isp config 3 for centos

8/2/2019 ISP Config 3 for CentOS

1/34

The Perfect Server - CentOS 5.2[ISPConfig 3]

The Perfect Server - CentOS 5.2 [ISPConfig 3]

Version 1.0Author: Falko Timme

Last edited 03/05/2009This tutorial shows how to prepare a CentOS 5.2 server for the installation of ISPConfig3, and how to install ISPConfig 3. ISPConfig 3 is a webhosting control panel that allowsyou to configure the following services through a web browser: Apache web server,Postfix mail server, MySQL, MyDNS nameserver, PureFTPd, SpamAssassin, ClamAV, andmany more.

Please note that this setup does not work for ISPConfig 2! It is valid for ISPConfig 3 only!

I do not issue any guarantee that this will work for you!

1 RequirementsTo install such a system you will need the following:

Download the CentOS 5.2 DVD or the six CentOS 5.2 CDs from a mirror next toyou (the list of mirrors can be found here:http://isoredirect.centos.org/centos/5/isos/i386/).a fast Internet connection.

2 Preliminary Note

In this tutorial I use the hostname server1.example.com with the IP address192.168.0.100 and the gateway 192.168.0.1. These settings might differ for you, soyou have to replace them where appropriate.

3 Install The Base System

Boot from your first CentOS 5.2 CD (CD 1) or the CentOS 5.2 DVD. Press at theboot prompt:
http://isoredirect.centos.org/centos/5/isos/i386/


2/34

It can take a long time to test the installation media so we skip this test here:

The welcome screen of the CentOS installer appears. Click on Next:


3/34

Choose your language next:

Select your keyboard layout:


4/34

I'm installing CentOS 5.2 on a fresh system, so I answer Yes to the question Would you

like to initialize this drive, erasing ALL DATA?

Now we must select a partitioning scheme for our installation. For simplicity's sake I

select Remove linux partitions on selected drives and create default layout.This will result in a small /boot and a large /partition as well as a swap partition. Ofcourse, you're free to partition your hard drive however you like it. Then I hit Next:


5/34

Answer the following question (Are you sure you want to do this?) with Yes :

On to the network settings. The default setting here is to configure the networkinterfaces with DHCP, but we are installing a server, so static IP addresses are not a bad

idea... Click on the Edit button at the top right.


6/34

In the window that pops up uncheck Use dynamic IP configuration (DHCP) and

Enable IPv6 support and give your network card a static IP address (in this tutorialI'm using the IP address 192.168.0.100 for demonstration purposes) and a suitablenetmask (e.g. 255.255.255.0; if you are not sure about the right values,http://www.subnetmask.info might help you):

Set the hostname manually, e.g. server1.example.com, and enter a gateway (e.g.192.168.0.1) and up to two DNS servers (e.g. 213.191.92.86and 145.253.2.75):
http://www.subnetmask.info/


7/34

Choose your time zone:

Give root a password:


8/34

Copyright 2009 Falko TimmeAll Rights Reserved.

The Perfect Server - CentOS 5.2[ISPConfig 3] - Page 2

Now we select the software we want to install. Select nothing but Server(uncheckeverything else). Also don't check Packages from CentOS Extras. Then checkCustomize now, and click on Next:

Now we must select the package groups we want to install. Select Editors, Text-based Internet, Development Libraries, Development Tools, DNS Name Server,FTP Server, Mail Server, MySQL Database, Server Configuration Tools, Web


9/34

Server, Administration Tools, Base, and System Tools (unselect all otherpackage groups) and click on Next:

The installer checks the dependencies of the selected packages:

Click on Next to start the installation:


10/34

The hard drive is being formatted:

The installation begins. This will take a few minutes:


11/34

Finally, the installation is complete, and you can remove your CD or DVD from the

computer and reboot it:

After the reboot, you will see this screen. Select Firewall configuration and hit

Run Tool:


12/34

I want to install ISPConfig at the end of this tutorial which comes with its ownfirewall. That's why I disable the default CentOS firewall now. Of course, you arefree to leave it on and configure it to your needs (but then you shouldn't use anyother firewall later on as it will most probably interfere with the CentOS firewall).

SELinux is a security extension of CentOS that should provide extended security.In my opinion you don't need it to configure a secure system, and it usually

causes more problems than advantages (think of it after you have done a week oftrouble-shooting because some service wasn't working as expected, and then youfind out that everything was ok, only SELinux was causing the problem). ThereforeI disable it, too (this is a must if you want to install ISPConfig later on). Hit OKafterwards:

Then leave the Setup Agent by selecting Exit:


13/34

Then log in as root and reboot the system so that your changes can be applied:

reboot

Now, on to the configuration...



