Professional Documents
Culture Documents
2010
[THE PERFECT SERVER ‐ CENTOS 5.4 X86_64
WITH ISPCONFIG 3]
This tutorial shows how to prepare a CentOS 5.4 x86_64 server for the installation of ISPConfig 3, and how to install
ISPConfig 3. ISPConfig 3 is a webhosting control panel that allows you to configure the following services through a web
browser: Apache web server, Postfix mail server, MySQL, MyDNS nameserver, PureFTPd, SpamAssassin, ClamAV, and
many more.Please note that this setup does not work for ISPConfig 2! It is valid for ISPConfig 3 only!I do not issue any
guarantee that this will work for you!
[THE PERFECT SERVER ‐ CENTOS 5.4 X86_64 WITH ISPCONFIG 3]
UPDATED APRIL 11, 2010
Disclaimer
This paper is extracted from the guide The Perfect Server ‐ CentOS 5.4 x86_64 [ISPConfig 3] originally created by Falko
Timme <ft [at] falkotimme [dot] com> and can be found at http://www.howtoforge.com/perfect‐server‐centos‐5.4‐
x86_64‐ispconfig‐3. I just copied it without images to have a printed version for easy access when deploying a CentOS
Server. The software links are updated to the date of publishing this paper.
2
[THE PERFECT SERVER ‐ CENTOS 5.4 X86_64 WITH ISPCONFIG 3]
Content
1 REQUIREMENTS 5
2 PRELIMINARY NOTE 5
3 INSTALL THE BASE SYSTEM 5
4 ADJUST /ETC/HOSTS 6
5 CONFIGURE ADDITIONAL IP ADDRESSES 7
6 DISABLE THE FIREWALL AND SELINUX 8
7 INSTALL SOME SOFTWARE 9
8 QUOTA 9
9 INSTALL APACHE, MYSQL, PHPMYADMIN 10
10 INSTALL COURIER‐IMAP, COURIER‐AUTHLIB, AND MAILDROP 11
11 APPLY QUOTA PATCH TO POSTFIX 15
12 CONFIGURE COURIER 17
13 INSTALL GETMAIL 18
14 SET MYSQL PASSWORDS AND CONFIGURE PHPMYADMIN 19
15 INSTALL AMAVISD‐NEW, SPAMASSASSIN AND CLAMAV 20
16 INSTALLING APACHE2 WITH MOD_PHP, MOD_FCGI/PHP5, AND SUPHP 20
17 INSTALL PUREFTPD 23
18 INSTALL MYDNS 24
3
[THE PERFECT SERVER ‐ CENTOS 5.4 X86_64 WITH ISPCONFIG 3]
19 INSTALL VLOGGER AND WEBALIZER 24
20 INSTALL JAILKIT 25
21 INSTALL FAIL2BAN 25
22 INSTALL RKHUNTER 25
23 INSTALL SQUIRRELMAIL 26
24 INSTALL ISPCONFIG 3 27
CONFIGURATION SHEET 29
4
[THE PERFECT SERVER ‐ CENTOS 5.4 X86_64 WITH ISPCONFIG 3]
1 Requirements
To install such a system you will need the following:
Download the CentOS 5.4 DVD or the seven CentOS 5.4 CDs from a mirror next to you (the list of
mirrors can be found here: http://isoredirect.centos.org/centos/5/isos/x86_64/).
a fast internet connection.
2 Preliminary Note
In this tutorial I use the hostname server1.example.com with the IP address 192.168.0.100 and the
gateway 192.168.0.1. These settings might differ for you, so you have to replace them where appropriate.
3 Install The Base System
Boot from your first CentOS 5.2 CD (CD 1) or the CentOS 5.2 DVD. Press <ENTER> at the boot prompt
It can take a long time to test the installation media so we skip this test here
The welcome screen of the CentOS installer appears. Click on Next
Choose your language next
Select your keyboard layout
I'm installing CentOS 5.2 on a fresh system, so I answer Yes to the question Would you like to initialize
this drive, erasing ALL DATA?
Now we must select a partitioning scheme for our installation. For simplicity's sake I select Remove
linux partitions on selected drives and create default layout. This will result in a small /boot and a
large / partition as well as a swap partition. Of course, you're free to partition your hard drive however
you like it. Then I hit Next
Answer the following question (Are you sure you want to do this?) with Yes
On to the network settings. The default setting here is to configure the network interfaces with DHCP,
but we are installing a server, so static IP addresses are not a bad idea... Click on the Edit button at the
top right
In the window that pops up uncheck Use dynamic IP configuration (DHCP) and Enable IPv6
support and give your network card a static IP address (in this tutorial I'm using the IP
address 192.168.0.100 for demonstration purposes) and a suitable netmask (e.g. 255.255.255.0)
Set the hostname manually, e.g. server1.example.com, and enter a gateway (e.g. 192.168.0.1) and up
to two DNS servers (e.g. 213.191.92.86 and 145.253.2.75)
Choose your time zone
Give root a password
5
[THE PERFECT SERVER ‐ CENTOS 5.4 X86_64 WITH ISPCONFIG 3]
Now we select the software we want to install. Select nothing but Server (uncheck everything else).
