The Perfect Server - Debian 9 (Stretch) with Apache, BIND, Dovecot, PureFTPD and ISPConfig 3.1

This tutorial shows how to prepare a Debian 9 server (with Apache2, BIND, Dovecot) for the installation of ISPConfig 3.1, and how to install ISPConfig. The web hosting control panel ISPConfig 3 allows you to configure the following services through a web browser: Apache or nginx web server, Postfix mail server, Courier or Dovecot IMAP/POP3 server, MySQL, BIND or MyDNS nameserver, PureFTPd, SpamAssassin, ClamAV, and many more. This setup covers Apache (instead of nginx), BIND, and Dovecot.

1 Preliminary Note

In this tutorial, I will use the hostname server1.example.com with the IP address 192.168.1.100 and the gateway 192.168.1.1. These settings might differ for you, so you have to replace them where appropriate. Before proceeding further you need to have a minimal installation of Debian 9. This might be a Debian minimal image from your Hosting provider or you use the Minimal Debian Server tutorial to setup the base system.

2 Install the SSH server (Optional)

If you did not install the OpenSSH server during the system installation, you can do it now:

apt-get install ssh openssh-server

From now on you can use an SSH client such as PuTTY and connect from your workstation to your Debian 9 server and follow the remaining steps from this tutorial.

3 Install a shell text editor (Optional)

We will use nano text editor in this tutorial. Some users prefer the classic vi editor, therefore we will install both editors here. The default vi program has some strange behavior on Debian and Ubuntu; to fix this, we install vim-nox:

apt-get install nano vim-nox

If vi is your favorite editor, then replace nano with vi in the following commands to edit files.

4 Configure the Hostname

The hostname of your server should be a subdomain like "server1.example.com". Do not use a domain name without subdomain part like "example.com" as hostname as this will cause problems later with your mail setup. First, you should check the hostname in /etc/hosts and change it when necessary. The line should be: "IP Address - space - full hostname incl. domain - space - subdomain part". For our hostname server1.example.com, the file shall look like this:

nano /etc/hosts

127.0.0.1       localhost.localdomain   localhost
192.168.1.100   server1.example.com     server1

# The following lines are desirable for IPv6 capable hosts
::1     localhost ip6-localhost ip6-loopback
ff02::1 ip6-allnodes
ff02::2 ip6-allrouters

Then edit the /etc/hostname file:

nano /etc/hostname

It shall contain only the subdomain part, in our case:

server1

Finally, reboot the server to apply the change:

reboot

Log in again and check if the hostname is correct now with these commands:

hostname
hostname -f

The output shall be like this:

[email protected]:/tmp# hostname
server1
[email protected]:/tmp# hostname -f
server1.example.com

 

5 Update Your Debian Installation

First, make sure that your /etc/apt/sources.list contains the stretch/updates repository (this makes sure you always get the newest security updates), and that the contrib and non-free repositories are enabled as some required packages are not in the main repository.

nano /etc/apt/sources.list

deb http://ftp.us.debian.org/debian/ stretch main contrib non-free
deb-src http://ftp.us.debian.org/debian/ stretch main contrib non-free

deb http://security.debian.org/debian-security stretch/updates main contrib non-free
deb-src http://security.debian.org/debian-security stretch/updates main contrib non-free

Run:

apt-get update

To update the apt package database

apt-get upgrade

and to install the latest updates (if there are any).

 

6 Change the default Shell

/bin/sh is a symlink to /bin/dash, however we need /bin/bash, not /bin/dash. Therefore we do this:

dpkg-reconfigure dash

Use dash as the default system shell (/bin/sh)? <- no

If you don't do this, the ISPConfig installation will fail.

 

7 Synchronize the System Clock

It is a good idea to synchronize the system clock with an NTP (network time protocol) server over the Internet. Simply run

apt-get install ntp

and your system time will always be in sync.

 

8 Install Postfix, Dovecot, MySQL, rkhunter, and Binutils

We can install Postfix, Dovecot, MySQL, rkhunter, and Binutils with a single command:

apt-get install postfix postfix-mysql postfix-doc mariadb-client mariadb-server openssl getmail4 rkhunter binutils dovecot-imapd dovecot-pop3d dovecot-mysql dovecot-sieve dovecot-lmtpd sudo

When you prefer MySQL over MariaDB, replace the packages "mariadb-client mariadb-server" in the above command with "mysql-client mysql-server".

