Cheap VPS & Xen Server


Residential Proxy Network - Hourly & Monthly Packages

The (Almost) Perfect Setup – Debian Sarge (3.1) On A Strato Dedicated-Server (With ISPConfig)


Based and abuttet to the HowTo – The Perfect Setup Debian Sarge (3.1) – of Falko Timme I wrote this HowTo for STRATO-Server, because Strato has some specifics in it´s Debian Sarge (3.1) – Image.

Let me say first: This is one way of many possible, but I try this more than one time and it works.

Anyway I must say to you, too => If you use this HowTo you do it on your own risk ! You will lose all Files on the Strato-Server, ´cause we start with a brandnew installation of the Debian-Image ! If you have question mail me or send me a PM.

If you want to have it in german language please mail me, too.

Wer diese Anleitung auf deutsch haben möchte, muss mir nur eine eMail oder PN schreiben.

You will need:

  • a Strato – Dedicatet Server
  • WinSCP3 and Putty or similar software on your computer at home

We use (based on the HowTo by Falko Timme) for the Server:

  • Apache 2 as web-server
  • Postfix as mailserver
  • Courier-POP3 and Courier-IMAP for eMail, too
  • BIND as DNS-server
  • proftpd as FTP-server
  • Webalizer for statistics

 

STEP 1 – Install a new Debian-Image 3.1 with the Strato-Konfigurationsmenü

 

  • choose Serverkonfiguration
  • choose Neuinstallation
  • mark the Box and choose Debian GNU/Linux 3.1 für Profis
  • click on weiter
  • fill in the code you will see

 

 

Don´t forget:

You will lose all Files on the Strato-Server,

´cause we start with a brandnew installation of the Debian-Image !

 

  • if you´re sure that you want it, click on weiter
  • wait until you get the eMail from Strato that the reinstallation is finished.

 

STEP 2 – Update the Debian Sarge Image

 

  • login your server as root by Putty
  • copy here the code and paste it in Putty
  • follow the instructions

 

 

apt-get update

If you´re asked that you want to stop now, ´cause a new kernel will be installed answer with no.

But don´t forget to reboot your server after this upgrade.

apt-get dist-upgrade

apt-get upgrade

(If someone said, that this is to much update and -grade, let me first answer:

I try it many times and it works everytime a little bit other – and rather one time often than one time too little.)

STEP 3 – Add some more nameservers

 

  • open and edit the file /etc/resolv.conf
  • add some more nameservers (only if you want)

 

nameserver 81.169.163.104
nameserver 81.169.163.106
search serverkompetenz.net
nameserver ip.number.from.another

STEP 4 – Setting the hostname

Instead of server1.example.com put in your real serverdomain (h12345.serverkompetenz.net)

echo server1.example.com > /etc/hostname
/bin/hostname -F /etc/hostname

STEP 5 – Install needed and missing software and remove unneeded software

apt-get install make gcc g++ cpp wget flex bzip2 rdate fetchmail libdb3++-dev unzip zip ncftp xlispstat libarchive-zip-perl zlib1g-dev libpopt-dev nmap openssl lynx fileutils (all in one line!)

Answer the questions with the default answers.

update-rc.d -f exim remove

update-inetd –remove daytime

update-inetd –remove telnet

update-inetd –remove time

update-inetd –remove finger

update-inetd –remove talk

update-inetd –remove ntalk

update-inetd –remove ftp

update-inetd –remove discard

/etc/init.d/inetd reload

STEP 6 – Install and configure quota

apt-get install quota quotatool

Answer the question with no.

  • open and edit the file /etc/fstab

 

# /etc/fstab: static file system information.
#
# file system     mount point    type     options                  dump pass
/dev/sda1         /boot          ext2     nosuid,nodev             0    2
/dev/sda2         none           swap     sw                       0    0
/dev/sda3         /              ext3     defaults,errors=remount-ro,usrquota,grpquota 0       1
proc              /proc          proc     defaults                 0    0

  • run the following steps:

 

touch /quota.user /quota.group

chmod 600 /quota.*

mount -o remount /

quotacheck -avugm

quotaon -avug

STEP 7 – Install and configure bind9 the DNS-Server

apt-get install bind9

/etc/init.d/bind9 stop

  • open and edit the file /etc/default/bind9 to:

 

OPTIONS="-u bind -t /var/lib/named"

  • run the following steps:

 

mkdir -p /var/lib/named/etc

mkdir /var/lib/named/dev

mkdir -p /var/lib/named/var/cache/bind

mkdir -p /var/lib/named/var/run/bind/run

mv /etc/bind /var/lib/named/etc

ln -s /var/lib/named/etc/bind /etc/bind

mknod /var/lib/named/dev/null c 1 3

mknod /var/lib/named/dev/random c 1 8

chmod 666 /var/lib/named/dev/null /var/lib/named/dev/random

chown -R bind:bind /var/lib/named/var/*

chown -R bind:bind /var/lib/named/etc/bind

  • open and edit the file /etc/init.d/sysklogd. But only the line SYSLOGD=”” to:

 

SYSLOGD="-a /var/lib/named/dev/log"

  • run the following steps:

 

/etc/init.d/sysklogd restart

/etc/init.d/bind9 start

  • open and check the file /var/log/syslog for any errors in the last few lines.

