

/etc/init.d/apparmor stop
update-rc.d -f apparmor remove
apt-get remove apparmor apparmor-utils

 

11 Synchronize the System Clock

It is a good idea to synchronize the system clock with an NTP (network time protocol) server over the Internet. Simply run

apt-get install ntp ntpdate

and your system time will always be in sync.

Share this page:

10 Comment(s)

Add comment

Comments

From: Marques at: 2011-05-27 18:45:21

I was getting an error when trying to start apache2 after following all instructions:

root@server1:/home/administrator# /etc/init.d/apache2 start
 * Starting web server apache2                                                                      Syntax error on line 27 of /etc/apache2/sites-enabled/000-apps.vhost:
Invalid command 'SuexecUserGroup', perhaps misspelled or defined by a module not included in the server configuration
Action 'start' failed.
The Apache error log may have more information.
 

I found that mod_suexec was not being loaded and did (note: ## !THIS! ##):

root@server1:/home/administrator# a2enmod
Your choices are: actions alias asis auth_basic auth_digest authn_alias authn_anon authn_dbd authn_dbm authn_default authn_file authnz_ldap authz_dbm authz_default authz_groupfile authz_host authz_owner authz_user autoindex cache cern_meta cgi cgid charset_lite dav dav_fs dav_lock dbd deflate dir disk_cache dump_io env expires ext_filter fcgid file_cache filter headers ident imagemap include info ldap log_forensic mem_cache mime mime_magic negotiation php5 proxy proxy_ajp proxy_balancer proxy_connect proxy_ftp proxy_http proxy_scgi reqtimeout rewrite ruby setenvif speling ssl status substitute suexec suphp unique_id userdir usertrack version vhost_alias
Which module(s) do you want to enable (wildcards ok)?
suexec                                     <----------------## !THIS! ##
Enabling module suexec.  
Run '/etc/init.d/apache2 restart' to activate new configuration!

Now Apache2 starts fine:

root@server1:/home/administrator# /etc/init.d/apache2 restart
 * Restarting web server apache2                                                             [ OK ]

Are there any other modules that should be being loaded by apache2 that I am missing?

root@ispconfig1:/etc/apache2/mods-enabled# apache2 -l
Compiled in modules:
  core.c
  mod_log_config.c
  mod_logio.c
  prefork.c
  http_core.c
  mod_so.c

root@server1:/etc/apache2/mods-enabled# ls | grep .load
alias.load
auth_basic.load
authn_file.load
authz_default.load
authz_groupfile.load
authz_host.load
authz_user.load
autoindex.load
cgi.load
deflate.load
dir.load
env.load
fcgid.load
mime.load
negotiation.load
php5.load
reqtimeout.load
ruby.load
setenvif.load
status.load
suexec.load
suphp.load

From: Randy Pelayo at: 2011-10-05 05:55:07

Hello sir,

Thanks for this tutorial i solve the error in apache. its running right now the ISPconfig in my network.

 Sir i have a question, how can i add this into my domain server in a web?so that i can access this were ever i am as long i have internet connection. I am a newbie in ubuntu or any linux langauges.  

thank you

From: at: 2012-11-26 22:52:23

Thanks ;-) That was very helpful now

From: Michael McShane at: 2011-07-22 04:20:32

This is so well done that I would use this as a general howto for setting up a linux server. In fact, I am currently ending my web hosting and using this setup for my own hosting server.

I did get a couple of errors in a few places but nothing I couldn't handle. It seemed to break my install of Webadmin but I reinstalled it and it was fine.

Mike

From: TomC at: 2011-08-07 19:13:06

Falko,
I don't know how you do it... thanks so much. Perfect is right!!!! I point all my Linux newbie/wannabes to your site. It's simply the best.

Tom

From: at: 2011-09-25 04:30:51

I conquer. I've tried them all from webmin/virtualmin to isp omega. Either they had poor instructions, don't keep their releases up to date, or they plain just don't work. Nice work as usual Falko. Hopefully there are modules such as an auto installer in the near future.

From: at: 2011-12-10 23:46:02

You mean that IPSConfig is the best you tried so far?

From: Coiler at: 2011-08-18 20:02:04

I've been following this how to and bought the ISPConfig manual (to ensure I did everything right).

Everything seems to be working except the ssh function.

 I've limited my users ssh option to only jailkit and I made the user, password and login is check but when its entered correctly and I login it instantly closes putty.

 Anyone else experienced this issue or knows how to fix it?

From: arthur at: 2011-10-13 16:47:33

I have installed the Perfect Server on Virtual Box. No errors, no problems. It works fine.

Great work. Many thanks for the clarity and ease of implementation of your how-to, Falko!!!

From: Jesse at: 2011-11-16 21:52:22

Hi, the tutorial is really good, I've followed step by step and my server is running pretty good but my ISP is blocking my port 25, I can't send or receive any mail from external account. I went to no-ip and bought the alternate smtp and reflector. They sent me the server and the port they're listening, I've been trying to change the port inside the postfix/main.cf without success. What should I do to solve the problem. Thanks