The Perfect Setup - Ubuntu 6.06 LTS Server (Dapper Drake) - Page 6

13 Apache/PHP5

Now we install Apache:

apt-get install apache2 apache2-common apache2-doc apache2-mpm-prefork apache2-utils libapr0 libexpat1 ssl-cert

Next we install PHP5:

apt-get install autoconf automake1.4 autotools-dev libapache2-mod-php5 php5 php5-common php5-curl php5-dev php5-gd php-pear php5-ldap php5-mhash php5-mysql php5-mysqli php5-snmp php5-sqlite php5-xmlrpc php5-xsl php5-imap php5-mcrypt php5-pspell

You will be asked the following question:

Continue installing libc-client without Maildir support? <-- Yes

Next we edit /etc/apache2/apache2.conf

vi /etc/apache2/apache2.conf

and change DirectoryIndex to

[...]
DirectoryIndex index.html index.htm index.shtml index.cgi index.php index.php3 index.pl index.xhtml
[...]

Edit /etc/apache2/ports.conf and add Listen 443:

vi /etc/apache2/ports.conf

Listen 80
Listen 443

Now we have to enable some Apache modules (SSL, rewrite, suexec, and include):

a2enmod ssl
a2enmod rewrite
a2enmod suexec
a2enmod include

Reload the Apache configuration:

/etc/init.d/apache2 force-reload

13.1 Disable PHP Globally

(If you do not plan to install ISPConfig on this server, please skip this section!)

In ISPConfig you will configure PHP on a per-website basis, i.e. you can specify which website can run PHP scripts and which one cannot. This can only work if PHP is disabled globally because otherwise all websites would be able to run PHP scripts, no matter what you specify in ISPConfig.

To disable PHP globally, we edit /etc/mime.types and comment out the application/x-httpd-php lines:

vi /etc/mime.types

[...]
#application/x-httpd-php phtml pht php
#application/x-httpd-php-source phps
#application/x-httpd-php3 php3
#application/x-httpd-php3-preprocessed php3p
#application/x-httpd-php4 php4
[...]

Edit /etc/apache2/mods-enabled/php5.conf and comment out the following lines:

vi /etc/apache2/mods-enabled/php5.conf

<IfModule mod_php5.c>
# AddType application/x-httpd-php .php .phtml .php3
# AddType application/x-httpd-php-source .phps
</IfModule>

Then restart Apache:

/etc/init.d/apache2 restart

14 Proftpd

In order to install Proftpd, run

apt-get install proftpd proftpd-common ucf

You will be asked a question:

Run proftpd from inetd or standalone? <-- standalone

For security reasons you can add the following lines to /etc/proftpd.conf (thanks to Reinaldo Carvalho; more information can be found here: http://proftpd.linux.co.uk/localsite/Userguide/linked/userguide.html):

vi /etc/proftpd.conf

[...]
DefaultRoot ~
IdentLookups off
ServerIdent on "FTP Server ready."
[...]

Then restart Proftpd:

/etc/init.d/proftpd restart

Share this page:

64 Comment(s)

Add comment

Comments

From: Anonymous at: 2006-06-05 17:55:14
From: Anonymous at: 2006-07-03 05:51:39

Interestingly, I have an older machine that I was intending to put a
LAMP server of for my own education.  The server CD does not boot
up to the menu shown in the first screen capture of this article so
there is no option to do a turn-key LAMP installation on this older
machine.

This article, therefore, comes in quite handy to allow
me to carry on with a LAMP server installation without that turn-key
option.

Thanks for the detailed instructions. 

From: Anonymous at: 2006-07-16 08:15:02

I have written a basic yet hopefully helpful tutorial on how to setup the LAMP configuration for Linux beginners. It includes resources on setting up Apache2, MySQl5,PhP5 and FTP as well as WebMin in an informal semi how-to. http://www.cjfay.com/lamp.html.

From: Anonymous at: 2006-07-31 19:40:56

The screen does not appear on my new laptop either.


So this tutorial is the way to go ...