4 Adjust /etc/hosts

Next we edit /etc/hosts. Make it look like this:

vi /etc/hosts

# Do not remove the following line, or various programs# that require network functionality will fail.127.0.0.1 localhost.localdomain localhost192.168.0.100 server1.example.com server1::1 localhost6.localdomain6 localhost6

5 Configure Additional IP Addresses

(This section is totally optional. It just shows how to add additional IP addressesto your network interface eth0 if you need more than one IP address. If you're finewith one IP address, you can skip this section.)

Let's assume our network interface is eth0. Then there is a file/etc/sysconfig/network-scripts/ifcfg-eth0 which contains the settings foreth0. We can use this as a sample for our new virtual network interface eth0:0:

cp /etc/sysconfig/network-scripts/ifcfg-eth0 /etc/sysconfig/network-scripts/ifcfg-eth0:0


14/34

Now we want to use the IP address 192.168.0.101 on the virtual interface eth0:0.Therefore we open the file /etc/sysconfig/network-scripts/ifcfg-eth0:0 andmodify it as follows (we can leave out the HWADDR line as it is the same physicalnetwork card):

vi /etc/sysconfig/network-scripts/ifcfg-eth0:0

# Advanced Micro Devices [AMD] 79c970 [PCnet32 LANCE]DEVICE=eth0:0BOOTPROTO=static

BROADCAST=192.168.0.255IPADDR=192.168.0.101NETMASK=255.255.255.0NETWORK=192.168.0.0ONBOOT=yes

Afterwards we have to restart the network:

/etc/init.d/network restart

You might also want to adjust /etc/hosts after you have added new IP addresses,although this is not necessary.

Now run

ifconfig

You should now see your new IP address in the output:

[root@server1 ~]# ifconfigeth0 Link encap:Ethernet HWaddr 00:0C:29:B1:97:E1

inet addr:192.168.0.100 Bcast:192.168.0.255 Mask:255.255.255.0inet6 addr: fe80::20c:29ff:feb1:97e1/64 Scope:LinkUP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1RX packets:310 errors:0 dropped:0 overruns:0 frame:0TX packets:337 errors:0 dropped:0 overruns:0 carrier:0

collisions:0 txqueuelen:1000RX bytes:28475 (27.8 KiB) TX bytes:72116 (70.4 KiB)Interrupt:177 Base address:0x1400

eth0:0 Link encap:Ethernet HWaddr 00:0C:29:B1:97:E1inet addr:192.168.0.101 Bcast:192.168.0.255 Mask:255.255.255.0UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1Interrupt:177 Base address:0x1400

lo Link encap:Local Loopbackinet addr:127.0.0.1 Mask:255.0.0.0inet6 addr: ::1/128 Scope:HostUP LOOPBACK RUNNING MTU:16436 Metric:1RX packets:8 errors:0 dropped:0 overruns:0 frame:0TX packets:8 errors:0 dropped:0 overruns:0 carrier:0

collisions:0 txqueuelen:0RX bytes:560 (560.0 b) TX bytes:560 (560.0 b)

[root@server1 ~]#

6 Disable The Firewall And SELinux

(You can skip this chapter if you have already disabled the firewall and SELinux at the end of the basicsystem installation (in the Setup Agent).)

I want to install ISPConfig at the end of this tutorial which comes with its own


15/34

firewall. That's why I disable the default CentOS firewall now. Of course, you arefree to leave it on and configure it to your needs (but then you shouldn't use anyother firewall later on as it will most probably interfere with the CentOS firewall).

SELinux is a security extension of CentOS that should provide extended security.In my opinion you don't need it to configure a secure system, and it usuallycauses more problems than advantages (think of it after you have done a week oftrouble-shooting because some service wasn't working as expected, and then youfind out that everything was ok, only SELinux was causing the problem). ThereforeI disable it, too (this is a must if you want to install ISPConfig later on).

Run

system-config-securitylevel

Set both Security Level and SELinuxto Disabledand hit OK:

Afterwards we must reboot the system:

reboot

7 Install Some Software

First we import the GPG keys for software packages:

rpm --import /etc/pki/rpm-gpg/RPM-GPG-KEY*

Then we update our existing packages on the system:

yum update

Now we install some software packages that are needed later on:

yum groupinstall 'Development Tools'

yum groupinstall 'Development Libraries'


16/34

8 Quota

(If you have chosen a different partitioning scheme than I did, you must adjust this chapter so that quotaapplies to the partitions where you need it.)

