ISPConfig Perfect Multiserver setup on Ubuntu 20.04 and Debian 10 - Page 6

7 Installing the secondary nameserver

Log in as root or run

su -

to become root user on your server before you proceed. IMPORTANT: You must use 'su -' and not just 'su', otherwise your PATH variable is set wrong by Debian.

7.1 Configure the hostname

The hostname of your server should be a subdomain like "panel.example.com". Do not use a domain name without a subdomain part like "example.com" as hostname as this will cause problems later with your mail setup. First, you should check the hostname in /etc/hosts and change it when necessary. The line should be: "IP Address - space - full hostname incl. domain - space - subdomain part". For our hostname ns2.example.com, the file shall look like this:

nano /etc/hosts
127.0.0.1 localhost.localdomain   localhost
# This line should be changed on every node to the correct servername:
127.0.1.1 ns2.example.com ns2
# These lines are the same on every node: 10.0.64.12 panel.example.com panel
10.0.64.13 web01.example.com web01
10.0.64.14 mx1.example.com mx1
10.0.64.15 mx2.example.com mx2
10.0.64.16 ns1.example.com ns1
10.0.64.17 ns2.example.com ns2
10.0.64.18 webmail.example.com webmail # The following lines are desirable for IPv6 capable hosts ::1 localhost ip6-localhost ip6-loopback ff02::1 ip6-allnodes ff02::2 ip6-allrouters

As you can see, we added the hostnames of our other servers aswell, so they can communicate over the internal network later.

Then edit the /etc/hostname file:

nano /etc/hostname

It shall contain only the subdomain part, in our case:

ns2

Finally, reboot the server to apply the change:

systemctl reboot

Log in again and check if the hostname is correct now with these commands:

hostname
hostname -f

The output shall be like this:

[email protected]:~$ hostname
ns2
[email protected]:~$ hostname -f
ns2.example.com

7.2 Installing ISPConfig

Now we can run the autoinstaller for all packages and ISPConfig:

wget -O - https://get.ispconfig.org | sh -s -- --no-web --no-mail --use-php=system --interactive

After some time, you will see:

WARNING! This script will reconfigure your complete server!
It should be run on a freshly installed server and all current configuration that you have done will most likely be lost!
Type 'yes' if you really want to continue:

Answer "yes" and hit enter. The installer will now start.

When the installation and configuration of the packages is done, the root password for MySQL on ns2 will be shown. Write this down (along with the servername, to prevent any confusion later).

Now we will have to answer some questions as we are using interactive mode. This is necessary as this server will be added to your multiserver setup.

[INFO] Installing ISPConfig3.
[INFO] Your MySQL root password is: kl3994aMsfkkeE


--------------------------------------------------------------------------------
 _____ ___________   _____              __ _         ____
|_   _/  ___| ___ \ /  __ \            / _(_)       /__  \
  | | \ `--.| |_/ / | /  \/ ___  _ __ | |_ _  __ _    _/ /
  | |  `--. \  __/  | |    / _ \| '_ \|  _| |/ _` |  |_ |
 _| |_/\__/ / |     | \__/\ (_) | | | | | | | (_| | ___\ \
 \___/\____/\_|      \____/\___/|_| |_|_| |_|\__, | \____/
                                              __/ |
                                             |___/
--------------------------------------------------------------------------------


>> Initial configuration  

Operating System: Debian 10.0 (Buster) or compatible

    Following will be a few questions for primary configuration so be careful.
    Default values are in [brackets] and can be accepted with <ENTER>.
    Tap in "quit" (without the quotes) to stop the installer.


