ISP Server Setup - OpenSUSE 10

This is a "copy & paste" HowTo! The easiest way to follow this tutorial is to use a command line client/SSH client (like PuTTY for Windows) and simply copy and paste the commands (except where you have to provide own information like IP addresses, hostnames, passwords,...). This helps to avoid typos.

ISP Server Setup - OpenSUSE 10

Version 1.2
Author: Till Brehm <t.brehm [at] projektfarm [dot] de>, Falko Timme
Last edited: 03/09/2006

This is a detailed description about the steps to be taken to setup a OpenSUSE 10.0 based server that offers all services needed by ISPs and hosters (web server (SSL-capable), mail server (with SMTP-AUTH and TLS!), DNS server, FTP server, MySQL server, POP3/IMAP, Quota, Firewall, etc.) and the ISPConfig control panel.

I will use the following software:

  • Web Server: Apache 2.0.x
  • Mail Server: Postfix (easier to configure than sendmail; has a shorter history of security holes than sendmail)
  • DNS Server: BIND9
  • FTP Server: proftpd (ISPConfig will not work with vsftpd on OpenSUSE 10.0)
  • POP3/IMAP: I will use Maildir format and therefore install Courier-POP3/Courier-IMAP.
  • Webalizer for web site statistics

In the end you should have a system that works reliably and is ready for the free webhosting control panel ISPConfig (i.e., ISPConfig runs on it out of the box).

I want to say first that this is not the only way of setting up such a system. There are many ways of achieving this goal but this is the way I take. I do not issue any guarantee that this will work for you!

Requirements

To install such a system you will need the following:

1 The Base System

Boot from your first OpenSUSE 10-CD and select Installation from the boot screen:

SuSe Linux is booting, to see a more detailed booting progress press Escape:

Select your language:

Skip the media check by clicking on Next:

Accept the licence agreement:

The installer analyzes your system. Select your time zone next:

Select Other and click on Select...:

For a server setup, I select Text Mode and go with Next to the next installation step which lists the installation settings on the following screen (Installation Settings). You can change each of its choices by navigating to the appropriate headline. First, I change the partitioning scheme:

Click on Partitioning and then on Create Custom Partition Setup and click Next:

Select Custom Partitioning (for experts):

Now we create the partitions. I will use the following partition scheme:

/boot 50 MB
/swap 1GB
/ 10 GB
/var the rest of the hard disk

Creating a partition: Click on create, select primary partition, select the format. I will use EXT3 for all partitions except the swap partition, that is of type swap. Then select the mountpoint corresponding to the above partitioning scheme.

Your partition table should look now similar to this one here, depending on your hard disk size. Click on Finish to proceed to the next step.

Share this page:

24 Comment(s)

Add comment

Comments

From: Anonymous at: 2005-10-09 21:42:01

why do you reccomend using a text based OS? couldn't i just use KDE or GNOME?

From: Anonymous at: 2005-10-15 17:58:30

You -could-, but the author is presenting this as a server installation, not a desktop installation. Typically, your server is supposed to 'server', more than be a desktop. If you want to build a desktop system, use KDE, Gnome, whatever.

From: Anonymous at: 2005-10-13 21:51:36

Hi Falco - Thanks for what you do. I'm a "newbie". I have a 9.3 install, but want to upgrade to 10.0 any changes now that 10.0 has been released?

Thankx

From: Anonymous at: 2005-11-18 21:31:01

Thank you very much for providing such an excellent material. Regards, Martin.

From: Anonymous at: 2005-12-04 00:48:49

Excellent writeup. I'd just like to add that I had to remove the startup/kill links and readd them to get the ispconfig_server and freshclam to start after reboot. For whatever reason, 3 different systems would not restart those things correctly after a reboot. Here is the easiest way to do it:

cd /etc/init.d ; find . -name ???ispconfig_server -exec rm {} \; ; chkconfig --add ispconfig_server

Works like a champ after that. Thanks for the great howto!

From: Anonymous at: 2005-12-27 20:37:03

I believe the procmail setup no longer works now that SUSE 10 Pro came out. From my experience all the tests mentioned here pass fine, but email sent to/from the server get lost with no error messages whatsover (I have not inspected the logs yet though).

Also, the courier-* IMAP package(s) no longer exist in the distribution. There is a package named imap, but that is it.

I used several of the other (non-email) configuration instructions and they all worked great. I look forward to an update to this HowTo for the formal SUSE 10 release.

From: Anonymous at: 2006-02-15 10:44:50

procmail works OK with suse 10.0 courier-imap is present on the dvd iso but not on the CD iso's, don't ask me why.

