ISP Server Setup - OpenSUSE 10 - Page 5

Apache/PHP5

yast2 -i apache2 apache2-devel apache2-mod_perl apache2-mod_php5 apache2-prefork libapr0 perl-HTML-Parser perl-HTML-Tagset perl-Tie-IxHash perl-URI perl-libwww-perl php5 php5-devel zlib zlib-devel

yast2 -i php5-bcmath php5-bz2 php5-calendar php5-ctype php5-curl php5-dbase php5-dbx php5-debuginfo php5-dio php5-dom php5-fam php5-filepro php5-ftp php5-gd php5-gettext php5-gmp php5-iconv php5-imap php5-ldap php5-mbstring php5-mcrypt php5-mhash php5-mysql php5-mysqli php5-ncurses php5-odbc php5-openssl php5-pcntl php5-pgsql php5-posix php5-shmop php5-snmp php5-soap php5-sockets php5-sqlite php5-sysvsem php5-tokenizer php5-wddx php5-xmlrpc php5-xsl php5-yp php5-zlib php5-exif php5-fastcgi php5-pear php5-sysvmsg php5-sysvshm ImageMagick curl (1 line!)

chkconfig --add apache2

ISPConfig configures the perl and PHP mimetypes on a per vhost basis, so we comment them out in the global setup.
Edit /etc/mime.types. Comment out the following 2 lines:

# application/x-httpd-php                phtml pht php
# application/x-perl pl pm

Edit /etc/apache2/httpd.conf and change

DirectoryIndex index.html index.html.var

to

DirectoryIndex index.html index.htm index.shtml index.cgi index.php index.php5 index.php4 index.php3 index.pl index.html.var index.aspx default.aspx

Edit /etc/sysconfig/apache2 and add rewrite to the APACHE_MODULES line:

APACHE_MODULES="access actions alias auth [...] setenvif ssl suexec userdir php4 php5 rewrite"

Also add SSL to the APACHE_SERVER_FLAGS line:

APACHE_SERVER_FLAGS="SSL"

Then run

SuSEconfig
/etc/init.d/apache2 start

Proftpd

I want to use Proftpd instead of vsftpd which is SUSE's default FTP server because the control panel software I am going to install on this server (ISPConfig) requires Proftpd on SUSE 10.0 (on other distributions this is different). Since there are no SUSE packages for Proftpd I have to compile it manually:

cd /tmp/
wget --passive-ftp ftp://ftp.proftpd.org/distrib/source/proftpd-1.2.10.tar.gz

tar xvfz proftpd-1.2.10.tar.gz
cd proftpd-1.2.10/
./configure --sysconfdir=/etc
make
make install

cd ../
rm -fr proftpd-1.2.10*

Now create the file /etc/init.d/proftpd:

#! /bin/sh
# Copyright (c) 2000-2001 SuSE GmbH Nuernberg, Germany.
# All rights reserved.
#
# Original author: Marius Tomaschewski <mt@suse.de>
#
# Slightly modified in 2003 for use with SuSE Linux 8.1,
# by http://www.learnlinux.co.uk/
#
# Slightly modified in 2005 for use with SuSE Linux 9.2,
# by Falko Timme
#
# /etc/init.d/proftpd
#
### BEGIN INIT INFO
# Provides: proftpd
# Required-Start: $network $remote_fs $syslog $named
# Required-Stop:
# Default-Start: 3 5
# Default-Stop: 0 1 2 6
# Description: Starts ProFTPD server
### END INIT INFO

# Determine the base and follow a runlevel link name.
base=${0##*/}
link=${base#*[SK][0-9][0-9]}

# Force execution if not called by a runlevel directory.
test $link = $base && START_PROFTPD=yes # Modified by learnlinux.co.uk
test "$START_PROFTPD" = yes || exit 0 # Modified by learnlinux.co.uk

