Cheap VPS & Xen Server

Residential Proxy Network - Hourly & Monthly Packages

The Perfect Server – OpenSUSE 12.1 x86_64 With Apache2 [ISPConfig 3]


This is a detailed description about how to set up an OpenSUSE 12.1 64bit (x86_64) server that offers all services needed by ISPs and hosters: Apache web server (SSL-capable) with PHP, CGI and SSI support, Postfix mail server with SMTP-AUTH, TLS and virtual mail users, BIND DNS server, Pureftpd FTP server, MySQL server, Dovecot POP3/IMAP, Quota, Firewall, Mailman, etc. Since version 3.0.4, ISPConfig comes with full support for the nginx web server in addition to Apache; this tutorial covers the setup of a server that uses Apache, not nginx.

I will use the following software:

  • Web Server: Apache 2.2 with PHP 5
  • Database Server: MySQL
  • Mail Server: Postfix with virtual users
  • DNS Server: BIND
  • FTP Server: pureftpd
  • POP3/IMAP: Dovecot
  • Webalizer and AWStats for web site statistics

In the end you should have a system that works reliably and is easily manageable with the ISPConfig 3 control panel. The following guide is for the 64bit version of OpenSUSE.

I want to say first that this is not the only way of setting up such a system. There are many ways of achieving this goal but this is the way I take. I do not issue any guarantee that this will work for you!

Notice: This guide is for ISPConfig 3.0.1 or newer. It is not suitable for ISPConfig 2.x!

 

1 Requirements

To install such a system you will need the following:

  • The OpenSUSE 12.1 DVD. You can download it here: http://download.opensuse.org/distribution/12.1/iso/openSUSE-12.1-DVD-x86_64.iso
  • A fast Internet connection…

2 Preliminary Note

In this tutorial I use the hostname server1.example.com with the IP address 192.168.0.100 and the gateway 192.168.0.1. These settings might differ for you, so you have to replace them where appropriate.

 

3 The Base System

Boot from your OpenSUSE 12.1 DVD and select Installation:

1

Select your language, keyboard layout and accept the licence terms:

2

The installer analyzes your hardware and builds the software repository cache:

3

Select New Installation:

4

Select the region and timezone:

5

We select Other > Minimal Server Selection (Text Mode) here as we want to install a server without X-Window desktop. The X-Window system is not necessary to run the server and would slow down the system. We will do all administration tasks on the shell or through an SSH connection, e.g. via PuTTY from a remote desktop.

6

Click on Edit Partition Setup… to change the proposed partitions. As this is a server setup, we need a large /srv partition instead of the /home partition:

7

Select /dev/sda3 and click on Edit…:

8

Change the Mount Point to /srv and click on Finish:

9

Click on Accept:

10

Click on Next:

11

Now I create a user named administrator. You may use any username you like. Make sure that you disable the Automatic Login checkbox for this user. The password that you enter here will be used as the root password:

12

The installer shows an overview of the selected install options. Scroll down to the Firewall and SSH section and enable SSH…

13

… and then disable the firewall (ISPConfig 3 comes with its own firewall):

14

Click on Install to start the installation process:

15

Confirm that you want to start the installation:

16

The installer formats the hard disk, installs the software packages and prepares the system configuration for the first boot:

17

After the basic installation is finished, the system will do an automatic reboot:

18

The automatic configuration starts right after the system has rebooted:

19

Now log in with the username root and the password that you selected during the installation.

4 Configure The Network Settings

We use Yast, the OpenSuSE system management tool to reconfigure the network card settings. After the first boot, the system is configured to get the IP address with DHCP. For a server we will switch it to a static IP address.

Run

yast2

Select Network Devices > Network Settings:

20

Select your network card and then Edit:

21

Select Statically assigned IP Address and enter the IP address, subnet mask and hostname and save the changes by selecting Next:

22

Now select Hostname/DNS and enter the hostname (e.g. server1.example.com) and nameservers (e.g. 145.253.2.75 and 8.8.8.8):

23

 

Now select Routing and enter the default gateway and hit OK:

24

To configure the firewall (in case you didn’t configure it during the basic installation), select Security and Users > Firewall in Yast:

25

I want to install ISPConfig at the end of this tutorial which comes with its own firewall. That’s why I disable the default OpenSUSE firewall now. Of course, you are free to leave it on and configure it to your needs (but then you shouldn’t use any other firewall later on as it will most probably interfere with the OpenSUSE firewall).

