Date post: | 14-Jan-2016 |
Category: |
Documents |
Upload: | peter-banda |
View: | 17 times |
Download: | 0 times |
7/18/2019 The Perfect Server Cent OS.doc
http://slidepdf.com/reader/full/the-perfect-server-cent-osdoc 1/49
The Perfect Server - CentOS 6.4 x86_64 (nginx,Dovecot, ISPCong 3)
Version 1.0
Author: Falko TimmeFollow me on Twitter
Last edited 03/22/2013
This tutorial shows how to prepare a CentO !." #$!%!" ser&er 'or the installation o' ()Con*+ 3, and
how to install ()Con*+ 3. ()Con*+ 3 is a we-hostin+ ontrol panel that allows ou to on*+ure the
'ollowin+ ser&ies throu+h a we- -rowser: n+in# we- ser&er, )ost*# mail ser&er, L, (4
nameser&er, )ureFT)d, pamAssassin, ClamAV, ailman, and man more. ine &ersion 3.0.",
()Con*+ omes with 'ull support 'or the n+in# we- ser&er in addition to Apahe5 this tutorial o&ers
the setup o' a ser&er that uses n+in#, not Apahe.
Please note that this setup does not work for ISPConfig 2! (t is &alid 'or ()Con*+ 3 onl6
( do not issue an +uarantee that this will work 'or ou6
ISPCong 3 !n"!#
(n order to learn how to use ()Con*+ 3, ( stron+l reommend to download the ()Con*+ 3 anual.
On more than 300 pa+es, it o&ers the onept -ehind ()Con*+ 7admin, resellers, lients8, e#plains
how to install and update ()Con*+ 3, inludes a re'erene 'or all 'orms and 'orm *elds in ()Con*+
to+ether with e#amples o' &alid inputs, and pro&ides tutorials 'or the most ommon tasks in ()Con*+
3. (t also lines out how to make our ser&er more seure and omes with a trou-leshootin+ setion at
the end.
ISPCong onitor $%% &or $n'roi'
9ith the ()Con*+ onitor App, ou an hek our ser&er status and *nd out i' all ser&ies are
runnin+ as e#peted. ou an hek TC) and ;4) ports and pin+ our ser&ers. (n addition to that ou
an use this app to re<uest details 'rom ser&ers that ha&e ()Con*+ installed 7%#e!e note th!t the
ini" int!##e' ISPCong 3 verion *ith "%%ort for the ISPCong onitor $%% i
3.+.3.385 these details inlude e&erthin+ ou know 'rom the onitor module in the ()Con*+ Control
)anel 7e.+. ser&ies, mail and sstem lo+s, mail <ueue, C); and memor in'o, disk usa+e, <uota, O
details, =>?unter lo+, et.8, and o' ourse, as ()Con*+ is multiser&er@apa-le, ou an hek all
ser&ers that are ontrolled 'rom our ()Con*+ master ser&er.
For download and usa+e instrutions, please &isit http://www.ispon*+.or+/ispon*+@3/ispon*+@
monitor@app@'or@android/.
e/"ireent
To install suh a sstem ou will need the 'ollowin+:
7/18/2019 The Perfect Server Cent OS.doc
http://slidepdf.com/reader/full/the-perfect-server-cent-osdoc 2/49
• 4ownload the two CentO !." 4V4s 'rom a mirror ne#t to ou 7the list o' mirrors an -e 'ound
here: http://isorediret.entos.or+/entos/!/isos/#$!%!"/ 8.
• a 'ast (nternet onnetion.
0 Pre#iin!r1 2ote
(n this tutorial ( use the hostname server1.example.com with the () address 192.168.0.100 and the
+atewa 192.168.0.1. These settin+s mi+ht dier 'or ou, so ou ha&e to replae them where
appropriate.
3 Int!## The !e S1te
oot 'rom our *rst CentO !." 4V4 74V4 18. elet Install or upgrade an existing system:
(t an take a lon+ time to test the installation media so we skip this test here:
7/18/2019 The Perfect Server Cent OS.doc
http://slidepdf.com/reader/full/the-perfect-server-cent-osdoc 3/49
The welome sreen o' the CentO installer appears. Clik on Next:
Choose our lan+ua+e ne#t:
7/18/2019 The Perfect Server Cent OS.doc
http://slidepdf.com/reader/full/the-perfect-server-cent-osdoc 4/49
elet our ke-oard laout:
7/18/2019 The Perfect Server Cent OS.doc
http://slidepdf.com/reader/full/the-perfect-server-cent-osdoc 5/49
( assume that ou use a loall attahed hard dri&e, so ou should selet Basic Storage
Devices here:
ou mi+ht see the 'ollowin+ warnin+ @ rror processing drive. (' ou see this lik on the !e"
initiali#e all -utton to proeed:
7/18/2019 The Perfect Server Cent OS.doc
http://slidepdf.com/reader/full/the-perfect-server-cent-osdoc 6/49
Fill in the hostname o' the ser&er 7e.+. server1.example.com8, then lik on the $on%igure
Net&or' -utton:
7/18/2019 The Perfect Server Cent OS.doc
http://slidepdf.com/reader/full/the-perfect-server-cent-osdoc 7/49
Bo to the (ired ta-, selet the network inter'ae 7pro-a-l et)08 and lik on dit...:
7/18/2019 The Perfect Server Cent OS.doc
http://slidepdf.com/reader/full/the-perfect-server-cent-osdoc 8/49
ark the $onnect automatically hek-o# and +o to the I*v+ Settings ta- and selet ,anual in
the ,et)od drop@down menu. Fill in one, two, or three nameser&ers 7separated - omma8 in the DNS
servers *eld 7e.+. 8.8.8.8-8.8.+.+8, then lik on the dd -utton ne#t to the ddresses area:
ow +i&e our network ard a stati () address and netmask 7in this tutorial (m usin+ the ()
address 192.168.0.100 and netmask 2//.2//.2//.0 'or demonstration purposes5 i' ou are not surea-out the ri+ht &alues, http://www.su-netmask.in'o mi+ht help ou8. Also *ll in our +atewa
7e.+. 192.168.0.18 and lik on the pply...-utton:
7/18/2019 The Perfect Server Cent OS.doc
http://slidepdf.com/reader/full/the-perfect-server-cent-osdoc 9/49
The network on*+uration is now *nished. Clik on the Next -utton:
7/18/2019 The Perfect Server Cent OS.doc
http://slidepdf.com/reader/full/the-perfect-server-cent-osdoc 10/49
Next >>
&iew as pd' D print
Sh!re thi %!ge
The Perfect Server - CentOS 6.4 x86_64(nginx, Dovecot, ISPCong 3) - P!ge 0
Choose our time Eone:
Bi&e root a password:
7/18/2019 The Perfect Server Cent OS.doc
http://slidepdf.com/reader/full/the-perfect-server-cent-osdoc 11/49
e#t we do the partitionin+. elet !eplace xisting inux Systems. This will +i&e ou a
small 34oot partition and a lar+e 3 partition whih is *ne 'or our purposes:
7/18/2019 The Perfect Server Cent OS.doc
http://slidepdf.com/reader/full/the-perfect-server-cent-osdoc 12/49
elet (rite c)anges to dis':
7/18/2019 The Perfect Server Cent OS.doc
http://slidepdf.com/reader/full/the-perfect-server-cent-osdoc 13/49
The hard dri&e is -ein+ 'ormatted:
ow we selet the so'tware we want to install. elet Basic Server , then hek $ent5S in the
additional repositories *eld, hoose $ustomi#e later and lik on Next:
7/18/2019 The Perfect Server Cent OS.doc
http://slidepdf.com/reader/full/the-perfect-server-cent-osdoc 14/49
The installation -e+ins. This will take a 'ew minutes:
7/18/2019 The Perfect Server Cent OS.doc
http://slidepdf.com/reader/full/the-perfect-server-cent-osdoc 15/49
Finall, the installation is omplete, and ou an remo&e our 4V4 'rom the omputer and re-oot it:
A'ter the re-oot, lo+ in as root.
( want to install ()Con*+ at the end o' this tutorial whih omes with its own *rewall. Thats wh (
disa-le the de'ault CentO *rewall now. O' ourse, ou are 'ree to lea&e it on and on*+ure it to our
needs 7-ut then ou shouldnt use an other *rewall later on as it will most pro-a-l inter'ere with theCentO *rewall8.
