The Perfect Server - Debian 8.4 Jessie (Apache2, BIND, Dovecot, ISPConfig 3.1)

This tutorial shows how to prepare a Debian Jessie server (with Apache2, BIND, Dovecot) for the installation of ISPConfig 3.1, and how to install ISPConfig. The webhosting control panel ISPConfig 3 allows you to configure the following services through a web browser: Apache or nginx web server, Postfix mail server, Courier or Dovecot IMAP/POP3 server, MySQL, BIND or MyDNS nameserver, PureFTPd, SpamAssassin, ClamAV, and many more. This setup covers Apache (instead of nginx), BIND, and Dovecot (instead of Courier).

1 Preliminary Note

In this tutorial I will use the hostname server1.example.com with the IP address 192.168.1.100 and the gateway 192.168.1.1. These settings might differ for you, so you have to replace them where appropriate. Before proceeding further you need to have a minimal installation of Debian 8. This might be a Debian minimal image from your Hosting provider or you use the Minimal Debian Server tutorial to setup the base system.

What's new in this version of the tutorial?

  • Support for the new ISPConfig 3.1 features.
  • Support for Let's Encrypt SSL certificates.
  • Support for HHVM (HipHop Virtual Machine) to run PHP scripts.
  • Support for XMPP (Metronome).
  • Support for EMail Greylisting with Postgrey.
  • UFW as Firewall to replace Bastille.
  • RoundCube Webmail instead of Squirrelmail.

2 Install the SSH server (Optional)

If you did not install the OpenSSH server during the system installation, you can do it now:

apt-get install ssh openssh-server

From now on you can use an SSH client such as PuTTY and connect from your workstation to your Debian Jessie server and follow the remaining steps from this tutorial.

3 Install a shell text editor (Optional)

We will use nano text editor in this tutorial. Some useres prefer the classic vi editor, therefor we will install both editors here. The default vi program has some strange behavior on Debian and Ubuntu; to fix this, we install vim-nox:

apt-get install nano vim-nox

If vi is your favorite editor, then replace nano with vi in the following commands to edit files.

4 Configure the Hostname

The hostname of your server should be a subdomain like "server1.example.com". Do not use a domain name without subdomain part like "example.com" as hostname as this will cause problems later with your mail setup. First you should check the hostname in /etc/hosts and change it when nescessary. The line should be: "IP Address - space - full hostname incl. domain - space - subdomain part". For our hostname server1.example.com, the file shall look like this:

nano /etc/hosts

127.0.0.1       localhost.localdomain   localhost
192.168.1.100   server1.example.com     server1

# The following lines are desirable for IPv6 capable hosts
::1     localhost ip6-localhost ip6-loopback
ff02::1 ip6-allnodes
ff02::2 ip6-allrouters

Then edit the /etc/hostname file:

nano /etc/hostname

It shall contain only the subdomain part, in our case:

server1

Finally, reboot the server to apply the change:

reboot

Login again and check if the hostname is correct now with these commands:

hostname
hostname -f

The output shall be like this:

[email protected]:/tmp# hostname
server1
[email protected]:/tmp# hostname -f
server1.example.com

 

5 Update Your Debian Installation

First make sure that your /etc/apt/sources.list contains the jessie/updates repository (this makes sure you always get the newest security updates), and that the contrib and non-free repositories are enabled (some packages such as libapache2-mod-fastcgi are not in the main repository).

nano /etc/apt/sources.list

#deb cdrom:[Debian GNU/Linux 8.0.0 _Jessie_ - Official amd64 NETINST Binary-1 20150425-12:50]/ jessie main

deb http://ftp.us.debian.org/debian/ jessie main contrib non-free
deb-src http://ftp.us.debian.org/debian/ jessie main contrib non-free

deb http://security.debian.org/ jessie/updates main contrib non-free
deb-src http://security.debian.org/ jessie/updates main contrib non-free

Run:

apt-get update

To update the apt package database

apt-get upgrade

and to install the latest updates (if there are any).

 

6 Change the default Shell

/bin/sh is a symlink to /bin/dash, however we need /bin/bash, not /bin/dash. Therefore we do this:

dpkg-reconfigure dash

Use dash as the default system shell (/bin/sh)? <- no

If you don't do this, the ISPConfig installation will fail.