Select Disable Firewall Automatic Starting and Stop Firewall Now, then hit Next:

26

Hit Finish and leave Yast:

27

Afterwards, you should check with

ifconfig

if your network configuration is correct. If it isn’t (for example, if eth0 is missing), reboot the system…

reboot

… and check your network configuration again afterwards – it should now be correct.

 

5 Install Updates

Now we install the latest updates from the openSUSE repositories. Run

zypper update

And then reboot the server as you most likely installed some kernel updates, too:

reboot

 

6 Install Some Basic Packages

Run

yast2 -i findutils readline glibc-devel findutils-locate gcc flex lynx compat-readline4 db-devel wget gcc-c++ subversion make vim telnet cron iptables iputils man man-pages nano pico sudo perl-TimeDate

 

7 Journaled Quota

To install quota, run

yast2 -i quota

Edit /etc/fstab to look like this (I added ,usrjquota=aquota.user,grpjquota=aquota.group,jqfmt=vfsv0 to the mountpoints / and /srv):

vi /etc/fstab

/dev/sda1            swap                 swap       defaults              0 0
/dev/sda2            /                    ext4       acl,user_xattr,usrjquota=aquota.user,grpjquota=aquota.group,jqfmt=vfsv0        1 1
/dev/sda3            /srv                 ext4       acl,user_xattr,usrjquota=aquota.user,grpjquota=aquota.group,jqfmt=vfsv0        1 2
proc                 /proc                proc       defaults              0 0
sysfs                /sys                 sysfs      noauto                0 0
debugfs              /sys/kernel/debug    debugfs    noauto                0 0
devpts               /dev/pts             devpts     mode=0620,gid=5       0 0

Then run:

mount -o remount /
mount -o remount /srv

quotacheck -avugm
quotaon -avug

Dont be worried if you see these error messages – they are normal when you run quotacheck for the first time:

server1:~ # quotacheck -avugm
quotacheck: Scanning /dev/sda2 [/] done
quotacheck: Cannot stat old user quota file: No such file or directory
quotacheck: Cannot stat old group quota file: No such file or directory
quotacheck: Cannot stat old user quota file: No such file or directory
quotacheck: Cannot stat old group quota file: No such file or directory
quotacheck: Checked 3872 directories and 32991 files
quotacheck: Old file not found.
quotacheck: Old file not found.
quotacheck: Scanning /dev/sda3 [/srv] done
quotacheck: Cannot stat old user quota file: No such file or directory
quotacheck: Cannot stat old group quota file: No such file or directory
quotacheck: Cannot stat old user quota file: No such file or directory
quotacheck: Cannot stat old group quota file: No such file or directory
quotacheck: Checked 6 directories and 0 files
quotacheck: Old file not found.
quotacheck: Old file not found.
server1:~ #

8 Install Postfix, Dovecot, MySQL

Run

yast2 -i postfix postfix-mysql mysql mysql-community-server mysql-client libmysqlclient-devel dovecot12 dovecot12-backend-mysql pwgen cron python

If you get the error patterns-openSUSE-minimal_base-conflicts-12.1-25.21.1.x86_64 conflicts with python provided by python-2.7.2-7.1.3.x86_64, select the option deinstallation of patterns-openSUSE-minimal_base-conflicts-12.1-25.21.1.x86_64 and hit OK — Try Again:

28

Hit Accept on the next screen…

29

… and finally OK:

30

Open /etc/postfix/master.cf

vi /etc/postfix/master.cf

… and uncomment the following line:

[...]
tlsmgr    unix  -       -       n       1000?   1       tlsmgr
[...]

Create the following symlink:

ln -s /usr/lib64/dovecot/modules /usr/lib/dovecot

Start MySQL, Postfix, and Dovecot and enable the services to be started at boot time.

systemctl enable mysql.service
systemctl start mysql.service

systemctl enable postfix.service
systemctl start postfix.service

systemctl enable dovecot.service
systemctl start dovecot.service

Now I install the getmail package:

yast2 -i getmail

To secure the MySQL installation, run:

mysql_secure_installation

Now you will be asked several questions:

server1:~ # mysql_secure_installation

NOTE: RUNNING ALL PARTS OF THIS SCRIPT IS RECOMMENDED FOR ALL MySQL
SERVERS IN PRODUCTION USE!  PLEASE READ EACH STEP CAREFULLY!

