This is not edited but the commands have been checked for validity and correctness. Obviously, I cant say for definit it will work on your system. It is meant more as a guide line than an instructional step by step process.
Prepare the package manager and update it’s list of available packages and updates:
apt-get update
If like me, you used the cd with the web installer type facility where only a small CD image is used and the installation pulls the remaining files from the
Debian servers, you probably don’t need this step. But, if your using a full CD image that’s over 600 megs or a DVD then this is definitly a crucial step.
apt-get upgrade
This isn’t a complete list of applications you will need. In fact, some, in the case of nano for example won’t be required by you at all. Nano is strangely
my editor of choice when working in the CLI in Linux.
apt-get install mysql-server mysql-client libmysqlclient15-dev phpmyadmin lynx nano icecast2 squirrelmail ssh binutils cpp fetchmail flex gcc libarchive-
zip-perl libc6-dev libcompress-zlib-perl libpcre3 libpopt-dev m4 make ncftp nmap openssl postfix libsasl2-2 sasl2-bin libsasl2-modules libdb4.2-dev procmail
db4.6-util libsasl2-modules postfix sasl2-bin courier-authdaemon courier-base courier-imap courier-imap-ssl courier-pop courier-pop-ssl courier-ssl gamin
libgamin0 libglib2.0-0 php5-mcrypt php5-memcache php5-mhash php5-ming php5-mysql php5-ps php5-pspell php5-recode php5-snmp php5-sqlite php5-tidy php5-xmlrpc
php5-xsl libapache2-mod-php5 php5 php5-common php5-curl php5-dev php5-gd php5-idn php-pear php5-imagick php5-imap proftpd ucf webalizer ntp ntpdate
libhtml-parser-perl libdb-file-lock-perl libnet-dns-perl fail2ban build-essential libtool flex
If you are planning on accessing your server remotely through SSH. you will need to start the service:
/etc/init.d/ssh start
Now, if your like me, and you are using this machine as a server, you will want to set a static IP. Interestingly, the information provided to
/etc/resolv.conf remains even when not using DHCP but obviously, if you didn’t have DHCP to begin with, this is something you would need to edit also. Note
too that you supplied the hostname and the domain search suffix during installation so you don’t really need to edit /etc/hosts
nano /etc/network/interfaces
remove the last line for the eth0 interface. This usually refers to dynamic addressing. Paste the following lines replacing the addresses with the scheme you
use.
auto eth0
iface eth0 inet static
address 192.168.1.101
gateway 192.168.1.100
netmask 255.255.255.0
network 192.168.21.0
broadcast 192.168.1.255
Above, we installed postfix. Now lets configure it. Follow the wizzard that appears:
dpkg-reconfigure postfix
postconf -e ‘smtpd_sasl_local_domain =’
postconf -e ‘smtpd_sasl_auth_enable = yes’
postconf -e ‘smtpd_sasl_security_options = noanonymous’
postconf -e ‘broken_sasl_auth_clients = yes’
postconf -e ‘smtpd_recipient_restrictions = permit_sasl_authenticated,permit_mynetworks,reject_unauth_destination’
postconf -e ‘inet_interfaces = all’
Now, create the certificates for TLS.
