The Perfect Server - Ubuntu 8.10 [ISPConfig 3] - Page 4

12 Install Postfix, Courier, Saslauthd, MySQL, phpMyAdmin, rkhunter, binutils

We can install Postfix, Courier, Saslauthd, MySQL, phpMyAdmin, rkhunter, and binutils with a single command:

aptitude install postfix postfix-mysql postfix-doc mysql-client mysql-server courier-authdaemon courier-authlib-mysql courier-pop courier-pop-ssl courier-imap courier-imap-ssl libsasl2-2 libsasl2-modules libsasl2-modules-sql sasl2-bin libpam-mysql openssl maildrop getmail4 rkhunter binutils

You will be asked the following questions:

New password for the MySQL "root" user: <-- yourrootsqlpassword
Repeat password for the MySQL "root" user: <-- yourrootsqlpassword
Create directories for web-based administration? <-- No
General type of mail configuration: <-- Internet Site
System mail name: <-- server1.example.com
SSL certificate required <-- Ok

We want MySQL to listen on all interfaces, not just localhost, therefore we edit /etc/mysql/my.cnf and comment out the line bind-address = 127.0.0.1:

vi /etc/mysql/my.cnf

[...]
# Instead of skip-networking the default is now to listen only on
# localhost which is more compatible and is not less secure.
#bind-address           = 127.0.0.1
[...]

Then we restart MySQL:

/etc/init.d/mysql restart

Now check that networking is enabled. Run

netstat -tap | grep mysql

The output should look like this:

root@server1:~# netstat -tap | grep mysql
tcp        0      0 *:mysql                 *:*                     LISTEN      10447/mysqld
root@server1:~#

During the installation, the SSL certificates for IMAP-SSL and POP3-SSL are created with the hostname localhost. To change this to the correct hostname (server1.example.com in this tutorial), delete the certificates...

cd /etc/courier
rm -f /etc/courier/imapd.pem
rm -f /etc/courier/pop3d.pem

... and modify the following two files; replace CN=localhost with CN=server1.example.com (you can also modify the other values, if necessary):

vi /etc/courier/imapd.cnf

[...]
CN=server1.example.com
[...]

vi /etc/courier/pop3d.cnf

[...]
CN=server1.example.com
[...]

Then recreate the certificates...

mkimapdcert
mkpop3dcert

... and restart Courier-IMAP-SSL and Courier-POP3-SSL:

/etc/init.d/courier-imap-ssl restart
/etc/init.d/courier-pop-ssl restart

 

13 Install Amavisd-new, SpamAssassin, And Clamav

To install amavisd-new, SpamAssassin, and ClamAV, we run

aptitude install amavisd-new spamassassin clamav clamav-daemon zoo unzip bzip2 arj nomarch lzop cabextract apt-listchanges libnet-ldap-perl libauthen-sasl-perl clamav-docs daemon libio-string-perl libio-socket-ssl-perl libnet-ident-perl zip libnet-dns-perl

 

14 Install Apache2, PHP5, phpMyAdmin, FCGI, suExec, Pear, And mcrypt

Apache2, PHP5, phpMyAdmin, FCGI, suExec, Pear, and mcrypt can be installed as follows:

aptitude install apache2 apache2.2-common apache2-doc apache2-mpm-prefork apache2-utils libexpat1 ssl-cert libapache2-mod-php5 php5 php5-common php5-gd php5-mysql php5-imap phpmyadmin php5-cli php5-cgi libapache2-mod-fcgid apache2-suexec php-pear php-auth php5-mcrypt mcrypt php5-imagick imagemagick libapache2-mod-suphp

You will see the following question:

Web server to reconfigure automatically: <-- apache2

Then run the following command to enable the Apache modules suexec, rewrite, ssl, actions, and include:

a2enmod suexec rewrite ssl actions include

Secure phpMyAdmin by deleting the /etc/phpmyadmin/htpasswd.setup file...

rm -f /etc/phpmyadmin/htpasswd.setup

... and remove or comment out the following section in /etc/phpmyadmin/apache.conf:

vi /etc/phpmyadmin/apache.conf

[...]
#       # Authorize for setup
#       <Files setup.php>
#           # For Apache 1.3 and 2.0
#           <IfModule mod_auth.c>
#               AuthType Basic
#               AuthName "phpMyAdmin Setup"
#               AuthUserFile /etc/phpmyadmin/htpasswd.setup
#           </IfModule>
#           # For Apache 2.2
#           <IfModule mod_authn_file.c>
#               AuthType Basic
#               AuthName "phpMyAdmin Setup"
#               AuthUserFile /etc/phpmyadmin/htpasswd.setup
#           </IfModule>
#           Require valid-user
#       </Files>
[...]

