The Perfect Server - Ubuntu 8.10 [ISPConfig 3] - Page 4
This tutorial exists for these OS versions
- Ubuntu 20.04 (Focal Fossa)
- Ubuntu 18.04 (Bionic Beaver)
- Ubuntu 17.10 (Artful Aardvark)
- Ubuntu 17.04 (Zesty Zapus)
- Ubuntu 16.10 (Yakkety Yak)
- Ubuntu 16.04 (Xenial Xerus)
On this page
- 12 Install Postfix, Courier, Saslauthd, MySQL, phpMyAdmin, rkhunter, binutils
- 13 Install Amavisd-new, SpamAssassin, And Clamav
- 14 Install Apache2, PHP5, phpMyAdmin, FCGI, suExec, Pear, And mcrypt
- 15 Install PureFTPd And Quota
- 16 Install MyDNS
- 17 Install Vlogger And Webalizer
- 18 Install Jailkit
- 19 Install fail2ban
12 Install Postfix, Courier, Saslauthd, MySQL, phpMyAdmin, rkhunter, binutils
We can install Postfix, Courier, Saslauthd, MySQL, phpMyAdmin, rkhunter, and binutils with a single command:
aptitude install postfix postfix-mysql postfix-doc mysql-client mysql-server courier-authdaemon courier-authlib-mysql courier-pop courier-pop-ssl courier-imap courier-imap-ssl libsasl2-2 libsasl2-modules libsasl2-modules-sql sasl2-bin libpam-mysql openssl maildrop getmail4 rkhunter binutils
You will be asked the following questions:
New password for the MySQL "root" user: <-- yourrootsqlpassword
Repeat password for the MySQL "root" user: <-- yourrootsqlpassword
Create directories for web-based administration? <-- No
General type of mail configuration: <-- Internet Site
System mail name: <-- server1.example.com
SSL certificate required <-- Ok
We want MySQL to listen on all interfaces, not just localhost, therefore we edit /etc/mysql/my.cnf and comment out the line bind-address = 127.0.0.1:
vi /etc/mysql/my.cnf
[...] # Instead of skip-networking the default is now to listen only on # localhost which is more compatible and is not less secure. #bind-address = 127.0.0.1 [...] |
Then we restart MySQL:
/etc/init.d/mysql restart
Now check that networking is enabled. Run
netstat -tap | grep mysql
The output should look like this:
root@server1:~# netstat -tap | grep mysql
tcp 0 0 *:mysql *:* LISTEN 10447/mysqld
root@server1:~#
During the installation, the SSL certificates for IMAP-SSL and POP3-SSL are created with the hostname localhost. To change this to the correct hostname (server1.example.com in this tutorial), delete the certificates...
cd /etc/courier
rm -f /etc/courier/imapd.pem
rm -f /etc/courier/pop3d.pem
... and modify the following two files; replace CN=localhost with CN=server1.example.com (you can also modify the other values, if necessary):
vi /etc/courier/imapd.cnf
[...] CN=server1.example.com [...] |
vi /etc/courier/pop3d.cnf
[...] CN=server1.example.com [...] |
Then recreate the certificates...
mkimapdcert
mkpop3dcert
... and restart Courier-IMAP-SSL and Courier-POP3-SSL:
/etc/init.d/courier-imap-ssl restart
/etc/init.d/courier-pop-ssl restart
13 Install Amavisd-new, SpamAssassin, And Clamav
To install amavisd-new, SpamAssassin, and ClamAV, we run
aptitude install amavisd-new spamassassin clamav clamav-daemon zoo unzip bzip2 arj nomarch lzop cabextract apt-listchanges libnet-ldap-perl libauthen-sasl-perl clamav-docs daemon libio-string-perl libio-socket-ssl-perl libnet-ident-perl zip libnet-dns-perl
14 Install Apache2, PHP5, phpMyAdmin, FCGI, suExec, Pear, And mcrypt
Apache2, PHP5, phpMyAdmin, FCGI, suExec, Pear, and mcrypt can be installed as follows:
aptitude install apache2 apache2.2-common apache2-doc apache2-mpm-prefork apache2-utils libexpat1 ssl-cert libapache2-mod-php5 php5 php5-common php5-gd php5-mysql php5-imap phpmyadmin php5-cli php5-cgi libapache2-mod-fcgid apache2-suexec php-pear php-auth php5-mcrypt mcrypt php5-imagick imagemagick libapache2-mod-suphp
You will see the following question:
Web server to reconfigure automatically: <-- apache2
Then run the following command to enable the Apache modules suexec, rewrite, ssl, actions, and include:
a2enmod suexec rewrite ssl actions include
Secure phpMyAdmin by deleting the /etc/phpmyadmin/htpasswd.setup file...