To install quota, we run this command:

yum install quota

Edit /etc/fstab and add ,usrquota,grpquota to the /partition(/dev/VolGroup00/LogVol00):

vi /etc/fstab

/dev/VolGroup00/LogVol00 / ext3 defaults,usrquota,grpquota LABEL=/boot /boot ext3 defaults 1 2tmpfs /dev/shm tmpfs defaults 0 0devpts /dev/pts devpts gid=5,mode=620 0 0sysfs /sys sysfs defaults 0 0

proc /proc proc defaults 0 0/dev/VolGroup00/LogVol01 swap swap defaults 0 0

Then run

touch /aquota.user /aquota.groupchmod 600 /aquota.*mount -o remount /quotacheck -avugmquotaon -avug

to enable quota.

9 Install Apache, MySQL, phpMyAdmin

First we enable the RPMforge repository on our CentOS system as lots of thepackages that we are going to install in the course of this tutorial are not availablein the official CentOS 5.2 repositories:

rpm --import http://dag.wieers.com/rpm/packages/RPM-GPG-KEY.dag.txt

cd /tmpwget http://packages.sw.be/rpmforge-release/rpmforge-release-0.3.6-1.el5.rf.i386.rpmrpm -ivh rpmforge-release-0.3.6-1.el5.rf.i386.rpm

(If the above link doesn't work anymore, you can find the current version ofrpmforge-release here: http://dag.wieers.com/rpm/packages/rpmforge-release/)

Afterwards we can install the needed packages with one single command(including the packages we need to build Courier-IMAP):

yum install ntp httpd mysql-server php php-mysql php-mbstring php-
http://dag.wieers.com/rpm/packages/rpmforge-release/


17/34

mcrypt phpmyadmin rpm-build gcc mysql-devel openssl-devel cyrus-sasl-devel pkgconfig zlib-devel pcre-devel openldap-develpostgresql-devel expect libtool-ltdl-devel openldap-servers libtoolgdbm-devel pam-devel gamin-devel


The Perfect Server - CentOS 5.2

[ISPConfig 3] - Page 4

10 Install Courier-IMAP, Courier-Authlib, And Maildrop

Unfortunately there are no rpm packages for Courier-IMAP, Courier-Authlib, andMaildrop, therefore we have to build them ourselves.

RPM packages should not be built as root; courier-imap will even refuse tocompile if it detects that the compilation is run as the root user. Therefore wecreate a normal user account now (compileuserin this example) and give him apassword:

useradd -m -s /bin/bash compileuserpasswd compileuser

We will need the sudo command later on so that the user compileusercan compileand install the rpm packages. But first, we must allow compileuserto run allcommands using sudo:

Run

visudo

In the file that opens there's a line root ALL=(ALL) ALL. Add a similar line forcompileuserjust below that line:

[...]root ALL=(ALL) ALLcompileuser ALL=(ALL) ALL[...]

Now we are ready to build our rpm package. First become the user compileuser:

su compileuser

Next we create our build environment:

mkdir $HOME/rpmmkdir $HOME/rpm/SOURCESmkdir $HOME/rpm/SPECSmkdir $HOME/rpm/BUILDmkdir $HOME/rpm/SRPMSmkdir $HOME/rpm/RPMSmkdir $HOME/rpm/RPMS/i386

echo "%_topdir $HOME/rpm" >> $HOME/.rpmmacros


18/34

Now we download the source files from http://www.courier-mta.org/download.php:

cd /tmpwget http://prdownloads.sourceforge.net/courier/courier-authlib-0.62.1.tar.bz2wget http://prdownloads.sourceforge.net/courier/courier-imap-4.4.1.tar.bz2wget http://prdownloads.sourceforge.net/courier/maildrop-2.0.4.tar.bz2

Now (still in /tmp) we can build courier-authlib:

sudo rpmbuild -ta courier-authlib-0.62.1.tar.bz2

After the build process, the rpm packages can be found in $HOME/rpm/RPMS/i386($HOME/rpm/RPMS/x86_64 if you are on an x86_64 system):

cd $HOME/rpm/RPMS/i386

The command

ls -l

shows you the available rpm packages:

[compileuser@server1 i386]$ ls -ltotal 584-rw-r--r-- 1 root root 140978 Feb 26 03:00 courier-authlib-0.62.1-1.i386.rpm-rw-r--r-- 1 root root 309196 Feb 26 03:00 courier-authlib-debuginfo-0.62.1-1.i386.rpm-rw-r--r-- 1 root root 34672 Feb 26 03:00 courier-authlib-devel-0.62.1-1.i386.rpm-rw-r--r-- 1 root root 17855 Feb 26 03:00 courier-authlib-ldap-0.62.1-