 

7 Synchronize the System Clock

It is a good idea to synchronize the system clock with an NTP (network time protocol) server over the Internet. Simply run

apt-get install ntp ntpdate

and your system time will always be in sync.

 

8 Install Postfix, Dovecot, MySQL, phpMyAdmin, rkhunter, binutils

We can install Postfix, Dovecot, MySQL, rkhunter, and binutils with a single command:

apt-get install postfix postfix-mysql postfix-doc mariadb-client mariadb-server openssl getmail4 rkhunter binutils dovecot-imapd dovecot-pop3d dovecot-mysql dovecot-sieve dovecot-lmtpd sudo

When you prefer MySQL over MariaDB, replace the packages "mariadb-client mariadb-server" in the above command with "mysql-client mysql-server".

You will be asked the following questions:

General type of mail configuration: <-- Internet Site
System mail name: <-- server1.example.com
New password for the MariaDB "root" user: <-- yourrootsqlpassword
Repeat password for the MariaDB "root" user: <-- yourrootsqlpassword

To secure the MariaDB / MySQL installation and to disable the test database, run this command:

mysql_secure_installation

We dont have to change the MySQL root password as we just set a new one during installation. Answer the questions as follows:

Change the root password? [Y/n] <-- n
Remove anonymous users? [Y/n] <-- y
Disallow root login remotely? [Y/n] <-- y
Remove test database and access to it? [Y/n] <-- y
Reload privilege tables now? [Y/n] <-- y

Next, open the TLS/SSL and submission ports in Postfix:

nano /etc/postfix/master.cf

Uncomment the submission and smtps sections as follows and add lines where nescessary so that this section of the master.cf file looks exactly like the one below.

[...]
submission inet n - - - - smtpd
-o syslog_name=postfix/submission
-o smtpd_tls_security_level=encrypt
-o smtpd_sasl_auth_enable=yes
-o smtpd_client_restrictions=permit_sasl_authenticated,reject
# -o smtpd_reject_unlisted_recipient=no
# -o smtpd_client_restrictions=$mua_client_restrictions
# -o smtpd_helo_restrictions=$mua_helo_restrictions
# -o smtpd_sender_restrictions=$mua_sender_restrictions
# -o smtpd_recipient_restrictions=
# -o smtpd_relay_restrictions=permit_sasl_authenticated,reject
# -o milter_macro_daemon_name=ORIGINATING
smtps inet n - - - - smtpd
-o syslog_name=postfix/smtps
-o smtpd_tls_wrappermode=yes
-o smtpd_sasl_auth_enable=yes
-o smtpd_client_restrictions=permit_sasl_authenticated,reject
# -o smtpd_reject_unlisted_recipient=no
# -o smtpd_client_restrictions=$mua_client_restrictions
# -o smtpd_helo_restrictions=$mua_helo_restrictions
# -o smtpd_sender_restrictions=$mua_sender_restrictions
# -o smtpd_recipient_restrictions=
# -o smtpd_relay_restrictions=permit_sasl_authenticated,reject
# -o milter_macro_daemon_name=ORIGINATING [...]

Restart Postfix afterwards:

service postfix restart

We want MariaDB to listen on all interfaces, not just localhost, therefore, we edit /etc/mysql/my.cnf and comment out the line bind-address = 127.0.0.1:

nano /etc/mysql/my.cnf

[...]
# Instead of skip-networking the default is now to listen only on
# localhost which is more compatible and is not less secure.
#bind-address           = 127.0.0.1
[...]

Then we restart MySQL:

service mysql restart

Now check that networking is enabled. Run

netstat -tap | grep mysql

The output should look like this:

[email protected]:/# netstat -tap | grep mysql
tcp6 0 0 [::]:mysql [::]:* LISTEN 16806/mysqld

 

9 Install Amavisd-new, SpamAssassin, and Clamav

To install amavisd-new, SpamAssassin and ClamAV, we run

apt-get install amavisd-new spamassassin clamav clamav-daemon zoo unzip bzip2 arj nomarch lzop cabextract apt-listchanges libnet-ldap-perl libauthen-sasl-perl clamav-docs daemon libio-string-perl libio-socket-ssl-perl libnet-ident-perl zip libnet-dns-perl postgrey

The ISPConfig 3 setup uses amavisd which loads the SpamAssassin filter library internally, so we can stop SpamAssassin to free up some RAM:

service spamassassin stop
systemctl disable spamassassin

9.1 Install Metronome XMPP Server (optional)

This step installs the Metronome XMPP Server which provides a chat server that is compatible with the XMPP protocol. This step is optional, if you do not need a chat server, then you can skip this step. No other ISPConfig functions depend on this software.