You will be asked the following questions:

General type of mail configuration: <-- Internet Site
System mail name: <-- server1.example.com

To secure the MariaDB / MySQL installation and to disable the test database, run this command:

mysql_secure_installation

Answer the questions as follows:

Change the root password? [Y/n] <-- y
New password: <-- Enter a new MySQL root password
Re-enter new password: <-- Repeat the MySQL root password
Remove anonymous users? [Y/n] <-- y
Disallow root login remotely? [Y/n] <-- y
Remove test database and access to it? [Y/n] <-- y
Reload privilege tables now? [Y/n] <-- y

Next, open the TLS/SSL and submission ports in Postfix:

nano /etc/postfix/master.cf

Uncomment the submission and smtps sections as follows and add lines where necessary so that this section of the master.cf file looks exactly like the one below.

[...]
submission inet n - - - - smtpd
-o syslog_name=postfix/submission
-o smtpd_tls_security_level=encrypt
-o smtpd_sasl_auth_enable=yes
-o smtpd_client_restrictions=permit_sasl_authenticated,reject
# -o smtpd_reject_unlisted_recipient=no
# -o smtpd_client_restrictions=$mua_client_restrictions
# -o smtpd_helo_restrictions=$mua_helo_restrictions
# -o smtpd_sender_restrictions=$mua_sender_restrictions
# -o smtpd_recipient_restrictions=
# -o smtpd_relay_restrictions=permit_sasl_authenticated,reject
# -o milter_macro_daemon_name=ORIGINATING
smtps inet n - - - - smtpd
-o syslog_name=postfix/smtps
-o smtpd_tls_wrappermode=yes
-o smtpd_sasl_auth_enable=yes
-o smtpd_client_restrictions=permit_sasl_authenticated,reject
# -o smtpd_reject_unlisted_recipient=no
# -o smtpd_client_restrictions=$mua_client_restrictions
# -o smtpd_helo_restrictions=$mua_helo_restrictions
# -o smtpd_sender_restrictions=$mua_sender_restrictions
# -o smtpd_recipient_restrictions=
# -o smtpd_relay_restrictions=permit_sasl_authenticated,reject
# -o milter_macro_daemon_name=ORIGINATING [...]

Restart Postfix afterwards:

service postfix restart

We want MySQL to listen on all interfaces, not just localhost. Therefore, we edit /etc/mysql/mariadb.conf.d/50-server.cnf and comment out the line bind-address = 127.0.0.1 and add the line sql-mode="NO_ENGINE_SUBSTITUTION":

nano /etc/mysql/mariadb.conf.d/50-server.cnf

[...]
# Instead of skip-networking the default is now to listen only on
# localhost which is more compatible and is not less secure.
#bind-address           = 127.0.0.1

sql-mode="NO_ENGINE_SUBSTITUTION"

[...]

Set the password authentication method in MariaDB to native so we can use PHPMyAdmin later to connect as root user:

echo "update mysql.user set plugin = 'mysql_native_password' where user='root';" | mysql -u root

Edit the file /etc/mysql/debian.cnf and set the MYSQL / MariaDB root password there twice in the rows that start with password.

nano /etc/mysql/debian.cnf

The MySQL root password that needs to be added is shown in read, in this example the password is "howtoforge".

# Automatically generated for Debian scripts. DO NOT TOUCH!
[client]
host = localhost
user = root
password = howtoforge
socket = /var/run/mysqld/mysqld.sock
[mysql_upgrade]
host = localhost
user = root
password = howtoforge
socket = /var/run/mysqld/mysqld.sock
basedir = /usr

Then we restart MariaDB:

service mysql restart

Now check that networking is enabled. Run

netstat -tap | grep mysql

The output should look like this:

[email protected]:/home/administrator# netstat -tap | grep mysql
tcp6 0 0 [::]:mysql [::]:* LISTEN 17776/mysqld
[email protected]:/home/administrator#

 

9 Install Amavisd-new, SpamAssassin, and ClamAV

To install amavisd-new, SpamAssassin and ClamAV, we run

apt-get install amavisd-new spamassassin clamav clamav-daemon zoo unzip bzip2 arj nomarch lzop cabextract apt-listchanges libnet-ldap-perl libauthen-sasl-perl clamav-docs daemon libio-string-perl libio-socket-ssl-perl libnet-ident-perl zip libnet-dns-perl libdbd-mysql-perl postgrey

The ISPConfig 3 setup uses amavisd which loads the SpamAssassin filter library internally, so we can stop SpamAssassin to free up some RAM:

service spamassassin stop
systemctl disable spamassassin

9.1 Install Metronome XMPP Server (optional)

This step installs the Metronome XMPP Server which provides a chat server that is compatible with the XMPP protocol. This step is optional, if you do not need a chat server, then you can skip this step. No other ISPConfig functions depend on this software.

