Install ispconfig on Centos 6

最後更新: 2015-04-15

 

目錄:

  • Debian6 ISPConfig 安裝
  • Centos ISPConfig 安裝方式
  • isconfig_var
  • 用 Domains 限制 Client 用到什麼
  • ispconfig_release_procedure
  • 立即令setting生效 (cron server.sh)
  • Protection

 


Debian6 ISPConfig 安裝

Package:

E-Mail:

  • postfix
  • dovecot-imapd
  • dovecot-pop3d
  • clamav
  • spamassassin
  • amavisd-new

LAMP:

  • php5
    • php5-mysql
    • php5-mcrypt
    • php5-gd
  • php5-cli
  • apache2
    • libapache2-mod-bw
    • apache2-suexec-custom
    • libapache2-mod-suphp
    • libapache2-mod-auth-mysql
  • mysql-server
  • awstats
  • webalizer

System:

  • munin-node
  • rkhunter
  • fail2ban

DNS:

  • bind9

FTP:

  • pure-ftpd
    • pure-ftpd-mysql

Tools:

  • curl
  • getmail4
  • phpmyadmin

quota:

  • quota
  • quotatool

log:

  • vlogger

 


 

Centos ISPConfig 安裝方式:

 

Step 1:

Disable SELinux

 

Step 2:

如果是 Centos 的話, 那要安裝 rpmforge 及 EPEL 的 yum.repos

http://pkgs.repoforge.org/rpmforge-release/

找 ???-release 的 link (它們會有 package: rpmforge-release) 之後安裝

e.g.

rpm -Uvh http://pkgs.repoforge.org/rpmforge-release/rpmforge-release-0.5.3-1.el7....

 

EPEL:

rpm -Uvh http://dl.fedoraproject.org/pub/epel/6/x86_64/epel-release-6-8.noarch.rpm

 

# 指定 rpmforge 優先

yum -y install yum-priorities

vi /etc/yum.repos.d/epel.repo

[epel]
priority=10

Step 3:

安裝基本功能:

yum install quota ntpdate

P.S.

Centos 6.5 mini 要另外安 crontabs

修改 fstab

defaults,noatime,usrjquota=aquota.user,grpjquota=aquota.group,jqfmt=vfsv0

reboot

quotacheck -avugm

quotacheck: Scanning /dev/mapper/VolGroup-lv_root [/] done
quotacheck: Checked 3570 directories and 29037 files

quotaon -avug

/dev/mapper/VolGroup-lv_root [/]: group quotas turned on
/dev/mapper/VolGroup-lv_root [/]: user quotas turned on

sync 時間:

crontab -e

1 1 * * *       /usr/sbin/ntpdate stdtime.gov.hk  &> /dev/null

 

Step 4 - 要安裝的 Package

# PHP

yum install  php-cli  php

# PHP extension

yum install php-soap php-tidy php-pear php-xml php-imap php-mbstring php-mcrypt php-mysql

# PHP Script

yum install phpmyadmin

# MySQL

yum install mysql mysql-server

# HTTP

yum install httpd mod_ssl mod_fcgid

yum install awstats webalizer

# ispconfig 要 mod_fcgid

# Mail

yum install postfix dovecot dovecot-mysql

yum install mailman  getmail  mailx  telnet

# DNS

yum install bind htdig bind-utils

# Other tools

yum install curl screen tcpdump wget unzip bzip2 unrar screen

# Secuity

yum -y install fail2ban rkhunter

# FTP (pureftp 在 EPEL 內)

yum install pure-ftpd

# Anti-Spam & Anti-Virus

yum install amavisd-new spamassassin clamav clamd perl-DBD-mysql

 

Step5 - Mysql

/etc/init.d/mysqld start

mysql_secure_installation

Step 6 - Install ispconfig

cd /root/ispconfig3_install/install

php -q install.php

之後回答以下問題:(基本上一路 Enter)

Select language (en,de) [en]: 
Installation mode (standard,expert) [standard]:
Full qualified hostname (FQDN) of the server, eg server1.domain.tld  [vm.ispconfig]
MySQL server hostname [localhost]:
MySQL root password []:
MySQL database to create [dbispconfig]:
MySQL charset [utf8]:

................................................................

