Debian root server with ISPConfig admin system

It is recommended to use a clean (fresh) Debian lenny install where you just selected "Standard System" as the package selection during setup. Then follow the steps below to setup your server with ISPConfig 3. In this guide "vi" is used as texteditor, but you ofcourse you can use whatever you prefer. You should be root for doing all of this.

Check we have Fully Qualified Domain Name

/bin/hostname

It should return something like "ispconfig.example.com" - if not, then we assign a hostname (for example ispconfig):

echo ispconfig.example.com > /etc/hostname

Open the file /etc/hosts an d add the lines similar to this:

127.0.0.1       localhost.localdomain   localhost
192.168.0.100   ispconfig.example.com   ispconfig

To get remote shell install SSH server and if you are not running in virtual machine you can set server clocksync via NTP (virtual quests get this from the host).

apt-get install ssh openssh-server
apt-get install ntp ntpdate

Postfix, Courier, Saslauthd, MySQL, phpMyAdmin, rkhunter and binutils

Install Postfix, Courier, Saslauthd, MySQL, phpMyAdmin, rkhunter, binutils with the following command line (on one line!):

apt-get install postfix postfix-mysql postfix-doc mysql-client mysql-server courier-authdaemon courier-authlib-mysql courier-pop courier-pop-ssl courier-imap courier-imap-ssl libsasl2-2 libsasl2-modules libsasl2-modules-sql sasl2-bin libpam-mysql openssl courier-maildrop getmail4 rkhunter binutils

Answer the questions from the package manager as follows:

Create directories for web-based administration ? <-- No
General type of configuration? <-- Internet site
Mail name? <-- my.domain.tld (use YOUR domain)
SSL certificate required <-- Ok

Edit the file /etc/mysql/my.cnf

vi /etc/mysql/my.cnf

and comment out the line

bind-address          = 127.0.0.1

then restart mysql

/etc/init.d/mysql restart

Amavisd-new, Spamassassin and Clamav

Install Amavisd-new, Spamassassin and Clamav (again one line):

apt-get install amavisd-new spamassassin clamav clamav-daemon zoo unzip bzip2 arj nomarch lzop cabextract apt-listchanges libnet-ldap-perl libauthen-sasl-perl clamav-docs daemon libio-string-perl libio-socket-ssl-perl libnet-ident-perl zip libnet-dns-perl

Apache, PHP5, phpmyadmin, better fastCGI, suexec, Pear and mcrypt

Install apache, PHP5, phpmyadmin, better fastCGI, suexec, Pear and mcrypt (1 line!):

apt-get install apache2 apache2.2-common apache2-doc apache2-mpm-prefork apache2-utils libexpat1 ssl-cert libapache2-mod-php5 php5 php5-common php5-gd php5-mysql php5-imap phpmyadmin php5-cli php5-cgi libapache2-mod-fcgid apache2-suexec php-pear php-auth php5-mcrypt mcrypt php5-imagick imagemagick libapache2-mod-suphp libopenssl-ruby

When phpMyAdmin is asking weather to configure itself automatically, select "Apache2". Then run the following to enable the Apache modules suexec, rewrite and ssl:

a2enmod suexec rewrite ssl actions include

Restart apache before continuing

/etc/init.d/apache2 restart

Pure-ftpd and quota

Install pure-ftpd and quota

apt-get install pure-ftpd-common pure-ftpd-mysql quota quotatool

Edit the file /etc/default/pure-ftpd-common to change the start mode from "inetd" to "standalone" and set VIRTUALCHROOT to "true".

vi /etc/default/pure-ftpd-common

Edit the file /etc/inetd.conf to prevent inetd from trying to start ftp. To do this, comment line starting like "ftp stream tcp" by adding "#"-sign in front of the line.

vi /etc/inetd.conf

Then execute

/etc/init.d/openbsd-inetd restart

Some additional settings for pureftpd

echo 'yes' > /etc/pure-ftpd/conf/DontResolve

and enable TLS in pureftpd

echo 1 > /etc/pure-ftpd/conf/TLS
mkdir -p /etc/ssl/private/
openssl req -x509 -nodes -newkey rsa:1024 -keyout /etc/ssl/private/pure-ftpd.pem  -out /etc/ssl/private/pure-ftpd.pem
chmod 600 /etc/ssl/private/pure-ftpd.pem

Fstab

Edit /etc/fstab. Mine looks like this (I added ,usrquota,grpquota to the partition with the mount point /):

