====== Install on Lenny, Dovecot, MyDns and ISPConfig3 ======
I've started this installation using a precreated template of Debian 5 (Lenny) minimal, downloaded from:\\
[[http://download.openvz.org/template/precreated/contrib/debian-5.0-i386-minimal.tar.gz|download.openvz.org]]
I've also done a mix of the next howtos from the guru at [[http://www.howtoforge.com/|www.howtoforge.org]]
* [[http://www.howtoforge.com/perfect-server-debian-lenny-ispconfig3-p3|perfect-server-debian-lenny]]
* [[http://www.howtoforge.com/installing-a-multiserver-setup-with-dedicated-web-email-dns-and-mysql-database-servers-on-debian-5.0-with-ispconfig-3|installing-a-multiserver-setup]]
===== 1 - Setup the Virtual Environment =====
Create a container based on the just downloaded template, specify an IP address, an hostname, a nameserver.
I also give to the root user, a password
vzctl create 1100 --ostemplate debian-5.0-i386-minimal --config vps.custom
vzctl set 1100 --ipadd 192.168.0.100 --save
vzctl set 1100 --hostname ic3.dw.lan --save
vzctl set 1100 --nameserver 192.168.0.22 --save
vzctl set 1100 --userpasswd root:your-root-password
This is the configuration file i've used
nano /etc/vz/conf/1100.conf
# Primary parameters
NUMPROC="256:256"
AVNUMPROC="64:64"
NUMTCPSOCK="256:256"
NUMOTHERSOCK="256:256"
VMGUARPAGES="320M:unlimited"
# Secondary parameters
OOMGUARPAGES="320M:unlimited"
PRIVVMPAGES="512M:1024M"
KMEMSIZE="12M:16M"
TCPSNDBUF="512K:1536K"
TCPRCVBUF="512K:1536K"
OTHERSOCKBUF="512K:1536K"
DGRAMRCVBUF="512K:512K"
# Auxiliary parameters
LOCKEDPAGES="256:256"
SHMPAGES="13107:13107"
PHYSPAGES="0:unlimited"
NUMFILE="8192:8192"
NUMFLOCK="256:288"
NUMPTY="32:32"
NUMSIGINFO="512:512"
DCACHESIZE="2048K:3072K"
NUMIPTENT="64:64"
### Disk quota parameters (in form of softlimit:hardlimit)
DISKSPACE="20000M:22000M"
DISKINODES="200000:220000"
QUOTATIME="0"
### CPU fair sheduler parameter (OpenVZ consider one 1 GHz PIII Intel processor
# to be approximately equivalent to 50000 CPU units)
CPUUNITS="50000"
CPUS="1"
ONBOOT="yes"
#
VE_ROOT="/var/lib/vz/root/$VEID"
VE_PRIVATE="/var/lib/vz/private/$VEID"
OSTEMPLATE="debian-5.0-i386-minimal"
ORIGIN_SAMPLE="vps.kokk"
HOSTNAME="ic3.dw.lan"
IP_ADDRESS="192.168.0.100"
NAMESERVER="192.168.0.22"
CAPABILITY="CHOWN:on DAC_READ_SEARCH:on SETGID:on SETUID:on NET_BIND_SERVICE:on NET_ADMIN:on SYS_CHROOT:on SYS_NICE:on "
This last line is important especially for the FTP server that we install later, if not present PureFTPd wont start
===== 2 - Updating the Virtual Environment =====
Start the container and enter as root
vzctl start 1100
vzctl enter 1100
Set the correct timezone, choosing the right value (mine is Europe/Rome):
dpkg-reconfigure tzdata
Make sure that your **/etc/apt/sources.list** contains the right links to the debian repositories, like this
nano /etc/apt/sources.list
## Debian Stable (Lenny)
deb http://ftp.it.debian.org/debian/ lenny main contrib non-free
deb-src http://ftp.it.debian.org/debian/ lenny main contrib non-free
## security updates
deb http://security.debian.org/ lenny/updates main contrib non-free
deb-src http://security.debian.org/ lenny/updates main contrib non-free
## this is to always get the newest updates for the ClamAV virus scanner, this
## project publishes releases very often, and sometimes old versions stop working
deb http://volatile.debian.org/debian-volatile lenny/volatile main contrib non-free
Update the apt package database and and install updates
apt-get update
One time i have got an error, related to gpg keys, after adjusting the **/etc/apt/sources.list**, so before proceed, i've done this
apt-get install debian-archive-keyring
Then again, and the problem vanished
apt-get update
Finally, install updates
apt-get -y upgrade
===== 3 - Installing Mail & Database packages =====
Install Postfix, Dovecot and MySQL with one single command
apt-get -y install postfix postfix-mysql postfix-doc mysql-client mysql-server openssl getmail4 rkhunter binutils dovecot-imapd dovecot-pop3d
Enter the new password for MySQL when requested by the installer, and answer the next questions like these
* Create directories for web-based administration ? <- **No**
* General type of configuration? <- **Internet site**
* Mail name? <- **ic3.dw.lan**
* SSL certificate required <- **Ok**
If you want MySQL to listen on all interfaces, and not just localhost, edit **/etc/mysql/my.cnf** and add a comment in front of the line that begin with **bind-address**, like this
[...]