=un...
system"con%ig"%ire&all"tui
... and disa-le the *rewall. ?it 5 a'terwards:
7/18/2019 The Perfect Server Cent OS.doc
http://slidepdf.com/reader/full/the-perfect-server-cent-osdoc 16/49
Con*rm our hoie - seletin+ 7es:
(' ou did not on*+ure our network ard durin+ the installation, ou an do that now. =un...
system"con%ig"net&or'
... and +o to Device con%iguration:
7/18/2019 The Perfect Server Cent OS.doc
http://slidepdf.com/reader/full/the-perfect-server-cent-osdoc 17/49
elet our network inter'ae:
Then *ll in our network details @ disa-le 4?C) and *ll in a stati () address, a netmask, our +atewa,
and one or two nameser&ers, then hit 5':
7/18/2019 The Perfect Server Cent OS.doc
http://slidepdf.com/reader/full/the-perfect-server-cent-osdoc 18/49
e#t selet Save:
ou an also spei' additional nameser&ers. elet DNS con%iguration:
7/18/2019 The Perfect Server Cent OS.doc
http://slidepdf.com/reader/full/the-perfect-server-cent-osdoc 19/49
ow ou an *ll in additional nameser&ers and hit 5':
?it Saveuit a'terwards:
7/18/2019 The Perfect Server Cent OS.doc
http://slidepdf.com/reader/full/the-perfect-server-cent-osdoc 20/49
ou should run
i%con%ig
now to hek i' the installer +ot our () address ri+ht:
:root;server1 <=> i%con%ig
et)0 in' encap?t)ernet @(addr 00?0$?29?00?8/?$
inet addr?192.168.0.100 Bcast?192.168.0.2// ,as'?2//.2//.2//.0
inet6 addr? %e80??20c?29%%?%e00?8/ac36+ Scope?in'
A* B!5D$S !ANNINC ,AI$S ,A?1/00 ,etric?1
! pac'ets?2E8 errors?0 dropped?0 overruns?0 %rame?0
pac'ets?86 errors?0 dropped?0 overruns?0 carrier?0
collisions?0 txFueuelen?1000
! 4ytes?28/0G 2E.8 iB 4ytes?16G60 1/.9 iB
lo in' encap?ocal oop4ac'
inet addr?12E.0.0.1 ,as'?2//.0.0.0
inet6 addr? ??13128 Scope?@ost
A* 55*B$ !ANNINC ,A?16+G6 ,etric?1
! pac'ets?0 errors?0 dropped?0 overruns?0 %rame?0
pac'ets?0 errors?0 dropped?0 overruns?0 carrier?0
collisions?0 txFueuelen?0
! 4ytes?0 0.0 4 4ytes?0 0.0 4
:root;server1 <=>
Chek our 3etc3resolv.con% i' it lists all nameser&ers that ou&e pre&iousl on*+ured:
7/18/2019 The Perfect Server Cent OS.doc
http://slidepdf.com/reader/full/the-perfect-server-cent-osdoc 21/49
cat 3etc3resolv.con%
(' nameser&ers are missin+, run
system"con%ig"net&or'
and add the missin+ nameser&ers a+ain.
ow, on to the on*+uration...
55 Prev
2ext
&iew as pd' D print
Sh!re thi %!ge
The Perfect Server - CentOS 6.4 x86_64 (nginx, Dovecot, ISPCong 3) -
P!ge 3
4 Adjust /etc/hosts
Next we edit 3etc3)osts. Make it look like this:
vi 3etc3)osts
12.0.0.1 loalhost loalhost.loaldomain loalhost" loalhost".loaldomain"
1G2.1!$.0.100 ser&er1.e#ample.om ser&er1
::1 loalhost loalhost.loaldomain loalhost! loalhost!.loaldomain!
5 Configure The Firewall
(You can skip this chapter if you have already disabled the firewall at the end of the basic system installation
I want to install ISPConfig at the end of this tutorial which comes with its own firewall. That's
why I disale the default Cent!S firewall now. !f course" you are free to lea#e it on and
configure it to your needs $ut then you shouldn't use any other firewall later on as it will most
%roaly interfere with the Cent!S firewall&.un
system"con%ig"%ire&all
and disale the firewall.
To check that the firewall has really een disaled" you can run
7/18/2019 The Perfect Server Cent OS.doc
http://slidepdf.com/reader/full/the-perfect-server-cent-osdoc 22/49
ipta4les "
afterwards. The out%ut should look like this::root;server1 <=> ipta4les "$)ain IN*A policy $$*target prot opt source destination
$)ain H5!(!D policy $$*target prot opt source destination
$)ain 5A*A policy $$*target prot opt source destination:root;server1 <=>
6 Disable !"inux
S()inux is a security extension of Cent!S that should %ro#ide extended security. In my o%inion
you don't need it to configure a secure system" and it usually causes more %rolems than
ad#antages $think of it after you ha#e done a week of troule*shooting ecause some ser#icewasn't working as ex%ected" and then you find out that e#erything was ok" only S()inux was
causing the %rolem&. Therefore I disale it $this is a must if you want to install ISPConfig later
on&.
(dit 3etc3selinux3con%ig and set SINAdisa4led :
vi 3etc3selinux3con%ig
H This *le ontrols the state o' ILinu# on the sstem.
H IL(;JK an take one o' these three &alues:
H en'orin+ @ ILinu# seurit poli is en'ored.
H permissi&e @ ILinu# prints warnin+s instead o' en'orin+.
H disa-led @ o ILinu# poli is loaded.
IL(;JKdisa-led
H IL(;JT)IK an take one o' these two &alues:
H tar+eted @ Tar+eted proesses are proteted,
H mls @ ulti Le&el eurit protetion.
IL(;JT)IKtar+eted
+fterwards we must reoot the system:
re4oot
# !nable Additional $e%ositories And &nstall o'e oftware
,irst we im%ort the -P- keys for software %ackages:
rpm ""import 3etc3p'i3rpm"gpg3!*,"C*C"7J
Then we enale the PMforge and (P() re%ositories on our Cent!S system as lots of the
%ackages that we are going to install in the course of this tutorial are not a#ailale in the official
Cent!S ./ re%ositories:
rpm ""import )ttp?33dag.&ieers.com3rpm3pac'ages3!*,"C*C"7.dag.txt
7/18/2019 The Perfect Server Cent OS.doc
http://slidepdf.com/reader/full/the-perfect-server-cent-osdoc 23/49
cd 3tmp
&get )ttp?33p'gs.repo%orge.org3rpm%orge"release3rpm%orge"release"0./.2"2.el6.r%.x86K6+.rpm
rpm "iv) rpm%orge"release"0./.2"2.el6.r%.x86K6+.rpm
$If the ao#e link doesn't work anymore" you can find the current #ersion of rpm%orge"
release here: htt%:00%ackages.sw.e0r%mforge*release0&
rpm ""import )ttps?33%edoraproLect.org3static30608B89/.txt
&get )ttp?33dl.%edoraproLect.org3pu43epel363x86K6+3epel"release"6"8.noarc).rpm
rpm "iv) epel"release"6"8.noarc).rpm
1e also need to enale the emi PM re%ository which contains the %h%*f%m %ackage which we
will install later on:
rpm ""import )ttp?33rpms.%amillecollet.com3!*,"C*C"7"remi
rpm "iv) )ttp?33rpms.%amillecollet.com3enterprise3remi"release"6.rpm
yum install yum"priorities
(dit 3etc3yum.repos.d3epel.repo...
vi 3etc3yum.repos.d3epel.repo
... and add the line priority10 to the :epel= section:
epelM
nameKI#tra )aka+es 'or Interprise Linu# ! @ N-asearh
H-aseurlKhttp://download.'edoraproet.or+/pu-/epel/!/N-asearh
mirrorlistKhttps://mirrors.'edoraproet.or+/metalinkPrepoKepel@!QarhKN-asearh
'ailo&ermethodKpriorit
ena-ledK1
prioritK10
+p+hekK1
+p+keK*le:///et/pki/rpm@+p+/=)@B)B@>I@I)IL@!
...M
Then do the same for the :remi= section in 3etc3yum.repos.d3remi.repo" %lus change ena4led to 1:
vi 3etc3yum.repos.d3remi.repo
remiM
nameKLes =) de remi pour Interprise Linu# Nrelease&er @ N-asearh
H-aseurlKhttp://rpms.'amilleollet.om/enterprise/Nrelease&er/remi/N-asearh/
mirrorlistKhttp://rpms.'amilleollet.om/enterprise/Nrelease&er/remi/mirror
ena-ledK1
prioritK10
+p+hekK1
7/18/2019 The Perfect Server Cent OS.doc
http://slidepdf.com/reader/full/the-perfect-server-cent-osdoc 24/49
+p+keK*le:///et/pki/rpm@+p+/=)@B)B@>I@remi
'ailo&ermethodKpriorit
remi@testM
nameKLes =) de remi en test pour Interprise Linu# Nrelease&er @ N-asearh
H-aseurlKhttp://rpms.'amilleollet.om/enterprise/Nrelease&er/test/N-asearh/
mirrorlistKhttp://rpms.'amilleollet.om/enterprise/Nrelease&er/test/mirror
ena-ledK0
+p+hekK1
+p+keK*le:///et/pki/rpm@+p+/=)@B)B@>I@remi
Then we u%date our existing %ackages on the system:
yum update
Now we install some software %ackages that are needed later on:
yum groupinstall MDevelopment oolsM
( )uota
(If you have chosen a different partitioning scheme than I did" you must ad#ust this chapter so that $uota applies to the partitions where you need it
To install 2uota" we run this command:
yum install Fuota
(dit 3etc3%sta4 and add -usrLFuotaaFuota.user-grpLFuotaaFuota.group-LF%mtv%sv0 to the 3 %artition $3dev3mapper3vgKserver1"lvKroot&:
vi 3etc3%sta4
H
H /et/'sta-
H Created - anaonda on 9ed Rul 11 1:S2:S 2012
H
H Aessi-le *lesstems, - re'erene, are maintained under /de&/disk
H ee man pa+es 'sta-7S8, *nd's7$8, mount7$8 and/or -lkid7$8 'or more in'o
H
/de&/mapper/&+%ser&er1@l&%root / e#t" de'aults,usr<uotaKa<uota.user,+rp<uotaKa<uota.+roup,<'mtK&'s&0 1 1
;;(4K$0!G10a1@d-d'@""!@-dG"@-e3e$1"G3 /-oot e#t" de'aults 1 2
/de&/mapper/&+%ser&er1@l&%swap swap swap de'aults 0 0
tmp's /de&/shm tmp's de'aults 0 0
de&pts /de&/pts de&pts +idKS,modeK!20 0 0
ss's /ss ss's de'aults 0 0
pro /pro pro de'aults 0 0
Then run
mount "o remount 3
7/18/2019 The Perfect Server Cent OS.doc
http://slidepdf.com/reader/full/the-perfect-server-cent-osdoc 25/49
Fuotac)ec' "avugm
Fuotaon "avug
to enale 2uota.