Add the Prosody package repository in Debian.

echo "deb http://packages.prosody.im/debian jessie main" > /etc/apt/sources.list.d/metronome.list
wget http://prosody.im/files/prosody-debian-packages.key -O - | sudo apt-key add -

Update the package list:

apt-get update

and install the packages with apt.

apt-get install git lua5.1 liblua5.1-0-dev lua-filesystem libidn11-dev libssl-dev lua-zlib lua-expat lua-event lua-bitop lua-socket lua-sec luarocks luarocks

luarocks install lpc

Add a shell user for Metronome.

adduser --no-create-home --disabled-login --gecos 'Metronome' metronome

Download Metronome to the /opt directory and compile it.

cd /opt; git clone https://github.com/maranda/metronome.git metronome
cd ./metronome; ./configure --ostype=debian --prefix=/usr
make
make install

Metronome has now be installed to /opt/metronome.

Share this page:

60 Comment(s)

Add comment

Comments

From: David at: 2016-04-29 22:07:09

Hi Folk, why do you install xcache? i would install zend opcache. 

From: sannom at: 2016-05-05 20:07:05

hello, I can't install hhvm "failed to fetch http://dl.hhvm.com/debian/dists/jessie/InRelease   Unable to find entry 'main/binary-armhf/Packages' in release file(wrong sources.list entry or malformed file)   some index files failes to dowload......ect

Could you help me fix this?

From: sannom at: 2016-05-05 21:07:12

hello,

i don't know if hhvm is necesary but it doesn't install, so i continue step 11 and 12 but now i have E:package 'libapache2-mod-fastcgi' has no installation candidate

could you help me fix it..

From: till at: 2016-05-15 09:18:12

Check your /etc(apt/sources.list file and ensure that all Debian repositories (main contrib non-free) are active as described in this tutorial.

From: BatteriesInc at: 2016-05-10 17:17:56

Small note: might be worth adding your excellent munin/monit tutorial to this setup, ISPC has support for it.

From: Tim at: 2016-05-10 17:23:13

I wen through this whole install and everything works except for roundcube.  When I try to login I get "Connection to storage server failed".  I have tried removing and reinstalling roundcube, also removed and readded user to ispconfig.  Please help

From: corpus at: 2016-05-14 04:43:24

Hello. HHVM is available only for 64bit

From: erama at: 2016-05-18 21:44:42

Thank you!You are genius. Always do you help me with the best tutorials.

From: Ritooon at: 2016-05-19 22:16:45

Hi ! 

First, thanks for the tutorial ! 

I have an error at the 14th step, when I try to modify fstab

I do it, then use the next command (mount -o remount /) and then the next (quotacheck -avugm), that give me an error : 

quotacheck: Cannot stat() mounted device /dev/root: Aucun fichier ou dossier de ce type

quotacheck: Cannot find filesystem to check or filesystem not mounted with quota option.

 

This is my file : 

 

# <file system> <mount point>   <type>  <options>       <dump>  <pass>

/dev/sda1       /       ext4    errors=remount-ro,relatime,discard,usrjquota=quota.user,grpjquota=quota.group,jqfmt=vfsv0       0       1

#/dev/sda1      /       ext4    errors=remount-ro,relatime,discard,usrjquota=quota.user,grpjquota=quota=quota.group,jqfmt=vfsv0 0 1

/dev/sda2       /home   ext4    defaults,relatime,discard       1       2

/dev/sda3       swap    swap    defaults        0       0

proc            /proc   proc    defaults                0       0

sysfs           /sys    sysfs   defaults                0       0

tmpfs           /dev/shm        tmpfs   defaults        0       0

devpts          /dev/pts        devpts  defaults        0       0

 

Thanks for your help ! 