1.i386.rpm-rw-r--r-- 1 root root 14048 Feb 26 03:00 courier-authlib-mysql-0.62.1-1.i386.rpm-rw-r--r-- 1 root root 13214 Feb 26 03:00 courier-authlib-pgsql-0.62.1-1.i386.rpm-rw-r--r-- 1 root root 8175 Feb 26 03:00 courier-authlib-pipe-0.62.1-1.i386.rpm-rw-r--r-- 1 root root 35927 Feb 26 03:00 courier-authlib-userdb-0.62.1-1.i386.rpm[compileuser@server1 i386]$

Select the ones you want to install, and install them like this:

sudo rpm -ivh courier-authlib-0.62.1-1.i386.rpm courier-authlib-

mysql-0.62.1-1.i386.rpm courier-authlib-devel-0.62.1-1.i386.rpm

Now we go back to the /tmp directory and run rpmbuildagain, this time withoutsudo, otherwise the compilation will fail because it was run as root:

cd /tmprpmbuild -ta courier-imap-4.4.1.tar.bz2

http://www.courier-mta.org/download.php


19/34


The command

ls -l


[compileuser@server1 i386]$ ls -l

total 1868-rw-r--r-- 1 root root 140978 Feb 26 03:00 courier-authlib-0.62.1-1.i386.rpm-rw-r--r-- 1 root root 309196 Feb 26 03:00 courier-authlib-debuginfo-0.62.1-1.i386.rpm-rw-r--r-- 1 root root 34672 Feb 26 03:00 courier-authlib-devel-0.62.1-1.i386.rpm-rw-r--r-- 1 root root 17855 Feb 26 03:00 courier-authlib-ldap-0.62.1-1.i386.rpm-rw-r--r-- 1 root root 14048 Feb 26 03:00 courier-authlib-mysql-0.62.1-1.i386.rpm-rw-r--r-- 1 root root 13214 Feb 26 03:00 courier-authlib-pgsql-0.62.1-1.i386.rpm-rw-r--r-- 1 root root 8175 Feb 26 03:00 courier-authlib-pipe-0.62.1-1.i386.rpm

-rw-r--r-- 1 root root 35927 Feb 26 03:00 courier-authlib-userdb-0.62.1-1.i386.rpm-rw-rw-r-- 1 compileuser compileuser 395137 Feb 26 03:13 courier-imap-4.4.1-1.i386.rpm-rw-rw-r-- 1 compileuser compileuser 906775 Feb 26 03:13 courier-imap-debuginfo-4.4.1-1.i386.rpm[compileuser@server1 i386]$

You can install courier-imap like this:

sudo rpm -ivh courier-imap-4.4.1-1.i386.rpm

Now we go back to the /tmp directory and run rpmbuildagain, this time to build a

maildrop package:

cd /tmpsudo rpmbuild -ta maildrop-2.0.4.tar.bz2



The command

ls -l


[compileuser@server1 i386]$ ls -ltotal 3096-rw-r--r-- 1 root root 140978 Feb 26 03:00 courier-authlib-0.62.1-1.i386.rpm-rw-r--r-- 1 root root 309196 Feb 26 03:00 courier-authlib-debuginfo-0.62.1-1.i386.rpm-rw-r--r-- 1 root root 34672 Feb 26 03:00 courier-


20/34

authlib-devel-0.62.1-1.i386.rpm-rw-r--r-- 1 root root 17855 Feb 26 03:00 courier-authlib-ldap-0.62.1-1.i386.rpm-rw-r--r-- 1 root root 14048 Feb 26 03:00 courier-authlib-mysql-0.62.1-1.i386.rpm-rw-r--r-- 1 root root 13214 Feb 26 03:00 courier-authlib-pgsql-0.62.1-1.i386.rpm-rw-r--r-- 1 root root 8175 Feb 26 03:00 courier-authlib-pipe-0.62.1-1.i386.rpm-rw-r--r-- 1 root root 35927 Feb 26 03:00 courier-authlib-userdb-0.62.1-1.i386.rpm-rw-rw-r-- 1 compileuser compileuser 395137 Feb 26 03:13 courier-imap-4.4.1-1.i386.rpm