Restart Apache afterwards:

/etc/init.d/apache2 restart

 

15 Install PureFTPd And Quota

PureFTPd and quota can be installed with the following command:

aptitude install pure-ftpd-common pure-ftpd-mysql quota quotatool

Edit the file /etc/default/pure-ftpd-common...

vi /etc/default/pure-ftpd-common

... and make sure that the start mode is set to standalone and set VIRTUALCHROOT=true:

[...]
STANDALONE_OR_INETD=standalone
[...]
VIRTUALCHROOT=true
[...]

Then restart PureFTPd:

/etc/init.d/pure-ftpd-mysql restart

Edit /etc/fstab. Mine looks like this (I added ,usrquota,grpquota to the partition with the mount point /):

vi /etc/fstab

# /etc/fstab: static file system information.
#
# <file system> <mount point>   <type>  <options>       <dump>  <pass>
proc            /proc           proc    defaults        0       0
# /dev/sda1
UUID=e7f9e640-1254-462f-b314-6471ce83db4d /               ext3    relatime,errors=remount-ro,usrquota,grpquota 0       1
# /dev/sda5
UUID=32b41e4e-4d4a-4825-8922-27e8c6aeeb45 none            swap    sw              0       0
/dev/scd0       /media/cdrom0   udf,iso9660 user,noauto,exec,utf8 0       0

To enable quota, run these commands:

touch /quota.user /quota.group
chmod 600 /quota.*
mount -o remount /

quotacheck -avugm
quotaon -avug

 

16 Install MyDNS

Before we install MyDNS, we need to install a few prerequisites:

aptitude install g++ libc6 gcc gawk make texinfo libmysqlclient15-dev

MyDNS is not available in the Ubuntu 8.10 repositories, therefore we have to build it ourselves as follows:

cd /tmp
wget http://heanet.dl.sourceforge.net/sourceforge/mydns-ng/mydns-1.2.8.27.tar.gz
tar xvfz mydns-1.2.8.27.tar.gz
cd mydns-1.2.8
./configure
make
make install

Next we create the start/stop script for MyDNS:

vi /etc/init.d/mydns

#! /bin/sh
#
# mydns         Start the MyDNS server
#
# Author:       Philipp Kern <phil@philkern.de>.
#               Based upon skeleton 1.9.4 by Miquel van Smoorenburg
#               <miquels@cistron.nl> and Ian Murdock <imurdock@gnu.ai.mit.edu>.
#

set -e

PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin
DAEMON=/usr/local/sbin/mydns
NAME=mydns
DESC="DNS server"

SCRIPTNAME=/etc/init.d/$NAME

# Gracefully exit if the package has been removed.
test -x $DAEMON || exit 0

case "$1" in
  start)
        echo -n "Starting $DESC: $NAME"
        start-stop-daemon --start --quiet \
                --exec $DAEMON -- -b
        echo "."
        ;;
  stop)
        echo -n "Stopping $DESC: $NAME"
        start-stop-daemon --stop --oknodo --quiet \
                --exec $DAEMON
        echo "."
        ;;
  reload|force-reload)
        echo -n "Reloading $DESC configuration..."
        start-stop-daemon --stop --signal HUP --quiet \
                --exec $DAEMON
        echo "done."
        ;;
  restart)
        echo -n "Restarting $DESC: $NAME"
        start-stop-daemon --stop --quiet --oknodo \
                --exec $DAEMON
        sleep 1
        start-stop-daemon --start --quiet \
                --exec $DAEMON -- -b
        echo "."
        ;;
  *)
        echo "Usage: $SCRIPTNAME {start|stop|restart|reload|force-reload}" >&2
        exit 1
        ;;
esac

exit 0

Then we make the script executable and create the system startup links for it:

chmod +x /etc/init.d/mydns
update-rc.d mydns defaults

 