Cheers ! :)

From: uniQ at: 2016-05-24 13:21:48

Hi, does anyone here know how to sign my ISPConfig webinterface with letsencrypt? I tried to create a certificate manually but it returned with an error saying "Domain: web1.mysite.com

Type: unauthorized

Detail: Invalid response from http://server.mysite.com/.well-known

/acme-challenge/qZt7CN6-rTnOoyfVWx-bGEaPgxvzmYRWU0ryYlSiuFs:

"<!DOCTYPE html>

<html lang="en-US" prefix="og: http://ogp.me/ns# fb:

http://ogp.me/ns/fb#">

<head>

<meta charset="UTF-8">"

From: uniQ at: 2016-05-25 07:09:22

Jesse Norell posted this in another thread, which actually works:[CODE]/root/.local/share/letsencrypt/bin/letsencrypt auth --text --agree-tos --authenticator webroot --server https://acme-v01.api.letsencrypt.org/directory --rsa-key-size 4096 --email postmaster@`hostname -d` --domains `hostname -f` --webroot-path /usr/local/ispconfig/interface/acme

dt=`date '+%Y%m%d%H%M%S'`

cd /usr/local/ispconfig/interface/ssl/

for ext in csr key.secure key crt; do if [ -f ispserver.$ext ]; then mv ispserver.$ext ispserver.$ext.old.$dt; fi; done

ln -s /etc/letsencrypt/live/`hostname -f`/privkey.pem ispserver.key

ln -s /etc/letsencrypt/live/`hostname -f`/fullchain.pem ispserver.crt

service apache2 restart[CODE]

From: Keldan at: 2016-05-24 15:11:33

By default, fail2ban and IspConfig don't use UFW to ban/unban IP or create Firewall rules. This parameter can be change into Sytem Tab > Server Config for ISPC. But for fail2ban ? Directly into a .conf file ? Or IspConfig configure fail2ban automatically ?

Thanks

From: till at: 2016-05-24 15:16:55

Fail2ban is active automatically and there is no additional configuration required then what is written in this tutorial.

From: mzips at: 2016-06-01 04:37:58

Pleas Update the Lets Encrypt part withe CertBot

Thanks

From: webhunter at: 2016-06-03 20:35:14

Hm, installation completed but postfix throws an error:

"fatal: no SASL authentication mechanisms"

I followed the instructions step by step. ISPConfig is working fine.  But e-mails do not work..

Any suggestions?

Thank you!

From: NixXxon at: 2016-06-06 08:54:35

Hello,

thank you for the great guide - worked fine on a virtual machine on my laptop BUT on my V-Server i get the following error:

Failed to read /proc/cmdline. Ignoring: No such file or directory

Failed to get D-Bus connection: Unknown error -1

 

I googled and read something about a bug in debian with sysvinit and upstart (http://unix.stackexchange.com/questions/6042/upstart-on-debian) but I'm not really pro and not sure if that REALLY related to my problem.

 

I really hope you can help me out?!

 

Thanks in advance,

NixXxon 

From: marcel at: 2016-06-07 09:45:56

On https://test.name:8080/webmail/ the PHP code is not being executed. It shows me the code insteadt.

http://test.name:8080/webmail/ is working.

 

From: jrodgers at: 2016-06-09 20:52:40

The command apt-get install libapache2-mod-fastcgi php5-fpm won't run without adding contrib and non-free after main in the sources list. 

From: till at: 2016-06-10 06:46:42

Correct, and that's why step 5 of the tutorial how you how to do that.

From: Michael at: 2016-06-14 20:16:04

Lets Encrypt ist out of date can you Fix it that was very nice.

From: ralf at: 2016-06-22 23:55:16

Irgent etwas scheint bei der roundcube install nicht zu stimmen. Beim aufrufen nach der ispconfig 3.1 install kommt nur das:

/ // include environment require_once 'program/include/iniset.php'; ... etc gibt es da schon eine lösung?

From: ricardo sanchez at: 2016-07-17 17:51:13

Hi following thishttps://www.howtoforge.com/tutorial/perfect-server-debian-8-4-jessie-apache-bind-dovecot-ispconfig-3-1/3/, It presents error in the receipt of email. since rouncube send email but not receive. and to verify the email address out error [[email protected] - Result: Bad] and this other [This is an Automatically generated Delivery Status NotificationTHIS IS A WARNING MESSAGE ONLY.YOU DO NOT NEED TO RESEND YOUR MESSAGE.Delivery to the following recipient has-been delayed:      [email protected] will be retried for 0 more day (s)Technical details of temporary failure:The recipient server did not accept our requests to connect. Learn more at https://support.google.com/mail/answer/7720[Ingenierasa.org. 190.249.187.3: socket error]]