Also don't check Packages from CentOS Extras. Then check Customize now, and click on Next
Now we must select the package groups we want to install. Select Editors, Text‐based
Internet, Development Libraries, Development Tools, DNS Name Server, FTP Server, Mail
Server, MySQL Database, Server Configuration Tools, Web Server, Administration
Tools, Base, and System Tools (unselect all other package groups) and click on Next
The installer checks the dependencies of the selected packages
Click on Next to start the installation
The hard drive is being formatted
The installation begins. This will take a few minutes
Finally, the installation is complete, and you can remove your CD or DVD from the computer and
reboot it
After the reboot, select Firewall configuration and hit Run Tool
I want to install ISPConfig at the end of this tutorial which comes with its own firewall. That's why I
disable the default CentOS firewall now. Of course, you are free to leave it on and configure it to your
needs (but then you shouldn't use any other firewall later on as it will most probably interfere with the
CentOS firewall).
SELinux is a security extension of CentOS that should provide extended security. In my opinion you
don't need it to configure a secure system, and it usually causes more problems than advantages (think
of it after you have done a week of trouble‐shooting because some service wasn't working as
expected, and then you find out that everything was ok, only SELinux was causing the problem).
Therefore I disable it, too (this is a must if you want to install ISPConfig later on). Hit OK afterwards
Then leave the Setup Agent by selecting Exit
Then log in as root and reboot the system so that your changes can be applied:
reboot
4 Adjust /etc/hosts
Next we edit /etc/hosts. Make it look like this:
vi /etc/hosts
6
[THE PERFECT SERVER ‐ CENTOS 5.4 X86_64 WITH ISPCONFIG 3]
# Do not remove the following line, or various programs
# that require network functionality will fail.
127.0.0.1 localhost.localdomain localhost
192.168.0.100 server1.example.com server1
::1 localhost6.localdomain6 localhost6
5 Configure Additional IP Addresses
(This section is totally optional. It just shows how to add additional IP addresses to your network
interface eth0 if you need more than one IP address. If you're fine with one IP address, you can skip this
section.)
Let's assume our network interface is eth0. Then there is a file /etc/sysconfig/network‐scripts/ifcfg‐eth0 which
contains the settings for eth0. We can use this as a sample for our new virtual network interface eth0:0:
cp /etc/sysconfig/network‐scripts/ifcfg‐eth0 /etc/sysconfig/network‐scripts/ifcfg‐eth0:0
Now we want to use the IP address 192.168.0.101 on the virtual interface eth0:0. Therefore we open the
file /etc/sysconfig/network‐scripts/ifcfg‐eth0:0 and modify it as follows (we can leave out the HWADDR line as
it is the same physical network card):
vi /etc/sysconfig/network‐scripts/ifcfg‐eth0:0
# Advanced Micro Devices [AMD] 79c970 [PCnet32 LANCE]
DEVICE=eth0:0
BOOTPROTO=static
BROADCAST=192.168.0.255
IPADDR=192.168.0.101
NETMASK=255.255.255.0
NETWORK=192.168.0.0
ONBOOT=yes
Afterwards we have to restart the network:
/etc/init.d/network restart
You might also want to adjust /etc/hosts after you have added new IP addresses, although this is not
necessary.
Now run
7
[THE PERFECT SERVER ‐ CENTOS 5.4 X86_64 WITH ISPCONFIG 3]
ifconfig
You should now see your new IP address in the output:
[root@server1 ~]# ifconfig
eth0 Link encap:Ethernet HWaddr 00:0C:29:B1:97:E1
inet addr:192.168.0.100 Bcast:192.168.0.255 Mask:255.255.255.0
inet6 addr: fe80::20c:29ff:feb1:97e1/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:310 errors:0 dropped:0 overruns:0 frame:0
TX packets:337 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:28475 (27.8 KiB) TX bytes:72116 (70.4 KiB)
Interrupt:177 Base address:0x1400
eth0:0 Link encap:Ethernet HWaddr 00:0C:29:B1:97:E1
inet addr:192.168.0.101 Bcast:192.168.0.255 Mask:255.255.255.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
Interrupt:177 Base address:0x1400
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:8 errors:0 dropped:0 overruns:0 frame:0
TX packets:8 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:560 (560.0 b) TX bytes:560 (560.0 b)
[root@server1 ~]#
6 Disable The Firewall And SELinux
(You can skip this chapter if you have already disabled the firewall and SELinux at the end of the basic system
installation (in the Setup Agent).)
8
[THE PERFECT SERVER ‐ CENTOS 5.4 X86_64 WITH ISPCONFIG 3]
I want to install ISPConfig at the end of this tutorial which comes with its own firewall. That's why I disable the
default CentOS firewall now. Of course, you are free to leave it on and configure it to your needs (but then you
shouldn't use any other firewall later on as it will most probably interfere with the CentOS firewall).
SELinux is a security extension of CentOS that should provide extended security. In my opinion you don't need
it to configure a secure system, and it usually causes more problems than advantages (think of it after you
have done a week of trouble‐shooting because some service wasn't working as expected, and then you find
out that everything was ok, only SELinux was causing the problem). Therefore I disable it, too (this is a must if
you want to install ISPConfig later on).
