I've started this installation using a precreated template of Debian 5 (Lenny) minimal, downloaded from: download.openvz.org

I've also followed the next howto from the guru at www.howtoforge.org

• The Perfect Server - Debian Lenny (Debian 5.0) ISPConfig 2

Create a container based on the just downloaded template, specifying hostname, IP address, nameserver and give to the root user, a password

vzctl create 1100 --ostemplate debian-5.0-i386-minimal --config vps.custom
vzctl set 1100 --hostname ic2.dw.lan --save
vzctl set 1100 --ipadd 192.168.0.100 --save
vzctl set 1100 --nameserver 192.168.0.22 --save
vzctl set 1100 --userpasswd root:your-root-password

This is the configuration file i've used

nano /etc/vz/conf/1100.conf

1100.conf

# Configuration file generated by vzsplit for 16 VEs on HN with total amount of
# physical mem 2024 Mb, low memory 872 Mb, swap size 5938 Mb, Max treads 8000
# Resourse commit level 0:
# adjusted by kokk: VMGUARPAGES, OOMGUARPAGES, PRIVVMPAGES, DISKSPACE, DISKINODES
 
# Primary parameters
NUMPROC="500:500"
AVNUMPROC="139:139"
NUMTCPSOCK="500:500"
NUMOTHERSOCK="500:500"
VMGUARPAGES="288M:unlimited"
 
# Secondary parameters
OOMGUARPAGES="288M:unlimited"
PRIVVMPAGES="512M:1024M"
KMEMSIZE="11440947:12585041"
TCPSNDBUF="1765649:3813649"
TCPRCVBUF="1765649:3813649"
OTHERSOCKBUF="882824:2930824"
DGRAMRCVBUF="882824:882824"
 
# Auxiliary parameters
LOCKEDPAGES="558:558"
SHMPAGES="31093:31093"
PHYSPAGES="0:unlimited"
NUMFILE="4448:4448"
NUMFLOCK="444:488"
NUMPTY="50:50"
NUMSIGINFO="1024:1024"
DCACHESIZE="2487425:2562048"
NUMIPTENT="125:125"
 
# Disk quota parameters
DISKSPACE="20000M:22000M"
DISKINODES="200000:220000"
QUOTATIME="0"
 
# CPU fair sheduler parameter (OpenVZ consider one 1 GHz PIII Intel processor
# to be approximately equivalent to 50000 CPU units)
CPUUNITS="50000"
CPUS="1"
 
# Host parameters
ONBOOT="yes"
VE_ROOT="/var/lib/vz/root/$VEID"
VE_PRIVATE="/var/lib/vz/private/$VEID"
OSTEMPLATE="debian-5.0-i386-minimal"
ORIGIN_SAMPLE="vps.16"
HOSTNAME="ic2.dw.lan"
IP_ADDRESS="192.168.0.100"
NAMESERVER="192.168.0.22"
 

Start the container and enter as root

vzctl start 1100
vzctl enter 1100

Set the correct timezone, choosing the right value (mine is Europe/Rome):

dpkg-reconfigure tzdata

Make sure that your /etc/apt/sources.list contains the right links to the debian repositories, like this

nano /etc/apt/sources.list

sources.list

## Debian Stable (Lenny)
deb http://ftp.it.debian.org/debian/ lenny main contrib non-free
deb-src http://ftp.it.debian.org/debian/ lenny main contrib non-free
 
## security updates
deb http://security.debian.org/ lenny/updates main contrib non-free
deb-src http://security.debian.org/ lenny/updates main contrib non-free
 
## this is to always get the newest updates for the ClamAV virus scanner, this
## project publishes releases very often, and sometimes old versions stop working
deb http://volatile.debian.org/debian-volatile lenny/volatile main contrib non-free
 

Update the apt package database and and install updates

apt-get update

One time i have got an error, related to gpg keys, after adjusting the /etc/apt/sources.list, so before proceed, i've done this

apt-get install debian-archive-keyring

Then again, and the problem vanished

apt-get update

Finally, install updates

apt-get -y upgrade

Now we install a few packages that are needed later on. Run into one line:

apt-get install -y binutils cpp fetchmail flex gcc libarchive-zip-perl libc6-dev libcompress-zlib-perl libdb4.6-dev libpcre3 libpopt-dev lynx m4 make ncftp nmap openssl perl perl-modules unzip zip zlib1g-dev autoconf automake1.9 libtool bison autotools-dev g++ build-essential

