|
|
| Zeile 46: |
Zeile 46: |
| <div class="mw-collapsible-content">'''Antwort5'''</div> | | <div class="mw-collapsible-content">'''Antwort5'''</div> |
| </div> | | </div> |
|
| |
| = TMP =
| |
| == Log in to the server ==
| |
| Log in as root or run
| |
| su -
| |
|
| |
| on Debian to become the root user on your server before you proceed. '''IMPORTANT''': You must use 'su -' and not just 'su', otherwise your PATH variable is set wrong by Debian.
| |
|
| |
| On Ubuntu, use the command:
| |
| sudo -s
| |
|
| |
| to become root user.
| |
|
| |
| == Configure the hostname and hosts ==
| |
| The hostname of your server should be a subdomain like "server1.example.com". Do not use a domain name without a subdomain part like "example.com" as hostname as this will cause problems later with your setup. First, you should check the hostname in /etc/hosts and change it when necessary. The line should be: "IP Address - space - full hostname incl. domain - space - subdomain part". For our hostname server1.example.com, the file shall look like this (some lines may be different, it can differ per hosting provider):
| |
|
| |
| nano /etc/hosts
| |
| 127.0.0.1 localhost.localdomain localhost
| |
| <nowiki># This line should be changed to the correct servername:</nowiki>
| |
| 127.0.1.1 server1.example.com server1
| |
|
| |
| <nowiki># The following lines are desirable for IPv6 capable hosts</nowiki>
| |
| ::1 localhost ip6-localhost ip6-loopback
| |
| ff02::1 ip6-allnodes
| |
| ff02::2 ip6-allrouters
| |
|
| |
| Then edit the /etc/hostname file:
| |
| nano /etc/hostname
| |
|
| |
| It shall contain only the subdomain part, in our case:
| |
| server1
| |
|
| |
| Finally, reboot the server to apply the change:
| |
| systemctl reboot
| |
|
| |
| Log in again and check if the hostname is correct now with these commands:
| |
| hostname
| |
| hostname -f
| |
|
| |
| The output shall be like this:
| |
| root@server1:~$ hostname
| |
| server1
| |
| root@server1:~$ hostname -f
| |
| server1.example.com
| |
|
| |
| You will also have to set up a DNS record with your DNS provider that points to your server. There should be a A (and/or AAAA) record for the subdomain that points to your public IP.
| |
|
| |
| == Update the system ==
| |
| To update the system packages, run the command:
| |
| apt update && apt upgrade
| |
|
| |
| == Run the autoinstaller ==
| |
| * The basic setup contains the following software packages (plus their dependencies of course):
| |
| Apache2, PHP (versions 5.6 - 8.0), MariaDB, Postfix, Dovecot, Rspamd, BIND, Jailkit, Roundcube, PHPMyAdmin, Mailman, Webalizer, AWStats and GoAccess
| |
| * You can easily choose not to use certain functions or install extra services by passing arguments to the installer
| |
| * See chapter 6 for available command-line options
| |
|
| |
| === Install ISPConfig with Apache web server ===
| |
| ; You can now run the script with arguments
| |
| For example, if you want a normal install with Apache web server and a port range for Passive FTP + unattended-upgrades, run:
| |
| wget -O - https://get.ispconfig.org | sh -s -- --use-ftp-ports=40110-40210 --unattended-upgrades
| |
|
| |
| The next steps are described in the chapter "Running the auto installer".
| |
|
| |
| === Install ISPConfig with Nginx web server ===
| |
| You can now run the script with arguments. For example, if you want a normal install with Nginx web server and a port range for Passive FTP + unattended-upgrades, run:
| |
| wget -O - https://get.ispconfig.org | sh -s -- --use-nginx --use-ftp-ports=40110-40210 --unattended-upgrades
| |
|
| |
| === Running the auto-installer ===
| |
| After some time, you will see:
| |
|
| |
| WARNING! This script will reconfigure your complete server!
| |
| It should be run on a freshly installed server and all current configuration that you have done will most likely be lost!
| |
| Type 'yes' if you really want to continue:
| |
|
| |
| Answer "yes" and hit enter. The installer will now start.