Run
system‐config‐securitylevel
Set both Security Level and SELinux to Disabled and hit OK
Afterwards we must reboot the system:
reboot
7 Install Some Software
First we import the GPG keys for software packages:
rpm ‐‐import /etc/pki/rpm‐gpg/RPM‐GPG‐KEY*
Then we update our existing packages on the system:
yum update
Now we install some software packages that are needed later on:
yum groupinstall 'Development Tools'
yum groupinstall 'Development Libraries'
8 Quota
(If you have chosen a different partitioning scheme than I did, you must adjust this chapter so that quota
applies to the partitions where you need it.)
To install quota, we run this command:
9
[THE PERFECT SERVER ‐ CENTOS 5.4 X86_64 WITH ISPCONFIG 3]
yum install quota
Edit /etc/fstab and add ,usrquota,grpquota to the / partition (/dev/VolGroup00/LogVol00):
vi /etc/fstab
/dev/VolGroup00/LogVol00 / ext3 defaults,usrquota,grpquota 1 1
LABEL=/boot /boot ext3 defaults 1 2
tmpfs /dev/shm tmpfs defaults 0 0
devpts /dev/pts devpts gid=5,mode=620 0 0
sysfs /sys sysfs defaults 0 0
proc /proc proc defaults 0 0
/dev/VolGroup00/LogVol01 swap swap defaults 0 0
Then run
touch /aquota.user /aquota.group
chmod 600 /aquota.*
mount ‐o remount /
quotacheck ‐avugm
quotaon ‐avug
to enable quota.
9 Install Apache, MySQL, phpMyAdmin
First we enable the RPMforge repository on our CentOS system as lots of the packages that we are going to
install in the course of this tutorial are not available in the official CentOS 5.4 repositories:
rpm ‐‐import http://dag.wieers.com/rpm/packages/RPM‐GPG‐KEY.dag.txt
cd /tmp
wget http://dag.wieers.com/rpm/packages/rpmforge‐release/rpmforge‐release‐0.3.6‐1.el5.rf.x86_64.rpm
rpm ‐ivh rpmforge‐release‐0.3.6‐1.el5.rf.x86_64.rpm
(If the above link doesn't work anymore, you can find the current version of rpmforge‐
release here: http://dag.wieers.com/rpm/packages/rpmforge‐release/)
Afterwards we can install the needed packages with one single command (including the packages we need to
build Courier‐IMAP):
10
[THE PERFECT SERVER ‐ CENTOS 5.4 X86_64 WITH ISPCONFIG 3]
yum install ntp httpd mysql‐server php php‐mysql php‐mbstring php‐mcrypt phpmyadmin rpm‐build gcc mysql‐devel
openssl‐devel cyrus‐sasl‐devel pkgconfig zlib‐devel pcre‐devel openldap‐devel postgresql‐devel expect libtool‐ltdl‐
devel openldap‐servers libtool gdbm‐devel pam‐devel gamin‐devel
10 Install Courier‐IMAP, Courier‐Authlib, And Maildrop
Unfortunately there are no rpm packages for Courier‐IMAP, Courier‐Authlib, and Maildrop, therefore we have
to build them ourselves.
RPM packages should not be built as root; courier‐imap will even refuse to compile if it detects that the
compilation is run as the root user. Therefore we create a normal user account now (compileuser in this
example) and give him a password:
useradd ‐m ‐s /bin/bash compileuser
passwd compileuser
We will need the sudo command later on so that the user compileuser can compile and install the rpm
packages. But first, we must allow compileuser to run all commands using sudo:
Run
visudo
In the file that opens there's a line root ALL=(ALL) ALL. Add a similar line for compileuser just below that line:
[...]
root ALL=(ALL) ALL
compileuser ALL=(ALL) ALL
[...]
