====== Para instalar ISPCONFIG ====== Requisitos previos: El presente manual fue desarrollado para la distribución Debian 7. Asegurarse que se tiene configurado el servidor, y que el mismo esta actualizado y listo para poder instalar paquetes del repositorio. Considere que se efectuarán algunos de los pasos que se indican en el manual original. Contenido: [[para_configurar_ispconfig#1. Change The Default Shell.|1. Change The Default Shell.]] [[para_configurar_ispconfig#2. Synchronize the System Clock.|2. Synchronize the System Clock.]] [[para_configurar_ispconfig#3. Install Postfix, Dovecot, MySQL, phpMyAdmin, rkhunter, binutils.|3. Install Postfix, Dovecot, MySQL, phpMyAdmin, rkhunter, binutils.]] [[para_configurar_ispconfig#4. Install Apache2, PHP5, phpMyAdmin, FCGI, suExec, Pear, And mcrypt.|4. Install Apache2, PHP5, phpMyAdmin, FCGI, suExec, Pear, And mcrypt.]] [[para_configurar_ispconfig#4.1. Xcache.|4.1. Xcache.]] [[para_configurar_ispconfig#4.2. PHP-FPM.|4.2. PHP-FPM.]] [[para_configurar_ispconfig#5. Install PureFTPd And Quota.|5. Install PureFTPd And Quota.]] [[para_configurar_ispconfig#6. Install Vlogger, Webalizer, And AWstats.|6. Install Vlogger, Webalizer, And AWstats.]] [[para_configurar_ispconfig#7. Install fail2ban.|7. Install fail2ban.]] [[para_configurar_ispconfig#8. Install ISPConfig 3.|8. Install ISPConfig 3.]] [[para_configurar_ispconfig#9. ISPConfig 3 Manual.|9. ISPConfig 3 Manual.]] [[para_configurar_ispconfig#10. Warning.|10. Warning.]] === 1. Change The Default Shell. === /bin/sh is a symlink to /bin/dash, however we need /bin/bash, not /bin/dash. Therefore we do this: dpkg-reconfigure dash Use dash as the default system shell (/bin/sh)? <- no If you don't do this, the ISPConfig installation will fail. === 2. Synchronize the System Clock. === Como es un contenedor para establecer el uso horario y demás empleamos el siguiente comando: dpkg-reconfigure tzdata === 3. Install Postfix, Dovecot, MySQL, phpMyAdmin, rkhunter, binutils. === We can install Postfix, Dovecot, MySQL, rkhunter, and binutils with a single command: apt-get install postfix postfix-mysql postfix-doc mysql-client mysql-server openssl getmail4 rkhunter binutils dovecot-imapd dovecot-pop3d dovecot-mysql dovecot-sieve sudo You will be asked the following questions: General type of mail configuration: <-- Internet Site System mail name: <-- server1.example.com New password for the MySQL "root" user: <-- yourrootsqlpassword Repeat password for the MySQL "root" user: <-- yourrootsqlpassword Now edit the following file: nano /etc/postfix/master.cf Uncomment the submission and smtps sections as follows (leave -o milter_macro_daemon_name=ORIGINATING as we don't need it): [...] submission inet n - - - - smtpd -o syslog_name=postfix/submission -o smtpd_tls_security_level=encrypt -o smtpd_sasl_auth_enable=yes -o smtpd_client_restrictions=permit_sasl_authenticated,reject # -o milter_macro_daemon_name=ORIGINATING smtps inet n - - - - smtpd -o syslog_name=postfix/smtps -o smtpd_tls_wrappermode=yes -o smtpd_sasl_auth_enable=yes -o smtpd_client_restrictions=permit_sasl_authenticated,reject # -o milter_macro_daemon_name=ORIGINATING [...] Restart Postfix afterwards: /etc/init.d/postfix restart We want MySQL to listen on all interfaces, not just localhost, therefore we edit /etc/mysql/my.cnf and comment out the line bind-address = 127.0.0.1: nano /etc/mysql/my.cnf [...] # Instead of skip-networking the default is now to listen