Cheap VPS & Xen Server


Residential Proxy Network - Hourly & Monthly Packages

The Perfect Server – OpenSUSE 11.2 x86_64 [ISPConfig 3]


This is a detailed description about how to set up an OpenSUSE 11.2 64bit (x86_64) server that offers all services needed by ISPs and hosters: Apache web server (SSL-capable) with PHP, CGI and SSI support, Postfix mail server with SMTP-AUTH, TLS and virtual mail users, MyDNS DNS server, Pureftpd FTP server, MySQL server, Courier POP3/IMAP, Quota, Firewall, etc.

I will use the following software:

  • Web Server: Apache 2.2 with PHP 5
  • Database Server: MySQL
  • Mail Server: Postfix with virtual users
  • DNS Server: MyDNS
  • FTP Server: pureftpd
  • POP3/IMAP: Courier-POP3/Courier-IMAP.
  • Webalizer for web site statistics

In the end you should have a system that works reliably and is easily manageable with the ISPConfig 3 control panel. The following guide is for the 64bit version of OpenSUSE.

I want to say first that this is not the only way of setting up such a system. There are many ways of achieving this goal but this is the way I take. I do not issue any guarantee that this will work for you!

Notice: This guide if for ISPConfig 3.0.1 or newer. It is not suitable for ISPConfig 2.x

 

1 Requirements

To install such a system you will need the following:

  • The OpenSUSE 11.2 DVD. You can download it here: http://download.opensuse.org/distribution/11.2/iso/openSUSE-11.2-DVD-x86_64.iso
  • A fast Internet connection…

 

2 Preliminary Note

In this tutorial I use the hostname server1.example.com with the IP address 192.168.0.100 and the gateway 192.168.0.1. These settings might differ for you, so you have to replace them where appropriate.

3 The Base System

Boot from your OpenSUSE 11.2 DVD and select Installation:

1

Select your language, keyboard layout and accept the licence terms:

2

The installer analyzes your hardware and builds the software repository cache:

3

Select New Installation:

4

Select the region and timezone:

5

We select Other > Minimal Server Selection (Text Mode) here as we want to install a server without X-Window desktop. The X-Window system is not necessary to run the server and would slow down the system. We will do all administration tasks on the shell or through an SSH connection, e.g. via PuTTY from a remote desktop.

6

Click on Edit Partition Setup… to change the proposed partitions. As this is a server setup, we need a large /srv partition instead of the /home partition:

7

Select /dev/sda3 and click on Edit…:

8

Change the Mount Point to /srv and click on Finish:

9

Click on Accept:

10

Click on Next:

11

Now I create a user named administrator. You may use any username you like. Make sure that you disable the Automatic Login checkbox for this user. The password that you enter here will be used as the root password:

12

The installer shows an overview of the selected install options. Scroll down to the Firewall and SSH section and enable SSH…

13

… and then disable the firewall (ISPConfig 3 comes with its own firewall):

14

14

Click on Install to start the installation process:

15

Confirm that you want to start the installation:

16

The installer formats the hard disk, installs the software packages and prepares the system configuration for the first boot:

16

After the basic installation is finished, the system will do an automatic reboot:

18

The automatic configuration starts right after the system has rebooted:

19

Now log in with the username root and the password that you selected during the installation.

4 Configure the Network settings

We use Yast, the OpenSuSE system management tool to reconfigure the network card settings. After the first boot, the system is configured to get the IP address with DHCP. For a server we will switch it to a static IP address.

Run

yast2

Select Network Devices > Network Settings:

20

Select your network card and then Edit:

21

Select Statically assigned IP Address and enter the IP address, subnet mask and hostname and save the changes by selecting Next:

22

Now select Hostname/DNS and enter the hostname (e.g. server1.example.com) and nameservers (e.g. 145.253.2.75 and 213.191.92.86):

23

Now select Routing and enter the default gateway and hit OK:

24

To configure the firewall (in case you didn’t configure it during the basic installation), select Security and Users > Firewall in Yast:

25

I want to install ISPConfig at the end of this tutorial which comes with its own firewall. That’s why I disable the default OpenSUSE firewall now. Of course, you are free to leave it on and configure it to your needs (but then you shouldn’t use any other firewall later on as it will most probably interfere with the OpenSUSE firewall).

