Cheap VPS & Xen Server


Residential Proxy Network - Hourly & Monthly Packages

The Perfect Server – Fedora 10


This is a detailed description about how to set up a Fedora 10 server that offers all services needed by ISPs and hosters: Apache web server (SSL-capable) with PHP5/Ruby/Python, Postfix mail server with SMTP-AUTH and TLS, BIND DNS server, Proftpd FTP server, MySQL server, Dovecot POP3/IMAP, Quota, Firewall, etc.

I will use the following software:

  • Web Server: Apache 2.2.10
  • PHP 5.2.6
  • Ruby
  • Python
  • Database Server: MySQL 5.0.67
  • Mail Server: Postfix
  • DNS Server: BIND9 (chrooted)
  • FTP Server: proftpd
  • POP3/IMAP server: Dovecot
  • Webalizer for web site statistics

In the end you should have a system that works reliably, and if you like you can install the free webhosting control panel ISPConfig (i.e., ISPConfig runs on it out of the box).

I want to say first that this is not the only way of setting up such a system. There are many ways of achieving this goal but this is the way I take. I do not issue any guarantee that this will work for you!

 

1 Requirements

To install such a system you will need the following:

  • Download the Fedora 10 DVD iso image from a mirror near you (the list of mirrors can be found here: http://mirrors.fedoraproject.org/publiclist/Fedora/10/), e.g. http://fedora.tu-chemnitz.de/pub/linux/fedora/linux/releases/10/Fedora/i386/iso/Fedora-10-i386-DVD.iso
  • an Internet connection…

 

2 Preliminary Note

In this tutorial I use the hostname server1.example.com with the IP address 192.168.0.100 and the gateway 192.168.0.1. These settings might differ for you, so you have to replace them where appropriate.

 

3 Install The Base System

Boot from your Fedora 10 DVD. Select Install or upgrade an existing system:

1

It can take a long time to test the installation media so we skip this test here:

2

The welcome screen of the Fedora installer appears. Click on Next:

4

Select your keyboard layout:

5

I’m installing Fedora 10 on a fresh system, so I answer Yes to the question Would you like to initialize this drive, erasing ALL DATA?:

6

Fill in the hostname of the server:

7

Choose your time zone:

8

Give root a password:

9

Next we do the partitioning. Select Remove Linux partitions on selected drives and create default layout. This will give you a small /boot partition and a large / partition which is fine for our purposes:

10

Select Write changes to disk:

11

The hard drive is being formatted:

12

Now we select the software we want to install. Uncheck Office and Productivity and check Software Development and Web server instead. Then check Customize now. Afterwards, select the additional repositories Fedora 10 – i386 and Fedora 10 – i386 – Updates (if you are on an x86_64 system, the names are probably Fedora 10 – x86_64 and Fedora 10 – x86_64 – Updates):

13

As the last two repositories need an Internet connection, a new window pops up where you have to configure your network card. Select Enable IPv4 support, but disable Use dynamic IP configuration (DHCP); then give your network card a static IP address and netmask (in this tutorial I’m using the IP address 192.168.0.100 and netmask 255.255.255.0 for demonstration purposes; if you are not sure about the right values, http://www.subnetmask.info might help you). Also fill in your gateway (e.g. 192.168.0.1) and one nameserver (e.g. 145.253.2.75):

14

When I clicked on OK, I got an error message saying that the network configuration had failed, but despite this, details for the last two repositories were retrieved, and the checkboxes in front of the two repositories got marked, which means that the network connection is working, and the error message was wrong (might be a bug in the installer). Click on Next:

14a

Now we must select the package groups we want to install. Select Editors, Text-based Internet, Development Libraries, Development Tools, DNS Name Server, FTP Server, Mail Server, MySQL Database, Server Configuration Tools, Web Server, Administration Tools, Base, Hardware Support, Java, System Tools (unselect all other package groups) and click on Next:

15

The installation begins. This will take a few minutes:

16

Finally, the installation is complete, and you can remove your DVD from the computer and reboot it:

17

After the reboot, you will see this screen. Select Firewall configuration and hit Run Tool:

18

I want to install ISPConfig at the end of this tutorial which comes with its own firewall. That’s why I disable the default Fedora firewall now. Of course, you are free to leave it on and configure it to your needs (but then you shouldn’t use any other firewall later on as it will most probably interfere with the Fedora firewall).

Hit OK afterwards:

19

Confirm your choice by selecting Yes:

20

Next select Network configuration:

21

If you did not configure your network card during the installation (either because you did not select the additional online repositories or because the installer really failed to bring up your network card), you can do that now by going to Edit a device params:

22

Select your network interface (usually eth0):

23

Then fill in your network details – disable DHCP and fill in a static IP address, a netmask, and your gateway, then hit Ok:

24

Next select Save:

25

What you should do in all cases (regardless of whether you configured your network connection during the installation or just now) is specify nameservers (during the intial installation, you could fill in just one nameserver, therefore you should specify at least a second one now). Select Edit DNS configuration:

26

Now you can fill in additional nameservers and hit Ok:

27

Hit Save&Quit afterwards…

28

… and leave the Choose a Tool window by selecting Quit:

29

You should run

ifconfig

now to check if the installer got your IP address right. If it did not, restart the NetworkManager…

/etc/init.d/NetworkManager restart

… and if that still doesn’t help, reboot the system:

reboot

If the IP address is still not correct, run

system-config-network

and redo the network configuration.