# Return values acc. to LSB for all commands but
# status (see below):
#
# 0 - success
# 1 - generic or unspecified error
# 2 - invalid or excess argument(s)
# 3 - unimplemented feature (e.g. "reload")
# 4 - insufficient privilege
# 5 - program is not installed
# 6 - program is not configured
# 7 - program is not running

proftpd_cfg="/etc/proftpd.conf"
proftpd_bin="/usr/local/sbin/proftpd"
proftpd_pid="/usr/local/var/proftpd.pid"

[ -r $proftpd_cfg ] || exit 6
[ -x $proftpd_bin ] || exit 5

# Source status functions
. /etc/rc.status

# First reset status of this service
rc_reset

case "$1" in
start)
echo -n "Starting ProFTPD Server: "
test -f /etc/shutmsg && rm -f /etc/shutmsg
/sbin/startproc $proftpd_bin
rc_status -v
;;

stop)
echo -n "Shutting down ProFTPD Server: "
test -x /usr/local/sbin/ftpshut && /usr/local/sbin/ftpshut now && sleep 1
/sbin/killproc -TERM $proftpd_bin
test -f /etc/shutmsg && rm -f /etc/shutmsg
rc_status -v
;;

restart)
## If first returns OK call the second, if first or
## second command fails, set echo return value.
$0 stop
$0 start
rc_status
;;

try-restart)
## Stop the service and if this succeeds (i.e. the
## service was running before), start it again.
## Note: not (yet) part of LSB (as of 0.7.5)
$0 status >/dev/null && $0 restart
rc_status
;;

reload|force-reload)
## Exclusive possibility: Some services must be stopped
## and started to force a new load of the configuration.
echo -n "Reload ProFTPD Server: "
/sbin/killproc -HUP $proftpd_bin
rc_status -v
;;

status)
# Status has a slightly different for the status command:
# 0 - service running
# 1 - service dead, but /var/run/ pid file exists
# 2 - service dead, but /var/lock/ lock file exists
# 3 - service not running
echo -n "Checking for ProFTPD Server: "
checkproc $proftpd_bin
rc_status -v
;;

probe)
## Optional: Probe for the necessity of a reload,
## give out the argument which is required for a reload.
[ $proftpd_cfg -nt $proftpd_pid ] && echo reload
;;

*)
echo "Usage: $0 {start|stop|status|restart|reload|try-restart|probe}"
exit 1
;;
esac

# Set an exit status.
rc_exit

chmod 755 /etc/init.d/proftpd
chkconfig --add proftpd

/etc/init.d/proftpd start

For security reasons you can add the following lines to /etc/proftpd.conf:

DefaultRoot ~
IdentLookups off
ServerIdent on "FTP Server ready."

Be sure to comment out the following lines in order to allow ftp users to CHMOD:

# Bar use of SITE CHMOD by default
# <Limit SITE_CHMOD>
# DenyAll
# </Limit>

and restart Proftpd:

/etc/init.d/proftpd restart

Webalizer

To install webalizer, just run

yast2 -i webalizer

Synchronize the System Clock

If you want to have the system clock synchronized with an NTP server do the following:

yast2 -i xntp

Add an NTP server

yast2

Select Network Services -> NTP Client:

Then select Automatically Start NTP Daemon During Boot and enter the address of the NTP server. I used public the Server with the IP address 192.43.244.18. Then select Finish, Quit.

Install some Perl Modules needed by SpamAssassin (comes with ISPConfig)

yast2 -i perl-HTML-Parser perl-Net-DNS perl-Digest-SHA1


On To The Next Step...

The configuration of the server is now finished, and we go on by installing ISPConfig on it.

Share this page:

24 Comment(s)

Add comment

Comments

From: Anonymous at: 2005-10-09 21:42:01

why do you reccomend using a text based OS? couldn't i just use KDE or GNOME?

From: Anonymous at: 2005-10-15 17:58:30

You -could-, but the author is presenting this as a server installation, not a desktop installation. Typically, your server is supposed to 'server', more than be a desktop. If you want to build a desktop system, use KDE, Gnome, whatever.