Select Disable Firewall Automatic Starting and Stop Firewall Now, then hit Next:

26

Hit Finish and leave Yast:

27

5 Install updates

Now we install the latest updates from the openSUSE repositories. Run

zypper update

And then reboot the server as you most likely installed some kernel updates, too:

reboot

 

6 Journaled Quota

To install quota, run

yast2 -i quota

Edit /etc/fstab to look like this (I added ,usrjquota=aquota.user,grpjquota=aquota.group,jqfmt=vfsv0 to the mountpoints / and /srv):

vi /etc/fstab

/dev/sda1            swap                 swap       defaults              0 0
/dev/sda2            /                    ext4       acl,user_xattr,usrjquota=aquota.user,grpjquota=aquota.group,jqfmt=vfsv0        1 1
/dev/sda3            /srv                 ext4       acl,user_xattr,usrjquota=aquota.user,grpjquota=aquota.group,jqfmt=vfsv0        1 2
proc                 /proc                proc       defaults              0 0
sysfs                /sys                 sysfs      noauto                0 0
debugfs              /sys/kernel/debug    debugfs    noauto                0 0
devpts               /dev/pts             devpts     mode=0620,gid=5       0 0

Then run:

touch /aquota.user /aquota.group
chmod 600 /aquota.*
touch /srv/aquota.user /srv/aquota.group
chmod 600 /srv/aquota.*

mount -o remount /
mount -o remount /srv

quotacheck -avugm
quotaon -avug

Dont be worried if you see these error messages – they are normal when you run quotacheck for the first time:

server1:~ # quotacheck -avugm
quotacheck: WARNING – Quotafile //aquota.user was probably truncated. Cannot save quota settings…
quotacheck: WARNING – Quotafile //aquota.group was probably truncated. Cannot save quota settings…
quotacheck: Scanning /dev/sda2 [/] done
quotacheck: Checked 4670 directories and 51529 files
quotacheck: WARNING – Quotafile /srv/aquota.user was probably truncated. Cannot save quota settings…
quotacheck: WARNING – Quotafile /srv/aquota.group was probably truncated. Cannot save quota settings…
quotacheck: Scanning /dev/sda3 [/srv] done
quotacheck: Checked 6 directories and 2 files
server1:~ #
7 Install some basic packes and the compilers that we need later

Run

yast2 -i findutils readline libgcc glibc-devel findutils-locate gcc flex lynx compat-readline4 db-devel wget gcc-c++ subversion make vim telnet cron iptables iputils man man-pages nano pico

8 Install Postfix, Courier, Saslauthd, MySQL

Run

yast2 -i postfix postfix-mysql mysql mysql-client courier-imap courier-authlib courier-authlib-mysql python cron cyrus-sasl cyrus-sasl-crammd5 cyrus-sasl-digestmd5 cyrus-sasl-gssapi cyrus-sasl-otp cyrus-sasl-plain cyrus-sasl-saslauthd libmysqlclient-devel pwgen

Start MySQL, Postfix, SASL and Courier and enable the services to be started at boot time.

chkconfig –add mysql
chkconfig –add postfix
chkconfig –add saslauthd
chkconfig –add fam
chkconfig –add courier-authdaemon
chkconfig –add courier-pop
chkconfig –add courier-imap
chkconfig –add courier-pop-ssl
chkconfig –add courier-imap-ssl
/etc/init.d/mysql start
/etc/init.d/postfix start
/etc/init.d/saslauthd start
/etc/init.d/courier-pop start
/etc/init.d/courier-imap start
/etc/init.d/courier-pop-ssl start
/etc/init.d/courier-imap-ssl start

Now I install some rpm packages which are not available from the OpenSUSE main repositories.

cd /tmp
rpm -i http://download.opensuse.org/repositories/server:/mail/openSUSE_11.2/noarch/getmail-4.13.0-1.1.noarch.rpm
rpm –force -i http://download.opensuse.org/repositories/server:/mail/openSUSE_11.2/x86_64/maildrop-2.2.0-2.9.x86_64.rpm

Warnings like warning: /var/tmp/rpm-tmp.OW27Dr: Header V3 DSA signature: NOKEY, key ID 367fe7fc can be ignored.