# Instead of skip-networking the default is now to listen only on
# localhost which is more compatible and is not less secure.
#bind-address = 127.0.0.1:
[...]
Then restart MySQL
/etc/init.d/mysql restart
To check that networking is enabled. Run
netstat -tap | grep mysql
The output should look like this
root@ic3:/# netstat -tap | grep mysql
tcp 0 0 *:mysql *:* LISTEN 6612/mysqld
root@ic3:/#
As I am not interested in make an antivirus/antispamming server, then I totally skip the entire chapter
===== 4 - Installing Webserver with PHP5 package =====
Now install Apache2, PHP5, phpMyAdmin, FCGI, suExec, Pear, and mcrypt as follows
apt-get -y install apache2 apache2.2-common apache2-doc apache2-mpm-prefork apache2-utils libexpat1 ssl-cert libapache2-mod-php5 php5 php5-common php5-gd php5-mysql php5-imap phpmyadmin php5-cli php5-cgi libapache2-mod-fcgid apache2-suexec php-pear php-auth php5-mcrypt mcrypt php5-imagick imagemagick libapache2-mod-suphp libopenssl-ruby libapache2-mod-ruby sudo
You need to answer the following question
* Web server to reconfigure automatically: <- **apache2**
Then run the following command to enable some Apache modules
a2enmod suexec rewrite ssl actions include ruby dav_fs dav auth_digest
Restart Apache to activate new configuration
/etc/init.d/apache2 restart
===== 5 - Installing vlogger, webalizer, and awstats packages =====
Install vlogger, webalizer, and awstats:
apt-get -y install vlogger webalizer awstats
Then open **/etc/webalizer/webalizer.conf** and change the line starting with **Incremental**, like this
[...]
Incremental yes
[...]
===== 6 - Installing FTP package =====
PureFTPd can be installed with the following command
apt-get -y install pure-ftpd-common pure-ftpd-mysql
Edit the file **/etc/default/pure-ftpd-common**
nano /etc/default/pure-ftpd-common
and change the start mode from **inetd** to **standalone** and set **VIRTUALCHROOT=true**, like this
[...]
STANDALONE_OR_INETD=standalone
[...]
VIRTUALCHROOT=true
[...]
Edit the file **/etc/inetd.conf** to prevent inetd from trying to start ftp. Add a comment in front of the line that begin with **ftp**, like this
[...]
#ftp stream tcp nowait root /usr/sbin/tcpd /usr/sbin/pure-ftpd-wrapper
[...]
Some additional settings for pureftpd
echo 'yes' > /etc/pure-ftpd/conf/DontResolve
Enable TLS in pureftpd
echo 1 > /etc/pure-ftpd/conf/TLS
mkdir -p /etc/ssl/private/
openssl req -x509 -nodes -newkey rsa:1024 -keyout /etc/ssl/private/pure-ftpd.pem -out /etc/ssl/private/pure-ftpd.pem
You need to answer the following questions
* Country Name (2 letter code) [AU]: <- **IT**
* State or Province Name (full name) [Some-State]: <- **Bagnolo in Piano**
* Locality Name (eg, city) []: <- **Reggio Emilia**
* Organization Name (eg, company) [Internet Widgits Pty Ltd]: <- **italmedia.net**
* Organizational Unit Name (eg, section) []: <- **Internet Server**
* Common Name (eg, YOUR name) []: <- **ic3.dw.lan**
* Email Address []: <- **k-root@rete.us**
chmod 600 /etc/ssl/private/pure-ftpd.pem
Then start PureFTPd:
/etc/init.d/pure-ftpd-mysql start
===== 7 - Install MyDNS package =====
Before install MyDNS, we need to install a few prerequisites
apt-get -y install g++ libc6 gcc gawk make texinfo libmysqlclient15-dev
MyDNS is not available in the Debian Lenny repositories, therefore we have to build it ourselves as follows
