The Perfect Setup - Debian Etch (Debian 4.0) - Page 6

13 Apache/PHP5

Now we install Apache:

apt-get install apache2 apache2-doc apache2-mpm-prefork apache2-utils libexpat1 ssl-cert

Next we install PHP5:

apt-get install libapache2-mod-php5 php5 php5-common php5-curl php5-dev php5-gd php5-idn php-pear php5-imagick php5-imap php5-json php5-mcrypt php5-memcache php5-mhash php5-ming php5-mysql php5-ps php5-pspell php5-recode php5-snmp php5-sqlite php5-tidy php5-xmlrpc php5-xsl

You will be asked the following question:

Continue installing libc-client without Maildir support? <-- Yes

Next we edit /etc/apache2/mods-available/dir.conf:

vi /etc/apache2/mods-available/dir.conf

and change the DirectoryIndex line:

<IfModule mod_dir.c>

          DirectoryIndex index.html index.htm index.shtml index.cgi index.php index.php3 index.pl index.xhtml

</IfModule>

Edit /etc/apache2/ports.conf and add Listen 443:

vi /etc/apache2/ports.conf

Listen 80
Listen 443

Now we have to enable some Apache modules (SSL, rewrite, suexec, and include):

a2enmod ssl
a2enmod rewrite
a2enmod suexec
a2enmod include

Reload the Apache configuration:

/etc/init.d/apache2 force-reload

 

13.1 Disable PHP Globally

(If you do not plan to install ISPConfig on this server, please skip this section!)

In ISPConfig you will configure PHP on a per-website basis, i.e. you can specify which website can run PHP scripts and which one cannot. This can only work if PHP is disabled globally because otherwise all websites would be able to run PHP scripts, no matter what you specify in ISPConfig.

To disable PHP globally, we edit /etc/mime.types and comment out the application/x-httpd-php lines:

vi /etc/mime.types

[...]
#application/x-httpd-php                                phtml pht php
#application/x-httpd-php-source                 phps
#application/x-httpd-php3                       php3
#application/x-httpd-php3-preprocessed          php3p
#application/x-httpd-php4                       php4
[...]

Edit /etc/apache2/mods-enabled/php5.conf and comment out the following lines:

vi /etc/apache2/mods-enabled/php5.conf

<IfModule mod_php5.c>
#  AddType application/x-httpd-php .php .phtml .php3
#  AddType application/x-httpd-php-source .phps
</IfModule>

Then restart Apache:

/etc/init.d/apache2 restart

 

14 Proftpd

In order to install Proftpd, run

apt-get install proftpd ucf

You will be asked a question:

Run proftpd from inetd or standalone? <-- standalone

Then open /etc/proftpd/proftpd.conf and change UseIPv6 from on to off; otherwise you'll get a warning like this when you start Proftpd:

- IPv6 getaddrinfo 'server1.example.com' error: Name or service not known

vi /etc/proftpd/proftpd.conf

[...]
UseIPv6                         off
[...]

For security reasons you can also add the following lines to /etc/proftpd/proftpd.conf (thanks to Reinaldo Carvalho; more information can be found here: http://proftpd.org/localsite/Userguide/linked/userguide.html):

vi /etc/proftpd/proftpd.conf

[...]
DefaultRoot ~
IdentLookups off
ServerIdent on "FTP Server ready."
[...]

ISPConfig expects the configuration to be in /etc/proftpd.conf instead of /etc/proftpd/proftpd.conf, therefore we create a symlink (you can skip this command if you don't want to install ISPConfig):

ln -s /etc/proftpd/proftpd.conf /etc/proftpd.conf

Then restart Proftpd:

/etc/init.d/proftpd restart

Share this page:

32 Comment(s)

Add comment

Comments

From: at: 2007-06-26 20:53:34

I've been doing battle with Debian Etch for a day now, trying to get a working LAMP setup ... with no success!  It looks like this post is going to solve all my problems in one hit.

 Thanks very much for taking the time to write it!

 

 

From: at: 2007-07-25 04:01:56

Agreed.  Excellent tutorial.  I come back and refer to it often.