In order to log into MySQL to secure it, we’ll need the current
password for the root user.  If you’ve just installed MySQL, and
you haven’t set the root password yet, the password will be blank,
so you should just press enter here.

Enter current password for root (enter for none): <– ENTER
OK, successfully used password, moving on…

Setting the root password ensures that nobody can log into the MySQL
root user without the proper authorisation.

Set root password? [Y/n] <– Y
New password: <– yourrootsqlpassword
Re-enter new password: <– yourrootsqlpassword
Password updated successfully!
Reloading privilege tables..
… Success!

By default, a MySQL installation has an anonymous user, allowing anyone
to log into MySQL without having to have a user account created for
them.  This is intended only for testing, and to make the installation
go a bit smoother.  You should remove them before moving into a
production environment.

Remove anonymous users? [Y/n] <– Y
 … Success!

Normally, root should only be allowed to connect from ‘localhost’.  This
ensures that someone cannot guess at the root password from the network.

Disallow root login remotely? [Y/n] <– Y
… Success!

By default, MySQL comes with a database named ‘test’ that anyone can
access.  This is also intended only for testing, and should be removed
before moving into a production environment.

Remove test database and access to it? [Y/n] <– Y
 – Dropping test database…
… Success!
– Removing privileges on test database…
… Success!

Reloading the privilege tables will ensure that all changes made so far
will take effect immediately.

Reload privilege tables now? [Y/n] <– Y
 … Success!

Cleaning up…

All done!  If you’ve completed all of the above steps, your MySQL
installation should now be secure.

Thanks for using MySQL!

server1:~ #

Now your MySQL setup should be secured.

 

9 Amavisd-new, Spamassassin And Clamav

Install Amavisd-new, Spamassassin and Clamav antivirus. Run

yast2 -i amavisd-new clamav clamav-db zoo unzip unrar bzip2 unarj perl-DBD-mysql

Open /etc/amavisd.conf

vi /etc/amavisd.conf

… and add the $myhostname line with your correct hostname below the $mydomain line:

[...]
$mydomain = 'example.com';   # a convenient default for other settings
$myhostname = "server1.$mydomain";
[...]

Then create a symlink from /var/run/clamav/clamd to /var/lib/clamav/clamd-socket:

mkdir -p /var/run/clamav
ln -s /var/lib/clamav/clamd-socket /var/run/clamav/clamd

OpenSUSE 12.1 has a /run directory for storing runtime data. /run is now a tmpfs, and /var/run is now bind mounted to /run from tmpfs, and hence emptied on reboot.

This means that after a reboot, the directory /var/run/clamav that we have just created will not exist anymore, and therefore clamd will fail to start. Therefore we create the file /etc/tmpfiles.d/clamav.conf now that will create this directory at system startup (see http://0pointer.de/public/systemd-man/tmpfiles.d.html for more details):

vi /etc/tmpfiles.d/clamav.conf

D /var/run/clamav 0755 root root -

Before we start amavisd and clamd, we must edit the /etc/init.d/amavis init script – I wasn’t able to reliably start, stop and restart amavisd with the default init script:

vi /etc/init.d/amavis

Comment out the following lines in the start and stop section:

