ISPConfig Perfect Multiserver setup on Ubuntu 20.04 and Debian 10

This tutorial will take you through installing your own ISPConfig 3 multiserver setup with dedicated servers for the panel, web, DNS, mail, and webmail. Both the DNS and mail server will have a mirror server for redundancy. You can easily add more servers of a certain type afterwards.

ISPConfig's official auto-installer will be used to set up the servers. Debian 10 will be used as operating system. The guide has been tested with Ubuntu 20.04.2 as well.

You can read more about the auto-installer here.

1. Preliminary Note

These will be the hosts we're installing:

host       FQDN                   IP
panel     panel.example.com    10.0.64.12
web01     web01.example.com    10.0.64.13
mx1        mx1.example.com        10.0.64.14
mx2        mx2.example.com        10.0.64.15
ns1        ns1.example.com        10.0.64.16
ns2        ns2.example.com        10.0.64.17
webmail    webmail.example.com    10.0.64.18

We will be using example hostnames, IP addresses, and IP ranges. Make sure to change them accordingly in your commands/configuration.

All servers are on the same private network but have their own public IP. If your servers don't have a shared local network, use their public IPv4 addresses.

Before starting the installation of a server, set up an A and eventual AAAA record that points to the public IP address of your server. For example, if the hostname is panel.example.com and the public IP is 11.22.33.44, you should set up an A record for panel.example.com pointing to 11.22.33.44. Every server should have its own public IP and hostname.

2. Installing the master server

Log in as root or run

su -

to become the root user on your server before you proceed. IMPORTANT: You must use 'su -' and not just 'su', otherwise your PATH variable is set wrong by Debian.

2.1 Configure the hostname and hosts

The hostname of your server should be a subdomain like "panel.example.com". Do not use a domain name without a subdomain part like "example.com" as hostname as this will cause problems later with your mail setup. First, you should check the hostname in /etc/hosts and change it when necessary. The line should be: "IP Address - space - full hostname incl. domain - space - subdomain part". For our hostname panel.example.com, the file shall look like this (some lines may be different, it can differ per hosting provider):

nano /etc/hosts
127.0.0.1 localhost.localdomain   localhost
# This line should be changed on every node to the correct servername:
127.0.1.1 panel.example.com panel
# These lines are the same on every node: 10.0.64.12 panel.example.com panel
10.0.64.13 web01.example.com web01
10.0.64.14 mx1.example.com mx1
10.0.64.15 mx2.example.com mx2
10.0.64.16 ns1.example.com ns1
10.0.64.17 ns2.example.com ns2
10.0.64.18 webmail.example.com webmail # The following lines are desirable for IPv6 capable hosts ::1 localhost ip6-localhost ip6-loopback ff02::1 ip6-allnodes ff02::2 ip6-allrouters

As you can see, we added the hostnames of our other servers aswell, so they can communicate over the internal network later.

Then edit the /etc/hostname file:

nano /etc/hostname

It shall contain only the subdomain part, in our case:

panel

Finally, reboot the server to apply the change:

systemctl reboot

Log in again and check if the hostname is correct now with these commands:

hostname
hostname -f

The output shall be like this:

[email protected]:~$ hostname
panel
[email protected]:~$ hostname -f
panel.example.com

Now we can run the autoinstaller to install all necessary packages and ISPConfig:

wget -O - https://get.ispconfig.org | sh -s -- --no-mail --no-dns --use-php=system

After some time, you will see:

WARNING! This script will reconfigure your complete server!
It should be run on a freshly installed server and all current configuration that you have done will most likely be lost!
Type 'yes' if you really want to continue:

Answer "yes" and hit enter. The installer will now start.

When the installer is finished it will show you the ISPConfig admin and MySQL root password like this:

[INFO] Your ISPConfig admin password is: 5GvfSSSYsdfdYC
[INFO] Your MySQL root password is: kkAkft82d!kafMwqxdtYs

Make sure you write this information down, along with server they are for, as you will need them later.

2.2 Setting up the remote MySQL users for our slave servers

We will log in to MySQL to allow the other servers to connect to the ISPConfig database on this node during installation, by adding MySQL root user records in the master database for every slave server hostname and IP address.

On the terminal, run

mysql -u root -p

Enter your MySQL password and then run the following commands:

CREATE USER 'root'@'10.0.64.13' IDENTIFIED BY 'myrootpassword';
GRANT ALL PRIVILEGES ON * . * TO 'root'@'10.0.64.13' IDENTIFIED BY 'myrootpassword' WITH GRANT OPTION MAX_QUERIES_PER_HOUR 0 MAX_CONNECTIONS_PER_HOUR 0 MAX_UPDATES_PER_HOUR 0 MAX_USER_CONNECTIONS 0 ;
CREATE USER 'root'@'10.0.64.14' IDENTIFIED BY 'myrootpassword';
GRANT ALL PRIVILEGES ON * . * TO 'root'@'10.0.64.14' IDENTIFIED BY 'myrootpassword' WITH GRANT OPTION MAX_QUERIES_PER_HOUR 0 MAX_CONNECTIONS_PER_HOUR 0 MAX_UPDATES_PER_HOUR 0 MAX_USER_CONNECTIONS 0 ;
CREATE USER 'root'@'10.0.64.15' IDENTIFIED BY 'myrootpassword';
GRANT ALL PRIVILEGES ON * . * TO 'root'@'10.0.64.15' IDENTIFIED BY 'myrootpassword' WITH GRANT OPTION MAX_QUERIES_PER_HOUR 0 MAX_CONNECTIONS_PER_HOUR 0 MAX_UPDATES_PER_HOUR 0 MAX_USER_CONNECTIONS 0 ;
CREATE USER 'root'@'10.0.64.16' IDENTIFIED BY 'myrootpassword';
GRANT ALL PRIVILEGES ON * . * TO 'root'@'10.0.64.16' IDENTIFIED BY 'myrootpassword' WITH GRANT OPTION MAX_QUERIES_PER_HOUR 0 MAX_CONNECTIONS_PER_HOUR 0 MAX_UPDATES_PER_HOUR 0 MAX_USER_CONNECTIONS 0 ;
CREATE USER 'root'@'10.0.64.17' IDENTIFIED BY 'myrootpassword';
GRANT ALL PRIVILEGES ON * . * TO 'root'@'10.0.64.17' IDENTIFIED BY 'myrootpassword' WITH GRANT OPTION MAX_QUERIES_PER_HOUR 0 MAX_CONNECTIONS_PER_HOUR 0 MAX_UPDATES_PER_HOUR 0 MAX_USER_CONNECTIONS 0 ;
CREATE USER 'root'@'10.0.64.18' IDENTIFIED BY 'myrootpassword';
GRANT ALL PRIVILEGES ON * . * TO 'root'@'10.0.64.18' IDENTIFIED BY 'myrootpassword' WITH GRANT OPTION MAX_QUERIES_PER_HOUR 0 MAX_CONNECTIONS_PER_HOUR 0 MAX_UPDATES_PER_HOUR 0 MAX_USER_CONNECTIONS 0 ;
CREATE USER 'root'@'web01.example.com' IDENTIFIED BY 'myrootpassword';
GRANT ALL PRIVILEGES ON * . * TO 'root'@'web01.example.com' IDENTIFIED BY 'myrootpassword' WITH GRANT OPTION MAX_QUERIES_PER_HOUR 0 MAX_CONNECTIONS_PER_HOUR 0 MAX_UPDATES_PER_HOUR 0 MAX_USER_CONNECTIONS 0 ;
CREATE USER 'root'@'mx1.example.com' IDENTIFIED BY 'myrootpassword';
GRANT ALL PRIVILEGES ON * . * TO 'root'@'mx1.example.com' IDENTIFIED BY 'myrootpassword' WITH GRANT OPTION MAX_QUERIES_PER_HOUR 0 MAX_CONNECTIONS_PER_HOUR 0 MAX_UPDATES_PER_HOUR 0 MAX_USER_CONNECTIONS 0 ;
CREATE USER 'root'@'mx2.example.com' IDENTIFIED BY 'myrootpassword';
GRANT ALL PRIVILEGES ON * . * TO 'root'@'mx2.example.com' IDENTIFIED BY 'myrootpassword' WITH GRANT OPTION MAX_QUERIES_PER_HOUR 0 MAX_CONNECTIONS_PER_HOUR 0 MAX_UPDATES_PER_HOUR 0 MAX_USER_CONNECTIONS 0 ;
CREATE USER 'root'@'ns1.example.com' IDENTIFIED BY 'myrootpassword';
GRANT ALL PRIVILEGES ON * . * TO 'root'@'ns1.example.com' IDENTIFIED BY 'myrootpassword' WITH GRANT OPTION MAX_QUERIES_PER_HOUR 0 MAX_CONNECTIONS_PER_HOUR 0 MAX_UPDATES_PER_HOUR 0 MAX_USER_CONNECTIONS 0 ;
CREATE USER 'root'@'ns2.example.com' IDENTIFIED BY 'myrootpassword';
GRANT ALL PRIVILEGES ON * . * TO 'root'@'ns2.example.com' IDENTIFIED BY 'myrootpassword' WITH GRANT OPTION MAX_QUERIES_PER_HOUR 0 MAX_CONNECTIONS_PER_HOUR 0 MAX_UPDATES_PER_HOUR 0 MAX_USER_CONNECTIONS 0 ;
CREATE USER 'root'@'webmail.example.com' IDENTIFIED BY 'myrootpassword';
GRANT ALL PRIVILEGES ON * . * TO 'root'@'webmail.example.com' IDENTIFIED BY 'myrootpassword' WITH GRANT OPTION MAX_QUERIES_PER_HOUR 0 MAX_CONNECTIONS_PER_HOUR 0 MAX_UPDATES_PER_HOUR 0 MAX_USER_CONNECTIONS 0 ;

In the above SQL commands, replace the IP adresses (10.0.64.12 - 10.0.64.18) with the IP addresses of your servers, web01.example.com, mx1.example.com, mx2.example.com, ns1.example.com, ns2.example.com, and webmail.example.com with the hostnames of your servers and myrootpassword with the desired root password (it is good practice to use a different password for each host. Write them down, as you will need them later when installing or updating your slave servers).

When this is done, you can exit MySQL with:

EXIT;

You can now log in to ISPConfig on https://panel.example.com:8080 with the username admin and the password the installer showed you.

2.3 Setting up the firewall

The last thing to do is to set up our firewall.

Log in to the ISPConfig UI, and go to System -> Firewall. Then click "Add new firewall record".

For the panel server, we have to open the following ports:

TCP:

22,80,443,8080,8081

No UDP ports have to be opened through the UI.

We are also going to open port 3306, which is used for MySQL, but only from our local network for security reasons. To do so, run the following command from the CLI, after the change from the ISPConfig panel is propagated (when the red dot is gone):

ufw allow from 10.0.64.0/24 to any port 3306 proto tcp

Your panel is now set up and ready for use.

In the next step, we will install the webserver.

Share this page:

Suggested articles

1 Comment(s)

Add comment

Comments

By: Mario at: 2021-04-18 03:27:46

Excelent document ... Thanks ...