From: Anonymous at: 2005-10-13 21:51:36

Hi Falco - Thanks for what you do. I'm a "newbie". I have a 9.3 install, but want to upgrade to 10.0 any changes now that 10.0 has been released?

Thankx

From: Anonymous at: 2005-11-18 21:31:01

Thank you very much for providing such an excellent material. Regards, Martin.

From: Anonymous at: 2005-12-04 00:48:49

Excellent writeup. I'd just like to add that I had to remove the startup/kill links and readd them to get the ispconfig_server and freshclam to start after reboot. For whatever reason, 3 different systems would not restart those things correctly after a reboot. Here is the easiest way to do it:

cd /etc/init.d ; find . -name ???ispconfig_server -exec rm {} \; ; chkconfig --add ispconfig_server

Works like a champ after that. Thanks for the great howto!

From: Anonymous at: 2005-12-27 20:37:03

I believe the procmail setup no longer works now that SUSE 10 Pro came out. From my experience all the tests mentioned here pass fine, but email sent to/from the server get lost with no error messages whatsover (I have not inspected the logs yet though).

Also, the courier-* IMAP package(s) no longer exist in the distribution. There is a package named imap, but that is it.

I used several of the other (non-email) configuration instructions and they all worked great. I look forward to an update to this HowTo for the formal SUSE 10 release.

From: Anonymous at: 2006-02-15 10:44:50

procmail works OK with suse 10.0 courier-imap is present on the dvd iso but not on the CD iso's, don't ask me why.

From: Anonymous at: 2006-02-21 17:25:22

I run a small web / email / dns server for a few of my clients. The current server was fast approaching 6 years old and needed to be upgraded. Along with a hardware upgrade, a peer of mine advised to switch from FreeBSD ( version 4.x ) to Suse 10. After many attempts to set the box up correctly ( I kept crossing stumbling blocks due to my lack of knowledge to any UNIX based O/S ), I found this manual...

WHAT A LIFE SAVER !!!!

The only issue occured during the whole setup was installing ISPConfig and it not accepting my mysql root passwrd. After 2+ hours I finally figured out that ISPConfig did not like special characters in mysql root password ( might want to add this tip to your manual :) ). Once that was figured out, smooth as silk !!!!

I rely greatly on the internet to help me manage my server and your manaul for setting up Suse as an ISP was greatly appreciated and kudos for writting it !!! Job well done !!

Keep up the great work !!

From: Anonymous at: 2006-04-07 14:17:04

I would like to thank you for this great manual.
I needed to replace a dead Sun Cobalt Webserver a.s.a.p. The only thing I had left standing was a normal server suitable for Suse 10. With this manual I setup the server with all the services with no problem at all. Hope to see a lot more manuals from you.

From: powderskier at: 2006-10-20 02:50:34

     

Hi Falko/Till,

 First off, you have both done an awesome job on the tutorial. You should really consider doing this professionally for Novell/Red Hat, since their documentation is fairly atrocious when it comes to missing steps or information.

 I want to ask how secure this setup is? Are people using this exact setup for production web servers? Is this meant only for testing environments? Could this be used for a company as an internal corporate web/intranet server provided its secure?

Has anyone audited this setup against snort, nessus, etc. 

 
Thanks for your time in helping others,

powderskier   

From: Anonymous at: 2005-11-21 08:46:47

When I went to the Management tab in ISPConfig and then to Services, POP3 was offline. I checked to see if it was offline by trying to telnet to the server using the 110 port.

In order to get this to work you have to enable it in yast.

In a console type yast this will start yast. Then go to System in yast, then system services. This is where you will enable the courier-pop and courier-pop-ssl services.

From: Anonymous at: 2005-12-08 11:59:39

I couldn't find courier-imap & courier-authlib on my 5 cd's or DVD (not the OpenSuSE version)...

Are they available only on Open version?

From: admin at: 2005-12-09 08:16:06

You have to set the installation source to the online repository like it is described in the howto.

