I've started this installation using a precreated template of Debian 5 (Lenny) minimal, downloaded from:
download.openvz.org
I've also done a mix of the next howtos from the guru at www.howtoforge.org
Create a container based on the just downloaded template, specify an IP address, an hostname, a nameserver. I also give to the root user, a password
vzctl create 1100 --ostemplate debian-5.0-i386-minimal --config vps.custom vzctl set 1100 --ipadd 192.168.0.100 --save vzctl set 1100 --hostname ic3.dw.lan --save vzctl set 1100 --nameserver 192.168.0.22 --save vzctl set 1100 --userpasswd root:your-root-password
This is the configuration file i've used
nano /etc/vz/conf/1100.conf
# Primary parameters NUMPROC="256:256" AVNUMPROC="64:64" NUMTCPSOCK="256:256" NUMOTHERSOCK="256:256" VMGUARPAGES="320M:unlimited" # Secondary parameters OOMGUARPAGES="320M:unlimited" PRIVVMPAGES="512M:1024M" KMEMSIZE="12M:16M" TCPSNDBUF="512K:1536K" TCPRCVBUF="512K:1536K" OTHERSOCKBUF="512K:1536K" DGRAMRCVBUF="512K:512K" # Auxiliary parameters LOCKEDPAGES="256:256" SHMPAGES="13107:13107" PHYSPAGES="0:unlimited" NUMFILE="8192:8192" NUMFLOCK="256:288" NUMPTY="32:32" NUMSIGINFO="512:512" DCACHESIZE="2048K:3072K" NUMIPTENT="64:64" ### Disk quota parameters (in form of softlimit:hardlimit) DISKSPACE="20000M:22000M" DISKINODES="200000:220000" QUOTATIME="0" ### CPU fair sheduler parameter (OpenVZ consider one 1 GHz PIII Intel processor # to be approximately equivalent to 50000 CPU units) CPUUNITS="50000" CPUS="1" ONBOOT="yes" # VE_ROOT="/var/lib/vz/root/$VEID" VE_PRIVATE="/var/lib/vz/private/$VEID" OSTEMPLATE="debian-5.0-i386-minimal" ORIGIN_SAMPLE="vps.kokk" HOSTNAME="ic3.dw.lan" IP_ADDRESS="192.168.0.100" NAMESERVER="192.168.0.22" CAPABILITY="CHOWN:on DAC_READ_SEARCH:on SETGID:on SETUID:on NET_BIND_SERVICE:on NET_ADMIN:on SYS_CHROOT:on SYS_NICE:on "
This last line is important especially for the FTP server that we install later, if not present PureFTPd wont start
Start the container and enter as root
vzctl start 1100 vzctl enter 1100
Set the correct timezone, choosing the right value (mine is Europe/Rome):
dpkg-reconfigure tzdata
Make sure that your /etc/apt/sources.list contains the right links to the debian repositories, like this
nano /etc/apt/sources.list
## Debian Stable (Lenny) deb http://ftp.it.debian.org/debian/ lenny main contrib non-free deb-src http://ftp.it.debian.org/debian/ lenny main contrib non-free ## security updates deb http://security.debian.org/ lenny/updates main contrib non-free deb-src http://security.debian.org/ lenny/updates main contrib non-free ## this is to always get the newest updates for the ClamAV virus scanner, this ## project publishes releases very often, and sometimes old versions stop working deb http://volatile.debian.org/debian-volatile lenny/volatile main contrib non-free
Update the apt package database and and install updates
apt-get update
One time i have got an error, related to gpg keys, after adjusting the /etc/apt/sources.list, so before proceed, i've done this
apt-get install debian-archive-keyring
Then again, and the problem vanished
apt-get update
Finally, install updates
apt-get -y upgrade
Install Postfix, Dovecot and MySQL with one single command
apt-get -y install postfix postfix-mysql postfix-doc mysql-client mysql-server openssl getmail4 rkhunter binutils dovecot-imapd dovecot-pop3d
Enter the new password for MySQL when requested by the installer, and answer the next questions like these
If you want MySQL to listen on all interfaces, and not just localhost, edit /etc/mysql/my.cnf and add a comment in front of the line that begin with bind-address, like this
[...] # Instead of skip-networking the default is now to listen only on # localhost which is more compatible and is not less secure. #bind-address = 127.0.0.1: [...]
Then restart MySQL
/etc/init.d/mysql restart
To check that networking is enabled. Run
netstat -tap | grep mysql
The output should look like this
root@ic3:/# netstat -tap | grep mysql tcp 0 0 *:mysql *:* LISTEN 6612/mysqld root@ic3:/#
As I am not interested in make an antivirus/antispamming server, then I totally skip the entire chapter
Now install Apache2, PHP5, phpMyAdmin, FCGI, suExec, Pear, and mcrypt as follows
apt-get -y install apache2 apache2.2-common apache2-doc apache2-mpm-prefork apache2-utils libexpat1 ssl-cert libapache2-mod-php5 php5 php5-common php5-gd php5-mysql php5-imap phpmyadmin php5-cli php5-cgi libapache2-mod-fcgid apache2-suexec php-pear php-auth php5-mcrypt mcrypt php5-imagick imagemagick libapache2-mod-suphp libopenssl-ruby libapache2-mod-ruby sudo
You need to answer the following question
Then run the following command to enable some Apache modules
a2enmod suexec rewrite ssl actions include ruby dav_fs dav auth_digest
Restart Apache to activate new configuration
/etc/init.d/apache2 restart
Install vlogger, webalizer, and awstats:
apt-get -y install vlogger webalizer awstats
Then open /etc/webalizer/webalizer.conf and change the line starting with Incremental, like this
[...] Incremental yes [...]
