ISPConfig Perfect Multiserver setup on Ubuntu 20.04 and Debian 10 - Page 6
7 Installing the secondary nameserver
Log in as root or run
to become root user on your server before you proceed. IMPORTANT: You must use 'su -' and not just 'su', otherwise your PATH variable is set wrong by Debian.
7.1 Configure the hostname
The hostname of your server should be a subdomain like "panel.example.com". Do not use a domain name without a subdomain part like "example.com" as hostname as this will cause problems later with your mail setup. First, you should check the hostname in /etc/hosts and change it when necessary. The line should be: "IP Address - space - full hostname incl. domain - space - subdomain part". For our hostname ns2.example.com, the file shall look like this:
127.0.0.1 localhost.localdomain localhost
# This line should be changed on every node to the correct servername:
127.0.1.1 ns2.example.com ns2
# These lines are the same on every node: 10.0.64.12 panel.example.com panel
10.0.64.13 web01.example.com web01
10.0.64.14 mx1.example.com mx1
10.0.64.15 mx2.example.com mx2
10.0.64.16 ns1.example.com ns1
10.0.64.17 ns2.example.com ns2
10.0.64.18 webmail.example.com webmail # The following lines are desirable for IPv6 capable hosts ::1 localhost ip6-localhost ip6-loopback ff02::1 ip6-allnodes ff02::2 ip6-allrouters
As you can see, we added the hostnames of our other servers aswell, so they can communicate over the internal network later.
Then edit the /etc/hostname file:
It shall contain only the subdomain part, in our case:
Finally, reboot the server to apply the change:
Log in again and check if the hostname is correct now with these commands:
The output shall be like this:
[email protected]:~$ hostname
[email protected]:~$ hostname -f
7.2 Installing ISPConfig
Now we can run the autoinstaller for all packages and ISPConfig:
wget -O - https://get.ispconfig.org | sh -s -- --no-web --no-mail --use-php=system --interactive
After some time, you will see:
WARNING! This script will reconfigure your complete server!
It should be run on a freshly installed server and all current configuration that you have done will most likely be lost!
Type 'yes' if you really want to continue:
Answer "yes" and hit enter. The installer will now start.
When the installation and configuration of the packages is done, the root password for MySQL on ns2 will be shown. Write this down (along with the servername, to prevent any confusion later).
Now we will have to answer some questions as we are using interactive mode. This is necessary as this server will be added to your multiserver setup.
[INFO] Installing ISPConfig3.
[INFO] Your MySQL root password is: kl3994aMsfkkeE
_____ ___________ _____ __ _ ____
|_ _/ ___| ___ \ / __ \ / _(_) /__ \
| | \ `--.| |_/ / | / \/ ___ _ __ | |_ _ __ _ _/ /
| | `--. \ __/ | | / _ \| '_ \| _| |/ _` | |_ |
_| |_/\__/ / | | \__/\ (_) | | | | | | | (_| | ___\ \
\___/\____/\_| \____/\___/|_| |_|_| |_|\__, | \____/
>> Initial configuration
Operating System: Debian 10.0 (Buster) or compatible
Following will be a few questions for primary configuration so be careful.
Default values are in [brackets] and can be accepted with <ENTER>.
Tap in "quit" (without the quotes) to stop the installer.
Select language (en,de) [en]: <-- Hit enter
Installation mode (standard,expert) [standard]: <-- expert
Full qualified hostname (FQDN) of the server, eg server1.domain.tld [ns2.example.com]: <-- Hit Enter
MySQL server hostname [localhost]: <-- Hit Enter
MySQL server port : <-- Hit Enter
MySQL root username [root]: <-- Hit Enter
MySQL root password : <-- Enter the MySQL password the script just gave you
MySQL database to create [dbispconfig]: <-- Hit Enter
MySQL charset [utf8]: <-- Hit Enter
The next two questions are about the internal ISPConfig database user and password.
It is recommended to accept the defaults which are 'ispconfig' as username and a random password.
If you use a different password, use only numbers and chars for the password.
ISPConfig mysql database username [ispconfig]: <-- Hit Enter
ISPConfig mysql database password [aakl203920459853sak20284204]: <-- Hit Enter
Shall this server join an existing ISPConfig multiserver setup (y,n) [n]: <-- y
MySQL master server hostname : <-- panel.example.com
MySQL master server port : <-- Hit Enter
MySQL master server root username [root]: <-- Hit Enter
MySQL master server root password : <-- the password you gave the external root user on the master server.
MySQL master server database name [dbispconfig]: <-- Hit Enter
Adding ISPConfig server record to database.
Configure Mail (y,n) [y]: <-- n
[WARN] autodetect for Jailkit failed
Force configure Jailkit (y,n) [n]: <-- Hit enter
[WARN] autodetect for pureftpd failed
Force configure pureftpd (y,n) [n]: <-- Hit enter
Configure DNS Server (y,n) [y]: <-- Hit enter
The Web Server option has to be enabled when you want run a web server or when this node shall host the ISPConfig interface.
Configure Web Server (y,n) [y]: <-- n
[WARN] autodetect for OpenVZ failed
Force configure OpenVZ (y,n) [n]: <-- Hit enter
Configure Firewall Server (y,n) [y]: <-- Hit enter
Configuring Ubuntu Firewall
[WARN] autodetect for Metronome XMPP Server failed
Force configure Metronome XMPP Server (y,n) [n]: <-- Hit enter
Skipping Metronome XMPP Server
Install ISPConfig Web Interface (y,n) [n]: <-- Hit enter
Do you want to create SSL certs for your server? (y,n) [y]: <-- n
Installing ISPConfig crontab
Detect IP addresses
Restarting services ...
Failed to restart apache2.service: Unit apache2.service not found.
[INFO] Checking all services are running.
[INFO] mysql: OK
[INFO] clamav-daemon: OK
[INFO] postfix: OK
[INFO] bind9: OK
[INFO] Installation ready.
[INFO] Your MySQL root password is: kl3994aMsfkkeE
[INFO] Warning: Please delete the log files in /tmp/ispconfig-ai/var/log/setup-* once you don't need them anymore because they contain your passwords!
7.3 Setting up the firewall
The last thing to do is to set up our firewall.
Log in to the ISPConfig UI, and go to System -> Firewall. Then click "Add new firewall record".
Make sure you select the correct server. For our nameserver, we have to open the following ports:
We are also going to open port 3306, which is used for MySQL, but only from our local network for security reasons. To do so, run the following command from the CLI, after the change from the ISPConfig panel is propagated (when the red dot is gone):
ufw allow from 10.0.64.0/24 to any port 3306 proto tcp
There is currently a bug in ISPConfig that causes DNSSEC signed zones to be signed with different keys if you mirror nameservers. To set up your zones, first create the zone under DNS ->DNS Zones on your first nameserver, and allow transfer + also notify to the IP address of your secondary nameserver. Then add the zone under "Secondary DNS zones" on your second nameserver and allow transfer from the IP of your first nameserver.
Your secondary nameserver is now set up. If you want to add another nameserver, just repeat the instructions from this step, and adjust the hostname and IP address accordingly. In the next step, we will install the webmail server.