Now we are ready to build our rpm package. First become the user compileuser:
su compileuser
Next we create our build environment:
11
[THE PERFECT SERVER ‐ CENTOS 5.4 X86_64 WITH ISPCONFIG 3]
mkdir $HOME/rpm
mkdir $HOME/rpm/SOURCES
mkdir $HOME/rpm/SPECS
mkdir $HOME/rpm/BUILD
mkdir $HOME/rpm/SRPMS
mkdir $HOME/rpm/RPMS
mkdir $HOME/rpm/RPMS/i386
mkdir $HOME/rpm/RPMS/x86_64
echo "%_topdir $HOME/rpm" >> $HOME/.rpmmacros
Now we download the source files from http://www.courier‐mta.org/download.php:
cd /tmp
wget http://prdownloads.sourceforge.net/courier/courier‐authlib‐0.63.0.tar.bz2
wget http://prdownloads.sourceforge.net/courier/courier‐imap‐4.7.0.tar.bz2
wget http://prdownloads.sourceforge.net/courier/maildrop‐2.4.3.tar.bz2
Now (still in /tmp) we can build courier‐authlib:
sudo rpmbuild ‐ta courier‐authlib‐0.63.0.tar.bz2
After the build process, the rpm packages can be found
in $HOME/rpm/RPMS/x86_64 ($HOME/rpm/RPMS/i386 if you are on an i386 system):
cd $HOME/rpm/RPMS/x86_64
The command
ls ‐l
shows you the available rpm packages:
[compileuser@server1 x86_64]$ ls ‐l
total 676
‐rw‐r‐‐r‐‐ 1 root root 153870 Oct 28 15:39 courier‐authlib‐0.63.0‐1.x86_64.rpm
‐rw‐r‐‐r‐‐ 1 root root 385183 Oct 28 15:39 courier‐authlib‐debuginfo‐0.63.0‐1.x86_64.rpm
‐rw‐r‐‐r‐‐ 1 root root 36260 Oct 28 15:39 courier‐authlib‐devel‐0.63.0‐1.x86_64.rpm
‐rw‐r‐‐r‐‐ 1 root root 18434 Oct 28 15:39 courier‐authlib‐ldap‐0.63.0‐1.x86_64.rpm
12
[THE PERFECT SERVER ‐ CENTOS 5.4 X86_64 WITH ISPCONFIG 3]
‐rw‐r‐‐r‐‐ 1 root root 14617 Oct 28 15:39 courier‐authlib‐mysql‐0.63.0‐1.x86_64.rpm
‐rw‐r‐‐r‐‐ 1 root root 13826 Oct 28 15:39 courier‐authlib‐pgsql‐0.63.0‐1.x86_64.rpm
‐rw‐r‐‐r‐‐ 1 root root 8484 Oct 28 15:39 courier‐authlib‐pipe‐0.63.0‐1.x86_64.rpm
‐rw‐r‐‐r‐‐ 1 root root 35388 Oct 28 15:39 courier‐authlib‐userdb‐0.63.0‐1.x86_64.rpm
[compileuser@server1 x86_64]$
Select the ones you want to install, and install them like this:
sudo rpm ‐ivh courier‐authlib‐0.63.0‐1.x86_64.rpm courier‐authlib‐mysql‐0.63.0‐1.x86_64.rpm courier‐
authlib‐devel‐0.63.0‐1.x86_64.rpm
Now we go back to the /tmp directory and run rpmbuild again, this time without sudo, otherwise the
compilation will fail because it was run as root:
cd /tmp
rpmbuild ‐ta courier‐imap‐4.7.0.tar.bz2
After the build process, the rpm packages can be found
in $HOME/rpm/RPMS/x86_64 ($HOME/rpm/RPMS/i386 if you are on an i386 system):
cd $HOME/rpm/RPMS/x86_64
The command
ls ‐l
shows you the available rpm packages:
[compileuser@server1 x86_64]$ ls ‐l
total 1996
‐rw‐r‐‐r‐‐ 1 root root 153870 Oct 28 15:39 courier‐authlib‐0.63.0‐1.x86_64.rpm
‐rw‐r‐‐r‐‐ 1 root root 385183 Oct 28 15:39 courier‐authlib‐debuginfo‐0.63.0‐1.x86_64.rpm
‐rw‐r‐‐r‐‐ 1 root root 36260 Oct 28 15:39 courier‐authlib‐devel‐0.63.0‐1.x86_64.rpm
‐rw‐r‐‐r‐‐ 1 root root 18434 Oct 28 15:39 courier‐authlib‐ldap‐0.63.0‐1.x86_64.rpm
‐rw‐r‐‐r‐‐ 1 root root 14617 Oct 28 15:39 courier‐authlib‐mysql‐0.63.0‐1.x86_64.rpm
‐rw‐r‐‐r‐‐ 1 root root 13826 Oct 28 15:39 courier‐authlib‐pgsql‐0.63.0‐1.x86_64.rpm
‐rw‐r‐‐r‐‐ 1 root root 8484 Oct 28 15:39 courier‐authlib‐pipe‐0.63.0‐1.x86_64.rpm
‐rw‐r‐‐r‐‐ 1 root root 35388 Oct 28 15:39 courier‐authlib‐userdb‐0.63.0‐1.x86_64.rpm
13
[THE PERFECT SERVER ‐ CENTOS 5.4 X86_64 WITH ISPCONFIG 3]
‐rw‐r‐‐r‐‐ 1 compileuser compileuser 400497 Oct 28 15:49 courier‐imap‐4.7.0‐1.x86_64.rpm