From: at: 2008-04-08 06:14:49

I would have to fully endorse whole-heartedly the comment of it being an excellent article.  After using RH 8 & 9, FC 4 & 5 as well as Ubuntu and FreeBSD, I must say that I was very impressed.  The only one that I have found easier (out of the box) has been Xandros 4.0.
Although I suffered a few problems with the first installation and the further I went - the worse it got.  Trying to load Debian 4. (Etch) using Debian 3.1 notes was challenging .  My own fault as I hadn't searched hard enough to find the RELEVANT notes.  Once found, I went to basics.  Wiped out EVERYTHING!  Started the installation using these Etch notes step by step.  I did do take some license and extended my tailoring but in all, the installation went smoothly.  There were some typos on my part but, without the instructions, I'd still be at the start, fumbling about.
Lessons learnt;-

  • Always find the correct (most appropriate) notes rather than try and tailor "on the fly".
  • Check WHAT you type BEFORE pressing <Enter>. I made several typographical errors and , but for the "intelligent" build into the loaders, I'd still be scratching my head.
  • Be will to learn from other's mistakes.  That is, rather than rush at it unprepared, read through the subject related forums and find what has befallen others.
  • Take a moment to accept that you are fallible and that you will make silly mistakes.  Check you haven't broken anything in your quest by seeing if you can restart certain daemons.  I had trouble starting bind9 only to find that, despite the loads working, I still had managed to goof up.
  • Accept that sometimes, the instructional manual is not exactly the same as your "reality".  Use some judgement (common sense) to decide if the variance is reasonable and consistent with your expectations.  Don't con yourself with: "it'll be OK".  Stop,  Evaluate, Assess, Review, Challenge and Health (SEARCH).
    • Stop.  Has the last instruction worked as expected?
    • Evaluate.  Has the last instruction come back with an error messaged which indicates an unexpected response?
    • Assess.  It the message a typographical error or is it one of security or missing file/directory?
    • Review. What are the options to get out of the situation?  Do we want to get out (due to a change in requirements)?  Is it consistent with your objectives?
    • Challenge. Do a self assessment of your actions.  Are the consistent with standard practice?  Are you "convincing" yourself that you are correct or, are you in fact correct in your evaluation, assessment and review or the situation?
    • Health.  Has what you have done affected the way the system has operated before.  That is, can you see that all the processes that were running are still running and, those that you have stopped - can be started?
Kind of long summation but, I would like to express my gratitude to Falko, the support team and the forum members for the benefit and expertise.
I've learnt a lot - and yet have so much more to learn. For that I give thanks.

Rgds,
Nick K

From: at: 2007-07-25 04:24:30

When partitioning the disk, using the "All files in one partiton (recommended for new users) works well.  Once I used the "Separate" option there and my /tmp partition ended up too small to allow all the compiling of ISPConf.

Recommended is best, unless you really do know what you are doing (which I don't). 

From: at: 2007-10-30 01:42:50

falko you are a god!

Ok, I admit I am a windows user showing more than little interest in nix servers.  Purely for my own enjoyment.

I also admit that for 3 days and after 9 reinstalls of Etch I had been following the Sarge3.1 perfect setup guide whilst pulling my hair out because Postfix wouldn't auth me.  I figured out some differences by myself, but I'd found that tutorial ages ago, bookmarked it and never looked for a newer one.

One line..yep ONE line in saslauth was screwing me up completely! (no PARAMS etc -m instead)

This is, as they all are, are fantastic tutorial.

Now to reinstall again and hopefully get a truely perfect setup!

Thank you again.  This is an amazing site and has given me lots to think about.

 

Anyone want an email from a spurious domain?!!  

From: at: 2008-03-07 17:20:25

After setting your IP address on pg.2 edit the /etc/resolv.conf file to show your nameserver ip addresses then restart networking.


From: at: 2008-04-19 21:05:01

At the end: don't forget to install mod-ruby. It is supported by ISPConfig 2.2.20 and above. It's as easy as:

apt-get install libapache2-mod-ruby

From: Gustavo at: 2008-09-23 19:00:41

Excelent tutorial!

Finally I could configure an e-mail server! Thank you!

I have one doubt. I'm not using ISPConfig (it's not easy to use for me yet).

The e-mail users are the server users (/etc/passwd). I mean that to create a new e-mail user I just create an user at the server (using adduser).

At the server I there are some users I don't want that they have e-mail addresses, is there anyway to avoid users to have e-mail addresses at an e-mail server?

 

Thank you so much!

[ ]s! 

From: at: 2007-07-09 21:09:20

On the screen shown below these lines:

We need a web server, DNS server, mail server, and a MySQL database, but nevertheless I don't select any of them now because I like to have full control over what gets installed on my system. We will install the needed packages manually later on. Therefore we just select Standard system and hit Continue:

 the Desktop environment was left out: ( ) instead of (*)

 I followed these instructions, believing that at some point later this would be corrected.

 It was not, so I went through the whole installation process again.

From: admin at: 2007-07-10 11:23:45

The desktop environment was intentionally left out because this setup deals with a server, and usually you don't install a desktop on a server system for several reasons (performance, security, etc.).