* +nchroni,e The +ste' Cloc-
It is a good idea to synchroni3e the system clock with an NTP $network time %rotocol& ser#er
o#er the Internet. Sim%ly run
yum install ntp
and your system time will always e in sync. . &nstall 0+)"
Install MyS4) as follows:
yum install mysFl mysFl"server
Then create the system startu% links for MyS4) and start it:
c)'con%ig ""levels 2G/ mysFld on
3etc3init.d3mysFld start
Set %asswords for the MyS4) root account:
mysFlKsecureKinstallation
:root;server1 tmp=> mysFlKsecureKinstallation
N5? !ANNINC *!S 5H @IS S$!I* IS !$5,,NDD H5! ,yS S!!S IN *!5DA$I5N ASO *S !D $@ S* $!HA7O
In order to log into ,yS to secure it- &eMll need t)e current pass&ord %or t)e root user. I% youMve Lust installed ,yS- and you )avenMt set t)e root pass&ord yet- t)e pass&ord &ill 4e 4lan'-so you s)ould Lust press enter )ere.
nter current pass&ord %or root enter %or none?5- success%ully used pass&ord- moving on...
Setting t)e root pass&ord ensures t)at no4ody can log into t)e ,ySroot user &it)out t)e proper aut)orisation.
Set root pass&ordP :73n= %&& ')' *
Ne& pass&ord? %&& yourroots$lpassword
!e"enter ne& pass&ord? %&& yourroots$lpassword
*ass&ord updated success%ullyO!eloading privilege ta4les.. ... SuccessO
By de%ault- a ,yS installation )as an anonymous user- allo&ing anyoneto log into ,yS &it)out )aving to )ave a user account created %or t)em. )is is intended only %or testing- and to ma'e t)e installationgo a 4it smoot)er. 7ou s)ould remove t)em 4e%ore moving into a
production environment.
!emove anonymous usersP :73n= %&& ')'*
... SuccessO
7/18/2019 The Perfect Server Cent OS.doc
http://slidepdf.com/reader/full/the-perfect-server-cent-osdoc 26/49
Normally- root s)ould only 4e allo&ed to connect %rom Mlocal)ostM. )isensures t)at someone cannot guess at t)e root pass&ord %rom t)e net&or'.
Disallo& root login remotelyP :73n= %&& ')'*
... SuccessO
By de%ault- ,yS comes &it) a data4ase named MtestM t)at anyone canaccess. )is is also intended only %or testing- and s)ould 4e removed 4e%ore moving into a production environment.
!emove test data4ase and access to itP :73n= %&& ')'*
" Dropping test data4ase... ... SuccessO " !emoving privileges on test data4ase... ... SuccessO
!eloading t)e privilege ta4les &ill ensure t)at all c)anges made so %ar &ill ta'e e%%ect immediately.
!eload privilege ta4les no&P :73n= %&& ')' *
... SuccessO
$leaning up...
ll doneO I% youMve completed all o% t)e a4ove steps- your ,ySinstallation s)ould no& 4e secure.
)an's %or using ,ySO
:root;server1 tmp=>
55 Prev
2ext
#iew as %df 5 %rintSh!re thi %!ge
The Perfect Server - CentOS 6.4 x86_64 (nginx, Dovecot, ISPCong 3) -
P!ge 4
.. &nstall Do1ecot
6o#ecot can e installed as follows:
yum install dovecot dovecot"mysFl
m'dir 3etc3dovecot
touc) 3etc3dovecot3dovecot"sFl.con%
ln "s 3etc3dovecot3dovecot"sFl.con% 3etc3dovecot"sFl.con%
Now create the system startu% links and start 6o#ecot:
c)'con%ig ""levels 2G/ dovecot on
3etc3init.d3dovecot start
.2 &nstall 3ostfix
Postfix can e installed as follows:
yum install post%ix
Then turn off Sendmail and start Postfix:
7/18/2019 The Perfect Server Cent OS.doc
http://slidepdf.com/reader/full/the-perfect-server-cent-osdoc 27/49
c)'con%ig ""levels 2G/ sendmail o%%
c)'con%ig ""levels 2G/ post%ix on
3etc3init.d3sendmail stop
3etc3init.d3post%ix restart
. &nstall et'ail
-etmail can e installed as follows:
yum install getmail
.4 &nstall A'a1isdnew7 %a'Assassin7 And Cla'A8
To install ama#isd*new" s%amassassin and clama#" run the following command:
yum install amavisd"ne& spamassassin clamav clamd un#ip 4#ip2 unrar perl"DBD"mysFl
Then we start freshclam" ama#isd" and clamd.ama#isd:
sa"update
c)'con%ig ""levels 2G/ amavisd on
c)'con%ig ""del clamd
c)'con%ig ""levels 2G/ clamd.amavisd on
3usr34in3%res)clam
3etc3init.d3amavisd start
3etc3init.d3clamd.amavisd start
.5 &nstall Nginx7 3935 :393F30;7 And Fcgiwra%
Nginx is a#ailale as a %ackage for Cent!S ./ $from (P()& which we can install as follows:
yum install nginx
+dd the following section to the )ttp QR section in 3etc3nginx3nginx.con% $efore any include lines& which
determines if the #isitor uses htt% or htt%s and sets the)ttps #ariale accordingly * this is needed
ecause the nginx #ersion coming with Cent!S is 7.8.79" and the )ttps #ariale was introduced innginx in #ersion 7.7.77" and ISPConfig makes use of this #ariale:
vi 3etc3nginx3nginx.con%
...M
http
...M
HH 4etet when ?TT) is used
7/18/2019 The Perfect Server Cent OS.doc
http://slidepdf.com/reader/full/the-perfect-server-cent-osdoc 28/49
map Nsheme Nhttps
de'ault o5
https on5
U
...M
U
...M
If +%ache is already installed on the system" sto% it now...
3etc3init.d3)ttpd stop
... and remo#e +%ache's system startu% links:
c)'con%ig ""del )ttpd
Then we create the system startu% links for nginx and start it:
c)'con%ig ""levels 2G/ nginx on
3etc3init.d3nginx start
$If oth +%ache and nginx are installed" the ISPConfig ; installer will ask you which one you
want to use * answer nginx in this case. If only one of these oth is installed" ISPConfig will do the
necessary configuration automatically.&1e can make P<P9 work in nginx through P<P*,PM $P<P*,PM $,astC-I Process Manager& is
an alternati#e P<P ,astC-I im%lementation with some additional features useful for sites of any
si3e" es%ecially usier sites&. 1e can install p)p"%pm together with p)p"cli and some P<P9 modules
like p)p"mysFl
which you need if you want to use MyS4) from your P<P scri%ts as follows:
yum install p)p"%pm p)p"cli p)p"mysFl p)p"gd p)p"imap p)p"ldap p)p"od4c p)p"pear p)p"xml p)p"xmlrpc p)p"pecl"apc p)p"magic'&and p)p"magpierss p)p"m4string
p)p"mcrypt p)p"mssFl p)p"s)out p)p"snmp p)p"soap p)p"tidy
Next we o%en 3etc3p)p.ini...
vi 3etc3p)p.ini
... and change the error re%orting $so that notices aren't shown any longer&:
...M
5error%reportin+ K I%ALL Q I%4I)=ICATI4 Q I%T=(CT
error%reportin+ K I%ALL Q I%OT(CI
...M
+lso set cgi.%ixKpat)in%o0:
vi 3etc3p)p.ini
7/18/2019 The Perfect Server Cent OS.doc
http://slidepdf.com/reader/full/the-perfect-server-cent-osdoc 29/49
...M
5 +i.*#%pathin'o pro&ides WrealW )AT?%(FO/)AT?%T=ALATI4 support 'or CB(. )?)s
5 pre&ious -eha&iour was to set )AT?%T=ALATI4 to C=()T%F(LIAI, and to not +rok
5 what )AT?%(FO is. For more in'ormation on )AT?%(FO, see the +i spes. ettin+
5 this to 1 will ause )?) CB( to *# its paths to on'orm to the spe. A settin+
5 o' Eero auses )?) to -eha&e as -e'ore. 4e'ault is 1. ou should *# our sripts
5 to use C=()T%F(LIAI rather than )AT?%T=ALATI4.