Next I install the pam_mysql module from source. pam_mysql is not available from the main OpenSUSE repository and the package from the build service did not work for me.

yast2 -i pam-devel pam-32bit pam-devel-32bit pam-modules-32bit

cd /tmp
wget http://heanet.dl.sourceforge.net/sourceforge/pam-mysql/pam_mysql-0.7RC1.tar.gz
tar xvfz pam_mysql-0.7RC1.tar.gz
cd pam_mysql-0.7RC1
./configure
make
make install
rm -rf /tmp/pam_mysql-0.7RC1
rm /tmp/pam_mysql-0.7RC1.tar.gz

To secure the MySQL installation, run:

mysql_secure_installation

Now you will be asked several questions:

server1:~ # mysql_secure_installation

NOTE: RUNNING ALL PARTS OF THIS SCRIPT IS RECOMMENDED FOR ALL MySQL
SERVERS IN PRODUCTION USE!  PLEASE READ EACH STEP CAREFULLY!

In order to log into MySQL to secure it, we’ll need the current
password for the root user.  If you’ve just installed MySQL, and
you haven’t set the root password yet, the password will be blank,
so you should just press enter here.

Enter current password for root (enter for none): <– ENTER
OK, successfully used password, moving on…

Setting the root password ensures that nobody can log into the MySQL
root user without the proper authorisation.

Set root password? [Y/n] <– Y
New password: <– yourrootsqlpassword
Re-enter new password: <– yourrootsqlpassword
Password updated successfully!
Reloading privilege tables..
… Success!

By default, a MySQL installation has an anonymous user, allowing anyone
to log into MySQL without having to have a user account created for
them.  This is intended only for testing, and to make the installation
go a bit smoother.  You should remove them before moving into a
production environment.

Remove anonymous users? [Y/n] <– Y
 … Success!

Normally, root should only be allowed to connect from ‘localhost’.  This
ensures that someone cannot guess at the root password from the network.

Disallow root login remotely? [Y/n] <– Y
… Success!

By default, MySQL comes with a database named ‘test’ that anyone can
access.  This is also intended only for testing, and should be removed
before moving into a production environment.

Remove test database and access to it? [Y/n] <– Y
 – Dropping test database…
… Success!
– Removing privileges on test database…
… Success!

Reloading the privilege tables will ensure that all changes made so far
will take effect immediately.

Reload privilege tables now? [Y/n] <– Y
 … Success!

Cleaning up…

All done!  If you’ve completed all of the above steps, your MySQL
installation should now be secure.

Thanks for using MySQL!

server1:~ #

Now your MySQL setup should be secured.

 

9 Amavisd-new, Spamassassin and Clamav

Install Amavisd-new, Spamassassin and Clamav antivirus. Run

yast2 -i amavisd-new clamav clamav-db zoo unzip unrar bzip2 unarj perl-DBD-mysql

Open /etc/amavisd.conf

vi /etc/amavisd.conf

… and add the $myhostname line with your correct hostname below the $mydomain line:

[...]
$mydomain = 'example.com';   # a convenient default for other settings
$myhostname = "server1.$mydomain";
[...]

