Install ispconfig on Centos 6

由 datahunter 在一, 05/03/2012 - 15:20 發表

最後更新: 2015-04-15

Debian6 ISPConfig 安裝

Package:

E-Mail:

postfix
dovecot-imapd
dovecot-pop3d
clamav
spamassassin
amavisd-new

LAMP:

php5
- php5-mysql
- php5-mcrypt
- php5-gd
php5-cli
apache2
- libapache2-mod-bw
- apache2-suexec-custom
- libapache2-mod-suphp
- libapache2-mod-auth-mysql
mysql-server
awstats
webalizer

System:

munin-node
rkhunter
fail2ban

DNS:

bind9

FTP:

pure-ftpd
- pure-ftpd-mysql

Tools:

curl
getmail4
phpmyadmin

quota:

quota
quotatool

log:

vlogger

Centos ISPConfig 安裝方式:

Step 1:

Disable SELinux

Step 2:

如果是 Centos 的話, 那要安裝 rpmforge 及 EPEL 的 yum.repos

到 http://pkgs.repoforge.org/rpmforge-release/

找 ???-release 的 link (它們會有 package: rpmforge-release) 之後安裝

e.g.

rpm -Uvh http://pkgs.repoforge.org/rpmforge-release/rpmforge-release-0.5.3-1.el7....

EPEL:

rpm -Uvh http://dl.fedoraproject.org/pub/epel/6/x86_64/epel-release-6-8.noarch.rpm

# 指定 rpmforge 優先

yum -y install yum-priorities

vi /etc/yum.repos.d/epel.repo

[epel]
priority=10

Step 3:

安裝基本功能:

yum install quota ntpdate

P.S.

Centos 6.5 mini 要另外安 crontabs

修改 fstab

defaults,noatime,usrjquota=aquota.user,grpjquota=aquota.group,jqfmt=vfsv0

reboot

quotacheck -avugm

quotacheck: Scanning /dev/mapper/VolGroup-lv_root [/] done
quotacheck: Checked 3570 directories and 29037 files

quotaon -avug

/dev/mapper/VolGroup-lv_root [/]: group quotas turned on
/dev/mapper/VolGroup-lv_root [/]: user quotas turned on

sync 時間:

crontab -e

1 1 * * *       /usr/sbin/ntpdate stdtime.gov.hk  &> /dev/null

Step 4 - 要安裝的 Package

# PHP

yum install php-cli php

# PHP extension

yum install php-soap php-tidy php-pear php-xml php-imap php-mbstring php-mcrypt php-mysql

# PHP Script

yum install phpmyadmin

# MySQL

yum install mysql mysql-server

# HTTP

yum install httpd mod_ssl mod_fcgid

yum install awstats webalizer

# ispconfig 要 mod_fcgid

# Mail

yum install postfix dovecot dovecot-mysql

yum install mailman getmail mailx telnet

# DNS

yum install bind htdig bind-utils

# Other tools

yum install curl screen tcpdump wget unzip bzip2 unrar screen

# Secuity

yum -y install fail2ban rkhunter

# FTP (pureftp 在 EPEL 內)

yum install pure-ftpd

# Anti-Spam & Anti-Virus

yum install amavisd-new spamassassin clamav clamd perl-DBD-mysql

Step5 - Mysql

/etc/init.d/mysqld start

mysql_secure_installation

Step 6 - Install ispconfig

cd /root/ispconfig3_install/install

php -q install.php

之後回答以下問題:(基本上一路 Enter)

Select language (en,de) [en]: 
Installation mode (standard,expert) [standard]:
Full qualified hostname (FQDN) of the server, eg server1.domain.tld  [vm.ispconfig]
MySQL server hostname [localhost]:
MySQL root password []:
MySQL database to create [dbispconfig]:
MySQL charset [utf8]:

................................................................

ISPConfig Port [8080]:
Do you want a secure (SSL) connection to the ISPConfig web interface (y,n) [y]:

安裝 ISPConfig-3.0.4.6 會自動設定以下 Service

Configuring Jailkit
Configuring Dovecot
Configuring Spamassassin
Configuring Amavisd
Configuring Getmail
Configuring Pureftpd
Configuring BIND
Configuring Apache
Configuring Vlogger
Configuring Apps vhost
Configuring Bastille Firewall
Configuring Fail2ban
Installing ISPConfig
ISPConfig Port [8080]:

Step7 - Enable Service

chkconfig postfix on

chkconfig dovecot on

chkconfig mysqld on

chkconfig pure-ftpd on

chkconfig amavisd on

chkconfig clamd on

chkconfig httpd on

Step8 - 設定 firewall

# http
-A INPUT -m state --state NEW -m tcp -p tcp --dport 80 -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp --dport 443 -j ACCEPT

# mail
-A INPUT -m state --state NEW -m tcp -p tcp --dport 110 -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp --dport 143 -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp --dport 25 -j ACCEPT

# ispconfig
-A INPUT -m state --state NEW -m tcp -p tcp --dport 8080 -j ACCEPT

# ftp
-A INPUT -m state --state NEW -m tcp -p tcp --dport 21 -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp --dport 9001:9100 -j ACCEPT

# dns
-A INPUT -m state --state NEW -m tcp -p tcp --dport 53 -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p udp --dport 53 -j ACCEPT

# ssh
-A INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT


*nat
:PREROUTING ACCEPT [0:0]
:POSTROUTING ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
-A PREROUTING -p tcp -m tcp --dport 1025:1030 -j REDIRECT --to-ports 25
COMMI

