pzg's blog

debian安装ispconfig

这篇文章应该是很珍贵的,目前网上很少提到关于ispconfig的文章,但是作者在自己的博客上连续发表多篇教程文章甚是经典,更甚是连中文包都制作出来,实在是忍不住转载过来这篇文章留作珍藏。

在你安装ispconfig3前请确认你注意到以下问题:
    (1)如果你使用的是Debian Sarge,请升级到Etch或者Lenny。
    (2)你的服务器必须配置有完全合法的域名,或者这个域名可以被网络上的其他计算机识别 。
    (3)服务器的安装,请见教程:Debian 5.0.1图文安装教程!
    (4)服务器的IP、子网掩码等设置,以(3)中的教程设置为范例,您可以自行修改成你的设 置。
一、修改更新源
      编辑更新源,将更新源中的光盘源取消掉

host:~# vi /etc/apt/sources.list
      找到如下开头的内容,在其前面添加“#”或者直接将这一行删除: debian cdrom:[Debian GNU……
二、安装ssh server
      ssh server在debian 5中默认不安装的,为了我们远程管理方便,我们要安装 ssh server,运行如下命令:

host:~# apt-get install ssh openssh- server

三、设置主机名
      编辑/etc/hosts

host:~# vi /etc/hosts

      编辑后的内容如下:

127.0.0.1 localhost.localdomain localhost
192.168.0.100 host.ispcpcn.com host
# The following lines are desirable for IPv6 capable hosts
::1 localhost ip6-localhost ip6-loopback
fe00::0 ip6-localnet
ff00::0 ip6-mcastprefix
ff02::1 ip6-allnodes
ff02::2 ip6-allrouters
ff02::3 ip6-allhosts
 

      然后运行下面的命令,对/etc/hostname中的主机名进行修改:

host:~# echo host.ispcpcn.com > /etc/hostname
host:~# /etc/init.d/hostname.sh start

四、更新操作系统软件包到最新

host:~# apt-get update
host:~# apt-get upgrade

五、同步系统时钟

host:~# apt-get install ntp ntpdate

六、安装Postfix, Courier, Saslauthd, MySQL, phpMyAdmin, rkhunter, binutils

host:~# apt-get install postfix postfix-mysql postfix-doc mysql-client mysql-server courier-authdaemon courier-authlib-mysql courier-pop courier-pop-ssl courier-imap courier-imap-ssl libsasl2-2 libsasl2-modules libsasl2-modules-sql sasl2-bin libpam-mysql openssl courier-maildrop getmail4 rkhunter binutils 

      安装过程中,你可能遇到以下选项:
     (1) New password for the MySQL “root” user:
             输入root用户的密码。
     (2)Repeat password for the MySQL “root” user:
             再次输入root用户的密码 。
     (3)Create directories for web-based administration?
             选择“否”,不进行 配置。
     (4)General type of mail configuration:
             选择“Internet Site”。
     (5)System mail name:
             输入你的主机名,比如我这里是 :host.ispcpcn.com
     (6)SSL certificate required :
    确定回车
      如果我们希望MySQL能监听所有的网络而不仅仅是本地的话,我们需要编 辑/etc/mysql/my.cnf,注释掉“bind-address = 127.0.0.1”这一行:
host:~# vi /etc/mysql/my.cnf

      注释掉的部分如下:

[…]
# Instead of skip-networking the default is now to listen only on
# localhost which is more compatible and is not less secure.
#bind-address = 127.0.0.1
[…]

      然后我们重启MySQL服务器:

host:~# /etc/init.d/mysql restart

      在安装期间,IMAP-SSL和POP3-SSL使用localhost这个主机名生成了SSL数字证书 ,为了改成正确的主机名(host.ispcpcn.com),先删除这个证书:

host:~# cd /etc/courier
host:~# rm -f /etc/courier/imapd.pem
host:~# rm -f /etc/courier/pop3d.pem

      然后编辑下面另个文件,用CN=host.ispcpcn.com替换CN=localhost部分(你可 以修改成你的主机名):
      编辑/etc/courier/imapd.cnf

host:~# vi /etc/courier/imapd.cnf

      替换的部分如下:

[…]
CN=host.ispcpcn.com
[…]

      编辑/etc/courier/pop3d.cnf
host:~# vi /etc/courier/pop3d.cnf 

      替换的部分如下:

[…]
CN=host.ispcpcn.com
[…] 