From: Anonymous at: 2006-08-27 09:54:07

I think you downloaded the Live-CD. I had that to!

From: rawoo at: 2006-09-12 00:58:49

Hi,


I've edited /etc/host as instructed in this how-to. The command hostname -f shows the complete domain name, but hostname itself does not; just shows the hostname. Rebooting the system does not make a difference. Is there some other file that must be modified


Example


hostname yields ---> server1


hostname -f yields ---> server1.example.com


 


Any ideas?


 


Thanks,


Richard

From: admin at: 2007-02-23 12:46:41
From: at: 2007-02-23 06:56:24

I can not find the root password for VMware image anywhere. Could you please tell, what it is? 

From: at: 2007-10-18 19:54:21

I'm not sure how the PHP to MSSQL even got introduced into this thread but the link listed is gone and I'm unable to track it down with a google search. If anyone needs this functionality and got to this page seaching then take a look at this: http://www.howtoforge.com/php5_mssql_debian_etch_free_tds_unix_odbc

From: at: 2007-11-27 21:19:57
From: Anonymous at: 2010-09-23 15:43:27

thanks by the information, was of exelent help, there are another site with a very easy way to install tomcat and web mail in unix, solaris and ubuntu  check --> http://unixymas.blogspot.com/  is exelente for built with a few resources a server mail.


see you later

From: Anonymous at: 2006-06-13 02:09:15

On Step 5: i.e. Configure The Network

I wasn't able to connect with Putty after completing steps 5 thru 6. So I restarted still no change.

I then remembered that I had to add the "dns-namserver XX.XXX.XX.XX XXX.XX.XXX.XX. to the /etc/network/interfaces when it came to Ubuntu BrezzyBadger 5.10 perfect "ISP-Server Setup - Ubuntu 5.10 "Breezy Badger"" (the sister to this guide; but for Brezzy) yesterday. At the bottom of the info you add your DNS servers addresses. Replace the XXX's for whatever it or they are.

Like this:

from:

address 192.168.0.100
netmask 255.255.255.0
network 192.168.0.0
broadcast 192.168.0.255
gateway 192.168.0.1
To:
address 192.168.0.100
netmask 255.255.255.0
network 192.168.0.0
broadcast 192.168.0.255
gateway 192.168.0.1
dns-nameserver XX.XXX.XXX.XXX XXX.XX.XX.XX
It worked for the BrezzyInstall & now it's working for the DrapperDrake ISP Server Setup.

You may not need to do this but I did. I take no responsibility for this addition for I don't know if it affects other parts of the installation or creates a security hole. Maybe somebody would know if this is a Comp-Sec issue or not.... I'd be interested in finding out....

I added the dns-nameserver entries because it did get me quickly to a desktop enviroment (thru Putty) so I did'nt have to re-type all the remaining steps out by hand. I already did that 3 days ago & the digits still aren't the same- but typing it out longhand is great (IMHO) for developing my muscle memory when it comes to getting the commands typed quickly & the commands & paths into your long-term brain area....

peace Michael Scott

From: Anonymous at: 2006-06-13 12:10:02


You don't need to enable the root account. You can stay logged at root using :

sudo -s

From: Anonymous at: 2006-07-12 21:26:07

Until I did this to the /etc/hostname file, I kept receiving permission errors when setting up the mysql root passwords following the instructions on the next page. Thanks for posting this tip!

From: Anonymous at: 2006-06-24 18:51:08

Great tutorial!!! Love it. Thanks

From: Anonymous at: 2006-06-24 21:32:38

On the steps to configure hostname, it does not work to only do the steps listed.

 

I found that I had to edit /etc/hostname

 

From: Anonymous at: 2006-07-20 17:40:56

We found it necessary to also manually setup our DNS server when not using DHCP. This was done by creating a file:

/etc/resolv.conf


The file should look something like this:


search domain.tld

nameserver xxx.xxx.xxx.xxx


From: Anonymous at: 2006-08-27 07:30:48

It is mutch easyer if you shutdown DHCP then you can configure it in the installation.