[...]
    start)
        # ZMI 20100428 check for stale pid file
        #if test -f $AMAVIS_PID ; then
        #       checkproc -p $AMAVIS_PID amavisd
        #       if test $? -ge 1 ; then
        #               # pid file is stale, remove it
        #               echo -n "(stale amavisd pid file $AMAVIS_PID found, removing. Did amavisd crash?)"
        #               rm -f $AMAVIS_PID
        #       fi
        #fi
        echo -n "Starting virus-scanner (amavisd-new): "
        $AMAVISD_BIN start
        #if ! checkproc amavisd; then
        #    rc_failed 7
        #fi
        rc_status -v
        #if [ "$AMAVIS_SENDMAIL_MILTER" == "yes" ]; then
        #    rc_reset
        #    echo -n "Starting amavis-milter:"
        #    startproc -u vscan $AMAVIS_MILTER_BIN -p $AMAVIS_MILTER_SOCK > /dev/null 2>&1
        #    rc_status -v
        #fi
        ;;
    stop)
        echo -n "Shutting down virus-scanner (amavisd-new): "
        #if checkproc amavisd; then
        #    rc_reset
            $AMAVISD_BIN stop
        #else
        #    rc_reset
        #fi
        rc_status -v
        #if [ "$AMAVIS_SENDMAIL_MILTER" == "yes" ]; then
        #    rc_reset
        #    echo -n "Shutting down amavis-milter: "
        #    killproc -TERM $AMAVIS_MILTER_BIN
        #    rc_status -v
        #fi
        ;;
[...]

Because we have changed the init script, we must run

systemctl –system daemon-reload

now.

To enable the services, run:

systemctl enable amavis.service
systemctl enable clamd.service
systemctl start amavis.service
systemctl start clamd.service

 

10 Install The Apache 2 Webserver With PHP5, Ruby, Python, WebDAV

Install Apache2 and suphp. Run:

yast2 -i apache2 apache2-mod_fcgid

Install PHP5:

yast2 -i php5-bcmath php5-bz2 php5-calendar php5-ctype php5-curl php5-dom php5-ftp php5-gd php5-gettext php5-gmp php5-iconv php5-imap php5-ldap php5-mbstring php5-mcrypt php5-mysql php5-odbc php5-openssl php5-pcntl php5-pgsql php5-posix php5-shmop php5-snmp php5-soap php5-sockets php5-sqlite php5-sysvsem php5-tokenizer php5-wddx php5-xmlrpc php5-xsl php5-zlib php5-exif php5-fastcgi php5-pear php5-sysvmsg php5-sysvshm ImageMagick curl apache2-mod_php5

zypper install http://download.opensuse.org/repositories/server:/php/openSUSE_12.1/x86_64/suphp-0.7.1-3.3.x86_64.rpm

Then run these commands to enable the Apache modules (including WebDAV):

a2enmod suexec
a2enmod rewrite
a2enmod ssl
a2enmod actions
a2enmod suphp
a2enmod fcgid
a2enmod dav
a2enmod dav_fs
a2enmod dav_lock
chown root:www /usr/sbin/suexec2
chmod 4755 /usr/sbin/suexec2

a2enflag SSL

Next we build the mod_ruby Apache module (it is not available as an OpenSUSE 12.1 package, therefore we have to build it ourselves):

yast2 -i apache2-devel ruby ruby-devel

cd /tmp
wget http://modruby.net/archive/mod_ruby-1.3.0.tar.gz
tar zxvf mod_ruby-1.3.0.tar.gz
cd mod_ruby-1.3.0/
./configure.rb –with-apr-includes=/usr/include/apr-1
make
make install

a2enmod ruby

To add Python support, run:

yast2 -i apache2-mod_python

a2enmod python

Next we install phpMyAdmin:

yast2 -i phpMyAdmin

To make sure that we can access phpMyAdmin from all websites created through ISPConfig later on by using /phpmyadmin (e.g. http://www.example.com/phpmyadmin) and /phpMyAdmin (e.g. http://www.example.com/phpMyAdmin), open /etc/apache2/conf.d/phpMyAdmin.conf

vi /etc/apache2/conf.d/phpMyAdmin.conf

… and add the following two aliases right at the beginning:

Alias /phpMyAdmin /srv/www/htdocs/phpMyAdmin
Alias /phpmyadmin /srv/www/htdocs/phpMyAdmin
[...]

