The Perfect Server CentOS 7.3 with Apache, Postfix, Dovecot, Pure-FTPD, BIND and ISPConfig 3.1 - Page 3
This tutorial exists for these OS versions
On this page
21 Install Roundcube webmail
To install the RoundCube webmail client, run...
yum -y install roundcubemail
Change the roundcubemail.conf configuration file as follows:
nano /etc/httpd/conf.d/roundcubemail.conf
# # Round Cube Webmail is a browser-based multilingual IMAP client # Alias /roundcubemail /usr/share/roundcubemail
Alias /webmail /usr/share/roundcubemail # Define who can access the Webmail # You can enlarge permissions once configured #<Directory /usr/share/roundcubemail/> # <IfModule mod_authz_core.c> # # Apache 2.4 # Require local # </IfModule> # <IfModule !mod_authz_core.c> # # Apache 2.2 # Order Deny,Allow # Deny from all # Allow from 127.0.0.1 # Allow from ::1 # </IfModule> #</Directory> <Directory /usr/share/roundcubemail/> Options none AllowOverride Limit Require all granted </Directory> # Define who can access the installer # keep this secured once configured #<Directory /usr/share/roundcubemail/installer/> # <IfModule mod_authz_core.c> # # Apache 2.4 # Require local # </IfModule> # <IfModule !mod_authz_core.c> # # Apache 2.2 # Order Deny,Allow # Deny from all # Allow from 127.0.0.1 # Allow from ::1 # </IfModule> #</Directory> <Directory /usr/share/roundcubemail/installer> Options none AllowOverride Limit Require all granted </Directory> # Those directories should not be viewed by Web clients. <Directory /usr/share/roundcubemail/bin/> Order Allow,Deny Deny from all </Directory> <Directory /usr/share/roundcubemail/plugins/enigma/home/> Order Allow,Deny Deny from all </Directory>
Restart Apache:
systemctl restart httpd.service
Now we need a database for RoundCube mail, we will initialize it as follows:
mysql -u root -p
At MariaDB prompt use:
CREATE DATABASE roundcubedb;
CREATE USER roundcubeuser@localhost IDENTIFIED BY 'roundcubepassword';
GRANT ALL PRIVILEGES on roundcubedb.* to roundcubeuser@localhost ;
FLUSH PRIVILEGES;
exit
I am using the details for the RoundCube database as an example, please replace the values as per your choice for security reasons.
Now we will install RoundCube in the browser at http://192.168.1.100/roundcubemail/installer
Now fill the entries for the
nano /etc/roundcubemail/config.inc.php
<?php /* Local configuration for Roundcube Webmail */ // ---------------------------------- // SQL DATABASE // ---------------------------------- // Database connection string (DSN) for read+write operations // Format (compatible with PEAR MDB2): db_provider://user:password@host/database // Currently supported db_providers: mysql, pgsql, sqlite, mssql or sqlsrv // For examples see http://pear.php.net/manual/en/package.database.mdb2.intro-dsn.php // NOTE: for SQLite use absolute path: 'sqlite:////full/path/to/sqlite.db?mode=0646' $config['db_dsnw'] = 'mysql://roundcubeuser:roundcubepassword@localhost/roundcubedb'; // ---------------------------------- // IMAP // ---------------------------------- // The mail host chosen to perform the log-in. // Leave blank to show a textbox at login, give a list of hosts // to display a pulldown menu or set one host as string. // To use SSL/TLS connection, enter hostname with prefix ssl:// or tls:// // Supported replacement variables: // %n - hostname ($_SERVER['SERVER_NAME']) // %t - hostname without the first part // %d - domain (http hostname $_SERVER['HTTP_HOST'] without the first part) // %s - domain name after the '@' from e-mail address provided at login screen // For example %n = mail.domain.tld, %t = domain.tld // WARNING: After hostname change update of mail_host column in users table is // required to match old user data records with the new host. $config['default_host'] = 'localhost'; // provide an URL where a user can get support for this Roundcube installation // PLEASE DO NOT LINK TO THE ROUNDCUBE.NET WEBSITE HERE! $config['support_url'] = ''; // this key is used to encrypt the users imap password which is stored // in the session record (and the client cookie if remember password is enabled). // please provide a string of exactly 24 chars. $config['des_key'] = 'FHgaM7ihtMkM1cBwckOcxPdT'; // ---------------------------------- // PLUGINS // ---------------------------------- // List of active plugins (in plugins/ directory) $config['plugins'] = array(); // Set the spell checking engine. Possible values: // - 'googie' - the default // - 'pspell' - requires the PHP Pspell module and aspell installed // - 'enchant' - requires the PHP Enchant module // - 'atd' - install your own After the Deadline server or check with the people at http://www.afterthedeadline.com before using their API // Since Google shut down their public spell checking service, you need to // connect to a Nox Spell Server when using 'googie' here. Therefore specify the 'spellcheck_uri' $config['spellcheck_engine'] = 'pspell';
Then press on the button "continue" in the web installer. On the following page, press on the button "Initialize database".