----------------------------------------------------------------------------------------------
# /etc/fstab: static file system information.
#
# <file system> <mount point>   <type>  <options>       <dump>  <pass>
proc            /proc           proc    defaults        0       0
/dev/sda1       /               ext3    errors=remount-ro,usrquota,grpquota 0       1
/dev/sda5       none            swap    sw              0       0
/dev/hda        /media/cdrom0   udf,iso9660 user,noauto     0       0
/dev/fd0        /media/floppy0  auto    rw,user,noauto  0       0
----------------------------------------------------------------------------------------------

To enable quota, run these commands:

touch /quota.user /quota.group
chmod 600 /quota.*
mount -o remount /
quotacheck -avugm
quotaon -avug

Mydns

apt-get install g++ libc6 gcc gawk make texinfo libmysqlclient15-dev
 
cd /tmp
wget http://heanet.dl.sourceforge.net/sourceforge/mydns-ng/mydns-1.2.8.25.tar.gz
tar xvfz mydns-1.2.8.25.tar.gz
cd mydns-1.2.8
./configure
make
make install

Now create the start / stop script for mydns:

vi /etc/init.d/mydns

and enter the following lines:

#! /bin/sh
#
# mydns         Start the MyDNS server
#
# Author:       Philipp Kern <<span class="spamspan"><span class="u">phil</span> [at] <span class="d">philkern [dot] de</span></span>>.
#               Based upon skeleton 1.9.4 by Miquel van Smoorenburg
#               <<span class="spamspan"><span class="u">miquels</span> [at] <span class="d">cistron [dot] nl</span></span>> and Ian Murdock <<span class="spamspan"><span class="u">imurdock</span> [at] <span class="d">gnu [dot] ai [dot] mit [dot] edu</span></span>>.
#
 
set -e
 
PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin
DAEMON=/usr/local/sbin/mydns
NAME=mydns
DESC="DNS server"
 
SCRIPTNAME=/etc/init.d/$NAME
 
# Gracefully exit if the package has been removed.
test -x $DAEMON || exit 0
 
case "$1" in
  start)
        echo -n "Starting $DESC: $NAME"
        start-stop-daemon --start --quiet \
                --exec $DAEMON -- -b
        echo "."
        ;;
  stop)
        echo -n "Stopping $DESC: $NAME"
        start-stop-daemon --stop --oknodo --quiet \
                --exec $DAEMON
        echo "."
        ;;
  reload|force-reload)
        echo -n "Reloading $DESC configuration..."
        start-stop-daemon --stop --signal HUP --quiet \
                --exec $DAEMON
        echo "done."
        ;;
  restart)
        echo -n "Restarting $DESC: $NAME"
        start-stop-daemon --stop --quiet --oknodo \
                --exec $DAEMON
        sleep 1
        start-stop-daemon --start --quiet \
                --exec $DAEMON -- -b
        echo "."
        ;;
  *)
        echo "Usage: $SCRIPTNAME {start|stop|restart|reload|force-reload}" >&2
        exit 1
        ;;
esac
 
exit 0

now execute

chmod +x /etc/init.d/mydns
update-rc.d mydns defaults

Vlogger and webalizer

apt-get install vlogger webalizer

Change the line "Incremental no" in /etc/webalizer.conf to "Incremental yes".

Jailkit (optional)

Only needed if you want to use chrroting for SSH users:

apt-get install build-essential autoconf automake1.9 libtool flex bison
cd /tmp
wget http://olivier.sessink.nl/jailkit/jailkit-2.5.tar.gz
tar xvfz jailkit-2.5.tar.gz
cd jailkit-2.5
./configure
make
make install
cd ..
rm -rf jailkit-2.5*

fail2ban (optional)

Optional but recomended, because the monitor tries to show the log.

apt-get install fail2ban

ISPConfig3

Installation of last version from tar.gz

cd /tmp
wget http://www.ispconfig.org/downloads/ISPConfig-3.0.0.9-rc2.tar.gz
tar xvfz ISPConfig-3.0.0.9-rc2.tar.gz
cd ispconfig3_install/install/

Now start the installation process by executing:

php -q install.php

The installer will configure all services like postfix, sasl, courier, etc. for you. To login to the ISPConfig controlpanel, open the following URL in your browser (replace the IP to match your settings!):

http://192.168.0.100:8080/

The default login is

user: admin
password: admin

In case you get a permission denied error from apache, please restart the apache webserver process.

Sources:

http://www.ispconfig.org/docs/

nodecare