I've started this installation using a precreated template of Debian 5 (Lenny) minimal, downloaded from:
download.openvz.org

I've also done a mix of the next howtos from the guru at www.howtoforge.org

• perfect-server-debian-lenny
• installing-a-multiserver-setup

Create a container based on the just downloaded template, specify an IP address, an hostname, a nameserver. I also give to the root user, a password

vzctl create 1100 --ostemplate debian-5.0-i386-minimal --config vps.custom
vzctl set 1100 --ipadd 192.168.0.100 --save
vzctl set 1100 --hostname ic3.dw.lan --save
vzctl set 1100 --nameserver 192.168.0.22 --save
vzctl set 1100 --userpasswd root:your-root-password

This is the configuration file i've used

nano /etc/vz/conf/1100.conf

1100.conf

# Primary parameters
NUMPROC="256:256"
AVNUMPROC="64:64"
NUMTCPSOCK="256:256"
NUMOTHERSOCK="256:256"
VMGUARPAGES="320M:unlimited"
 
# Secondary parameters
OOMGUARPAGES="320M:unlimited"
PRIVVMPAGES="512M:1024M"
KMEMSIZE="12M:16M"
TCPSNDBUF="512K:1536K"
TCPRCVBUF="512K:1536K"
OTHERSOCKBUF="512K:1536K"
DGRAMRCVBUF="512K:512K"
 
# Auxiliary parameters
LOCKEDPAGES="256:256"
SHMPAGES="13107:13107"
PHYSPAGES="0:unlimited"
NUMFILE="8192:8192"
NUMFLOCK="256:288"
NUMPTY="32:32"
NUMSIGINFO="512:512"
DCACHESIZE="2048K:3072K"
NUMIPTENT="64:64"
 
### Disk quota parameters (in form of softlimit:hardlimit)
DISKSPACE="20000M:22000M"
DISKINODES="200000:220000"
QUOTATIME="0"
 
### CPU fair sheduler parameter (OpenVZ consider one 1 GHz PIII Intel processor
# to be approximately equivalent to 50000 CPU units)
CPUUNITS="50000"
CPUS="1"
ONBOOT="yes"
 
#
VE_ROOT="/var/lib/vz/root/$VEID"
VE_PRIVATE="/var/lib/vz/private/$VEID"
OSTEMPLATE="debian-5.0-i386-minimal"
ORIGIN_SAMPLE="vps.kokk"
HOSTNAME="ic3.dw.lan"
IP_ADDRESS="192.168.0.100"
NAMESERVER="192.168.0.22"
CAPABILITY="CHOWN:on DAC_READ_SEARCH:on SETGID:on SETUID:on NET_BIND_SERVICE:on NET_ADMIN:on SYS_CHROOT:on SYS_NICE:on "
 

This last line is important especially for the FTP server that we install later, if not present PureFTPd wont start

Start the container and enter as root

vzctl start 1100
vzctl enter 1100

Set the correct timezone, choosing the right value (mine is Europe/Rome):

dpkg-reconfigure tzdata

Make sure that your /etc/apt/sources.list contains the right links to the debian repositories, like this

nano /etc/apt/sources.list

sources.list

## Debian Stable (Lenny)
deb http://ftp.it.debian.org/debian/ lenny main contrib non-free
deb-src http://ftp.it.debian.org/debian/ lenny main contrib non-free
 
## security updates
deb http://security.debian.org/ lenny/updates main contrib non-free
deb-src http://security.debian.org/ lenny/updates main contrib non-free
 
## this is to always get the newest updates for the ClamAV virus scanner, this
## project publishes releases very often, and sometimes old versions stop working
deb http://volatile.debian.org/debian-volatile lenny/volatile main contrib non-free
 

Update the apt package database and and install updates

apt-get update

One time i have got an error, related to gpg keys, after adjusting the /etc/apt/sources.list, so before proceed, i've done this

apt-get install debian-archive-keyring

Then again, and the problem vanished

apt-get update

Finally, install updates

apt-get -y upgrade

Install Postfix, Dovecot and MySQL with one single command

apt-get -y install postfix postfix-mysql postfix-doc mysql-client mysql-server openssl getmail4 rkhunter binutils dovecot-imapd dovecot-pop3d

Enter the new password for MySQL when requested by the installer, and answer the next questions like these

• Create directories for web-based administration ? ← No
• General type of configuration? ← Internet site
• Mail name? ← ic3.dw.lan
• SSL certificate required ← Ok

If you want MySQL to listen on all interfaces, and not just localhost, edit /etc/mysql/my.cnf and add a comment in front of the line that begin with bind-address, like this

[...]
# Instead of skip-networking the default is now to listen only on
# localhost which is more compatible and is not less secure.
#bind-address = 127.0.0.1:
[...]