cd /tmp
wget http://heanet.dl.sourceforge.net/sourceforge/mydns-ng/mydns-1.2.8.27.tar.gz
tar xvfz mydns-1.2.8.27.tar.gz
cd mydns-1.2.8
./configure
make
make install
Next we create the start/stop script for MyDNS
nano /etc/init.d/mydns
#! /bin/sh
#
# mydns Start the MyDNS server
#
# Author: Philipp Kern .
# Based upon skeleton 1.9.4 by Miquel van Smoorenburg
# and Ian Murdock .
#
set -e
PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin
DAEMON=/usr/local/sbin/mydns
NAME=mydns
DESC="DNS server"
SCRIPTNAME=/etc/init.d/$NAME
# Gracefully exit if the package has been removed.
test -x $DAEMON || exit 0
case "$1" in
start)
echo -n "Starting $DESC: $NAME"
start-stop-daemon --start --quiet \
--exec $DAEMON -- -b
echo "."
;;
stop)
echo -n "Stopping $DESC: $NAME"
start-stop-daemon --stop --oknodo --quiet \
--exec $DAEMON
echo "."
;;
reload|force-reload)
echo -n "Reloading $DESC configuration..."
start-stop-daemon --stop --signal HUP --quiet \
--exec $DAEMON
echo "done."
;;
restart)
echo -n "Restarting $DESC: $NAME"
start-stop-daemon --stop --quiet --oknodo \
--exec $DAEMON
sleep 1
start-stop-daemon --start --quiet \
--exec $DAEMON -- -b
echo "."
;;
*)
echo "Usage: $SCRIPTNAME {start|stop|restart|reload|force-reload}" >&2
exit 1
;;
esac
exit 0
Then we make the script executable and create the system startup links for it
chmod +x /etc/init.d/mydns
update-rc.d mydns defaults
===== 8 - Install Jailkit package =====
Jailkit is needed only if you want to chroot SSH users \\
important: Jailkit must be installed before ISPConfig - it cannot be installed afterwards!
It can be installed as follows but, some prerequisites first
#apt-get -y install build-essential autoconf automake1.9 libtool flex bison
cd /tmp
#wget http://olivier.sessink.nl/jailkit/jailkit-2.11.tar.gz
wget http://cosmos.rete.us/sw/jailkit-2.11.tar.gz
tar xvfz jailkit-2.11.tar.gz
cd jailkit-2.11
./configure
make
make install
cd ..
rm -rf jailkit-2.11*
===== 9 - Install fail2ban package =====
This is optional but recommended, because the ISPConfig monitor tries to show the log
apt-get -y install fail2ban
===== 10 - Install ISPConfig 3 package =====
To get the latest ISPConfig 3 stable release, please visit the [[http://www.ispconfig.org/ispconfig-3/download/|ISPConfig website]]
Or install ISPConfig 3 from the latest released version, like this
cd /tmp
wget http://www.ispconfig.org/downloads/ISPConfig-3-stable.tar.gz
tar xfz ISPConfig-3-stable.tar.gz
cd ispconfig3_install/install/
Then start the install script
php -q install.php
You need to answer the following questions
* Select language (en,de) [en]: <- **en**
* Installation mode (standard,expert) [standard]: <- **expert**
* Full qualified hostname (FQDN) of the server, eg server2.domain.tld [web.example.tld]: <- **ic3.dw.lan**
* MySQL server hostname [localhost]: <- **localhost**
* MySQL root username [root]: <- **root**
* MySQL root password []: <- **Enter your MySQL root password here**
* MySQL database to create [dbispconfig]: <- **dbispconfig**
* MySQL charset [utf8]: <- **utf8**
* Shall this server join an existing ISPConfig multiserver setup (y,n) [n]: <- **n**
* Configure Mail (y,n) [y]: <- **y**
You need to answer the following questions
* Country Name (2 letter code) [AU]: <- **IT**
* State or Province Name (full name) [Some-State]: <- **Bagnolo in Piano**
* Locality Name (eg, city) []: <- **Reggio Emilia**
* Organization Name (eg, company) [Internet Widgits Pty Ltd]: <- **italmedia.net**
* Organizational Unit Name (eg, section) []: <- **Internet Server**
* Common Name (eg, YOUR name) []: <- **ic3.dw.lan**
* Email Address []: <- **k-root@rete.us**
* Configure Jailkit (y,n) [y]: <- **y**
* Configure FTP Server (y,n) [y]: <- **y**
* Configure DNS Server (y,n) [y]: <- **y**
* Configure Apache Server (y,n) [y]: <- **y**
* Configure Firewall Server (y,n) [y]: <- **y**
* Install ISPConfig Web-Interface (y,n) [y]: <- **y**
* ISPConfig Port [8080]: <- **8080**
Now you can login into the control panel at
http://ic3.dw.lan/ispconfig
with username **admin** and password **admin**