5 http://www.php.net/manual/en/ini.ore.phpHini.+i.*#@pathin'o
+i.*#%pathin'oK0
...M
$Please read htt%:00wiki.nginx.org0Pitfalls to find out why you should do this.&
In addition to that" in order to a#oid errors like:08"ug"2011 18?0E?08= *@* (arning? p)pin%o? It is not sa%e to rely on t)e systemMs time#one settings. 7ou are JreFuiredJ to use t)e date.time#onesetting or t)e dateKde%aultKtime#oneKset %unction. In case you used any o% t)ose met)ods and you are still getting t)is &arning- you most li'elymisspelled t)e time#one identi%ier. (e selected Murope3BerlinM %or M$S32.03DSM instead in 3usr3s)are3nginx3)tml3in%o.p)p on line 2
... in 3var3log3p)p"%pm3&&&"error.log when you call a P<P scri%t in your rowser" you should
set date.time#one in 3etc3p)p.ini:
...M
4ateM
5 4e*nes the de'ault timeEone used - the date 'untions
5 http://www.php.net/manual/en/datetime.on*+uration.phpHini.date.timeEone
date.timeEone K XIurope/erlinX
...M
=ou can find out the correct time3one for your system y running:
cat 3etc3syscon%ig3cloc'
:root;server1 tmp=> cat 3etc3syscon%ig3cloc'T5NUurope3BerlinU:root;server1 tmp=>
Next create the system startu% links for p)p"%pm and start it:
c)'con%ig ""levels 2G/ p)p"%pm on
3etc3init.d3p)p"%pm start
P<P*,PM is a daemon %rocess $with the init scri%t 3etc3init.d3p)p"%pm& that runs a ,astC-I ser#er on
%ort9000.
To get C-I su%%ort in nginx" we install ,cgiwra%.
,cgiwra% is a C-I wra%%er that should work also for com%lex C-I scri%ts and can e used forshared hosting en#ironments ecause it allows each #host to use its own cgi"4in directory.
+s there's no %cgi&rap %ackage for Cent!S ./" we must uild it oursel#es. ,irst we install some
%rere2uisites:
yum install %cgi"devel
Now we can uild %cgi&rap as follows:
7/18/2019 The Perfect Server Cent OS.doc
http://slidepdf.com/reader/full/the-perfect-server-cent-osdoc 30/49
cd 3usr3local3src3
git clone git?33git)u4.com3gnose'3%cgi&rap.git
cd %cgi&rap
autorecon% "i
.3con%igure
ma'e
ma'e install
This installs %cgi&rap to 3usr3local3s4in3%cgi&rap. Next we install the spa&n"%cgi %ackage which allows us to run %cgi&rap as a daemon:
yum install spa&n"%cgi
!%en 3etc3syscon%ig3spa&n"%cgi...
vi 3etc3syscon%ig3spa&n"%cgi
... and modify the file as follows:
H ou must set some workin+ options -e'ore the Xspawn@'+iX ser&ie will work.
H (' OC>IT points to a *le, then this *le is leaned up - the init sript.
H
H ee spawn@'+i718 'or all possi-le options.
H
H I#ample :
HOC>ITK/&ar/run/php@'+i.sok
HO)T(OKX@u apahe @+ apahe @s NOC>IT @ @ 0!00 @C 32 @F 1 @) /&ar/run/spawn@'+i.pid @@ /usr/-in/php@+iX
FCB(%OC>ITK/&ar/run/'+iwrap.soket
FCB(%)=OB=AK/usr/loal/s-in/'+iwrap
FCB(%;I=Kapahe
FCB(%B=O;)Kapahe
FCB(%IJT=A%O)T(OKX@ 00X
O)T(OKX@u NFCB(%;I= @+ NFCB(%B=O;) @s NFCB(%OC>IT @ NFCB(%IJT=A%O)T(O @F 1 @) /&ar/run/spawn@'+i.pid @@ NFCB(%)=OB=AX
Now add the user nginx to the grou% apac)e:
usermod "a "C apac)e nginx
Create the system startu% links for spa&n"%cgi...
c)'con%ig ""levels 2G/ spa&n"%cgi on
... and start it as follows:
3etc3init.d3spa&n"%cgi start
7/18/2019 The Perfect Server Cent OS.doc
http://slidepdf.com/reader/full/the-perfect-server-cent-osdoc 31/49
=ou should now find the %cgi&rap socket in 3var3run3%cgi&rap.soc'et" owned y the user and grou% apac)e $some
scri%ts" e.g. Mailman" ex%ect to e run y the user0grou% apac)e" that's why we don't run spa&n"%cgi as
user0grou% nginx " ut instead add nginx to the apac)e grou%&. .5<. Additional 393 8ersions
Starting with the ISPConfig ;.8.9" it is %ossile to ha#e multi%le P<P #ersions on one ser#er$selectale through ISPConfig& which can e run through ,astC-I and P<P*,PM. The %rocedure
of uilding additional P<P #ersions on Cent!S is descried in this tutorial: <ow To >seMulti%le P<P ?ersions $P<P*,PM @ ,astC-I& 1ith ISPConfig ; $Cent!S .;&55 Prev
2ext
#iew as %df 5 %rintSh!re thi %!ge
The Perfect Server - CentOS 6.4 x86_64 (nginx, Dovecot, ISPCong 3) -
P!ge 7
.6 &nstall %h%0+Ad'in
Next we install %h%My+dmin:
yum install p)pmyadmin
Next we change the authentication in %h%My+dmin from coo'ie to )ttp:
vi 3usr3s)are3p)pmyadmin3con%ig.inc.p)p
...M
/W Authentiation tpe W/
N'+er&ersMNiMauth%tpeM K http5
...M
=ou can now find %h%My+dmin in the 3usr3s)are3p)pmyadmin3 directory.
+fter you ha#e installed ISPConfig ;" you can access %h%My+dmin as follows:The ISPConfig a%%s #host on %ort A8A7 for nginx comes with a %h%My+dmin configuration" so
you can use )ttp?33server1.example.com?80813p)pmyadmin or )ttp?33server1.example.com?80813p)p,ydmin to access %h%My+dmin.
If you want to use a 3p)pmyadmin or 3p)p,ydmin alias that you can use from your we sites" this is a itmore com%licated than for +%ache ecause nginx does not ha#e gloal aliases $i.e." aliases that
can e defined for all #hosts&. Therefore you ha#e to define these aliases for each #host from
which you want to access %h%My+dmin.
To do this" %aste the following into the nginx Directives field on the 5ptions ta of the we site inISPConfig:
loation /phpmadmin
root /usr/share/5
inde# inde#.php inde#.html inde#.htm5
loation Y/phpmadmin/7.Z[.php8N
tr%*les Nuri K"0"5
7/18/2019 The Perfect Server Cent OS.doc
http://slidepdf.com/reader/full/the-perfect-server-cent-osdoc 32/49
root /usr/share/5
'ast+i%pass 12.0.0.1:G0005
'ast+i%inde# inde#.php5
'ast+i%param C=()T%F(LIAI Nre<uest%*lename5
inlude /et/n+in#/'ast+i%params5
'ast+i%param )AT?%(FO N'ast+i%sript%name5
'ast+i%-uer%siEe 12$k5
'ast+i%-uers 2S! "k5
'ast+i%-us%-uers%siEe 2S!k5
'ast+i%temp%*le%write%siEe 2S!k5
'ast+i%interept%errors on5
U
loation W Y/phpmadmin/7.Z[.7p+Dpe+D+i'DssDpn+DsDioDhtmlD#mlDt#t88N
root /usr/share/5
U
U
loation /phpAdmin
rewrite Y/W /phpmadmin last5
U
If you use htt%s instead of htt% for your #host" you should add the line %astcgiKparam @*S onV to your
%h%My+dmin configuration like this:
loation /phpmadmin
root /usr/share/5
inde# inde#.php inde#.html inde#.htm5
loation Y/phpmadmin/7.Z[.php8N
tr%*les Nuri K"0"5
root /usr/share/5
'ast+i%pass 12.0.0.1:G0005
'ast+i%param ?TT) on5 H %&& add this line
'ast+i%inde# inde#.php5
'ast+i%param C=()T%F(LIAI Nre<uest%*lename5
inlude /et/n+in#/'ast+i%params5
'ast+i%param )AT?%(FO N'ast+i%sript%name5
'ast+i%-uer%siEe 12$k5
'ast+i%-uers 2S! "k5
'ast+i%-us%-uers%siEe 2S!k5
'ast+i%temp%*le%write%siEe 2S!k5
'ast+i%interept%errors on5
U
loation W Y/phpmadmin/7.Z[.7p+Dpe+D+i'DssDpn+DsDioDhtmlD#mlDt#t88N
root /usr/share/5
U
U
loation /phpAdmin
rewrite Y/W /phpmadmin last5
U
If you use oth htt% and htt%s for your #host" you can use the )ttps #ariale * go to the nginx
Directives field again" and instead of %astcgiKparam @*S onV you add the line %astcgiKparam @*S )ttpsV so that youcan use %h%My+dmin for oth htt% and htt%s re2uests:
loation /phpmadmin
7/18/2019 The Perfect Server Cent OS.doc
http://slidepdf.com/reader/full/the-perfect-server-cent-osdoc 33/49
root /usr/share/5
inde# inde#.php inde#.html inde#.htm5
loation Y/phpmadmin/7.Z[.php8N
tr%*les Nuri K"0"5
root /usr/share/5
'ast+i%pass 12.0.0.1:G0005
'ast+i%param ?TT) Nhttps5 H %&& add this line
'ast+i%inde# inde#.php5
'ast+i%param C=()T%F(LIAI Nre<uest%*lename5
inlude /et/n+in#/'ast+i%params5
'ast+i%param )AT?%(FO N'ast+i%sript%name5
'ast+i%-uer%siEe 12$k5
'ast+i%-uers 2S! "k5
'ast+i%-us%-uers%siEe 2S!k5
'ast+i%temp%*le%write%siEe 2S!k5
'ast+i%interept%errors on5
U
loation W Y/phpmadmin/7.Z[.7p+Dpe+D+i'DssDpn+DsDioDhtmlD#mlDt#t88N
root /usr/share/5
U
U
loation /phpAdmin
rewrite Y/W /phpmadmin last5
U
.# &nstall 0ail'an
Since #ersion ;.8./" ISPConfig also allows you to manage $create0modify0delete& Mailman
mailing lists. If you want to make use of this feature" install Mailman as follows:
yum install mailman
Before we can start Mailman" a first mailing list called mailman must e created:
3usr3li43mailman34in3ne&list mailman
:root;server1 tmp=> 3usr3li43mailman34in3ne&list mailman
nter t)e email o% t)e person running t)e list? %&& admin email address" eg listadmi n+e,amplecom
Initial mailman pass&ord? %&& admin password for the mailman list
o %inis) creating your mailing list- you must edit your 3etc3aliases or eFuivalent %ile 4y adding t)e %ollo&ing lines- and possi4ly running t)eWne&aliasesM program?