From: rainer at: 2006-10-22 08:02:55

yeah! that was it ;)

after i edited /etc/hostname everything worked fine on mysql setup and further ISPConfig setup

vi /etc/hostname

instead of:

server1

there should be:

server1.example.com

From: at: 2007-08-06 20:34:34

    I've gotten to this point with very little trouble.  Very clear and concise instructions.  I look forward to going through many more. 


Again...  Thank you  

From: at: 2007-08-23 20:18:26

In Part 5, "Configure the network", the author of this very useful guide forgets to mention something:

Then restart your network:

/etc/init.d/networking restart


 

What he doesn't mention is:

You're not supposed to type that '/etc/init.d/networking restart' in vi          The '/' that takes you to the bottom of the screen is the start of the search function in vi.



First save your work (press <esc>, press the colon and type wq
followed by <enter>) and at the command line type the command.


It's true, because I was stuck until I emailed the Ubuntu Forum, and Wim Sturkenboom kindly explained me what I was doing wrong.

Hopefully you'll find this useful, too.  (Thank you, Wim!) 

From: at: 2007-10-15 22:25:58

apt-get install g++ gcc make autoconf libtool flex bison libpam0g-dev openssl libcrypto++-dev libssl0.9.7 libssl-dev ssh devscripts sbuild checkinstall

cd /usr/src
wget http://chrootssh.sourceforge.net/download/openssh-4.5p1-chroot.tar.bz2
bunzip2 openssh-4.5p1-chroot.tar.bz2
tar xvf openssh-4.5p1-chroot.tar
cd openssh-4.5p1-chroot
./configure --exec-prefix=/usr --sysconfdir=/etc/ssh --with-pam
make

make install


mkdir /home/chroot/
mkdir /home/chroot/home/
cd /home/chroot
mkdir etc
mkdir bin
mkdir lib
mkdir usr
mkdir usr/bin
mkdir dev
mknod dev/null c 1 3
mknod dev/zero c 1 5


 Run this script





APPS="/bin/bash /bin/ls /bin/mkdir /bin/mv /bin/pwd /bin/rm /usr/bin/id /usr/bin/ssh /bin/ping /usr/bin/dircolors"
for prog in $APPS; do
cp $prog ./$prog

# obtain a list of related libraries
ldd $prog > /dev/null
if [ "$?" = 0 ] ; then
LIBS=`ldd $prog | awk '{ print $3 }'`
for l in $LIBS; do
mkdir -p ./`dirname $l` > /dev/null 2>&1
cp $l ./$l
done
fi
done


cp /lib/ld-linux.so.2 /lib/libnss_compat.so.2 /lib/libnsl.so.1 /lib/libnss_files.so.2 ./lib/

echo '#!/bin/bash' > usr/bin/groups
echo "id -Gn" >> usr/bin/groups
touch etc/passwd
grep /etc/passwd -e "^root" > etc/passwd


grep /etc/group -e "^root" -e "^users" > etc/group


/etc/init.d/ssh restart


 

From: Anonymous at: 2006-06-19 17:49:29

The libmysqlclient12-dev should be rather libmysqlclient15-dev

From: Anonymous at: 2006-07-25 03:35:09

libmysqlclient12-dev is now libmysqlclient15-dev

From: Anonymous at: 2006-08-11 02:25:29

No matter how closely these directions are followed, I've been unable to keep mysql happy. After performing the line:


mysqladmin -u server1.example.com -u root password yourrootsqlpassword


After doing that I always get the error:


mysqladmin: connect to server at 'localhost' failed


error: 'Access denied for user 'root'@'localhost' (using password: NO)'


I'm thinking a step or two might not have made it into this write up.

From: admin at: 2006-08-14 12:25:12

The Howto is complete.

 Replace "server1.example.com" in the command with the hostanme you entered during setup.

