The Perfect Server - Ubuntu Karmic Koala (Ubuntu 9.10) [ISPConfig 2] - Page 6

17 Apache/PHP5/Ruby/Python/WebDAV

Now we install Apache:

aptitude install apache2 apache2-doc apache2-mpm-prefork apache2-utils apache2-suexec libexpat1 ssl-cert

Next we install PHP5, Ruby, and Python (all three as Apache modules):

aptitude install libapache2-mod-php5 libapache2-mod-ruby libapache2-mod-python php5 php5-common php5-curl php5-dev php5-gd php5-idn php-pear php5-imagick php5-imap php5-mcrypt php5-memcache php5-mhash php5-ming php5-mysql php5-pspell php5-recode php5-snmp php5-sqlite php5-tidy php5-xmlrpc php5-xsl

Next we edit /etc/apache2/mods-available/dir.conf:

vi /etc/apache2/mods-available/dir.conf

and change the DirectoryIndex line:

<IfModule mod_dir.c>

          #DirectoryIndex index.html index.cgi index.php index.xhtml index.htm
          DirectoryIndex index.html index.htm index.shtml index.cgi index.php index.php3 index.xhtml


Now we have to enable some Apache modules (SSL, rewrite, suexec, include, and WebDAV):

a2enmod ssl
a2enmod rewrite
a2enmod suexec
a2enmod include
a2enmod dav_fs
a2enmod dav

Restart Apache:

/etc/init.d/apache2 restart

We have to fix a small problem with Ruby. If you install ISPConfig and enable Ruby for a web site, .rbx files will be executed fine and displayed in the browser, but this does not work for .rb files - you will be prompted to download the .rb file - the same happens if you configure Ruby manually for a vhost (i.e., it has nothing to do with ISPConfig). To fix this, we open /etc/mime.types...

vi /etc/mime.types

... and comment out the application/x-ruby line:

#application/x-ruby                             rb

Restart Apache:

/etc/init.d/apache2 restart

Now .rb files will be executed and displayed in the browser, just like .rbx files.

In the next chapter (17.1) we are going to disable PHP (this is necessary only if you want to install ISPConfig on this server). Unlike PHP, Ruby and Python are disabled by default, therefore we don't have to do it.


17.1 Disable PHP Globally

(If you do not plan to install ISPConfig on this server, please skip this section!)

In ISPConfig you will configure PHP on a per-website basis, i.e. you can specify which website can run PHP scripts and which one cannot. This can only work if PHP is disabled globally because otherwise all websites would be able to run PHP scripts, no matter what you specify in ISPConfig.

To disable PHP globally, we edit /etc/mime.types and comment out the application/x-httpd-php lines:

vi /etc/mime.types

#application/x-httpd-php                                phtml pht php
#application/x-httpd-php-source                 phps
#application/x-httpd-php3                       php3
#application/x-httpd-php3-preprocessed          php3p
#application/x-httpd-php4                       php4

Edit /etc/apache2/mods-enabled/php5.conf and comment out the following lines:

vi /etc/apache2/mods-enabled/php5.conf

<IfModule mod_php5.c>
#  AddType application/x-httpd-php .php .phtml .php3
#  AddType application/x-httpd-php-source .phps

Then restart Apache:

/etc/init.d/apache2 restart


18 Proftpd

In order to install Proftpd, run

aptitude install proftpd ucf

You will be asked a question:

Run proftpd: <-- standalone

For security reasons add the following lines to /etc/proftpd/proftpd.conf (thanks to Reinaldo Carvalho; more information can be found here:

vi /etc/proftpd/proftpd.conf

DefaultRoot ~
IdentLookups off
ServerIdent on "FTP Server ready."

ISPConfig expects the configuration to be in /etc/proftpd.conf instead of /etc/proftpd/proftpd.conf, therefore we create a symlink (you can skip this command if you don't want to install ISPConfig):

ln -s /etc/proftpd/proftpd.conf /etc/proftpd.conf

Then restart Proftpd:

/etc/init.d/proftpd restart

Share this page:

15 Comment(s)

Add comment


From: the_guv at: 2009-11-25 14:35:44
From: QSC at: 2009-12-24 00:38:20

I couldn't agree more. The latest release of Ubuntu (9.10) has been a tremendous disappointment, haven't spent this much time fixing a distro since Gentoo or CRUX. 

From: the_guv at: 2009-11-18 18:50:36

cos for an Ubuntu server edition, never install anything other than a LTS edition ..

.. so the best choice of Ubuntu server to date would be Hardy Heron 8.04.

Just my tuppency ha'penny :)

(Oh, and Nginx is way more perfect than Apache for most of us too)

From: Anonymous at: 2009-11-08 16:35:38

Karmic Koala aka 9.10 is worst ever release of UBUNTU ever.

Every package has some problem or the other.  Ridiculous!  The users (first adopters) are serving as the unit testers.

Bugs are crawling all over the place.

From: anatoly pugachev at: 2010-01-18 14:43:47

Well, I suggest not to use ubuntu on servers, and my point of view is explained on my kerneltrap note , really better to use Centos or Fedora.