Add the Prosody package repository in Debian.

echo "deb http://packages.prosody.im/debian stretch main" > /etc/apt/sources.list.d/metronome.list
wget http://prosody.im/files/prosody-debian-packages.key -O - | sudo apt-key add -

Update the package list:

apt-get update

and install the packages with apt.

apt-get install git lua5.1 liblua5.1-0-dev lua-filesystem libidn11-dev libssl-dev lua-zlib lua-expat lua-event lua-bitop lua-socket lua-sec luarocks luarocks

luarocks install lpc

Add a shell user for Metronome.

adduser --no-create-home --disabled-login --gecos 'Metronome' metronome

Download Metronome to the /opt directory and compile it.

cd /opt; git clone https://github.com/maranda/metronome.git metronome
cd ./metronome; ./configure --ostype=debian --prefix=/usr
make
make install

Metronome has now be installed to /opt/metronome.

Share this page:

Suggested articles

81 Comment(s)

Add comment

Comments

From: Luther at: 2017-06-20 20:48:14

as soon as stretch released you updated your guides, thx for keeping up the hard work

From: nedkox at: 2017-06-23 19:23:48

http/2?

From: marc at: 2017-06-25 10:55:29

The underscore got me confused, it should be "NO_ENGINE_SUBSTITUTION"   . Hope it helps. 

sql-mode="NO_ENGINE_SUBSTITUTION"

From: Oscar at: 2017-06-26 04:11:56

I have a problem with IspConfig:

With initial configuration i create a user and a site y say this:

The following changes are not yet populated to all servers:

From: till at: 2017-06-26 07:47:10

Writing changes to disk takes about 1 Minute. If the changes have not been written after some time, then please make a post in the forum to get help with your installation issue. Instruction on how to find out what is failing in your install can be found at the end of this post: https://www.howtoforge.com/community/threads/please-read-before-posting.58408/

From: HelLViS69 at: 2017-06-29 20:47:41

Hi,I just installed a fresh Debian 9, but the new server doesn't send/receive emails.

I checked in the logs and the problem is amavis:giu 29 22:29:18 web amavis[21846]: Starting amavisd: ERROR: MISSING REQUIRED ADDITIONAL MODULES:giu 29 22:29:18 web amavis[21846]:   DBD::mysqlgiu 29 22:29:18 web amavis[21846]: (failed).

I checked apt repo and they are ok, the only package referring to DBD and mysql is libaprutil1-dbd-mysql which isn't installed

Anyone have a clue?

From: HelLViS69 at: 2017-07-06 11:31:52

Hi, I installed libdbd-mysql-perl and amavis is up and running.. I didn't try to send/receive mails yet

From: HelLViS69 at: 2017-07-07 20:04:15

Hi, I finally managed to send/receive mails. The first problem, as in the previous mail, was libdbd-mysql-perl missing. (email receiving)

Then I have a SASL login error, fixed installing libsasl2-modules.

The last error was sending mail with this error:status=deferred (connect to 127.0.0.1[127.0.0.1]:10026: Connection refused)

The problem here was in /etc/postfix/main.cf: content_filter = amavis:[127.0.0.1]:10024 while in /etc/postfix/tag_as_originating.re there was /^/ FILTER amavis:[127.0.0.1]:10026. Asap I changed the port to 10024, postfix started to send mails

From: tucuta at: 2017-07-01 06:07:32

This tutorial does not work. He already tried 3 times, he followed the steps well and there are two applications that do not ask for password.When I create a user and when I sync does not work. The message is: The following changes are not yet populated to all servers:

:-(

From: till at: 2017-07-01 06:57:08

The tutorial is working fine. Just had a user who reported to me yesterday that everything worked out of the box and I installed it myself by simple copy/paste of all commands 2 days ago as well without any issues. Your problem is an issue with your server and not the tutorial, when the base system is broken or not a clean fresh install, then the setup will fail. E.g. when services are already installed, then they will not ask for a password. And non-executing ISPConfig jobs can mean that you or the person that made the base install disabled the linux cron daemon. Please post in the forum here at howtoforge to get help with your server installation.