From: Anonymous at: 2006-08-14 18:48:51

"mysqladmin -u server1.example.com -u root password yourrootsqlpassword"

try to change the first "-u" (user) for a "-h" (host)! :p

 

From: n3m3s1s4u at: 2006-10-14 17:07:22

Start up BIND, and check /var/log/syslog for errors:
Well the only thing that was picked up on my end was a reference to
/var/cache/bind (file or directory not found)
but otherwise everything has gone through fine
do i need to worry about this?

From: rainer at: 2006-10-22 07:59:56

its not enough to edit /etc/hosts as described before

you also have to edit /etc/hostanme 

vi /etc/hostname

instead of:

server1

there should be:

server1.example.com

From: antoinel12 at: 2006-10-24 05:19:16

I'm unable to execute this command:


mysqladmin -h server1.example.com -u root password yourrootsqlpassword

I use a dyndns dommain name... It tell me that their is no response. Is it a port that I should open on my routher or something else? 

From: at: 2006-11-26 01:02:06

One thing seems to have changed or has been left out: I noticed during ISPConfig installation, that during php compilation it requires g++ to be installed. So maybe add g++ or even build-essentials to the big list of packets that are installed at the top.



Btw, this is really great howto, thank you for your time to write this excellent guide.

From: admin at: 2006-11-26 15:28:30

It wasn't left out. At the time the tutorial was written ISPConfig didn't need g++. This has changed with the newest ISPConfig version (2.2.8) which was released a few days ago.

From: at: 2007-02-22 20:33:17


http://www.howtoforge.com/perfect_setup_fedora_core_5_p4



Submitted by Anonymous on Fri, 2006-05-26 02:18.

mysqladmin -h server1.example.com -u root -p password yourrootsqlpassword

Newbie (me) struggled with that one for a short while.


From: Anonymous at: 2006-07-02 02:05:24

 So here is the error I ran across doing step 11:

 Reading package lists... Done
Building dependency tree... Done
Package postfix-tls is a virtual package provided by:
  postfix 2.2.10-1ubuntu0.1
You should explicitly select one to install.
E: Package postfix-tls has no installation candidate

I found this fix/explanation over at another how to: Postfix 2.2.x includes TLS support and you don't need postifix-tls package....

 I removed: apt-get install postfix postfix-tls libsasl2 sasl2-bin libsasl2-modules libdb3-util procmail 2 apt-get install postfix libsasl2 sasl2-bin libsasl2-modules libdb3-util procmail

I found the above info over at http://www.howtoforge.com/perfect_setup_debian_sarge?from=40&comments_per_page=10
 in the comments; page 5...

hope this helps ppl ;-) peace Michael Scott

From: apapadop at: 2006-09-01 12:07:56

In the step

"Afterwards we create the certificates for TLS" the command:

 

openssl genrsa -des3 -rand /etc/hosts -out smtpd.key 1024

 

returns the prompt:


Enter pass phrase for smtpd.key:

It isn't obvious for the non-versed what one should do. Should this be a passwordless certificate or not?

The same holds true for the next command also. It requires user input that is not mentioned.

From: at: 2007-02-05 19:46:55

If you have trouble with telnet not connecting read here :


http://www.postfix.org/faq.html#noalias


: )



 

From: at: 2007-02-25 14:15:15

postconf -e 'myhostname = server1.example.com'


changed to:


postconf -e 'myhostname = mail.example.com'


 looked better on dnsreport.com

From: at: 2007-03-12 15:02:44

For the CSRs ("certificate signing requests), it's irrelevant whether they have passwords or not; they are removed anyway. (They are intended for those cases where the certificate holder and the certificate signer must communicate over an insecure channel; for self-signed certificates, this is unnecessary.) For the certificates themselves, we have those that are used by software and those that are used by yourself. Software certificates (server certificates in particular) need to access the certificates to start, and since restarts should happen automatically, the certificates must not be secured with a pass phrase. Manual certificates (e.g. the CA certificate used for self signing, if you don't run a trust center) will only be used when running some command in an interactive shell, so it's OK if they have a pass phrase. I agree with apapadop that the right answers to the inputs should be mentioned somewhere. I also think that it's wasteful to have a separate self-signing certificate authority and server key for each of postfix TLS, Apache HTTPS, and other SSL service that the server may offer. It's easier if there is a single certificate for the machine itself, which could be stored e.g. in /etc/ssl/server.

