The Perfect Server Cent OS.doc

7/18/2019 The Perfect Server Cent OS.doc

http://slidepdf.com/reader/full/the-perfect-server-cent-osdoc 1/49

The Perfect Server - CentOS 6.4 x86_64 (nginx,Dovecot, ISPCong 3)

Version 1.0

Author: Falko TimmeFollow me on Twitter

Last edited 03/22/2013

This tutorial shows how to prepare a CentO !." #$!%!" ser&er 'or the installation o' ()Con*+ 3, and

how to install ()Con*+ 3. ()Con*+ 3 is a we-hostin+ ontrol panel that allows ou to on*+ure the

'ollowin+ ser&ies throu+h a we- -rowser: n+in# we- ser&er, )ost*# mail ser&er, L, (4

nameser&er, )ureFT)d, pamAssassin, ClamAV, ailman, and man more. ine &ersion 3.0.",

()Con*+ omes with 'ull support 'or the n+in# we- ser&er in addition to Apahe5 this tutorial o&ers

the setup o' a ser&er that uses n+in#, not Apahe.

Please note that this setup does not work for ISPConfig 2! (t is &alid 'or ()Con*+ 3 onl6

( do not issue an +uarantee that this will work 'or ou6

ISPCong 3 !n"!#

(n order to learn how to use ()Con*+ 3, ( stron+l reommend to download the ()Con*+ 3 anual.

On more than 300 pa+es, it o&ers the onept -ehind ()Con*+ 7admin, resellers, lients8, e#plains

how to install and update ()Con*+ 3, inludes a re'erene 'or all 'orms and 'orm *elds in ()Con*+

to+ether with e#amples o' &alid inputs, and pro&ides tutorials 'or the most ommon tasks in ()Con*+

3. (t also lines out how to make our ser&er more seure and omes with a trou-leshootin+ setion at

the end.

ISPCong onitor $%% &or $n'roi'

9ith the ()Con*+ onitor App, ou an hek our ser&er status and *nd out i' all ser&ies are

runnin+ as e#peted. ou an hek TC) and ;4) ports and pin+ our ser&ers. (n addition to that ou

an use this app to re<uest details 'rom ser&ers that ha&e ()Con*+ installed 7%#e!e note th!t the

ini" int!##e' ISPCong 3 verion *ith "%%ort for the ISPCong onitor $%% i

3.+.3.385 these details inlude e&erthin+ ou know 'rom the onitor module in the ()Con*+ Control

)anel 7e.+. ser&ies, mail and sstem lo+s, mail <ueue, C); and memor in'o, disk usa+e, <uota, O

details, =>?unter lo+, et.8, and o' ourse, as ()Con*+ is multiser&er@apa-le, ou an hek all

ser&ers that are ontrolled 'rom our ()Con*+ master ser&er.

For download and usa+e instrutions, please &isit http://www.ispon*+.or+/ispon*+@3/ispon*+@

monitor@app@'or@android/.

e/"ireent

To install suh a sstem ou will need the 'ollowin+:

http://twitter.com/howtoforgecom

https://www.howtoforge.com/download-the-ispconfig-3-manual


http://www.ispconfig.org/ispconfig-3/ispconfig-monitor-app-for-android/











• 4ownload the two CentO !." 4V4s 'rom a mirror ne#t to ou 7the list o' mirrors an -e 'ound

here: http://isorediret.entos.or+/entos/!/isos/#$!%!"/ 8.

• a 'ast (nternet onnetion.

0 Pre#iin!r1 2ote

(n this tutorial ( use the hostname server1.example.com with the () address 192.168.0.100 and the

+atewa 192.168.0.1. These settin+s mi+ht dier 'or ou, so ou ha&e to replae them where

appropriate.

3 Int!## The !e S1te

oot 'rom our *rst CentO !." 4V4 74V4 18. elet Install or upgrade an existing system:

(t an take a lon+ time to test the installation media so we skip this test here:

http://isoredirect.centos.org/centos/6/isos/x86_64/

http://isoredirect.centos.org/centos/6/isos/x86_64/



The welome sreen o' the CentO installer appears. Clik on Next:

Choose our lan+ua+e ne#t:



elet our ke-oard laout:



( assume that ou use a loall attahed hard dri&e, so ou should selet Basic Storage

Devices here:

ou mi+ht see the 'ollowin+ warnin+ @ rror processing drive. (' ou see this lik on the !e"

initiali#e all -utton to proeed:



Fill in the hostname o' the ser&er 7e.+. server1.example.com8, then lik on the $on%igure

Net&or' -utton:



Bo to the (ired ta-, selet the network inter'ae 7pro-a-l et)08 and lik on dit...:



ark the $onnect automatically hek-o# and +o to the I*v+ Settings ta- and selet ,anual in

the ,et)od drop@down menu. Fill in one, two, or three nameser&ers 7separated - omma8 in the DNS

servers *eld 7e.+. 8.8.8.8-8.8.+.+8, then lik on the dd -utton ne#t to the ddresses area:

ow +i&e our network ard a stati () address and netmask 7in this tutorial (m usin+ the ()

address 192.168.0.100 and netmask 2//.2//.2//.0 'or demonstration purposes5 i' ou are not surea-out the ri+ht &alues, http://www.su-netmask.in'o mi+ht help ou8. Also *ll in our +atewa

7e.+. 192.168.0.18 and lik on the pply...-utton:

http://www.subnetmask.info/





The network on*+uration is now *nished. Clik on the Next -utton:



Next >>

&iew as pd' D print

Sh!re thi %!ge

The Perfect Server - CentOS 6.4 x86_64(nginx, Dovecot, ISPCong 3) - P!ge 0

Choose our time Eone:

Bi&e root a password:

https://www.howtoforge.com/perfect-server-centos-6.4-x86_64-nginx-dovecot-ispconfig-3-p2

https://www.howtoforge.com/subscription/







e#t we do the partitionin+. elet !eplace xisting inux Systems. This will +i&e ou a

small 34oot partition and a lar+e 3 partition whih is *ne 'or our purposes:



elet (rite c)anges to dis':



The hard dri&e is -ein+ 'ormatted:

ow we selet the so'tware we want to install. elet Basic Server , then hek $ent5S in the

additional repositories *eld, hoose $ustomi#e later and lik on Next:



The installation -e+ins. This will take a 'ew minutes:



Finall, the installation is omplete, and ou an remo&e our 4V4 'rom the omputer and re-oot it:

A'ter the re-oot, lo+ in as root.

( want to install ()Con*+ at the end o' this tutorial whih omes with its own *rewall. Thats wh (

disa-le the de'ault CentO *rewall now. O' ourse, ou are 'ree to lea&e it on and on*+ure it to our

needs 7-ut then ou shouldnt use an other *rewall later on as it will most pro-a-l inter'ere with theCentO *rewall8.

=un...

system"con%ig"%ire&all"tui

... and disa-le the *rewall. ?it 5 a'terwards:



Con*rm our hoie - seletin+ 7es:

(' ou did not on*+ure our network ard durin+ the installation, ou an do that now. =un...

system"con%ig"net&or'

... and +o to Device con%iguration:



elet our network inter'ae:

Then *ll in our network details @ disa-le 4?C) and *ll in a stati () address, a netmask, our +atewa,

and one or two nameser&ers, then hit 5':



e#t selet Save:

ou an also spei' additional nameser&ers. elet DNS con%iguration:



ow ou an *ll in additional nameser&ers and hit 5':

?it Saveuit a'terwards:



ou should run

i%con%ig

now to hek i' the installer +ot our () address ri+ht:

:root;server1 <=> i%con%ig

et)0 in' encap?t)ernet @(addr 00?0$?29?00?8/?$

inet addr?192.168.0.100 Bcast?192.168.0.2// ,as'?2//.2//.2//.0

inet6 addr? %e80??20c?29%%?%e00?8/ac36+ Scope?in'

A* B!5D$S !ANNINC ,AI$S ,A?1/00 ,etric?1

! pac'ets?2E8 errors?0 dropped?0 overruns?0 %rame?0

pac'ets?86 errors?0 dropped?0 overruns?0 carrier?0

collisions?0 txFueuelen?1000

! 4ytes?28/0G 2E.8 iB 4ytes?16G60 1/.9 iB

lo in' encap?ocal oop4ac'

inet addr?12E.0.0.1 ,as'?2//.0.0.0

inet6 addr? ??13128 Scope?@ost

A* 55*B$ !ANNINC ,A?16+G6 ,etric?1

! pac'ets?0 errors?0 dropped?0 overruns?0 %rame?0

pac'ets?0 errors?0 dropped?0 overruns?0 carrier?0

collisions?0 txFueuelen?0

! 4ytes?0 0.0 4 4ytes?0 0.0 4

:root;server1 <=>

Chek our 3etc3resolv.con% i' it lists all nameser&ers that ou&e pre&iousl on*+ured:



cat 3etc3resolv.con%

(' nameser&ers are missin+, run

system"con%ig"net&or'

and add the missin+ nameser&ers a+ain.

ow, on to the on*+uration...

