Herramientas de usuario

Herramientas del sitio


para_configurar_ispconfig

Para instalar ISPCONFIG

Requisitos previos:
El presente manual fue desarrollado para la distribución Debian 7.
Asegurarse que se tiene configurado el servidor, y que el mismo esta actualizado y listo para poder instalar
paquetes del repositorio.
Considere que se efectuarán algunos de los pasos que se indican en el manual original.

Contenido:

1. Change The Default Shell.

2. Synchronize the System Clock.

3. Install Postfix, Dovecot, MySQL, phpMyAdmin, rkhunter, binutils.

4. Install Apache2, PHP5, phpMyAdmin, FCGI, suExec, Pear, And mcrypt.

4.1. Xcache.

4.2. PHP-FPM.

5. Install PureFTPd And Quota.

6. Install Vlogger, Webalizer, And AWstats.

7. Install fail2ban.

8. Install ISPConfig 3.

9. ISPConfig 3 Manual.

10. Warning.

1. Change The Default Shell.

/bin/sh is a symlink to /bin/dash, however we need /bin/bash, not /bin/dash. Therefore we do this:

dpkg-reconfigure dash

Use dash as the default system shell (/bin/sh)? ← no

If you don't do this, the ISPConfig installation will fail.

2. Synchronize the System Clock.

Como es un contenedor para establecer el uso horario y demás empleamos el siguiente comando:

dpkg-reconfigure tzdata

3. Install Postfix, Dovecot, MySQL, phpMyAdmin, rkhunter, binutils.

We can install Postfix, Dovecot, MySQL, rkhunter, and binutils with a single command:

apt-get install postfix postfix-mysql postfix-doc mysql-client mysql-server openssl getmail4 rkhunter 
binutils dovecot-imapd dovecot-pop3d dovecot-mysql dovecot-sieve sudo

You will be asked the following questions:

General type of mail configuration: ←- Internet Site

System mail name: ←- server1.example.com

New password for the MySQL “root” user: ←- yourrootsqlpassword

Repeat password for the MySQL “root” user: ←- yourrootsqlpassword

Now edit the following file:

nano /etc/postfix/master.cf

Uncomment the submission and smtps sections as follows (leave -o milter_macro_daemon_name=ORIGINATING as we don't need it):

[...]
submission inet n       -       -       -       -       smtpd
  -o syslog_name=postfix/submission
  -o smtpd_tls_security_level=encrypt
  -o smtpd_sasl_auth_enable=yes
  -o smtpd_client_restrictions=permit_sasl_authenticated,reject
#  -o milter_macro_daemon_name=ORIGINATING
smtps     inet  n       -       -       -       -       smtpd
  -o syslog_name=postfix/smtps
  -o smtpd_tls_wrappermode=yes
  -o smtpd_sasl_auth_enable=yes
  -o smtpd_client_restrictions=permit_sasl_authenticated,reject
#  -o milter_macro_daemon_name=ORIGINATING
[...]

Restart Postfix afterwards:

/etc/init.d/postfix restart

We want MySQL to listen on all interfaces, not just localhost, therefore we edit /etc/mysql/my.cnf and comment out the line bind-address = 127.0.0.1:

nano /etc/mysql/my.cnf
[...]
# Instead of skip-networking the default is now to listen only on
# localhost which is more compatible and is not less secure.
#bind-address           = 127.0.0.1
[...]