Start Apache:

systemctl enable apache2.service
systemctl start apache2.service

11 Mailman

Since version 3.0.4, ISPConfig also allows you to manage (create/modify/delete) Mailman mailing lists. If you want to make use of this feature, install Mailman as follows:

yast2 -i mailman

Before we can start Mailman, a first mailing list called mailman must be created:

/usr/lib/mailman/bin/newlist mailman

server1:~ # /usr/lib/mailman/bin/newlist mailman
Enter the email of the person running the list:
<– admin email address, e.g. info@example.com
Initial mailman password: <– admin password for the mailman list
Hit enter to notify mailman owner… <– ENTER

server1:~ #

Create the system startup links for Mailman…

systemctl enable mailman.service

… and start it:

systemctl start mailman.service

Next restart Postfix:

systemctl restart postfix.service

To enable the Mailman Apache configuration, run…

a2enflag MAILMAN

… and restart Apache:

systemctl restart apache2.service

After you have installed ISPConfig 3, you can access Mailman as follows:

You can use the alias /mailman for all Apache vhosts (please note that suExec must be disabled for all vhosts from which you want to access Mailman!), which means you can access the Mailman admin interface for a list at http://<vhost>/mailman/admin/<listname>, and the web page for users of a mailing list can be found at http://<vhost>/mailman/listinfo/<listname>.

Under http://<vhost>/pipermail/<listname> you can find the mailing list archives.

 

12 Install PureFTPd

Install the pure-ftpd FTP daemon. Run:

yast2 -i pure-ftpd

systemctl enable pure-ftpd.service
systemctl start pure-ftpd.service

Now we configure PureFTPd to allow FTP and TLS sessions. FTP is a very insecure protocol because all passwords and all data are transferred in clear text. By using TLS, the whole communication can be encrypted, thus making FTP much more secure.

OpenSSL is needed by TLS; to install OpenSSL, we simply run:

yast2 -i openssl

Open /etc/pure-ftpd/pure-ftpd.conf

vi /etc/pure-ftpd/pure-ftpd.conf

If you want to allow FTP and TLS sessions, set TLS to 1:

[...]
# This option can accept three values :
# 0 : disable SSL/TLS encryption layer (default).
# 1 : accept both traditional and encrypted sessions.
# 2 : refuse connections that don't use SSL/TLS security mechanisms,
#     including anonymous sessions.
# Do _not_ uncomment this blindly. Be sure that :
# 1) Your server has been compiled with SSL/TLS support (--with-tls),
# 2) A valid certificate is in place,
# 3) Only compatible clients will log in.

TLS                      1
[...]

If you want to accept TLS sessions only (no FTP), set TLS to 2:

[...]
# This option can accept three values :
# 0 : disable SSL/TLS encryption layer (default).
# 1 : accept both traditional and encrypted sessions.
# 2 : refuse connections that don't use SSL/TLS security mechanisms,
#     including anonymous sessions.
# Do _not_ uncomment this blindly. Be sure that :
# 1) Your server has been compiled with SSL/TLS support (--with-tls),
# 2) A valid certificate is in place,
# 3) Only compatible clients will log in.

TLS                      2
[...]

To not allow TLS at all (only FTP), set TLS to 0:

[...]
# This option can accept three values :
# 0 : disable SSL/TLS encryption layer (default).
# 1 : accept both traditional and encrypted sessions.
# 2 : refuse connections that don't use SSL/TLS security mechanisms,
#     including anonymous sessions.
# Do _not_ uncomment this blindly. Be sure that :
# 1) Your server has been compiled with SSL/TLS support (--with-tls),
# 2) A valid certificate is in place,
# 3) Only compatible clients will log in.

TLS                      0
[...]

In order to use TLS, we must create an SSL certificate. I create it in /etc/ssl/private/, therefore I create that directory first:

mkdir -p /etc/ssl/private/

Afterwards, we can generate the SSL certificate as follows:

openssl req -x509 -nodes -days 7300 -newkey rsa:2048 -keyout /etc/ssl/private/pure-ftpd.pem -out /etc/ssl/private/pure-ftpd.pem

Country Name (2 letter code) [AU]: <– Enter your Country Name (e.g., “DE”).
State or Province Name (full name) [Some-State]:
<– Enter your State or Province Name.
Locality Name (eg, city) []:
<– Enter your City.
Organization Name (eg, company) [Internet Widgits Pty Ltd]:
<– Enter your Organization Name (e.g., the name of your company).
Organizational Unit Name (eg, section) []:
<– Enter your Organizational Unit Name (e.g. “IT Department”).
Common Name (eg, YOUR name) []:
<– Enter the Fully Qualified Domain Name of the system (e.g. “server1.example.com”).
Email Address []:
<– Enter your Email Address.