Then restart MySQL

/etc/init.d/mysql restart

To check that networking is enabled. Run

netstat -tap | grep mysql

The output should look like this

root@ic3:/# netstat -tap | grep mysql
tcp        0      0 *:mysql                 *:*                     LISTEN      6612/mysqld
root@ic3:/#

As I am not interested in make an antivirus/antispamming server, then I totally skip the entire chapter

Now install Apache2, PHP5, phpMyAdmin, FCGI, suExec, Pear, and mcrypt as follows

apt-get -y install apache2 apache2.2-common apache2-doc apache2-mpm-prefork apache2-utils libexpat1 ssl-cert libapache2-mod-php5 php5 php5-common php5-gd php5-mysql php5-imap phpmyadmin php5-cli php5-cgi libapache2-mod-fcgid apache2-suexec php-pear php-auth php5-mcrypt mcrypt php5-imagick imagemagick libapache2-mod-suphp libopenssl-ruby libapache2-mod-ruby sudo

You need to answer the following question

• Web server to reconfigure automatically: ← apache2

Then run the following command to enable some Apache modules

a2enmod suexec rewrite ssl actions include ruby dav_fs dav auth_digest

Restart Apache to activate new configuration

/etc/init.d/apache2 restart

Install vlogger, webalizer, and awstats:

apt-get -y install vlogger webalizer awstats

Then open /etc/webalizer/webalizer.conf and change the line starting with Incremental, like this

[...]
Incremental yes
[...]

PureFTPd can be installed with the following command

apt-get -y install pure-ftpd-common pure-ftpd-mysql

Edit the file /etc/default/pure-ftpd-common

nano /etc/default/pure-ftpd-common

and change the start mode from inetd to standalone and set VIRTUALCHROOT=true, like this

[...]
STANDALONE_OR_INETD=standalone
[...]
VIRTUALCHROOT=true
[...]

Edit the file /etc/inetd.conf to prevent inetd from trying to start ftp. Add a comment in front of the line that begin with ftp, like this

[...]
#ftp    stream  tcp     nowait  root    /usr/sbin/tcpd /usr/sbin/pure-ftpd-wrapper
[...]

Some additional settings for pureftpd

echo 'yes' > /etc/pure-ftpd/conf/DontResolve

Enable TLS in pureftpd

echo 1 > /etc/pure-ftpd/conf/TLS
mkdir -p /etc/ssl/private/
openssl req -x509 -nodes -newkey rsa:1024 -keyout /etc/ssl/private/pure-ftpd.pem  -out /etc/ssl/private/pure-ftpd.pem

You need to answer the following questions

• Country Name (2 letter code) [AU]: ← IT
• State or Province Name (full name) [Some-State]: ← Bagnolo in Piano
• Locality Name (eg, city) []: ← Reggio Emilia
• Organization Name (eg, company) [Internet Widgits Pty Ltd]: ← italmedia.net
• Organizational Unit Name (eg, section) []: ← Internet Server
• Common Name (eg, YOUR name) []: ← ic3.dw.lan
• Email Address []: ← k-root@rete.us

chmod 600 /etc/ssl/private/pure-ftpd.pem

Then start PureFTPd:

/etc/init.d/pure-ftpd-mysql start

Before install MyDNS, we need to install a few prerequisites

apt-get -y install g++ libc6 gcc gawk make texinfo libmysqlclient15-dev

MyDNS is not available in the Debian Lenny repositories, therefore we have to build it ourselves as follows

cd /tmp
wget http://heanet.dl.sourceforge.net/sourceforge/mydns-ng/mydns-1.2.8.27.tar.gz
tar xvfz mydns-1.2.8.27.tar.gz
cd mydns-1.2.8
./configure
make
make install