>> mailman mailing listmailman? UX3usr3li43mailman3mail3mailman post mailmanUmailman"admin? UX3usr3li43mailman3mail3mailman admin mailmanU
mailman"4ounces? UX3usr3li43mailman3mail3mailman 4ounces mailmanUmailman"con%irm? UX3usr3li43mailman3mail3mailman con%irm mailmanUmailman"Loin? UX3usr3li43mailman3mail3mailman Loin mailmanUmailman"leave? UX3usr3li43mailman3mail3mailman leave mailmanUmailman"o&ner? UX3usr3li43mailman3mail3mailman o&ner mailmanUmailman"reFuest? UX3usr3li43mailman3mail3mailman reFuest mailmanUmailman"su4scri4e? UX3usr3li43mailman3mail3mailman su4scri4e mailmanUmailman"unsu4scri4e? UX3usr3li43mailman3mail3mailman unsu4scri4e mailmanU
@it enter to noti%y mailman o&ner... %&& ')'*
:root;server1 tmp=>
!%en 3etc3aliases afterwards...
7/18/2019 The Perfect Server Cent OS.doc
http://slidepdf.com/reader/full/the-perfect-server-cent-osdoc 34/49
vi 3etc3aliases
... and add the following lines:
...M
mailman: XD/usr/li-/mailman/mail/mailman post mailmanX
mailman@admin: XD/usr/li-/mailman/mail/mailman admin mailmanX
mailman@-ounes: XD/usr/li-/mailman/mail/mailman -ounes mailmanX
mailman@on*rm: XD/usr/li-/mailman/mail/mailman on*rm mailmanX
mailman@oin: XD/usr/li-/mailman/mail/mailman oin mailmanX
mailman@lea&e: XD/usr/li-/mailman/mail/mailman lea&e mailmanX
mailman@owner: XD/usr/li-/mailman/mail/mailman owner mailmanX
mailman@re<uest: XD/usr/li-/mailman/mail/mailman re<uest mailmanX
mailman@su-sri-e: XD/usr/li-/mailman/mail/mailman su-sri-e mailmanX
mailman@unsu-sri-e: XD/usr/li-/mailman/mail/mailman unsu-sri-e mailmanX
un
ne&aliases
afterwards and restart Postfix:
3etc3init.d3post%ix restart
Create the system startu% links for Mailman and start it:
c)'con%ig ""levels 2G/ mailman on
3etc3init.d3mailman start
Now we need to create this symlink to make Mailman work with ISPConfig:
cd 3usr3li43mailman3cgi"4in3
ln "s .3 mailman
If you want to use Mailman from your we sites created through ISPConfig" this is a it more
com%licated than for +%ache ecause nginx does not ha#e gloal aliases $i.e." aliases that can e
defined for all #hosts&. Therefore you ha#e to define these aliases for each #host from which you
want to access Mailman.To do this" %aste the following into the nginx Directives field on the 5ptions ta of the we site in
ISPConfig:
loation /+i@-in/mailman
alias /usr/li-/mailman/+i@-in5
'ast+i%split%path%in'o 7Y/+i@-in/mailman/Y/MW87.W8N5
inlude /et/n+in#/'ast+i%params5
'ast+i%param C=()T%F(LIAI /usr/li-/mailmanN'ast+i%sript%name5
'ast+i%param )AT?%(FO N'ast+i%path%in'o5
'ast+i%param )AT?%T=ALATI4 /usr/li-/mailmanN'ast+i%path%in'o5
7/18/2019 The Perfect Server Cent OS.doc
http://slidepdf.com/reader/full/the-perfect-server-cent-osdoc 35/49
'ast+i%interept%errors on5
'ast+i%pass uni#:/&ar/run/'+iwrap.soket5
U
loation /ima+es/mailman
alias /usr/li-/mailman/ions5
U
loation /pipermail
alias /&ar/li-/mailman/arhi&es/pu-li5
autoinde# on5
U
This defines the alias 3cgi"4in3mailman3 for your #host" which means you can access the Mailman admin
interface for a list at )ttp?33Yv)ostZ3cgi"4in3mailman3admin3YlistnameZ " and the we %age for users of a mailing listcan e found at )ttp?33Yv)ostZ3cgi"4in3mailman3listin%o3YlistnameZ .
>nder )ttp?33Yv)ostZ3pipermail you can find the mailing list archi#es.
.( &nstall 3ureFT3d
Pure,TPd can e installed with the following command:
yum install pure"%tpd
Then create the system startu% links and start Pure,TPd:
c)'con%ig ""levels 2G/ pure"%tpd on
3etc3init.d3pure"%tpd start
Now we configure Pure,TPd to allow ,TP and T)S sessions. ,TP is a #ery insecure %rotocol ecause all %asswords and all data are transferred in clear text. By using T)S" the whole
communication can e encry%ted" thus making ,TP much more secure.!%enSS) is needed y T)S to install !%enSS)" we sim%ly run:
yum install openssl
!%en 3etc3pure"%tpd3pure"%tpd.con% ...
vi 3etc3pure"%tpd3pure"%tpd.con%
If you want to allow ,TP and T)S sessions" set S to 1:
...M
H This option an aept three &alues :
H 0 : disa-le L/TL enrption laer 7de'ault8.
H 1 : aept -oth traditional and enrpted sessions.
H 2 : re'use onnetions that dont use L/TL seurit mehanisms,
H inludin+ anonmous sessions.
H 4o %not% unomment this -lindl. e sure that :
H 18 our ser&er has -een ompiled with L/TL support 7@@with@tls8,
H 28 A &alid erti*ate is in plae,
7/18/2019 The Perfect Server Cent OS.doc
http://slidepdf.com/reader/full/the-perfect-server-cent-osdoc 36/49
H 38 Onl ompati-le lients will lo+ in.
TL 1
...M
In order to use T)S" we must create an SS) certificate. I create it in 3etc3ssl3private3 " therefore I create
that directory first:
m'dir "p 3etc3ssl3private3
+fterwards" we can generate the SS) certificate as follows:
openssl reF "x/09 "nodes "days EG00 "ne&'ey rsa?20+8 "'eyout 3etc3ssl3private3pure"%tpd.pem "out 3etc3ssl3private3pure"%tpd.pem
$ountry Name 2 letter code :=? %&& 'nter your Country ame (eg" -.'-
State or *rovince Name %ull name :=? %&& 'nter your State or Province ame
ocality Name eg- city :De%ault $ity=? %&& 'nter your City
5rgani#ation Name eg- company :De%ault $ompany td=? %&& 'nter your /rgani0ation ame (eg" the name of your company
5rgani#ational Anit Name eg- section :=? %&& 'nter your /rgani0ational 1nit ame (eg -I) .epartment-
$ommon Name eg- your name or your serverMs )ostname :=? %&& 'nter the ully 3ualified .omain ame of the system (eg -server4e,amplecom-
mail ddress :=? %&& 'nter your 'mail 5ddress
Change the %ermissions of the SS) certificate:
c)mod 600 3etc3ssl3private3pure"%tpd.pem
,inally restart Pure,TPd:
3etc3init.d3pure"%tpd restart
That's it. =ou can now try to connect using your ,TP client howe#er" you should configure your
,TP client to use T)S.
.* &nstall =&ND
1e can install BIN6 as follows:
yum install 4ind 4ind"utils
Next o%en 3etc3syscon%ig3named ...
vi 3etc3syscon%ig3named
... and make sure that the !55DI!3var3named3c)root line is comment out:
H (4 named proess options
H
H Currentl, ou an use the 'ollowin+ options:
H
H =OOT4(=KX/&ar/named/hrootX @@ will run named in a hroot en&ironment.
H ou must set up the hroot en&ironment
H 7install the -ind@hroot paka+e8 -e'ore
H doin+ this.
7/18/2019 The Perfect Server Cent OS.doc
http://slidepdf.com/reader/full/the-perfect-server-cent-osdoc 37/49
H OTI:
H Those diretories are automatiall mounted to hroot i' the are
H empt in the =OOT4(= diretor. (t will simpli' maintenane o' our
H hroot en&ironment.
H @ /&ar/named
H @ /et/pki/dnsse@kes
H @ /et/named
H @ /usr/li-!"/-ind or /usr/li-/-ind 7arhiteture dependent8
H
H Those *les are mounted as well i' tar+et *le doesnt e#ist in
H hroot.