only on # localhost which is more compatible and is not less secure. #bind-address = 127.0.0.1 [...] Then we restart MySQL: /etc/init.d/mysql restart Now check that networking is enabled. Run: netstat -tap | grep mysql === 4. Install Apache2, PHP5, phpMyAdmin, FCGI, suExec, Pear, And mcrypt. === Apache2, PHP5, phpMyAdmin, FCGI, suExec, Pear, and mcrypt can be installed as follows: apt-get install apache2 apache2.2-common apache2-doc apache2-mpm-prefork apache2-utils libexpat1 ssl-cert libapache2-mod-php5 php5 php5-common php5-gd php5-mysql php5-imap phpmyadmin php5-cli php5-cgi libapache2-mod-fcgid apache2-suexec php-pear php-auth php5-mcrypt mcrypt php5-imagick imagemagick libapache2-mod-suphp libruby libapache2-mod-ruby libapache2-mod-python php5-curl php5-intl php5-memcache php5-memcached php5-ming php5-ps php5-pspell php5-recode php5-snmp php5-sqlite php5-tidy php5-xmlrpc php5-xsl memcached You will see the following question: Web server to reconfigure automatically: <- apache2 Configure database for phpmyadmin with dbconfig-common? <- no Then run the following command to enable the Apache modules suexec, rewrite, ssl, actions, and include (plus dav, dav_fs, and auth_digest if you want to use WebDAV): a2enmod suexec rewrite ssl actions include a2enmod dav_fs dav auth_digest Next open /etc/apache2/mods-available/suphp.conf. nano /etc/apache2/mods-available/suphp.conf ... and comment out the section and add the line AddType application/x-httpd-suphp .php .php3 .php4 .php5 .phtml - otherwise all PHP files will be run by SuPHP: # # SetHandler application/x-httpd-suphp # AddType application/x-httpd-suphp .php .php3 .php4 .php5 .phtml suPHP_AddHandler application/x-httpd-suphp suPHP_Engine on # By default, disable suPHP for debian packaged web applications as files # are owned by root and cannot be executed by suPHP because of min_uid. suPHP_Engine off # # Use a specific php config file (a dir which contains a php.ini file) # suPHP_ConfigPath /etc/php5/cgi/suphp/ # # Tells mod_suphp NOT to handle requests with the type . # suPHP_RemoveHandler Restart Apache afterwards: /etc/init.d/apache2 restart === 4.1. Xcache. === Xcache is a free and open PHP opcode cacher for caching and optimizing PHP intermediate code. It's similar to other PHP opcode cachers, such as eAccelerator and APC. It is strongly recommended to have one of these installed to speed up your PHP page. Xcache can be installed as follows: apt-get install php5-xcache Now restart Apache: /etc/init.d/apache2 restart === 4.2. PHP-FPM. === Starting with ISPConfig 3.0.5, there is an additional PHP mode that you can select for usage with Apache: PHP-FPM. To use PHP-FPM with Apache, we need the mod_fastcgi Apache module (please don't mix this up with mod_fcgid - they are very similar, but you cannot use PHP-FPM with mod_fcgid). We can install PHP-FPM and mod_fastcgi as follows: apt-get install libapache2-mod-fastcgi php5-fpm Make sure you enable the module and restart Apache: a2enmod actions fastcgi alias /etc/init.d/apache2 restart === 5. Install PureFTPd And Quota. === PureFTPd and quota can be installed with the following command: apt-get install pure-ftpd-common pure-ftpd-mysql quota quotatool Edit the file /etc/default/pure-ftpd-common... nano /etc/default/pure-ftpd-common ... and make sure that the start mode is set to standalone and set VIRTUALCHROOT=true: [...] STANDALONE_OR_INETD=standalone [...] VIRTUALCHROOT=true [...] Now we configure