Change the permissions of the SSL certificate:

chmod 600 /etc/ssl/private/pure-ftpd.pem

Finally restart PureFTPd:

systemctl restart pure-ftpd.service

That’s it. You can now try to connect using your FTP client; however, you should configure your FTP client to use TLS – see the next chapter how to do this with FileZilla.

 

13 Install BIND

The BIND nameserver can be installed as follows:

yast2 -i bind

Create the BIND system startup links and start it:

systemctl enable named.service
systemctl start named.service

 

14 Install Webalizer And AWStats

Since ISPConfig 3 lets you choose if you want to use Webalizer or AWStats to create your web site statistics, we install both (at the time of this writing, there was no AWStats package for OpenSUSE 12.1, therefore I install the one for OpenSUSE 11.4):

yast2 -i webalizer perl-DateManip

zypper install http://download.opensuse.org/repositories/network:/utilities/openSUSE_11.4/noarch/awstats-7.0-14.1.noarch.rpm

 

15 Install fail2ban

fail2ban can be installed as follows:

yast2 -i fail2ban

 

16 Install Jailkit

Jailkit can be installed like this:

zypper install http://download.opensuse.org/repositories/security/openSUSE_12.1/x86_64/jailkit-2.13-1.1.x86_64.rpm

 

17 Synchronize The System Clock

If you want to have the system clock synchronized with an NTP server do the following:

yast2 -i xntp

Then add system startup links for ntp and start ntp:

systemctl enable ntp.service
systemctl start ntp.service

 

18 Install rkhunter

rkhunter can be installed as follows:

yast2 -i rkhunter

19 Install SquirrelMail

To install the SquirrelMail webmail client, run:

yast2 -i squirrelmail-beta

Next we create the aliases /webmail and /squirrelmail right at the beginning of /etc/apache2/conf.d/squirrelmail.conf so that SquirrelMail can be accessed from any vhost (e.g. http://www.example.com/webmail or http://www.example.com/squirrelmail):

vi /etc/apache2/conf.d/squirrelmail.conf

Alias /squirrelmail /srv/www/htdocs/squirrelmail
Alias /webmail /srv/www/htdocs/squirrelmail
[...]

Next we create the directory /srv/www/htdocs/squirrelmail/data and give it sufficient permissions so that the www group can write to it:

mkdir /srv/www/htdocs/squirrelmail/data
chown root:www /srv/www/htdocs/squirrelmail/data
chmod 770 /srv/www/htdocs/squirrelmail/data

Then restart Apache:

systemctl restart apache2.service

Then configure SquirrelMail:

/srv/www/htdocs/squirrelmail/config/conf.pl

We must tell SquirrelMail that we are using Dovecot:

WARNING:
The file “config/config.php” was found, but it is for
an older version of SquirrelMail. It is possible to still
read the defaults from this file but be warned that many
preferences change between versions. It is recommended that
you start with a clean config.php for each upgrade that you
do. To do this, just move config/config.php out of the way.

Continue loading with the old config.php [y/N]? <– y

Do you want me to stop warning you [y/N]? <– y

SquirrelMail Configuration : Read: config.php (1.5.0)
———————————————————
Main Menu —
1.  Organization Preferences
2.  Server Settings
3.  Folder Defaults
4.  General Options
5.  User Interface
6.  Address Books
7.  Message of the Day (MOTD)
8.  Plugins
9.  Database
10. Language settings
11. Tweaks

D.  Set pre-defined settings for specific IMAP servers

C   Turn color on
S   Save data
Q   Quit

Command >> <– D

SquirrelMail Configuration : Read: config.php
———————————————————
While we have been building SquirrelMail, we have discovered some
preferences that work better with some servers that don’t work so
well with others.  If you select your IMAP server, this option will
set some pre-defined settings for that server.

Please note that you will still need to go through and make sure
everything is correct.  This does not change everything.  There are
only a few settings that this will change.

Please select your IMAP server:
bincimap    = Binc IMAP server
courier     = Courier IMAP server
cyrus       = Cyrus IMAP server
dovecot     = Dovecot Secure IMAP server
exchange    = Microsoft Exchange IMAP server
hmailserver = hMailServer
macosx      = Mac OS X Mailserver
mercury32   = Mercury/32
uw          = University of Washington’s IMAP server
gmail       = IMAP access to Google mail (Gmail) accounts

quit        = Do not change anything

Command >> <– dovecot

SquirrelMail Configuration : Read: config.php
———————————————————
While we have been building SquirrelMail, we have discovered some
preferences that work better with some servers that don’t work so
well with others.  If you select your IMAP server, this option will
set some pre-defined settings for that server.