H @ /et/named.on'
H @ /et/rnd.on'
H @ /et/rnd.ke
H @ /et/named.r'1G12.Eones
H @ /et/named.dnsse.kes
H @ /et/named.isdl&.ke
H
H 4ont 'or+et to add XNAdd;ni#Listenoket /&ar/named/hroot/de&/lo+X
H line to our /et/rsslo+.on' *le. Otherwise our lo++in+ -eomes
H -roken when rsslo+d daemon is restarted 7due update, 'or e#ample8.
H
H O)T(OKXwhate&erX @@ These additional options will -e passed to named
H at startup. 4ont add @t here, use =OOT4(= instead.
H
H >ITA%F(LIKX/dir/*leX @@ pei' named ser&ie keta- *le 7'or B@T(B8
H
H 4(ALI%\OI%C?IC>(B @@ de'ault, initsript alls named@hekEone
H utilit 'or e&er Eone to ensure all Eones are
H &alid -e'ore named starts. (' ou set this option
H to es then initsript doesnt per'orm those
H heks.
Make a acku% of the existing 3etc3named.con% file and create a new one as follows:
cp 3etc3named.con% 3etc3named.con%K4a'
cat 3dev3null Z 3etc3named.con%
vi 3etc3named.con%
//
// named.on'
//
// )ro&ided - =ed ?at -ind paka+e to on*+ure the (C (4 named7$8 4
// ser&er as a ahin+ onl nameser&er 7as a loalhost 4 resol&er onl8.
//
// ee /usr/share/do/-indW/sample/ 'or e#ample named on*+uration *les.
//
options
listen@on port S3 an5 U5
listen@on@&! port S3 an5 U5
diretor X/&ar/namedX5
7/18/2019 The Perfect Server Cent OS.doc
http://slidepdf.com/reader/full/the-perfect-server-cent-osdoc 38/49
dump@*le X/&ar/named/data/ahe%dump.d-X5
statistis@*le X/&ar/named/data/named%stats.t#tX5
memstatistis@*le X/&ar/named/data/named%mem%stats.t#tX5
allow@<uer an5 U5
reursion no5
allow@reursion none5 U5
U5
lo++in+
hannel de'ault%de-u+
*le Xdata/named.runX5
se&erit dnami5
U5
U5
Eone X.X (
tpe hint5
*le Xnamed.aX5
U5
inlude X/et/named.on'.loalX5
Create the file 3etc3named.con%.local that is included at the end of 3etc3named.con% $3etc3named.con%.local will later onget %o%ulated y ISPConfig if you create 6NS 3ones in ISPConfig&:
touc) 3etc3named.con%.local
Then we create the startu% links and start BIN6:
c)'con%ig ""levels 2G/ named on
3etc3init.d3named start
2 &nstall ebali,er And Atats
1eali3er and +1Stats can e installed as follows:
yum install &e4ali#er a&stats perl"Dateime"Hormat"@* perl"Dateime"Hormat"Builder
55 Prev
2ext
#iew as %df 5 %rintSh!re thi %!ge
The Perfect Server - CentOS 6.4 x86_64 (nginx, Dovecot, ISPCong 3) -
P!ge 6
2. &nstall ?ail-it
7/18/2019 The Perfect Server Cent OS.doc
http://slidepdf.com/reader/full/the-perfect-server-cent-osdoc 39/49
Dailkit is needed only if you want to chroot SS< users. It can e installed as follows $ important6 7ailkit must
be installed before ISPConfig & it cannot be installed afterwards!&:
cd 3tmp
&get )ttp?33olivier.sessin'.nl3Lail'it3Lail'it"2.1/.tar.g#
tar xv%# Lail'it"2.1/.tar.g#
cd Lail'it"2.1/
.3con%igure
ma'e
ma'e install
cd ..
rm "r% Lail'it"2.1/J
22 &nstall fail2ban
This is o%tional ut recommended" ecause the ISPConfig monitor tries to show the log:
yum install %ail24an
1e must configure failan to log to the log file 3var3log3%ail24an.log ecause this is the log file that ismonitored y the ISPConfig Monitor module. !%en3etc3%ail24an3%ail24an.con% ...
vi 3etc3%ail24an3%ail24an.con%
... and comment out the logtarget S7S5C line and add logtarget 3var3log3%ail24an.log :
...M
H Option: lo+tar+et
H otes.: et the lo+ tar+et. This ould -e a *le, LOB, T4I== or T4O;T.
H Onl one lo+ tar+et an -e spei*ed.
H Values: T4O;T T4I== LOB *le 4e'ault: /&ar/lo+/'ail2-an.lo+
H
Hlo+tar+et K LOB
lo+tar+et K /&ar/lo+/'ail2-an.lo+
...M
Then create the system startu% links for failan and start it:
c)'con%ig ""levels 2G/ %ail24an on
3etc3init.d3%ail24an start
2 &nstall r-hunter
rkhunter can e installed as follows:
yum install r')unter
7/18/2019 The Perfect Server Cent OS.doc
http://slidepdf.com/reader/full/the-perfect-server-cent-osdoc 40/49
24 &nstall @uirrel0ail
To install the S2uirrelMail wemail client" run...
yum install sFuirrelmail
Then configure S2uirrelMail:
3usr3s)are3sFuirrelmail3con%ig3con%.pl
1e must tell S2uirrelMail that we are using 6o#ecot:SFuirrel,ail $on%iguration ? !ead? con%ig.p)p 1.+.0""""""""""""""""""""""""""""""""""""""""""""""""""""""""",ain ,enu ""1. 5rgani#ation *re%erences2. Server SettingsG. Holder De%aults+. Ceneral 5ptions/. )emes6. ddress Boo'sE. ,essage o% t)e Day ,5D8. *lugins9. Data4ase
10. anguages
D. Set pre"de%ined settings %or speci%ic I,* servers
$ urn color o%% S Save data uit
$ommand ZZ %&& .
SFuirrel,ail $on%iguration ? !ead? con%ig.p)p"""""""""""""""""""""""""""""""""""""""""""""""""""""""""()ile &e )ave 4een 4uilding SFuirrel,ail- &e )ave discovered some
pre%erences t)at &or' 4etter &it) some servers t)at donMt &or' so&ell &it) ot)ers. I% you select your I,* server- t)is option &illset some pre"de%ined settings %or t)at server.
*lease note t)at you &ill still need to go t)roug) and ma'e sureeveryt)ing is correct. )is does not c)ange everyt)ing. )ere areonly a %e& settings t)at t)is &ill c)ange.
*lease select your I,* server?
4incimap Binc I,* server courier $ourier I,* server cyrus $yrus I,* server dovecot Dovecot Secure I,* server exc)ange ,icroso%t xc)ange I,* server )mailserver ),ailServer macosx ,ac 5S ,ailserver mercuryG2 ,ercury3G2 u& Aniversity o% (as)ingtonMs I,* server gmail I,* access to Coogle mail Cmail accounts
Fuit Do not c)ange anyt)ing
$ommand ZZ %&& dovecot
SFuirrel,ail $on%iguration ? !ead? con%ig.p)p"""""""""""""""""""""""""""""""""""""""""""""""""""""""""()ile &e )ave 4een 4uilding SFuirrel,ail- &e )ave discovered some
pre%erences t)at &or' 4etter &it) some servers t)at donMt &or' so&ell &it) ot)ers. I% you select your I,* server- t)is option &illset some pre"de%ined settings %or t)at server.
*lease note t)at you &ill still need to go t)roug) and ma'e sureeveryt)ing is correct. )is does not c)ange everyt)ing. )ere areonly a %e& settings t)at t)is &ill c)ange.
*lease select your I,* server? 4incimap Binc I,* server courier $ourier I,* server cyrus $yrus I,* server dovecot Dovecot Secure I,* server exc)ange ,icroso%t xc)ange I,* server )mailserver ),ailServer macosx ,ac 5S ,ailserver mercuryG2 ,ercury3G2 u& Aniversity o% (as)ingtonMs I,* server gmail I,* access to Coogle mail Cmail accounts
Fuit Do not c)ange anyt)ing $ommand ZZ courier
7/18/2019 The Perfect Server Cent OS.doc
http://slidepdf.com/reader/full/the-perfect-server-cent-osdoc 41/49
imapKserverKtype courier de%aultK%olderKpre%ix INB5. tras)K%older ras) sentK%older Sent dra%tK%older Dra%ts s)o&Kpre%ixKoption %alse de%aultKsu4Ko%Kin4ox %alses)o&KcontainKsu4%oldersKoption %alse optionalKdelimiter . deleteK%older true
*ress enter to continue... %&& press ')'*
SFuirrel,ail $on%iguration ? !ead? con%ig.p)p 1.+.0""""""""""""""""""""""""""""""""""""""""""""""""""""""""",ain ,enu ""1. 5rgani#ation *re%erences2. Server SettingsG. Holder De%aults+. Ceneral 5ptions/. )emes6. ddress Boo'sE. ,essage o% t)e Day ,5D8. *lugins9. Data4ase10. anguages
D. Set pre"de%ined settings %or speci%ic I,* servers
$ urn color o%% S Save data uit
$ommand ZZ %&&S
SFuirrel,ail $on%iguration ? !ead? con%ig.p)p 1.+.0""""""""""""""""""""""""""""""""""""""""""""""""""""""""",ain ,enu ""1. 5rgani#ation *re%erences2. Server SettingsG. Holder De%aults+. Ceneral 5ptions/. )emes6. ddress Boo'sE. ,essage o% t)e Day ,5D8. *lugins9. Data4ase10. anguages
D. Set pre"de%ined settings %or speci%ic I,* servers
$ urn color o%% S Save data uit
$ommand ZZ
%&&3
!ne last thing we need to do is modify the file 3etc3sFuirrelmail3con%igKlocal.p)p and comment out
the de%aultK%olderKpre%ix #ariale * if you don't do this" you will see the following error message in
S2uirrelMail after you'#e logged in: uery? $! USentU !eason Civen? Invalid mail4ox name.
vi 3etc3sFuirrelmail3con%igKlocal.p)p
]Pphp
/WW
W Loal on*+ o&errides.