Now, on to the configuration…

4 Adjust /etc/hosts

Next we edit /etc/hosts. Make it look like this:

vi /etc/hosts

# Do not remove the following line, or various programs
# that require network functionality will fail.
127.0.0.1               localhost.localdomain localhost
192.168.0.100           server1.example.com server1
::1             localhost6.localdomain6 localhost6

It is important that you add a line for server1.example.com and remove server1.example.com and server1 from the 127.0.0.1 line.

5 Configure The Firewall

(You can skip this chapter if you have already disabled the firewall at the end of the basic system installation.)

I want to install ISPConfig at the end of this tutorial which comes with its own firewall. That’s why I disable the default Fedora firewall now. Of course, you are free to leave it on and configure it to your needs (but then you shouldn’t use any other firewall later on as it will most probably interfere with the Fedora firewall).

Run

system-config-firewall

and disable the firewall.

To check that the firewall has really been disabled, you can run

iptables -L

afterwards. The output should look like this:

[root@server1 ~]# iptables -L
Chain INPUT (policy ACCEPT)
target     prot opt source               destination

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination
[root@server1 ~]#

 

6 Disable SELinux

SELinux is a security extension of Fedora that should provide extended security. In my opinion you don’t need it to configure a secure system, and it usually causes more problems than advantages (think of it after you have done a week of trouble-shooting because some service wasn’t working as expected, and then you find out that everything was ok, only SELinux was causing the problem). Therefore I disable it (this is a must if you want to install ISPConfig later on).

Edit /etc/selinux/config and set SELINUX=disabled:

vi /etc/selinux/config

# This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
#       enforcing - SELinux security policy is enforced.
#       permissive - SELinux prints warnings instead of enforcing.
#       disabled - No SELinux policy is loaded.
SELINUX=disabled
# SELINUXTYPE= can take one of these two values:
#       targeted - Targeted processes are protected,
#       mls - Multi Level Security protection.
SELINUXTYPE=targeted

Afterwards we must reboot the system:

reboot

 

7 Install Some Software

Next we update our existing packages on the system:

yum update

Now we install some software packages that are needed later on:

yum groupinstall ‘Development Tools’

yum groupinstall ‘Development Libraries’

 

8 Quota

(If you have chosen a different partitioning scheme than I did, you must adjust this chapter so that quota applies to the partitions where you need it.)

To install quota, we run this command:

yum install quota

Edit /etc/fstab and add ,usrquota,grpquota to the / partition (/dev/VolGroup00/LogVol00):

vi /etc/fstab

#
# /etc/fstab
# Created by anaconda on Wed Nov 26 16:56:06 2008
#
# Accessible filesystems, by reference, are maintained under '/dev/disk'
# See man pages fstab(5), findfs(8), mount(8) and/or vol_id(8) for more info
#
/dev/VolGroup00/LogVol00 /                       ext3    defaults,usrquota,grpquota        1 1
UUID=41be1fc5-8b1a-456d-9fb9-cd0f5d764f36 /boot                   ext3    defaults        1 2
tmpfs                   /dev/shm                tmpfs   defaults        0 0
devpts                  /dev/pts                devpts  gid=5,mode=620  0 0
sysfs                   /sys                    sysfs   defaults        0 0
proc                    /proc                   proc    defaults        0 0
/dev/VolGroup00/LogVol01 swap                    swap    defaults        0 0

Then run

touch /aquota.user /aquota.group
chmod 600 /aquota.*
mount -o remount /
quotacheck -avugm
quotaon -avug

to enable quota.

 

9 Install Apache, MySQL, phpMyAdmin

This can all be installed with one single command (including the packages we need to build Courier-IMAP):

yum install ntp httpd mysql-server php php-mysql php-mbstring rpm-build gcc mysql-devel openssl-devel cyrus-sasl-devel pkgconfig zlib-devel phpMyAdmin pcre-devel openldap-devel postgresql-devel expect libtool-ltdl-devel openldap-servers libtool gdbm-devel pam-devel gamin-devel

10 Install Courier-IMAP, Courier-Authlib, And Maildrop

Unfortunately there are no rpm packages for Courier-IMAP, Courier-Authlib, and Maildrop, therefore we have to build them ourselves.

RPM packages should not be built as root; courier-imap will even refuse to compile if it detects that the compilation is run as the root user. Therefore we create a normal user account now (compileuser in this example) and give him a password:

useradd -m -s /bin/bash compileuser
passwd compileuser

We will need the sudo command later on so that the user compileuser can compile and install the rpm packages. But first, we must allow compileuser to run all commands using sudo:

Run

visudo

In the file that opens there’s a line root ALL=(ALL) ALL. Add a similar line for compileuser just below that line:

[...]
root    ALL=(ALL)       ALL
compileuser   ALL=(ALL)       ALL
[...]