ISPConfig Port [8080]:
Do you want a secure (SSL) connection to the ISPConfig web interface (y,n) [y]:

 

安裝 ISPConfig-3.0.4.6 會自動設定以下 Service

Configuring Jailkit
Configuring Dovecot
Configuring Spamassassin
Configuring Amavisd
Configuring Getmail
Configuring Pureftpd
Configuring BIND
Configuring Apache
Configuring Vlogger
Configuring Apps vhost
Configuring Bastille Firewall
Configuring Fail2ban
Installing ISPConfig
ISPConfig Port [8080]:

 

Step7 - Enable Service

chkconfig postfix on

chkconfig dovecot on

chkconfig mysqld on

chkconfig pure-ftpd on

chkconfig amavisd on

chkconfig clamd on

chkconfig httpd on

 

Step8 - 設定 firewall

# http
-A INPUT -m state --state NEW -m tcp -p tcp --dport 80 -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp --dport 443 -j ACCEPT

# mail
-A INPUT -m state --state NEW -m tcp -p tcp --dport 110 -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp --dport 143 -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp --dport 25 -j ACCEPT

# ispconfig
-A INPUT -m state --state NEW -m tcp -p tcp --dport 8080 -j ACCEPT

# ftp
-A INPUT -m state --state NEW -m tcp -p tcp --dport 21 -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp --dport 9001:9100 -j ACCEPT

# dns
-A INPUT -m state --state NEW -m tcp -p tcp --dport 53 -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p udp --dport 53 -j ACCEPT

# ssh
-A INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT


*nat
:PREROUTING ACCEPT [0:0]
:POSTROUTING ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
-A PREROUTING -p tcp -m tcp --dport 1025:1030 -j REDIRECT --to-ports 25
COMMI

 


Default 的 vhost 檔

 

新建立的東西的 Default 在以下目錄

/usr/local/ispconfig/server/conf

  • vhost.conf.master
  • autoresponder.master

 


Deault Website index.html

 

會抄 /usr/local/ispconfig/server/conf/index/ 去新建的網頁目錄

  • /usr/local/ispconfig/server/conf/index/standard_index.html_en

 


autoresponder

 

/var/vmail/mailfilters/<domain>/<user>

.autoresponder

                      RESPOND="/var/vmail/mailfilters/$HOST/$USER/.vacation.msg"
                      RESPONDDB="/var/vmail/mailfilters/$HOST/$USER/.vacation.lst"

                      # The following must be one contiguous line
                      cc "| mailbot -t $RESPOND -d $RESPONDDB -c 'UTF-8' -D 1 \
                      -A 'From: $RECIPIENT' -s 'Auto Response: from $RECIPIENT' \
                      /usr/sbin/sendmail -t -f ''"

當改錯時會有

(temporary failure. Command output: /var/vmail/mailfilters/xp.idv.hk/test/.autoresponder(18): Syntax error.)

用法:

mailbot [options] {program} [arg...]

reads an E-mail message on standard input and creates an E-mail message

If program is not specified, mailbot  runs ´sendmail -f ""´

 

  • -t filename (plain text message)
  • -c charset (MIME character set to charset)
  • -s "subject"
  • -A "header: value"
  • -D x (at least x days, default: 1 day)

 

重置 Client_id, Web_id ...

 

把以下 tables 的 AUTO_INCREMENT 改成 1

table:

  • client
  • web_domain
  • ftp_user
  • mail_domain
  • mail_user

 


 

設定立即生效

/usr/local/ispconfig/server/server.sh

如果成功執行, 那會見到

finished.