W
W ou an o&erride the on*+.php settin+s here.
W 4ont do it unless ou know what oure doin+.
W ;se standard )?) snta#, see on*+.php 'or e#amples.
W
W ̂ opri+ht Qop5 2002@200! The <uirrelail )roet Team
W ^liense http://opensoure.or+/lienses/[email protected] B; )u-li Liense
W ̂ &ersion N(d: on*+%loal.php,& 1.2 200!/0/11 03:33:" wto+ami I#p N
W ̂ paka+e s<uirrelmail
7/18/2019 The Perfect Server Cent OS.doc
http://slidepdf.com/reader/full/the-perfect-server-cent-osdoc 42/49
W ̂ su-paka+e on*+
W/
//Nde'ault%'older%pre*# K 5
P_
=ou can now find S2uirrelMail in the 3usr3s)are3sFuirrelmail3 directory.+fter you ha#e installed ISPConfig ;" you can access S2uirrelMail as follows:
The ISPConfig a%%s #host on %ort A8A7 for nginx comes with a S2uirrelMail configuration" so
you can use)ttp?33server1.example.com?80813sFuirrelmail or )ttp?33server1.example.com?80813&e4mailto access S2uirrelMail.If you want to use a 3&e4mail or 3sFuirrelmail alias that you can use from your we sites" this is a it more
com%licated than for +%ache ecause nginx does not ha#e gloal aliases $i.e." aliases that can e
defined for all #hosts&. Therefore you ha#e to define these aliases for each #host from which youwant to access S2uirrelMail.
To do this" %aste the following into the nginx Directives field on the 5ptions ta of the we site in
ISPConfig:
loation /s<uirrelmail
root /usr/share/5
inde# inde#.php inde#.html inde#.htm5
loation Y/s<uirrelmail/7.Z[.php8N
tr%*les Nuri K"0"5
root /usr/share/5
'ast+i%pass 12.0.0.1:G0005
'ast+i%inde# inde#.php5
'ast+i%param C=()T%F(LIAI Nre<uest%*lename5
inlude /et/n+in#/'ast+i%params5
'ast+i%param )AT?%(FO N'ast+i%sript%name5
'ast+i%-uer%siEe 12$k5
'ast+i%-uers 2S! "k5
'ast+i%-us%-uers%siEe 2S!k5
'ast+i%temp%*le%write%siEe 2S!k5
'ast+i%interept%errors on5
U
loation W Y/s<uirrelmail/7.Z[.7p+Dpe+D+i'DssDpn+DsDioDhtmlD#mlDt#t88N
root /usr/share/5
U
U
loation /we-mail
rewrite Y/W /s<uirrelmail last5
U
If you use htt%s instead of htt% for your #host" you should add the line %astcgiKparam @*S onV to your
S2uirrelMail configuration like this: loation /s<uirrelmail
root /usr/share/5
inde# inde#.php inde#.html inde#.htm5
loation Y/s<uirrelmail/7.Z[.php8N
tr%*les Nuri K"0"5
root /usr/share/5
'ast+i%pass 12.0.0.1:G0005
7/18/2019 The Perfect Server Cent OS.doc
http://slidepdf.com/reader/full/the-perfect-server-cent-osdoc 43/49
'ast+i%param ?TT) on5 H %&& add this line
'ast+i%inde# inde#.php5
'ast+i%param C=()T%F(LIAI Nre<uest%*lename5
inlude /et/n+in#/'ast+i%params5
'ast+i%param )AT?%(FO N'ast+i%sript%name5
'ast+i%-uer%siEe 12$k5
'ast+i%-uers 2S! "k5
'ast+i%-us%-uers%siEe 2S!k5
'ast+i%temp%*le%write%siEe 2S!k5
'ast+i%interept%errors on5
U
loation W Y/s<uirrelmail/7.Z[.7p+Dpe+D+i'DssDpn+DsDioDhtmlD#mlDt#t88N
root /usr/share/5
U
U
loation /we-mail
rewrite Y/W /s<uirrelmail last5
U
If you use oth htt% and htt%s for your #host" you can use the )ttps #ariale * go to the nginx
Directives field again" and instead of %astcgiKparam @*S onV you add the line %astcgiKparam @*S )ttpsV so that you
can use S2uirrelMail for oth htt% and htt%s re2uests:
loation /s<uirrelmail
root /usr/share/5
inde# inde#.php inde#.html inde#.htm5
loation Y/s<uirrelmail/7.Z[.php8N
tr%*les Nuri K"0"5
root /usr/share/5
'ast+i%pass 12.0.0.1:G0005
'ast+i%param ?TT) Nhttps5 H %&& add this line
'ast+i%inde# inde#.php5
'ast+i%param C=()T%F(LIAI Nre<uest%*lename5
inlude /et/n+in#/'ast+i%params5
'ast+i%param )AT?%(FO N'ast+i%sript%name5
'ast+i%-uer%siEe 12$k5
'ast+i%-uers 2S! "k5
'ast+i%-us%-uers%siEe 2S!k5
'ast+i%temp%*le%write%siEe 2S!k5
'ast+i%interept%errors on5
U
loation W Y/s<uirrelmail/7.Z[.7p+Dpe+D+i'DssDpn+DsDioDhtmlD#mlDt#t88N
root /usr/share/5
U
U
loation /we-mail
rewrite Y/W /s<uirrelmail last5
U
55 Prev
2ext
#iew as %df 5 %rintSh!re thi %!ge
7/18/2019 The Perfect Server Cent OS.doc
http://slidepdf.com/reader/full/the-perfect-server-cent-osdoc 44/49
The Perfect Server - CentOS 6.4 x86_64 (nginx, Dovecot, ISPCong 3) -P!ge
07 Int!## ISPCong 3
e'ore ou start the ()Con*+ installation, make sure that Apahe is stopped 7i' it is installed @ it is possi-le that some o' our installed paka+es ha&e installed Apahe as a dependen
without ou knowin+8. (' Apahe2 is alread installed on the sstem, stop it now...
3etc3init.d3)ttpd stop
... and remo&e Apahes sstem startup links:
c)'con%ig ""del )ttpd
ake sure that n+in# is runnin+:
3etc3init.d3nginx restart
7(' ou ha&e -oth Apahe and n+in# installed, the installer asks ou whih one ou want to use: pac)e and nginx detected. Select server to use %or IS*$on%ig?
apac)e-nginx :apac)e=?
Tpe nginx . (' onl Apahe or n+in# are installed, this is automatiall deteted - the installer, and no <uestion is asked.8
4ownload the urrent ()Con*+ 3 &ersion and install it. The ()Con*+ installer will on*+ure all ser&ies like )ost*#, 4o&eot, et. 'or ou. A manual setup as re<uired 'or ()Con*+ 2 is
not neessar anmore.
ou now also ha&e the possi-ilit to let the installer reate an L &host 'or the ()Con*+ ontrol panel, so that ()Con*+ an -e aessed usin+ )ttps?33 instead o' )ttp?33 . To ahie&e
this, ust press N! when ou see this <uestion: Do you &ant a secure SS connection to t)e IS*$on%ig &e4 inter%ace y-n :y=? .
To install ()Con*+ 3 'rom the latest released &ersion, do this:
cd 3tmp
&get )ttp?33&&&.ispcon%ig.org3do&nloads3IS*$on%ig"G"sta4le.tar.g#
tar x%# IS*$on%ig"G"sta4le.tar.g#
cd ispcon%igGKinstall3install3
The ne#t step is to run
p)p "F install.p)p
This will start the ()Con*+ 3 installer:
:root;server1 install=> p)p "F install.p)p
""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""
KKKKK KKKKKKKKKKK KKKKK KK K KKKK
XK K3 KKKX KKK [ 3 KK [ 3 KK 3KK [
X X [ W"".X XK3 3 X 3 [3 KKK K KK X XK K KK K K3 3
X X W"". [ KK3 X X 3 K [X MK [X KX X3 KW X XK X
KX XK3[KK3 3 X X [KK3[ K X X X X X X X KX X KKK[ [
[KKK3[KKKK3[KX [KKKK3[KKK3XKX XKXKX XKX[KK- X [KKKK3
KK3 X
XKKK3
""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""
ZZ Initial con%iguration
5perating System? !ed)at or compati4le- un'no&n version.
Hollo&ing &ill 4e a %e& Fuestions %or primary con%iguration so 4e care%ul.
De%ault values are in :4rac'ets= and can 4e accepted &it) YN!Z.
ap in UFuitU &it)out t)e Fuotes to stop t)e installer.