rm -f /etc/phpmyadmin/htpasswd.setup
... and remove or comment out the following section in /etc/phpmyadmin/apache.conf:
vi /etc/phpmyadmin/apache.conf
[...] # # Authorize for setup # <Files setup.php> # # For Apache 1.3 and 2.0 # <IfModule mod_auth.c> # AuthType Basic # AuthName "phpMyAdmin Setup" # AuthUserFile /etc/phpmyadmin/htpasswd.setup # </IfModule> # # For Apache 2.2 # <IfModule mod_authn_file.c> # AuthType Basic # AuthName "phpMyAdmin Setup" # AuthUserFile /etc/phpmyadmin/htpasswd.setup # </IfModule> # Require valid-user # </Files> [...] |
Restart Apache afterwards:
/etc/init.d/apache2 restart
15 Install PureFTPd And Quota
PureFTPd and quota can be installed with the following command:
aptitude install pure-ftpd-common pure-ftpd-mysql quota quotatool
Edit the file /etc/default/pure-ftpd-common...
vi /etc/default/pure-ftpd-common
... and make sure that the start mode is set to standalone and set VIRTUALCHROOT=true:
[...] STANDALONE_OR_INETD=standalone [...] VIRTUALCHROOT=true [...] |
Then restart PureFTPd:
/etc/init.d/pure-ftpd-mysql restart
Edit /etc/fstab. Mine looks like this (I added ,usrquota,grpquota to the partition with the mount point /):
vi /etc/fstab
# /etc/fstab: static file system information. # # <file system> <mount point> <type> <options> <dump> <pass> proc /proc proc defaults 0 0 # /dev/sda1 UUID=e7f9e640-1254-462f-b314-6471ce83db4d / ext3 relatime,errors=remount-ro,usrquota,grpquota 0 1 # /dev/sda5 UUID=32b41e4e-4d4a-4825-8922-27e8c6aeeb45 none swap sw 0 0 /dev/scd0 /media/cdrom0 udf,iso9660 user,noauto,exec,utf8 0 0 |
To enable quota, run these commands:
touch /quota.user /quota.group
chmod 600 /quota.*
mount -o remount /
quotacheck -avugm
quotaon -avug
16 Install MyDNS
Before we install MyDNS, we need to install a few prerequisites:
aptitude install g++ libc6 gcc gawk make texinfo libmysqlclient15-dev
MyDNS is not available in the Ubuntu 8.10 repositories, therefore we have to build it ourselves as follows:
cd /tmp
wget http://heanet.dl.sourceforge.net/sourceforge/mydns-ng/mydns-1.2.8.27.tar.gz
tar xvfz mydns-1.2.8.27.tar.gz
cd mydns-1.2.8
./configure
make
make install
Next we create the start/stop script for MyDNS:
vi /etc/init.d/mydns
#! /bin/sh # # mydns Start the MyDNS server # # Author: Philipp Kern <[email protected]>. # Based upon skeleton 1.9.4 by Miquel van Smoorenburg # <[email protected]> and Ian Murdock <[email protected]>. # set -e PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin DAEMON=/usr/local/sbin/mydns NAME=mydns DESC="DNS server" SCRIPTNAME=/etc/init.d/$NAME # Gracefully exit if the package has been removed. test -x $DAEMON || exit 0 case "$1" in start) echo -n "Starting $DESC: $NAME" start-stop-daemon --start --quiet \ --exec $DAEMON -- -b echo "." ;; stop) echo -n "Stopping $DESC: $NAME" start-stop-daemon --stop --oknodo --quiet \ --exec $DAEMON echo "." ;; reload|force-reload) echo -n "Reloading $DESC configuration..." start-stop-daemon --stop --signal HUP --quiet \ --exec $DAEMON echo "done." ;; restart) echo -n "Restarting $DESC: $NAME" start-stop-daemon --stop --quiet --oknodo \ --exec $DAEMON sleep 1 start-stop-daemon --start --quiet \ --exec $DAEMON -- -b echo "." ;; *) echo "Usage: $SCRIPTNAME {start|stop|restart|reload|force-reload}" >&2 exit 1 ;; esac exit 0 |
Then we make the script executable and create the system startup links for it:
chmod +x /etc/init.d/mydns
update-rc.d mydns defaults
17 Install Vlogger And Webalizer
Vlogger and webalizer can be installed as follows:
aptitude install vlogger webalizer
18 Install Jailkit
Jailkit is needed only if you want to chroot SSH users. It can be installed as follows (important: Jailkit must be installed before ISPConfig - it cannot be installed afterwards!):
aptitude install build-essential autoconf automake1.9 libtool flex bison
cd /tmp
wget http://olivier.sessink.nl/jailkit/jailkit-2.5.tar.gz
tar xvfz jailkit-2.5.tar.gz
cd jailkit-2.5
./configure
make
make install
cd ..
rm -rf jailkit-2.5*
19 Install fail2ban
This is optional but recommended, because the ISPConfig monitor tries to show the fail2ban log:
aptitude install fail2ban