 

Debug

意外關機:

/usr/local/ispconfig/server/temp/.ispconfig_lock

 

開啟 Debug mode

/usr/local/ispconfig/server/lib/config.inc.php

 

//** Constants
define('LOGLEVEL_DEBUG',0);
define('LOGLEVEL_WARN',1);
define('LOGLEVEL_ERROR',2);

 

Welcome Mail 會由以下檔取資料:

 

interface/web/mail/lib/lang/en_mail_user.lng

$wb["welcome_mail_fromname_txt"] = 'ISPConfig3';
$wb["welcome_mail_fromemail_txt"] = "webmaster@localhost.tld";
$wb["welcome_mail_subject"] = 'Welcome to your new email account.';
$wb["welcome_mail_message"] = "Welcome to your new email account. Your webmaster.";

 


E-Mail quota

 

"Client" 裡的 "Mailbox quota" 是所有 Mailbox 容量的總和
"Mailbox" 裡的 "Quota" 填 0 時, 系統會自動填上最大數

ispconfig_mailsize
maildirsize


 

Spam Filter

 

"Move Spam Emails to Junk directory" 要啟動 spam filter 才用到

 


 

Mail 的 Forward 與 Alias

 

* Mail Forward 的 source 不能是真實的 e-mail account, 亦即是說要用 alias name
* Mail Forward 的     Destination 可以不是本地

* Email Alias 的 Destination 一定要是本地的真實 account
* Email Alias 可以一對多的

如果想做 copy 一份比另一個人, 可以用 "Mailbox" 的 "Send copy to"
透過 .mailfilter 用的一隻 record 去做
cc "!test@xp.idv.hk"

 

 


Backup 位置

 

 


FTP

 

* FTP 係建基於 website 的, 即是說沒有 website, 就不能建立 FTP account

* 就算 User 的 home 在最上一層, 它都是無 permission 建立檔案的

 


UserName

 

User 最好用 "_" 分開, 總長度要在 15 字之內 ( MySQL 的總長度)

 

 


isconfig_var

 

[CLIENTNAME]
[CLIENTID]
[domain]
[website_id]
[website_domain]
[website_path]

 


 

用 Domains 限制 Client 用到什麼:

 

System -> Interface Config -> Domains

Use the domain-module to add new domainsIf you use this module, your customers can only select one of the domains the admin creates for them.

 

 


ISPConfig Release Procedure And Check list

 

<<TO-DO>>

  1. Change interface IP
  2. System Update ( yum update )
  3. Change host name
  4. Change root password
  5. Change /etc/hosts
  6. Change ISPConfig admin password
  7. Delete Panel Useless Client
  8. Change ssh server RSA key ( /etc/ssh/ssh_host_* )
  9. Change mysql server root 's password
  10. Change postfix setting ( myhostname, mydomain, myorigin )
  11. Change ispconfig service password ( postfix, dovecot, pure-ftp,vlogger-dbi.conf, webmail ... )
  12. Update Panel "Remote User" pasword
  13. Clean up log ( "history -c", "/var/log/wtmp" ... )

 

更改了 System Password 後要更新的地方:

當更改過 mysql 內的 root 脹戶的 pw 後, 要更新以下檔案

/usr/local/ispconfig/server/lib/mysql_clientdb.conf

當更改過 mysql 內脹戶 ispconfig 的 pw 後, 要更新以下檔案

ftp:

  • /etc/pure-ftpd/db/mysql.conf

mail:

smtp

  • /etc/postfix/mysql-virtual_*

imap & pop3

  • /etc/dovecot/dovecot-sql.conf

舊版 ispconfig:

  • /etc/pam.d/smtp
  • /etc/courier/authmysqlrc

spam filter: (非必要)

  • /etc/amavis/conf.d/50-user

webmail:

  • /usr/share/roundcubemail/config/db.inc.php

ispconfig:

  • /usr/local/ispconfig/interface/lib/config.inc.php
  • /usr/local/ispconfig/server/lib/config.inc.php
  • /etc/vlogger-dbi.conf

一次過更改 File 的 Example:

sed -i 's/OLD_PW/NEW_PW/g' *.php

 


立即生效 (server.sh)

 

/usr/local/ispconfig/server/server.sh

/usr/local/ispconfig/server/temp/.ispconfig_lock

i.e. output

localhost:/usr/local/ispconfig/server# ./server.sh
groupdel: cannot remove the primary group of user 'web4'
finished.

 


vlogger

 

/bin/sh -c /usr/local/ispconfig/server/scripts/vlogger -s access.log -t %Y%m%d-access.log /var/log/ispconfig/httpd