‐rw‐r‐‐r‐‐ 1 compileuser compileuser 941203 Oct 28 15:49 courier‐imap‐debuginfo‐4.7.0‐1.x86_64.rpm
[compileuser@server1 x86_64]$
You can install courier‐imap like this:
sudo rpm ‐ivh courier‐imap‐4.7.0‐1.x86_64.rpm
Now we go back to the /tmp directory and run rpmbuild again, this time to build a maildrop package:
cd /tmp
sudo rpmbuild ‐ta maildrop‐2.4.3.tar.bz2
After the build process, the rpm packages can be found
in $HOME/rpm/RPMS/x86_64 ($HOME/rpm/RPMS/i386 if you are on an i386 system):
cd $HOME/rpm/RPMS/x86_64
The command
ls ‐l
shows you the available rpm packages:
[compileuser@server1 x86_64]$ ls ‐l
total 3256
‐rw‐r‐‐r‐‐ 1 root root 153870 Oct 28 15:39 courier‐authlib‐0.63.0‐1.x86_64.rpm
‐rw‐r‐‐r‐‐ 1 root root 385183 Oct 28 15:39 courier‐authlib‐debuginfo‐0.63.0‐1.x86_64.rpm
‐rw‐r‐‐r‐‐ 1 root root 36260 Oct 28 15:39 courier‐authlib‐devel‐0.63.0‐1.x86_64.rpm
‐rw‐r‐‐r‐‐ 1 root root 18434 Oct 28 15:39 courier‐authlib‐ldap‐0.63.0‐1.x86_64.rpm
‐rw‐r‐‐r‐‐ 1 root root 14617 Oct 28 15:39 courier‐authlib‐mysql‐0.63.0‐1.x86_64.rpm
‐rw‐r‐‐r‐‐ 1 root root 13826 Oct 28 15:39 courier‐authlib‐pgsql‐0.63.0‐1.x86_64.rpm
‐rw‐r‐‐r‐‐ 1 root root 8484 Oct 28 15:39 courier‐authlib‐pipe‐0.63.0‐1.x86_64.rpm
‐rw‐r‐‐r‐‐ 1 root root 35388 Oct 28 15:39 courier‐authlib‐userdb‐0.63.0‐1.x86_64.rpm
‐rw‐r‐‐r‐‐ 1 compileuser compileuser 400497 Oct 28 15:49 courier‐imap‐4.7.0‐1.x86_64.rpm
‐rw‐r‐‐r‐‐ 1 compileuser compileuser 941203 Oct 28 15:49 courier‐imap‐debuginfo‐4.7.0‐1.x86_64.rpm
‐rw‐r‐‐r‐‐ 1 root root 299284 Oct 28 15:55 maildrop‐2.4.3‐1.x86_64.rpm
‐rw‐r‐‐r‐‐ 1 root root 769256 Oct 28 15:55 maildrop‐debuginfo‐2.4.3‐1.x86_64.rpm
14
[THE PERFECT SERVER ‐ CENTOS 5.4 X86_64 WITH ISPCONFIG 3]
‐rw‐r‐‐r‐‐ 1 root root 134573 Oct 28 15:55 maildrop‐devel‐2.4.3‐1.x86_64.rpm
‐rw‐r‐‐r‐‐ 1 root root 63936 Oct 28 15:55 maildrop‐man‐2.4.3‐1.x86_64.rpm
[compileuser@server1 x86_64]$
You can now install maildrop like this:
sudo rpm ‐ivh maildrop‐2.4.3‐1.x86_64.rpm
After you have compiled and installed all needed packages, you can become root again by typing
exit
11 Apply Quota Patch To Postfix
We have to get the Postfix source rpm, patch it with the quota patch, build a new Postfix rpm package and
install it.
cd /usr/src
wget http://ftp‐stud.fht‐esslingen.de/pub/Mirrors/centos/5.4/os/SRPMS/postfix‐2.3.3‐2.1.el5_2.src.rpm
rpm ‐ivh postfix‐2.3.3‐2.1.el5_2.src.rpm
The last command will show some warnings that you can ignore:
warning: user mockbuild does not exist ‐ using root
warning: group mockbuild does not exist ‐ using root
cd /usr/src/redhat/SOURCES
wget http://vda.sourceforge.net/VDA/postfix‐2.3.3‐vda.patch.gz
gunzip postfix‐2.3.3‐vda.patch.gz
cd /usr/src/redhat/SPECS/
Now we must edit the file postfix.spec:
vi postfix.spec
15
[THE PERFECT SERVER ‐ CENTOS 5.4 X86_64 WITH ISPCONFIG 3]
[...]
%define MYSQL 1
[...]
# Patches
Patch0: postfix‐2.3.3‐vda.patch
Patch1: postfix‐2.1.1‐config.patch
Patch3: postfix‐alternatives.patch
Patch6: postfix‐2.1.1‐obsolete.patch
Patch7: postfix‐2.1.5‐aliases.patch
Patch8: postfix‐large‐fs.patch
Patch9: postfix‐2.2.5‐cyrus.patch
Patch10: postfix‐CVE‐2008‐2936.patch
[...]
%setup ‐q
# Apply obligatory patches
%patch0 ‐p1 ‐b .vda
%patch1 ‐p1 ‐b .config
%patch3 ‐p1 ‐b .alternatives
%patch6 ‐p1 ‐b .obsolete
%patch7 ‐p1 ‐b .aliases
%patch8 ‐p1 ‐b .large‐fs
%patch9 ‐p1 ‐b .cyrus
%patch10 ‐p1 ‐b .CVE‐2008‐2936
[...]
