Before beginning, a domain name should be pointed at the server that would be used.
A non-root user havingsudo privileges would also be required. To begin, log in as this user.
Upgrade the System
Upgrade the System
First of all, the base system needs to be upgraded. This makes sure that our system’s packages are the latest packaged versions.
Before doing this, the local package index should be updated so that
apt sees the advanced package versions:
sudo apt-get update sudo apt-get upgrade
As our system is up to date now, we can continue with the remaining installation.
Verify Hostnames are Configured Correctly
In the beginning, we will ensure that our hostnames are correctly configured. In this tutorial, we will be assuming that we are setting up a domain name as
server.test.com and the server’s IP address is
It needs to be verified that our hostname is correctly configured. Taking a look at file of our hosts:
sudo nano /etc/hosts
It may look like this:
127.0.0.1 localhost server.test.com server
We intend to make our hostnames utilize our public IP address. This can be done by dividing the line into two lines and aiming the domain name portion to our public IP address:
127.0.0.1 localhost 18.104.22.168 server.test.com server
On finishing, save and close the file.
hostname file should also be edited for ensuring that it also has the correct domain name:
sudo nano /etc/hostname
In case your complete hostname is not shown, then change the value:
You should ensure that the system utilizes the new value by entering:
sudo hostname -F /etc/hostname
Change System Settings
There are some things that Ubuntu configures in traditional way that we require to undo in order in order that our software properly functions.
The most basic thing would be to disable AppArmor, thatis not compatible with ISPConfig. So that service needs to be stopped:
sudo service apparmor stop
It can also be asked to unload its profiles by entering:
sudo service apparmor teardown
Following this, our server needs to be told that this service should not be started at boot:
sudo update-rc.d -f apparmor remove
All its associated packages and files can be removed by typing:
sudo apt-get remove apparmor
One more configuration to be modified is the default system shell. For system processes, Ubuntu utilizes the
dash shell, but ISPConfig utilizes added functionality specifically provided by
bash can be set to be the default system shell by entering:
sudo dpkg-reconfigure dash
When prompted, select “No” for having the utility reconfigure the system shell pointer for using
bash rather than
Install Additional Components
As the base system is now ready to go, we can nowstart installing some services that can be managed by ISPConfig and different software that supports ISPConfig.
We will deploy basic LAMP (Linux, Apache, MySQL, PHP) components, anti-virus scanning software for our mail,mail software, and other packages.
All this can be done with one big
apt command, so a lot of packages can be deployed at once:
sudo apt-get install apache2 apache2-utils libapache2-mod-suphp libapache2-mod-fastcgi libapache2-mod-python libapache2-mod-fcgid apache2-suexec libapache2-mod-php5 php5 php5-fpm php5-gd php5-mysql php5-curl php5-intl php5-memcache php5-memcached php5-ming php5-ps php5-xcache php5-pspell php5-recode php5-snmp php5-sqlite php5-tidy php5-xmlrpc php5-xsl php5-imap php5-cgi php-pear php-auth php5-mcrypt mcrypt php5-imagick imagemagick libruby memcached phpmyadmin postfix postfix-mysql postfix-doc mysql-server openssl getmail4 rkhunter binutils dovecot-imapd dovecot-pop3d dovecot-mysql dovecot-sieve mailman amavisd-new spamassassin clamav clamav-daemon zoo unzip zip arj nomarch lzop cabextract apt-listchanges libnet-ldap-perl libauthen-sasl-perl daemon libio-string-perl libio-socket-ssl-perl libnet-ident-perl libnet-dns-perl bind9 dnsutils vlogger webalizer awstats geoip-database libclass-dbi-mysql-perl squirrelmail pure-ftpd-common pure-ftpd-mysql snmp
At the time of installation, some questions will be asked. A language needs to be selected for
en (English) and continue. Also, you will be asked for selection and confirmation of a password for the MySQL administrative user.