To enable the services, run:

chkconfig –add amavis
chkconfig –add clamd
/etc/init.d/amavis start
/etc/init.d/clamd start

 

10 Install the Apache 2 Webserver and PHP5

Inastall Apache2 and suphp. Run:

yast2 -i apache2 apache2-mod_fcgid

Install PHP5:

yast2 -i php5-bcmath php5-bz2 php5-calendar php5-ctype php5-curl php5-dom php5-ftp php5-gd php5-gettext php5-gmp php5-iconv php5-imap php5-ldap php5-mbstring php5-mcrypt php5-mysql php5-odbc php5-openssl php5-pcntl php5-pgsql php5-posix php5-shmop php5-snmp php5-soap php5-sockets php5-sqlite php5-sysvsem php5-tokenizer php5-wddx php5-xmlrpc php5-xsl php5-zlib php5-exif php5-fastcgi php5-pear php5-sysvmsg php5-sysvshm ImageMagick curl apache2-mod_php5

rpm -i http://download.opensuse.org/repositories/server:/php/openSUSE_11.2/x86_64/suphp-0.7.1-3.1.x86_64.rpm

Then run these commands to enable the Apache modules:

a2enmod suexec
a2enmod rewrite
a2enmod ssl
a2enmod actions
a2enmod suphp
a2enmod fcgid
chown root:www /usr/sbin/suexec2
chmod 4755 /usr/sbin/suexec2

And start Apache.

chkconfig –add apache2
/etc/init.d/apache2 start

Install phpMyAdmin:

rpm -i http://download.opensuse.org/repositories/server:/php:/applications/openSUSE_11.2/noarch/phpMyAdmin-3.2.3-1.1.noarch.rpm

Warnings like warning: /var/tmp/rpm-tmp.kRRPEK: Header V3 DSA signature: NOKEY, key ID ddcd7f1a can be ignored.

 

11 pure-ftpd

Install the pure-ftpd FTP daemon. Run:

yast2 -i pure-ftpd quota

chkconfig –add pure-ftpd
/etc/init.d/pure-ftpd start

12 MyDNS

We install the MyDNS rpm package for i386 which works on x86_64 as well:

wget http://mydns.bboy.net/download/mydns-mysql-1.1.0-1.i386.rpm
rpm -ivh –force mydns-mysql-1.1.0-1.i386.rpm

Create the following MyDNS init script:

vi /etc/init.d/mydns

#! /bin/sh
# Copyright (c) 1995-2004 SUSE Linux AG, Nuernberg, Germany.
# All rights reserved.
#
# Author: Kurt Garloff
# Please send feedback to http://www.suse.de/feedback/
#
# /etc/init.d/mydns
#   and its symbolic link
# /(usr/)sbin/rcmydns
#
#    This program is free software; you can redistribute it and/or modify
#    it under the terms of the GNU General Public License as published by
#    the Free Software Foundation; either version 2 of the License, or
#    (at your option) any later version.
#
#    This program is distributed in the hope that it will be useful,
#    but WITHOUT ANY WARRANTY; without even the implied warranty of
#    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
#    GNU General Public License for more details.
#
#    You should have received a copy of the GNU General Public License
#    along with this program; if not, write to the Free Software
#    Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
#
# Template system startup script for some example service/daemon mydns
#
# LSB compatible service control script; see http://www.linuxbase.org/spec/
#
# Note: This template uses functions rc_XXX defined in /etc/rc.status on
# UnitedLinux (UL) based Linux distributions. If you want to base your
# script on this template and ensure that it works on non UL based LSB
# compliant Linux distributions, you either have to provide the rc.status
# functions from UL or change the script to work without them.
#
### BEGIN INIT INFO
# Provides:          mydns
# Required-Start:    $syslog $remote_fs
# Should-Start: $time ypbind sendmail
# Required-Stop:     $syslog $remote_fs
# Should-Stop: $time ypbind sendmail
# Default-Start:     3 5
# Default-Stop:      0 1 2 6
# Short-Description: mydns XYZ daemon providing ZYX
# Description:       Start mydns to allow XY and provide YZ
#       continued on second line by '#<TAB>'
#       should contain enough info for the runlevel editor
#       to give admin some idea what this service does and
#       what it's needed for ...
#       (The Short-Description should already be a good hint.)
### END INIT INFO
#
# Any extensions to the keywords given above should be preceeded by
# X-VendorTag- (X-UnitedLinux- X-SuSE- for us) according to LSB.
#
# Notes on Required-Start/Should-Start:
# * There are two different issues that are solved by Required-Start
#    and Should-Start
# (a) Hard dependencies: This is used by the runlevel editor to determine
#     which services absolutely need to be started to make the start of
#     this service make sense. Example: nfsserver should have
#     Required-Start: $portmap
#     Also, required services are started before the dependent ones.
#     The runlevel editor will warn about such missing hard dependencies
#     and suggest enabling. During system startup, you may expect an error,
#     if the dependency is not fulfilled.
# (b) Specifying the init script ordering, not real (hard) dependencies.
#     This is needed by insserv to determine which service should be
#     started first (and at a later stage what services can be started
#     in parallel). The tag Should-Start: is used for this.
#     It tells, that if a service is available, it should be started
#     before. If not, never mind.
# * When specifying hard dependencies or ordering requirements, you can
#   use names of services (contents of their Provides: section)
#   or pseudo names starting with a $. The following ones are available
#   according to LSB (1.1):
#       $local_fs               all local file systems are mounted
#                               (most services should need this!)
#       $remote_fs              all remote file systems are mounted
#                               (note that /usr may be remote, so
#                                many services should Require this!)
#       $syslog                 system logging facility up
#       $network                low level networking (eth card, ...)
#       $named                  hostname resolution available
#       $netdaemons             all network daemons are running
#   The $netdaemons pseudo service has been removed in LSB 1.2.
#   For now, we still offer it for backward compatibility.
#   These are new (LSB 1.2):
#       $time                   the system time has been set correctly
#       $portmap                SunRPC portmapping service available
#   UnitedLinux extensions:
#       $ALL                    indicates that a script should be inserted
#                               at the end
# * The services specified in the stop tags
#   (Required-Stop/Should-Stop)
#   specify which services need to be still running when this service
#   is shut down. Often the entries there are just copies or a subset
#   from the respective start tag.
# * Should-Start/Stop are now part of LSB as of 2.0,
#   formerly SUSE/Unitedlinux used X-UnitedLinux-Should-Start/-Stop.
#   insserv does support both variants.
# * X-UnitedLinux-Default-Enabled: yes/no is used at installation time
#   (%fillup_and_insserv macro in %post of many RPMs) to specify whether
#   a startup script should default to be enabled after installation.
#   It's not used by insserv.
#
# Note on runlevels:
# 0 - halt/poweroff                     6 - reboot
# 1 - single user                       2 - multiuser without network exported
# 3 - multiuser w/ network (text mode)  5 - multiuser w/ network and X11 (xdm)
#
# Note on script names:
# http://www.linuxbase.org/spec/refspecs/LSB_1.3.0/gLSB/gLSB/scrptnames.html
# A registry has been set up to manage the init script namespace.
# http://www.lanana.org/
# Please use the names already registered or register one or use a
# vendor prefix.

# Check for missing binaries (stale symlinks should not happen)
# Note: Special treatment of stop for LSB conformance
MYDNS_BIN=/usr/sbin/mydns
test -x $MYDNS_BIN || { echo "$mydns_BIN not installed";
        if [ "$1" = "stop" ]; then exit 0;
        else exit 5; fi; }
# Check for existence of needed config file and read it
#MYDNS_CONFIG=/etc/sysconfig/mydns
#test -r $MYDNS_CONFIG || { echo "$mydns_CONFIG not existing";
#       if [ "$1" = "stop" ]; then exit 0;
#       else exit 6; fi; }