To install BIND9 run:

apt-get install -y bind9

For security reasons we want to run BIND chrooted so we have to do the following steps:

/etc/init.d/bind9 stop

Edit the file /etc/default/bind9 so that the daemon will run as the unprivileged user bind, chrooted to /var/lib/named, listening only on v4 IP addresses.

nano /etc/default/bind9

bind9

# run resolvconf?
RESOLVCONF=yes
 
# startup options for the server
OPTIONS="-4 -u bind -t /var/lib/named"

Create the necessary directories under /var/lib:

mkdir -p /var/lib/named/etc
mkdir /var/lib/named/dev
mkdir -p /var/lib/named/var/cache/bind
mkdir -p /var/lib/named/var/run/bind/run

Then move the config directory from /etc to /var/lib/named/etc:

mv /etc/bind /var/lib/named/etc

Create a symlink to the new config directory from the old location, to avoid problems when BIND gets updated in the future:

ln -s /var/lib/named/etc/bind /etc/bind

Make null and random devices, and set ownership of the directories:

mknod /var/lib/named/dev/null c 1 3
mknod /var/lib/named/dev/random c 1 8
chmod 666 /var/lib/named/dev/null /var/lib/named/dev/random
chown -R bind:bind /var/lib/named/var/*
chown -R bind:bind /var/lib/named/etc/bind

Edit /etc/rsyslog.d/bind-chroot.conf adding the appropriate line so that we can still get important messages logged to the system logs:

nano /etc/rsyslog.d/bind-chroot.conf

bind-chroot.conf

[...]
$AddUnixListenSocket /var/lib/named/dev/log

Restart the logging daemon and BIND, then check /var/log/syslog for errors:

/etc/init.d/rsyslog restart
/etc/init.d/bind9 start

In order to install MySQL, we run

apt-get install -y mysql-server mysql-client libmysqlclient15-dev

You will be asked to provide a password for the MySQL user root. This password is valid for root@localhost as well as root@ic2.dw.lan, so we don't have to specify a MySQL root password manually later.

If you want MySQL to listen on all interfaces, and not just localhost, edit /etc/mysql/my.cnf and add a comment in front of the line that begin with bind-address, like this

nano /etc/mysql/my.cnf

my.cnf

[...]
# Instead of skip-networking the default is now to listen only on
# localhost which is more compatible and is not less secure.
#bind-address = 127.0.0.1
[...]

Then restart MySQL

/etc/init.d/mysql restart

To check that networking is enabled. Run

netstat -tap | grep mysql

The output should look like this

root@ic2:/# netstat -tap | grep mysql
tcp        0      0 *:mysql                 *:*                     LISTEN      6612/mysqld
root@ic2:/#

In order to install Postfix with SMTP-AUTH and TLS do the following steps:

apt-get install -y postfix libsasl2-2 sasl2-bin libsasl2-modules procmail

You will be asked two questions. Answer as follows:

• General type of mail configuration: ← Internet Site
• System mail name: ← ic2.dw.lan

Then run

dpkg-reconfigure postfix

Again, you'll be asked some questions:

• General type of mail configuration: ← Internet Site
• System mail name: ← ic2.dw.lan
• Root and postmaster mail recipient: ← [blank]
• Other destinations to accept mail for (blank for none): ← ic2.dw.lan, localhost.dw.lan, localhost
• Force synchronous updates on mail queue? ← No
• Local networks: ← 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128
• Use procmail for local delivery? ← Yes
• Mailbox size limit (bytes): ← 0
• Local address extension character: ← +
• Internet protocols to use: ← ipv4

Next, do this:

postconf -e 'smtpd_sasl_local_domain ='
postconf -e 'smtpd_sasl_auth_enable = yes'
postconf -e 'smtpd_sasl_security_options = noanonymous'
postconf -e 'broken_sasl_auth_clients = yes'
postconf -e 'smtpd_sasl_authenticated_header = yes'
postconf -e 'smtpd_recipient_restrictions = permit_sasl_authenticated,permit_mynetworks,reject_unauth_destination'
postconf -e 'inet_interfaces = all'
echo 'pwcheck_method: saslauthd' >> /etc/postfix/sasl/smtpd.conf
echo 'mech_list: plain login' >> /etc/postfix/sasl/smtpd.conf