55 Prev

2ext

&iew as pd' D print

Sh!re thi %!ge

The Perfect Server - CentOS 6.4 x86_64 (nginx, Dovecot, ISPCong 3) -

P!ge 3

4 Adjust /etc/hosts

Next we edit 3etc3)osts. Make it look like this:

vi 3etc3)osts

12.0.0.1 loalhost loalhost.loaldomain loalhost" loalhost".loaldomain"

1G2.1!$.0.100 ser&er1.e#ample.om ser&er1

::1 loalhost loalhost.loaldomain loalhost! loalhost!.loaldomain!

5 Configure The Firewall

(You can skip this chapter if you have already disabled the firewall at the end of the basic system installation

I want to install ISPConfig at the end of this tutorial which comes with its own firewall. That's

why I disale the default Cent!S firewall now. !f course" you are free to lea#e it on and

configure it to your needs $ut then you shouldn't use any other firewall later on as it will most

%roaly interfere with the Cent!S firewall&.un

system"con%ig"%ire&all

and disale the firewall.

To check that the firewall has really een disaled" you can run

https://www.howtoforge.com/perfect-server-centos-6.4-x86_64-nginx-dovecot-ispconfig-3










ipta4les "

afterwards. The out%ut should look like this::root;server1 <=> ipta4les "$)ain IN*A policy $$*target prot opt source destination

$)ain H5!(!D policy $$*target prot opt source destination

$)ain 5A*A policy $$*target prot opt source destination:root;server1 <=>

6 Disable !"inux

S()inux is a security extension of Cent!S that should %ro#ide extended security. In my o%inion

you don't need it to configure a secure system" and it usually causes more %rolems than

ad#antages $think of it after you ha#e done a week of troule*shooting ecause some ser#icewasn't working as ex%ected" and then you find out that e#erything was ok" only S()inux was

causing the %rolem&. Therefore I disale it $this is a must if you want to install ISPConfig later

on&.

(dit 3etc3selinux3con%ig and set SINAdisa4led :

vi 3etc3selinux3con%ig

H This *le ontrols the state o' ILinu# on the sstem.

H IL(;JK an take one o' these three &alues:

H en'orin+ @ ILinu# seurit poli is en'ored.

H permissi&e @ ILinu# prints warnin+s instead o' en'orin+.

H disa-led @ o ILinu# poli is loaded.

IL(;JKdisa-led

H IL(;JT)IK an take one o' these two &alues:

H tar+eted @ Tar+eted proesses are proteted,

H mls @ ulti Le&el eurit protetion.

IL(;JT)IKtar+eted

+fterwards we must reoot the system:

re4oot

# !nable Additional $e%ositories And &nstall o'e oftware

,irst we im%ort the -P- keys for software %ackages:

rpm ""import 3etc3p'i3rpm"gpg3!*,"C*C"7J

Then we enale the PMforge and (P() re%ositories on our Cent!S system as lots of the

%ackages that we are going to install in the course of this tutorial are not a#ailale in the official

Cent!S ./ re%ositories:

rpm ""import )ttp?33dag.&ieers.com3rpm3pac'ages3!*,"C*C"7.dag.txt



cd 3tmp

&get )ttp?33p'gs.repo%orge.org3rpm%orge"release3rpm%orge"release"0./.2"2.el6.r%.x86K6+.rpm

rpm "iv) rpm%orge"release"0./.2"2.el6.r%.x86K6+.rpm

$If the ao#e link doesn't work anymore" you can find the current #ersion of rpm%orge"

release here: htt%:00%ackages.sw.e0r%mforge*release0&

rpm ""import )ttps?33%edoraproLect.org3static30608B89/.txt

&get )ttp?33dl.%edoraproLect.org3pu43epel363x86K6+3epel"release"6"8.noarc).rpm

rpm "iv) epel"release"6"8.noarc).rpm

1e also need to enale the emi PM re%ository which contains the %h%*f%m %ackage which we

will install later on:

rpm ""import )ttp?33rpms.%amillecollet.com3!*,"C*C"7"remi

rpm "iv) )ttp?33rpms.%amillecollet.com3enterprise3remi"release"6.rpm

yum install yum"priorities

(dit 3etc3yum.repos.d3epel.repo...

vi 3etc3yum.repos.d3epel.repo

... and add the line priority10 to the :epel= section:

epelM

nameKI#tra )aka+es 'or Interprise Linu# ! @ N-asearh

H-aseurlKhttp://download.'edoraproet.or+/pu-/epel/!/N-asearh

mirrorlistKhttps://mirrors.'edoraproet.or+/metalinkPrepoKepel@!QarhKN-asearh

'ailo&ermethodKpriorit

ena-ledK1

prioritK10

+p+hekK1

+p+keK*le:///et/pki/rpm@+p+/=)@B)B@>I@I)IL@!

...M

Then do the same for the :remi= section in 3etc3yum.repos.d3remi.repo" %lus change ena4led to 1:

vi 3etc3yum.repos.d3remi.repo

remiM

nameKLes =) de remi pour Interprise Linu# Nrelease&er @ N-asearh

H-aseurlKhttp://rpms.'amilleollet.om/enterprise/Nrelease&er/remi/N-asearh/

mirrorlistKhttp://rpms.'amilleollet.om/enterprise/Nrelease&er/remi/mirror

ena-ledK1

prioritK10

+p+hekK1

http://packages.sw.be/rpmforge-release/

http://rpms.famillecollet.com/


http://packages.sw.be/rpmforge-release/




+p+keK*le:///et/pki/rpm@+p+/=)@B)B@>I@remi

'ailo&ermethodKpriorit

remi@testM

nameKLes =) de remi en test pour Interprise Linu# Nrelease&er @ N-asearh

H-aseurlKhttp://rpms.'amilleollet.om/enterprise/Nrelease&er/test/N-asearh/

mirrorlistKhttp://rpms.'amilleollet.om/enterprise/Nrelease&er/test/mirror

ena-ledK0

+p+hekK1

+p+keK*le:///et/pki/rpm@+p+/=)@B)B@>I@remi

Then we u%date our existing %ackages on the system:

yum update

Now we install some software %ackages that are needed later on:

yum groupinstall MDevelopment oolsM

( )uota

(If you have chosen a different partitioning scheme than I did" you must ad#ust this chapter so that $uota applies to the partitions where you need it

To install 2uota" we run this command:

yum install Fuota

(dit 3etc3%sta4 and add -usrLFuotaaFuota.user-grpLFuotaaFuota.group-LF%mtv%sv0 to the 3 %artition $3dev3mapper3vgKserver1"lvKroot&:

vi 3etc3%sta4

H

H /et/'sta-

H Created - anaonda on 9ed Rul 11 1:S2:S 2012

H

H Aessi-le *lesstems, - re'erene, are maintained under /de&/disk

H ee man pa+es 'sta-7S8, *nd's7$8, mount7$8 and/or -lkid7$8 'or more in'o

H

/de&/mapper/&+%ser&er1@l&%root / e#t" de'aults,usr<uotaKa<uota.user,+rp<uotaKa<uota.+roup,<'mtK&'s&0 1 1

;;(4K$0!G10a1@d-d'@""!@-dG"@-e3e$1"G3 /-oot e#t" de'aults 1 2

/de&/mapper/&+%ser&er1@l&%swap swap swap de'aults 0 0

tmp's /de&/shm tmp's de'aults 0 0

de&pts /de&/pts de&pts +idKS,modeK!20 0 0

ss's /ss ss's de'aults 0 0

pro /pro pro de'aults 0 0

Then run

mount "o remount 3



Fuotac)ec' "avugm

Fuotaon "avug

to enale 2uota.