# Read config
#. $MYDNS_CONFIG
# Source LSB init functions
# providing start_daemon, killproc, pidofproc,
# log_success_msg, log_failure_msg and log_warning_msg.
# This is currently not used by UnitedLinux based distributions and
# not needed for init scripts for UnitedLinux only. If it is used,
# the functions from rc.status should not be sourced or used.
#. /lib/lsb/init-functions
# Shell functions sourced from /etc/rc.status:
#      rc_check         check and set local and overall rc status
#      rc_status        check and set local and overall rc status
#      rc_status -v     be verbose in local rc status and clear it afterwards
#      rc_status -v -r  ditto and clear both the local and overall rc status
#      rc_status -s     display "skipped" and exit with status 3
#      rc_status -u     display "unused" and exit with status 3
#      rc_failed        set local and overall rc status to failed
#      rc_failed <num>  set local and overall rc status to <num>
#      rc_reset         clear both the local and overall rc status
#      rc_exit          exit appropriate to overall rc status
#      rc_active        checks whether a service is activated by symlinks
. /etc/rc.status
# Reset status of this service
rc_reset
# Return values acc. to LSB for all commands but status:
# 0       - success
# 1       - generic or unspecified error
# 2       - invalid or excess argument(s)
# 3       - unimplemented feature (e.g. "reload")
# 4       - user had insufficient privileges
# 5       - program is not installed
# 6       - program is not configured
# 7       - program is not running
# 8--199  - reserved (8--99 LSB, 100--149 distrib, 150--199 appl)
#
# Note that starting an already running service, stopping
# or restarting a not-running service as well as the restart
# with force-reload (in case signaling is not supported) are
# considered a success.
case "$1" in
    start)
        echo -n "Starting mydns "
        ## Start daemon with startproc(8). If this fails
        ## the return value is set appropriately by startproc.
        startproc $MYDNS_BIN
        # Remember status and be verbose
        rc_status -v
        ;;
    stop)
        echo -n "Shutting down mydns "
        ## Stop daemon with killproc(8) and if this fails
        ## killproc sets the return value according to LSB.
        killproc -TERM $MYDNS_BIN
        # Remember status and be verbose
        rc_status -v
        ;;
    try-restart|condrestart)
        ## Do a restart only if the service was active before.
        ## Note: try-restart is now part of LSB (as of 1.9).
        ## RH has a similar command named condrestart.
        if test "$1" = "condrestart"; then
                echo "${attn} Use try-restart ${done}(LSB)${attn} rather than condrestart ${warn}(RH)${norm}"
        fi
        $0 status
        if test $? = 0; then
                $0 restart
        else
                rc_reset        # Not running is not a failure.
        fi
        # Remember status and be quiet
        rc_status
        ;;
    restart)
        ## Stop the service and regardless of whether it was
        ## running or not, start it again.
        $0 stop
        $0 start
        # Remember status and be quiet
        rc_status
        ;;
    force-reload)
        ## Signal the daemon to reload its config. Most daemons
        ## do this on signal 1 (SIGHUP).
        ## If it does not support it, restart.
        echo -n "Reload service mydns "
        ## if it supports it:
        killproc -HUP $MYDNS_BIN
        #touch /var/run/mydns.pid
        rc_status -v
        ## Otherwise:
        #$0 try-restart
        #rc_status
        ;;
    reload)
        ## Like force-reload, but if daemon does not support
        ## signaling, do nothing (!)
        # If it supports signaling:
        echo -n "Reload service mydns "
        killproc -HUP $MYDNS_BIN
        #touch /var/run/mydns.pid
        rc_status -v
        ## Otherwise if it does not support reload:
        #rc_failed 3
        #rc_status -v
        ;;
    status)
        echo -n "Checking for service mydns "
        ## Check status with checkproc(8), if process is running
        ## checkproc will return with exit status 0.
        # Return value is slightly different for the status command:
        # 0 - service up and running
        # 1 - service dead, but /var/run/  pid  file exists
        # 2 - service dead, but /var/lock/ lock file exists
        # 3 - service not running (unused)
        # 4 - service status unknown :-(
        # 5--199 reserved (5--99 LSB, 100--149 distro, 150--199 appl.)
        # NOTE: checkproc returns LSB compliant status values.
        checkproc $MYDNS_BIN
        # NOTE: rc_status knows that we called this init script with
        # "status" option and adapts its messages accordingly.
        rc_status -v
        ;;
    probe)
        ## Optional: Probe for the necessity of a reload, print out the
        ## argument to this init script which is required for a reload.
        ## Note: probe is not (yet) part of LSB (as of 1.9)
        test /etc/mydns/mydns.conf -nt /var/run/mydns.pid && echo reload
        ;;
    *)
        echo "Usage: $0 {start|stop|status|try-restart|restart|force-reload|reload|probe}"
        exit 1
        ;;
esac
rc_exit