From: at: 2005-09-19 04:36:16

/bin/sh /tmp/install_ispconfig/compile_aps/php-5.0.4/libtool --silent --preserve-dup-deps --mode=link gcc -g -O2 -rpath /tmp/install_ispconfig/compile_aps/php-5.0.4/libs -avoid-version -module -L/root/ispconfig/openssl/lib -R /root/ispconfig/openssl/lib ext/openssl/openssl.lo ext/openssl/xp_ssl.lo ext/ctype/ctype.lo ext/ftp/php_ftp.lo ext/ftp/ftp.lo ext/iconv/iconv.lo ext/mysql/php_mysql.lo ext/pcre/pcrelib/maketables.lo ext/pcre/pcrelib/get.lo ext/pcre/pcrelib/study.lo ext/pcre/pcrelib/pcre.lo ext/pcre/php_pcre.lo ext/posix/posix.lo ext/session/session.lo ext/session/mod_files.lo ext/session/mod_mm.lo ext/session/mod_user.lo ext/sockets/sockets.lo ext/spl/php_spl.lo ext/spl/spl_functions.lo ext/spl/spl_engine.lo ext/spl/spl_iterators.lo ext/spl/spl_array.lo ext/spl/spl_directory.lo ext/spl/spl_sxe.lo ext/sqlite/sqlite.lo ext/sqlite/sess_sqlite.lo ext/sqlite/libsqlite/src/opcodes.lo ext/sqlite/libsqlite/src/parse.lo ext/sqlite/libsqlite/src/encode.lo ext/sqlite/libsqlite/src/auth.lo ext/sqlite/libsqlite/src/btree.lo ext/sqlite/libsqlite/src/build.lo ext/sqlite/libsqlite/src/delete.lo ext/sqlite/libsqlite/src/expr.lo ext/sqlite/libsqlite/src/func.lo ext/sqlite/libsqlite/src/hash.lo ext/sqlite/libsqlite/src/insert.lo ext/sqlite/libsqlite/src/main.lo ext/sqlite/libsqlite/src/os.lo ext/sqlite/libsqlite/src/pager.lo ext/sqlite/libsqlite/src/printf.lo ext/sqlite/libsqlite/src/random.lo ext/sqlite/libsqlite/src/select.lo ext/sqlite/libsqlite/src/table.lo ext/sqlite/libsqlite/src/tokenize.lo ext/sqlite/libsqlite/src/update.lo ext/sqlite/libsqlite/src/util.lo ext/sqlite/libsqlite/src/vdbe.lo ext/sqlite/libsqlite/src/attach.lo ext/sqlite/libsqlite/src/btree_rb.lo ext/sqlite/libsqlite/src/pragma.lo ext/sqlite/libsqlite/src/vacuum.lo ext/sqlite/libsqlite/src/copy.lo ext/sqlite/libsqlite/src/vdbeaux.lo ext/sqlite/libsqlite/src/date.lo ext/sqlite/libsqlite/src/where.lo ext/sqlite/libsqlite/src/trigger.lo regex/regcomp.lo regex/regexec.lo regex/regerror.lo regex/regfree.lo ext/standard/array.lo ext/standard/base64.lo ext/standard/basic_functions.lo ext/standard/browscap.lo ext/standard/crc32.lo ext/standard/crypt.lo ext/standard/cyr_convert.lo ext/standard/datetime.lo ext/standard/dir.lo ext/standard/dl.lo ext/standard/dns.lo ext/standard/exec.lo ext/standard/file.lo ext/standard/filestat.lo ext/standard/flock_compat.lo ext/standard/formatted_print.lo ext/standard/fsock.lo ext/standard/head.lo ext/standard/html.lo ext/standard/image.lo ext/standard/info.lo ext/standard/iptc.lo ext/standard/lcg.lo ext/standard/link.lo ext/standard/mail.lo ext/standard/math.lo ext/standard/md5.lo ext/standard/metaphone.lo ext/standard/microtime.lo ext/standard/pack.lo ext/standard/pageinfo.lo ext/standard/parsedate.lo ext/standard/quot_print.lo ext/standard/rand.lo ext/standard/reg.lo ext/standard/soundex.lo ext/standard/string.lo ext/standard/scanf.lo ext/standard/syslog.lo