Now we are ready to build our rpm package. First become the user compileuser:

su compileuser

Next we create our build environment:

mkdir $HOME/rpm
mkdir $HOME/rpm/SOURCES
mkdir $HOME/rpm/SPECS
mkdir $HOME/rpm/BUILD
mkdir $HOME/rpm/BUILDROOT
mkdir $HOME/rpm/SRPMS
mkdir $HOME/rpm/RPMS
mkdir $HOME/rpm/RPMS/i386

echo “%_topdir $HOME/rpm” >> $HOME/.rpmmacros

Now we download the source files from http://www.courier-mta.org/download.php:

mkdir $HOME/downloads
cd $HOME/downloads

wget http://prdownloads.sourceforge.net/courier/courier-authlib-0.62.1.tar.bz2
wget http://prdownloads.sourceforge.net/courier/courier-imap-4.4.1.tar.bz2
wget http://prdownloads.sourceforge.net/courier/maildrop-2.0.4.tar.bz2

Now (still in $HOME/downloads) we can build courier-authlib:

sudo rpmbuild -ta courier-authlib-0.62.1.tar.bz2

After the build process, the rpm packages can be found in $HOME/rpm/RPMS/i386 ($HOME/rpm/RPMS/x86_64 if you are on an x86_64 system):

cd $HOME/rpm/RPMS/i386

The command

ls -l

shows you the available rpm packages:

[compileuser@server1 i386]$ ls -l
total 588
-rw-r–r– 1 root root 139439 2009-03-03 00:43 courier-authlib-0.62.1-1.fc10.i386.rpm
-rw-r–r– 1 root root 311720 2009-03-03 00:43 courier-authlib-debuginfo-0.62.1-1.fc10.i386.rpm
-rw-r–r– 1 root root  34714 2009-03-03 00:43 courier-authlib-devel-0.62.1-1.fc10.i386.rpm
-rw-r–r– 1 root root  17779 2009-03-03 00:43 courier-authlib-ldap-0.62.1-1.fc10.i386.rpm
-rw-r–r– 1 root root  14088 2009-03-03 00:43 courier-authlib-mysql-0.62.1-1.fc10.i386.rpm
-rw-r–r– 1 root root  13344 2009-03-03 00:43 courier-authlib-pgsql-0.62.1-1.fc10.i386.rpm
-rw-r–r– 1 root root   8144 2009-03-03 00:43 courier-authlib-pipe-0.62.1-1.fc10.i386.rpm
-rw-r–r– 1 root root  34973 2009-03-03 00:43 courier-authlib-userdb-0.62.1-1.fc10.i386.rpm
[compileuser@server1 i386]$

Select the ones you want to install, and install them like this:

sudo rpm -ivh courier-authlib-0.62.1-1.fc10.i386.rpm courier-authlib-mysql-0.62.1-1.fc10.i386.rpm courier-authlib-devel-0.62.1-1.fc10.i386.rpm

Now we go back to the $HOME/downloads directory and run rpmbuild again, this time without sudo, otherwise the compilation will fail because it was run as root:

cd $HOME/downloads
rpmbuild -ta courier-imap-4.4.1.tar.bz2

After the build process, the rpm packages can be found in $HOME/rpm/RPMS/i386 ($HOME/rpm/RPMS/x86_64 if you are on an x86_64 system):

cd $HOME/rpm/RPMS/i386

The command

ls -l

shows you the available rpm packages:

[compileuser@server1 i386]$ ls -l
total 1864
-rw-r–r– 1 root        root        139439 2009-03-03 00:43 courier-authlib-0.62.1-1.fc10.i386.rpm
-rw-r–r– 1 root        root        311720 2009-03-03 00:43 courier-authlib-debuginfo-0.62.1-1.fc10.i386.rpm
-rw-r–r– 1 root        root         34714 2009-03-03 00:43 courier-authlib-devel-0.62.1-1.fc10.i386.rpm
-rw-r–r– 1 root        root         17779 2009-03-03 00:43 courier-authlib-ldap-0.62.1-1.fc10.i386.rpm
-rw-r–r– 1 root        root         14088 2009-03-03 00:43 courier-authlib-mysql-0.62.1-1.fc10.i386.rpm
-rw-r–r– 1 root        root         13344 2009-03-03 00:43 courier-authlib-pgsql-0.62.1-1.fc10.i386.rpm
-rw-r–r– 1 root        root          8144 2009-03-03 00:43 courier-authlib-pipe-0.62.1-1.fc10.i386.rpm
-rw-r–r– 1 root        root         34973 2009-03-03 00:43 courier-authlib-userdb-0.62.1-1.fc10.i386.rpm
-rw-r–r– 1 compileuser compileuser 397991 2009-03-03 00:52 courier-imap-4.4.1-1.10.i386.rpm
-rw-r–r– 1 compileuser compileuser 895065 2009-03-03 00:52 courier-imap-debuginfo-4.4.1-1.10.i386.rpm
[compileuser@server1 i386]$

You can install courier-imap like this:

sudo rpm -ivh courier-imap-4.4.1-1.10.i386.rpm

Now we go back to the $HOME/downloads directory and run rpmbuild again, this time to build a maildrop package:

cd $HOME/downloads
sudo rpmbuild -ta maildrop-2.0.4.tar.bz2

After the build process, the rpm packages can be found in $HOME/rpm/RPMS/i386 ($HOME/rpm/RPMS/x86_64 if you are on an x86_64 system):

cd $HOME/rpm/RPMS/i386

The command

ls -l

shows you the available rpm packages:

[compileuser@server1 i386]$ ls -l
total 3076
-rw-r–r– 1 root        root        139439 2009-03-03 00:43 courier-authlib-0.62.1-1.fc10.i386.rpm
-rw-r–r– 1 root        root        311720 2009-03-03 00:43 courier-authlib-debuginfo-0.62.1-1.fc10.i386.rpm
-rw-r–r– 1 root        root         34714 2009-03-03 00:43 courier-authlib-devel-0.62.1-1.fc10.i386.rpm
-rw-r–r– 1 root        root         17779 2009-03-03 00:43 courier-authlib-ldap-0.62.1-1.fc10.i386.rpm
-rw-r–r– 1 root        root         14088 2009-03-03 00:43 courier-authlib-mysql-0.62.1-1.fc10.i386.rpm
-rw-r–r– 1 root        root         13344 2009-03-03 00:43 courier-authlib-pgsql-0.62.1-1.fc10.i386.rpm
-rw-r–r– 1 root        root          8144 2009-03-03 00:43 courier-authlib-pipe-0.62.1-1.fc10.i386.rpm
-rw-r–r– 1 root        root         34973 2009-03-03 00:43 courier-authlib-userdb-0.62.1-1.fc10.i386.rpm
-rw-r–r– 1 compileuser compileuser 397991 2009-03-03 00:52 courier-imap-4.4.1-1.10.i386.rpm
-rw-r–r– 1 compileuser compileuser 895065 2009-03-03 00:52 courier-imap-debuginfo-4.4.1-1.10.i386.rpm
-rw-r–r– 1 root        root        300664 2009-03-03 00:59 maildrop-2.0.4-1.10.i386.rpm
-rw-r–r– 1 root        root        723181 2009-03-03 00:59 maildrop-debuginfo-2.0.4-1.10.i386.rpm
-rw-r–r– 1 root        root        132551 2009-03-03 00:59 maildrop-devel-2.0.4-1.10.i386.rpm
-rw-r–r– 1 root        root         58083 2009-03-03 00:59 maildrop-man-2.0.4-1.10.i386.rpm
[compileuser@server1 i386]$

You can now install maildrop like this:

sudo rpm -ivh maildrop-2.0.4-1.10.i386.rpm

After you have compiled and installed all needed packages, you can become root again by typing

exit

 

11 Apply Quota Patch To Postfix

We have to get the Postfix source rpm, patch it with the quota patch, build a new Postfix rpm package and install it.

cd /usr/src
wget http://ftp-stud.fht-esslingen.de/pub/Mirrors/fedora/linux/releases/10/Fedora/source/SRPMS/postfix-2.5.5-1.fc10.src.rpm
rpm -ivh postfix-2.5.5-1.fc10.src.rpm

The last command will show some warnings that you can ignore:

warning: user mockbuild does not exist – using root
warning: group mockbuild does not exist – using root

cd /root/rpmbuild/SOURCES
wget http://vda.sourceforge.net/VDA/postfix-2.5.5-vda-ng.patch.gz
gunzip postfix-2.5.5-vda-ng.patch.gz
cd /root/rpmbuild/SPECS/

Now we must edit the file postfix.spec:

vi postfix.spec

Add Patch0: postfix-2.5.5-vda-ng.patch to the # Patches stanza, and %patch0 -p1 -b .vda-ng to the %setup -q stanza:

[...]
# Patches

Patch0: postfix-2.5.5-vda-ng.patch
Patch1: postfix-2.1.1-config.patch
Patch3: postfix-alternatives.patch
Patch6: postfix-2.1.1-obsolete.patch
Patch7: postfix-2.1.5-aliases.patch
Patch8: postfix-large-fs.patch
Patch9: postfix-2.4.0-cyrus.patch
Patch10: postfix-2.4.5-open_define.patch
[...]
%prep
%setup -q
# Apply obligatory patches
%patch0 -p1 -b .vda-ng
%patch1 -p1 -b .config
%patch3 -p1 -b .alternatives
%patch6 -p1 -b .obsolete
%patch7 -p1 -b .aliases
%patch8 -p1 -b .large-fs
%patch9 -p1 -b .cyrus
%patch10 -p1 -b .open_define
[...]

Then we build our new Postfix rpm package with quota and MySQL support:

rpmbuild -ba postfix.spec

Our Postfix rpm package is created in /root/rpmbuild/RPMS/i386 (/root/rpmbuild/RPMS/x86_64 if you are on an x86_64 system), so we go there:

cd /root/rpmbuild/RPMS/i386

The command

ls -l

shows you the available packages:

[root@server1 i386]# ls -l
total 11828
-rw-r–r– 1 root root 4006804 2009-03-03 01:06 postfix-2.5.5-1.fc10.i386.rpm
-rw-r–r– 1 root root 8027876 2009-03-03 01:06 postfix-debuginfo-2.5.5-1.fc10.i386.rpm
-rw-r–r– 1 root root   51904 2009-03-03 01:06 postfix-pflogsumm-2.5.5-1.fc10.i386.rpm
[root@server1 i386]#

Pick the Postfix package and install it like this:

rpm -ivh postfix-2.5.5-1.fc10.i386.rpm

Then turn off Sendmail and start Postfix, saslauthd, and courier-authlib:

chkconfig –levels 235 courier-authlib on
/etc/init.d/courier-authlib start

chkconfig –levels 235 sendmail off
chkconfig –levels 235 postfix on
chkconfig –levels 235 saslauthd on
/etc/init.d/sendmail stop
/etc/init.d/postfix start
/etc/init.d/saslauthd start