Make the init script executable…

chmod 755 /etc/init.d/mydns

… and create the system startup links for MyDNS:

chkconfig –add mydns

 

13 Install vlogger and Webalizer

cd /tmp
wget http://n0rp.chemlab.org/vlogger/vlogger-1.3.tar.gz
tar xvfz vlogger-1.3.tar.gz
mv vlogger-1.3/vlogger /usr/sbin/
rm -rf vlogger*
yast2 -i webalizer perl-DateManip

 

14 Install fail2ban

rpm -i http://download.opensuse.org/repositories/home:/kolbma/openSUSE_11.1/x86_64/fail2ban-0.8.4-2.1.x86_64.rpm

Warnings like warning: /var/tmp/rpm-xfer.SCm0TM: Header V3 DSA signature: NOKEY, key ID 5b00c76e can be ignored.

 

15 Install jailkit

cd /tmp
wget http://olivier.sessink.nl/jailkit/jailkit-2.10.tar.gz
tar xvfz jailkit-2.10.tar.gz
cd jailkit-2.10
./configure
make
make install
cd ..
rm -rf jailkit-2.10*

 

16 Synchronize the System Clock

If you want to have the system clock synchronized with an NTP server do the following:

yast2 -i xntp

Then add system startup links for ntp and start ntp:

chkconfig –add ntp
/etc/init.d/ntp start

17 ISPConfig 3

Download the current ISPConfig version and install it. The ISPConfig installer will configure all services like postfix, sasl, courier, etc. for you. A manual setup as required for ISPConfig 2 is not necessary anymore.

cd /tmp
wget http://downloads.sourceforge.net/ispconfig/ISPConfig-3.0.1.6.tar.gz?use_mirror=
tar xvfz ISPConfig-3.0.1.6.tar.gz
cd ispconfig3_install/install/

Now start the installation process by executing:

php -q install.php

server1:/tmp/ispconfig3_install/install # php -q install.php

——————————————————————————–
_____ ___________   _____              __ _
|_   _/  ___| ___ \ /  __ \            / _(_)
| | \ `–.| |_/ / | /  \/ ___  _ __ | |_ _  __ _
| |  `–. \  __/  | |    / _ \| ‘_ \|  _| |/ _` |
_| |_/\__/ / |     | \__/\ (_) | | | | | | | (_| |
\___/\____/\_|      \____/\___/|_| |_|_| |_|\__, |
__/ |
|___/
——————————————————————————–

>> Initial configuration

Operating System: openSUSE 11.2 or compatible

Following will be a few questions for primary configuration so be careful.
Default values are in [brackets] and can be accepted with <ENTER>.
Tap in “quit” (without the quotes) to stop the installer.