ext/standard/type.lo ext/standard/uniqid.lo ext/standard/url.lo ext/standard/url_scanner.lo ext/standard/var.lo ext/standard/versioning.lo ext/standard/assert.lo ext/standard/strnatcmp.lo ext/standard/levenshtein.lo ext/standard/incomplete_class.lo ext/standard/url_scanner_ex.lo ext/standard/ftp_fopen_wrapper.lo ext/standard/http_fopen_wrapper.lo ext/standard/php_fopen_wrapper.lo ext/standard/credits.lo ext/standard/css.lo ext/standard/var_unserializer.lo ext/standard/ftok.lo ext/standard/sha1.lo ext/standard/user_filters.lo ext/standard/uuencode.lo ext/standard/filters.lo ext/standard/proc_open.lo ext/standard/sunfuncs.lo ext/standard/streamsfuncs.lo ext/standard/http.lo ext/tokenizer/tokenizer.lo TSRM/TSRM.lo TSRM/tsrm_strtok_r.lo TSRM/tsrm_virtual_cwd.lo main/main.lo main/snprintf.lo main/spprintf.lo main/php_sprintf.lo main/safe_mode.lo main/fopen_wrappers.lo main/alloca.lo main/php_scandir.lo main/php_ini.lo main/SAPI.lo main/rfc1867.lo main/php_content_types.lo main/strlcpy.lo main/strlcat.lo main/mergesort.lo main/reentrancy.lo main/php_variables.lo main/php_ticks.lo main/network.lo main/php_open_temporary_file.lo main/php_logos.lo main/output.lo main/streams/streams.lo main/streams/cast.lo main/streams/memory.lo main/streams/filter.lo main/streams/plain_wrapper.lo main/streams/userspace.lo main/streams/transports.lo main/streams/xp_socket.lo main/streams/mmap.lo Zend/zend_language_parser.lo Zend/zend_language_scanner.lo Zend/zend_ini_parser.lo Zend/zend_ini_scanner.lo Zend/zend_alloc.lo Zend/zend_compile.lo Zend/zend_constants.lo Zend/zend_dynamic_array.lo Zend/zend_execute_API.lo Zend/zend_highlight.lo Zend/zend_llist.lo Zend/zend_opcode.lo Zend/zend_operators.lo Zend/zend_ptr_stack.lo Zend/zend_stack.lo Zend/zend_variables.lo Zend/zend.lo Zend/zend_API.lo Zend/zend_extensions.lo Zend/zend_hash.lo Zend/zend_list.lo Zend/zend_indent.lo Zend/zend_builtin_functions.lo Zend/zend_sprintf.lo Zend/zend_ini.lo Zend/zend_qsort.lo Zend/zend_multibyte.lo Zend/zend_ts_hash.lo Zend/zend_stream.lo Zend/zend_iterators.lo Zend/zend_interfaces.lo Zend/zend_exceptions.lo Zend/zend_strtod.lo Zend/zend_objects.lo Zend/zend_object_handlers.lo Zend/zend_objects_API.lo Zend/zend_mm.lo Zend/zend_default_classes.lo Zend/zend_reflection_api.lo Zend/zend_execute.lo sapi/apache/sapi_apache.lo sapi/apache/mod_php5.lo sapi/apache/php_apache.lo main/internal_functions.lo -lcrypt -lcrypt -lmysqlclient -lssl -lcrypto -lresolv -lm -ldl -lnsl -lcrypt -lcrypt -o libphp5.la
/usr/lib64/gcc/x86_64-suse-linux/4.0.2/../../../../x86_64-suse-linux/bin/ld: /root/ispconfig/openssl/lib/libssl.a(s2_srvr.o): relocation R_X86_64_32 against `a local symbol' can not be used when making a shared object; recompile with -fPIC
/root/ispconfig/openssl/lib/libssl.a: could not read symbols: Bad value
collect2: ld returned 1 exit status
make: *** [libphp5.la] Error 1
ERROR: Could not make PHP
linux:/tmp/install_ispconfig #