From: ree at: 2009-12-30 13:35:53


Jamie S. is right. Do not do it. And one thing more: I prefer 8.x LTS over 9.10


From: Anonymous at: 2010-03-09 18:51:40

You did everything, byut you should really explain on how to install and configure IspConfig...

All that you did is that you linked to their official documentation, and their official documentation is linking bacck to this tutorial and now I am lost... I did everything but i cannot install ispconfig... since there isn't a documentation on how to do it... 

From: Jamie Strandboge at: 2009-12-28 15:43:35

I noticed that this tutorial recommends to disable all of AppArmor. Unless you have a very specific need to do so, this is not recommended. The apparmor profiles shipped in Ubuntu are designed to work with the default installation. If a particular profile is causing you trouble, please disable the profile or put it in complain mode, and leave the other profiles that are not causing problems to do their jobs. Better yet, file a bug. :) See my blog entry at for details.

From: Vladimir Stanojevic at: 2010-02-25 11:57:42

Out of words of praise for the author!!!

From: at: 2010-04-28 13:39:51


Disable AppArmor framework

Systems should not generally need to have AppArmor disabled entirely. It is highly recommended that users leave AppArmor enabled and put the problematic profile into complain mode (see above), then file a bug using the procedures found in If AppArmor must be disabled (eg to use SELinux instead), users can:

sudo invoke-rc.d apparmor kill
sudo update-rc.d -f apparmor remove

On Ubuntu 8.04 (Hardy), Ubuntu 8.10 (Intrepid) and Ubuntu 9.04 (Jaunty):

sudo invoke-rc.d apparmor stop
sudo update-rc.d -f apparmor remove

Using kill with Ubuntu 8.10 or later gives the following error:

Killing AppArmor module - failed, AppArmor is builtin: Failed.

On Ubuntu 9.10 and later, you can either:

  • adjust your kernel boot command line (see /boot/grub/menul.lst for Grub or /boot/grub/grub.cfg for Grub 2) to include either

  • * 'apparmor=0'
  • * 'security=XXX' where XXX can be "" to disable AppArmor or an alternative LSM name, eg. 'security="selinux"'

  • remove the apparmor package with your package manager. Do not 'purge' apparmor if you think you might want to reenable AppArmor at a later date

From: at: 2009-12-08 07:17:34


I found out after chrooting the bind9, the status cannot be checked.


root@ns1:/etc/bind# /etc/init.d/bind9 status
 * could not access PID file for bind9

i resolved this by editing the /etc/init.d/bind9

i changed #PIDFILE=/var/run/named/ to

Where your pid file is, you may find by doing : find / -name

When found, it will show you the exact path. (To find it, bind must be running)

Good luck.

From: yuqi at: 2010-08-26 03:09:02

root@server:/etc/bind# /etc/init.d/bind9 restart
 * Stopping domain name service... bind9                                                                                                                                         rndc: connect failed: connection refused
[: 131: 2652: unexpected operator
                                                                                                                                                                          [ OK ]
 * Starting domain name service... bind9                                                                                                                                  [ OK ]
root@server:/etc/bind# /etc/init.d/bind9 status
 * bind9 is running

how i fix it


From: Dwain Blazej at: 2010-01-20 02:49:49

If you're getting this error:

 rndc: connect failed: connection refused

re-run the command:

 chown -R bind:bind /var/lib/named/etc/bind


While editing the config files, you may have accidentally made the config files unreadable by the "bind" user.

From: Kevin at: 2010-04-01 12:30:32

I have had great success in the past following the perfect server guides for Ubuntu. This time however it has been over a week of going through the steps over and over again with no luck. Maybe it is because I am setting it up on Ubuntu desktop instead of Ubuntu server, I don't know. What I do know now is this:

1. In step 10 after disabling Apparmor you need to edit the file /etc/apparmor/initramfs or it will keep trying to start up Apparmor. Comment out these lines:

set -e

. /etc/apparmor/functions

mount -n -t securityfs none "${SECURITYFS}"


2. In step 12 when installing Journaled Quota It kept giving me this error:

quotacheck: Scanning /dev/??? [/] quotacheck: lstat Cannot stat `//home/?????/.gvfs': Permission denied
Guess you'd better run fsck first !

It made it so I could not install quota properly which meant ispconfig also wouldnt install. If I rebooted I was in a world of hurt. Answer was not easy to find either cause others in the forum just ignored it like it was silly or something. Thank goodness for Melask:

Just log off from your graphical environment and switch to e.g. tty1 window with the ctrl+alt+F1 keys. Run all the commands there (after u login ofc) and u are ok.

Switch back to kde/gnome with ctrl+alt+F7


3. If you want to use Apparmor you will probably have troubles with Bind9. The fix for that is here:


Now because of this great guide and a couple of fixes here and there I am running this perfect server on an Acer laptop with Ubuntu Netbook Remix.....don't laugh....i have to find something to do.

From: Christian at: 2009-11-24 09:41:59

please, don't suggest ntpdate... upstream developers are making it obsolete. :)