Select language (en,de) [en]: <– ENTER

Installation mode (standard,expert) [standard]: <– ENTER

Full qualified hostname (FQDN) of the server, eg server1.domain.tld  [server1.example.com]: <– ENTER

MySQL server hostname [localhost]: <– ENTER

MySQL root username [root]: <– ENTER

MySQL root password []: <– yourrootsqlpassword

MySQL database to create [dbispconfig]: <– ENTER

MySQL charset [utf8]: <– ENTER

Generating a 2048 bit RSA private key
…………………+++
…………..+++
writing new private key to ‘smtpd.key’
—–
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter ‘.’, the field will be left blank.
—–
Country Name (2 letter code) [AU]:
 <– ENTER
State or Province Name (full name) [Some-State]: <– ENTER
Locality Name (eg, city) []: <– ENTER
Organization Name (eg, company) [Internet Widgits Pty Ltd]: <– ENTER
Organizational Unit Name (eg, section) []: <– ENTER
Common Name (eg, YOUR name) []: <– ENTER
Email Address []: <– ENTER
Configuring Jailkit
Configuring SASL
Configuring PAM
Configuring Courier
Configuring Spamassassin
Configuring Amavisd
Configuring Getmail
Configuring Pureftpd
Configuring MyDNS
Configuring Apache
Configuring vlogger
Configuring Firewall
Installing ISPConfig
ISPConfig Port [8080]:
 <– ENTER

Configuring DBServer
Installing Crontab
no crontab for root
no crontab for getmail
Restarting services …
Restarting service MySQL
Shutting down service MySQL ..done
Starting service MySQL ..done
Shutting down mail service (Postfix)..done
Starting mail service (Postfix)..done
Shutting down service saslauthd..done
Starting service saslauthd..done
Waiting for the process [1836] to terminate
Waiting for the process [1836] to terminate
Waiting for the process [1836] to terminate
Waiting for the process [1836] to terminate
Daemon [1836] terminated by SIGTERM
Shutting down virus-scanner (amavisd-new): ..done
Starting virus-scanner (amavisd-new): ..done
Shutting down Clam AntiVirus daemon ..done
Starting Clam AntiVirus daemon ..done
Shutting down Courier Authentication Daemon ..done
Starting Courier Authentication Daemon ..done
Shutting down Courier-IMAP ..done
Starting Courier-IMAP ..done
Shutting down Courier-IMAP (SSL)..done
Starting Courier-IMAP (SSL) generating-SSL-certificate…..done
Shutting down Courier-POP3 ..done
Starting Courier-POP3 ..done
Shutting down Courier-POP3 (SSL)..done
Starting Courier-POP3 (SSL) generating-SSL-certificate…..done
Syntax OK
Shutting down httpd2 (waiting for all children to terminate) ..done
Starting httpd2 (prefork) ..done
Shutting down pure-ftpd..done
Starting pure-ftpd..done
Installation completed.
server1:/tmp/ispconfig3_install/install #

Create a symlink for phpMyAdmin:

ln -s /srv/www/htdocs/phpMyAdmin /usr/local/ispconfig/interface/web/phpmyadmin

Cleanup the /tmp directory:

rm -rf /tmp/ispconfig3_install
rm -f /tmp/ISPConfig-3.0.1.6.tar.gz

To log in to the ISPConfig control panel, open this URL in your browser (replace the IP to match your settings!):

http://192.168.0.100:8080/

The default login is:

user: admin
password: admin

 

17.1 ISPConfig 3 Manual

 

18 Optional

Install a web-based email client:

rpm -i http://download.opensuse.org/repositories/server:/php:/applications/openSUSE_11.2/noarch/squirrelmail-1.4.19-4.1.noarch.rpm
ln -s /srv/www/htdocs/squirrelmail /usr/local/ispconfig/interface/web/webmail

 

19 Disable AppArmor

AppArmor is a security extension of SUSE (similar to Fedora’s SELinux) that should provide extended security. In my opinion you don’t need it to configure a secure system, and it usually causes more problems than advantages (think of it after you have done a week of trouble-shooting because some service wasn’t working as expected, and then you find out that everything was ok, only AppArmor was causing the problem). Therefore I disable it (this is a must if you want to install ISPConfig later on).

We can disable it like this:

/etc/init.d/boot.apparmor stop
chkconfig -d boot.apparmor

 

  • OpenSUSE: http://www.opensuse.org/
  • ISPConfig: http://www.ispconfig.org/

 

 

 

Comments

comments