PureFTPd to allow FTP and TLS sessions. FTP is a very insecure protocol because all passwords and all data are transferred in clear text. By using TLS, the whole communication can be encrypted, thus making FTP much more secure. If you want to allow FTP and TLS sessions, run: echo 1 > /etc/pure-ftpd/conf/TLS In order to use TLS, we must create an SSL certificate. I create it in /etc/ssl/private/, therefore I create that directory first: mkdir -p /etc/ssl/private/ Afterwards, we can generate the SSL certificate as follows: openssl req -x509 -nodes -days 7300 -newkey rsa:2048 -keyout /etc/ssl/private/pure-ftpd.pem -out /etc/ssl/private/pure-ftpd.pem Country Name (2 letter code) [AU]: <-- Enter your Country Name (e.g., "DE"). State or Province Name (full name) [Some-State]: <-- Enter your State or Province Name. Locality Name (eg, city) []: <-- Enter your City. Organization Name (eg, company) [Internet Widgits Pty Ltd]: <-- Enter your Organization Name (e.g., the name of your company). Organizational Unit Name (eg, section) []: <-- Enter your Organizational Unit Name (e.g. "IT Department"). Common Name (eg, YOUR name) []: <-- Enter the Fully Qualified Domain Name of the system (e.g. "server1.example.com"). Email Address []: <-- Enter your Email Address. Change the permissions of the SSL certificate: chmod 600 /etc/ssl/private/pure-ftpd.pem Then restart PureFTPd: /etc/init.d/pure-ftpd-mysql restart Edit /etc/fstab. Mine looks like this (I added ,usrjquota=quota.user,grpjquota=quota.group,jqfmt=vfsv0 to the partition with the mount point /): nano /etc/fstab # /etc/fstab: static file system information. # # Use 'blkid' to print the universally unique identifier for a # device; this may be used with UUID= as a more robust way to name devices # that works even if disks are added and removed. See fstab(5). # # /dev/mapper/server1-root / ext4 errors=remount-ro,usrjquota=quota.user,grpjquota=quota.group,jqfmt=vfsv0 0 1 # /boot was on /dev/sda1 during installation UUID=46d1bd79-d761-4b23-80b8-ad20cb18e049 /boot ext2 defaults 0 2 /dev/mapper/server1-swap_1 none swap sw 0 0 /dev/sr0 /media/cdrom0 udf,iso9660 user,noauto 0 0 === 6. Install Vlogger, Webalizer, And AWstats. === Vlogger, webalizer, and AWstats can be installed as follows: apt-get install vlogger webalizer awstats geoip-database libclass-dbi-mysql-perl Open /etc/cron.d/awstats afterwards... nano /etc/cron.d/awstats ... and comment out everything in that file: #MAILTO=root #*/10 * * * * www-data [ -x /usr/share/awstats/tools/update.sh ] && /usr/share/awstats/tools/update.sh # Generate static reports: #10 03 * * * www-data [ -x /usr/share/awstats/tools/buildstatic.sh ] && /usr/share/awstats/tools/buildstatic.sh === 7. Install fail2ban. === This is optional but recommended, because the ISPConfig monitor tries to show the log: apt-get install fail2ban To make fail2ban monitor PureFTPd and Dovecot, create the file /etc/fail2ban/jail.local: nano /etc/fail2ban/jail.local [pureftpd] enabled = true port = ftp filter = pureftpd logpath = /var/log/syslog maxretry = 3 [dovecot-pop3imap] enabled = true filter = dovecot-pop3imap action = iptables-multiport[name=dovecot-pop3imap, port="pop3,pop3s,imap,imaps", protocol=tcp] logpath = /var/log/mail.log maxretry = 5 [sasl] enabled = true port = smtp filter = sasl logpath = /var/log/mail.log maxretry = 3 Then create the following two filter files: nano /etc/fail2ban/filter.d/pureftpd.conf [Definition] failregex = .*pure-ftpd: \(.