Ubuntu 10.04 LTS Internet server – ISPconfig 3

Използвал съм ръководството на howtoforge от тук http://howtoforge.com/perfect-server-ubuntu-10.04-lucid-lynx-ispconfig-3
Вече имам две такива инсталации които се държат много добре. Минаха вече два месеца тестове за да съм сигурен, че избора ми е правилен.
В момента има конфигурирани 3 клиента, 24 сайта, 24 ftp потребителя, 3 майл домейна и 8 пощенски кутии. Меил часта е добре организирана и борбата със спам е добро решение тук. Намерих само един бъг ако може да се нарече така с директивите в apache сървъра но не е болка за умиране (бързо се оправя).

Като за начало трябва да създадем парола на root потребителя и да сме сигурни, че е инсталиран ssh за да можем да администрираме отдалечено системата.

sudo su
sudo passwd root
aptitude install ssh openssh-server

Конфигурираме мрежата.
nano /etc/network/interfaces

auto lo
iface lo inet loopback
 
auto eth0
iface eth0 inet static
        address 93.155.130.14
        netmask 255.255.255.0
        gateway 93.155.130.1

Създаваме име на системата. Тази операция е много нужна за apache сървъра.
nano /etc/hosts

127.0.0.1       localhost.localdomain   localhost
93.155.130.14   host.itservice-bg.net   host
 
::1     localhost ip6-localhost ip6-loopback
fe00::0 ip6-localnet
ff00::0 ip6-mcastprefix
ff02::1 ip6-allnodes
ff02::2 ip6-allrouters
echo host.itservice-bg.net > /etc/hostname
/etc/init.d/hostname restart
hostname
hostname -f

Обновяваме системата и рестартираме.

aptitude update
aptitude safe-upgrade
reboot

Връщаме си стандартната обвивка bash.

dpkg-reconfigure dash
 
[...]
Install dash as /bin/sh? <-- No
[...]

Деинсталираме apparmor защото ще ни прави номера.

/etc/init.d/apparmor stop
update-rc.d -f apparmor remove
aptitude remove apparmor apparmor-utils

Инсталиране на нужен ни софтуер.

aptitude install postfix postfix-mysql postfix-doc mysql-client mysql-server courier-authdaemon courier-authlib-mysql courier-pop courier-pop-ssl courier-imap courier-imap-ssl libsasl2-2 libsasl2-modules libsasl2-modules-sql sasl2-bin libpam-mysql openssl getmail4 rkhunter binutils maildrop ntp ntpdate
 
[...]
New password for the MySQL "root" user: <-- yourrootsqlpassword
Repeat password for the MySQL "root" user: <-- yourrootsqlpassword
Create directories for web-based administration? <-- No
General type of mail configuration: <-- Internet Site
System mail name: <-- server1.example.com
SSL certificate required <-- Ok
[...]

Трябва да затворим порта на mysql към 127.0.0.1
nano /etc/mysql/my.cnf

[...]
# Instead of skip-networking the default is now to listen only on
# localhost which is more compatible and is not less secure.
#bind-address           = 127.0.0.1
[...]

Да изтрием вече създадените сертификати.

cd /etc/courier
rm -f /etc/courier/imapd.pem
rm -f /etc/courier/pop3d.pem

Да опишем домейна в imap и pop3 демоните.
nano /etc/courier/imapd.cnf

[...]
CN=host.itservice-bg.net
[...]

nano /etc/courier/pop3d.cnf

[...]
CN=host.itservice-bg.net
[...]