 

12 Configure Courier

Now we create the system startup links for courier-imap:

chkconfig –levels 235 courier-imap on
/etc/init.d/courier-authlib restart
/etc/init.d/courier-imap restart

When courier-imap is started for the first time, it automatically creates the certificate files /usr/lib/courier-imap/share/imapd.pem and /usr/lib/courier-imap/share/pop3d.pem from the /usr/lib/courier-imap/etc/imapd.cnf and /usr/lib/courier-imap/etc/pop3d.cnf files. Because the .cnf files contain the line CN=localhost, but our server is named server1.example.com, the certificates might cause problems when you use TLS connections. To solve this, we delete both certificates…

cd /usr/lib/courier-imap/share/
rm -f imapd.pem
rm -f pop3d.pem

… and replace the CN=localhost lines in /usr/lib/courier-imap/etc/imapd.cnf and /usr/lib/courier-imap/etc/pop3d.cnf with CN=server1.example.com:

vi /usr/lib/courier-imap/etc/imapd.cnf

[...]
CN=server1.example.com
[...]

vi /usr/lib/courier-imap/etc/pop3d.cnf

[...]
CN=server1.example.com
[...]

Then we recreate both certificates…

./mkimapdcert
./mkpop3dcert

… and restart courier-authlib and courier-imap:

/etc/init.d/courier-authlib restart
/etc/init.d/courier-imap restart

 

13 Install Getmail

Getmail can be installed as follows:

yum install getmail

14 Set MySQL Passwords And Configure phpMyAdmin

Start MySQL:

chkconfig –levels 235 mysqld on
/etc/init.d/mysqld start

Then set passwords for the MySQL root account:

mysqladmin -u root password yourrootsqlpassword
mysqladmin -h server1.example.com -u root password yourrootsqlpassword

If the last command throws an error at you…

[root@server1 i386]# mysqladmin -h server1.example.com -u root password Kreationnext
mysqladmin: connect to server at ‘server1.example.com’ failed
error: ‘Access denied for user ‘root’@’localhost’ (using password: NO)’
[root@server1 i386]#

… we can set the password as follows: connect to MySQL:

mysql -u root -p

Type in the password for the MySQL root user. Then, on the MySQL shell, do this:

mysql> USE mysql;

mysql> UPDATE user SET Password = password(‘yourrootsqlpassword’) WHERE Host = ‘server1.example.com’ AND User = ‘root’;

mysql> UPDATE user SET Password = password(‘yourrootsqlpassword’) WHERE Host = ‘127.0.0.1’ AND User = ‘root’;

Run

mysql> SELECT * FROM user;

to make sure that all rows where the user is root have a password.

If everything is looking ok, run

mysql> FLUSH PRIVILEGES;

… and leave the MySQL shell:

mysql> quit;

Now we configure phpMyAdmin. We change the Apache configuration so that phpMyAdmin allows connections not just from localhost (by commenting out the <Directory /usr/share/phpmyadmin> stanza):

vi /etc/httpd/conf.d/phpMyAdmin.conf

# phpMyAdmin - Web based MySQL browser written in php
#
# Allows only localhost by default
#
# But allowing phpMyAdmin to anyone other than localhost should be considered
# dangerous unless properly secured by SSL

Alias /phpMyAdmin /usr/share/phpMyAdmin
Alias /phpmyadmin /usr/share/phpMyAdmin
#<Directory /usr/share/phpMyAdmin/>
#   order deny,allow
#   deny from all
#   allow from 127.0.0.1
#</Directory>

# This directory does not require access over HTTP - taken from the original
# phpMyAdmin upstream tarball
#
<Directory /usr/share/phpMyAdmin/libraries>
    Order Deny,Allow
    Deny from All
    Allow from None
</Directory>

# This configuration prevents mod_security at phpMyAdmin directories from
# filtering SQL etc.  This may break your mod_security implementation.
#
#<IfModule mod_security.c>
#    <Directory /usr/share/phpMyAdmin>
#        SecRuleInheritance Off
#    </Directory>
#</IfModule>

Then we create the system startup links for Apache and start it:

chkconfig –levels 235 httpd on
/etc/init.d/httpd start

Now you can direct your browser to http://server1.example.com/phpmyadmin/ or http://192.168.0.100/phpmyadmin/ and log in with the user name root and your new root MySQL password.