* +nchroni,e The +ste' Cloc-

It is a good idea to synchroni3e the system clock with an NTP $network time %rotocol& ser#er

o#er the Internet. Sim%ly run

yum install ntp

and your system time will always e in sync. . &nstall 0+)"

Install MyS4) as follows:

yum install mysFl mysFl"server

Then create the system startu% links for MyS4) and start it:

c)'con%ig ""levels 2G/ mysFld on

3etc3init.d3mysFld start

Set %asswords for the MyS4) root account:

mysFlKsecureKinstallation

:root;server1 tmp=> mysFlKsecureKinstallation

N5? !ANNINC *!S 5H @IS S$!I* IS !$5,,NDD H5! ,yS S!!S IN *!5DA$I5N ASO *S !D $@ S* $!HA7O

In order to log into ,yS to secure it- &eMll need t)e current pass&ord %or t)e root user. I% youMve Lust installed ,yS- and you )avenMt set t)e root pass&ord yet- t)e pass&ord &ill 4e 4lan'-so you s)ould Lust press enter )ere.

nter current pass&ord %or root enter %or none?5- success%ully used pass&ord- moving on...

Setting t)e root pass&ord ensures t)at no4ody can log into t)e ,ySroot user &it)out t)e proper aut)orisation.

Set root pass&ordP :73n= %&& ')' *

Ne& pass&ord? %&& yourroots$lpassword

!e"enter ne& pass&ord? %&& yourroots$lpassword

*ass&ord updated success%ullyO!eloading privilege ta4les.. ... SuccessO

By de%ault- a ,yS installation )as an anonymous user- allo&ing anyoneto log into ,yS &it)out )aving to )ave a user account created %or t)em. )is is intended only %or testing- and to ma'e t)e installationgo a 4it smoot)er. 7ou s)ould remove t)em 4e%ore moving into a

production environment.

!emove anonymous usersP :73n= %&& ')'*

... SuccessO



Normally- root s)ould only 4e allo&ed to connect %rom Mlocal)ostM. )isensures t)at someone cannot guess at t)e root pass&ord %rom t)e net&or'.

Disallo& root login remotelyP :73n= %&& ')'*

... SuccessO

By de%ault- ,yS comes &it) a data4ase named MtestM t)at anyone canaccess. )is is also intended only %or testing- and s)ould 4e removed 4e%ore moving into a production environment.

!emove test data4ase and access to itP :73n= %&& ')'*

" Dropping test data4ase... ... SuccessO " !emoving privileges on test data4ase... ... SuccessO

!eloading t)e privilege ta4les &ill ensure t)at all c)anges made so %ar &ill ta'e e%%ect immediately.

!eload privilege ta4les no&P :73n= %&& ')' *

... SuccessO

$leaning up...

ll doneO I% youMve completed all o% t)e a4ove steps- your ,ySinstallation s)ould no& 4e secure.

)an's %or using ,ySO

:root;server1 tmp=>

55 Prev

2ext

#iew as %df 5 %rintSh!re thi %!ge


P!ge 4

.. &nstall Do1ecot

6o#ecot can e installed as follows:

yum install dovecot dovecot"mysFl

m'dir 3etc3dovecot

touc) 3etc3dovecot3dovecot"sFl.con%

ln "s 3etc3dovecot3dovecot"sFl.con% 3etc3dovecot"sFl.con%

Now create the system startu% links and start 6o#ecot:

c)'con%ig ""levels 2G/ dovecot on

3etc3init.d3dovecot start

.2 &nstall 3ostfix

Postfix can e installed as follows:

yum install post%ix

Then turn off Sendmail and start Postfix:











c)'con%ig ""levels 2G/ sendmail o%%

c)'con%ig ""levels 2G/ post%ix on

3etc3init.d3sendmail stop

3etc3init.d3post%ix restart

. &nstall et'ail

-etmail can e installed as follows:

yum install getmail

.4 &nstall A'a1isdnew7 %a'Assassin7 And Cla'A8

To install ama#isd*new" s%amassassin and clama#" run the following command:

yum install amavisd"ne& spamassassin clamav clamd un#ip 4#ip2 unrar perl"DBD"mysFl

Then we start freshclam" ama#isd" and clamd.ama#isd:

sa"update

c)'con%ig ""levels 2G/ amavisd on

c)'con%ig ""del clamd

c)'con%ig ""levels 2G/ clamd.amavisd on

3usr34in3%res)clam

3etc3init.d3amavisd start

3etc3init.d3clamd.amavisd start

.5 &nstall Nginx7 3935 :393F30;7 And Fcgiwra%

Nginx is a#ailale as a %ackage for Cent!S ./ $from (P()& which we can install as follows:

yum install nginx

+dd the following section to the )ttp QR section in 3etc3nginx3nginx.con% $efore any include lines& which

determines if the #isitor uses htt% or htt%s and sets the)ttps #ariale accordingly * this is needed

ecause the nginx #ersion coming with Cent!S is 7.8.79" and the )ttps #ariale was introduced innginx in #ersion 7.7.77" and ISPConfig makes use of this #ariale:

vi 3etc3nginx3nginx.con%

...M

http

...M

HH 4etet when ?TT) is used



map Nsheme Nhttps

de'ault o5

https on5

U

...M

U

...M

If +%ache is already installed on the system" sto% it now...

3etc3init.d3)ttpd stop

... and remo#e +%ache's system startu% links:

c)'con%ig ""del )ttpd

Then we create the system startu% links for nginx and start it:

c)'con%ig ""levels 2G/ nginx on

3etc3init.d3nginx start

$If oth +%ache and nginx are installed" the ISPConfig ; installer will ask you which one you

want to use * answer nginx in this case. If only one of these oth is installed" ISPConfig will do the

necessary configuration automatically.&1e can make P<P9 work in nginx through P<P*,PM $P<P*,PM $,astC-I Process Manager& is

an alternati#e P<P ,astC-I im%lementation with some additional features useful for sites of any

si3e" es%ecially usier sites&. 1e can install p)p"%pm together with p)p"cli and some P<P9 modules

like p)p"mysFl

which you need if you want to use MyS4) from your P<P scri%ts as follows:

yum install p)p"%pm p)p"cli p)p"mysFl p)p"gd p)p"imap p)p"ldap p)p"od4c p)p"pear p)p"xml p)p"xmlrpc p)p"pecl"apc p)p"magic'&and p)p"magpierss p)p"m4string

p)p"mcrypt p)p"mssFl p)p"s)out p)p"snmp p)p"soap p)p"tidy

Next we o%en 3etc3p)p.ini...

vi 3etc3p)p.ini

... and change the error re%orting $so that notices aren't shown any longer&:

...M

5error%reportin+ K I%ALL Q I%4I)=ICATI4 Q I%T=(CT

error%reportin+ K I%ALL Q I%OT(CI

...M

+lso set cgi.%ixKpat)in%o0:

vi 3etc3p)p.ini

http://php-fpm.org/

http://php-fpm.org/



...M

5 +i.*#%pathin'o pro&ides WrealW )AT?%(FO/)AT?%T=ALATI4 support 'or CB(. )?)s

5 pre&ious -eha&iour was to set )AT?%T=ALATI4 to C=()T%F(LIAI, and to not +rok

5 what )AT?%(FO is. For more in'ormation on )AT?%(FO, see the +i spes. ettin+

5 this to 1 will ause )?) CB( to *# its paths to on'orm to the spe. A settin+

5 o' Eero auses )?) to -eha&e as -e'ore. 4e'ault is 1. ou should *# our sripts

5 to use C=()T%F(LIAI rather than )AT?%T=ALATI4.