From: ricardo sanchez at: 2016-07-19 22:27:17

Hi following thishttps://www.howtoforge.com/tutorial/perfect-server-debian-8-4-jessie-apache-bind-dovecot-ispconfig-3-1/3/, It presents error in the receipt of email. since rouncube send email but not receive. and to verify the email address out error [[email protected] - Result: Bad] and this other [This is an Automatically generated Delivery Status NotificationTHIS IS A WARNING MESSAGE ONLY.YOU DO NOT NEED TO RESEND YOUR MESSAGE.Delivery to the following recipient has-been delayed:      [email protected] will be retried for 0 more day (s)Technical details of temporary failure:The recipient server did not accept our requests to connect. Learn more at https://support.google.com/mail/answer/7720[Ingenierasa.org. 190.249.187.3: socket error]]

Some solution to receive mail. Thank you

From: Shafeek at: 2016-07-20 09:48:33

For Roundcube to work with http://server1.example.com:8080/webmail or https://server1.example.com:8080/webmail, Need to add the following to /etc/apache2/conf-enabled/roundcube.conf  under <Directory /var/lib/roundcube/>

AddType application/x-httpd-php .php

Else it displays the php code directly as text instead of roundcube login page. 

 

From: Carlos Nogueira at: 2016-07-28 21:34:14

This is basic but missing dialog pakage in my server, install before 8....

From: ricardo sanchez at: 2016-07-31 16:21:44

Thanks, solved

The detail is here [...] nano /etc/postfix/master.cf

From: Ainer Roll at: 2016-08-17 17:21:06

Works fine but.... I tried to install the ISPConfig Roundcube plugin with tutorial "RoundCube webmail installation on Debian 8", but that does'nt work.  Can you please expand this tutorial ? Thanks

 

From: mike at: 2016-09-06 19:22:46

hey there! good tutorial.i've did all the steps in this tutorial but when i go in my /webmail (roundcube) i am unable to send mails. after that i went to this tutorial https://www.howtoforge.com/using-roundcube-webmail-with-ispconfig-3-on-debian-wheezy-apache2 and created the roundcube remote user in ISP exactly as described.

A peak into phpadmin tells me the remote user 'roundcube' has the rights he needs. Naturally i created a new domain and mailbox in ISP3 under 'Email'.

Now if i go into /webmail and try to send an email roundcube keeps loading. no error.Kind regards!

From: Edgar at: 2016-09-09 00:44:01

Hi, I have a problem, if I send emails from the command line, it works, but, if sending mail from roundcube appears errror "SMTP Error (454): Could not establish recipient (4.7.1 Relay access denied)."

The postconf -n is:

alias_database = hash:/etc/aliases

alias_maps = hash:/etc/aliases

append_dot_mydomain = no

biff = no

config_directory = /etc/postfix

html_directory = /usr/share/doc/postfix/html

inet_interfaces = all

mailbox_command = procmail -a "$EXTENSION"

mailbox_size_limit = 0

mua_client_restrictions =

mydestination = mydomain.mx, localhost.mx, , localhost

myhostname = mydomain.mx

mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128

myorigin = /etc/mailname

readme_directory = /usr/share/doc/postfix

recipient_delimiter = +

relayhost =

smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache

smtpd_banner = $myhostname ESMTP $mail_name (Debian/GNU)

smtpd_recipient_restrictions =

smtpd_relay_restrictions = permit_mynetworks permit_sasl_authenticated defer_unauth_destination

smtpd_tls_cert_file = /etc/ssl/certs/ssl-cert-snakeoil.pem

smtpd_tls_key_file = /etc/ssl/private/ssl-cert-snakeoil.key

smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache

smtpd_use_tls = yes

 

Thank you very much for the help

From: MasterBotWeb at: 2016-10-17 07:39:39

Hello,

In your configuration "inet_protocol" is missing, set is ipv4 and try again. Thank you.

From: computerwuffi at: 2016-09-19 18:20:44

hello,

I unfortunately installed the wrong version of jailkit. How can I update this? Can I now just repeat all the steps of this tutorial with the correct version or do I have to uninstall anything? If so, how do I do that?

Could you help me fix this?