 

15 Install Amavisd-new, SpamAssassin And ClamAV

To install amavisd-new, spamassassin and clamav, run the following command:

yum install amavisd-new spamassassin clamav clamav-data clamav-server clamav-update unzip bzip2 perl-DBD-mysql

When we installed ClamAV, a cron job got installed that tries to update the ClamAV virus database every three hours. But this works only if we enable it in /etc/sysconfig/freshclam and /etc/freshclam.conf:

vi /etc/sysconfig/freshclam

Comment out the FRESHCLAM_DELAY line at the end:

## When changing the periodicity of freshclam runs in the crontab,
## this value must be adjusted also. Its value is the timespan between
## two subsequent freshclam runs in minutes. E.g. for the default
##
## | 0 */3 * * *  ...
##
## crontab line, the value is 180 (minutes).
# FRESHCLAM_MOD=

## A predefined value for the delay in seconds. By default, the value is
## calculated by the 'hostid' program. This predefined value guarantees
## constant timespans of 3 hours between two subsequent freshclam runs.
##
## This option accepts two special values:
## 'disabled-warn'  ...  disables the automatic freshclam update and
##                         gives out a warning
## 'disabled'       ...  disables the automatic freshclam silently
# FRESHCLAM_DELAY=


### !!!!! REMOVE ME !!!!!!
### REMOVE ME: By default, the freshclam update is disabled to avoid
### REMOVE ME: network access without prior activation
#FRESHCLAM_DELAY=disabled-warn  # REMOVE ME

vi /etc/freshclam.conf

Comment out the Example line:

[...]
# Comment or remove the line below.
#Example
[...]

Then we start freshclam, amavisd, and clamd…

chkconfig –levels 235 amavisd on
chkconfig –levels 235 clamd.amavisd on
/usr/bin/freshclam
/etc/init.d/amavisd start
/etc/init.d/clamd.amavisd start

… and change the ownership of some directories:

chown amavis /var/run/amavisd /var/spool/amavisd /var/spool/amavisd/tmp /var/spool/amavisd/db

 

16 Installing Apache2 With mod_php, mod_fcgi/PHP5, And suPHP

ISPConfig 3 allows you to use mod_php, mod_fcgi/PHP5, cgi/PHP5, and suPHP on a per website basis.

We can install Apache2with mod_php5, mod_fcgid, and PHP5 as follows:

yum install php php-devel php-gd php-imap php-ldap php-mysql php-odbc php-pear php-xml php-xmlrpc php-eaccelerator php-mbstring php-mcrypt php-mhash php-mssql php-snmp php-soap php-tidy curl curl-devel perl-libwww-perl ImageMagick libxml2 libxml2-devel mod_fcgid php-cli httpd-devel

Next we open /etc/php.ini

vi /etc/php.ini

… and change the error reporting (so that notices aren’t shown any longer) and add cgi.fix_pathinfo = 1 at the end of the file:

[...]
;error_reporting  =  E_ALL
error_reporting = E_ALL & ~E_NOTICE
[...]
cgi.fix_pathinfo = 1

Next we install suPHP:

cd /tmp
wget http://www.suphp.org/download/suphp-0.7.0.tar.gz
tar xvfz suphp-0.7.0.tar.gz
cd suphp-0.7.0/
./configure –prefix=/usr –sysconfdir=/etc –with-apr=/usr/bin/apr-1-config –with-apxs=/usr/sbin/apxs –with-apache-user=apache –with-setid-mode=owner –with-php=/usr/bin/php-cgi –with-logfile=/var/log/httpd/suphp_log –enable-SUPHP_USE_USERGROUP=yes
make
make install

Then we add the suPHP module to our Apache configuration…

vi /etc/httpd/conf.d/suphp.conf

LoadModule suphp_module modules/mod_suphp.so

… and create the file /etc/suphp.conf as follows:

vi /etc/suphp.conf

[global]
;Path to logfile
logfile=/var/log/httpd/suphp.log

;Loglevel
loglevel=info

;User Apache is running as
webserver_user=apache

;Path all scripts have to be in
docroot=/

;Path to chroot() to before executing script
;chroot=/mychroot

; Security options
allow_file_group_writeable=true
allow_file_others_writeable=false
allow_directory_group_writeable=true
allow_directory_others_writeable=false

;Check wheter script is within DOCUMENT_ROOT
check_vhost_docroot=true

;Send minor error messages to browser
errors_to_browser=false

;PATH environment variable
env_path=/bin:/usr/bin

;Umask to set, specify in octal notation
umask=0077

; Minimum UID
min_uid=100

; Minimum GID
min_gid=100

[handlers]
;Handler for php-scripts
x-httpd-suphp="php:/usr/bin/php-cgi"

;Handler for CGI-scripts
x-suphp-cgi="execute:!self"

Finally we restart Apache:

/etc/init.d/httpd restart

 

17 Install PureFTPd

PureFTPd can be installed with the following command:

yum install pure-ftpd

Then create the system startup links and start PureFTPd:

chkconfig –levels 235 pure-ftpd on
/etc/init.d/pure-ftpd start

 

18 Install MyDNS

We can install MyDNS as follows:

wget http://mydns.bboy.net/download/mydns-mysql-1.1.0-1.i386.rpm
rpm -ivh mydns-mysql-1.1.0-1.i386.rpm

When the system boots, MyDNS must be started after MySQL. The MySQL startup link has the priority 64 on Fedora 10, so the MyDNS startup link must have a priority between 65 and 99. Therefore we open the MyDNS init script…

vi /etc/init.d/mydns

… and change

[...]
# chkconfig: 345 52 50
[...]

to

[...]
# chkconfig: 345 65 50
[...]

Then we create the startup links:

chkconfig –levels 235 mydns on

We don’t start MyDNS now because it must be configured first – this will be done automatically by the ISPConfig 3 installer later on.