From: Anonymous at: 2006-02-21 17:25:22

I run a small web / email / dns server for a few of my clients. The current server was fast approaching 6 years old and needed to be upgraded. Along with a hardware upgrade, a peer of mine advised to switch from FreeBSD ( version 4.x ) to Suse 10. After many attempts to set the box up correctly ( I kept crossing stumbling blocks due to my lack of knowledge to any UNIX based O/S ), I found this manual...

WHAT A LIFE SAVER !!!!

The only issue occured during the whole setup was installing ISPConfig and it not accepting my mysql root passwrd. After 2+ hours I finally figured out that ISPConfig did not like special characters in mysql root password ( might want to add this tip to your manual :) ). Once that was figured out, smooth as silk !!!!

I rely greatly on the internet to help me manage my server and your manaul for setting up Suse as an ISP was greatly appreciated and kudos for writting it !!! Job well done !!

Keep up the great work !!

From: Anonymous at: 2006-04-07 14:17:04

I would like to thank you for this great manual.
I needed to replace a dead Sun Cobalt Webserver a.s.a.p. The only thing I had left standing was a normal server suitable for Suse 10. With this manual I setup the server with all the services with no problem at all. Hope to see a lot more manuals from you.

From: powderskier at: 2006-10-20 02:50:34

     

Hi Falko/Till,

 First off, you have both done an awesome job on the tutorial. You should really consider doing this professionally for Novell/Red Hat, since their documentation is fairly atrocious when it comes to missing steps or information.

 I want to ask how secure this setup is? Are people using this exact setup for production web servers? Is this meant only for testing environments? Could this be used for a company as an internal corporate web/intranet server provided its secure?

Has anyone audited this setup against snort, nessus, etc. 

 
Thanks for your time in helping others,

powderskier   

From: Anonymous at: 2005-11-21 08:46:47

When I went to the Management tab in ISPConfig and then to Services, POP3 was offline. I checked to see if it was offline by trying to telnet to the server using the 110 port.

In order to get this to work you have to enable it in yast.

In a console type yast this will start yast. Then go to System in yast, then system services. This is where you will enable the courier-pop and courier-pop-ssl services.

From: Anonymous at: 2005-12-08 11:59:39

I couldn't find courier-imap & courier-authlib on my 5 cd's or DVD (not the OpenSuSE version)...

Are they available only on Open version?

From: admin at: 2005-12-09 08:16:06

You have to set the installation source to the online repository like it is described in the howto.