From: Linuxer at: 2017-07-01 17:26:34

Thank you for the new perfect server guide. Works great.

From: brody at: 2017-07-03 05:17:19

lstsencrypt does not enable under Sites -> Web domain

From: till at: 2017-07-03 09:03:08

This means that let's encrypt was not able to verify your domain. See let's encrypt FAQ post in the forum: https://www.howtoforge.com/community/threads/lets-encrypt-error-faq.74179/ and post in the Forum if you need further help on configuring your Domain for Let's encrypt.

From: Fab at: 2017-07-05 12:14:03

In order to get amavisd starting you need to install this package:

libdbd-mysql-perl

From: till at: 2017-07-05 12:21:27

I do not have to install this separately on my servers. I'll check that.

From: treki at: 2017-07-07 21:58:20

Configuring phpmyadmin:

ERROR 1045 (28000): Access denied for user 'root'@'localhost' (using     ?    ? password: YES) . Your options are:                                       ?    ?  * abort - Causes the operation to fail; you will need to downgrade,     ?    ?    reinstall, reconfigure this package, or otherwise manually intervene  ?    ?    to continue using it. This will usually also impact your ability to   ?    ?    install other packages until the installation failure is resolved.    ?    ?  * retry - Prompts once more with all the configuration questions        ?    ?    (including ones you may have missed due to the debconf priority       ?    ?    setting) and makes another attempt at performing the operation.       ?    ?  * retry (skip questions) - Immediately attempts the operation again,    ?    ?    skipping all questions. This is normally useful only if you have      ?    ?    solved the underlying problem since the time the error occurred.      ?    ?  * ignore - Continues the operation ignoring dbconfig-common errors.     ?    ?    This will usually leave this package without a functional database.   ?    ?                                                                          ?    ? Next step for database installation:                                     ?    ?                                                                          ?    ?                          abort                                           ?    ?                          retry                                           ?    ?                          retry (skip questions)                          ?    ?                          ignore

 

What i must do?

From: till at: 2017-07-10 09:01:19

The error means that you entered a wrong MySQL root password when requested by apt.

From: treki at: 2017-07-07 22:29:11

The same problem  in the RoudCube install!

From: treki at: 2017-07-07 23:14:33

ISPconfig installation:

PHP Parse error:  syntax error, unexpected 'if' (T_IF), expecting function (T_FUNCTION) in /usr/local/ispconfig/server/plugins-available/apache2_plugin.inc.php on line 1189

The mysql-password problems are solved.

From: till at: 2017-07-10 08:54:08

Download ISPConfig again and install it.

From: Er1ck at: 2017-07-09 12:39:45

Till, congratulations for the tutorial! It didn't work for me on the first try but I believe in it. For many years, I've set up the systems by hand by the shell and now I want a new life with Ispconfig. :) I want to install it on multiple servers in the cloud and that's why I have a huge hope that it works well. I use Sendmail and Exim4, Postfix will be the first time.

Some servers are in the Google Cloud, which is very restrictive in many things. For email, I'm using Sendgrid with them. My question is if your tutorial and Ispconfig can work fine on a Google Cloud virtual machine using Sendgrip to send emails? The other servers are in Rackspace, Amazon WS and Digital Ocean. Are there any special recommendations for using the tutorial and Ispconfig in these hosting companies?

On special servers some Ispconfig features will be disabled.

 

Thank you so much!

From: till at: 2017-07-10 09:05:30

This setup works fine on cloud services as well. You can configure e.g. sendgrid as outgoing SMTP under System > Server config in ISPConfig. Btw. In case that you recieved that syntax error that the user posted abvoe when using the ISPConfig dev version from git, then just download ISPConfig dev again (or use the stable version which did not had that problem) as the problem has been resolved in the dev code.

From: Jose at: 2017-07-12 22:59:09

Hello, gives the following error, from inside of Ispconfig:

Is a new installation of a debian 9 in a vps, I tried 3 times installing the manual from the begining alwais with the same error, and doing the manual exactly.

