ISP-Server Setup - Ubuntu 5.0.4 "The Hoary Hedgehog" - Page 5

Apache

Run

apt-get install apache2 apache2-common apache2-doc apache2-mpm-prefork apache2-utils libapr0 libexpat1 ssl-cert (1 line!)
apt-get install autoconf automake1.4 autotools-dev libapache2-mod-php4 libkrb53 php4 php4-common php4-dev php4-imagick php4-mcrypt php4-rrdtool php4-sqlite php4-curl php4-domxml php4-gd php4-imap php4-ldap php4-mcal php4-mhash php4-mysql php4-odbc php4-pear php4-xslt
(1 line!)

Edit /etc/apache2/apache2.conf. Change

DirectoryIndex index.html index.cgi index.pl index.php index.xhtml

to

DirectoryIndex index.html index.htm index.shtml index.cgi index.php index.php3 index.pl index.xhtml

Edit /etc/mime.types and comment out the following lines:

#application/x-httpd-php                                phtml pht php
#application/x-httpd-php-source phps
#application/x-httpd-php3 php3
#application/x-httpd-php3-preprocessed php3p
#application/x-httpd-php4 php4

Edit /etc/apache2/mods-enabled/php4.conf and comment out the following lines:

<IfModule mod_php4.c>
# AddType application/x-httpd-php .php .phtml .php3
# AddType application/x-httpd-php-source .phps
</IfModule>

Edit /etc/apache2/ports.conf and add Listen 443:

Listen 80
Listen 443

Now we have to enable some Apache modules (SSL, rewrite and suexec):

cd /etc/apache2/mods-enabled
ln -s /etc/apache2/mods-available/ssl.conf ssl.conf
ln -s /etc/apache2/mods-available/ssl.load ssl.load
ln -s /etc/apache2/mods-available/rewrite.load rewrite.load
ln -s /etc/apache2/mods-available/suexec.load suexec.load
ln -s /etc/apache2/mods-available/include.load include.load

Restart Apache:

/etc/init.d/apache2 restart

Proftpd

apt-get install proftpd proftpd-common ucf

<- standalone

For security reasons you can add the following lines to /etc/proftpd.conf (thanks to Reinaldo Carvalho; more information can be found here: http://proftpd.linux.co.uk/localsite/Userguide/linked/userguide.html):

DefaultRoot ~
IdentLookups off
ServerIdent on "FTP Server ready."

and restart Proftpd:

/etc/init.d/proftpd restart

Webalizer

apt-get install libfreetype6 libgd2-noxpm libjpeg62 libpng12-0 webalizer

Synchronize the System Clock

If you want to have the system clock synchronized with an NTP server you can run the following:

apt-get install ntpdate
/etc/init.d/ntpdate start

The system startup links for /etc/init.d/ntpdate should already exist so that ntpdate starts automatically at boot time; if it does not, run

update-rc.d ntpdate defaults

to create these links.

Then add the following lines to /var/spool/cron/crontabs/root (if the file does not exist, create it by running

touch /var/spool/cron/crontabs/root):

# update time with ntp server
0 */2 * * * /etc/init.d/ntpdate restart &> /dev/null

Then run

chmod 600 /var/spool/cron/crontabs/root
/etc/init.d/cron restart

Install some Perl Modules needed by SpamAssassin (comes with ISPConfig)

apt-get install libhtml-parser-perl libdb-file-lock-perl libnet-dns-perl


On To The Next Step...

The configuration of the server is now finished, and we go on by installing ISPConfig on it.

Share this page:

24 Comment(s)

Add comment

Comments

From: Anonymous at: 2005-10-10 02:01:05

You mention that Postfix has a shorter list of security vulnerabilities than Sendmail. In the recent times, Sendmail has performed very well. Also keep in mind that Sendmail is over 23 years old -- it's had a lot more time to be tested for these things. If you mentioned that Postfix scales better than Sendmail, I'd have marked that as credable; however, Sendmail's M4 configuration is so easy that even a monkey could do it.

As a software package, Sendmail works great. It is easy to configure. It has proven itself secure in the recent years. Don't knock it for the wrong things.

From: Anonymous at: 2005-11-16 22:54:12

May be you'd check more. Postfix is designed basically to be a secure alternative to Sendmail, check its site. And it does have a better record.

I'd say the worst thing about sendmail is the configuration, by the way. Probably you are a M4 veteran, so you don't know how complicated it is. Frankly, that was the reason I switched from sendmail to postfix, circa redhat 7.3, before it became their default. And I am not really a newbie..

From: Anonymous at: 2005-12-19 16:44:21

thanks for the walk through only had Ubuntu installed (or any type of Linux) for a couple of days and I'm already runing my own server...pure magic

From: Anonymous at: 2006-01-29 17:47:45

would this be a better starting point?

would it change everything in this howto?

http://distrowatch.com/?newsid=02988#0

From: admin at: 2006-01-29 18:26:22

The ubuntu server distribution did not exist at the time I've written this howto. I'am pretty sure that the howto will work fine with Ubuntu Server distribution too, but I've not tested it yet.

Till

From: Anonymous at: 2005-10-28 09:58:33

Bad bad bad!:
0 */2 * * * /etc/init.d/ntpdate restart

Please use an ntp daemon.

From: Anonymous at: 2005-12-03 08:59:49

And if you are already on it use 'crontab -e' to modify cronjobs instead of digging through the file system. You get syntax highlighting and it checks and installs the new cronjob for you afterwards.

From: at: 2005-09-20 02:00:06

There is an error (minor) in the following paragraph on the last page. ...

After you have answered the questions ISPConfig should be duly installed. If you indicated www as host and xyz.com as the domain during the installation, you will find the ISPConfig interface under https://www.xyz.de:81 or http://www.xyz.de:81.


