Assumed nginx, mariaBD
add ntp date
We assumed mariadb so skip installing mysql
add postfix, dovecot etc
edit /etc/postfix/master.cf
Uncomment the sumbission and smtps part
Restart postfix
check if mysql is running on * if not comment bind-address in /etc/mysql/my.cnf
install amavisd-new, SpamAssassin, and ClamAV
ISPConfig 3 setup uses amavisd which loads the SpamAssassin filter library internally, so we can stop SpamAssassin
If Apache2 is already installed on the system, stop it now...
... and remove Apache's system startup links, alternatively let it listen to a different port
Start nginx afterwards:
If both Apache2 and nginx are installed, the ISPConfig 3 installer will ask you which one you want to use - answer nginx in this case.
We can make PHP5 work in nginx through PHP-FPM (PHP-FPM (FastCGI Process Manager) is an alternative PHP FastCGI implementation with some additional features useful for sites of any size, especially busier sites) which we install as follows:
PHP-FPM is a daemon process (with the init script /etc/init.d/php5-fpm) that runs a FastCGI server on port 9000.
To get MySQL support in PHP, we can install the php5-mysql package. It's a good idea to install some other PHP5 modules as well as you might need them for your applications. You can search for available PHP5 modules like this:
Pick the ones you need and install them like this:
Xcache is a free and open PHP opcode cacher for caching and optimizing PHP intermediate code. It's similar to other PHP opcode cachers, such as eAccelerator and APC. It is strongly recommended to have one of these installed to speed up your PHP page.
Xcache can be installed as follows:
Reload PHP-FPM:
a first mailing list called mailman must be created:
Run
afterwards and restart Postfix:
Then start the Mailman daemon:
After you have installed ISPConfig 3, you can access Mailman as follows:
The ISPConfig apps vhost on port 8081 for nginx comes with a Mailman configuration, so you can use
http://server1.example.com:8081/cgi-bin/mailman/admin/ or
http://server1.example.com:8081/cgi-bin/mailman/listinfo/ to access Mailman.
Config derective to use mailman trough cgi:
PureFTPd and quota can be installed with the following command:
Edit the file /etc/default/pure-ftpd-common...
... and make sure that the start mode is set to standalone and set VIRTUALCHROOT=true:
Now we configure PureFTPd to allow FTP and TLS sessions. FTP is a very insecure protocol because all passwords and all data are transferred in clear text. By using TLS, the whole communication can be encrypted, thus making FTP much more secure.
If you want to allow FTP and TLS sessions, run
In order to use TLS, we must create an SSL certificate. I create it in /etc/ssl/private/, therefore I create that directory first:
Afterwards, we can generate the SSL certificate as follows:
Change the permissions of the SSL certificate:
Then restart PureFTPd:
edit /etc/fstab and add quota support: ,usrjquota=quota.user,grpjquota=quota.group,jqfmt=vfsv0
remount and enable quota
Install BIND DNS Server
edit /etc/cron.d/awstats
comment everything
Install Jailkit
now we build it from source:
You can now install the Jailkit .deb package as follows:
Install fail2ban
create the file /etc/fail2ban/jail.local
add the config
then create /etc/fail2ban/filter.d/pureftpd.conf
and add
and
with:
restart fail2ban afterwards:
Install SquirrelMail <-- replace with another client
Then configure SquirrelMail:
d, dovecot, S, Q.
You can now find SquirrelMail in the /usr/share/squirrelmail/ directory.
After you have installed ISPConfig 3, you can access SquirrelMail as follows:
The ISPConfig apps vhost on port 8081 for nginx comes with a SquirrelMail configuration, so you can use http://server1.example.com:8081/squirrelmail or http://server1.example.com:8081/webmail to access SquirrelMail.
If you want to use a /webmail or /squirrelmail alias that you can use from your web sites, this is a bit more complicated than for Apache because nginx does not have global aliases (i.e., aliases that can be defined for all vhosts). Therefore you have to define these aliases for each vhost from which you want to access SquirrelMail.
To do this, paste the following into the nginx Directives field on the Options tab of the web site in ISPConfig:
for https
If you use both http and https for your vhost, you need to add the following section to the http {} section in /etc/nginx/nginx.conf (before any include lines) which determines if the visitor uses http or https and sets the $fastcgi_https variable (which we will use in our SquirrelMail configuration) accordingly:
Don't forget to reload nginx afterwards:
Then go to the nginx Directives field again, and instead of fastcgi_param HTTPS on; you add the line fastcgi_param HTTPS $fastcgi_https; so that you can use SquirrelMail for both http and https requests:
Install ISPConfig 3
Before you start the ISPConfig installation, make sure that Apache is stopped (if it is installed - it is possible that some of your installed packages have installed Apache as a dependency without you knowing). If Apache2 is already installed on the system, stop it now...