      然后我们建立新的证书:

host:~# mkimapdcert
host:~# mkpop3dcert

      然后重启Courier-IMAP-SSL和Courier-POP3-SSL:

host:~# /etc/init.d/courier-imap-ssl restart
host:~# /etc/init.d/courier-pop-ssl restart 

七、安装Amavisd-new、SpamAssassin和Clamav

host:~# apt-get install amavisd-new spamassassin clamav clamav-daemon zoo unzip bzip2 arj nomarch lzop cabextract apt-listchanges libnet-ldap-perl libauthen-sasl-perl clamav-docs daemon libio-string-perl libio-socket-ssl-perl libnet-ident-perl zip libnet-dns-perl

八、安装Apache2、PHP5、phpMyAdmin、FCGI、suExec、Pear和mcrypt

host:~# apt-get install apache2 apache2.2-common apache2-doc apache2-mpm-prefork apache2-utils libexpat1 ssl-cert libapache2-mod-php5 php5 php5-common php5-gd php5-mysql php5-imap phpmyadmin php5-cli php5-cgi libapache2-mod-fcgid apache2-suexec php-pear php-auth php5-mcrypt mcrypt libmagick10 php5-imagick imagemagick libapache2-mod-suphp

      你将看到下面这个选项: Web server to reconfigure automatically: 这里要 选择Apache2。
      然后运行下面的命令去激活Apache的suexec、rewrite、ssl、actions和include 模块:
host:~# a2enmod suexec rewrite ssl actions include

      删除/etc/phpmyadmin/htpasswd.setup让phpmyadmin更安全:

host:~# rm -f /etc/phpmyadmin/htpasswd.setup

      然后删除或者注释掉/etc/phpmyadmin/apache.conf中下列内容:

host:~# vi /etc/phpmyadmin/apache.conf

      注释后的部分如下:

[…]
# # Authorize for setup
# <Files setup.php>
# # For Apache 1.3 and 2.0
# <IfModule mod_auth.c>
# AuthType Basic
# AuthName “phpMyAdmin Setup”
# AuthUserFile /etc/phpmyadmin/htpasswd.setup
# </IfModule>
# # For Apache 2.2
# <IfModule mod_authn_file.c>
# AuthType Basic
# AuthName “phpMyAdmin Setup”
# AuthUserFile /etc/phpmyadmin/htpasswd.setup
# </IfModule>
# Require valid-user
# </Files>
[…]

      然后重启Apache服务器:

host:~# /etc/init.d/apache2 restart

九、安装PureFTPd和Quota

host:~# apt-get install pure-ftpd-common pure-ftpd-mysql quota quotatool

      编辑文件/etc/default/pure-ftpd-common

host:~#vi /etc/default/pure-ftpd-common

      把启动模式从inetd改成standalone,并且设置VIRTUALCHROOT=true:

[…]
STANDALONE_OR_INETD=standalone
[…]
VIRTUALCHROOT=true
[…]

      编辑文件/etc/inetd.conf,阻止inted去尝试启动ftp服务器:

host:~# vi /etc/inetd.conf

      注释掉启动FTP的模块:

[…]
#:STANDARD: These are standard services.
#ftp stream tcp nowait root /usr/sbin/tcpd /usr/sbin/pure-ftpd-wrapper
[…]

      重启inetd:

host:~# /etc/init.d/openbsd-inetd restart

      然后启动PureFTPd:

host:~# /etc/init.d/pure-ftpd-mysql start

      编辑/etc/fstab,成下面一样(我增加了“,usrquota,grpquota”在 分区加载点/里)

host:~# vi /etc/fstab

      编辑后如下:

# /etc/fstab: static file system information.
#
# <file system> <mount point> <type> <options> <dump> <pass>
proc /proc proc defaults 0 0
/dev/sda1 / ext3 errors=remount-ro,usrquota,grpquota 0 1
/dev/sda5 none swap sw 0 0
/dev/hda /media/cdrom0 udf,iso9660 user,noauto 0 0
/dev/fd0 /media/floppy0 auto rw,user,noauto 0 0

      运行下列命令激活quota:

host:~# touch /quota.user /quota.group
host:~# chmod 600 /quota.*
host:~# mount -o remount /
host:~# quotacheck -avugm
host:~# quotaon -avug

十、安装MyDNS
      在我们安装MyDNS之前,我们需要安装下面一些软件包:

host:~# apt-get install g++ libc6 gcc gawk make texinfo libmysqlclient15-dev

      MyDNS并不包含在Debian Lenny的更新源中,所以我们必须自己编译源码安装:

host:~# cd /tmp
host:~# wget http://heanet.dl.sourceforge.net/sourceforge/mydns-ng/mydns-1.2.8.25.tar.gz
host:~# tar xvfz mydns-1.2.8.25.tar.gz
host:~# cd mydns-1.2.8
host:~# ./configure
host:~# make
host:~# make install