From: at: 2005-09-19 04:36:16

/bin/sh /tmp/install_ispconfig/compile_aps/php-5.0.4/libtool --silent --preserve-dup-deps --mode=link gcc -g -O2 -rpath /tmp/install_ispconfig/compile_aps/php-5.0.4/libs -avoid-version -module -L/root/ispconfig/openssl/lib -R /root/ispconfig/openssl/lib ext/openssl/openssl.lo ext/openssl/xp_ssl.lo ext/ctype/ctype.lo ext/ftp/php_ftp.lo ext/ftp/ftp.lo ext/iconv/iconv.lo ext/mysql/php_mysql.lo ext/pcre/pcrelib/maketables.lo ext/pcre/pcrelib/get.lo ext/pcre/pcrelib/study.lo ext/pcre/pcrelib/pcre.lo ext/pcre/php_pcre.lo ext/posix/posix.lo ext/session/session.lo ext/session/mod_files.lo ext/session/mod_mm.lo ext/session/mod_user.lo ext/sockets/sockets.lo ext/spl/php_spl.lo ext/spl/spl_functions.lo ext/spl/spl_engine.lo ext/spl/spl_iterators.lo ext/spl/spl_array.lo ext/spl/spl_directory.lo ext/spl/spl_sxe.lo ext/sqlite/sqlite.lo ext/sqlite/sess_sqlite.lo ext/sqlite/libsqlite/src/opcodes.lo ext/sqlite/libsqlite/src/parse.lo ext/sqlite/libsqlite/src/encode.lo ext/sqlite/libsqlite/src/auth.lo ext/sqlite/libsqlite/src/btree.lo ext/sqlite/libsqlite/src/build.lo ext/sqlite/libsqlite/src/delete.lo ext/sqlite/libsqlite/src/expr.lo ext/sqlite/libsqlite/src/func.lo ext/sqlite/libsqlite/src/hash.lo ext/sqlite/libsqlite/src/insert.lo ext/sqlite/libsqlite/src/main.lo ext/sqlite/libsqlite/src/os.lo ext/sqlite/libsqlite/src/pager.lo ext/sqlite/libsqlite/src/printf.lo ext/sqlite/libsqlite/src/random.lo ext/sqlite/libsqlite/src/select.lo ext/sqlite/libsqlite/src/table.lo ext/sqlite/libsqlite/src/tokenize.lo ext/sqlite/libsqlite/src/update.lo ext/sqlite/libsqlite/src/util.lo ext/sqlite/libsqlite/src/vdbe.lo ext/sqlite/libsqlite/src/attach.lo ext/sqlite/libsqlite/src/btree_rb.lo ext/sqlite/libsqlite/src/pragma.lo ext/sqlite/libsqlite/src/vacuum.lo ext/sqlite/libsqlite/src/copy.lo ext/sqlite/libsqlite/src/vdbeaux.lo ext/sqlite/libsqlite/src/date.lo ext/sqlite/libsqlite/src/where.lo ext/sqlite/libsqlite/src/trigger.lo regex/regcomp.lo regex/regexec.lo regex/regerror.lo regex/regfree.lo ext/standard/array.lo ext/standard/base64.lo ext/standard/basic_functions.lo ext/standard/browscap.lo ext/standard/crc32.lo ext/standard/crypt.lo ext/standard/cyr_convert.lo ext/standard/datetime.lo ext/standard/dir.lo ext/standard/dl.lo ext/standard/dns.lo ext/standard/exec.lo ext/standard/file.lo ext/standard/filestat.lo ext/standard/flock_compat.lo ext/standard/formatted_print.lo ext/standard/fsock.lo ext/standard/head.lo ext/standard/html.lo ext/standard/image.lo ext/standard/info.lo ext/standard/iptc.lo ext/standard/lcg.lo ext/standard/link.lo ext/standard/mail.lo ext/standard/math.lo ext/standard/md5.lo ext/standard/metaphone.lo ext/standard/microtime.lo ext/standard/pack.lo ext/standard/pageinfo.lo ext/standard/parsedate.lo ext/standard/quot_print.lo ext/standard/rand.lo ext/standard/reg.lo ext/standard/soundex.lo ext/standard/string.lo ext/standard/scanf.lo ext/standard/syslog.lo ext/standard/type.lo ext/standard/uniqid.lo ext/standard/url.lo ext/standard/url_scanner.lo ext/standard/var.lo ext/standard/versioning.lo ext/standard/assert.lo ext/standard/strnatcmp.lo ext/standard/levenshtein.lo ext/standard/incomplete_class.lo ext/standard/url_scanner_ex.lo ext/standard/ftp_fopen_wrapper.lo ext/standard/http_fopen_wrapper.lo ext/standard/php_fopen_wrapper.lo ext/standard/credits.lo ext/standard/css.lo ext/standard/var_unserializer.lo ext/standard/ftok.lo ext/standard/sha1.lo ext/standard/user_filters.lo ext/standard/uuencode.lo ext/standard/filters.lo ext/standard/proc_open.lo ext/standard/sunfuncs.lo ext/standard/streamsfuncs.lo ext/standard/http.lo ext/tokenizer/tokenizer.lo TSRM/TSRM.lo TSRM/tsrm_strtok_r.lo TSRM/tsrm_virtual_cwd.lo main/main.lo main/snprintf.lo main/spprintf.lo main/php_sprintf.lo main/safe_mode.lo main/fopen_wrappers.lo main/alloca.lo main/php_scandir.lo main/php_ini.lo main/SAPI.lo main/rfc1867.lo main/php_content_types.lo main/strlcpy.lo main/strlcat.lo main/mergesort.lo main/reentrancy.lo main/php_variables.lo main/php_ticks.lo main/network.lo main/php_open_temporary_file.lo main/php_logos.lo main/output.lo main/streams/streams.lo main/streams/cast.lo main/streams/memory.lo main/streams/filter.lo main/streams/plain_wrapper.lo main/streams/userspace.lo main/streams/transports.lo main/streams/xp_socket.lo main/streams/mmap.lo Zend/zend_language_parser.lo Zend/zend_language_scanner.lo Zend/zend_ini_parser.lo Zend/zend_ini_scanner.lo Zend/zend_alloc.lo Zend/zend_compile.lo Zend/zend_constants.lo Zend/zend_dynamic_array.lo Zend/zend_execute_API.lo Zend/zend_highlight.lo Zend/zend_llist.lo Zend/zend_opcode.lo Zend/zend_operators.lo Zend/zend_ptr_stack.lo Zend/zend_stack.lo Zend/zend_variables.lo Zend/zend.lo Zend/zend_API.lo Zend/zend_extensions.lo Zend/zend_hash.lo Zend/zend_list.lo Zend/zend_indent.lo Zend/zend_builtin_functions.lo Zend/zend_sprintf.lo Zend/zend_ini.lo Zend/zend_qsort.lo Zend/zend_multibyte.lo Zend/zend_ts_hash.lo Zend/zend_stream.lo Zend/zend_iterators.lo Zend/zend_interfaces.lo Zend/zend_exceptions.lo Zend/zend_strtod.lo Zend/zend_objects.lo Zend/zend_object_handlers.lo Zend/zend_objects_API.lo Zend/zend_mm.lo Zend/zend_default_classes.lo Zend/zend_reflection_api.lo Zend/zend_execute.lo sapi/apache/sapi_apache.lo sapi/apache/mod_php5.lo sapi/apache/php_apache.lo main/internal_functions.lo -lcrypt -lcrypt -lmysqlclient -lssl -lcrypto -lresolv -lm -ldl -lnsl -lcrypt -lcrypt -o libphp5.la
/usr/lib64/gcc/x86_64-suse-linux/4.0.2/../../../../x86_64-suse-linux/bin/ld: /root/ispconfig/openssl/lib/libssl.a(s2_srvr.o): relocation R_X86_64_32 against `a local symbol' can not be used when making a shared object; recompile with -fPIC
/root/ispconfig/openssl/lib/libssl.a: could not read symbols: Bad value
collect2: ld returned 1 exit status
make: *** [libphp5.la] Error 1
ERROR: Could not make PHP
linux:/tmp/install_ispconfig #