... and remove Apache's system startup links:
Make sure that nginx is running:
download ispconfig3 make admin user for isp
src: http://www.howtoforge.com/perfect-server-ubuntu-12.04-lts-nginx-bind-dovecot-ispconfig-3-p6
add ntp date
apt-get install ntp ntpdate
apt-get install mysql-client mysql-server
apt-get install postfix postfix-mysql postfix-doc openssl getmail4 rkhunter binutils dovecot-imapd dovecot-pop3d dovecot-mysql dovecot-sieve
nano /etc/postfix/master.cf
submission inet n - - - - smtpd -o syslog_name=postfix/submission -o smtpd_tls_security_level=encrypt -o smtpd_sasl_auth_enable=yes -o smtpd_client_restrictions=permit_sasl_authenticated,reject # -o milter_macro_daemon_name=ORIGINATING smtps inet n - - - - smtpd -o syslog_name=postfix/smtps -o smtpd_tls_wrappermode=yes -o smtpd_sasl_auth_enable=yes -o smtpd_client_restrictions=permit_sasl_authenticated,reject # -o milter_macro_daemon_name=ORIGINATING
/etc/init.d/postfix restart
netstat -tap | grep mysql tcp 0 0 *:mysql *:* LISTEN 28333/mysqld
apt-get install amavisd-new spamassassin clamav clamav-daemon zoo unzip bzip2 arj nomarch lzop cabextract apt-listchanges libnet-ldap-perl libauthen-sasl-perl clamav-docs daemon libio-string-perl libio-socket-ssl-perl libnet-ident-perl zip libnet-dns-perl
/etc/init.d/spamassassin stop update-rc.d -f spamassassin remove
Skip from here if you used boa
Nginx is available as a package for Ubuntu which we can install as follows:apt-get install nginx
/etc/init.d/apache2 stop
update-rc.d -f apache2 remove
/etc/init.d/nginx start
apt-get install php5-fpm
apt-cache search php5
apt-get install php5-mysql php5-curl php5-gd php5-intl php-pear php5-imagick php5-imap php5-mcrypt php5-memcache php5-ming php5-ps php5-pspell php5-recode php5-snmp php5-sqlite php5-tidy php5-xmlrpc php5-xsl
apt-get install php5-xcache
/etc/init.d/php5-fpm reload </code To get CGI support in nginx, we install Fcgiwrap. <code> apt-get install fcgiwrap
End of skip part
Install Mailmanapt-get install mailman
newlist mailman nano /etc/aliases <code> add the folowing lines: <code> ## mailman mailing list mailman: "|/var/lib/mailman/mail/mailman post mailman" mailman-admin: "|/var/lib/mailman/mail/mailman admin mailman" mailman-bounces: "|/var/lib/mailman/mail/mailman bounces mailman" mailman-confirm: "|/var/lib/mailman/mail/mailman confirm mailman" mailman-join: "|/var/lib/mailman/mail/mailman join mailman" mailman-leave: "|/var/lib/mailman/mail/mailman leave mailman" mailman-owner: "|/var/lib/mailman/mail/mailman owner mailman" mailman-request: "|/var/lib/mailman/mail/mailman request mailman" mailman-subscribe: "|/var/lib/mailman/mail/mailman subscribe mailman" mailman-unsubscribe: "|/var/lib/mailman/mail/mailman unsubscribe mailman"
newaliases
/etc/init.d/postfix restart
/etc/init.d/mailman start
location /cgi-bin/mailman {
root /usr/lib/;
fastcgi_split_path_info (^/cgi-bin/mailman/[^/]*)(.*)$;
include /etc/nginx/fastcgi_params;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param PATH_INFO $fastcgi_path_info;
fastcgi_param PATH_TRANSLATED $document_root$fastcgi_path_info;
fastcgi_intercept_errors on;
fastcgi_pass unix:/var/run/fcgiwrap.socket;
}
location /images/mailman {
alias /usr/share/images/mailman;
}
location /pipermail {
alias /var/lib/mailman/archives/public;
autoindex on;
}apt-get install pure-ftpd-common pure-ftpd-mysql quota quotatool
nano /etc/default/pure-ftpd-common
[...] STANDALONE_OR_INETD=standalone [...] VIRTUALCHROOT=true [...]