Thank you.

postfix/smtpd[1664]: fatal: no SASL authentication mechanismspostfix/smtpd[1753]: fatal: no SASL authentication mechanisms

From: till at: 2017-07-13 06:48:26

There is no issue in the tutorial itself, mail on the resulting setup works flawlessly as you can see e.g. in the downloadable VM. Most likely, you made a mistake while editing the postfix config or you missed to install a package. Please post in the forum to get help with your configuration problem.

From: Zergling at: 2017-07-15 22:43:17

How to set quota when I have virtual machine running on LXC?And my /etc/fstab looks like this:# UNCONFIGURED FSTAB FOR BASE SYSTEM

From: till at: 2017-07-17 08:18:44

LXC does not has any real quota support. But there are some workarounds to get quota in LXC like this: https://www.howtoforge.com/tutorial/how-to-setup-virtual-containers-with-lxc-and-quota/

But you will probably see a performance decrease.

From: Solstice at: 2017-07-17 21:36:55

There is a issue with the Maria DB for Debian 9 and the echo "update mysql.user set plugin = 'mysql_native_password' where user='root';" | mysql -u root.

If you do the set plugin portion one will end up with a ERROR 1524 (HY000): Plugin  x is not loaded.

From research it seems to have to deal with Maria DB 10x or Mysql 5.7x as it has changed the tables for user passwords.

Please update this, as it gets frustrating during other install portions.

 

From: till at: 2017-07-18 10:39:16

Thank you for your report. I just tested the installation again on a fresh Debian 9 and there are no errors in the MySQL setup as shown in the tutorial. MySQL login with password works flawlessly and MySQL restarts without errors (neither on screen nor in the log file). Maybe you missed editing the debian.cnf file or you did not restart MySQL.

From: Ed at: 2017-07-27 16:15:33

Hi, Apache 2 won't start in section 10 - do you really mean httpoxy, or do you mean httproxy?

From: till at: 2017-07-27 16:26:24

Apache starts absolutely fine with that config here and yes, the name is 'httpoxy'. Don't you know what httpoxy is? Read here: https://httpoxy.org/

When apache does not start with that config, then you might have missed enabling the headers module in apache which is done in the a2enmod command above or you made a typo in one of the commands. In any case, you find the reason for the error that occurs on your server in the apache error.log file.

From: Ed at: 2017-07-27 16:27:46

Please ignore my just sent error report - there was a character missing from my /etc/apache2/conf-available/httpoxy.conf file which I corrected and which is now allowing apache2 to restart - a problem with vim and the mouse!

From: Quentin at: 2017-08-01 11:28:50

 hello,

 

# Automatically generated for Debian scripts. DO NOT TOUCH![client]host = localhostuser = rootpassword = howtoforgesocket = /var/run/mysqld/mysqld.sock[mysql_upgrade]host = localhostuser = rootpassword = howtoforgesocket = /var/run/mysqld/mysqld.sockbasedir = /usr

 

am i supposed to replace howto forge by my root password ? is it safe to let in clear a password?

From: till at: 2017-08-01 11:47:18

Yes, you have to replace it and yes, it's safe as the file can be read by the root user only and the password has to be set in cleartext there.

From: Quentin at: 2017-08-01 12:29:40

Thanks for the answer !

From: Nico at: 2017-08-04 00:37:27

I`ve received an 404-Error, when I`ve tried to acces phpMyAdmin.

Add:

Include /etc/phpmyadmin/apache.conf

at the bottom of /etc/apache2/apache2.conf solved my problem.

Rest works great! Thank you very much for this howto.

From: till at: 2017-08-04 07:10:37

When you select the apache installation option during PHPMyAdmin installation as shown in the tutorial, then adding this include manually is not needed.

From: ed at: 2017-08-07 06:04:03

Hi,  In step 12.1 shoud we also a2enconf php7.0-fpm like the terminal return tells us to, or is that a mistake?

From: till at: 2017-08-07 08:56:31

You should not run a2enconf php7.0-fpm.

From: ed at: 2017-08-07 18:42:54

I have the same question - in step 10 I am installing mariadb, yet I was not asked for a mysql root password! and I  am reinstalling because I followed this tutorial perfectly 2 days ago, and have not been able to send or receive mail with this production install, even though I did get it workign on a test vps - the only difference being that the test vps has exim4 installed, and this one does not. and the error is a failure to communicate with smpt - given in roundcube when I try to send mail.