Then we restart MySQL:

/etc/init.d/mysql restart

Now check that networking is enabled. Run:

netstat -tap | grep mysql

4. Install Apache2, PHP5, phpMyAdmin, FCGI, suExec, Pear, And mcrypt.

Apache2, PHP5, phpMyAdmin, FCGI, suExec, Pear, and mcrypt can be installed as follows:

apt-get install apache2 apache2.2-common apache2-doc apache2-mpm-prefork apache2-utils libexpat1 ssl-cert 
libapache2-mod-php5 php5 php5-common php5-gd php5-mysql php5-imap phpmyadmin php5-cli php5-cgi 
libapache2-mod-fcgid apache2-suexec php-pear php-auth php5-mcrypt mcrypt php5-imagick imagemagick 
libapache2-mod-suphp libruby libapache2-mod-ruby libapache2-mod-python php5-curl php5-intl php5-memcache 
php5-memcached php5-ming php5-ps php5-pspell php5-recode php5-snmp php5-sqlite php5-tidy php5-xmlrpc 
php5-xsl memcached

You will see the following question:

Web server to reconfigure automatically: ← apache2

Configure database for phpmyadmin with dbconfig-common? ← no

Then run the following command to enable the Apache modules suexec, rewrite, ssl, actions, and include (plus dav, dav_fs, and auth_digest if you want to use WebDAV):

a2enmod suexec rewrite ssl actions include
a2enmod dav_fs dav auth_digest

Next open /etc/apache2/mods-available/suphp.conf.

nano /etc/apache2/mods-available/suphp.conf

… and comment out the <FilesMatch “\.ph(p3?|tml)$”> section and add the line AddType application/x-httpd-suphp .php .php3 .php4 .php5 .phtml - otherwise all PHP files will be run by SuPHP:

<IfModule mod_suphp.c>
    #<FilesMatch "\.ph(p3?|tml)$">
    #    SetHandler application/x-httpd-suphp
    #</FilesMatch>
        AddType application/x-httpd-suphp .php .php3 .php4 .php5 .phtml
        suPHP_AddHandler application/x-httpd-suphp

    <Directory />
        suPHP_Engine on
    </Directory>

    # By default, disable suPHP for debian packaged web applications as files
    # are owned by root and cannot be executed by suPHP because of min_uid.
    <Directory /usr/share>
        suPHP_Engine off
    </Directory>

# # Use a specific php config file (a dir which contains a php.ini file)
#       suPHP_ConfigPath /etc/php5/cgi/suphp/
# # Tells mod_suphp NOT to handle requests with the type <mime-type>.
#       suPHP_RemoveHandler <mime-type>
</IfModule>

Restart Apache afterwards:

/etc/init.d/apache2 restart

4.1. Xcache.

Xcache is a free and open PHP opcode cacher for caching and optimizing PHP intermediate code. It's similar to other PHP opcode cachers, such as eAccelerator and APC. It is strongly recommended to have one of these installed to speed up your PHP page.

Xcache can be installed as follows:

apt-get install php5-xcache

Now restart Apache:

/etc/init.d/apache2 restart

4.2. PHP-FPM.

Starting with ISPConfig 3.0.5, there is an additional PHP mode that you can select for usage with Apache: PHP-FPM.

To use PHP-FPM with Apache, we need the mod_fastcgi Apache module (please don't mix this up with mod_fcgid - they are very similar, but you cannot use PHP-FPM with mod_fcgid). We can install PHP-FPM and mod_fastcgi as follows:

apt-get install libapache2-mod-fastcgi php5-fpm

Make sure you enable the module and restart Apache:

a2enmod actions fastcgi alias
/etc/init.d/apache2 restart

5. Install PureFTPd And Quota.

PureFTPd and quota can be installed with the following command:

apt-get install pure-ftpd-common pure-ftpd-mysql quota quotatool

Edit the file /etc/default/pure-ftpd-common…

nano /etc/default/pure-ftpd-common

… and make sure that the start mode is set to standalone and set VIRTUALCHROOT=true:

[...]
STANDALONE_OR_INETD=standalone
[...]
VIRTUALCHROOT=true
[...]

Now we configure PureFTPd to allow FTP and TLS sessions. FTP is a very insecure protocol because all passwords and all data are transferred in clear text. By using TLS, the whole communication can be encrypted, thus making FTP much more secure.