-rw-rw-r-- 1 compileuser compileuser 906775 Feb 26 03:13 courier-imap-debuginfo-4.4.1-1.i386.rpm-rw-r--r-- 1 root root 303104 Feb 26 03:25 maildrop-2.0.4-1.i386.rpm-rw-r--r-- 1 root root 739326 Feb 26 03:25 maildrop-debuginfo-2.0.4-1.i386.rpm-rw-r--r-- 1 root root 134387 Feb 26 03:25 maildrop-devel-2.0.4-1.i386.rpm-rw-r--r-- 1 root root 58837 Feb 26 03:25 maildrop-man-2.0.4-1.i386.rpm[compileuser@server1 i386]$

You can now install maildrop like this:

sudo rpm -ivh maildrop-2.0.4-1.i386.rpm

After you have compiled and installed all needed packages, you can become rootagain by typing

exit

11 Apply Quota Patch To Postfix

We have to get the Postfix source rpm, patch it with the quota patch, build a newPostfix rpm package and install it.

cd /usr/srcwget http://ftp-stud.fht-esslingen.de/pub/Mirrors/centos/5.2/os/SRPMS/postfix-2.3.3-2.src.rpmrpm -ivh postfix-2.3.3-2.src.rpm

The last command will show some warnings that you can ignore:

warning: user mockbuild does not exist - using rootwarning: group mockbuild does not exist - using root

cd /usr/src/redhat/SOURCESwget http://vda.sourceforge.net/VDA/postfix-2.3.3-vda.patch.gzgunzip postfix-2.3.3-vda.patch.gzcd /usr/src/redhat/SPECS/

Now we must edit the file postfix.spec:

vi postfix.spec

Change %define MYSQL 0 to %define MYSQL 1, add Patch0: postfix-2.3.3-vda.patch to the # Patches stanza, and finally add %patch0 -p1 -b .vda to the


21/34

%setup -qstanza:

[...]%define MYSQL 1[...]# Patches

Patch0: postfix-2.3.3-vda.patchPatch1: postfix-2.1.1-config.patchPatch3: postfix-alternatives.patchPatch6: postfix-2.1.1-obsolete.patchPatch7: postfix-2.1.5-aliases.patch

Patch8: postfix-large-fs.patchPatch9: postfix-2.2.5-cyrus.patch[...]%setup -q# Apply obligatory patches%patch0 -p1 -b .vda%patch1 -p1 -b .config%patch3 -p1 -b .alternatives%patch6 -p1 -b .obsolete%patch7 -p1 -b .aliases%patch8 -p1 -b .large-fs%patch9 -p1 -b .cyrus[...]

Then we build our new Postfix rpm package with quota and MySQL support:

rpmbuild -ba postfix.spec

Our Postfix rpm package is created in /usr/src/redhat/RPMS/i386(/usr/src/redhat/RPMS/x86_64 if you are on an x86_64 system), so we go there:

cd /usr/src/redhat/RPMS/i386

The command

ls -l

shows you the available packages:

[root@server1 i386]# ls -ltotal 11292-rw-r--r-- 1 root root 3820393 Feb 27 18:16 postfix-2.3.3-2.i386.rpm-rw-r--r-- 1 root root 7666204 Feb 27 18:16 postfix-debuginfo-2.3.3-2.i386.rpm-rw-r--r-- 1 root root 50539 Feb 27 18:16 postfix-pflogsumm-2.3.3-2.i386.rpm[root@server1 i386]#

Pick the Postfix package and install it like this:

rpm -ivh postfix-2.3.3-2.i386.rpm

Then turn off Sendmail and start Postfix, saslauthd, and courier-authlib:

chkconfig --levels 235 courier-authlib on/etc/init.d/courier-authlib start

chkconfig --levels 235 sendmail offchkconfig --levels 235 postfix on


22/34

chkconfig --levels 235 saslauthd on/etc/init.d/sendmail stop/etc/init.d/postfix start/etc/init.d/saslauthd start

12 Configure Courier

Now we create the system startup links for courier-imap:

chkconfig --levels 235 courier-imap on/etc/init.d/courier-authlib restart/etc/init.d/courier-imap restart

When courier-imap is started for the first time, it automatically creates thecertificate files /usr/lib/courier-imap/share/imapd.pem and /usr/lib/courier-imap/share/pop3d.pem from the /usr/lib/courier-imap/etc/imapd.cnfand/usr/lib/courier-imap/etc/pop3d.cnffiles. Because the .cnffiles contain theline CN=localhost, but our server is named server1.example.com, the certificatesmight cause problems when you use TLS connections. To solve this, we deleteboth certificates...

cd /usr/lib/courier-imap/share/rm -f imapd.pemrm -f pop3d.pem

... and replace the CN=localhost lines in /usr/lib/courier-imap/etc/imapd.cnfand /usr/lib/courier-imap/etc/pop3d.cnfwith CN=server1.example.com:

vi /usr/lib/courier-imap/etc/imapd.cnf

[...]CN=server1.example.com[...]

vi /usr/lib/courier-imap/etc/pop3d.cnf

[...]CN=server1.example.com[...]