Then we build our new Postfix rpm package with quota and MySQL support:
rpmbuild ‐ba postfix.spec
Our Postfix rpm package is created in /usr/src/redhat/RPMS/x86_64 (/usr/src/redhat/RPMS/i386 if you are on
an i386 system), so we go there:
cd /usr/src/redhat/RPMS/x86_64
The command
ls ‐l
16
[THE PERFECT SERVER ‐ CENTOS 5.4 X86_64 WITH ISPCONFIG 3]
shows you the available packages:
[root@server1 x86_64]# ls ‐l
total 11732
‐rw‐r‐‐r‐‐ 1 root root 3940050 Oct 28 16:02 postfix‐2.3.3‐2.1.x86_64.rpm
‐rw‐r‐‐r‐‐ 1 root root 7999345 Oct 28 16:02 postfix‐debuginfo‐2.3.3‐2.1.x86_64.rpm
‐rw‐r‐‐r‐‐ 1 root root 49759 Oct 28 16:02 postfix‐pflogsumm‐2.3.3‐2.1.x86_64.rpm
[root@server1 x86_64]#
Pick the Postfix package and install it like this:
rpm ‐ivh postfix‐2.3.3‐2.1.x86_64.rpm
Then turn off Sendmail and start Postfix, saslauthd, and courier‐authlib:
chkconfig ‐‐levels 235 courier‐authlib on
/etc/init.d/courier‐authlib start
chkconfig ‐‐levels 235 sendmail off
chkconfig ‐‐levels 235 postfix on
chkconfig ‐‐levels 235 saslauthd on
/etc/init.d/sendmail stop
/etc/init.d/postfix start
/etc/init.d/saslauthd start
12 Configure Courier
Now we create the system startup links for courier‐imap:
chkconfig ‐‐levels 235 courier‐imap on
/etc/init.d/courier‐authlib restart
/etc/init.d/courier‐imap restart
When courier‐imap is started for the first time, it automatically creates the certificate files /usr/lib/courier‐
imap/share/imapd.pem and /usr/lib/courier‐imap/share/pop3d.pem from the /usr/lib/courier‐
imap/etc/imapd.cnf and /usr/lib/courier‐imap/etc/pop3d.cnf files. Because the .cnf files contain the
17
[THE PERFECT SERVER ‐ CENTOS 5.4 X86_64 WITH ISPCONFIG 3]
line CN=localhost, but our server is named server1.example.com, the certificates might cause problems when
you use TLS connections. To solve this, we delete both certificates...
cd /usr/lib/courier‐imap/share/
rm ‐f imapd.pem
rm ‐f pop3d.pem
... and replace the CN=localhost lines in /usr/lib/courier‐imap/etc/imapd.cnf and /usr/lib/courier‐
imap/etc/pop3d.cnf with CN=server1.example.com:
vi /usr/lib/courier‐imap/etc/imapd.cnf
[...]
CN=server1.example.com
[...]
vi /usr/lib/courier‐imap/etc/pop3d.cnf
[...]
CN=server1.example.com
[...]
Then we recreate both certificates...
./mkimapdcert
./mkpop3dcert
... and restart courier‐authlib and courier‐imap:
/etc/init.d/courier‐authlib restart
/etc/init.d/courier‐imap restart
13 Install Getmail
Getmail can be installed as follows:
18
[THE PERFECT SERVER ‐ CENTOS 5.4 X86_64 WITH ISPCONFIG 3]
yum install getmail
14 Set MySQL Passwords And Configure phpMyAdmin
Start MySQL:
chkconfig ‐‐levels 235 mysqld on
/etc/init.d/mysqld start
Then set passwords for the MySQL root account:
mysqladmin ‐u root password yourrootsqlpassword
mysqladmin ‐h server1.example.com ‐u root password yourrootsqlpassword
Now we configure phpMyAdmin. We change the Apache configuration so that phpMyAdmin allows
connections not just from localhost (by commenting out the <Directory "/usr/share/phpmyadmin"> stanza):
vi /etc/httpd/conf.d/phpmyadmin.conf
#
# Web application to manage MySQL
#
#<Directory "/usr/share/phpmyadmin">
# Order Deny,Allow
# Deny from all
# Allow from 127.0.0.1
#</Directory>
Alias /phpmyadmin /usr/share/phpmyadmin
Alias /phpMyAdmin /usr/share/phpmyadmin
Alias /mysqladmin /usr/share/phpmyadmin
Next we change the authentication in phpMyAdmin from cookie to http:
vi /usr/share/phpmyadmin/config.inc.php
19
[THE PERFECT SERVER ‐ CENTOS 5.4 X86_64 WITH ISPCONFIG 3]
[...]
/* Authentication type */
$cfg['Servers'][$i]['auth_type'] = 'http';
[...]
Then we create the system startup links for Apache and start it:
chkconfig ‐‐levels 235 httpd on
/etc/init.d/httpd start
Now you can direct your browser
to http://server1.example.com/phpmyadmin/ or http://192.168.0.100/phpmyadmin/ and log in with the user
name root and your new root MySQL password.