Next we create the start/stop script for MyDNS

nano /etc/init.d/mydns

mydns

#! /bin/sh
#
# mydns         Start the MyDNS server
#
# Author:       Philipp Kern <phil@philkern.de>.
#               Based upon skeleton 1.9.4 by Miquel van Smoorenburg
#               <miquels@cistron.nl> and Ian Murdock <imurdock@gnu.ai.mit.edu>.
#
set -e
PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin
DAEMON=/usr/local/sbin/mydns
NAME=mydns
DESC="DNS server"
SCRIPTNAME=/etc/init.d/$NAME
# Gracefully exit if the package has been removed.
test -x $DAEMON || exit 0
case "$1" in
  start)
        echo -n "Starting $DESC: $NAME"
        start-stop-daemon --start --quiet \
                --exec $DAEMON -- -b
        echo "."
        ;;
  stop)
        echo -n "Stopping $DESC: $NAME"
        start-stop-daemon --stop --oknodo --quiet \
                --exec $DAEMON
        echo "."
        ;;
  reload|force-reload)
        echo -n "Reloading $DESC configuration..."
        start-stop-daemon --stop --signal HUP --quiet \
                --exec $DAEMON
        echo "done."
        ;;
  restart)
        echo -n "Restarting $DESC: $NAME"
        start-stop-daemon --stop --quiet --oknodo \
                --exec $DAEMON
        sleep 1
        start-stop-daemon --start --quiet \
                --exec $DAEMON -- -b
        echo "."
        ;;
  *)
        echo "Usage: $SCRIPTNAME {start|stop|restart|reload|force-reload}" >&2
        exit 1
        ;;
esac
exit 0

Then we make the script executable and create the system startup links for it

chmod +x /etc/init.d/mydns
update-rc.d mydns defaults

Jailkit is needed only if you want to chroot SSH users
important: Jailkit must be installed before ISPConfig - it cannot be installed afterwards!

It can be installed as follows but, some prerequisites first

#apt-get -y install build-essential autoconf automake1.9 libtool flex bison
cd /tmp
#wget http://olivier.sessink.nl/jailkit/jailkit-2.11.tar.gz
wget http://cosmos.rete.us/sw/jailkit-2.11.tar.gz
tar xvfz jailkit-2.11.tar.gz
cd jailkit-2.11
./configure
make
make install
cd ..
rm -rf jailkit-2.11*

This is optional but recommended, because the ISPConfig monitor tries to show the log

apt-get -y install fail2ban

To get the latest ISPConfig 3 stable release, please visit the ISPConfig website

Or install ISPConfig 3 from the latest released version, like this

cd /tmp
wget http://www.ispconfig.org/downloads/ISPConfig-3-stable.tar.gz
tar xfz ISPConfig-3-stable.tar.gz
cd ispconfig3_install/install/

Then start the install script

php -q install.php

You need to answer the following questions

• Select language (en,de) [en]: ← en
• Installation mode (standard,expert) [standard]: ← expert
• Full qualified hostname (FQDN) of the server, eg server2.domain.tld [web.example.tld]: ← ic3.dw.lan
• MySQL server hostname [localhost]: ← localhost
• MySQL root username [root]: ← root
• MySQL root password []: ← Enter your MySQL root password here
• MySQL database to create [dbispconfig]: ← dbispconfig
• MySQL charset [utf8]: ← utf8
• Shall this server join an existing ISPConfig multiserver setup (y,n) [n]: ← n
• Configure Mail (y,n) [y]: ← y

  You need to answer the following questions

  • Country Name (2 letter code) [AU]: ← IT
  • State or Province Name (full name) [Some-State]: ← Bagnolo in Piano
  • Locality Name (eg, city) []: ← Reggio Emilia
  • Organization Name (eg, company) [Internet Widgits Pty Ltd]: ← italmedia.net
  • Organizational Unit Name (eg, section) []: ← Internet Server
  • Common Name (eg, YOUR name) []: ← ic3.dw.lan
  • Email Address []: ← k-root@rete.us
• Configure Jailkit (y,n) [y]: ← y
• Configure FTP Server (y,n) [y]: ← y
• Configure DNS Server (y,n) [y]: ← y
• Configure Apache Server (y,n) [y]: ← y
• Configure Firewall Server (y,n) [y]: ← y
• Install ISPConfig Web-Interface (y,n) [y]: ← y
• ISPConfig Port [8080]: ← 8080

Now you can login into the control panel at

http://ic3.dw.lan/ispconfig

with username admin and password admin