Then we recreate both certificates...

./mkimapdcert

./mkpop3dcert

... and restart courier-authlib and courier-imap:

/etc/init.d/courier-authlib restart/etc/init.d/courier-imap restart

13 Install Getmail


23/34

Getmail can be installed as follows:

yum install getmail


The Perfect Server - CentOS 5.2

[ISPConfig 3] - Page 5

14 Set MySQL Passwords And Configure phpMyAdmin

Start MySQL:

chkconfig --levels 235 mysqld on/etc/init.d/mysqld start

Then set passwords for the MySQL root account:

mysqladmin -u root password yourrootsqlpasswordmysqladmin -h server1.example.com -u root passwordyourrootsqlpassword

Now we configure phpMyAdmin. We change the Apache configuration so thatphpMyAdmin allows connections not just from localhost (by commenting out thestanza):

vi /etc/httpd/conf.d/phpmyadmin.conf

#

# Web application to manage MySQL#

## Order Deny,Allow# Deny from all# Allow from 127.0.0.1#

Alias /phpmyadmin /usr/share/phpmyadminAlias /phpMyAdmin /usr/share/phpmyadminAlias /mysqladmin /usr/share/phpmyadmin

Next we change the authentication in phpMyAdmin from cookie to http:

vi /usr/share/phpmyadmin/config.inc.php

[...]/* Authentication type */$cfg['Servers'][$i]['auth_type'] = 'http';[...]

Then we create the system startup links for Apache and start it:

chkconfig --levels 235 httpd on


24/34

/etc/init.d/httpd start

Now you can direct your browser to http://server1.example.com/phpmyadmin/orhttp://192.168.0.100/phpmyadmin/and log in with the user name root and yournew root MySQL password.

15 Install Amavisd-new, SpamAssassin And ClamAV

To install amavisd-new, spamassassin and clamav, run the following command:

yum install amavisd-new spamassassin clamav clamd unzip bzip2 unrarperl-DBD-mysql

Then we start freshclam, amavisd, and clamd...

chkconfig --levels 235 amavisd onchkconfig --levels 235 clamd on/usr/bin/freshclam/etc/init.d/amavisd start/etc/init.d/clamd start

... and create some necessary directories:

mkdir /var/run/amavisd /var/spool/amavisd /var/spool/amavisd/tmp/var/spool/amavisd/dbchown amavis /var/run/amavisd /var/spool/amavisd/var/spool/amavisd/tmp /var/spool/amavisd/db

16 Installing Apache2 With mod_php, mod_fcgi/PHP5, And suPHP

ISPConfig 3 allows you to use mod_php, mod_fcgi/PHP5, cgi/PHP5, and suPHP on

a per website basis.

mod_fcgid is not available in the official CentOS repositories, but there's apackage for CentOS 5.x in the centos.karan.orgtestingrepository. We enable therepository as follows:

cd /etc/yum.repos.d/wget http://centos.karan.org/kbsingh-CentOS-Extras.repo

Next we open /etc/yum.repos.d/kbsingh-CentOS-Extras.repo...

vi /etc/yum.repos.d/kbsingh-CentOS-Extras.repo

... and set gpgcheck to 0 and enabledto 1 in the [kbs-CentOS-Testing] section:

[...][kbs-CentOS-Testing]name=CentOS.Karan.Org-EL$releasever - Testinggpgcheck=0gpgkey=http://centos.karan.org/RPM-GPG-KEY-karan.org.txtenabled=1baseurl=http://centos.karan.org/el$releasever/extras/testing/$basearch/RPMS/

Afterwards we can install Apache2with mod_php5, mod_fcgid, and PHP5:
http://centos.karan.org/


25/34

yum install php php-devel php-gd php-imap php-ldap php-mysql php-odbc php-pear php-xml php-xmlrpc php-eaccelerator php-mbstring php-mcrypt php-mhash php-mssql php-snmp php-soap php-tidy curl curl-devel perl-libwww-perl ImageMagick libxml2 libxml2-devel mod_fcgidphp-cli httpd-devel

Next we open /etc/php.ini...

vi /etc/php.ini

... and change the error reporting (so that notices aren't shown any longer) andadd cgi.fix_pathinfo = 1 at the end of the file:

[...];error_reporting = E_ALLerror_reporting = E_ALL & ~E_NOTICE[...]cgi.fix_pathinfo = 1

Next we install suPHP:

cd /tmpwget http://www.suphp.org/download/suphp-0.7.0.tar.gztar xvfz suphp-0.7.0.tar.gzcd suphp-0.7.0/./configure --prefix=/usr --sysconfdir=/etc --with-apr=/usr/bin/apr-1-config --with-apxs=/usr/sbin/apxs --with-apache-user=apache --with-setid-mode=owner --with-php=/usr/bin/php-cgi --with-logfile=/var/log/httpd/suphp_log --enable-SUPHP_USE_USERGROUP=yesmakemake install

Then we add the suPHP module to our Apache configuration...

vi /etc/httpd/conf.d/suphp.conf

LoadModule suphp_module modules/mod_suphp.so

... and create the file /etc/suphp.confas follows:

vi /etc/suphp.conf

[global];Path to logfilelogfile=/var/log/httpd/suphp.log

;Loglevelloglevel=info

;User Apache is running aswebserver_user=apache

;Path all scripts have to be indocroot=/

;Path to chroot() to before executing script;chroot=/mychroot

; Security optionsallow_file_group_writeable=true


26/34

allow_file_others_writeable=falseallow_directory_group_writeable=trueallow_directory_others_writeable=false

;Check wheter script is within DOCUMENT_ROOTcheck_vhost_docroot=true

;Send minor error messages to browsererrors_to_browser=false

;PATH environment variableenv_path=/bin:/usr/bin

;Umask to set, specify in octal notationumask=0077

; Minimum UIDmin_uid=100

; Minimum GIDmin_gid=100

[handlers];Handler for php-scriptsx-httpd-suphp="php:/usr/bin/php-cgi"

;Handler for CGI-scriptsx-suphp-cgi="execute:!self"

Finally we restart Apache:

/etc/init.d/httpd restart

17 Install PureFTPd

PureFTPd can be installed with the following command:

yum install pure-ftpd

Then create the system startup links and start PureFTPd:

chkconfig --levels 235 pure-ftpd on/etc/init.d/pure-ftpd start

18 Install MyDNS

We can install MyDNS as follows:

wget http://mydns.bboy.net/download/mydns-mysql-1.1.0-1.i386.rpmrpm -ivh mydns-mysql-1.1.0-1.i386.rpm

When the system boots, MyDNS must be started after MySQL. The MySQL startuplink has the priority 64 on CentOS, so the MyDNS startup link must have a prioritybetween 65 and 99. Therefore we open the MyDNS init script...

vi /etc/init.d/mydns


27/34

... and change

[...]# chkconfig: 345 52 50[...]

to

[...]# chkconfig: 345 65 50[...]

Then we create the startup links:

chkconfig --levels 235 mydns on

We don't start MyDNS now because it must be configured first - this will be doneautomatically by the ISPConfig 3 installer later on.

19 Install Vlogger And Webalizer

Vlogger and webalizer can be installed as follows:

yum install webalizer perl-DateTime-Format-HTTP perl-DateTime-Format-Builder

cd /tmpwget http://n0rp.chemlab.org/vlogger/vlogger-1.3.tar.gztar xvfz vlogger-1.3.tar.gzmv vlogger-1.3/vlogger /usr/sbin/rm -rf vlogger*

Jailkit is needed only if you want to chroot SSH users. It can be installed as follows(important: Jailkit must be installed before ISPConfig - it cannot be installed afterwards!):

cd /tmpwget http://olivier.sessink.nl/jailkit/jailkit-2.5.tar.gztar xvfz jailkit-2.5.tar.gzcd jailkit-2.5./configuremakemake installrm -rf jailkit-2.5*

This is optional but recommended, because the ISPConfig monitor tries to showthe log:

yum install fail2ban


28/34

chkconfig --levels 235 fail2ban on/etc/init.d/fail2ban start

22 Install rkhunter

rkhunter can be installed as follows:

yum install rkhunter



23 Install SquirrelMail

To install the SquirrelMail webmail client, run...

yum install squirrelmail

... and restart Apache:

/etc/init.d/httpd restart

Then configure SquirrelMail:

/usr/share/squirrelmail/config/conf.pl

We must tell SquirrelMail that we are using Courier-IMAP/-POP3:

SquirrelMail Configuration : Read: config.php (1.4.0)---------------------------------------------------------Main Menu --1. Organization Preferences2. Server Settings3. Folder Defaults4. General Options5. Themes6. Address Books7. Message of the Day (MOTD)8. Plugins9. Database10. Languages

D. Set pre-defined settings for specific IMAP servers

C Turn color offS Save dataQ Quit

Command >>


29/34

---------------------------------------------------------While we have been building SquirrelMail, we have discovered somepreferences that work better with some servers that don't work sowell with others. If you select your IMAP server, this option willset some pre-defined settings for that server.