PureFTPd can be installed with the following command
apt-get -y install pure-ftpd-common pure-ftpd-mysql
Edit the file /etc/default/pure-ftpd-common
nano /etc/default/pure-ftpd-common
and change the start mode from inetd to standalone and set VIRTUALCHROOT=true, like this
[...] STANDALONE_OR_INETD=standalone [...] VIRTUALCHROOT=true [...]
Edit the file /etc/inetd.conf to prevent inetd from trying to start ftp. Add a comment in front of the line that begin with ftp, like this
[...] #ftp stream tcp nowait root /usr/sbin/tcpd /usr/sbin/pure-ftpd-wrapper [...]
Some additional settings for pureftpd
echo 'yes' > /etc/pure-ftpd/conf/DontResolve
Enable TLS in pureftpd
echo 1 > /etc/pure-ftpd/conf/TLS mkdir -p /etc/ssl/private/ openssl req -x509 -nodes -newkey rsa:1024 -keyout /etc/ssl/private/pure-ftpd.pem -out /etc/ssl/private/pure-ftpd.pem
You need to answer the following questions
chmod 600 /etc/ssl/private/pure-ftpd.pem
Then start PureFTPd:
/etc/init.d/pure-ftpd-mysql start
Before install MyDNS, we need to install a few prerequisites
apt-get -y install g++ libc6 gcc gawk make texinfo libmysqlclient15-dev
MyDNS is not available in the Debian Lenny repositories, therefore we have to build it ourselves as follows
cd /tmp wget http://heanet.dl.sourceforge.net/sourceforge/mydns-ng/mydns-1.2.8.27.tar.gz tar xvfz mydns-1.2.8.27.tar.gz cd mydns-1.2.8 ./configure make make install
Next we create the start/stop script for MyDNS
nano /etc/init.d/mydns
#! /bin/sh # # mydns Start the MyDNS server # # Author: Philipp Kern <phil@philkern.de>. # Based upon skeleton 1.9.4 by Miquel van Smoorenburg # <miquels@cistron.nl> and Ian Murdock <imurdock@gnu.ai.mit.edu>. # set -e PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin DAEMON=/usr/local/sbin/mydns NAME=mydns DESC="DNS server" SCRIPTNAME=/etc/init.d/$NAME # Gracefully exit if the package has been removed. test -x $DAEMON || exit 0 case "$1" in start) echo -n "Starting $DESC: $NAME" start-stop-daemon --start --quiet \ --exec $DAEMON -- -b echo "." ;; stop) echo -n "Stopping $DESC: $NAME" start-stop-daemon --stop --oknodo --quiet \ --exec $DAEMON echo "." ;; reload|force-reload) echo -n "Reloading $DESC configuration..." start-stop-daemon --stop --signal HUP --quiet \ --exec $DAEMON echo "done." ;; restart) echo -n "Restarting $DESC: $NAME" start-stop-daemon --stop --quiet --oknodo \ --exec $DAEMON sleep 1 start-stop-daemon --start --quiet \ --exec $DAEMON -- -b echo "." ;; *) echo "Usage: $SCRIPTNAME {start|stop|restart|reload|force-reload}" >&2 exit 1 ;; esac exit 0
Then we make the script executable and create the system startup links for it
chmod +x /etc/init.d/mydns update-rc.d mydns defaults
Jailkit is needed only if you want to chroot SSH users
important: Jailkit must be installed before ISPConfig - it cannot be installed afterwards!
It can be installed as follows but, some prerequisites first
#apt-get -y install build-essential autoconf automake1.9 libtool flex bison cd /tmp #wget http://olivier.sessink.nl/jailkit/jailkit-2.11.tar.gz wget http://cosmos.rete.us/sw/jailkit-2.11.tar.gz tar xvfz jailkit-2.11.tar.gz cd jailkit-2.11 ./configure make make install cd .. rm -rf jailkit-2.11*
This is optional but recommended, because the ISPConfig monitor tries to show the log
apt-get -y install fail2ban
To get the latest ISPConfig 3 stable release, please visit the ISPConfig website
Or install ISPConfig 3 from the latest released version, like this
cd /tmp wget http://www.ispconfig.org/downloads/ISPConfig-3-stable.tar.gz tar xfz ISPConfig-3-stable.tar.gz cd ispconfig3_install/install/
Then start the install script
php -q install.php
You need to answer the following questions
You need to answer the following questions
Now you can login into the control panel at
http://ic3.dw.lan/ispconfig
with username admin and password admin