mkdir /etc/postfix/ssl
cd /etc/postfix/ssl/
openssl genrsa -des3 -rand /etc/hosts -out smtpd.key 1024
chmod 600 smtpd.key
openssl req -new -key smtpd.key -out smtpd.csr
openssl x509 -req -days 3650 -in smtpd.csr -signkey smtpd.key -out smtpd.crt
openssl rsa -in smtpd.key -out smtpd.key.unencrypted
mv -f smtpd.key.unencrypted smtpd.key
openssl req -new -x509 -extensions v3_ca -keyout cakey.pem -out cacert.pem -days 3650
postconf -e ‘smtp_use_tls = yes’
postconf -e ‘smtpd_use_tls = yes’
postconf -e ‘smtp_tls_note_starttls_offer = yes’
postconf -e ‘smtpd_tls_key_file = /etc/postfix/ssl/smtpd.key’
postconf -e ‘smtpd_tls_cert_file = /etc/postfix/ssl/smtpd.crt’
postconf -e ‘smtpd_tls_CAfile = /etc/postfix/ssl/cacert.pem’
postconf -e ‘smtpd_tls_loglevel = 1’
postconf -e ‘smtpd_tls_received_header = yes’
postconf -e ‘smtpd_tls_session_cache_timeout = 3600s’
postconf -e ‘tls_random_source = dev:/dev/urandom’
postconf -e ‘myhostname = server1.example.com’
,/blockquote>
Restart postfix/etc/init.d/postfix restart
mkdir -p /var/spool/postfix/var/run/saslauthd
Activate or enable SASL Auth by doing the following:
nano /etc/default/saslauthd
In this file, change start to yes and replace the line beginning with options with the following. For me, the options line was at the end of the file.
OPTIONS=”-c -m /var/spool/postfix/var/run/saslauthd -r”
Now start the service.
/etc/init.d/saslauthd start
Now edit /etc/apache2/mods-available/dir.conf
nano /etc/apache2/mods-available/dir.conf
Replace the directory index line with the following:
DirectoryIndex index.html index.htm index.shtml index.cgi index.php index.php3 index.pl index.xhtml
Edit /etc/apache2/ports.conf and add Listen 443:
nano /etc/apache2/ports.conf
add Listen 443 right below the line for Listen 80.
Now, enabled the required Apache2 modules:a2enmod ssl
a2enmod rewrite
a2enmod suexec
a2enmod includeReload the Apache2 configuration:
nano /etc/mime.types/etc/init.d/apache2 force-reload
Comment out the following lines by placing the # sign at the start.
#application/x-httpd-php phtml pht php
#application/x-httpd-php-source phps
#application/x-httpd-php3 php3
#application/x-httpd-php3-preprocessed php3p
#application/x-httpd-php4 php4
there’s more editing to do.
/etc/apache2/mods-enabled/php5.conf
nano /etc/apache2/mods-enabled/php5.conf
Comment out the two lines as shown below:
# AddType application/x-httpd-php .php .phtml .php3
# AddType application/x-httpd-php-source .phps
Now restart Apache.
/etc/init.d/apache2 restart
Turn off IPV6 in proftp or you’ll get errors:
nano /etc/proftpd/proftpd.conf
UseIPv6 off
ISP expects the config to be somewhere else for proftp so run the following command to create a link to it:
ln -s /etc/proftpd/proftpd.conf /etc/proftpd.conf
Now start the FTP server:
/etc/init.d/proftpd restart
Run the following commands if you will have the need to run services in a chroot environment.
cd /tmp
wget http://olivier.sessink.nl/jailkit/jailkit-2.5.tar.gz
tar xvfz jailkit-2.5.tar.gz
cd jailkit-2.5
./configure
make
make install
cd ..
rm -rf jailkit-2.5*
Not sure if I’ve covered these already. These packages handle antivirus and antispam.
apt-get install amavisd-new spamassassin clamav clamav-daemon zoo unzip bzip2 arj nomarch lzop cabextract apt-listchanges libnet-ldap-perl libauthen-sasl-
perl clamav-docs daemon libio-string-perl libio-socket-ssl-perl libnet-ident-perl zip libnet-dns-perl
Now for the final part of the installation, download and install ISPConfig:
cd /tmp
wget http://sourceforge.net/projects/ispconfig/files/ISPConfig%203/ISPConfig-3.0.2.1/ISPConfig-3.0.2.1.tar.gz/download
cd ispconfig3_install/install/
php -q install.php
Answer the questions provided.
Note, if you have problems with port 443 and 8080, remove the listen line that I wrote about earlier in the ports file for apache2.
0 Comments