 

STEP 8 – Install and configure MySQL

apt-get install mysql-server mysql-client libmysqlclient12-dev

mysqladmin -u root password replacethiswithyourrootmysqlpassword

netstat -tap

Now you should see something like:

tcp 0 0 localhost:mysql *:* LISTEN 3133/mysqld

STEP 9 – Install and configure Postfix the mail-server with POP3/IMAP

  • run the following steps:

 

apt-get install postfix postfix-tls procmail libsasl2 sasl2-bin libsasl2-modules ipopd-ssl uw-imapd-ssl (all in one line!)

Answer the questions in following steps:

  • yes
  • pop3 and pop3s
  • no
  • imap2/imaps
  • no
  • Internet Site
  • NONE
  • h12345.serverkompetenz.net
  • h12345.serverkompetenz.net, localhost.serverkompetenz.net, localhost
  • no
  • 127.0.0.0/8
  • 0
  • +
  • yes

Run the following steps:

 

postconf -e ‘smtpd_sasl_local_domain =’

postconf -e ‘smtpd_sasl_auth_enable = yes’

postconf -e ‘smtpd_sasl_security_options = noanonymous’

postconf -e ‘broken_sasl_auth_clients = yes’

postconf -e ‘smtpd_recipient_restrictions = permit_sasl_authenticated,permit_mynetworks,reject_unauth_destination’

postconf -e ‘inet_interfaces = all’

echo ‘pwcheck_method: saslauthd’ >> /etc/postfix/sasl/smtpd.conf

echo ‘mech_list: plain login’ >> /etc/postfix/sasl/smtpd.conf

For secure email-transport run the following steps:

mkdir /etc/postfix/ssl

cd /etc/postfix/ssl/

openssl genrsa -des3 -rand /etc/hosts -out smtpd.key 1024

chmod 600 smtpd.key

openssl req -new -key smtpd.key -out smtpd.csr

openssl x509 -req -days 3650 -in smtpd.csr -signkey smtpd.key -out smtpd.crt

openssl rsa -in smtpd.key -out smtpd.key.unencrypted

mv -f smtpd.key.unencrypted smtpd.key

openssl req -new -x509 -extensions v3_ca -keyout cakey.pem -out cacert.pem -days 3650

answer all the questions

postconf -e ‘smtpd_tls_auth_only = no’

postconf -e ‘smtp_use_tls = yes’

postconf -e ‘smtpd_use_tls = yes’

postconf -e ‘smtp_tls_note_starttls_offer = yes’

postconf -e ‘smtpd_tls_key_file = /etc/postfix/ssl/smtpd.key’

postconf -e ‘smtpd_tls_cert_file = /etc/postfix/ssl/smtpd.crt’

postconf -e ‘smtpd_tls_CAfile = /etc/postfix/ssl/cacert.pem’

postconf -e ‘smtpd_tls_loglevel = 1’

postconf -e ‘smtpd_tls_received_header = yes’

postconf -e ‘smtpd_tls_session_cache_timeout = 3600s’

postconf -e ‘tls_random_source = dev:/dev/urandom’

/etc/init.d/postfix restart

mkdir -p /var/spool/postfix/var/run/saslauthd

  • open and edit the file /etc/default/saslauthd that it looks like this:

# This needs to be uncommented before saslauthd will be run automatically START=yes PARAMS=”-m /var/spool/postfix/var/run/saslauthd -r” # You must specify the authentication mechanisms you wish to use. # This defaults to “pam” for PAM support, but may also include # “shadow” or “sasldb”, like this: # MECHANISMS=”pam shadow” MECHANISMS=”pam”

  • open and edit the PIDFILE-Entry in file /etc/init.d/saslauthd that it looks like this:

PIDFILE=”/var/spool/postfix/var/run/${NAME}/saslauthd.pid”

Run the following step:

/etc/init.d/saslauthd start

Create the new file /etc/c-client.cf with following content:

I accept the risk

set disable-plaintext 0

Run the following few steps:

/etc/init.d/inetd restart

telnet localhost 25

quit

If you can see the lines

250-STARTTLS

250-AUTH LOGIN PLAIN

everything is fine.