5 http://www.php.net/manual/en/ini.ore.phpHini.+i.*#@pathin'o

+i.*#%pathin'oK0

...M

$Please read htt%:00wiki.nginx.org0Pitfalls to find out why you should do this.&

In addition to that" in order to a#oid errors like:08"ug"2011 18?0E?08= *@* (arning? p)pin%o? It is not sa%e to rely on t)e systemMs time#one settings. 7ou are JreFuiredJ to use t)e date.time#onesetting or t)e dateKde%aultKtime#oneKset %unction. In case you used any o% t)ose met)ods and you are still getting t)is &arning- you most li'elymisspelled t)e time#one identi%ier. (e selected Murope3BerlinM %or M$S32.03DSM instead in 3usr3s)are3nginx3)tml3in%o.p)p on line 2

... in 3var3log3p)p"%pm3&&&"error.log when you call a P<P scri%t in your rowser" you should

set date.time#one in 3etc3p)p.ini:

...M

4ateM

5 4e*nes the de'ault timeEone used - the date 'untions

5 http://www.php.net/manual/en/datetime.on*+uration.phpHini.date.timeEone

date.timeEone K XIurope/erlinX

...M

=ou can find out the correct time3one for your system y running:

cat 3etc3syscon%ig3cloc'

:root;server1 tmp=> cat 3etc3syscon%ig3cloc'T5NUurope3BerlinU:root;server1 tmp=>

Next create the system startu% links for p)p"%pm and start it:

c)'con%ig ""levels 2G/ p)p"%pm on

3etc3init.d3p)p"%pm start

P<P*,PM is a daemon %rocess $with the init scri%t 3etc3init.d3p)p"%pm& that runs a ,astC-I ser#er on

%ort9000.

To get C-I su%%ort in nginx" we install ,cgiwra%.

,cgiwra% is a C-I wra%%er that should work also for com%lex C-I scri%ts and can e used forshared hosting en#ironments ecause it allows each #host to use its own cgi"4in directory.

+s there's no %cgi&rap %ackage for Cent!S ./" we must uild it oursel#es. ,irst we install some

%rere2uisites:

yum install %cgi"devel

Now we can uild %cgi&rap as follows:

http://wiki.nginx.org/Pitfalls

http://wiki.nginx.org/Fcgiwrap

http://wiki.nginx.org/Pitfalls

http://wiki.nginx.org/Fcgiwrap



cd 3usr3local3src3

git clone git?33git)u4.com3gnose'3%cgi&rap.git

cd %cgi&rap

autorecon% "i

.3con%igure

ma'e

ma'e install

This installs %cgi&rap to 3usr3local3s4in3%cgi&rap. Next we install the spa&n"%cgi %ackage which allows us to run %cgi&rap as a daemon:

yum install spa&n"%cgi

!%en 3etc3syscon%ig3spa&n"%cgi...

vi 3etc3syscon%ig3spa&n"%cgi

... and modify the file as follows:

H ou must set some workin+ options -e'ore the Xspawn@'+iX ser&ie will work.

H (' OC>IT points to a *le, then this *le is leaned up - the init sript.

H

H ee spawn@'+i718 'or all possi-le options.

H

H I#ample :

HOC>ITK/&ar/run/php@'+i.sok

HO)T(OKX@u apahe @+ apahe @s NOC>IT @ @ 0!00 @C 32 @F 1 @) /&ar/run/spawn@'+i.pid @@ /usr/-in/php@+iX

FCB(%OC>ITK/&ar/run/'+iwrap.soket

FCB(%)=OB=AK/usr/loal/s-in/'+iwrap

FCB(%;I=Kapahe

FCB(%B=O;)Kapahe

FCB(%IJT=A%O)T(OKX@ 00X

O)T(OKX@u NFCB(%;I= @+ NFCB(%B=O;) @s NFCB(%OC>IT @ NFCB(%IJT=A%O)T(O @F 1 @) /&ar/run/spawn@'+i.pid @@ NFCB(%)=OB=AX

Now add the user nginx to the grou% apac)e:

usermod "a "C apac)e nginx

Create the system startu% links for spa&n"%cgi...

c)'con%ig ""levels 2G/ spa&n"%cgi on

... and start it as follows:

3etc3init.d3spa&n"%cgi start



=ou should now find the %cgi&rap socket in 3var3run3%cgi&rap.soc'et" owned y the user and grou% apac)e $some

scri%ts" e.g. Mailman" ex%ect to e run y the user0grou% apac)e" that's why we don't run spa&n"%cgi as

user0grou% nginx " ut instead add nginx to the apac)e grou%&. .5<. Additional 393 8ersions

Starting with the ISPConfig ;.8.9" it is %ossile to ha#e multi%le P<P #ersions on one ser#er$selectale through ISPConfig& which can e run through ,astC-I and P<P*,PM. The %rocedure

of uilding additional P<P #ersions on Cent!S is descried in this tutorial: <ow To >seMulti%le P<P ?ersions $P<P*,PM @ ,astC-I& 1ith ISPConfig ; $Cent!S .;&55 Prev

2ext



P!ge 7

.6 &nstall %h%0+Ad'in

Next we install %h%My+dmin:

yum install p)pmyadmin

Next we change the authentication in %h%My+dmin from coo'ie to )ttp:

vi 3usr3s)are3p)pmyadmin3con%ig.inc.p)p

...M

/W Authentiation tpe W/

N'+er&ersMNiMauth%tpeM K http5

...M

=ou can now find %h%My+dmin in the 3usr3s)are3p)pmyadmin3 directory.

+fter you ha#e installed ISPConfig ;" you can access %h%My+dmin as follows:The ISPConfig a%%s #host on %ort A8A7 for nginx comes with a %h%My+dmin configuration" so

you can use )ttp?33server1.example.com?80813p)pmyadmin or )ttp?33server1.example.com?80813p)p,ydmin to access %h%My+dmin.

If you want to use a 3p)pmyadmin or 3p)p,ydmin alias that you can use from your we sites" this is a itmore com%licated than for +%ache ecause nginx does not ha#e gloal aliases $i.e." aliases that

can e defined for all #hosts&. Therefore you ha#e to define these aliases for each #host from

which you want to access %h%My+dmin.

To do this" %aste the following into the nginx Directives field on the 5ptions ta of the we site inISPConfig:

loation /phpmadmin

root /usr/share/5

inde# inde#.php inde#.html inde#.htm5

loation Y/phpmadmin/7.Z[.php8N

tr%*les Nuri K"0"5

http://www.howtoforge.com/how-to-use-multiple-php-versions-php-fpm-and-fastcgi-with-ispconfig-3-centos-6.3














root /usr/share/5

'ast+i%pass 12.0.0.1:G0005

'ast+i%inde# inde#.php5

'ast+i%param C=()T%F(LIAI Nre<uest%*lename5

inlude /et/n+in#/'ast+i%params5

'ast+i%param )AT?%(FO N'ast+i%sript%name5

'ast+i%-uer%siEe 12$k5

'ast+i%-uers 2S! "k5

'ast+i%-us%-uers%siEe 2S!k5

'ast+i%temp%*le%write%siEe 2S!k5

'ast+i%interept%errors on5

U

loation W Y/phpmadmin/7.Z[.7p+Dpe+D+i'DssDpn+DsDioDhtmlD#mlDt#t88N

root /usr/share/5

U

U

loation /phpAdmin

rewrite Y/W /phpmadmin last5

U

If you use htt%s instead of htt% for your #host" you should add the line %astcgiKparam @*S onV to your

%h%My+dmin configuration like this:

loation /phpmadmin

root /usr/share/5



tr%*les Nuri K"0"5

root /usr/share/5

'ast+i%pass 12.0.0.1:G0005

'ast+i%param ?TT) on5 H %&& add this line










U


root /usr/share/5

U

U

loation /phpAdmin


U

If you use oth htt% and htt%s for your #host" you can use the )ttps #ariale * go to the nginx

Directives field again" and instead of %astcgiKparam @*S onV you add the line %astcgiKparam @*S )ttpsV so that youcan use %h%My+dmin for oth htt% and htt%s re2uests:

loation /phpmadmin



root /usr/share/5



tr%*les Nuri K"0"5

root /usr/share/5

'ast+i%pass 12.0.0.1:G0005

'ast+i%param ?TT) Nhttps5 H %&& add this line










U


root /usr/share/5

U

U

loation /phpAdmin


U

.# &nstall 0ail'an

Since #ersion ;.8./" ISPConfig also allows you to manage $create0modify0delete& Mailman

mailing lists. If you want to make use of this feature" install Mailman as follows:

yum install mailman

Before we can start Mailman" a first mailing list called mailman must e created:

3usr3li43mailman34in3ne&list mailman

:root;server1 tmp=> 3usr3li43mailman34in3ne&list mailman

nter t)e email o% t)e person running t)e list? %&& admin email address" eg listadmi n+e,amplecom

Initial mailman pass&ord? %&& admin password for the mailman list

o %inis) creating your mailing list- you must edit your 3etc3aliases or eFuivalent %ile 4y adding t)e %ollo&ing lines- and possi4ly running t)eWne&aliasesM program?