The addresses should have .com instead of .de (or the how should be xyz.de)


thanks for the sweet article!

From: admin at: 2005-09-26 08:11:23

Thanks, I've corrected the error.

From: Anonymous at: 2005-10-09 06:05:23

Why cant a iso of this be available to download all ready to run?

flame away ;-)

From: at: 2005-09-25 21:45:42

Crossposted from OSNews:

This is the worst HOWTO I ever read. There is NO explanation what this setup will create NOR is it secure or suitable other than for kids to play on their homeboxen. Postfix has not disabled plaintext without ssl so every client pointing to server:25 and not issuing STARTTLS will get transmit passwords in cleartext. Did I hear ISP? Where is virtual domain support? Are you supposed to have all your mailaccounts in /etc/passwd. What is that Apache setup meant for? Disabling PHP and running php scripts as CGI with Suexec? Ever heard of suphp?

forget it

From: Anonymous at: 2005-09-26 08:19:04

It seems you have not read the howto at all. The howto prepares a server for the installation of the ispconfig controlpanel. If you do not disable PHP globally you can not manage it on a per vhost basis :-) When you have written your own server howto, you can post it here to show everyone what you think a server setup is. E.g. crossposting is :cool:

From: at: 2005-09-25 22:22:56

Hmm, the other guy needs a slap around the ears, not designed for kids at home, he assumes you have a basic idea if you are going to do it, there's also Articles about Virtual Domains on the site, take a chill pill and relax. Nice Article, you may also want to look into running VHCS as well from www.vhcs.net it's also a Free Opensource Hosting panel, I think it has more features too, plus it's a heck of a lot sexier.

From: Anonymous at: 2005-10-06 20:09:48

everyones a noob at some point

From: Anonymous at: 2005-09-27 02:30:55

Hello I am newbie. It's my first time to have handson on linux. Anyway i followed everything in this article except that when I installed ISPConfig, I got the following error:

Warning: main(config.inc.php): failed to open stream: No such file or directory in /tmp/install_ispconfig/install.php on line 624

Warning: main(): Failed opening 'config.inc.php' for inclusion (include_path='.:/root/ispconfig/php/lib/php') in /tmp/install_ispconfig/install.php on line 624

Warning: mysql_connect(): Access denied for user: 'root@localhost' (Using password: NO) in /tmp/install_ispconfig/install.php on line 634

Could not connect to db

Restarting some services...

./setup2: line 883: [:==: unary operator expected

./setup2: line 901: /etc/init.d/ispconfig_server: No such file or directory

If you have anyway of fixing this. I would be very grateful.

mike

From: falko at: 2005-09-28 07:40:54
From: Anonymous at: 2005-10-07 16:22:42

my setup is ok now. can you tell me how to add amasvid-new and clam av to this setup?

From: admin at: 2005-10-07 17:16:33

If you use ISPConfig, mailfiltering with Spamassassin and ClamAV are installed and configured? by the ISPConfig installer.

From: Anonymous at: 2005-10-10 16:38:41

i cannot receive email but i can send using outlook client with smtp authentication. also i cannot login using https://www.mydomain.com:81/mailuser.

From: Anonymous at: 2005-09-28 01:55:51

I tried this but had a dickens of a time testing the email addresses. I put "nameserver 192.168.0.100" on the top of /etc/resolv.conf and to test the DNS, I'd run "host newdomain.com" to see if the virtual address showed up. It did, so I tried setting up email accounts( 2 ) and created the accounts in Thunderbird to send back and forth. They didn't work until I started sending to "userID1@www.domain.com". Creating a Co-Domain with the Hostname cleared worked. It also resulted in /etc/prostfix/local-host-names file showing the domain.com entry( along with the www.domain.com entry ).

Cool HowTo BTW. Now I have to go in and start learning what all is going on. ;-)


I'm thinking this might be nice for a couple of friends who have small biz and need to create temp accounts for customer comm and filesharing.

From: Anonymous at: 2005-09-28 13:37:50

Rather than creating the symlinks manually as you do for the Apache modules you can use the provided tools:

a2enmod include

a2enmod ssl

etc.

From: Anonymous at: 2005-10-06 14:16:36

Is it perfect? Probably not.

Handholding? Some, but you really need to bring your own critical thinking to the table if you're to tackle an unforseen glitch.

Thorough? Absolutely. While I (might) agree there's not a lot of detailed explanations to the tasks, it's all here. You couldn't ask for a better blueprint. You wanna know more about the underpinnings of each step? Start digging. At least you now know what questions to ask!

For all the indignant boo hooing, I would say anyone whining about this article has not had to fend for themselves much and is proably still living with their parents.

Thanks for helping this newbie get a better idea of how work is accomplished in Linux!

From: Anonymous at: 2005-10-09 17:00:47

I created some scripts that are a start to automating this process. You can find them here:

http://www.geekdept.com/1.script

http://www.geekdept.com/2.script

http://www.geekdept.com/3.script

http://www.geekdept.com/4.script

http://www.geekdept.com/5.script

http://www.geekdept.com/6.script

http://www.geekdept.com/7.script

http://www.geekdept.com/8.script

http://www.geekdept.com/9.script

Keep in mind that these scripts are not the cure all it just helps automate a bit. Take a look at each one before you use it. I usually run wget and get them all into the /tmp dir and then call on them as needed.


Hope this helps.

From: SABADBOY at: 2008-11-30 08:41:44

ANYBODY MADE AN ISO YET SO THE INSTALL IS ALL AUTOMATED  SERIOUSLY I NEED IT BAD

GREAT ARTICLE