Да създадем отново сертификатите.

mkimapdcert
mkpop3dcert
/etc/init.d/courier-imap-ssl restart
/etc/init.d/courier-pop-ssl restart

Инсталиране на нужен софтуер.

aptitude install apache2 apache2.2-common apache2-doc apache2-mpm-prefork apache2-utils libexpat1 ssl-cert libapache2-mod-php5 php5 php5-common php5-gd php5-mysql php5-imap phpmyadmin php5-cli php5-cgi libapache2-mod-fcgid apache2-suexec php-pear php-auth php5-mcrypt mcrypt php5-imagick imagemagick libapache2-mod-suphp libopenssl-ruby amavisd-new spamassassin clamav clamav-daemon zoo unzip bzip2 arj nomarch lzop cabextract apt-listchanges libnet-ldap-perl libauthen-sasl-perl clamav-docs daemon libio-string-perl libio-socket-ssl-perl libnet-ident-perl zip libnet-dns-perl bind9 dnsutils vlogger webalizer build-essential autoconf automake1.9 libtool flex bison debhelper fail2ban
 
[...]
Web server to reconfigure automatically: <-- apache2
Configure database for phpmyadmin with dbconfig-common? <-- No
[...]

Активиране на модулите на Apache.

a2enmod suexec rewrite ssl actions include
/etc/init.d/apache2 restart

Инсталиране и конфигуриране на ftp демона.

aptitude install pure-ftpd-common pure-ftpd-mysql quota quotatool
nano /etc/default/pure-ftpd-common
 
[...]
STANDALONE_OR_INETD=standalone
[...]
VIRTUALCHROOT=true
[...]
 
/etc/init.d/pure-ftpd-mysql restart

Инсталиране и конфигуриране на квотата.
nano /etc/fstab

[...]
proc            /proc           proc    nodev,noexec,nosuid 0       0
# / was on /dev/sda1 during installation
UUID=79c51eab-ed24-42b6-aabb-ca700753229a /               ext4    errors=remount-ro,usrjquota=aquota.user,grpjquota=aquota.group,jqfmt=vfsv0 0
# /mnt/sdb was on /dev/sdb1 during installation
UUID=c6f5c31f-0996-4ff4-b836-9d50b6746eda /mnt/sdb        ext4    defaults        0       2
# /mnt/sdc was on /dev/sdc1 during installation
UUID=ed068da7-3577-490f-9402-ef1edbbab87c /mnt/sdc        ext4    defaults        0       2
# swap was on /dev/sda5 during installation
UUID=8298959b-03a9-4fda-9b14-cf023905bb46 none            swap    sw              0       0
[...]
 
touch /aquota.user /aquota.group
chmod 600 /aquota.*
mount -o remount /
 
quotacheck -avugm
quotaon -avug

Инсталиране и конфигуриране на jailkit който осигурява chroot през ssh достъп.

cd /tmp
wget http://olivier.sessink.nl/jailkit/jailkit-2.11.tar.gz
tar xvfz jailkit-2.11.tar.gz
cd jailkit-2.11
./debian/rules binary
cd ..
dpkg -i jailkit_2.11-1_*.deb
rm -rf jailkit-2.11*

Инсталиране и конфигуриране на squirrelmail с courier IMAP server.

aptitude install squirrelmail
ln -s /usr/share/squirrelmail/ /var/www/webmail
squirrelmail-configure

SquirrelMail Configuration : Read: config.php (1.4.0)
———————————————————
Main Menu —
1. Organization Preferences
2. Server Settings
3. Folder Defaults
4. General Options
5. Themes
6. Address Books
7. Message of the Day (MOTD)
8. Plugins
9. Database
10. Languages

D. Set pre-defined settings for specific IMAP servers

C Turn color on
S Save data
Q Quit

Command >> <– D

SquirrelMail Configuration : Read: config.php
———————————————————
While we have been building SquirrelMail, we have discovered some
preferences that work better with some servers that don’t work so
well with others. If you select your IMAP server, this option will
set some pre-defined settings for that server.

Please note that you will still need to go through and make sure
everything is correct. This does not change everything. There are
only a few settings that this will change.