STEP 10 – Install and configure Courier for Maildir-support

Run the following step:

apt-get install courier-imap courier-imap-ssl courier-pop courier-pop-ssl

Answer the questions in following steps:

  • no
  • Maildir (ok)
  • OK

Run the following steps:

postconf -e ‘home_mailbox = Maildir/’

postconf -e ‘mailbox_command =’

/etc/init.d/postfix restart

Don´t forget to enable the Maildir-Support in ISPConfig-Menu !

STEP 11 – Install and configure Apache – the server

Run the following steps:

apt-get install apache2 apache2-doc

apt-get install libapache2-mod-php4 libapache2-mod-perl2 php4 php4-cli php4-common php4-curl php4-dev php4-domxml php4-gd php4-imap php4-ldap php4-mcal php4-mhash php4-mysql php4-odbc php4-pear php4-xslt curl libwww-perl imagemagick (all in one line!)

Answer all questions with yes

  • open and edit the file /etc/apache2/apache2.conf.
  • But only the line DirectoryIndex index.html index.cgi index.pl index.php index.xhtml

 

DirectoryIndex index.html index.htm index.shtml index.cgi index.php

  • open the file /etc/mime.types.
  • comment out the following lines (with #):

 

#application/x-httpd-php                        phtml pht php
#application/x-httpd-php-source                 phps
#application/x-httpd-php3                       php3
#application/x-httpd-php3-preprocessed          php3p
#application/x-httpd-php4                       php4

  • open the file /etc/apache2/mods-enabled/php4.conf.
  • comment out the following lines (with #):

 

#  AddType application/x-httpd-php .php .phtml .php3
#  AddType application/x-httpd-php-source .phps

  • open the file /etc/apache2/ports.conf.
  • add the line Listen 443:

 

Listen 80
Listen 443

  • run the following steps:

 

a2enmod ssl

a2enmod rewrite

a2enmod suexec

a2enmod include

/etc/init.d/apache2 restart

STEP 12 – Install and configure ProFTPd – the ftp-server

  • run the following step:

 

apt-get install proftpd

Answer the question with initd.

  • open the file /etc/proftpd.conf.
  • add the following lines:

 

DefaultRoot ~
IdentLookups off
ServerIdent on "FTP Server ready."

  • run the following step:

 

/etc/init.d/proftpd restart

STEP 13 – Install and Webalizer – the Logfile-analyzer

  • run the following step:

 

apt-get install webalizer

Answer the questions in following steps:

  • /var/www/webalizer
  • Usage Statistics for
  • /var/log/apache/access.log.1

 

STEP 14 – Install some Perl-modules

  • run the following step:

 

perl -MCPAN -e shell

Answer the question with no !

  • go ahead by running the following steps:

 

install HTML::Parser

install DB_File

install Net::DNS

q

apt-get install libdigest-sha1-perl libnet-dns-perl libpoe-component-client-dns-perl razor libio-socket-inet6-perl libdb-file-lock-perl libarchive-tar-perl (all in one line!)

If there comes a question with test answer with no !

The other questions with yes.

STEP 15 – Install and configure ISPConfig

  • run the following steps:

 

cd /root

wget typeinhereyourfavoritemirror

tar xvfz ISPConfig-2.2.15.tar.gz

cd install_ispconfig

./setup

Answer the questions like that:

  • pleasemakeyourownchoise
  • y
  • y
  • 1
  • y
  • y

And know you have to wait…and pray 😛

The next few questions you have to answer like this:

(these questions are for the SSL-Server-certificates)

  • R
  • typeinhereyourcountrycode-like-DE or US or UK…
  • typeinhereyourstate
  • typeinhereyourcity
  • typeinhereyourorganizationname
  • typeinhereyourorganizationunitname
  • typeinhereyourname
  • typeinhereyouremailadress
  • 3650 (this mean your certificate validity is 10 years)
  • 3
  • typeinhereyourcountrycode-like-DE or US or UK…
  • typeinhereyourstate
  • typeinhereyourcity
  • typeinhereyourorganizationname
  • typeinhereyourorganizationunitname
  • typeinhereyourinternetadress
  • typeinhereyouremailadress
  • 3650 (this mean your certificate validity is 10 years)
  • 3
  • n (! in step 7 of the setup)
  • n (! in step 8 of the setup)

And know you have to wait…and pray again, ´cause it can take a little while 😀 Now there comes some questions needed by Spamassassin:

  • typeinhereatext

Last there are some questions about the configuration.

Answer it like the following:

  • localhost
  • root
  • typeinhereyourmysqlpassword
  • db_ispconfig (it´s the default)
  • typeinhereyourserverIP like 85.123.456.789
  • h123456
  • serverkompetenz.net
  • 1 (it´s more secure with SSL)

 

That´s it – if you don´t see any ERROR-Message => CONGRATIOLATIONS

If you find some big mistakes in this HowTo => PLEASE MAIL ME, so I can correct them.

Comments

comments