From: at: 2005-09-19 07:22:19

Please post this in the forums - http://www.howtoforge.com/forums

From: admin at: 2005-09-19 07:48:33

Maybe these threads help you, it is not directly for SuSe10 but it shows you the direction of the problem. The ISPConfig installer has no x86_64 support yet, but with some small tweaks it will install on x86_64. Please post further questions to the forums.

http://www.howtoforge.com/forums/showthread.php?t=127
http://www.howtoforge.com/forums/showthread.php?t=286&highlight=x86_64

From: at: 2005-09-19 18:59:53

Check BIOS settings.

Change BIOS setting for O/S = NO

Make sure when you exit the BIOS you save your changes.

Then try again.

jaxk66

From: at: 2005-09-19 12:15:06

This tutorial is absolutely outstanding, sir. Currently, I run a RH8 server with almost an identical setup.

The only major difference is that I use NAT, and DHCP both to recieve an IP address from Comcast (Argh...) and to send out addresses to my LAN. I also run sendmail, which I'm only moderately happy with. I built my server several years ago, and unfortunately haven't played with linux much since.

I'd like to rebuild from scratch, and this looks like a wonderful way to do it!

Several questions... How would I set up DHCP on eth1 (assuming eth0 is used to connect to the ISP) to send out internal LAN addresses? I'm sure it differs from when I did it years ago.

How do I set up routing so my LAN machines get internet access? What about security?

Any Samba tutorials that are as good as this one, screenshots and all?

And finally, do you have, or could you write a tutorial about a backup system, be it to tape, CD, or DVD also with screenshots? Most importantly, since I've never had to do it, I would love to see a step-by-step tutorial of the actual recovery process should a catastrophic failure occur.

Again, thanks for a great tutorial!!!

Chris

From: at: 2005-09-19 12:53:04

Please post this in the forums - http://www.howtoforge.com/forums

From: at: 2005-09-20 17:39:07

i install everything without errors but when i came to log into the ISPconfig interface i get the error.

Could not establish and encrypted connection because certificate presented by 10.1.1.5 is invalid or corrupted. Error Code: -8182


thanx for your help in advance!

From: Anonymous at: 2005-10-11 11:14:55

I have the exact same error. This is something not right with the certificates I'd say. Would be nice to have some updated instructions..

From: Anonymous at: 2006-03-20 10:57:29

You can re-generate the ISPConfig SSL certificate like this:

openssl genrsa -des3 -passout pass:yourpassword -out /root/ispconfig/httpd/conf/ssl.key/server.key2 1024

openssl req -new -passin pass:yourpassword -passout pass:yourpassword -key /root/ispconfig/httpd/conf/ssl.key/server.key2 -out /root/ispconfig/httpd/conf/ssl.csr/server.csr -days 365

openssl req -x509 -passin pass:yourpassword -passout pass:yourpassword -key /root/ispconfig/httpd/conf/ssl.key/server.key2 -in /root/ispconfig/httpd/conf/ssl.csr/server.csr -out /root/ispconfig/httpd/conf/ssl.crt/server.crt -days 365

openssl rsa -passin pass:yourpassword -in /root/ispconfig/httpd/conf/ssl.key/server.key2 -out /root/ispconfig/httpd/conf/ssl.key/server.key

chmod 400 /root/ispconfig/httpd/conf/ssl.key/server.key

Then restart ISPConfig:

/etc/init.d/ispconfig_server restart

------

Josip Djuricic

From: Anonymous at: 2006-08-27 12:43:00

Thank you Josip. I had this problem and your solution worked first time for me.

From: Anonymous at: 2005-12-17 12:25:07