Afterwards we create the certificates for TLS:

mkdir /etc/postfix/ssl
cd /etc/postfix/ssl/
openssl genrsa -des3 -rand /etc/hosts -out smtpd.key 1024

You need to enter a password and remember it, then:

chmod 600 smtpd.key
openssl req -new -key smtpd.key -out smtpd.csr

You need to answer the following questions

• Country Name (2 letter code) [AU]: ← IT
• State or Province Name (full name) [Some-State]: ← Reggio Emilia
• Locality Name (eg, city) []: ← Bagnolo in Piano
• Organization Name (eg, company) [Internet Widgits Pty Ltd]: ← italmedia.net
• Organizational Unit Name (eg, section) []: ← Internet Server
• Common Name (eg, YOUR name) []: ← ic2.dw.lan
• Email Address []: ← k-root@rete.us

openssl x509 -req -days 3650 -in smtpd.csr -signkey smtpd.key -out smtpd.crt

openssl rsa -in smtpd.key -out smtpd.key.unencrypted

mv -f smtpd.key.unencrypted smtpd.key
openssl req -new -x509 -extensions v3_ca -keyout cakey.pem -out cacert.pem -days 3650

Again you need to enter a password and remember it. Next we configure Postfix for TLS (make sure that you use the correct hostname for myhostname):

postconf -e 'myhostname = ic2.dw.lan'
postconf -e 'smtpd_tls_auth_only = no'
postconf -e 'smtp_use_tls = yes'
postconf -e 'smtpd_use_tls = yes'
postconf -e 'smtp_tls_note_starttls_offer = yes'
postconf -e 'smtpd_tls_key_file = /etc/postfix/ssl/smtpd.key'
postconf -e 'smtpd_tls_cert_file = /etc/postfix/ssl/smtpd.crt'
postconf -e 'smtpd_tls_CAfile = /etc/postfix/ssl/cacert.pem'
postconf -e 'smtpd_tls_loglevel = 1'
postconf -e 'smtpd_tls_received_header = yes'
postconf -e 'smtpd_tls_session_cache_timeout = 3600s'
postconf -e 'tls_random_source = dev:/dev/urandom'

The file /etc/postfix/main.cf should now look like this:

cat /etc/postfix/main.cf

main.cf

# See /usr/share/postfix/main.cf.dist for a commented, more complete version
 
 
# Debian specific:  Specifying a file name will cause the first
# line of that file to be used as the name.  The Debian default
# is /etc/mailname.
#myorigin = /etc/mailname
 
smtpd_banner = $myhostname ESMTP $mail_name (Debian/GNU)
biff = no
 
# appending .domain is the MUA's job.
append_dot_mydomain = no
 
# Uncomment the next line to generate "delayed mail" warnings
#delay_warning_time = 4h
 
readme_directory = no
 
# TLS parameters
smtpd_tls_cert_file = /etc/postfix/ssl/smtpd.crt
smtpd_tls_key_file = /etc/postfix/ssl/smtpd.key
smtpd_use_tls = yes
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
 
# See /usr/share/doc/postfix/TLS_README.gz in the postfix-doc package for
# information on enabling SSL in the smtp client.
 
myhostname = ic2.dw.lan
alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases
myorigin = /etc/mailname
mydestination = ic2.dw.lan, localhost.dw.lan, localhost
relayhost =
mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128
mailbox_command = procmail -a "$EXTENSION"
mailbox_size_limit = 0
recipient_delimiter = +
inet_interfaces = all
inet_protocols = ipv4
smtpd_sasl_local_domain =
smtpd_sasl_auth_enable = yes
smtpd_sasl_security_options = noanonymous
broken_sasl_auth_clients = yes
smtpd_sasl_authenticated_header = yes
smtpd_recipient_restrictions = permit_sasl_authenticated,permit_mynetworks,reject_unauth_destination
smtpd_tls_auth_only = no
smtp_use_tls = yes
smtp_tls_note_starttls_offer = yes
smtpd_tls_CAfile = /etc/postfix/ssl/cacert.pem
smtpd_tls_loglevel = 1
smtpd_tls_received_header = yes
smtpd_tls_session_cache_timeout = 3600s
tls_random_source = dev:/dev/urandom
 