>> mailman mailing listmailman? UX3usr3li43mailman3mail3mailman post mailmanUmailman"admin? UX3usr3li43mailman3mail3mailman admin mailmanU

mailman"4ounces? UX3usr3li43mailman3mail3mailman 4ounces mailmanUmailman"con%irm? UX3usr3li43mailman3mail3mailman con%irm mailmanUmailman"Loin? UX3usr3li43mailman3mail3mailman Loin mailmanUmailman"leave? UX3usr3li43mailman3mail3mailman leave mailmanUmailman"o&ner? UX3usr3li43mailman3mail3mailman o&ner mailmanUmailman"reFuest? UX3usr3li43mailman3mail3mailman reFuest mailmanUmailman"su4scri4e? UX3usr3li43mailman3mail3mailman su4scri4e mailmanUmailman"unsu4scri4e? UX3usr3li43mailman3mail3mailman unsu4scri4e mailmanU

@it enter to noti%y mailman o&ner... %&& ')'*

:root;server1 tmp=>

!%en 3etc3aliases afterwards...



vi 3etc3aliases

... and add the following lines:

...M

mailman: XD/usr/li-/mailman/mail/mailman post mailmanX

mailman@admin: XD/usr/li-/mailman/mail/mailman admin mailmanX

mailman@-ounes: XD/usr/li-/mailman/mail/mailman -ounes mailmanX

mailman@on*rm: XD/usr/li-/mailman/mail/mailman on*rm mailmanX

mailman@oin: XD/usr/li-/mailman/mail/mailman oin mailmanX

mailman@lea&e: XD/usr/li-/mailman/mail/mailman lea&e mailmanX

mailman@owner: XD/usr/li-/mailman/mail/mailman owner mailmanX

mailman@re<uest: XD/usr/li-/mailman/mail/mailman re<uest mailmanX

mailman@su-sri-e: XD/usr/li-/mailman/mail/mailman su-sri-e mailmanX

mailman@unsu-sri-e: XD/usr/li-/mailman/mail/mailman unsu-sri-e mailmanX

un

ne&aliases

afterwards and restart Postfix:

3etc3init.d3post%ix restart

Create the system startu% links for Mailman and start it:

c)'con%ig ""levels 2G/ mailman on

3etc3init.d3mailman start

Now we need to create this symlink to make Mailman work with ISPConfig:

cd 3usr3li43mailman3cgi"4in3

ln "s .3 mailman

If you want to use Mailman from your we sites created through ISPConfig" this is a it more

com%licated than for +%ache ecause nginx does not ha#e gloal aliases $i.e." aliases that can e

defined for all #hosts&. Therefore you ha#e to define these aliases for each #host from which you

want to access Mailman.To do this" %aste the following into the nginx Directives field on the 5ptions ta of the we site in

ISPConfig:

loation /+i@-in/mailman

alias /usr/li-/mailman/+i@-in5

'ast+i%split%path%in'o 7Y/+i@-in/mailman/Y/MW87.W8N5


'ast+i%param C=()T%F(LIAI /usr/li-/mailmanN'ast+i%sript%name5

'ast+i%param )AT?%(FO N'ast+i%path%in'o5

'ast+i%param )AT?%T=ALATI4 /usr/li-/mailmanN'ast+i%path%in'o5




'ast+i%pass uni#:/&ar/run/'+iwrap.soket5

U

loation /ima+es/mailman

alias /usr/li-/mailman/ions5

U

loation /pipermail

alias /&ar/li-/mailman/arhi&es/pu-li5

autoinde# on5

U

This defines the alias 3cgi"4in3mailman3 for your #host" which means you can access the Mailman admin

interface for a list at )ttp?33Yv)ostZ3cgi"4in3mailman3admin3YlistnameZ " and the we %age for users of a mailing listcan e found at )ttp?33Yv)ostZ3cgi"4in3mailman3listin%o3YlistnameZ .

>nder )ttp?33Yv)ostZ3pipermail you can find the mailing list archi#es.

.( &nstall 3ureFT3d

Pure,TPd can e installed with the following command:

yum install pure"%tpd

Then create the system startu% links and start Pure,TPd:

c)'con%ig ""levels 2G/ pure"%tpd on

3etc3init.d3pure"%tpd start

Now we configure Pure,TPd to allow ,TP and T)S sessions. ,TP is a #ery insecure %rotocol ecause all %asswords and all data are transferred in clear text. By using T)S" the whole

communication can e encry%ted" thus making ,TP much more secure.!%enSS) is needed y T)S to install !%enSS)" we sim%ly run:

yum install openssl

!%en 3etc3pure"%tpd3pure"%tpd.con% ...

vi 3etc3pure"%tpd3pure"%tpd.con%

If you want to allow ,TP and T)S sessions" set S to 1:

...M

H This option an aept three &alues :

H 0 : disa-le L/TL enrption laer 7de'ault8.

H 1 : aept -oth traditional and enrpted sessions.

H 2 : re'use onnetions that dont use L/TL seurit mehanisms,

H inludin+ anonmous sessions.

H 4o %not% unomment this -lindl. e sure that :

H 18 our ser&er has -een ompiled with L/TL support 7@@with@tls8,

H 28 A &alid erti*ate is in plae,



H 38 Onl ompati-le lients will lo+ in.

TL 1

...M

In order to use T)S" we must create an SS) certificate. I create it in 3etc3ssl3private3 " therefore I create

that directory first:

m'dir "p 3etc3ssl3private3

+fterwards" we can generate the SS) certificate as follows:

openssl reF "x/09 "nodes "days EG00 "ne&'ey rsa?20+8 "'eyout 3etc3ssl3private3pure"%tpd.pem "out 3etc3ssl3private3pure"%tpd.pem

$ountry Name 2 letter code :=? %&& 'nter your Country ame (eg" -.'-

State or *rovince Name %ull name :=? %&& 'nter your State or Province ame

ocality Name eg- city :De%ault $ity=? %&& 'nter your City

5rgani#ation Name eg- company :De%ault $ompany td=? %&& 'nter your /rgani0ation ame (eg" the name of your company

5rgani#ational Anit Name eg- section :=? %&& 'nter your /rgani0ational 1nit ame (eg -I) .epartment-

$ommon Name eg- your name or your serverMs )ostname :=? %&& 'nter the ully 3ualified .omain ame of the system (eg -server4e,amplecom-

mail ddress :=? %&& 'nter your 'mail 5ddress

Change the %ermissions of the SS) certificate:

c)mod 600 3etc3ssl3private3pure"%tpd.pem

,inally restart Pure,TPd:

3etc3init.d3pure"%tpd restart

That's it. =ou can now try to connect using your ,TP client howe#er" you should configure your

,TP client to use T)S.

.* &nstall =&ND

1e can install BIN6 as follows:

yum install 4ind 4ind"utils

Next o%en 3etc3syscon%ig3named ...

vi 3etc3syscon%ig3named

... and make sure that the !55DI!3var3named3c)root line is comment out:

H (4 named proess options

H

H Currentl, ou an use the 'ollowin+ options:

H

H =OOT4(=KX/&ar/named/hrootX @@ will run named in a hroot en&ironment.

H ou must set up the hroot en&ironment

H 7install the -ind@hroot paka+e8 -e'ore

H doin+ this.