If you're looking for a Debian Etch desktop, take a look at this tutorial: http://www.howtoforge.com/the_perfect_desktop_debian_etch

From: at: 2007-05-25 09:27:17

If you like me get the following error in step 6:

W: GPG error: http://security.debian.org etch/updates Release: Unknown error executing gpgv

Check out this page for a solution. It worked for me.

Great tutorial BTW, thanks!

 

From: at: 2008-01-30 20:51:51

-removed. placing in the forum

From: Superkikim at: 2008-10-03 13:00:19

ATTENTION: After apt-get upgrade, you have to reboot the server (at least in my case).

 While apt-get upgrade was running, a dialog box appeared saying ht has to recompile the kernel (?) or some modules (?), saying 4 times I'll have to reboot :-)

 So, just don't miss it. After apt-get upgrade, type reboot

 

From: at: 2008-11-15 18:20:17

When installing Debian Etch under VMWARE, you usally use the natted interface in the first installation-parts. Then you edit the interfaces-file, add SSH-support, and change the netowrking-environment in VMWARE to use bridged networking.

SSH now works fine, but there ist no access to the internet. I have tried a lot and found out that pinging of external IPs was possible, the nameserver was the problem. I edited /etc/resolve.conf then and the nameserver was something the natted connection had left there. After choosing the correct nameserver the installation could continue without problems...

Thanks for these good Howtos, i would not be able to set up my systems without them ...

Greetings

Hartmut


From: stefan at: 2008-11-26 03:28:13

My /etc/fstab looks way different than yours - so I'm not sure how to edit it.

Do I just go ahead and add 'usrquota,grpquota' after the word 'defaults' on the line for mount point '/'? 

I also ran the command 'uname --all' to show you the system I'm using: it's Debian 4.0 on i686 using Xen virtualization at my VPS hosting provider. 

myserver:~# uname --all
Linux
myserver 2.6.20-xen-r6 #2 SMP Wed Jan 16 19:43:41 CET 2008 i686 GNU/Linux

myserver:~# cat /etc/fstab
# Hard file systems.
/dev/hda2       /       auto    defaults        0 1
/dev/hda1       swap    swap    defaults        0 0

# Virtual file systems.
none            /proc   proc    defaults        0 0
none            /sys    sysfs   defaults        0 0

Thanks for any suggestions. 

From: Ivan Raic at: 2011-05-09 14:12:11

...heared it already totally newbie so I get this

 Reading package lists... Done

Building dependency tree       

Reading state information... Done

Note, selecting 'perl' instead of 'libcompress-zlib-perl'

Note, selecting 'linux-libc-dev' instead of 'linux-kernel-headers'

Package libpopt-dev is not available, but is referred to by another package.

This may mean that the package is missing, has been obsoleted, or

is only available from another source


Package lynx is not available, but is referred to by another package.

This may mean that the package is missing, has been obsoleted, or

is only available from another source


Package fetchmail is not available, but is referred to by another package.

This may mean that the package is missing, has been obsoleted, or

is only available from another source


Package autoconf is not available, but is referred to by another package.

This may mean that the package is missing, has been obsoleted, or

is only available from another source


Package automake1.9 is not available, but is referred to by another package.

This may mean that the package is missing, has been obsoleted, or

is only available from another source


Package libtool is not available, but is referred to by another package.

This may mean that the package is missing, has been obsoleted, or

is only available from another source


Package flex is not available, but is referred to by another package.

This may mean that the package is missing, has been obsoleted, or

is only available from another source


Package bison is not available, but is referred to by another package.

This may mean that the package is missing, has been obsoleted, or

is only available from another source


Package unzip is not available, but is referred to by another package.

This may mean that the package is missing, has been obsoleted, or

is only available from another source


Package zip is not available, but is referred to by another package.

This may mean that the package is missing, has been obsoleted, or

is only available from another source


Package autotools-dev is not available, but is referred to by another package.

This may mean that the package is missing, has been obsoleted, or

is only available from another source


E: Package 'fetchmail' has no installation candidate

E: Package 'flex' has no installation candidate

E: Unable to locate package libarchive-zip-perl

E: Unable to locate package libdb4.3-dev

E: Couldn't find any package by regex 'libdb4.3-dev'

E: Package 'libpopt-dev' has no installation candidate

E: Package 'lynx' has no installation candidate

E: Unable to locate package ncftp

E: Unable to locate package nmap

E: Package 'unzip' has no installation candidate

E: Package 'zip' has no installation candidate

E: Unable to locate package zliblg-dev

E: Package 'autoconf' has no installation candidate

E: Package 'automake1.9' has no installation candidate

E: Package 'libtool' has no installation candidate

E: Package 'bison' has no installation candidate

E: Package 'autotools-dev' has no installation candidate

root@debiansrv:/home/velebit# 

From: at: 2008-07-15 21:04:25

Since the netstat command will output many lines, how about cleaning this up for newbies by having folks run "netstat -tap | grep mysql" instead of just the "netstat -tap"?