7/18/2019 The Perfect Server Cent OS.doc
http://slidepdf.com/reader/full/the-perfect-server-cent-osdoc 45/49
Select language en-de :en=? %&& ')'*
Installation mode standard-expert :standard=? %&& ')'*
Hull Fuali%ied )ostname HDN o% t)e server- eg server1.domain.tld :server1.example.com=? %&& ')' *
,yS server )ostname :local)ost=? %&& ')' *
,yS root username :root=? %&& ')' *
,yS root pass&ord :=? %&& yourroots$lpassword
,yS data4ase to create :d4ispcon%ig=? %&& ')'*
,yS c)arset :ut%8=? %&& ')'*
pac)e and nginx detected. Select server to use %or IS*$on%ig? apac)e-nginx :apac)e=? Y"" nginx
Cenerating a 20+8 4it !S private 'ey
......................................................................\\\
...............................................\\\
&riting ne& private 'ey to Msmtpd.'eyM
"""""
7ou are a4out to 4e as'ed to enter in%ormation t)at &ill 4e incorporated
into your certi%icate reFuest.
()at you are a4out to enter is &)at is called a Distinguis)ed Name or a DN.
)ere are Fuite a %e& %ields 4ut you can leave some 4lan'
Hor some %ields t)ere &ill 4e a de%ault value-
I% you enter M.M- t)e %ield &ill 4e le%t 4lan'.
"""""
$ountry Name 2 letter code :=? %&& ')' *
State or *rovince Name %ull name :=? %&& ')'*
ocality Name eg- city :De%ault $ity=? %&& ')'*
5rgani#ation Name eg- company :De%ault $ompany td=? %&& ')' *
5rgani#ational Anit Name eg- section :=? %&& ')' *
$ommon Name eg- your name or your serverMs )ostname :=? %&& ')'*
mail ddress :=? %&& ')' *
$on%iguring ]ail'it
$on%iguring Dovecot
$on%iguring Spamassassin
$on%iguring mavisd
$on%iguring Cetmail
$on%iguring *ure%tpd
$on%iguring BIND
$on%iguring nginx
$on%iguring logger
$on%iguring pps v)ost
$on%iguring Bastille Hire&all
$on%iguring Hail24an
Installing IS*$on%ig
IS*$on%ig *ort :8080=? %&& ')'*
Do you &ant a secure SS connection to t)e IS*$on%ig &e4 inter%ace y-n :y=? %&& ')' *
Cenerating !S private 'ey- +096 4it long modulus
...........................................................\\
...........................................................................\\
e is 6//GE 0x10001
7ou are a4out to 4e as'ed to enter in%ormation t)at &ill 4e incorporated
into your certi%icate reFuest.
()at you are a4out to enter is &)at is called a Distinguis)ed Name or a DN.
)ere are Fuite a %e& %ields 4ut you can leave some 4lan'
Hor some %ields t)ere &ill 4e a de%ault value-
I% you enter M.M- t)e %ield &ill 4e le%t 4lan'.
"""""
$ountry Name 2 letter code :=? %&& ')' *
State or *rovince Name %ull name :=? %&& ')'*
ocality Name eg- city :De%ault $ity=? %&& ')'*
5rgani#ation Name eg- company :De%ault $ompany td=? %&& ')' *
5rgani#ational Anit Name eg- section :=? %&& ')' *
$ommon Name eg- your name or your serverMs )ostname :=? %&& ')'*
mail ddress :=? %&& ')' *
7/18/2019 The Perfect Server Cent OS.doc
http://slidepdf.com/reader/full/the-perfect-server-cent-osdoc 46/49
*lease enter t)e %ollo&ing MextraM attri4utes
to 4e sent &it) your certi%icate reFuest
c)allenge pass&ord :=? %&& ')' *
n optional company name :=? %&& ')'*
&riting !S 'ey
$on%iguring DBServer
Installing IS*$on%ig cronta4
no cronta4 %or root
no cronta4 %or getmail
!estarting services ...
Stopping mysFld? : 5 =
Starting mysFld? : 5 =
S)utting do&n post%ix? : 5 =
Starting post%ix? : 5 =
Stopping saslaut)d? :HID=
Starting saslaut)d? : 5 =
S)utting do&n amavisd? Daemon :1//+= terminated 4y SIC!,
: 5 =
amavisd stopped
Starting amavisd? : 5 =
Stopping clamd.amavisd? : 5 =
Starting clamd.amavisd? : 5 =
Stopping Dovecot Imap? : 5 =
Starting Dovecot Imap? : 5 =
!eloading p)p"%pm? : 5 =
!eloading nginx? : 5 =
Stopping pure"%tpd? : 5 =
Starting pure"%tpd? : 5 =
Installation completed.
:root;server1 install=>
To *# the ailman errors ou mi+ht +et durin+ the ()Con*+ installation, open3usr3li43mailman3,ailman3mmKc%g.py ...
vi 3usr3li43mailman3,ailman3mmKc%g.py
... and set DHAKS!!KNCAC MenM:
...M
H@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
H The de'ault lan+ua+e 'or this ser&er.
4IFA;LT%I=VI=%LAB;ABI K en
...M
=estart ailman:
3etc3init.d3mailman restart
A'terwards ou an aess ()Con*+ 3 under )ttps?33server1.example.com?80803 or )ttps?33192.168.0.100?80803 7)ttp or )ttps depends on what ou hose durin+
installation8. Lo+ in with the username admin and the password admin 7ou should han+e the de'ault password a'ter our *rst lo+in8:
7/18/2019 The Perfect Server Cent OS.doc
http://slidepdf.com/reader/full/the-perfect-server-cent-osdoc 47/49
The sstem is now read to -e used.
(' ou want to use ()&! addresses with our n+in# &hosts, please do the 'ollowin+ -e'ore ou reate ()&! &hosts in ()Con*+:
Open 3etc3sysctl.con% ...
7/18/2019 The Perfect Server Cent OS.doc
http://slidepdf.com/reader/full/the-perfect-server-cent-osdoc 48/49
vi 3etc3sysctl.con%
... and add the line net.ipv6.4indv6only 1:
...M
net.ip&!.-ind&!onl K 1
=un...
sysctl "p
... a'terwards 'or the han+e to take eet.
07. ISPCong 3 !n"!#
(n order to learn how to use ()Con*+ 3, ( stron+l reommend to download the ()Con*+ 3 anual.
On more than 300 pa+es, it o&ers the onept -ehind ()Con*+ 7admin, resellers, lients8, e#plains how to install and update ()Con*+ 3, inludes a re'erene 'or all 'orms and 'orm
*elds in ()Con*+ to+ether with e#amples o' &alid inputs, and pro&ides tutorials 'or the most ommon tasks in ()Con*+ 3. (t also lines out how to make our ser&er more seure and
omes with a trou-leshootin+ setion at the end.
07.0 ISPCong onitor $%% &or $n'roi'
9ith the ()Con*+ onitor App, ou an hek our ser&er status and *nd out i' all ser&ies are runnin+ as e#peted. ou an hek TC) and ;4) ports and pin+ our ser&ers. (n addition
to that ou an use this app to re<uest details 'rom ser&ers that ha&e ()Con*+ installed 7 %#e!e note th!t the ini" int!##e' ISPCong 3 verion *ith "%%ort for the
ISPCong onitor $%% i 3.+.3.385 these details inlude e&erthin+ ou know 'rom the onitor module in the ()Con*+ Control )anel 7e.+. ser&ies, mail and sstem lo+s, mail
<ueue, C); and memor in'o, disk usa+e, <uota, O details, =>?unter lo+, et.8, and o' ourse, as ()Con*+ is multiser&er@apa-le, ou an hek all ser&ers that are ontrolled 'rom
our ()Con*+ master ser&er.
For download and usa+e instrutions, please &isit http://www.ispon*+.or+/ispon*+@3/ispon*+@monitor@app@'or@android/.
06 9in:
• CentO: http://www.entos.or+/
• ()Con*+: http://www.ispon*+.or+/
$;o"t The $"thor
Falko Timme is the owner o' Timme ?ostin+ 7ultra@'ast n+in# we- hostin+8. ?e is the lead maintainer o' ?owtoFor+e 7sine 200S8 and one o' the ore
de&elopers o' ()Con*+ 7sine 20008. ?e has also ontri-uted to the O=eill -ook XLinu# stem AdministrationX.
55 Prev
&iew as pd' D print
Sh!re thi %!ge
S"; %!ge
• The )er'et er&er @ CentO !." #$!%!" 7n+in#, 4o&eot, ()Con*+ 38 @ )a+e @ )a+e 1
• The )er'et er&er @ CentO !." #$!%!" 7n+in#, 4o&eot, ()Con*+ 38 @ )a+e @ )a+e 2
• The )er'et er&er @ CentO !." #$!%!" 7n+in#, 4o&eot, ()Con*+ 38 @ )a+e @ )a+e 3
• The )er'et er&er @ CentO !." #$!%!" 7n+in#, 4o&eot, ()Con*+ 38 @ )a+e @ )a+e "
• The )er'et er&er @ CentO !." #$!%!" 7n+in#, 4o&eot, ()Con*+ 38 @ )a+e @ )a+e S
• The )er'et er&er @ CentO !." #$!%!" 7n+in#, 4o&eot, ()Con*+ 38 @ )a+e @ )a+e !
• The Perfect Server - CentOS 6.4 x86_64 (nginx, Dovecot, ISPCong 3) - P!ge
< Coent()
Add omment