One more prompt you will get is if a self-signed SSL certificate should be created for
dovecot. Select “Yes”. Enter the name as “commonName” for your SSL certificate. This is your fully qualified domain name:
postfix, what mail configuration is needed would be asked. Select
Internet Site. Then you will be asked to decide the system mail name. This should also be set to your domain name:
For phpMyAdmin, the software possesses the capability of automatically configuring itself dependingupon your web server. Select “apache2” and press “SPACE” for selecting that option. Now hit “TAB” then “ENTER” for making the selection.
Next it will be asked whether you intend to configure the database for phpMyAdmin using
dbconfig-common. Select “Yes”. Enter the MySQL administrator account’s password that you had selected above. Then you need to perform selection and confirmation of a password for the phpMyAdmin user.
Now all your components are installed.
Configure the Backend Components
Since we have installed everything, we should start configuring our tools and services.
We will begin by enabling few functionalities in
postfix. The default configuration file needs to be opened with your editor:
sudo nano /etc/postfix/master.cf
Some lines of this file needs to be uncommented. Especially the line dealing with the submission service alongwith the starting three option lines below, and the smtps service and the beginningthree option lines for that one also:
submission inet n - - - - smtpd -o syslog_name=postfix/submission -o smtpd_tls_security_level=encrypt -o smtpd_sasl_auth_enable=yes . . . smtps inet n - - - - smtpd -o syslog_name=postfix/smtps -o smtpd_tls_wrappermode=yes -o smtpd_sasl_auth_enable=yes
Now, under both the services an additional option needs to be added. It would be similar for each:
submission inet n - - - - smtpd -o syslog_name=postfix/submission -o smtpd_tls_security_level=encrypt -o smtpd_sasl_auth_enable=yes -o smtpd_client_restrictions=permit_sasl_authenticated,reject . . . smtps inet n - - - - smtpd -o syslog_name=postfix/smtps -o smtpd_tls_wrappermode=yes -o smtpd_sasl_auth_enable=yes -o smtpd_client_restrictions=permit_sasl_authenticated,reject
On finishing, save and close the file.
One more mail related service that should be configured is
mailman, that can manage mailing lists.
In the beginning, we can tell it to make a new list:
sudo newlist mailman
You will need to provide the email to be linked with the list. Also, you will need to select a password.
A long list of aliases would be outputted by the script. Those should be added to the
/etc/aliases file’s bottom:
sudo nano /etc/aliases
It will look like this:
postmaster: root mailman: "|/var/lib/mailman/mail/mailman post mailman" mailman-admin: "|/var/lib/mailman/mail/mailman admin mailman" mailman-bounces: "|/var/lib/mailman/mail/mailman bounces mailman" mailman-confirm: "|/var/lib/mailman/mail/mailman confirm mailman" mailman-join: "|/var/lib/mailman/mail/mailman join mailman" mailman-leave: "|/var/lib/mailman/mail/mailman leave mailman" mailman-owner: "|/var/lib/mailman/mail/mailman owner mailman" mailman-request: "|/var/lib/mailman/mail/mailman request mailman" mailman-subscribe: "|/var/lib/mailman/mail/mailman subscribe mailman" mailman-unsubscribe: "|/var/lib/mailman/mail/mailman unsubscribe mailman"
On being done, save and close the file. postfix needs to be made aware of the added aliases. This can be done by typing:
mailman service can be started by typing:
sudo service mailman start
postfix service for enabling mail changes:
sudo service postfix restart
While services are being dealt, we should also stop and disable
spamassassin. This is required as ISPConfig says that it is not required to run all the time:
sudo service spamassassin stop
The server can then be told to not start it at the boot again:
sudo update-rc.d -f spamassassin remove
mcrypt functionality needs to be enabled in PHP:
sudo php5enmod mcrypt
Also, we need to enable few Apache modules that we installed.
sudo a2enmod rewrite ssl actions include cgi dav_fs suexec dav auth_digest fastcgi alias
Some adjustments also need to be made to few of the Apache configuration files.
One of the enabled modules will currently intercept all the PHP files. In order to stop it, open the
suphp configuration file:
sudo nano /etc/apache2/mods-available/suphp.conf
<IfModule mod_suphp.c> <FilesMatch "\.ph(p3?|tml)$"> SetHandler application/x-httpd-suphp </FilesMatch> suPHP_AddHandler application/x-httpd-suphp . . .