Finally, disable the Roundecubemail installer. Change the apache roundcubemail.conf configuration file:
nano /etc/httpd/conf.d/roundcubemail.conf
# # Round Cube Webmail is a browser-based multilingual IMAP client # Alias /roundcubemail /usr/share/roundcubemail
Alias /webmail /usr/share/roundcubemail # Define who can access the Webmail # You can enlarge permissions once configured #<Directory /usr/share/roundcubemail/> # <IfModule mod_authz_core.c> # # Apache 2.4 # Require local # </IfModule> # <IfModule !mod_authz_core.c> # # Apache 2.2 # Order Deny,Allow # Deny from all # Allow from 127.0.0.1 # Allow from ::1 # </IfModule> #</Directory> <Directory /usr/share/roundcubemail/> Options none AllowOverride Limit Require all granted </Directory> # Define who can access the installer # keep this secured once configured <Directory /usr/share/roundcubemail/installer/> <IfModule mod_authz_core.c> # Apache 2.4 Require local </IfModule> <IfModule !mod_authz_core.c> # Apache 2.2 Order Deny,Allow Deny from all Allow from 127.0.0.1 Allow from ::1 </IfModule> </Directory> # Those directories should not be viewed by Web clients. <Directory /usr/share/roundcubemail/bin/> Order Allow,Deny Deny from all </Directory> <Directory /usr/share/roundcubemail/plugins/enigma/home/> Order Allow,Deny Deny from all </Directory>
Restart Apache:
systemctl restart httpd.service
22 Install ISPConfig 3.1
The ISPConfig installer will configure all services like Postfix, Dovecot, etc. for you.
You now also have the possibility to let the installer create an SSL vhost for the ISPConfig control panel so that ISPConfig can be accessed using https:// instead of http://. To achieve this, just press ENTER when you see this question: Do you want a secure (SSL) connection to the ISPConfig web interface (y,n) [y]:.
To install ISPConfig 3.1 from GIT stable branch, do this:
cd /tmp
wget -O ispconfig.tar.gz https://git.ispconfig.org/ispconfig/ispconfig3/repository/archive.tar.gz?ref=stable-3.1
tar xfz ispconfig.tar.gz
cd ispconfig3*/install/
The next step is to run:
php -q install.php
This will start the ISPConfig 3 installer. The installer will configure all services like Postfix, Dovecot, etc. for you. A manual setup as required for ISPConfig 2 (perfect setup guides) is not necessary.
# php -q install.php
--------------------------------------------------------------------------------
_____ ___________ _____ __ _ ____
|_ _/ ___| ___ \ / __ \ / _(_) /__ \
| | \ `--.| |_/ / | / \/ ___ _ __ | |_ _ __ _ _/ /
| | `--. \ __/ | | / _ \| '_ \| _| |/ _` | |_ |
_| |_/\__/ / | | \__/\ (_) | | | | | | | (_| | ___\ \
\___/\____/\_| \____/\___/|_| |_|_| |_|\__, | \____/
__/ |
|___/
--------------------------------------------------------------------------------
>> Initial configuration
Operating System: CentOS 7.3
Following will be a few questions for primary configuration so be careful.
Default values are in [brackets] and can be accepted with <ENTER>.