From: Luke at: 2017-08-31 00:07:54

Everything worked great, until it wouldn't let me upload website content via SFTP (user: admin), and I ran chmod 777 on the whole /var/www directory

# chmod -R 777 /var/www

 

Webserver still runs, but the ISPConfig GUI is broken (500 / Internal Server Error)

 

Tried to patch up with this, but no dice.....

    # sudo find /var -type d -exec chmod 775 '{}' \;

    # sudo find /var -type f -exec chmod 664 '{}' \;

 

Any ideas how to fix? I already tried to reinstall ISPConfig with php -q update.php

From: till at: 2017-08-31 07:49:00

A chmod 777 must destroy the whole installation as all files and folders have special permissions, so never do that. You can upload files by SFTP with an SSH user that you created for this website in ISPConfig (or by FTPS when you created an FTP user). The user "admin" which does not belong to the ISPConfig install is probably just a normal Linux user without special permissions, so he can not upload files to websites. Only users of the site and the root user can do that.

 

What you can try is that you enable the "update permissions on update" option under system > server config > web in ISPConfig and then run Tools > Resync in ISPConfig to resync the websites. If this won't work, then you probably have to delete all sites in ISPConfig and recreate them or reinstall the system.

From: Adam at: 2017-09-10 03:07:14

I am a little confused by this...what am i actually supposed to input into hostname?

Are your ip addresses here internal/local ones or external/public ones? (this is really confusing)

In this tutorial, I will use the hostname server1.example.com with the IP address 192.168.1.100 and the gateway 192.168.1.1. These settings might differ for you, so you have to replace them where appropriate. Before proceeding further you need to have a minimal installation of Debian 9.

 

For a google cloud compute instance the following is automatically added by google when the instance is deployed (the disk image already has an O/S too).

Do i delete what google has automatically added and replace it with your 192.168.1.100 etc? (on google cloud locahost is 127... is it not? What is 192.168 for? That is not an external/public ip address?)

 

127.0.0.1       localhost

::1             localhost ip6-localhost ip6-loopback

ff02::1         ip6-allnodes

ff02::2         ip6-allrouters

 

10.152.0.3 server1.c.goannawebsites-1.internal server1  # Added by Google

169.254.169.254 metadata.google.internal  # Added by Google

From: Adam at: 2017-09-10 08:33:45

is this jailkit directory the right one? Doesnt this install it into the tmp directory?

 

cd /tmpwget http://olivier.sessink.nl/jailkit/jailkit-2.19.tar.gztar xvfz jailkit-2.19.tar.gzcd jailkit-2.19echo 5 > debian/compat./debian/rules binary

From: till at: 2017-09-10 09:18:07

Yes, that's the correct directory and no, this will not install jailkit in /tmp.

From: Markus at: 2017-09-14 13:46:33

It is not the perfect Server... HowTo...You write about installing letsencrypt, but it is not used in your howto. Only installing is not enough, that does not work

From: till at: 2017-09-15 08:33:13

I guess you are a first-time ISPConfig user so you can't know that the tutorial is complete and the LE certs are created by ISPConfig when you add a site. So there is nothing missing, the tutorial is complete, there are no further steps needed beside installing the LE package as shown in the tutorial. LE is used by ISPConfig and the SSL certs are created by ISPConfig. I'll add a note in the tutorial so that no other first-time users think that something is missing.

From: Eric at: 2017-09-14 15:38:16

Hi, and thank you for this tutorial.

I had an error in the RKHunter log : Invalid WEB_CMD configuration option: Relative pathname: "/bin/false"

I googled it and found a solution, which was to edit the /etc/rkhunter.conf file and change some values :

UPDATE_MIRRORS=0   --> UPDATE_MIRRORS=1

MIRRORS_MODE=1      --> MIRRORS_MODE=0

WEB_CMD="/bin/false" --> WEB_CMD=""

Does these seems fine to you ? Or should I revert these and correct that error another way ?

Thanks for your help

From: esezako at: 2017-09-21 07:26:25

Hi,

For when a howto Multiserver Setup With Dedicated Web, Email, DNS & MySQL Database Servers On Debian 9?

Thanks in advance!