From: at: 2007-03-12 15:10:20

At least in Debian-based distros (like Ubuntu), changes for service foo should go into /etc/default/foo, not directly to /etc/init.d/foo. In this case, the PIDFILE="/var/spool/postfix/var/run/${NAME}/saslauthd.pid" option should go to /etc/default/saslauthd, where it will override the PIDFILE setting from /etc/init.d/saslauthd. Background: /etc/default/saslauthd is a "conffile"; changes in it won't be touched by updates. /etc/init.d/saslauthd is not a conffile and may be overwritten by the next update.

From: Anonymous at: 2006-06-12 18:13:31


13.1 Disable PHP Globally

I didn't disable PHP globally and ISPConfig ver. 2.2.3 commented out this line.

... btw. great work, thanx for this HOWTO

Tazi


From: Anonymous at: 2006-08-03 05:57:21

The link to http://proftpd.linux.co.uk/localsite/Userguide/linked/userguide.html no longer works

 I think http://www.proftpd.org/localsite/Userguide/linked/userguide.html is the same page.

From: pavlom at: 2006-10-09 08:41:37

Following this howto I found that the login to the ftp server was very slow. I fixed it addind the following line to /etc/proftpd.conf:

IdentLookups off

 

I hope this will be useful to you all.

From: at: 2007-01-16 23:12:01

I found that when i suued the command


 apt-get install proftpd proftpd-common ucf


there was a conflict between proftpd and proftpd-common and it would not install.  I omitted proftpd-common and just installed proftpd and ucf.  I also noticed that it gets installed to


 /etc/proftpd/ so the next step to edit the conf file should be


vi /etc/proftpd/proftpd.conf


Great Work.  as 6.06 is deemed LTS I plan on sticking with this setup.


WaveQam 


 

From: at: 2007-06-25 14:09:49

Just to add to your ptoftpd comment...


Ubuntu 6.06 LTS identifies itself as "Debian Unstable" to the ISPconfig installer.  So while ISPconfig is compatable with Ubuntu, it does not know it is being installed on Ubuntu. 


This is a problem because Ubuntu places the proftpd config in /etc/proftpd/prtoftpd.conf while Debian Unstable places it in /etc/proftpd.conf.  As a result, proftpd does not work correctly for ISPconfig installs!!!


I discussed this with ISPconfig support.  I made a suggestion, but they had a better one.  If we execure the following command, we will be linking the config files new location to the old location, making everyone happy, and most importantly, giving your ISPconfig end users the best possible ftp experience.


ln -s /etc/proftpd/proftpd.conf /etc/proftpd.conf


Run this command after you install proftpd.


Thanks go to Ubuntu for their long term support version, LTS is what all admins need to make their life easier.  Thanks also go to ISPconfig for their great control panel, making web reselling affordable again.  And last, but not least, thanks to Falko for showing us how it all comes together in a perfect way!


 


George

From: Anonymous at: 2006-06-07 07:23:42


Why don't you create a preconfigured VmWare virtual machine with this setup and ISPConfig installed and publish it on vmware website?...That would become the "Perfect Virtual Machine" :)...thanks

From: Anonymous at: 2006-06-05 17:07:52


Great work Falko!!! =)

From: Anonymous at: 2006-06-05 22:54:55


I really wish you had posted this a few days ago...
But I probably learned more from doing the exact same thing myself...

From: Anonymous at: 2006-06-06 00:37:38


Many thanks :) Your guides are very helpful for us beginners...

From: Anonymous at: 2006-06-05 21:53:31


I know ubuntu is Debian based, but I prefer to run Debian, since it probably has less unneeded stuff. How much different is your guide for Debian (afaik it should be very simular if not identical... or at least I hope so) Or am I missing something?