Please note that you will still need to go through and make sure
everything is correct.  This does not change everything.  There are
only a few settings that this will change.

Please select your IMAP server:
bincimap    = Binc IMAP server
courier     = Courier IMAP server
cyrus       = Cyrus IMAP server
dovecot     = Dovecot Secure IMAP server
exchange    = Microsoft Exchange IMAP server
hmailserver = hMailServer
macosx      = Mac OS X Mailserver
mercury32   = Mercury/32
uw          = University of Washington’s IMAP server
gmail       = IMAP access to Google mail (Gmail) accounts

quit        = Do not change anything

Command >> dovecot

imap_server_type = dovecot
default_folder_prefix = <none>
trash_folder = Trash
sent_folder = Sent
draft_folder = Drafts
show_prefix_option = false
default_sub_of_inbox = false
show_contain_subfolders_option = false
optional_delimiter = detect
delete_folder = false
force_username_lowercase = true

Press enter to continue… <– ENTER

SquirrelMail Configuration : Read: config.php (1.5.0)
———————————————————
Main Menu —
1.  Organization Preferences
2.  Server Settings
3.  Folder Defaults
4.  General Options
5.  User Interface
6.  Address Books
7.  Message of the Day (MOTD)
8.  Plugins
9.  Database
10. Language settings
11. Tweaks

D.  Set pre-defined settings for specific IMAP servers

C   Turn color on
S   Save data
Q   Quit

Command >> <– S

SquirrelMail Configuration : Read: config.php (1.5.0)
———————————————————
Main Menu —
1.  Organization Preferences
2.  Server Settings
3.  Folder Defaults
4.  General Options
5.  User Interface
6.  Address Books
7.  Message of the Day (MOTD)
8.  Plugins
9.  Database
10. Language settings
11. Tweaks

D.  Set pre-defined settings for specific IMAP servers

C   Turn color on
S   Save data
Q   Quit

Command >> S

Data saved in config.php

Done activating plugins; registration data saved in plugin_hooks.php

Press enter to continue… <– ENTER

SquirrelMail Configuration : Read: config.php (1.5.0)
———————————————————
Main Menu —
1.  Organization Preferences
2.  Server Settings
3.  Folder Defaults
4.  General Options
5.  User Interface
6.  Address Books
7.  Message of the Day (MOTD)
8.  Plugins
9.  Database
10. Language settings
11. Tweaks

D.  Set pre-defined settings for specific IMAP servers

C   Turn color on
S   Save data
Q   Quit

Command >> <– Q

After you have created a website in ISPConfig, you can access SquirrelMail using the /webmail or /squirrelmail aliases:

36

20 ISPConfig 3

Before we install ISPConfig 3, make sure that the /var/vmail/ directory exists:

mkdir /var/vmail/

Download the current ISPConfig 3 version and install it. The ISPConfig installer will configure all services like Postfix, Dovecot, etc. for you. A manual setup as required for ISPConfig 2 is not necessary anymore.

You now also have the possibility to let the installer create an SSL vhost for the ISPConfig control panel, so that ISPConfig can be accessed using https:// instead of http://. To achieve this, just press ENTER when you see this question: Do you want a secure (SSL) connection to the ISPConfig web interface (y,n) [y]:.

cd /tmp
wget http://www.ispconfig.org/downloads/ISPConfig-3-stable.tar.gz
tar xfz ISPConfig-3-stable.tar.gz
cd ispconfig3_install/install/

Now start the installation process by executing:

php -q install.php

server1:/tmp/ispconfig3_install/install # php -q install.php

——————————————————————————–
_____ ___________   _____              __ _         ____
|_   _/  ___| ___ \ /  __ \            / _(_)       /__  \
| | \ `–.| |_/ / | /  \/ ___  _ __ | |_ _  __ _    _/ /
| |  `–. \  __/  | |    / _ \| ‘_ \|  _| |/ _` |  |_ |
_| |_/\__/ / |     | \__/\ (_) | | | | | | | (_| | ___\ \
\___/\____/\_|      \____/\___/|_| |_|_| |_|\__, | \____/
__/ |
|___/
——————————————————————————–

>> Initial configuration

Operating System: openSUSE or compatible, unknown version.

