How To Install ISPConfig3 on an Ubuntu 14.04 Server

Preconditions

Before beginning, a domain name should be pointed at the server that would be used.

A non-root user havingsudo privileges would also be required. To begin, log in as this user.

Upgrade the System

Upgrade the System

First of all, the base system needs to be upgraded. This makes sure that our system’s packages are the latest packaged versions.

Before doing this, the local package index should be updated so that apt sees the advanced package versions:

sudo apt-get update
sudo apt-get upgrade

As our system is up to date now, we can continue with the remaining installation.

Verify Hostnames are Configured Correctly

In the beginning, we will ensure that our hostnames are correctly configured. In this tutorial, we will be assuming that we are setting up a domain name as  server.test.com  and the server’s IP address is  111.111.111.111.

It needs to be verified that our hostname is correctly configured. Taking a look at file of our hosts:

sudo nano /etc/hosts

It may look like this:

127.0.0.1           localhost server.test.com server

We intend to make our hostnames utilize our public IP address. This can be done by dividing the line into two lines and aiming the domain name portion to our public IP address:

127.0.0.1           localhost
111.111.111.111     server.test.com server

On finishing, save and close the file.

Our  hostname  file should also be edited for ensuring that it also has the correct domain name:

sudo nano /etc/hostname

In case your complete hostname is not shown, then change the value:

server.test.com

You should ensure that the system utilizes the new value by entering:

sudo hostname -F /etc/hostname

Change System Settings

There are some things that Ubuntu configures in traditional way that we require to undo in order in order that our software properly functions.

The most basic thing would be to disable AppArmor, thatis not compatible with ISPConfig. So that service needs to be stopped:

sudo service apparmor stop

It can also be asked to unload its profiles by entering:

sudo service apparmor teardown

Following this, our server needs to be told that this service should not be started at boot:

sudo update-rc.d -f apparmor remove

All its associated packages and files can be removed by typing:

sudo apt-get remove apparmor

One more configuration to be modified is the default system shell. For system processes, Ubuntu utilizes the dash  shell, but ISPConfig utilizes added functionality specifically provided by bash. bash  can be set to be the default system shell by entering:

sudo dpkg-reconfigure dash

When prompted, select “No” for having the utility reconfigure the system shell pointer for using bash  rather than dash.

Install Additional Components

As the base system is now ready to go, we can nowstart installing some services that can be managed by ISPConfig and different software that supports ISPConfig.

We will deploy basic LAMP (Linux, Apache, MySQL, PHP) components, anti-virus scanning software for our mail,mail software, and other packages.

All this can be done with one big apt  command, so a lot of packages can be deployed at once:

sudo apt-get install apache2 apache2-utils libapache2-mod-suphp libapache2-mod-fastcgi libapache2-mod-python libapache2-mod-fcgid apache2-suexec libapache2-mod-php5 php5 php5-fpm php5-gd php5-mysql php5-curl php5-intl php5-memcache php5-memcached php5-ming php5-ps php5-xcache php5-pspell php5-recode php5-snmp php5-sqlite php5-tidy php5-xmlrpc php5-xsl php5-imap php5-cgi php-pear php-auth php5-mcrypt mcrypt php5-imagick imagemagick libruby memcached phpmyadmin postfix postfix-mysql postfix-doc mysql-server openssl getmail4 rkhunter binutils dovecot-imapd dovecot-pop3d dovecot-mysql dovecot-sieve mailman amavisd-new spamassassin clamav clamav-daemon zoo unzip zip arj nomarch lzop cabextract apt-listchanges libnet-ldap-perl libauthen-sasl-perl daemon libio-string-perl libio-socket-ssl-perl libnet-ident-perl libnet-dns-perl bind9 dnsutils vlogger webalizer awstats geoip-database libclass-dbi-mysql-perl squirrelmail pure-ftpd-common pure-ftpd-mysql snmp

 

At the time of installation, some questions will be asked. A language needs to be selected for  mailman. Select en (English) and continue. Also, you will be asked for selection and confirmation of a password for the MySQL administrative user.

 

One more prompt you will get is if a self-signed SSL certificate should be created for dovecot. Select “Yes”. Enter the name as “commonName” for your SSL certificate. This is your fully qualified domain name:

server.test.com

For postfix, what mail configuration is needed would be asked. Select Internet Site. Then you will be asked to decide the system mail name. This should also be set to your domain name:

 

server.test.com

 

For phpMyAdmin, the software possesses the capability of automatically configuring itself dependingupon your web server. Select “apache2” and press “SPACE” for selecting that option. Now hit “TAB” then “ENTER” for making the selection.