Select language (en,de) [en]: <-- Hit enter

Installation mode (standard,expert) [standard]: <-- expert

Full qualified hostname (FQDN) of the server, eg server1.domain.tld  [ns2.example.com]: <-- Hit Enter

MySQL server hostname [localhost]: <-- Hit Enter

MySQL server port [3306]: <-- Hit Enter

MySQL root username [root]: <-- Hit Enter

MySQL root password []: <-- Enter the MySQL password the script just gave you

MySQL database to create [dbispconfig]: <-- Hit Enter

MySQL charset [utf8]: <-- Hit Enter

The next two questions are about the internal ISPConfig database user and password.
It is recommended to accept the defaults which are 'ispconfig' as username and a random password.
If you use a different password, use only numbers and chars for the password.

ISPConfig mysql database username [ispconfig]: <-- Hit Enter

ISPConfig mysql database password [aakl203920459853sak20284204]: <-- Hit Enter

Shall this server join an existing ISPConfig multiserver setup (y,n) [n]: <-- y

MySQL master server hostname []: <-- panel.example.com

MySQL master server port []: <-- Hit Enter

MySQL master server root username [root]: <-- Hit Enter

MySQL master server root password []: <-- the password you gave the external root user on the master server.

MySQL master server database name [dbispconfig]: <-- Hit Enter

Adding ISPConfig server record to database.

Configure Mail (y,n) [y]: <-- n

[WARN] autodetect for Jailkit failed
Force configure Jailkit (y,n) [n]: <-- Hit enter

Skipping Jailkit

[WARN] autodetect for pureftpd failed
Force configure pureftpd (y,n) [n]: <-- Hit enter

Skipping pureftpd

Configure DNS Server (y,n) [y]: <-- Hit enter

Configuring BIND
The Web Server option has to be enabled when you want run a web server or when this node shall host the ISPConfig interface.
Configure Web Server (y,n) [y]: <-- n

[WARN] autodetect for OpenVZ failed
Force configure OpenVZ (y,n) [n]: <-- Hit enter

Skipping OpenVZ

Configure Firewall Server (y,n) [y]: <-- Hit enter

Configuring Ubuntu Firewall
[WARN] autodetect for Metronome XMPP Server failed
Force configure Metronome XMPP Server (y,n) [n]: <-- Hit enter

Skipping Metronome XMPP Server

Configuring Fail2ban
Install ISPConfig Web Interface (y,n) [n]: <-- Hit enter

Do you want to create SSL certs for your server? (y,n) [y]: <-- n

Configuring DBServer
Installing ISPConfig crontab
Detect IP addresses
Restarting services ...
Failed to restart apache2.service: Unit apache2.service not found.
Installation completed.
[INFO] Checking all services are running.
[INFO] mysql: OK
[INFO] clamav-daemon: OK
[INFO] postfix: OK
[INFO] bind9: OK
[INFO] Installation ready.
[INFO] Your MySQL root password is: kl3994aMsfkkeE
[INFO] Warning: Please delete the log files in /tmp/ispconfig-ai/var/log/setup-* once you don't need them anymore because they contain your passwords!

7.3 Setting up the firewall

The last thing to do is to set up our firewall.

Log in to the ISPConfig UI, and go to System -> Firewall. Then click "Add new firewall record".

Make sure you select the correct server. For our nameserver, we have to open the following ports:

TCP:

22,53

UDP:

53

We are also going to open port 3306, which is used for MySQL, but only from our local network for security reasons. To do so, run the following command from the CLI, after the change from the ISPConfig panel is propagated (when the red dot is gone):

ufw allow from 10.0.64.0/24 to any port 3306 proto tcp

There is currently a bug in ISPConfig that causes DNSSEC signed zones to be signed with different keys if you mirror nameservers. To set up your zones, first create the zone under DNS ->DNS Zones on your first nameserver, and allow transfer + also notify to the IP address of your secondary nameserver. Then add the zone under "Secondary DNS zones" on your second nameserver and allow transfer from the IP of your first nameserver.

Your secondary nameserver is now set up. If you want to add another nameserver, just repeat the instructions from this step, and adjust the hostname and IP address accordingly. In the next step, we will install the webmail server.

Share this page:

Suggested articles

0 Comment(s)

Add comment

Comments

By: Thom Pol at: Mar 29, 2021