 

19 Install Vlogger And Webalizer

Vlogger and webalizer can be installed as follows:

yum install webalizer perl-DateTime-Format-HTTP perl-DateTime-Format-Builder

cd /tmp
wget http://n0rp.chemlab.org/vlogger/vlogger-1.3.tar.gz
tar xvfz vlogger-1.3.tar.gz
mv vlogger-1.3/vlogger /usr/sbin/
rm -rf vlogger*

20 Install Jailkit

Jailkit is needed only if you want to chroot SSH users. It can be installed as follows (important: Jailkit must be installed before ISPConfig – it cannot be installed afterwards!):

cd /tmp
wget http://olivier.sessink.nl/jailkit/jailkit-2.5.tar.gz
tar xvfz jailkit-2.5.tar.gz
cd jailkit-2.5
./configure
make
make install
rm -rf jailkit-2.5*

 

21 Install fail2ban

This is optional but recommended, because the ISPConfig monitor tries to show the log:

yum install fail2ban

chkconfig –levels 235 fail2ban on
/etc/init.d/fail2ban start

 

22 Install rkhunter

rkhunter can be installed as follows:

yum install rkhunter

 

23 Install SquirrelMail

To install the SquirrelMail webmail client, run…

yum install squirrelmail

… and restart Apache:

/etc/init.d/httpd restart

Then configure SquirrelMail:

/usr/share/squirrelmail/config/conf.pl

We must tell SquirrelMail that we are using Courier-IMAP/-POP3:

SquirrelMail Configuration : Read: config.php (1.4.0)
———————————————————
Main Menu —
1.  Organization Preferences
2.  Server Settings
3.  Folder Defaults
4.  General Options
5.  Themes
6.  Address Books
7.  Message of the Day (MOTD)
8.  Plugins
9.  Database
10. Languages

D.  Set pre-defined settings for specific IMAP servers

C   Turn color off
S   Save data
Q   Quit

Command >> <– D

SquirrelMail Configuration : Read: config.php
———————————————————
While we have been building SquirrelMail, we have discovered some
preferences that work better with some servers that don’t work so
well with others.  If you select your IMAP server, this option will
set some pre-defined settings for that server.

Please note that you will still need to go through and make sure
everything is correct.  This does not change everything.  There are
only a few settings that this will change.

Please select your IMAP server:
bincimap    = Binc IMAP server
courier     = Courier IMAP server
cyrus       = Cyrus IMAP server
dovecot     = Dovecot Secure IMAP server
exchange    = Microsoft Exchange IMAP server
hmailserver = hMailServer
macosx      = Mac OS X Mailserver
mercury32   = Mercury/32
uw          = University of Washington’s IMAP server

quit        = Do not change anything
Command >> <– courier

SquirrelMail Configuration : Read: config.php
———————————————————
While we have been building SquirrelMail, we have discovered some
preferences that work better with some servers that don’t work so
well with others.  If you select your IMAP server, this option will
set some pre-defined settings for that server.

Please note that you will still need to go through and make sure
everything is correct.  This does not change everything.  There are
only a few settings that this will change.

Please select your IMAP server:
bincimap    = Binc IMAP server
courier     = Courier IMAP server
cyrus       = Cyrus IMAP server
dovecot     = Dovecot Secure IMAP server
exchange    = Microsoft Exchange IMAP server
hmailserver = hMailServer
macosx      = Mac OS X Mailserver
mercury32   = Mercury/32
uw          = University of Washington’s IMAP server

quit        = Do not change anything
Command >> courier

imap_server_type = courier
default_folder_prefix = INBOX.
trash_folder = Trash
sent_folder = Sent
draft_folder = Drafts
show_prefix_option = false
default_sub_of_inbox = false
show_contain_subfolders_option = false
optional_delimiter = .
delete_folder = true

Press any key to continue… <– press a key

SquirrelMail Configuration : Read: config.php (1.4.0)
———————————————————
Main Menu —
1.  Organization Preferences
2.  Server Settings
3.  Folder Defaults
4.  General Options
5.  Themes
6.  Address Books
7.  Message of the Day (MOTD)
8.  Plugins
9.  Database
10. Languages

D.  Set pre-defined settings for specific IMAP servers

C   Turn color off
S   Save data
Q   Quit

Command >> <–S

SquirrelMail Configuration : Read: config.php (1.4.0)
———————————————————
Main Menu —
1.  Organization Preferences
2.  Server Settings
3.  Folder Defaults
4.  General Options
5.  Themes
6.  Address Books
7.  Message of the Day (MOTD)
8.  Plugins
9.  Database
10. Languages

D.  Set pre-defined settings for specific IMAP servers

C   Turn color off
S   Save data
Q   Quit

Command >> <–Q

One last thing we need to do is modify the file /etc/squirrelmail/config_local.php and comment out the $default_folder_prefix variable – if you don’t do this, you will see the following error message in SquirrelMail after you’ve logged in: Query: CREATE “Sent” Reason Given: Invalid mailbox name.

vi /etc/squirrelmail/config_local.php

<?php
/**
 * Local config overrides.
 *
 * You can override the config.php settings here.
 * Don't do it unless you know what you're doing.
 * Use standard PHP syntax, see config.php for examples.
 *
 * @copyright &copy; 2002-2006 The SquirrelMail Project Team
 * @license http://opensource.org/licenses/gpl-license.php GNU Public License
 * @version $Id: config_local.php,v 1.2 2006/07/11 03:33:47 wtogami Exp $
 * @package squirrelmail
 * @subpackage config
 */
//$default_folder_prefix                = '';
?>

Now you can type in http://server1.example.com/webmail or http://192.168.0.100/webmail in your browser to access SquirrelMail.