Please select your IMAP server:
bincimap = Binc IMAP server
courier = Courier IMAP server
cyrus = Cyrus IMAP server
dovecot = Dovecot Secure IMAP server
exchange = Microsoft Exchange IMAP server
hmailserver = hMailServer
macosx = Mac OS X Mailserver
mercury32 = Mercury/32
uw = University of Washington’s IMAP server
gmail = IMAP access to Google mail (Gmail) accounts

quit = Do not change anything
Command >> <– courier

SquirrelMail Configuration : Read: config.php
———————————————————
While we have been building SquirrelMail, we have discovered some
preferences that work better with some servers that don’t work so
well with others. If you select your IMAP server, this option will
set some pre-defined settings for that server.

Please note that you will still need to go through and make sure
everything is correct. This does not change everything. There are
only a few settings that this will change.

Please select your IMAP server:
bincimap = Binc IMAP server
courier = Courier IMAP server
cyrus = Cyrus IMAP server
dovecot = Dovecot Secure IMAP server
exchange = Microsoft Exchange IMAP server
hmailserver = hMailServer
macosx = Mac OS X Mailserver
mercury32 = Mercury/32
uw = University of Washington’s IMAP server

quit = Do not change anything
Command >> courier

imap_server_type = courier
default_folder_prefix = INBOX.
trash_folder = Trash
sent_folder = Sent
draft_folder = Drafts
show_prefix_option = false
default_sub_of_inbox = false
show_contain_subfolders_option = false
optional_delimiter = .
delete_folder = true

Press any key to continue… <– ENTER

SquirrelMail Configuration : Read: config.php (1.4.0)
———————————————————
Main Menu —
1. Organization Preferences
2. Server Settings
3. Folder Defaults
4. General Options
5. Themes
6. Address Books
7. Message of the Day (MOTD)
8. Plugins
9. Database
10. Languages

D. Set pre-defined settings for specific IMAP servers

C Turn color on
S Save data
Q Quit

Command >> <– S

SquirrelMail Configuration : Read: config.php (1.4.0)
———————————————————
Main Menu —
1. Organization Preferences
2. Server Settings
3. Folder Defaults
4. General Options
5. Themes
6. Address Books
7. Message of the Day (MOTD)
8. Plugins
9. Database
10. Languages

D. Set pre-defined settings for specific IMAP servers

C Turn color on
S Save data
Q Quit

Command >> S

Data saved in config.php
Press enter to continue… <– ENTER

SquirrelMail Configuration : Read: config.php (1.4.0)
———————————————————
Main Menu —
1. Organization Preferences
2. Server Settings
3. Folder Defaults
4. General Options
5. Themes
6. Address Books
7. Message of the Day (MOTD)
8. Plugins
9. Database
10. Languages

D. Set pre-defined settings for specific IMAP servers

C Turn color on
S Save data
Q Quit

Command >> <– Q

Самата инсталация на ISPconfig 3 – сравнително лесна е.

cd /tmp
wget http://downloads.sourceforge.net/ispconfig/ISPConfig-3.0.2.1.tar.gz?use_mirror=
tar xvfz ISPConfig-3.0.2.1.tar.gz
cd ispconfig3_install/install/
 
php -q install.php
 
ispconfig_update.sh

Остана да се логнем и настроим системата.
http://host.itservice-bg.net:8080

4 comments on “Ubuntu 10.04 LTS Internet server – ISPconfig 3

  1. По някаква причина ISPConfig-a не ми приема юзернейма и паролата.

  2. Оправих се юзер admin с парола admin .
    За тези които се сблъскат с това.

    Поздрави.

  3. Май само аз ще си пиша тук.
    Въпрос имали начин да се логвам само с потребителско име без домейн ако има само един мейл домейн.

  4. Ами ако имаш само един домейн тогава няма да ти е нужен ispconfig а той самият затова е написан за работа с много домейни. Както и да е, в ispconfig не може да се логваш само с username но по принцип може ако няма mysql postfix търси потребителя направо от /etc/passwd и директорията /home/user.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.