H OTI:

H Those diretories are automatiall mounted to hroot i' the are

H empt in the =OOT4(= diretor. (t will simpli' maintenane o' our

H hroot en&ironment.

H @ /&ar/named

H @ /et/pki/dnsse@kes

H @ /et/named

H @ /usr/li-!"/-ind or /usr/li-/-ind 7arhiteture dependent8

H

H Those *les are mounted as well i' tar+et *le doesnt e#ist in

H hroot.

H @ /et/named.on'

H @ /et/rnd.on'

H @ /et/rnd.ke

H @ /et/named.r'1G12.Eones

H @ /et/named.dnsse.kes

H @ /et/named.isdl&.ke

H

H 4ont 'or+et to add XNAdd;ni#Listenoket /&ar/named/hroot/de&/lo+X

H line to our /et/rsslo+.on' *le. Otherwise our lo++in+ -eomes

H -roken when rsslo+d daemon is restarted 7due update, 'or e#ample8.

H

H O)T(OKXwhate&erX @@ These additional options will -e passed to named

H at startup. 4ont add @t here, use =OOT4(= instead.

H

H >ITA%F(LIKX/dir/*leX @@ pei' named ser&ie keta- *le 7'or B@T(B8

H

H 4(ALI%\OI%C?IC>(B @@ de'ault, initsript alls named@hekEone

H utilit 'or e&er Eone to ensure all Eones are

H &alid -e'ore named starts. (' ou set this option

H to es then initsript doesnt per'orm those

H heks.

Make a acku% of the existing 3etc3named.con% file and create a new one as follows:

cp 3etc3named.con% 3etc3named.con%K4a'

cat 3dev3null Z 3etc3named.con%

vi 3etc3named.con%

//

// named.on'

//

// )ro&ided - =ed ?at -ind paka+e to on*+ure the (C (4 named7$8 4

// ser&er as a ahin+ onl nameser&er 7as a loalhost 4 resol&er onl8.

//

// ee /usr/share/do/-indW/sample/ 'or e#ample named on*+uration *les.

//

options

listen@on port S3 an5 U5

listen@on@&! port S3 an5 U5

diretor X/&ar/namedX5



dump@*le X/&ar/named/data/ahe%dump.d-X5

statistis@*le X/&ar/named/data/named%stats.t#tX5

memstatistis@*le X/&ar/named/data/named%mem%stats.t#tX5

allow@<uer an5 U5

reursion no5

allow@reursion none5 U5

U5

lo++in+

hannel de'ault%de-u+

*le Xdata/named.runX5

se&erit dnami5

U5

U5

Eone X.X (

tpe hint5

*le Xnamed.aX5

U5

inlude X/et/named.on'.loalX5

Create the file 3etc3named.con%.local that is included at the end of 3etc3named.con% $3etc3named.con%.local will later onget %o%ulated y ISPConfig if you create 6NS 3ones in ISPConfig&:

touc) 3etc3named.con%.local

Then we create the startu% links and start BIN6:

c)'con%ig ""levels 2G/ named on

3etc3init.d3named start

2 &nstall ebali,er And Atats

1eali3er and +1Stats can e installed as follows:

yum install &e4ali#er a&stats perl"Dateime"Hormat"@* perl"Dateime"Hormat"Builder

55 Prev

2ext



P!ge 6

2. &nstall ?ail-it











Dailkit is needed only if you want to chroot SS< users. It can e installed as follows $ important6 7ailkit must

be installed before ISPConfig & it cannot be installed afterwards!&:

cd 3tmp

&get )ttp?33olivier.sessin'.nl3Lail'it3Lail'it"2.1/.tar.g#

tar xv%# Lail'it"2.1/.tar.g#

cd Lail'it"2.1/

.3con%igure

ma'e

ma'e install

cd ..

rm "r% Lail'it"2.1/J

22 &nstall fail2ban

This is o%tional ut recommended" ecause the ISPConfig monitor tries to show the log:

yum install %ail24an

1e must configure failan to log to the log file 3var3log3%ail24an.log ecause this is the log file that ismonitored y the ISPConfig Monitor module. !%en3etc3%ail24an3%ail24an.con% ...

vi 3etc3%ail24an3%ail24an.con%

... and comment out the logtarget S7S5C line and add logtarget 3var3log3%ail24an.log :

...M

H Option: lo+tar+et

H otes.: et the lo+ tar+et. This ould -e a *le, LOB, T4I== or T4O;T.

H Onl one lo+ tar+et an -e spei*ed.

H Values: T4O;T T4I== LOB *le 4e'ault: /&ar/lo+/'ail2-an.lo+

H

Hlo+tar+et K LOB

lo+tar+et K /&ar/lo+/'ail2-an.lo+

...M

Then create the system startu% links for failan and start it:

c)'con%ig ""levels 2G/ %ail24an on

3etc3init.d3%ail24an start

2 &nstall r-hunter

rkhunter can e installed as follows:

yum install r')unter



24 &nstall @uirrel0ail

To install the S2uirrelMail wemail client" run...

yum install sFuirrelmail

Then configure S2uirrelMail:

3usr3s)are3sFuirrelmail3con%ig3con%.pl

1e must tell S2uirrelMail that we are using 6o#ecot:SFuirrel,ail $on%iguration ? !ead? con%ig.p)p 1.+.0""""""""""""""""""""""""""""""""""""""""""""""""""""""""",ain ,enu ""1. 5rgani#ation *re%erences2. Server SettingsG. Holder De%aults+. Ceneral 5ptions/. )emes6. ddress Boo'sE. ,essage o% t)e Day ,5D8. *lugins9. Data4ase

10. anguages

D. Set pre"de%ined settings %or speci%ic I,* servers

$ urn color o%% S Save data uit

$ommand ZZ %&& .

SFuirrel,ail $on%iguration ? !ead? con%ig.p)p"""""""""""""""""""""""""""""""""""""""""""""""""""""""""()ile &e )ave 4een 4uilding SFuirrel,ail- &e )ave discovered some

pre%erences t)at &or' 4etter &it) some servers t)at donMt &or' so&ell &it) ot)ers. I% you select your I,* server- t)is option &illset some pre"de%ined settings %or t)at server.

*lease note t)at you &ill still need to go t)roug) and ma'e sureeveryt)ing is correct. )is does not c)ange everyt)ing. )ere areonly a %e& settings t)at t)is &ill c)ange.

*lease select your I,* server?

4incimap Binc I,* server courier $ourier I,* server cyrus $yrus I,* server dovecot Dovecot Secure I,* server exc)ange ,icroso%t xc)ange I,* server )mailserver ),ailServer macosx ,ac 5S ,ailserver mercuryG2 ,ercury3G2 u& Aniversity o% (as)ingtonMs I,* server gmail I,* access to Coogle mail Cmail accounts

Fuit Do not c)ange anyt)ing

$ommand ZZ %&& dovecot

SFuirrel,ail $on%iguration ? !ead? con%ig.p)p"""""""""""""""""""""""""""""""""""""""""""""""""""""""""()ile &e )ave 4een 4uilding SFuirrel,ail- &e )ave discovered some

pre%erences t)at &or' 4etter &it) some servers t)at donMt &or' so&ell &it) ot)ers. I% you select your I,* server- t)is option &illset some pre"de%ined settings %or t)at server.

*lease note t)at you &ill still need to go t)roug) and ma'e sureeveryt)ing is correct. )is does not c)ange everyt)ing. )ere areonly a %e& settings t)at t)is &ill c)ange.