From: at: 2005-09-19 07:22:19

Please post this in the forums - http://www.howtoforge.com/forums

From: admin at: 2005-09-19 07:48:33

Maybe these threads help you, it is not directly for SuSe10 but it shows you the direction of the problem. The ISPConfig installer has no x86_64 support yet, but with some small tweaks it will install on x86_64. Please post further questions to the forums.

http://www.howtoforge.com/forums/showthread.php?t=127
http://www.howtoforge.com/forums/showthread.php?t=286&highlight=x86_64

From: at: 2005-09-19 18:59:53

Check BIOS settings.

Change BIOS setting for O/S = NO

Make sure when you exit the BIOS you save your changes.

Then try again.

jaxk66

From: at: 2005-09-19 12:15:06

This tutorial is absolutely outstanding, sir. Currently, I run a RH8 server with almost an identical setup.

The only major difference is that I use NAT, and DHCP both to recieve an IP address from Comcast (Argh...) and to send out addresses to my LAN. I also run sendmail, which I'm only moderately happy with. I built my server several years ago, and unfortunately haven't played with linux much since.

I'd like to rebuild from scratch, and this looks like a wonderful way to do it!

Several questions... How would I set up DHCP on eth1 (assuming eth0 is used to connect to the ISP) to send out internal LAN addresses? I'm sure it differs from when I did it years ago.

How do I set up routing so my LAN machines get internet access? What about security?

Any Samba tutorials that are as good as this one, screenshots and all?

And finally, do you have, or could you write a tutorial about a backup system, be it to tape, CD, or DVD also with screenshots? Most importantly, since I've never had to do it, I would love to see a step-by-step tutorial of the actual recovery process should a catastrophic failure occur.

Again, thanks for a great tutorial!!!

Chris

From: at: 2005-09-19 12:53:04

Please post this in the forums - http://www.howtoforge.com/forums

From: at: 2005-09-20 17:39:07

i install everything without errors but when i came to log into the ISPconfig interface i get the error.

Could not establish and encrypted connection because certificate presented by 10.1.1.5 is invalid or corrupted. Error Code: -8182


thanx for your help in advance!

From: Anonymous at: 2005-10-11 11:14:55

I have the exact same error. This is something not right with the certificates I'd say. Would be nice to have some updated instructions..

From: Anonymous at: 2006-03-20 10:57:29

You can re-generate the ISPConfig SSL certificate like this:

openssl genrsa -des3 -passout pass:yourpassword -out /root/ispconfig/httpd/conf/ssl.key/server.key2 1024

openssl req -new -passin pass:yourpassword -passout pass:yourpassword -key /root/ispconfig/httpd/conf/ssl.key/server.key2 -out /root/ispconfig/httpd/conf/ssl.csr/server.csr -days 365

openssl req -x509 -passin pass:yourpassword -passout pass:yourpassword -key /root/ispconfig/httpd/conf/ssl.key/server.key2 -in /root/ispconfig/httpd/conf/ssl.csr/server.csr -out /root/ispconfig/httpd/conf/ssl.crt/server.crt -days 365

openssl rsa -passin pass:yourpassword -in /root/ispconfig/httpd/conf/ssl.key/server.key2 -out /root/ispconfig/httpd/conf/ssl.key/server.key

chmod 400 /root/ispconfig/httpd/conf/ssl.key/server.key

Then restart ISPConfig:

/etc/init.d/ispconfig_server restart

------

Josip Djuricic

From: Anonymous at: 2006-08-27 12:43:00

Thank you Josip. I had this problem and your solution worked first time for me.

From: Anonymous at: 2005-12-17 12:25:07