| |
|
| |
| When the installer is finished, it will show you the ISPConfig admin and MySQL root password like this:
| |
| [INFO] Your ISPConfig admin password is: 5GvfSSSYsdfdYC
| |
| [INFO] Your MySQL root password is: kkAkft82d!kafMwqxdtYs
| |
|
| |
| ; Make sure you write this information down, as you will need them later.
| |
|
| |
| == Setting up the firewall ==
| |
| ; The last thing to do is to set up our firewall.
| |
| Log in to the ISPConfig UI, and go to System -> Firewall. Then click "Add new firewall record".
| |
|
| |
| ; For a normal setup, it would look like this:
| |
| TCP: 20,21,22,25,80,443,40110:40210,110,143,465,587,993,995,53,8080,8081
| |
| UDP: 53
| |
|
| |
| ; The necessary ports for every service are:
| |
| Web: 20, 21, 22, 80, 443 and 40110:40210 (All TCP, no UDP)
| |
| Mail: 25, 110, 143, 465, 587, 993, and 995 (All TCP, no UDP)
| |
| DNS: 53 (TCP and UDP)
| |
| Panel: 8080 and 8081 (All TCP, no UDP)
| |
|
| |
| ; Your server is now set up and ready for use
| |
| You can log in at '''''https://server1.example.com:8080'''''
| |
|
| |
| == Advanced Options ==
| |
| ; The auto-installer has various command-line options to fine-tune the setup
| |
|
| |
| ; You can view all arguments with
| |
| wget -O - https://get.ispconfig.org | sh -s -- --help
| |
|
| |
| ; You can e.g. choose between Apache and Nginx webserver and which services shall be installed on the system. The command-line arguments are:
| |
| Usage: ispc3-ai.sh [] [...]
| |
|
| |
| This script automatically installs all needed packages for an ISPConfig 3 setup using the guidelines from the "Perfect Server Setup" howtos on www.howtoforge.com.
| |
|
| |
| ; Possible arguments are
| |
| --help Show this help page
| |
| --debug Enable verbose logging (logs each command with the exit code)
| |
| --channel Choose the channel to use for ISPConfig. --channel=<stable|dev>
| |
| "stable" is the latest ISPConfig release available on www.ispconfig.org
| |
| "dev" is the latest stable-branch from the ISPConfig git repository: https://git.ispconfig.org/ispconfig/ispconfig3/tree/stable-3.1
| |
| -> The dev channel might contain bugs and less-tested features and should only be used in production by very experienced users.
| |
| --lang Use language for ISPConfig installation. Specify with --lang=en|de (only en (English) and de (German) supported currently).
| |
| --interactive Don't install ISPConfig in non-interactive mode. This is needed if you want to use expert mode, e. g. to install a slave server that shall be integrated into an existing
| |
| multiserver setup.
| |
| --use-nginx Use nginx webserver instead of apache2
| |
| --use-amavis Use amavis instead of rspamd for mail filtering
| |
| --use-unbound Use unbound instead of bind9 for local resolving. Only allowed if --no-dns is set.
| |
| --use-php Use specific PHP versions, comma separated, instead of installing multiple PHP, e.g. --use-php=7.4,8.0 (5.6, 7.0, 7.1, 7.2, 7.3, 7.4 and 8.0 available).
| |
| --use-php=system disables the sury repository and just installs the system's default PHP version.
| |
| ommiting the argument (use all versions)
| |
| --use-ftp-ports This option sets the passive port range for pure-ftpd. You have to specify the port range separated by hyphen, e. g. --use-ftp-ports=40110-40210.
| |
| If not provided the passive port range will not be configured.
| |
| --use-certbot Use Certbot instead of acme.sh for issuing Let's Encrypt certificates. Not adviced unless you are migrating from a old server that uses Certbot.
| |
| --no-web Do not use ISPConfig on this server to manage webserver setting and don't install nginx/apache or pureftpd. This will also prevent installing an ISPConfig UI and implies
| |
| --no-roundcube as well as --no-pma
| |
| --no-mail Do not use ISPConfig on this server to manage mailserver settings. This will install postfix for sending system mails, but not dovecot and not configure any settings for
| |
| ISPConfig mail. It implies --no-mailman.