Authentication will be done by saslauthd. We have to change a few things to make it work properly. Because Postfix runs chrooted in /var/spool/postfix we have to do the following:

mkdir -p /var/spool/postfix/var/run/saslauthd

Now we have to edit /etc/default/saslauthd in order to activate saslauthd. Set START to yes and change the line OPTIONS=”-c -m /var/run/saslauthd” to OPTIONS=”-c -m /var/spool/postfix/var/run/saslauthd -r”:

saslauthd

#
# Settings for saslauthd daemon
# Please read /usr/share/doc/sasl2-bin/README.Debian for details.
#
 
# Should saslauthd run automatically on startup? (default: no)
START=yes
 
# Description of this saslauthd instance. Recommended.
# (suggestion: SASL Authentication Daemon)
DESC="SASL Authentication Daemon"
 
# Short name of this saslauthd instance. Strongly recommended.
# (suggestion: saslauthd)
NAME="saslauthd"
 
# Which authentication mechanisms should saslauthd use? (default: pam)
#
# Available options in this Debian package:
# getpwent  -- use the getpwent() library function
# kerberos5 -- use Kerberos 5
# pam       -- use PAM
# rimap     -- use a remote IMAP server
# shadow    -- use the local shadow password file
# sasldb    -- use the local sasldb database file
# ldap      -- use LDAP (configuration is in /etc/saslauthd.conf)
#
# Only one option may be used at a time. See the saslauthd man page
# for more information.
#
# Example: MECHANISMS="pam"
MECHANISMS="pam"
 
# Additional options for this mechanism. (default: none)
# See the saslauthd man page for information about mech-specific options.
MECH_OPTIONS=""
 
# How many saslauthd processes should we run? (default: 5)
# A value of 0 will fork a new process for each connection.
THREADS=5
 
# Other options (default: -c -m /var/run/saslauthd)
# Note: You MUST specify the -m option or saslauthd won't run!
#
# WARNING: DO NOT SPECIFY THE -d OPTION.
# The -d option will cause saslauthd to run in the foreground instead of as
# a daemon. This will PREVENT YOUR SYSTEM FROM BOOTING PROPERLY. If you wish
# to run saslauthd in debug mode, please run it by hand to be safe.
#
# See /usr/share/doc/sasl2-bin/README.Debian for Debian-specific information.
# See the saslauthd man page and the output of 'saslauthd -h' for general
# information about these options.
#
# Example for postfix users: "-c -m /var/spool/postfix/var/run/saslauthd"
#OPTIONS="-c -m /var/run/saslauthd"
OPTIONS="-c -m /var/spool/postfix/var/run/saslauthd -r"
 

Next add the postfix user to the sasl group (this makes sure that Postfix has the permission to access saslauthd):

adduser postfix sasl

Now restart Postfix and start saslauthd:

/etc/init.d/postfix restart
/etc/init.d/saslauthd start

To see if SMTP-AUTH and TLS work properly now run the following command:

telnet localhost 25

After you have established the connection to your Postfix mail server type:

ehlo localhost

If you see these 2 lines everything is fine.

250-STARTTLS
250-AUTH LOGIN PLAIN

The output on my system looks like this:

ic2:/etc/postfix/ssl# telnet localhost 25
Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.
220 ic2.dw.lan ESMTP Postfix (Debian/GNU)
ehlo localhost
250-ic2.dw.lan
250-PIPELINING
250-SIZE 10240000
250-VRFY
250-ETRN
250-STARTTLS
250-AUTH LOGIN PLAIN
250-AUTH=LOGIN PLAIN
250-ENHANCEDSTATUSCODES
250-8BITMIME
250 DSN
quit
221 2.0.0 Bye
Connection closed by foreign host.
ic2:/etc/postfix/ssl#

To return to the system's shell type

quit

Run this to install Courier-IMAP/Courier-IMAP-SSL (for IMAPs on port 993) and Courier-POP3/Courier-POP3-SSL (for POP3s on port 995):

apt-get install -y courier-authdaemon courier-base courier-imap courier-imap-ssl courier-pop courier-pop-ssl courier-ssl gamin libgamin0 libglib2.0-0