 

From: Blake at: 2016-09-21 20:32:46

Hi, I have followed the guide exactly, but when I type in https://myurl.net:8080/webmail it takes me to a text page that starts with <?php

/* +-------------------------------------------------------------------------+ | Roundcube Webmail IMAP Client | | Version 1.1.5 | | | | Copyright (C) 2005-2015, The Roundcube Dev Team | | | | This program is free software: you can redistribute it and/or modify | | it under the terms of the GNU General Public License (with exceptions | | for skins & plugins) as published by the Free Software Foundation, | | either version 3 of the License, or (at your option) any later version.

From: Francesco at: 2016-09-27 13:37:07

hi, it's possibile install PHP 7 instead of 5?

it's recommended per ISPConfig?

From: till at: 2016-09-27 13:40:19

You can install PHP 7 as additional PHP version: https://www.howtoforge.com/tutorial/how-to-install-php-7-on-debian/

From: Androbot at: 2016-09-27 16:42:57

Hey, can i use Webmin instead of ISPConfig?

From: till at: 2016-09-27 16:53:47

You can use Webmin, but Webmin is just a visual config file editor and not a Hosting control panel and all the "glue" to use the services together is done by the ispconfig installer and the ispconfg panel, so using this setup without ispconfig makes not much sense as you have just a bunch of unconfigured services then.

From: Androbot at: 2016-09-28 06:08:32

Ah ok, Thank you i think i will take ISPConfig.

But what do you think about Nginx? Is it better than Apache?

From: Piotr at: 2016-09-29 11:10:40

I got SEC_ERROR_UNKNOWN_ISSUER for this ssl encryption of isp login site

From: till at: 2016-09-29 11:19:09

That's ok and not an error. It just means that you are using a self-signed SSL certificate.

From: Baptiste at: 2016-10-02 19:02:49

After selecting no on the let's encrypt screen, I got "Please specify --domains, or --installer that will help in domain names autodiscovery" and then back to command line [email protected]: /opt/certbot#Is that it or something's gone wrong?

From: Michal at: 2016-10-07 06:28:23

Hi,

 

Thanks for this instructions.

I found issue with using RoundCube:

I have 2 customers with domain-1.tld and domain-2.tld

when i login to webmail [email protected] account and i add additional identity (email allies) [email protected] i can sent emails as someone else / from different domain.

Is ther way to block this and allow sending emails only from domains that are assigned in ISP to this domain / account?

 

As this looks like potential source of spam / phishing it will be superb to block this

 

Regards,

Michal

 

From: till at: 2016-10-07 06:46:22

Sending an email with RoundCube requires a correctly authenticated email user, so there is no way that an external person can send spam or phising emails. Only your mail users can send an email.

 

Webmail and other local installed software on your server can send with any from address as it connects to localhost on your server and localhost is in mynetworks. If you don't want to be able to use different from addresses, then configure your webmail application to connect to the external server IP and to use the username and password of the user to authenticate itself to postfix plus enable in the ispconfig under system > server config > mail "Reject sender and login mismatch".

From: robi1kenobi at: 2016-10-25 19:08:41

 Hello!

When I type robi1kenobi.com:8080, I get apache default page. I tried changing port to 2083, same thing.

Please help, what to do?

 

From: freegate at: 2016-10-29 12:19:20

Hello,

I can not receive email. Still, I can send.

I have carefully followed the tutorial. Apparently others have had the same problem but did not share the solution.

An idea of resolution?

Thanks

From: till at: 2016-10-29 12:47:24

The most likely reason is that your ISP blocks sending, so that's not a problem on your server. The setup is working fine and needs no midifications. If you need help, post your issue in the forum together with a log excerpt of the mail.log file.

From: freegate at: 2016-10-29 22:51:13

I found the problem.

By default, setup of "main.cf" : inet_interfaces = loopback-only

I changed : inet_interfaces = all

It's ok now.

From: hitodev at: 2016-10-29 13:49:47

Hello 

No need to create remote user in IspConfig for Roundcub ?

From: till at: 2016-10-29 14:03:14

There is no remote user needed. Roundcube connects directly to postfix and dovecot.