15 Install Amavisd‐new, SpamAssassin And ClamAV
To install amavisd‐new, spamassassin and clamav, run the following command:
yum install amavisd‐new spamassassin clamav clamd unzip bzip2 unrar perl‐DBD‐mysql
Then we start freshclam, amavisd, and clamd...
chkconfig ‐‐levels 235 amavisd on
chkconfig ‐‐levels 235 clamd on
/usr/bin/freshclam
/etc/init.d/amavisd start
/etc/init.d/clamd start
... and create some necessary directories:
mkdir /var/run/amavisd /var/spool/amavisd /var/spool/amavisd/tmp /var/spool/amavisd/db
chown amavis /var/run/amavisd /var/spool/amavisd /var/spool/amavisd/tmp /var/spool/amavisd/db
16 Installing Apache2 With mod_php, mod_fcgi/PHP5, And suPHP
ISPConfig 3 allows you to use mod_php, mod_fcgi/PHP5, cgi/PHP5, and suPHP on a per website basis.
mod_fcgid is not available in the official CentOS repositories, but there's a package for CentOS 5.x in
the centos.karan.org testing repository. We enable the repository as follows:
20
[THE PERFECT SERVER ‐ CENTOS 5.4 X86_64 WITH ISPCONFIG 3]
cd /etc/yum.repos.d/
wget http://centos.karan.org/kbsingh‐CentOS‐Extras.repo
Next we open /etc/yum.repos.d/kbsingh‐CentOS‐Extras.repo...
vi /etc/yum.repos.d/kbsingh‐CentOS‐Extras.repo
... and set gpgcheck to 0 and enabled to 1 in the [kbs‐CentOS‐Testing] section:
[...]
[kbs‐CentOS‐Testing]
name=CentOS.Karan.Org‐EL$releasever ‐ Testing
gpgcheck=0
gpgkey=http://centos.karan.org/RPM‐GPG‐KEY‐karan.org.txt
enabled=1
baseurl=http://centos.karan.org/el$releasever/extras/testing/$basearch/RPMS/
Afterwards we can install Apache2with mod_php5, mod_fcgid, and PHP5:
yum install php php‐devel php‐gd php‐imap php‐ldap php‐mysql php‐odbc php‐pear php‐xml php‐xmlrpc
php‐eaccelerator php‐mbstring php‐mcrypt php‐mhash php‐mssql php‐snmp php‐soap php‐tidy curl curl‐
devel perl‐libwww‐perl ImageMagick libxml2 libxml2‐devel mod_fcgid php‐cli httpd‐devel
Next we open /etc/php.ini...
vi /etc/php.ini
... and change the error reporting (so that notices aren't shown any longer) and add cgi.fix_pathinfo = 1 at the
end of the file:
[...]
;error_reporting = E_ALL
error_reporting = E_ALL & ~E_NOTICE
[...]
cgi.fix_pathinfo = 1
Next we install suPHP:
21
[THE PERFECT SERVER ‐ CENTOS 5.4 X86_64 WITH ISPCONFIG 3]
cd /tmp
wget http://suphp.org/download/suphp‐0.7.1.tar.gz
tar xvfz suphp‐0.7.1.tar.gz
cd suphp‐0.7.1/
./configure ‐‐prefix=/usr ‐‐sysconfdir=/etc ‐‐with‐apr=/usr/bin/apr‐1‐config ‐‐with‐apxs=/usr/sbin/apxs ‐‐
with‐apache‐user=apache ‐‐with‐setid‐mode=owner ‐‐with‐php=/usr/bin/php‐cgi ‐‐with‐
logfile=/var/log/httpd/suphp_log ‐‐enable‐SUPHP_USE_USERGROUP=yes
make
make install
Then we add the suPHP module to our Apache configuration...
vi /etc/httpd/conf.d/suphp.conf
LoadModule suphp_module modules/mod_suphp.so
... and create the file /etc/suphp.conf as follows:
vi /etc/suphp.conf
[global]
;Path to logfile
logfile=/var/log/httpd/suphp.log
;Loglevel
loglevel=info
;User Apache is running as
webserver_user=apache
;Path all scripts have to be in
docroot=/
;Path to chroot() to before executing script
;chroot=/mychroot
; Security options
allow_file_group_writeable=true
allow_file_others_writeable=false
22
[THE PERFECT SERVER ‐ CENTOS 5.4 X86_64 WITH ISPCONFIG 3]
allow_directory_group_writeable=true
allow_directory_others_writeable=false
;Check wheter script is within DOCUMENT_ROOT
check_vhost_docroot=true
;Send minor error messages to browser
errors_to_browser=false
;PATH environment variable
env_path=/bin:/usr/bin
;Umask to set, specify in octal notation
umask=0077
; Minimum UID
min_uid=100
; Minimum GID
min_gid=100
[handlers]
;Handler for php‐scripts
x‐httpd‐suphp="php:/usr/bin/php‐cgi"
;Handler for CGI‐scripts
x‐suphp‐cgi="execute:!self"
Finally we restart Apache:
/etc/init.d/httpd restart
17 Install PureFTPd
PureFTPd can be installed with the following command:
yum install pure‐ftpd
Then create the system startup links and start PureFTPd:
chkconfig ‐‐levels 235 pure‐ftpd on
/etc/init.d/pure‐ftpd start
23
[THE PERFECT SERVER ‐ CENTOS 5.4 X86_64 WITH ISPCONFIG 3]
18 Install MyDNS
There's no MyDNS rpm package for the x86_64 architecture, and building MyDNS from the sources on CentOS
5.4 x86_64 fails because of some incompatibilities with the mysql‐devel package. Therefore we install the
MyDNS rpm package for i386 which works on x86_64 as well:
wget http://mydns.bboy.net/download/mydns‐mysql‐1.1.0‐1.i386.rpm
rpm ‐ivh mydns‐mysql‐1.1.0‐1.i386.rpm
When the system boots, MyDNS must be started after MySQL. The MySQL startup link has the priority 64 on
CentOS, so the MyDNS startup link must have a priority between 65 and 99. Therefore we open the MyDNS
init script...
vi /etc/init.d/mydns
... and change
[...]