From: quaz22 at: 2017-09-25 10:08:14

Hello

I had to install yet dialog and libwww-perl

I have Debian 8.9

The ispconfig shows me: Invalid WEB_CMD configuration option: Relative pathname: "/bin/false"

Nothing helps

 

From: till at: 2017-09-25 10:12:56

This tutorial is for Debian 9.x only, it will not work when you have Debian 8.x. The tutorial for Debian 8 is here: https://www.howtoforge.com/tutorial/perfect-server-debian-8-4-jessie-apache-bind-dovecot-ispconfig-3-1/

 

You should always use the tutorial that matches the major version of your installed OS.

From: Michael at: 2017-09-27 05:09:56

Seem to have forgotten to link phpmyadmin apache conf to sites-enabled

From: till at: 2017-09-27 06:25:43

This link is created automatically when you install PHPMyAdmin by selecting apache in the apt installer. If the link is missing on your system, then you have not chosen the right option during install (or you did not activate it in the dialog with the space bar).

From: Michael at: 2017-10-06 02:17:04

Oh! I see what happened. It LOOKED like I had apache selected when configuring, but I didn't have anything selected. I had to hit *space*!

From: Michael at: 2017-09-27 05:44:22

may need to add this too (i needed it for getting certbot to work on command line)

 

apt-get install python-certbot-apache

From: till at: 2017-09-27 06:28:51

This package is not required and more important it will hurt the setup. It tries to modify the vhosts created by ispconfig in a way that the system will fail later (it duplicates some apache directives which have t be unique server-wide so apache will fail when you restart it). LE certs for websites get generated from within ISPConfig.

From: Michael at: 2017-10-06 02:27:40

Okay... So then how do we get the cert for the main server?

From: till at: 2017-10-06 07:26:23

https://www.howtoforge.com/community/threads/securing-ispconfig-3-control-panel-port-8080-with-lets-encrypt-free-ssl.75554/

From: Michael at: 2017-10-06 13:17:47

Thank you! I will look into that. :)

From: Alan Johnston at: 2017-10-02 02:09:36

i must of done this tutorial 8 times in one night getting to the end and not being able to log in, everytime i tried to log in it would not load, it done my head in i went from sever1.example.com (obvs not the example part but i have used it as an example) it would not let me log in but now i have managed to log in after trying 192.168.0.10 (diff ip again for security) so if you cant login thorugh the FQDN then try the ip

From: Manel Neto at: 2017-10-04 17:36:57

How do I install another version of php

From: Kévin at: 2017-10-20 12:39:50

Hi and thanks for the tutorial !

When I put this : echo "update mysql.user set plugin = 'mysql_native_password' where user='root';" | mysql -u root

I got this message : ERROR 1698 (28000): Access denied for user 'root'@'localhost'

Do you have any ideas ?

Thanks!

 

From: till at: 2017-10-20 13:37:24

Seems as if your MySQL server has a root password already. use this command in that case:

 

echo "update mysql.user set plugin = 'mysql_native_password' where user='root';" | mysql -u root -p

From: Kévin at: 2017-10-20 14:04:31

Thanks for your quick answer ! 

Sadly, I have this message : ERROR 1698 (28000): Access denied for user 'root'@'localhost'

:(

From: till at: 2017-10-20 14:09:07

Then you either did not add the -p switch at the end of the command as I suggested or you enter a wrong password.

From: Kévin at: 2017-10-20 14:15:26

I added the -p, I tried with sudo, I still got the same error...How to solve this problem ?

From: brody at: 2017-10-24 10:13:34

I get an error in RKHunter Log "Invalid WEB_CMD configuration option: Relative pathname: "/bin/false"

From: till at: 2017-11-04 06:56:58

That's not an issue in the tutorial, it is in the Debian RKHuntre package, see here: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=869760

From: John Rand at: 2017-11-08 17:01:21

I'm trying to add ISPConfig on a Debian 9  on Google Compute Engine.  When I added a host and hostname as described, and rebooted, and then check through hostname and hostname -f, it shows the Google hostname, not what I added.  Could this be why I'm getting the Access denied for user 'root'@'localhost' when I run echo "update mysql.user set plugin = 'mysql_native_password' where user='root';" | mysql -u root -p

Obviously a newbie here.  Any suggestions would be appreciated.

From: till at: 2017-11-09 09:23:52

That's not related. When google does not let you set the hostnname, then you can leave the hostname as it is. Maybe you have not set a MySQL root password yet, in that case remove the -p at the end of the command.