*@\) \[WARNING\] Authentication failed for user.* ignoreregex = nano /etc/fail2ban/filter.d/dovecot-pop3imap.conf [Definition] failregex = (?: pop3-login|imap-login): .*(?:Authentication failure|Aborted login \(auth failed|Aborted login \(tried to use disabled|Disconnected \(auth failed|Aborted login \(\d+ authentication attempts).*rip=(?P\S*),.* ignoreregex = Restart fail2ban afterwards: /etc/init.d/fail2ban restart === 8. Install ISPConfig 3. === To install ISPConfig 3 from the latest released version, do this: cd /tmp wget http://www.ispconfig.org/downloads/ISPConfig-3-stable.tar.gz tar xfz ISPConfig-3-stable.tar.gz cd ispconfig3_install/install/ The next step is to run php -q install.php This will start the ISPConfig 3 installer. The installer will configure all services like Postfix, Dovecot, etc. for you. A manual setup as required for ISPConfig 2 (perfect setup guides) is not necessary. -------------------------------------------------------------------------------- _____ ___________ _____ __ _ ____ |_ _/ ___| ___ \ / __ \ / _(_) /__ \ | | \ `--.| |_/ / | / \/ ___ _ __ | |_ _ __ _ _/ / | | `--. \ __/ | | / _ \| '_ \| _| |/ _` | |_ | _| |_/\__/ / | | \__/\ (_) | | | | | | | (_| | ___\ \ \___/\____/\_| \____/\___/|_| |_|_| |_|\__, | \____/ __/ | |___/ -------------------------------------------------------------------------------- >> Initial configuration Operating System: Debian or compatible, unknown version. Following will be a few questions for primary configuration so be careful. Default values are in [brackets] and can be accepted with . Tap in "quit" (without the quotes) to stop the installer. Select language (en,de) [en]: <-- ENTER Installation mode (standard,expert) [standard]: <-- ENTER Full qualified hostname (FQDN) of the server, eg server1.domain.tld [server1.example.com]: <-- ENTER MySQL server hostname [localhost]: <-- ENTER MySQL root username [root]: <-- ENTER MySQL root password []: <-- yourrootsqlpassword MySQL database to create [dbispconfig]: <-- ENTER MySQL charset [utf8]: <-- ENTER Country Name (2 letter code) [AU]: <-- ENTER State or Province Name (full name) [Some-State]: <-- ENTER Locality Name (eg, city) []: <-- ENTER Organization Name (eg, company) [Internet Widgits Pty Ltd]: <-- ENTER Organizational Unit Name (eg, section) []: <-- ENTER Common Name (e.g. server FQDN or YOUR name) []: <-- ENTER Email Address []: <-- ENTER ISPConfig Port [8080]: <-- ENTER Do you want a secure (SSL) connection to the ISPConfig web interface (y,n) [y]: <-- ENTER The installer automatically configures all underlying services, so no manual configuration is needed. Afterwards you can access ISPConfig 3 under http(s)://server1.example.com:8080/ or http(s)://192.168.0.100:8080/ ( http or https depends on what you chose during installation). Log in with the username admin and the password admin (you should change the default password after your first login): === 9. ISPConfig 3 Manual. === In order to learn how to use ISPConfig 3, I strongly recommend to https://www.howtoforge.com/download-the-ispconfig-3-manual === 10. Warning. === En algunas ocasiones, el enlace entre el ISPConfig y la aplicación phpMyadmin, no es creado por el proceso de instalación, para lo cual se requiere crear de manera manual, dicho enlace: En etc/apache2/conf.d agregar enlace simbolico a etc/phpmyadmin/apache.conf Tomado de: https://www.howtoforge.com/perfect-server-debian-wheezy-apache2-bind-dovecot-ispconfig-3