The top block should be replaced with a single command. On finishing, it will look like this:
<IfModule mod_suphp.c> AddType application/x-httpd-suphp .php .php3 .php4 .php5 .phtml suPHP_AddHandler application/x-httpd-suphp
On finishing, save and close the file.
The symbolic link for the
mailman Apache file needs to be created manually. This can be done by typing:
sudo ln -s /etc/mailman/apache.conf /etc/apache2/conf-available/mailman.conf
It can then be enabled by typing:
sudo a2enconf mailman
If you plan to create sites that can host Ruby files, then you should comment out the
.rb files’processing in the
mime.types file. ISPConfig will manage this by itself:
sudo nano /etc/mime.types
application/x-rss+xml rss #application/x-ruby rb application/x-rx
On finishing, save and close the file.
Now, Apache needs to be restarted for implementing our changes:
sudo service apache2 restart
A few more system pieces needs to be edited.
AsISPConfig is utilizedoften for subdividing the server space for the purpose of reselling, FTP access to the clients is usually a requirement. All the necessary software has already been installed, but few adjustments are still remaining.
We will begin by editing the configuration of FTP server:
sudo nano /etc/default/pure-ftpd-common
We require to ensure that our FTP users are restricted to a chroot environment so that they are unable to intervene in the remaining system. This can be done by modifying the
VIRTUALCHROOT setting to
As FTP is innately insecure, we will protect it with the TLS encryption. This can be set up by making a flag file that just contains the
sudo nano /etc/pure-ftpd/conf/TLS
Next, a self-signed certificate needs to be created which can be utilized by the process. This can be done by calling:
sudo openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/ssl/private/pure-ftpd.pem -out /etc/ssl/private/pure-ftpd.pem
This certificate holds validity of one year. Some prompts needs to be answered. Provide them your information. The
Common Name is probably the most crucial part.
The key file needs to be locked out afterwards by typing:
sudo chmod 600 /etc/ssl/private/pure-ftpd.pem
On finishing all this, restart the service:
sudo service pure-ftpd-mysql restart
This should permit our FTP daemon for utilizing encryption.
A reason to get FTP set up on the system is due to deploying a monitoring daemon named
awstats which is configured for expecting the existence of this particular service.
ISPConfig will call
awstats as required, so that it need not rely upon the
cron job which is usually utilizedfor polling the server. This can be removed by typing:
sudo rm /etc/cron.d/awstats
Now the actual ISPConfig software can be installed.
This can be done by downloading the most recent stable version to our server. The most advanced stable version with a direct link available is version 3 at present. Installation will be updated once we get everything deployed.
Now, you need to change to your home directory and the project should be downloaded using
cd ~ wget http://www.ispconfig.org/downloads/ISPConfig-3-stable.tar.gz
On completion of download, the directory structure should be extracted and moved into the
install subdirectory of the folder structure that’s extracted:
tar xzvf ISPConfig* cd ispconfig3_install/install/
Now, the software is ready to be installed. This can be done by typing:
sudo php -q install.php
Next you will have to go through a quite lengthy deployment processes.
Luckily, you need to provideonly your MySQL root password in the details. For all other entries, utilize the default values by pressing “ENTER” and skipping ahead.
On finishing the installation, update the most recent version by typing:
sudo php -q update.php
Again, only press “ENTER” for using the default values for each command.
Once you are done, you can go to your ISPConfig service by going to your domain name ensuedby
:8080 in your browser:
An SSL warning will be generated as self-signed certificates are being used:
Click on “proceed” or “continue” for accepting the certificate.
A login screen would appear next.
The default username and password are both
Username: admin Password: admin
Once you enter these values, you will be forwarded to the ISPConfig3 interface:
On reaching here, you need to modify the admin user’s password by clicking on the “System” button, next clicking upon the “CP Users” link under the “User Management” category of the left-hand navigation menu.
Now click upon the
admin user account that’s there in the main window. You will be provided with a choice of changing the password for the admin user on the page.
YourISPConfig panel is now deployed and configured. You can now manage mail, accounts and domains from inside this interface.