From: John at: 2016-11-04 07:17:48

i have error on HHVM:

[email protected]:/opt/certbot# sudo apt-get install hhvm

Reading package lists... Done

Building dependency tree       

Reading state information... Done

E: Unable to locate package hhvm

[email protected]:/opt/certbot#

From: KSB at: 2016-11-07 19:57:43

 Linux quota v2 files (kernel 2.4+) should be called aquota.user and aquota.group

From: SimonGilli at: 2016-11-11 12:28:03

Hi Till, thanks for the next great guide! As in the older versions you install ntp and ntpdate. At the debian package description of ntpdate is written there's no need for ntpdate if ntp is installed. ntpdate is for the use on computers which aren't always online like laptops. Is there an other reason to install this package?

From: till at: 2016-11-11 13:32:01

I was not aware of that, so we probably don't need ntpdate then.

From: remifr at: 2016-11-13 08:52:14

Is it normal that there is no rule added to iptables with fail2ban ? Usually I see all the policies that we have in jail.local but when I type "iptables -L" I see nothing. Nothing in fail2ban logs.

# iptables -LChain INPUT (policy ACCEPT)target     prot opt source               destinationChain FORWARD (policy ACCEPT)target     prot opt source               destinationChain OUTPUT (policy ACCEPT)target     prot opt source               destination

From: remifr at: 2016-11-13 09:31:34

Ignore my previous comment, I had missing filters and logs weren't saying anything about it. I saw in "service fail2ban status"

From: Thibaut at: 2016-11-23 03:43:46

Regarding the installation of XCache:

PHP 5.5+ comes with OPcache out of the box. Following this guide installed PHP Version 5.6.27-0+deb8u1 with opcache enabled by default.

Having both cache mechanisms enabled at the same time can result in unpredictable behaviour.In my case I mainly experimented two weird situations:

 - some DokuWiki web sites would not render properly, in an apparent random manner. After being moved to another virtual host, they'd still use their "old" root path.

 - a Piwik installation would render blank pages when trying to access website's statistics.

One information that led me to the conclusion that the cache mechanisms were involved was a PHP error reported in the logs containing the following:

stderr: PHP message: PHP Fatal error:  Cannot redeclare class ...

As OPcache is now incorporated by Zend into the standard PHP installation I decided to completely disable XCache. This can be done by commenting out all lines in /etc/php5/fpm/conf.d/20-xcache.ini by typing a semicolon (;) at the start of each line. Then restarting the services:

> nano /etc/php5/fpm/conf.d/20-xcache.ini Put a semicolon (;) at the start of EACH LINE > service php5-fpm restart > service apache2 restart

It also seems possible to disable XCache on a directory basis by creating a .user.ini file containing xcache.cacher=0 in the targeted directory. I didn't try this, but here is a google groups reference.

Maybe the installation of XCache should be made optional (and not recommended) based on this fact ?

Anyway, I hope this info might come handy to some readers in case they experiment the same issues I've been facing.

Best regards.

From: Thomas at: 2016-11-24 09:08:54

Thanks for that wonderful "walk to heaven"Everything was working like a charm..Thanks for your time doing this wonderful tutorial..

From: kurt at: 2016-12-01 14:57:13

Thank you for the great tutorial. Everything works fine. I added several sites and mail accounts on my test vps server. 

But one thing does not work:

When I try to connect my mail client (mail on Mac or on my Android pad) as IMAP or POP

The answer is :

"impossible to verify name or pwd of the account"

 

anybody an idea what's wrong ?

From: elbaze at: 2016-12-05 17:03:36

Hello, i did everything and i added a prestashop but i have an error 500 (without any error in front office) but i have this in syslog

Dec  5 17:58:55 vps348302 kernel: [  713.374706] traps: php-cgi[2317] general protection ip:70802d sp:7ffed40b1310 error:0 in php5-cgi[400000+7ed000]

 

any idea ? 

From: Leandro at: 2016-12-05 21:29:16

Como faço para instalar o wordpress e o Mautic

From: elplubio at: 2016-12-10 09:28:18

Hi,

I've installed twice to be sure not missing something in tuto.

When checking Let's Encrypt and save in ISPConfig pannel, certificate is well asked and furbish but only for last let's encrypt domaine activated in ISPConfig pannel (even the check box (ssl + let's encrypt) are gone on all domaine exept last configurated one).

So if I need certificate for three site, only the last configurated one will work in https.

The only difference from tuto is that my server is behind a NAT (port 80,443,8080 are of course forwarded).

Any guidline or help would be appreciate.Perhaps a stupid question, but why don't we use let's encrypt install from debian repository?

Thanks