You will be asked two questions:

• Create directories for web-based administration? ← No
• SSL certificate required ← Ok

During the installation, the SSL certificates for IMAP-SSL and POP3-SSL are created with the hostname localhost. To change this to the correct hostname (ic2.dw.lan in this tutorial), delete the certificates…

cd /etc/courier
rm -f /etc/courier/imapd.pem
rm -f /etc/courier/pop3d.pem

… and modify the following two files; replace CN=localhost with CN=ic2.dw.lan (you can also modify the other values, if necessary):

vi /etc/courier/imapd.cnf

imapd.cnf

[...]
CN=ic2.dw.lan
[...]
 

vi /etc/courier/pop3d.cnf

pop3d.cnf

[...]
CN=ic2.dw.lan
[...]
 

Then recreate the certificates and restart Courier-IMAP-SSL and Courier-POP3-SSL:

mkimapdcert
mkpop3dcert
/etc/init.d/courier-imap-ssl restart
/etc/init.d/courier-pop-ssl restart

Now we install Apache as follows

apt-get -y install apache2 apache2-doc apache2-mpm-prefork apache2-utils apache2-suexec libexpat1 ssl-cert

Next install PHP5, Ruby, and Python (all three as Apache modules):

apt-get -y install libapache2-mod-php5 libapache2-mod-ruby libapache2-mod-python php5 php5-common php5-curl php5-dev php5-gd php5-idn php-pear php5-imagick php5-imap php5-mcrypt php5-memcache php5-mhash php5-ming php5-mysql php5-pspell php5-recode php5-snmp php5-sqlite php5-suhosin php5-tidy php5-xcache php5-xmlrpc php5-xsl

Next we edit /etc/apache2/mods-available/dir.conf and change the DirectoryIndex line

nano /etc/apache2/mods-available/dir.conf

dir.conf

<IfModule mod_dir.c>
#	DirectoryIndex index.html index.cgi index.pl index.php index.xhtml index.htm
	DirectoryIndex index.php index.html index.htm index.cgi
</IfModule>

Now we have to enable some Apache modules (SSL, rewrite, suexec, and include):

a2enmod ssl
a2enmod rewrite
a2enmod suexec
a2enmod include

We have to fix a small problem with Ruby. If you install ISPConfig and enable Ruby for a web site, .rbx files will be executed fine and displayed in the browser, but this does not work for .rb files, you will be prompted to download the .rb file. The same happens if you configure Ruby manually for a vhost (i.e., it has nothing to do with ISPConfig). To fix this, we open /etc/mime.types …

nano /etc/mime.types

mime.types

[...]
#application/x-ruby                             rb
[...]

Now .rb files will be executed and displayed in the browser, just like .rbx files. Next we are going to disable PHP. Unlike PHP, Ruby and Python are disabled by default, therefore we don't have to do it. In ISPConfig you will configure PHP on a per-website basis, i.e. you can specify which website can run PHP scripts and which one cannot. This can only work if PHP is disabled globally because otherwise all websites would be able to run PHP scripts, no matter what you specify in ISPConfig.

To disable PHP globally, we edit /etc/mime.types and comment out the application/x-httpd-php lines:

nano /etc/mime.types

mime.types

[...]
#application/x-httpd-php                        phtml pht php
#application/x-httpd-php-source                 phps
#application/x-httpd-php3                       php3
#application/x-httpd-php3-preprocessed          php3p
#application/x-httpd-php4                       php4
[...]

Edit /etc/apache2/mods-enabled/php5.conf and comment out the following lines:

nano /etc/apache2/mods-enabled/php5.conf

php5.conf

<IfModule mod_php5.c>
#	AddType application/x-httpd-php .php .phtml .php3
#	AddType application/x-httpd-php-source .phps
</IfModule>
 

Then restart Apache:

/etc/init.d/apache2 restart

A note on Suhosin

So that you don't spend 14 hours confused and frustrated like me, be sure that you are NOT submitting forms with lots of data (e.g. 100 form items–yes, I know they're huge by design) when using this setup. Suhosin won't allow that, and submits may FAIL SILENTLY.

after playing with standard php.ini POST settings for WAY too long, /var/log/apache2/error.log was the clue that solved this problem…

ALERT - configured POST variable limit exceeded - dropped variable 'field_agreement[0][value]' (attacker '192.168.10.13', file '/var/www/drupal/index.php'), referer: https://server.mycompany.com/node/add/agreement

The solution is simple, set these values:

nano /etc/php5/conf.d/suhosin.ini

suhosin.ini

[...]
suhosin.post.max_vars = 1000
suhosin.request.max_vars = 1000
[...]