If you want to allow FTP and TLS sessions, run:

echo 1 > /etc/pure-ftpd/conf/TLS

In order to use TLS, we must create an SSL certificate. I create it in /etc/ssl/private/, therefore I create that directory first:

mkdir -p /etc/ssl/private/

Afterwards, we can generate the SSL certificate as follows:

openssl req -x509 -nodes -days 7300 -newkey rsa:2048 -keyout /etc/ssl/private/pure-ftpd.pem 
-out /etc/ssl/private/pure-ftpd.pem

Country Name (2 letter code) [AU]: ←- Enter your Country Name (e.g., “DE”).

State or Province Name (full name) [Some-State]: ←- Enter your State or Province Name.

Locality Name (eg, city) []: ←- Enter your City.

Organization Name (eg, company) [Internet Widgits Pty Ltd]: ←- Enter your Organization Name (e.g., the name of your company).

Organizational Unit Name (eg, section) []: ←- Enter your Organizational Unit Name (e.g. “IT Department”).

Common Name (eg, YOUR name) []: ←- Enter the Fully Qualified Domain Name of the system (e.g. “server1.example.com”).

Email Address []: ←- Enter your Email Address.

Change the permissions of the SSL certificate:

chmod 600 /etc/ssl/private/pure-ftpd.pem

Then restart PureFTPd:

/etc/init.d/pure-ftpd-mysql restart

Edit /etc/fstab. Mine looks like this (I added ,usrjquota=quota.user,grpjquota=quota.group,jqfmt=vfsv0 to the partition with the mount point /):

nano /etc/fstab
# /etc/fstab: static file system information.
#
# Use 'blkid' to print the universally unique identifier for a
# device; this may be used with UUID= as a more robust way to name devices
# that works even if disks are added and removed. See fstab(5).
#
#                
/dev/mapper/server1-root /               ext4    errors=remount-ro,usrjquota=quota.user,grpjquota=quota.group,jqfmt=vfsv0 0       1
# /boot was on /dev/sda1 during installation
UUID=46d1bd79-d761-4b23-80b8-ad20cb18e049 /boot           ext2    defaults        0       2
/dev/mapper/server1-swap_1 none            swap    sw              0       0
/dev/sr0        /media/cdrom0   udf,iso9660 user,noauto     0       0

6. Install Vlogger, Webalizer, And AWstats.

Vlogger, webalizer, and AWstats can be installed as follows:

apt-get install vlogger webalizer awstats geoip-database libclass-dbi-mysql-perl

Open /etc/cron.d/awstats afterwards…

nano /etc/cron.d/awstats

… and comment out everything in that file:

#MAILTO=root

#*/10 * * * * www-data [ -x /usr/share/awstats/tools/update.sh ] && /usr/share/awstats/tools/update.sh

# Generate static reports:
#10 03 * * * www-data [ -x /usr/share/awstats/tools/buildstatic.sh ] && /usr/share/awstats/tools/buildstatic.sh

7. Install fail2ban.

This is optional but recommended, because the ISPConfig monitor tries to show the log:

apt-get install fail2ban

To make fail2ban monitor PureFTPd and Dovecot, create the file /etc/fail2ban/jail.local:

nano /etc/fail2ban/jail.local
[pureftpd]
enabled  = true
port     = ftp
filter   = pureftpd
logpath  = /var/log/syslog
maxretry = 3

[dovecot-pop3imap]
enabled = true
filter = dovecot-pop3imap
action = iptables-multiport[name=dovecot-pop3imap, port="pop3,pop3s,imap,imaps", protocol=tcp]
logpath = /var/log/mail.log
maxretry = 5

[sasl]
enabled  = true
port     = smtp
filter   = sasl
logpath  = /var/log/mail.log
maxretry = 3