From: admin at: 2006-06-05 22:44:06
From: Anonymous at: 2006-06-07 15:50:34


I'm pretty sure that I can't find any differences between this and the Breezy setup instructions. Good :-)

From: Anonymous at: 2006-06-06 07:53:26


/etc/webalizer.conf :

change : LogFile /var/log/apache/access.log.1

to : LogFile /var/log/apache2/access.log.1


From: Anonymous at: 2006-06-16 12:56:56


I miss one thing in this manual: setup your iptables ! No system should be without one (and I wonder why distributions are still not installing one per default (even if it is just either all open or all closed as the only two options))

From: admin at: 2006-06-17 11:25:17


iptables is installed. Run

iptables -L

and you'll see.

You can configure the iptables firewall with the firewall administration that comes with ISPConfig.

From: Anonymous at: 2006-06-13 08:42:10


Nice job falko!
Some comments:
You do not have to enable the root account. For security reasons it is disabled in Ubuntu and all management should be done via sudo. Just type in "sudo -s" and type in again you password to get a root shell.
For upgrading to the recent version of all packages I think it is better to user "apt-get update" and then "apt-get dist-upgrade". Otherwise some depending packages are not updated in the correct order.

From: Anonymous at: 2006-07-11 16:04:13

This tutorial was very helpful.  A perfect example of good documentation.  I only had one issue when I walked through the install.  There was a permissions error when creating the certificates.  All I had to do was change the permissions on the certificate directory while I was building them.  I then changed the permissions back after I had finished.  Other than that small issue, it was a superb tutorial!

Thanks! 

From: Anonymous at: 2006-07-24 01:51:29

What a fine job in this tutorial! I found it very useful - great comments and explanations of 'why' things get changed. I especially like the fact of being able to copy/paste as opposed to your tutorial for 'breezy badger' :). Everything seemed to install as advertised.
Great job. Thanks!

From: admin at: 2006-07-24 07:48:28

The Breezy Badger tutorial is also copy & paste. If it didn't work for you, then you must have done something wrong...

From: Anonymous at: 2006-07-25 04:10:04

Excellent work indeed. If I could have one request, it would be to provide a little bit of info on why each thing is being installed, and how to start using it.

From: Anonymous at: 2006-08-21 21:55:51

Really a good job!

For sudo and/or sudo -s I have problems to understand the security reasons. It is, with that default  setting an attacker needs only to know one password to do very nasty things with root privileges from network. Instead with a root account,  disabling sudo or limiting it, setting Rootlogin  to No in the sshd config file and maybe changing the root account (b.e. calling it newby) the attacker need to know at least 2 password and 2 user names to gain root privileges, but maybe I'm missing something.

From: steven_twente at: 2006-09-27 12:07:15

Just wanted to say thank you for this great tutorial! I've literally been able to copy all the commands from this howto to my ubuntu server (except the parts where I had to fill in details about my server/domain/etc ofcourse...) and I got no errors what so ever. After this howto ISPconfig runs perfectly as well. Great job!

From: at: 2007-03-09 22:27:51

Thanks for a great tutorial,


however, it took me quite some time to find out how to install ISP config. I got this error


"ERROR: The PHP binary coming with ISPConfig does not work properly on your system! The installation routine stops here!


The fix is posted in another thread. However, I think it can be posted here as well



>>jnsc solved it. You must run
>>rm -f /bin/sh
>>ln -s /bin/bash /bin/sh
>>and afterwards you can install ISPConfig 2.2.7 on Edgy. :)
>>http://www.howtoforge.com/forums/showthread.php?t=7716


I would probably save /bin/sh before deleting it, i.e.


cp /bin/sh /bin/sh.copy


if it is needed later on ..


thanks though! 

From: at: 2007-03-12 12:16:17

I also had to install IPTables manually, but I'm installing ISPConfig into an OpenVZ Ubuntu VE. The VE template might be a little different than a normal Ubuntu intsall.

From: moh at: 2009-09-06 14:28:36

good good