Following will be a few questions for primary configuration so be careful.
Default values are in [brackets] and can be accepted with <ENTER>.
Tap in “quit” (without the quotes) to stop the installer.

Select language (en,de) [en]: <– ENTER

Installation mode (standard,expert) [standard]: <– ENTER

Full qualified hostname (FQDN) of the server, eg server1.domain.tld  [server1.example.com]: <– ENTER

MySQL server hostname [localhost]: <– ENTER

MySQL root username [root]: <– ENTER

MySQL root password []: <– yourrootsqlpassword

MySQL database to create [dbispconfig]: <– ENTER

MySQL charset [utf8]: <– ENTER

Generating a 2048 bit RSA private key
……………………………………………….+++
………………………………………….+++
writing new private key to ‘smtpd.key’
—–
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter ‘.’, the field will be left blank.
—–
Country Name (2 letter code) [AU]:
 <– ENTER
State or Province Name (full name) [Some-State]: <– ENTER
Locality Name (eg, city) []: <– ENTER
Organization Name (eg, company) [Internet Widgits Pty Ltd]: <– ENTER
Organizational Unit Name (eg, section) []: <– ENTER
Common Name (eg, YOUR name) []: <– ENTER
Email Address []: <– ENTER
Configuring Jailkit
Configuring Dovecot
chmod: cannot access `/etc/dovecot/dovecot-sql.conf~’: No such file or directory
Configuring Spamassassin
Configuring Amavisd
Configuring Getmail
Configuring Pureftpd
Configuring BIND
Configuring Apache
Configuring Vlogger
Configuring Apps vhost
Configuring Bastille Firewall
Configuring Fail2ban
Installing ISPConfig
ISPConfig Port [8080]:
 <– ENTER

Do you want a secure (SSL) connection to the ISPConfig web interface (y,n) [y]: <– ENTER

Generating RSA private key, 4096 bit long modulus
……..++
……………………………….++
e is 65537 (0x10001)
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter ‘.’, the field will be left blank.
—–
Country Name (2 letter code) [AU]:
 <– ENTER
State or Province Name (full name) [Some-State]: <– ENTER
Locality Name (eg, city) []: <– ENTER
Organization Name (eg, company) [Internet Widgits Pty Ltd]: <– ENTER
Organizational Unit Name (eg, section) []: <– ENTER
Common Name (eg, YOUR name) []: <– ENTER
Email Address []: <– ENTER

Please enter the following ‘extra’ attributes
to be sent with your certificate request
A challenge password []:
 <– ENTER
An optional company name []: <– ENTER
writing RSA key
Configuring DBServer
Installing ISPConfig crontab
no crontab for root
no crontab for getmail
Restarting services …
redirecting to systemctl
redirecting to systemctl
redirecting to systemctl
redirecting to systemctl
redirecting to systemctl
redirecting to systemctl
redirecting to systemctl
redirecting to systemctl
Installation completed.
server1:/tmp/ispconfig3_install/install #

Clean up the /tmp directory:

cd /tmp
rm -rf /tmp/ispconfig3_install
rm -f /tmp/ISPConfig-3-stable.tar.gz

Open /etc/suphp.conf

vi /etc/suphp.conf

… and make sure that it contains x-httpd-suphp=”php:/srv/www/cgi-bin/php” instead of x-httpd-suphp=”php:/srv/www/cgi-bin/php5″ towards the end of the file:

[...]
[handlers]
;Handler for php-scripts
x-httpd-suphp="php:/srv/www/cgi-bin/php"
[...]

Afterwards you can access ISPConfig 3 under http(s)://server1.example.com:8080/ or http(s)://192.168.0.100:8080/ (http or https depends on what you chose during installation). Log in with the username admin and the password admin (you should change the default password after your first login):

34

35

 

  • OpenSUSE: http://www.opensuse.org/
  • ISPConfig: http://www.ispconfig.org/

 

 

 

Comments

comments