# chkconfig: 345 52 50
[...]
to
[...]
# chkconfig: 345 65 50
[...]
Then we create the startup links:
chkconfig ‐‐levels 235 mydns on
We don't start MyDNS now because it must be configured first ‐ this will be done automatically by the
ISPConfig 3 installer later on.
19 Install Vlogger And Webalizer
Vlogger and webalizer can be installed as follows:
yum install webalizer perl‐DateTime‐Format‐HTTP perl‐DateTime‐Format‐Builder
24
[THE PERFECT SERVER ‐ CENTOS 5.4 X86_64 WITH ISPCONFIG 3]
cd /tmp
wget http://n0rp.chemlab.org/vlogger/vlogger‐1.3.tar.gz
tar xvfz vlogger‐1.3.tar.gz
mv vlogger‐1.3/vlogger /usr/sbin/
rm ‐rf vlogger*
20 Install Jailkit
Jailkit is needed only if you want to chroot SSH users. It can be installed as follows (important: Jailkit must be
installed before ISPConfig ‐ it cannot be installed afterwards!):
cd /tmp
wget http://olivier.sessink.nl/jailkit/jailkit‐2.11.tar.gz
tar xvfz jailkit‐2.11.tar.gz
cd jailkit‐2.11
./configure
make
make install
rm ‐rf jailkit‐2.11*
21 Install fail2ban
This is optional but recommended, because the ISPConfig monitor tries to show the log:
yum install fail2ban
chkconfig ‐‐levels 235 fail2ban on
/etc/init.d/fail2ban start
22 Install rkhunter
rkhunter can be installed as follows:
yum install rkhunter
25
[THE PERFECT SERVER ‐ CENTOS 5.4 X86_64 WITH ISPCONFIG 3]
23 Install SquirrelMail
To install the SquirrelMail webmail client, run...
yum install squirrelmail
... and restart Apache:
/etc/init.d/httpd restart
Then configure SquirrelMail:
/usr/share/squirrelmail/config/conf.pl
We must tell SquirrelMail that we are using Courier‐IMAP/‐POP3:
Uppon Options, input the following:
D
courier
press any key
S
Q
One last thing we need to do is modify the file /etc/squirrelmail/config_local.php and comment out
the $default_folder_prefix variable ‐ if you don't do this, you will see the following error message in
SquirrelMail after you've logged in: Query: CREATE "Sent" Reason Given: Invalid mailbox name.
vi /etc/squirrelmail/config_local.php
<?php
/**
* Local config overrides.
*
* You can override the config.php settings here.
* Don't do it unless you know what you're doing.
* Use standard PHP syntax, see config.php for examples.
*
* @copyright © 2002‐2006 The SquirrelMail Project Team
26
[THE PERFECT SERVER ‐ CENTOS 5.4 X86_64 WITH ISPCONFIG 3]
* @license http://opensource.org/licenses/gpl‐license.php GNU Public License
* @version $Id: config_local.php,v 1.2 2006/07/11 03:33:47 wtogami Exp $
* @package squirrelmail
* @subpackage config
*/
//$default_folder_prefix = '';
?>
Now you can type in http://server1.example.com/webmail or http://192.168.0.100/webmail in your browser
to access SquirrelMail.
24 Install ISPConfig 3
Uninstall BIND and Dovecot so that the ISPConfig installer configures ISPConfig for MyDNS and Courier:
yum remove bind dovecot
To install ISPConfig 3 from the latest released version, do this:
cd /tmp
wget http://downloads.sourceforge.net/ispconfig/ISPConfig‐3.0.2.1.tar.gz?use_mirror=
tar xvfz ISPConfig‐3.0.2.1.tar.gz
cd ispconfig3_install/install/
(Replace ISPConfig‐3.0.2.1.tar.gz with the latest version.)
The next step is to run
php ‐q install.php
This will start the ISPConfig 3 installer. Uppon Options, input the following:
ENTER
ENTER
ENTER
ENTER
ENTER
yourrootsqlpassword
ENTER
ENTER
27
[THE PERFECT SERVER ‐ CENTOS 5.4 X86_64 WITH ISPCONFIG 3]
ENTER
ENTER
ENTER
ENTER
ENTER
ENTER
ENTER
ENTER
The installer automatically configures all underlying services, so no manual configuration is needed.
Afterwards you can access ISPConfig 3
under http://server1.example.com:8080/ or http://192.168.0.100:8080/. Log in with the username admin and
the password admin (you should change the default password after your first login)
The system is now ready to be used.
28
[THE PERFECT SERVER ‐ CENTOS 5.4 X86_64 WITH ISPCONFIG 3]
Configuration Sheet
As you install the Server, fill this form as you configure everything:
Installation Date
Root Password
Server IP Address
Gateway
DNS Servers /
Server Name
Compiler User Username
SQL Password
MySQL Port
ISPConfig New Admin Psswd
Notes:
29