In order to install Proftpd, run

apt-get -y install proftpd ucf

You will be asked a question:

• Run proftpd: ← standalone

For security reasons add the following lines to /etc/proftpd/proftpd.conf (thanks to Reinaldo Carvalho; more information can be found here: http://proftpd.org/localsite/Userguide/linked/userguide.html):

nano /etc/proftpd/proftpd.conf

proftpd.conf

[...]
DefaultRoot ~
IdentLookups off
ServerIdent on "FTP Server ready."
 

ISPConfig expects the configuration to be in /etc/proftpd.conf instead of /etc/proftpd/proftpd.conf, therefore we create a symlink:

ln -s /etc/proftpd/proftpd.conf /etc/proftpd.conf

Then restart Proftpd:

/etc/init.d/proftpd restart

To install webalizer, just run

apt-get -y install webalizer

Then open /etc/webalizer/webalizer.conf and change the line starting with Incremental, like this

[...]
Incremental yes
[...]

Run

apt-get -y install libhtml-parser-perl libdb-file-lock-perl libnet-dns-perl libnetaddr-ip-perl libarchive-tar-perl

A note on SuExec
If you want to run CGI scripts under suExec, you should specify /var/www as the home directory for websites created by ISPConfig as Debian's suExec is compiled with /var/www as Doc_Root. Run

/usr/lib/apache2/suexec -V

and the output should look like this:

root@ic2:~# /usr/lib/apache2/suexec -V
 -D AP_DOC_ROOT="/var/www"
 -D AP_GID_MIN=100
 -D AP_HTTPD_USER="www-data"
 -D AP_LOG_EXEC="/var/log/apache2/suexec.log"
 -D AP_SAFE_PATH="/usr/local/bin:/usr/bin:/bin"
 -D AP_UID_MIN=100
 -D AP_USERDIR_SUFFIX="public_html"
root@ic2:~#

Unpack the ISPConfig-archive and change to the directory install_ispconfig:

tar xvfz ISPConfig*.tar.gz
cd install_ispconfig

In this directory please check the file dist.txt and see if the values given there suit to your Linux installation (they should be suitable for standard installations). If you change any values please be sure not to change the format of the file.

Important: Be sure to have installed gcc, flex and all the other tools neded for compiling sources before you run ./setup! You also need to install the MySQL header files which normally come in a package called mysql-devel, mysql-dev, libmysql-devel or something similar. Otherwise PHP5 will not compile, and the installation of ISPConfig stops!

Workaround to get it to work on debian lenny:

Go to compile_apps, unpack openssl-0.9.7m.tar.gz, edit Configure and Makefile and change all instances of ”-m486” to ”-mtune=i486”. To repack the folder run:

tar -pczf openssl-0.9.7m.tar.gz openssl-0.9.7m

Remove the unpacked directory. Make sure you do this before running ./setup on any upgrades in the future until this is fixed in ./setup package.

Then start the setup-script from there:

./setup

The installer will now compile an Apache with PHP5 that will run on port 81 and is needed by the ISPConfig system itself. It will not interfere with your existing Apache installation so you can go on unworried.

When the ISPConfig Apache is built, a custom SSL certificate is built. Therefore you are asked a few questions. You can accept the default values, or you can enter new values there, this does not matter:

In step 7 (“Encrypting RSA private key of CA with a pass phrase for security [ca.key]”) and step 8 (“Encrypting RSA private key of SERVER with a pass phrase for security [server.key]”) of the certificate creation process you are asked if you want to encrypt the respective key now. Choose n there because otherwise you will always be asked for a password whenever you want to restart the ISPConfig system which means it cannot be restarted without human interaction!

If the compilation fails, the setup is stopped and all compiled files are removed. From the error message you get you should be able to see the reason for the failure (in most cases a package (like the MySQL header files) is missing). Try to solve the problem and the re-run ./setup.