echo 1 > /etc/pure-ftpd/conf/TLS
mkdir -p /etc/ssl/private/
openssl req -x509 -nodes -days 7300 -newkey rsa:2048 -keyout /etc/ssl/private/pure-ftpd.pem -out /etc/ssl/private/pure-ftpd.pem
chmod 600 /etc/ssl/private/pure-ftpd.pem
/etc/init.d/pure-ftpd-mysql restart
nano /etc/fstab
mount -o remount / quotacheck -avugm quotaon -avug
Install Vlogger, Webalizer, And AWstats <code> apt-get install vlogger webalizer awstats geoip-database
nano /etc/cron.d/awstats
apt-get install build-essential autoconf automake1.9 libtool flex bison debhelper binutils-gold
cd /usr/local/src wget http://olivier.sessink.nl/jailkit/jailkit-2.15.tar.gz tar xvfz jailkit-2.15.tar.gz cd jailkit-2.15 ./debian/rules binary
cd .. dpkg -i jailkit_2.14-1_*.deb
apt-get install fail2ban
nano /etc/fail2ban/jail.local
[pureftpd] enabled = true port = ftp filter = pureftpd logpath = /var/log/syslog maxretry = 3 [dovecot-pop3imap] enabled = true filter = dovecot-pop3imap action = iptables-multiport[name=dovecot-pop3imap, port="pop3,pop3s,imap,imaps", protocol=tcp] logpath = /var/log/mail.log maxretry = 5
nano /etc/fail2ban/filter.d/pureftpd.conf
[Definition] failregex = .*pure-ftpd: \(.*@<HOST>\) \[WARNING\] Authentication failed for user.* ignoreregex =
nano /etc/fail2ban/filter.d/dovecot-pop3imap.conf
[Definition] failregex = (?: pop3-login|imap-login): .*(?:Authentication failure|Aborted login \(auth failed|Aborted login \(tried to use disabled|Disconnected \(auth failed|Aborted login \(\d+ authentication attempts).*rip=(?P<host>\S*),.* ignoreregex =
/etc/init.d/fail2ban restart
apt-get install squirrelmail
squirrelmail-configure
location /squirrelmail {
root /usr/share/;
index index.php index.html index.htm;
location ~ ^/squirrelmail/(.+\.php)$ {
try_files $uri =404;
root /usr/share/;
fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $request_filename;
include /etc/nginx/fastcgi_params;
fastcgi_param PATH_INFO $fastcgi_script_name;
fastcgi_buffer_size 128k;
fastcgi_buffers 256 4k;
fastcgi_busy_buffers_size 256k;
fastcgi_temp_file_write_size 256k;
fastcgi_intercept_errors on;
}
location ~* ^/squirrelmail/(.+\.(jpg|jpeg|gif|css|png|js|ico|html|xml|txt))$ {
root /usr/share/;
}
}
location /webmail {
rewrite ^/* /squirrelmail last;
} location /squirrelmail {
root /usr/share/;
index index.php index.html index.htm;
location ~ ^/squirrelmail/(.+\.php)$ {
try_files $uri =404;
root /usr/share/;
fastcgi_pass 127.0.0.1:9000;
fastcgi_param HTTPS on; # <-- add this line
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $request_filename;
include /etc/nginx/fastcgi_params;
fastcgi_param PATH_INFO $fastcgi_script_name;
fastcgi_buffer_size 128k;
fastcgi_buffers 256 4k;
fastcgi_busy_buffers_size 256k;
fastcgi_temp_file_write_size 256k;
fastcgi_intercept_errors on;
}
location ~* ^/squirrelmail/(.+\.(jpg|jpeg|gif|css|png|js|ico|html|xml|txt))$ {
root /usr/share/;
}
}
location /webmail {
rewrite ^/* /squirrelmail last;
}and change
<code>
[...]
http {
[...]
## Detect when HTTPS is used
map $scheme $fastcgi_https {
default off;
https on;
}
[...]
}
[...]/etc/init.d/nginx reload
location /squirrelmail {
root /usr/share/;
index index.php index.html index.htm;
location ~ ^/squirrelmail/(.+\.php)$ {
try_files $uri =404;
root /usr/share/;
fastcgi_pass 127.0.0.1:9000;
fastcgi_param HTTPS $fastcgi_https; # <-- add this line
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $request_filename;
include /etc/nginx/fastcgi_params;
fastcgi_param PATH_INFO $fastcgi_script_name;
fastcgi_buffer_size 128k;
fastcgi_buffers 256 4k;
fastcgi_busy_buffers_size 256k;
fastcgi_temp_file_write_size 256k;
fastcgi_intercept_errors on;
}
location ~* ^/squirrelmail/(.+\.(jpg|jpeg|gif|css|png|js|ico|html|xml|txt))$ {
root /usr/share/;
}
}
location /webmail {
rewrite ^/* /squirrelmail last;
}/etc/init.d/apache2 stop
update-rc.d -f apache2 remove
/etc/init.d/nginx restart
wget http://prdownloads.sourceforge.net/ispconfig/ISPConfig-3.0.4.6.tar.gz tar xfz ISPConfig-3.0.4.6.tar.gz cd ispconfig3_install/install php -q install.php <code> en, standard, ....