From: admin at: 2008-10-09 16:57:56

You are wrong. There are two root logins, one for localhost and one for server1.example.com, therefore the first password doesn't affect the second login.

From: Anonymous at: 2008-10-31 08:19:24

However the second command doesn't work. So who's right?

From: Noxion at: 2009-01-15 19:49:47

Both commands should be working, try editing the host file again as explained at page 3 of this how-to.

If you follow these instructions correctly there should be no problems here.

From: Agostino at: 2008-10-09 13:01:30

After you have changed the password with the command

 mysqladmin -u root password yourrootsqlpassword

you cannot set

mysqladmin -h server1.example.com -u root password yourrootsqlpassword

beaucose the password was changed and you have this

error: 'Host 'server1.example.com' is not allowed to connect to this mysql server'

now you have to supply the password set before, please correct the command in

mysqladmin -h server1.example.com -u root -p yourrootsqlpassword password yourrootsqlpassword

thank you.

From: r4pt0r at: 2009-03-23 15:49:43

The second command isn't working for me - the mysql server denies the connection from the host. Never had this problem with mysql on 2 other etch servers before but on this new server i'm setting up, mysql really pisses me off...

Even if i set the hostname to be the FQDN as shown on page 3 (what would be wrong - 'hostname' should return "hostname" and 'hostname -f' should return "hostname-domain.tld")

All i get is this:

mysqladmin: connect to server at 'host.domainname.de' failed
error: 'Host 'host.domainname.de' is not allowed to connect to this MySQL server'

From: Stefan Hammes at: 2009-02-06 07:56:33

When installing bind9 chrooted as shown in this tutorial, it will always use GMT for logging because it has no access to timezone info. Therefore add the following command to the tutorial:

cp /etc/localtime /var/lib/named/etc/

With this, bind9 will use the correct local time for logging.

From: at: 2007-12-29 20:55:44

Sorry. This comment was a bad Idea as other domains with IPs not using the "main" IP wern't able to send mail.

So better do not read further :-)

Has anybody an idea how to do the settings that there are no problems with Spamfilters?

---------do not use this it screws things up. Sorry -------- 

I did my installation with this tutorial.

After I added some more IPs to the server I suddenly had the problem that most of my mails where marked as spam by some providers (gmx for example). They did not pass the SPF Test.

After setting

inet_interfaces = <main ip adress of my server>

the problem seems to be gone. It seemd that postfix alway used the last adress set in /etc/network/interfaces.

So maybe it could be better setting  

postconf -e 'inet_interfaces = 192.168.0.100'

insted of

 postconf -e 'inet_interfaces = all'

Or may there be other problems? 

------------------------End 

From: at: 2007-04-10 02:56:13

Good job on making and publishing this guide so quickly!

Thanks much! 

From: at: 2007-04-19 14:11:18

Thanks Falko.

 I've been following your previous article ("The Perfect Setup - Debian Sarge (3.1)") for my Etch installations for a while now, good to see such a useful article updated, and so quickly after Etch moved to stable.

From: at: 2007-05-02 11:09:00

Seems to be working fine! Thanks alot for this guide.

From: at: 2007-07-01 12:22:42

Great tutorial, very clear, thanks a lot.
I do have 1 comment though: I'd like to see vi replaced by pico, I really can't work with vi, pico shows all possible commands (like search, exit etc.) at the bottom of the screen which also makes it easier for non-advanced users.

Keep up the good work!

 

From: at: 2007-12-06 18:50:06

    Hi,

 Like all the others say :

 Great job.

Work like a charm.

So cool to use Debian with this utility...

 

Thanks.

Regards. 

From: at: 2008-05-22 12:16:11

Hello,

please someone point me to any article about upgrading ispConfig. Following this article, I have 2.2.12 installed, a year before.

I have to prepare my upgrade plan, to avoid loss of data, or crashing the box on my production site.

Also would benefit from the remoting framework, but not sure about the right version.

Thanks,

Hoesh

From: mathieu at: 2008-10-27 16:47:52

Great job, thanks !

 I spent so much tyme trying ton install Apache, bind, proftpd and mysql for this king of configuration... it's horrible to see that the job is worse for mail daemon and other stuffs i never tested before.

Thanks a lot.

From: prad at: 2008-11-20 14:20:59

excellent ... works like a charm ...