*lease select your I,* server? 4incimap Binc I,* server courier $ourier I,* server cyrus $yrus I,* server dovecot Dovecot Secure I,* server exc)ange ,icroso%t xc)ange I,* server )mailserver ),ailServer macosx ,ac 5S ,ailserver mercuryG2 ,ercury3G2 u& Aniversity o% (as)ingtonMs I,* server gmail I,* access to Coogle mail Cmail accounts

Fuit Do not c)ange anyt)ing $ommand ZZ courier



imapKserverKtype courier de%aultK%olderKpre%ix INB5. tras)K%older ras) sentK%older Sent dra%tK%older Dra%ts s)o&Kpre%ixKoption %alse de%aultKsu4Ko%Kin4ox %alses)o&KcontainKsu4%oldersKoption %alse optionalKdelimiter . deleteK%older true

*ress enter to continue... %&& press ')'*

SFuirrel,ail $on%iguration ? !ead? con%ig.p)p 1.+.0""""""""""""""""""""""""""""""""""""""""""""""""""""""""",ain ,enu ""1. 5rgani#ation *re%erences2. Server SettingsG. Holder De%aults+. Ceneral 5ptions/. )emes6. ddress Boo'sE. ,essage o% t)e Day ,5D8. *lugins9. Data4ase10. anguages



$ommand ZZ %&&S

SFuirrel,ail $on%iguration ? !ead? con%ig.p)p 1.+.0""""""""""""""""""""""""""""""""""""""""""""""""""""""""",ain ,enu ""1. 5rgani#ation *re%erences2. Server SettingsG. Holder De%aults+. Ceneral 5ptions/. )emes6. ddress Boo'sE. ,essage o% t)e Day ,5D8. *lugins9. Data4ase10. anguages



$ommand ZZ

%&&3

!ne last thing we need to do is modify the file 3etc3sFuirrelmail3con%igKlocal.p)p and comment out

the de%aultK%olderKpre%ix #ariale * if you don't do this" you will see the following error message in

S2uirrelMail after you'#e logged in: uery? $! USentU !eason Civen? Invalid mail4ox name.

vi 3etc3sFuirrelmail3con%igKlocal.p)p

]Pphp

/WW

W Loal on*+ o&errides.

W

W ou an o&erride the on*+.php settin+s here.

W 4ont do it unless ou know what oure doin+.

W ;se standard )?) snta#, see on*+.php 'or e#amples.

W

W ̂ opri+ht Qop5 2002@200! The <uirrelail )roet Team

W ^liense http://opensoure.or+/lienses/[email protected] B; )u-li Liense

W ̂ &ersion N(d: on*+%loal.php,& 1.2 200!/0/11 03:33:" wto+ami I#p N

W ̂ paka+e s<uirrelmail



W ̂ su-paka+e on*+

W/

//Nde'ault%'older%pre*# K 5

P_

=ou can now find S2uirrelMail in the 3usr3s)are3sFuirrelmail3 directory.+fter you ha#e installed ISPConfig ;" you can access S2uirrelMail as follows:

The ISPConfig a%%s #host on %ort A8A7 for nginx comes with a S2uirrelMail configuration" so

you can use)ttp?33server1.example.com?80813sFuirrelmail or )ttp?33server1.example.com?80813&e4mailto access S2uirrelMail.If you want to use a 3&e4mail or 3sFuirrelmail alias that you can use from your we sites" this is a it more

com%licated than for +%ache ecause nginx does not ha#e gloal aliases $i.e." aliases that can e

defined for all #hosts&. Therefore you ha#e to define these aliases for each #host from which youwant to access S2uirrelMail.

To do this" %aste the following into the nginx Directives field on the 5ptions ta of the we site in

ISPConfig:

loation /s<uirrelmail

root /usr/share/5


loation Y/s<uirrelmail/7.Z[.php8N

tr%*les Nuri K"0"5

root /usr/share/5

'ast+i%pass 12.0.0.1:G0005










U

loation W Y/s<uirrelmail/7.Z[.7p+Dpe+D+i'DssDpn+DsDioDhtmlD#mlDt#t88N

root /usr/share/5

U

U

loation /we-mail

rewrite Y/W /s<uirrelmail last5

U

If you use htt%s instead of htt% for your #host" you should add the line %astcgiKparam @*S onV to your

S2uirrelMail configuration like this: loation /s<uirrelmail

root /usr/share/5



tr%*les Nuri K"0"5

root /usr/share/5

'ast+i%pass 12.0.0.1:G0005



'ast+i%param ?TT) on5 H %&& add this line










U


root /usr/share/5

U

U

loation /we-mail


U

If you use oth htt% and htt%s for your #host" you can use the )ttps #ariale * go to the nginx

Directives field again" and instead of %astcgiKparam @*S onV you add the line %astcgiKparam @*S )ttpsV so that you

can use S2uirrelMail for oth htt% and htt%s re2uests:

loation /s<uirrelmail

root /usr/share/5



tr%*les Nuri K"0"5

root /usr/share/5

'ast+i%pass 12.0.0.1:G0005

'ast+i%param ?TT) Nhttps5 H %&& add this line










U


root /usr/share/5

U

U

loation /we-mail


U

55 Prev

2ext












The Perfect Server - CentOS 6.4 x86_64 (nginx, Dovecot, ISPCong 3) -P!ge

07 Int!## ISPCong 3

e'ore ou start the ()Con*+ installation, make sure that Apahe is stopped 7i' it is installed @ it is possi-le that some o' our installed paka+es ha&e installed Apahe as a dependen

without ou knowin+8. (' Apahe2 is alread installed on the sstem, stop it now...

3etc3init.d3)ttpd stop

... and remo&e Apahes sstem startup links:

c)'con%ig ""del )ttpd

ake sure that n+in# is runnin+:

3etc3init.d3nginx restart

7(' ou ha&e -oth Apahe and n+in# installed, the installer asks ou whih one ou want to use: pac)e and nginx detected. Select server to use %or IS*$on%ig?

apac)e-nginx :apac)e=?

Tpe nginx . (' onl Apahe or n+in# are installed, this is automatiall deteted - the installer, and no <uestion is asked.8

4ownload the urrent ()Con*+ 3 &ersion and install it. The ()Con*+ installer will on*+ure all ser&ies like )ost*#, 4o&eot, et. 'or ou. A manual setup as re<uired 'or ()Con*+ 2 is

not neessar anmore.

ou now also ha&e the possi-ilit to let the installer reate an L &host 'or the ()Con*+ ontrol panel, so that ()Con*+ an -e aessed usin+ )ttps?33 instead o' )ttp?33 . To ahie&e

this, ust press N! when ou see this <uestion: Do you &ant a secure SS connection to t)e IS*$on%ig &e4 inter%ace y-n :y=? .

To install ()Con*+ 3 'rom the latest released &ersion, do this:

cd 3tmp

&get )ttp?33&&&.ispcon%ig.org3do&nloads3IS*$on%ig"G"sta4le.tar.g#

tar x%# IS*$on%ig"G"sta4le.tar.g#

cd ispcon%igGKinstall3install3

The ne#t step is to run

p)p "F install.p)p

This will start the ()Con*+ 3 installer:

:root;server1 install=> p)p "F install.p)p

""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""

KKKKK KKKKKKKKKKK KKKKK KK K KKKK

XK K3 KKKX KKK [ 3 KK [ 3 KK 3KK [

X X [ W"".X XK3 3 X 3 [3 KKK K KK X XK K KK K K3 3

X X W"". [ KK3 X X 3 K [X MK [X KX X3 KW X XK X

KX XK3[KK3 3 X X [KK3[ K X X X X X X X KX X KKK[ [

[KKK3[KKKK3[KX [KKKK3[KKK3XKX XKXKX XKX[KK- X [KKKK3

KK3 X

XKKK3

""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""

ZZ Initial con%iguration

5perating System? !ed)at or compati4le- un'no&n version.

Hollo&ing &ill 4e a %e& Fuestions %or primary con%iguration so 4e care%ul.

De%ault values are in :4rac'ets= and can 4e accepted &it) YN!Z.

ap in UFuitU &it)out t)e Fuotes to stop t)e installer.

http://www.ispconfig.org/ispconfig-3/download/






Select language en-de :en=? %&& ')'*

Installation mode standard-expert :standard=? %&& ')'*

Hull Fuali%ied )ostname HDN o% t)e server- eg server1.domain.tld :server1.example.com=? %&& ')' *

,yS server )ostname :local)ost=? %&& ')' *

,yS root username :root=? %&& ')' *

,yS root pass&ord :=? %&& yourroots$lpassword

,yS data4ase to create :d4ispcon%ig=? %&& ')'*

,yS c)arset :ut%8=? %&& ')'*

pac)e and nginx detected. Select server to use %or IS*$on%ig? apac)e-nginx :apac)e=? Y"" nginx

Cenerating a 20+8 4it !S private 'ey

......................................................................\\\

...............................................\\\

&riting ne& private 'ey to Msmtpd.'eyM

"""""

7ou are a4out to 4e as'ed to enter in%ormation t)at &ill 4e incorporated

into your certi%icate reFuest.