Default 的 vhost 檔

新建立的東西的 Default 在以下目錄

/usr/local/ispconfig/server/conf

vhost.conf.master
autoresponder.master

Deault Website index.html

會抄 /usr/local/ispconfig/server/conf/index/ 去新建的網頁目錄

/usr/local/ispconfig/server/conf/index/standard_index.html_en

autoresponder

/var/vmail/mailfilters/<domain>/<user>

.autoresponder

RESPOND="/var/vmail/mailfilters/$HOST/$USER/.vacation.msg"
RESPONDDB="/var/vmail/mailfilters/$HOST/$USER/.vacation.lst"

                      # The following must be one contiguous line
                      cc "| mailbot -t $RESPOND -d $RESPONDDB -c 'UTF-8' -D 1 \
                      -A 'From: $RECIPIENT' -s 'Auto Response: from $RECIPIENT' \
                      /usr/sbin/sendmail -t -f ''"

當改錯時會有

(temporary failure. Command output: /var/vmail/mailfilters/xp.idv.hk/test/.autoresponder(18): Syntax error.)

用法:

mailbot [options] {program} [arg...]

reads an E-mail message on standard input and creates an E-mail message

If program is not specified, mailbot runs ´sendmail -f ""´

-t filename (plain text message)
-c charset (MIME character set to charset)
-s "subject"
-A "header: value"
-D x (at least x days, default: 1 day)

重置 Client_id, Web_id ...

把以下 tables 的 AUTO_INCREMENT 改成 1

table:

client
web_domain
ftp_user
mail_domain
mail_user

設定立即生效

行

/usr/local/ispconfig/server/server.sh

如果成功執行, 那會見到

finished.

Debug

意外關機:

/usr/local/ispconfig/server/temp/.ispconfig_lock

開啟 Debug mode

/usr/local/ispconfig/server/lib/config.inc.php

//** Constants
define('LOGLEVEL_DEBUG',0);
define('LOGLEVEL_WARN',1);
define('LOGLEVEL_ERROR',2);

Welcome Mail 會由以下檔取資料

interface/web/mail/lib/lang/en_mail_user.lng

$wb["welcome_mail_fromname_txt"] = 'ISPConfig3';
$wb["welcome_mail_fromemail_txt"] = "[email protected]";
$wb["welcome_mail_subject"] = 'Welcome to your new email account.';
$wb["welcome_mail_message"] = "Welcome to your new email account. Your webmaster.";

E-Mail quota

"Client" 裡的 "Mailbox quota" 是所有 Mailbox 容量的總和
"Mailbox" 裡的 "Quota" 填 0 時, 系統會自動填上最大數

ispconfig_mailsize
maildirsize

Spam Filter

"Move Spam Emails to Junk directory" 要啟動 spam filter 才用到

Mail 的 Forward 與 Alias

* Mail Forward 的 source 不能是真實的 e-mail account, 亦即是說要用 alias name
* Mail Forward 的 Destination 可以不是本地

* Email Alias 的 Destination 一定要是本地的真實 account
* Email Alias 可以一對多的

如果想做 copy 一份比另一個人, 可以用 "Mailbox" 的 "Send copy to"
透過 .mailfilter 用的一隻 record 去做
cc "[email protected]"

Backup 位置

FTP

* FTP 係建基於 website 的, 即是說沒有 website, 就不能建立 FTP account

* 就算 User 的 home 在最上一層, 它都是無 permission 建立檔案的

UserName

User 最好用 "_" 分開, 總長度要在 15 字之內 ( MySQL 的總長度)

isconfig_var

[CLIENTNAME]
[CLIENTID]
[domain]
[website_id]
[website_domain]
[website_path]

用 Domains 限制 Client 用到什麼:

System -> Interface Config -> Domains

Use the domain-module to add new domainsIf you use this module, your customers can only select one of the domains the admin creates for them.

ISPConfig Release Procedure And Check list

<<TO-DO>>

Change interface IP
System Update ( yum update )
Change host name
Change root password
Change /etc/hosts
Change ISPConfig admin password
Delete Panel Useless Client
Change ssh server RSA key ( /etc/ssh/ssh_host_* )
Change mysql server root 's password
Change postfix setting ( myhostname, mydomain, myorigin )
Change ispconfig service password ( postfix, dovecot, pure-ftp,vlogger-dbi.conf, webmail ... )
Update Panel "Remote User" pasword
Clean up log ( "history -c", "/var/log/wtmp" ... )

更改了 System Password 後要更新的地方:

當更改過 mysql 內的 root 脹戶的 pw 後, 要更新以下檔案

/usr/local/ispconfig/server/lib/mysql_clientdb.conf

當更改過 mysql 內脹戶 ispconfig 的 pw 後, 要更新以下檔案

ftp:

/etc/pure-ftpd/db/mysql.conf

mail:

smtp

/etc/postfix/mysql-virtual_*

imap & pop3

/etc/dovecot/dovecot-sql.conf

舊版 ispconfig:

/etc/pam.d/smtp
/etc/courier/authmysqlrc

spam filter: (非必要)

/etc/amavis/conf.d/50-user

webmail:

/usr/share/roundcubemail/config/db.inc.php

ispconfig:

/usr/local/ispconfig/interface/lib/config.inc.php
/usr/local/ispconfig/server/lib/config.inc.php
/etc/vlogger-dbi.conf

一次過更改 File 的 Example:

sed -i 's/OLD_PW/NEW_PW/g' *.php

立即生效 (server.sh)