Tap in "quit" (without the quotes) to stop the installer.
Select language (en,de) [en]: <-- Hit Enter
Installation mode (standard,expert) [standard]: <-- Hit Enter
Full qualified hostname (FQDN) of the server, eg server1.domain.tld [server1.canomi.com]: <-- Hit Enter
MySQL server hostname [localhost]: <-- Hit Enter
MySQL server port [3306]: <-- Hit Enter
MySQL root username [root]: <-- Hit Enter
MySQL root password []: <-- Enter your MySQL root password
MySQL database to create [dbispconfig]: <-- Hit Enter
MySQL charset [utf8]: <-- Hit Enter
Configuring Postgrey
Configuring Postfix
Generating a 4096 bit RSA private key
.......................................................................++
........................................................................................................................................++
writing new private key to 'smtpd.key'
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [AU]: <-- Enter 2 letter country code
State or Province Name (full name) [Some-State]: <-- Enter the name of the state
Locality Name (eg, city) []: <-- Enter your city
Organization Name (eg, company) [Internet Widgits Pty Ltd]: <-- Enter company name or press enter
Organizational Unit Name (eg, section) []: <-- Hit Enter
Common Name (e.g. server FQDN or YOUR name) []: <-- Enter the server hostname, in my case: server1.example.com
Email Address []: <-- Hit Enter
Configuring Mailman
Configuring Dovecot
Configuring Spamassassin
Configuring Amavisd
Configuring Getmail
Configuring BIND
Configuring Jailkit
Configuring Pureftpd
Configuring Apache
Configuring vlogger
Configuring Bastille Firewall
Configuring Fail2ban
[INFO] service OpenVZ not detected
Configuring Apps vhost
Installing ISPConfig
ISPConfig Port [8080]:
Admin password [admin]:
Do you want a secure (SSL) connection to the ISPConfig web interface (y,n) [y]: <-- Hit Enter
Generating RSA private key, 4096 bit long modulus
.......................++
................................................................................................................................++
e is 65537 (0x10001)
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [AU]: <-- Enter 2 letter country code
State or Province Name (full name) [Some-State]: <-- Enter the name of the state
Locality Name (eg, city) []: <-- Enter your city
Organization Name (eg, company) [Internet Widgits Pty Ltd]: <-- Enter company name or press enter
Organizational Unit Name (eg, section) []: <-- Hit Enter
Common Name (e.g. server FQDN or YOUR name) []: <-- Enter the server hostname, in my case: server1.example.com
Email Address []: <-- Hit Enter
Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []: <-- Hit Enter
An optional company name []: <-- Hit Enter
writing RSA key
Configuring DBServer
Installing ISPConfig crontab
no crontab for root
no crontab for getmail
Detect IP addresses
Restarting services ...
Installation completed.
The installer automatically configures all underlying services, so there is no manual configuration needed.
23 First ISPConfig Login
Afterwards you can access ISPConfig 3 under http(s)://server1.example.com:8080/ or http(s)://192.168.0.100:8080/ (http or https depends on what you chose during installation).
Log in with the username admin and the password admin (you should change the default password after your first login):
23.1 The ISPConfig 3 Manual
In order to learn how to use ISPConfig 3, I strongly recommend to download the ISPConfig 3 Manual.
On more than 300 pages, it covers the concept behind ISPConfig (admin, resellers, clients), explains how to install and update ISPConfig 3, includes a reference for all forms and form fields in ISPConfig together with examples of valid inputs, and provides tutorials for the most common tasks in ISPConfig 3. It also lines out how to make your server more secure and comes with a troubleshooting section at the end.
24 Download as virtual machine
This setup is available as virtual machine download in ova/ovf format (compatible with VMWare and Virtualbox) for howtoforge subscribers.
Login details for the VM
- The root password is: howtoforge
- The password of the ISPConfig "admin" user is: admin
- There is another shell user with the name "howtoforge" and password: howtoforge
Please change both passwords on the first login.
- The IP address of the VM is 192.168.1.100
25 Links
- CentOS: http://www.centos.org/
- ISPConfig: http://www.ispconfig.org/