38

24 Install ISPConfig 3

Uninstall BIND and Dovecot so that the ISPConfig installer configures ISPConfig for MyDNS and Courier:

yum remove bind dovecot

To install ISPConfig 3 from the latest released version, do this:

cd /tmp
wget http://downloads.sourceforge.net/ispconfig/ISPConfig-3.0.1.tar.gz?use_mirror=
tar xvfz ISPConfig-3.0.1.tar.gz
cd ispconfig3_install/install/

(Replace ISPConfig-3.0.1.tar.gz with the latest version.)

The next step is to run

php -q install.php

This will start the ISPConfig 3 installer:

[root@server1 install]# php -q install.php

——————————————————————————–
_____ ___________   _____              __ _
|_   _/  ___| ___ \ /  __ \            / _(_)
| | \ `–.| |_/ / | /  \/ ___  _ __ | |_ _  __ _
| |  `–. \  __/  | |    / _ \| ‘_ \|  _| |/ _` |
_| |_/\__/ / |     | \__/\ (_) | | | | | | | (_| |
\___/\____/\_|      \____/\___/|_| |_|_| |_|\__, |
__/ |
|___/
——————————————————————————–

>> Initial configuration

Operating System: Fedora 10 or compatible

Following will be a few questions for primary configuration so be careful.
Default values are in [brackets] and can be accepted with <ENTER>.
Tap in “quit” (without the quotes) to stop the installer.

Select language (en,de) [en]: <– ENTER

Installation mode (standard,expert) [standard]: <– ENTER

Full qualified hostname (FQDN) of the server, eg server1.domain.tld  [server1.example.com]: <– ENTER

MySQL server hostname [localhost]: <– ENTER

MySQL root username [root]: <– ENTER

MySQL root password []: <– yourrootsqlpassword

MySQL database to create [dbispconfig]: <– ENTER

MySQL charset [utf8]: <– ENTER

Generating a 2048 bit RSA private key
…………………………+++
……………………………………+++
writing new private key to ‘smtpd.key’
—–
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter ‘.’, the field will be left blank.
—–
Country Name (2 letter code) [GB]:
 <– ENTER
State or Province Name (full name) [Berkshire]: <– ENTER
Locality Name (eg, city) [Newbury]: <– ENTER
Organization Name (eg, company) [My Company Ltd]: <– ENTER
Organizational Unit Name (eg, section) []: <– ENTER
Common Name (eg, your name or your server’s hostname) []: <– ENTER
Email Address []: <– ENTER
Configuring Jailkit
Configuring SASL
Configuring PAM
Configuring Courier
Configuring Spamassassin
Configuring Amavisd
Configuring Getmail
Configuring Pureftpd
Configuring MyDNS
Configuring Apache
Configuring Firewall
Installing ISPConfig
ISPConfig Port [8080]:
 <– ENTER

Configuring DBServer
Installing Crontab
no crontab for root
no crontab for getmail
Restarting services …
Stopping MySQL:                                            [  OK  ]
Starting MySQL:                                            [  OK  ]
Shutting down postfix:                                     [  OK  ]
Starting postfix:                                          [  OK  ]
Stopping saslauthd:                                        [  OK  ]
Starting saslauthd:                                        [  OK  ]
Waiting for the process [1788] to terminate
Daemon [1788] terminated by SIGTERM
Shutting down amavisd:                                     [  OK  ]
amavisd stopped
Starting amavisd:                                          [  OK  ]

Stopping clamd.amavisd:                                    [  OK  ]
Starting clamd.amavisd:                                    [  OK  ]
Stopping Courier authentication services: authdaemond
Starting Courier authentication services: authdaemond
Stopping Courier-IMAP server: imap imap-ssl pop3 pop3-ssl
Starting Courier-IMAP server: imap imap-ssl pop3 pop3-ssl
Stopping Courier-IMAP server: imap imap-ssl pop3 pop3-ssl
Starting Courier-IMAP server: imap imap-ssl pop3 pop3-ssl
Stopping Courier-IMAP server: imap imap-ssl pop3 pop3-ssl
Starting Courier-IMAP server: imap imap-ssl pop3 pop3-ssl
Stopping Courier-IMAP server: imap imap-ssl pop3 pop3-ssl
Starting Courier-IMAP server: imap imap-ssl pop3 pop3-ssl
Stopping httpd:                                            [  OK  ]
Starting httpd:                                            [  OK  ]
Stopping pure-ftpd:                                        [  OK  ]
Starting pure-ftpd:                                        [  OK  ]
Installation completed.
[root@server1 install]#

The installer automatically configures all underlying services, so no manual configuration is needed.

Afterwards you can access ISPConfig 3 under http://server1.example.com:8080/ or http://192.168.0.100:8080/. Log in with the username admin and the password admin (you should change the default password after your first login):

36

37

The system is now ready to be used.

 

24.1 ISPConfig 3 Manual

 

  • Fedora: http://fedoraproject.org
  • ISPConfig: http://www.ispconfig.org

 

 

 

Comments

comments