From: André at: 2017-11-19 09:37:52

I can't get Pro-FTP to work properly. I just want to allow FTPS. SFTP I have totally deleted because it would have to run over PAM. But with FTPS it cannot load the directory list.

From: Fabrice at: 2017-11-20 21:22:57

Thank you very much

From: Jesse Norell at: 2017-11-22 19:27:33

I upgraded a system from jessie to stretch and edited /etc/mysql/mariadb.conf.d/50-server.cnf (which did exist) to set sql-mode="NO_ENGINE_SUBSTITUTION" however I found that config file was not being read at all; I ended up making the addition to /etc/mysql/conf.d/mariadb.cnf and it worked fine.

From: George at: 2017-11-23 08:26:39

Every time.... in roundcube...

 

 

 An error occurred while installing the database:                                                                                                      ?  ?                                                                                                                                                       ?  ? ERROR 2002 (HY000): Can't connect to local MySQL server through socket '/var/run/mysqld/mysqld.sock' (2 "No such file or directory") . Your options   ?  ? are:                                                                                                                                                  ?  ?  * abort - Causes the operation to fail; you will need to downgrade,                                                                                  ?  ?    reinstall, reconfigure this package, or otherwise manually intervene                                                                               ?  ?    to continue using it. This will usually also impact your ability to                                                                                ?  ?    install other packages until the installation failure is resolved.                                                                                 ?  ?  * retry - Prompts once more with all the configuration questions                                                                                     ?  ?    (including ones you may have missed due to the debconf priority                                                                                    ?  ?    setting) and makes another attempt at performing the operation.                                                                                    ?  ?  * retry (skip questions) - Immediately attempts the operation again,                                                                                 ?  ?    skipping all questions. This is normally useful only if you have                                                                                   ?  ?    solved the underlying problem since the time the error occurred.                                                                                   ?  ?  * ignore - Continues the operation ignoring dbconfig-common errors.                                                                                  ?  ?    This will usually leave this package without a functional database.                                                                                ?  ?                                                                                                                                                       ?  ? Next step for database installation:                                                                                                                  ?  ?                                                                                                                                                       ?  ?                                                                abort                                                                                  ?  ?                                                                retry                                                                                  ?  ?                                                                retry (skip questions)                                                                 ?  ?                                                                ignore                                                                                 ?  ?                                                                                                                                                       ?  ?                                                                                                                                                       ?  ?                                                                        <Ok>          

From: Fahad Ahammed at: 2017-11-25 04:38:35

Thank You.

From: James Steerforth at: 2017-11-26 08:01:09

A small suggestion - you should rename this as  "The Perfect Guide to a Perfect Server". I proceeded through all the steps without a hitch, a rare occurence when following these type of instructions. Thanks for such a detailed and useful guide.

From: Fabrice at: 2017-11-29 23:37:21

Hi,

Thank you very much for this tuto.

I followed step by step, I've created a new client with ISPConfig 3.1, a new site and a new ftp account, but I can't connect with FileZilla, with SSH port 21.

Do you have an idea ?

Thanks

Fabrice

From: till at: 2017-11-30 07:50:07

Most likely you use a wrong FTP mode. ensure that you use FTPS (which is FTP) and not SFTP (which is SSH). If you need further help, please post in the Forum here at howtoforge.

From: David Evans at: 2017-11-30 22:57:37

After finishing this I was unable to log into ISPConfig. I had the site took too long to respond error so I rebooted the server and then was unable to login as root anymore?  

From: till at: 2017-12-01 08:25:15

Then you probably made a mistale during setup. This tutorial does not alter or configure root login nor sshd.

From: Armand at: 2017-12-03 19:03:16

Very nice tutorial, thank you.

I have just a small important problem: I cannot access to phpmyadmin. On myserveraddress:8080/phpmyadmin I'm getting the warning

The requested URL /phpmyadmin was not found on this server.

I'm lost

From: Sijmen at: 2017-12-14 19:57:59

[email protected]:~# apt-get install postfix postfix-mysql postfix-doc mariadb-client mariadb-server openssl getmail4 rkhunter binutils dovecot-imapd dovecot-pop3d dovecot-mysql dovecot-sieve dovecot-lmtpd sudo

Reading package lists... Done

Building dependency tree

Reading state information... Done

E: Unable to locate package dovecot-sieve dovecot-lmtpd sudo

what am i missing i have edited the soucelist