Next it will be asked whether you intend to configure the database for phpMyAdmin using dbconfig-common. Select “Yes”. Enter the MySQL administrator account’s password that you had selected above. Then you need to perform selection and confirmation of a password for the phpMyAdmin user.

 

Now all your components are installed.

Configure the Backend Components

Since we have installed everything, we should start configuring our tools and services.

Mail Configuration

We will begin by enabling few functionalities in postfix. The default configuration file needs to be opened with your editor:

sudo nano /etc/postfix/master.cf

 

Some lines of this file needs to be uncommented. Especially the line dealing with the submission service alongwith the starting three option lines below, and the smtps service and the beginningthree option lines for that one also:

submission inet n       -       -       -       -       smtpd
  -o syslog_name=postfix/submission
  -o smtpd_tls_security_level=encrypt
  -o smtpd_sasl_auth_enable=yes
. . .
smtps     inet  n       -       -       -       -       smtpd
  -o syslog_name=postfix/smtps
  -o smtpd_tls_wrappermode=yes
  -o smtpd_sasl_auth_enable=yes

Now, under both the services an additional option needs to be added. It would be similar for each:

submission inet n       -       -       -       -       smtpd
  -o syslog_name=postfix/submission
  -o smtpd_tls_security_level=encrypt
  -o smtpd_sasl_auth_enable=yes
  -o smtpd_client_restrictions=permit_sasl_authenticated,reject
. . .
smtps     inet  n       -       -       -       -       smtpd
  -o syslog_name=postfix/smtps
  -o smtpd_tls_wrappermode=yes
  -o smtpd_sasl_auth_enable=yes
  -o smtpd_client_restrictions=permit_sasl_authenticated,reject

On finishing, save and close the file.

One more mail related service that should be configured is mailman, that can manage mailing lists.

In the beginning, we can tell it to make a new list:

sudo newlist mailman

You will need to provide the email to be linked with the list. Also, you will need to select a password.

A long list of aliases would be outputted by the script. Those should  be added to the /etc/aliases  file’s bottom:

sudo nano /etc/aliases

It will look like this:

postmaster:     root
mailman:              "|/var/lib/mailman/mail/mailman post mailman"
mailman-admin:        "|/var/lib/mailman/mail/mailman admin mailman"
mailman-bounces:      "|/var/lib/mailman/mail/mailman bounces mailman"
mailman-confirm:      "|/var/lib/mailman/mail/mailman confirm mailman"
mailman-join:         "|/var/lib/mailman/mail/mailman join mailman"
mailman-leave:        "|/var/lib/mailman/mail/mailman leave mailman"
mailman-owner:        "|/var/lib/mailman/mail/mailman owner mailman"
mailman-request:      "|/var/lib/mailman/mail/mailman request mailman"
mailman-subscribe:    "|/var/lib/mailman/mail/mailman subscribe mailman"
mailman-unsubscribe:  "|/var/lib/mailman/mail/mailman unsubscribe mailman"

On being done, save and close the file. postfix needs to be made aware of the added aliases. This can be done by typing:

sudo newaliases

mailman service can be started by typing:

sudo service mailman start

Restart the  postfix  service for enabling mail changes:

sudo service postfix restart

 

While services are being dealt, we should also stop and disable spamassassin. This is required as ISPConfig says that it is not required to run all the time:

sudo service spamassassin stop

The server can then be told to not start it at the boot again:

sudo update-rc.d -f spamassassin remove

LAMP Configuration

mcrypt  functionality needs to be enabled in PHP:

sudo php5enmod mcrypt

Also, we need to enable few Apache modules that we installed.

sudo a2enmod rewrite ssl actions include cgi dav_fs suexec dav auth_digest fastcgi alias

Some adjustments also need to be made to few of the Apache configuration files.

One of the enabled modules will currently intercept all the PHP files. In order to stop it, open the  suphp  configuration file:

sudo nano /etc/apache2/mods-available/suphp.conf
<IfModule mod_suphp.c>
    <FilesMatch "\.ph(p3?|tml)$">
        SetHandler application/x-httpd-suphp
    </FilesMatch>
        suPHP_AddHandler application/x-httpd-suphp
. . .