()at you are a4out to enter is &)at is called a Distinguis)ed Name or a DN.

)ere are Fuite a %e& %ields 4ut you can leave some 4lan'

Hor some %ields t)ere &ill 4e a de%ault value-

I% you enter M.M- t)e %ield &ill 4e le%t 4lan'.

"""""

$ountry Name 2 letter code :=? %&& ')' *

State or *rovince Name %ull name :=? %&& ')'*

ocality Name eg- city :De%ault $ity=? %&& ')'*

5rgani#ation Name eg- company :De%ault $ompany td=? %&& ')' *

5rgani#ational Anit Name eg- section :=? %&& ')' *

$ommon Name eg- your name or your serverMs )ostname :=? %&& ')'*

mail ddress :=? %&& ')' *

$on%iguring ]ail'it

$on%iguring Dovecot

$on%iguring Spamassassin

$on%iguring mavisd

$on%iguring Cetmail

$on%iguring *ure%tpd

$on%iguring BIND

$on%iguring nginx

$on%iguring logger

$on%iguring pps v)ost

$on%iguring Bastille Hire&all

$on%iguring Hail24an

Installing IS*$on%ig

IS*$on%ig *ort :8080=? %&& ')'*

Do you &ant a secure SS connection to t)e IS*$on%ig &e4 inter%ace y-n :y=? %&& ')' *

Cenerating !S private 'ey- +096 4it long modulus

...........................................................\\

...........................................................................\\

e is 6//GE 0x10001

7ou are a4out to 4e as'ed to enter in%ormation t)at &ill 4e incorporated

into your certi%icate reFuest.

()at you are a4out to enter is &)at is called a Distinguis)ed Name or a DN.

)ere are Fuite a %e& %ields 4ut you can leave some 4lan'

Hor some %ields t)ere &ill 4e a de%ault value-

I% you enter M.M- t)e %ield &ill 4e le%t 4lan'.

"""""

$ountry Name 2 letter code :=? %&& ')' *

State or *rovince Name %ull name :=? %&& ')'*

ocality Name eg- city :De%ault $ity=? %&& ')'*

5rgani#ation Name eg- company :De%ault $ompany td=? %&& ')' *

5rgani#ational Anit Name eg- section :=? %&& ')' *

$ommon Name eg- your name or your serverMs )ostname :=? %&& ')'*

mail ddress :=? %&& ')' *



*lease enter t)e %ollo&ing MextraM attri4utes

to 4e sent &it) your certi%icate reFuest

c)allenge pass&ord :=? %&& ')' *

n optional company name :=? %&& ')'*

&riting !S 'ey

$on%iguring DBServer

Installing IS*$on%ig cronta4

no cronta4 %or root

no cronta4 %or getmail

!estarting services ...

Stopping mysFld? : 5 =

Starting mysFld? : 5 =

S)utting do&n post%ix? : 5 =

Starting post%ix? : 5 =

Stopping saslaut)d? :HID=

Starting saslaut)d? : 5 =

S)utting do&n amavisd? Daemon :1//+= terminated 4y SIC!,

: 5 =

amavisd stopped

Starting amavisd? : 5 =

Stopping clamd.amavisd? : 5 =

Starting clamd.amavisd? : 5 =

Stopping Dovecot Imap? : 5 =

Starting Dovecot Imap? : 5 =

!eloading p)p"%pm? : 5 =

!eloading nginx? : 5 =

Stopping pure"%tpd? : 5 =

Starting pure"%tpd? : 5 =

Installation completed.

:root;server1 install=>

To *# the ailman errors ou mi+ht +et durin+ the ()Con*+ installation, open3usr3li43mailman3,ailman3mmKc%g.py ...

vi 3usr3li43mailman3,ailman3mmKc%g.py

... and set DHAKS!!KNCAC MenM:

...M

H@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@

H The de'ault lan+ua+e 'or this ser&er.

4IFA;LT%I=VI=%LAB;ABI K en

...M

=estart ailman:

3etc3init.d3mailman restart

A'terwards ou an aess ()Con*+ 3 under )ttps?33server1.example.com?80803 or )ttps?33192.168.0.100?80803 7)ttp or )ttps depends on what ou hose durin+

installation8. Lo+ in with the username admin and the password admin 7ou should han+e the de'ault password a'ter our *rst lo+in8:



The sstem is now read to -e used.

(' ou want to use ()&! addresses with our n+in# &hosts, please do the 'ollowin+ -e'ore ou reate ()&! &hosts in ()Con*+:

Open 3etc3sysctl.con% ...



vi 3etc3sysctl.con%

... and add the line net.ipv6.4indv6only 1:

...M

net.ip&!.-ind&!onl K 1

=un...

sysctl "p

... a'terwards 'or the han+e to take eet.

07. ISPCong 3 !n"!#

(n order to learn how to use ()Con*+ 3, ( stron+l reommend to download the ()Con*+ 3 anual.

On more than 300 pa+es, it o&ers the onept -ehind ()Con*+ 7admin, resellers, lients8, e#plains how to install and update ()Con*+ 3, inludes a re'erene 'or all 'orms and 'orm

*elds in ()Con*+ to+ether with e#amples o' &alid inputs, and pro&ides tutorials 'or the most ommon tasks in ()Con*+ 3. (t also lines out how to make our ser&er more seure and

omes with a trou-leshootin+ setion at the end.

07.0 ISPCong onitor $%% &or $n'roi'

9ith the ()Con*+ onitor App, ou an hek our ser&er status and *nd out i' all ser&ies are runnin+ as e#peted. ou an hek TC) and ;4) ports and pin+ our ser&ers. (n addition

to that ou an use this app to re<uest details 'rom ser&ers that ha&e ()Con*+ installed 7 %#e!e note th!t the ini" int!##e' ISPCong 3 verion *ith "%%ort for the

ISPCong onitor $%% i 3.+.3.385 these details inlude e&erthin+ ou know 'rom the onitor module in the ()Con*+ Control )anel 7e.+. ser&ies, mail and sstem lo+s, mail

<ueue, C); and memor in'o, disk usa+e, <uota, O details, =>?unter lo+, et.8, and o' ourse, as ()Con*+ is multiser&er@apa-le, ou an hek all ser&ers that are ontrolled 'rom

our ()Con*+ master ser&er.

For download and usa+e instrutions, please &isit http://www.ispon*+.or+/ispon*+@3/ispon*+@monitor@app@'or@android/.

06 9in:

• CentO: http://www.entos.or+/

• ()Con*+: http://www.ispon*+.or+/

$;o"t The $"thor

Falko Timme is the owner o' Timme ?ostin+ 7ultra@'ast n+in# we- hostin+8. ?e is the lead maintainer o' ?owtoFor+e 7sine 200S8 and one o' the ore

de&elopers o' ()Con*+ 7sine 20008. ?e has also ontri-uted to the O=eill -ook XLinu# stem AdministrationX.

55 Prev

&iew as pd' D print

Sh!re thi %!ge

S"; %!ge

• The )er'et er&er @ CentO !." #$!%!" 7n+in#, 4o&eot, ()Con*+ 38 @ )a+e @ )a+e 1



• The )er'et er&er @ CentO !." #$!%!" 7n+in#, 4o&eot, ()Con*+ 38 @ )a+e @ )a+e "

• The )er'et er&er @ CentO !." #$!%!" 7n+in#, 4o&eot, ()Con*+ 38 @ )a+e @ )a+e S

• The )er'et er&er @ CentO !." #$!%!" 7n+in#, 4o&eot, ()Con*+ 38 @ )a+e @ )a+e !

• The Perfect Server - CentOS 6.4 x86_64 (nginx, Dovecot, ISPCong 3) - P!ge

< Coent()

Add omment







http://www.centos.org/


http://www.ispconfig.org/


https://timmehosting.de/













https://timmehosting.de/


















ame W

The Perfect Server Cent OS.doc

Documents

Transcript of The Perfect Server Cent OS.doc