17 Install Vlogger And Webalizer

Vlogger and webalizer can be installed as follows:

aptitude install vlogger webalizer

 

18 Install Jailkit

Jailkit is needed only if you want to chroot SSH users. It can be installed as follows (important: Jailkit must be installed before ISPConfig - it cannot be installed afterwards!):

aptitude install build-essential autoconf automake1.9 libtool flex bison

cd /tmp
wget http://olivier.sessink.nl/jailkit/jailkit-2.5.tar.gz
tar xvfz jailkit-2.5.tar.gz
cd jailkit-2.5
./configure
make
make install
cd ..
rm -rf jailkit-2.5*

 

19 Install fail2ban

This is optional but recommended, because the ISPConfig monitor tries to show the fail2ban log:

aptitude install fail2ban

Share this page:

13 Comment(s)

Add comment

Comments

From: at: 2009-04-24 02:39:31

I do not think it is possible. I have asked this in the forum.

From: at: 2009-04-20 23:26:53

Hi,


Is it possible to install bind 9 in step "16 Install MyDNS"


Which one is better?


thanks,


Tony

From: at: 2009-04-23 01:38:53

To switch the /bin/sh symlink to bash it is better to use 'dpkg-reconfigure dash' and tell it no to the question.  This will remove the diversion of /bin/sh to dash and switch it back to bash.  This will also retain the change for sure through future updates.

From: dvn3ch at: 2009-09-05 14:31:17

Yes, that's it.  That worked perfectly.  Thanks for the suggestion.


-D

From: Marco Rodrigues at: 2009-08-16 09:30:46

Hi!


How fail2ban and firewall will work if there is no 'iptables' installed?


I think this is missing from this Ubuntu 8.10 tutorial. Ah! and the tutorial also works for Ubuntu 8.04 LTS.


Thank you


 

From: at: 2010-04-01 14:33:28

Removing Apparmor int the beginning, is quite useless. It will get re-installed again every time you enter "aptitude install".

From: Anonymous at: 2010-04-18 05:50:25

Hi,


 why postgres is not supported by default with ispcofnig and do anybody knows how postgres can be supported with it??


thanks

From: Mike at: 2012-09-11 21:18:03

I finish the first part of step 14: aptitude install apache2 apache2.2-common apache2-doc
apache2-mpm-prefork apache2-utils libexpat1 ssl-cert libapache2-mod-php5
php5 php5-common php5-gd php5-mysql php5-imap phpmyadmin php5-cli
php5-cgi libapache2-mod-fcgid apache2-suexec php-pear php-auth
php5-mcrypt mcrypt php5-imagick imagemagick libapache2-mod-suphp

when I hit enter I get:

reading package lists--- Done

Building dependency tree

Reading state information... Done

Reading extended state information

Initializing package states... Done

Building tag database... Done 

 

Then it just sits there, any help would be appreciated.

From: Norge at: 2009-05-16 01:46:26

I have tried several things, I have called my Hosting company, I'm sure that the MX records are pointing to my server. Still cannot receive. Please help.


 


Thanks

From: Jason R Cook at: 2009-05-03 08:20:35

Finally!


A set of instructions that work.  After my fifth rebuild, because of crazy suggestions, I have a server that works - it's only taken me 6 months!  Really.  Many, many thanks for taking the extra effort to get it right.  :-)


Jason

From: Anonymous at: 2009-07-01 02:26:07

Just wanted to thank you for making this available to the community! Know that your hard work is very appreciated. Look forward to anything you do after reading this very well crafted tutorial.


Dustan

From: dodi at: 2010-03-13 14:35:37

thank you for your great tutorial, its work for me on ubuntu server 8.04 . :D

From: Anonymous at: 2010-06-24 19:50:24

Thank you very very much, its perfect tutorial for beginners,


thank you, thank you, thank you : ) : )  : )