The top block should be replaced with a single command. On finishing, it will look like this:

<IfModule mod_suphp.c>
   AddType application/x-httpd-suphp .php .php3 .php4 .php5 .phtml
   suPHP_AddHandler application/x-httpd-suphp

On finishing, save and close the file.

The symbolic link for the mailman Apache file needs to be created manually. This can be done by typing:

sudo ln -s /etc/mailman/apache.conf /etc/apache2/conf-available/mailman.conf

 

It can then be enabled by typing:

sudo a2enconf mailman

If you plan to create sites that can host Ruby files, then you should comment out the.rb  files’processing in the mime.types  file. ISPConfig will manage this by itself:

sudo nano /etc/mime.types
application/x-rss+xml                           rss
#application/x-ruby                              rb
application/x-rx

On finishing, save and close the file.

Now, Apache needs to be restarted for implementing our changes:

sudo service apache2 restart

Miscellaneous Configuration

A few more system pieces needs to be edited.

AsISPConfig is utilizedoften for subdividing the server space for the purpose of reselling, FTP access to the clients is usually a requirement. All the necessary software has already been installed, but few adjustments are still remaining.

We will begin by editing the configuration of FTP server:

sudo nano /etc/default/pure-ftpd-common

We require to ensure that our FTP users are restricted to a chroot environment so that they are unable to intervene in the remaining system. This can be done by modifying the  VIRTUALCHROOT setting to  true:

VIRTUALCHROOT=true

As FTP is innately insecure, we will protect it with the TLS encryption. This can be set up by making a flag file that just contains the  1 character:

sudo nano /etc/pure-ftpd/conf/TLS
1

Next, a self-signed certificate needs to be created which can be utilized by the process. This can be done by calling:

sudo openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/ssl/private/pure-ftpd.pem -out /etc/ssl/private/pure-ftpd.pem

 

This certificate holds validity of one year. Some prompts needs to be answered. Provide them your information. The  Common Name  is probably the most crucial part.

 

The key file needs to be locked out afterwards by typing:

sudo chmod 600 /etc/ssl/private/pure-ftpd.pem

On finishing all this, restart the service:

sudo service pure-ftpd-mysql restart

This should permit our FTP daemon for utilizing encryption.

A reason to get FTP set up on the system is due to deploying a monitoring daemon named awstats which is configured for expecting the existence of this particular service.

 

ISPConfig will call awstats  as required, so that it need not rely upon the cron  job which is usually utilizedfor polling the server. This can be removed by typing:

sudo rm /etc/cron.d/awstats

Install ISPConfig

Now the actual ISPConfig software can be installed.

This can be done by downloading the most recent stable version to our server. The most advanced stable version with a direct link available is version 3 at present. Installation will be updated once we get everything deployed.

Now, you need to change to your home directory and the project should be downloaded using wget:

cd ~
wget http://www.ispconfig.org/downloads/ISPConfig-3-stable.tar.gz

 

On completion of download, the directory structure should be extracted and moved into the  install subdirectory of the folder structure that’s extracted:

tar xzvf ISPConfig*
cd ispconfig3_install/install/

Now, the software is ready to be installed. This can be done by typing:

sudo php -q install.php

Next you will have to go through a quite lengthy deployment processes.

Luckily, you need to provideonly your MySQL root password in the details. For all other entries, utilize the default values by pressing “ENTER” and skipping ahead.

On finishing the installation, update the most recent version by typing:

sudo php -q update.php

Again, only press “ENTER” for using the default values for each command.

Once you are done, you can go to your ISPConfig service by going to your domain name ensuedby:8080  in your browser:

https://server_domain_name:8080

An SSL warning will be generated as self-signed certificates are being used:

ssl_warning

Click on “proceed” or “continue” for accepting the certificate.

A login screen would appear next.

login

The default username and password are both  admin:

Username: admin
Password: admin

Once you enter these values, you will be forwarded to the ISPConfig3 interface:

main_site

On reaching here, you need to modify the admin user’s password by clicking on the “System” button, next clicking upon the “CP Users” link under the “User Management” category of the left-hand navigation menu.

Now click upon the  admin user account that’s there in the main window. You will be provided with a choice of changing the password for the admin user on the page.

Conclusion

YourISPConfig panel is now deployed and configured. You can now manage mail, accounts and domains from inside this interface.

 

KB Admin has written 28 articles

Leave a Reply