Then create the following two filter files:

nano /etc/fail2ban/filter.d/pureftpd.conf
[Definition]
failregex = .*pure-ftpd: \(.*@<HOST>\) \[WARNING\] Authentication failed for user.*
ignoreregex =
nano /etc/fail2ban/filter.d/dovecot-pop3imap.conf
[Definition]
failregex = (?: pop3-login|imap-login): .*(?:Authentication failure|Aborted login \(auth failed|Aborted login \(tried to use disabled|Disconnected \(auth failed|Aborted login \(\d+ authentication attempts).*rip=(?P<host>\S*),.*
ignoreregex =

Restart fail2ban afterwards:

/etc/init.d/fail2ban restart

8. Install ISPConfig 3.

To install ISPConfig 3 from the latest released version, do this:

cd /tmp
wget http://www.ispconfig.org/downloads/ISPConfig-3-stable.tar.gz
tar xfz ISPConfig-3-stable.tar.gz
cd ispconfig3_install/install/

The next step is to run

php -q install.php

This will start the ISPConfig 3 installer. The installer will configure all services like Postfix, Dovecot, etc. for you. A manual setup as required for ISPConfig 2 (perfect setup guides) is not necessary.

--------------------------------------------------------------------------------
 _____ ___________   _____              __ _         ____
|_   _/  ___| ___ \ /  __ \            / _(_)       /__  \
  | | \ `--.| |_/ / | /  \/ ___  _ __ | |_ _  __ _    _/ /
  | |  `--. \  __/  | |    / _ \| '_ \|  _| |/ _` |  |_ |
 _| |_/\__/ / |     | \__/\ (_) | | | | | | | (_| | ___\ \
 \___/\____/\_|      \____/\___/|_| |_|_| |_|\__, | \____/
                                              __/ |
                                             |___/
--------------------------------------------------------------------------------

>> Initial configuration

Operating System: Debian or compatible, unknown version.

Following will be a few questions for primary configuration so be careful.

Default values are in [brackets] and can be accepted with .

Tap in “quit” (without the quotes) to stop the installer.

Select language (en,de) [en]: ←- ENTER

Installation mode (standard,expert) [standard]: ←- ENTER

Full qualified hostname (FQDN) of the server, eg server1.domain.tld [server1.example.com]: ←- ENTER

MySQL server hostname [localhost]: ←- ENTER

MySQL root username [root]: ←- ENTER

MySQL root password []: ←- yourrootsqlpassword

MySQL database to create [dbispconfig]: ←- ENTER

MySQL charset [utf8]: ←- ENTER

Country Name (2 letter code) [AU]: ←- ENTER

State or Province Name (full name) [Some-State]: ←- ENTER

Locality Name (eg, city) []: ←- ENTER

Organization Name (eg, company) [Internet Widgits Pty Ltd]: ←- ENTER

Organizational Unit Name (eg, section) []: ←- ENTER

Common Name (e.g. server FQDN or YOUR name) []: ←- ENTER

Email Address []: ←- ENTER

ISPConfig Port [8080]: ←- ENTER

Do you want a secure (SSL) connection to the ISPConfig web interface (y,n) [y]: ←- ENTER

The installer automatically configures all underlying services, so no manual configuration is needed.

Afterwards you can access ISPConfig 3 under http(s):server1.example.com:8080/ or http(s):192.168.0.100:8080/ ( http or https depends on what you chose during installation). Log in with the username admin and the password admin (you should change the default password after your first login):

9. ISPConfig 3 Manual.

In order to learn how to use ISPConfig 3, I strongly recommend to https://www.howtoforge.com/download-the-ispconfig-3-manual

10. Warning.

En algunas ocasiones, el enlace entre el ISPConfig y la aplicación phpMyadmin, no es creado por el proceso de instalación, para lo cual se requiere crear de manera manual, dicho enlace:

En etc/apache2/conf.d agregar enlace simbolico a etc/phpmyadmin/apache.conf

Tomado de: https://www.howtoforge.com/perfect-server-debian-wheezy-apache2-bind-dovecot-ispconfig-3

para_configurar_ispconfig.txt · Última modificación: 2015/07/16 09:21 por jlameiro