Please note that you will still need to go through and make sureeverything is correct. This does not change everything. There areonly a few settings that this will change.

Please select your IMAP server:bincimap = Binc IMAP servercourier = Courier IMAP server

cyrus = Cyrus IMAP serverdovecot = Dovecot Secure IMAP serverexchange = Microsoft Exchange IMAP serverhmailserver = hMailServermacosx = Mac OS X Mailservermercury32 = Mercury/32uw = University of Washington's IMAP server

quit = Do not change anything

Command >>> courier

imap_server_type = courierdefault_folder_prefix = INBOX.

trash_folder = Trashsent_folder = Sent

draft_folder = Draftsshow_prefix_option = false

default_sub_of_inbox = falseshow_contain_subfolders_option = false

optional_delimiter = .delete_folder = true

Press any key to continue...


30/34

6. Address Books7. Message of the Day (MOTD)8. Plugins9. Database10. Languages

D. Set pre-defined settings for specific IMAP servers

C Turn color offS Save dataQ Quit

Command >>>

Now you can type in http://server1.example.com/webmail orhttp://192.168.0.100/webmail in your browser to access SquirrelMail.


31/34

24 Install ISPConfig 3ISPConfig 3 can either be installed from the latest released version (.tar.gz) ordirectly from SVN.

To install it from the latest released version, do this:

cd /tmpwget http://downloads.sourceforge.net/ispconfig/ISPConfig-3.0.1.tar.gz?use_mirror=tar xvfz ISPConfig-3.0.1.tar.gzcd ispconfig3_install/install/

(Replace ISPConfig-3.0.0.9-rc2.tar.gz with the latest version.)

To install it from SVN, do this:

yum install subversion

cd /tmpsvn export svn://svn.ispconfig.org/ispconfig3/trunk/cd trunk/install

Regardless of the installation method you've chosen, the next step is to run

php -q install.php

This will start the ISPConfig 3 installer:

[root@server1 install]# php -q install.php

--------------------------------------------------------------------------------_____ ___________ _____ __ _

|_ _/ ___| ___ \ / __ \ / _(_)| | \ `--.| |_/ / | / \/ ___ _ __ | |_ _ __ _


32/34

| | `--. \ __/ | | / _ \| '_ \| _| |/ _` |_| |_/\__/ / | | \__/\ (_) | | | | | | | (_| |\___/\____/\_| \____/\___/|_| |_|_| |_|\__, |

__/ ||___/

--------------------------------------------------------------------------------

>> Initial configuration

Operating System: CentOS 5.2 or compatible

Following will be a few questions for primary configuration so be careful.Default values are in [brackets] and can be accepted with .Tap in "quit" (without the quotes) to stop the installer.

Select language (en,de) [en]:

Installation mode (standard,expert) [standard]:


33/34

Installing Crontabno crontab for rootno crontab for getmailRestarting services ...Stopping MySQL: [ OK ]Starting MySQL: [ OK ]Shutting down postfix: [ OK ]Starting postfix: [ OK ]Stopping saslauthd: [ OK ]Starting saslauthd: [ OK ]Shutting down Mail Virus Scanner (amavisd): [ OK ]Starting Mail Virus Scanner (amavisd): [ OK ]Stopping Clam AntiVirus Daemon: [ OK ]

Starting Clam AntiVirus Daemon: [ OK ]Stopping Courier authentication services: authdaemondStarting Courier authentication services: authdaemondStopping Courier-IMAP server: imap imap-ssl pop3 pop3-sslStarting Courier-IMAP server: imap imap-ssl pop3 pop3-sslStopping httpd: [ OK ]Starting httpd: [ OK ]Stopping pure-ftpd: [ OK ]Starting pure-ftpd: [ OK ]Installation completed.[root@server1 install]#

The installer automatically configures all underlying services, so no manualconfiguration is needed.

Afterwards you can access ISPConfig 3 under http://server1.example.com:8080/or http://192.168.0.100:8080/. Log in with the username admin and thepassword admin (you should change the default password after your first login):


34/34

The system is now ready to be used.

25 Links

CentOS: http://www.centos.org/ISPConfig: http://www.ispconfig.org/

http://www.ispconfig.org/http://www.centos.org/

isp config 3 for centos

Documents