| |
| --no-dns Do not use ISPConfig on this server to manage DNS entries. Bind will be installed for local DNS caching / resolving only.
| |
| --no-local-dns Do not install local DNS caching / resolving via bind.
| |
| --no-firewall Do not install ufw and tell ISPConfig to not manage firewall settings on this server.
| |
| --no-roundcube Do not install roundcube webmail.
| |
| --roundcube Install Roundcube even when --no-mail is used. Manual configuration of Roundcube config is needed.
| |
| --no-pma Do not install PHPMyAdmin on this server.
| |
| --no-mailman Do not install Mailman mailing list manager.
| |
| --no-quota Disable file system quota
| |
| --no-ntp Disable NTP setup
| |
| --unattended-upgrades
| |
| Install UnattendedUpgrades. You can add extra arguments for automatic cleanup and automatic reboots when necessary with --unattended-upgrades=autoclean,reboot (or only
| |
| one of them).
| |
| --i-know-what-i-am-doing
| |
| Prevent the autoinstaller to ask for confirmation before continuing to reconfigure the server.
| |
|
| |
| ; For example
| |
| To install a 'Perfect Server' like setup with Nginx instead of Apache, use this command
| |
| wget -O - https://get.ispconfig.org | sh -s -- --use-nginx --use-ftp-ports=40110-40210 --unattended-upgrades
| |
|
| |
| Or to install an Nginx web server without Email and DNS services
| |
| wget -O - https://get.ispconfig.org | sh -s -- --use-nginx --no-dns --no-mail --use-ftp-ports=40110-40210 --unattended-upgrades
| |
|
| |
| == Finalizing ==
| |
| ; Your setup is now done!
| |
|
| |
| ; You can support ISPConfig by purchasing the manual
| |
| * https://www.ispconfig.org/documentation/
| |
|
| |
| ; The followings links are some useful tutorials/pointers for further setup
| |
| * Setting up mail (rDNS, SPF, DKIM): [https://www.howtoforge.com/how-to-install-an-email-server-with-ispconfig-on-debian-10/ https://www.howtoforge.com/how-to-install-an-email-server-with-ispconfig-on-debian-10/]
| |
| * Tweaking Roundcube: [https://www.howtoforge.com/community/threads/tweaking-the-roundcube-settings.86387/ https://www.howtoforge.com/community/threads/tweaking-the-roundcube-settings.86387/]
| |
| * Setting up autoconfig (automatic configuration for your email clients): [https://schaal-it.com/ispconfig-automail/ https://schaal-it.com/ispconfig-automail/]
| |
| * Improve the security of PHPMyAdmin and the rspamd interface: [https://www.howtoforge.com/community/threads/improving-the-security-of-phpmyadmin-and-rspamd-ui.86544/ https://www.howtoforge.com/community/threads/improving-the-security-of-phpmyadmin-and-rspamd-ui.86544/]
| |
| * Code repository and issue tracker of the ISPConfig Autoinstaller: [https://git.ispconfig.org/ispconfig/ispconfig-autoinstaller https://git.ispconfig.org/ispconfig/ispconfig-autoinstaller]
| |
|
| |
|
| |
| ; Further questions
| |
| * [https://www.howtoforge.com/community/forums/installation-configuration.27/ forum]
| |
|
| |
| == Download as a virtual machine ==
| |
| ; This setup is available as a virtual machine download
| |
| * in ova/ovf format (compatible with VMWare and Virtualbox) for howtoforge subscribers.
| |
| * The Virtual machine is based on Debian 11 and uses Apache as web server.
| |
|
| |
| '''Login details for the VM'''
| |
| * The IP address of the VM is 192.168.0.100
| |
| * The root password is: howtoforge
| |
| * The password of the ISPConfig "admin" user is: howtoforge
| |
| * There is another shell user with the name "administrator" and password: howtoforge
| |
| * The MySQL root password is: 4VLc2vw5mZzqHNd4xURT
| |
|
| |
| ; Change all passwords on the first login
| |