      然后我们建立MyDNS的启动/停止脚本:

host:~# vi /etc/init.d/mydns

      内容如下:
#! /bin/sh
#
# mydns Start the MyDNS server
#
# Author: Philipp Kern <phil@philkern.de>.
# Based upon skeleton 1.9.4 by Miquel van Smoorenburg
# <miquels@cistron.nl> and Ian Murdock <imurdock@gnu.ai.mit.edu>.
#
set -e

PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin
DAEMON=/usr/local/sbin/mydns
NAME=mydns
DESC=”DNS server”

SCRIPTNAME=/etc/init.d/$NAME

# Gracefully exit if the package has been removed.
test -x $DAEMON || exit 0

case “$1” in
start)
echo -n “Starting $DESC: $NAME”
start-stop-daemon –start –quiet \
–exec $DAEMON — -b
echo “.”
;;
stop)
echo -n “Stopping $DESC: $NAME”
start-stop-daemon –stop –oknodo –quiet \
–exec $DAEMON
echo “.”
;;
reload|force-reload)
echo -n “Reloading $DESC configuration…”
start-stop-daemon –stop –signal HUP –quiet \
–exec $DAEMON
echo “done.”
;;
restart)
echo -n “Restarting $DESC: $NAME”
start-stop-daemon –stop –quiet –oknodo \
–exec $DAEMON
sleep 1
start-stop-daemon –start –quiet \
–exec $DAEMON — -b
echo “.”
;;
*)
echo “Usage: $SCRIPTNAME {start|stop|restart|reload|force-reload}” >&2
exit 1
;;
esac

exit 0
 

      然后我们给这个脚本执行权限,然后建立系统启动连接:

host:~# chmod +x /etc/init.d/mydns
host:~# update-rc.d mydns defaults 

十一、安装Vlogger和Webalizer

host:~# apt-get install vlogger webalizer

十二、安装Jailkit
       Jailkit仅仅在你想chrrot SSh用户的是偶需要。可以通过下列命令行安装它(提醒:Jailkit必须在安装ispconfig3之前安装,不能在ispconfig之后安装):

host:~# apt-get install build-essential autoconf automake1.9 libtool flex bison
host:~# cd /tmp
host:~# wget http://olivier.sessink.nl/jailkit/jailkit-2.5.tar.gz
host:~# tar xvfz jailkit-2.5.tar.gz
host:~# cd jailkit-2.5
host:~# ./configure
host:~# make
host:~# make install
host:~# cd ..
host:~# rm -rf jailkit-2.5*

十三、安装fail2ban

host:~# apt-get install fail2ban

十四、安装SquirrelMail

host:~# apt-get install squirrelmail

      然后建立下列链接:

host:~# ln -s /usr/share/squirrelmail/ /var/www/webmail

      然后配置SquirrelMail:

host:~# squirrelmail-configure

      我们必须告诉SquirrelMail我们使用的是Courier-IMAP还是POP3:

SquirrelMail Configuration : Read: config.php (1.4.0)
———————————————————
Main Menu —
1. Organization Preferences
2. Server Settings
3. Folder Defaults
4. General Options
5. Themes
6. Address Books
7. Message of the Day (MOTD)
8. Plugins
9. Database
10. Languages
D. Set pre-defined settings for specific IMAP servers

C Turn color on
S Save data
Q Quit

Command >> <– D
SquirrelMail Configuration : Read: config.php
———————————————————
While we have been building SquirrelMail, we have discovered some
preferences that work better with some servers that don’t work so
well with others. If you select your IMAP server, this option will
set some pre-defined settings for that server.

Please note that you will still need to go through and make sure
everything is correct. This does not change everything. There are
only a few settings that this will change.

Please select your IMAP server:
bincimap = Binc IMAP server
courier = Courier IMAP server
cyrus = Cyrus IMAP server
dovecot = Dovecot Secure IMAP server
exchange = Microsoft Exchange IMAP server
hmailserver = hMailServer
macosx = Mac OS X Mailserver
mercury32 = Mercury/32
uw = University of Washington’s IMAP server

quit = Do not change anything
Command >> <– courier
SquirrelMail Configuration : Read: config.php
———————————————————
While we have been building SquirrelMail, we have discovered some
preferences that work better with some servers that don’t work so
well with others. If you select your IMAP server, this option will
set some pre-defined settings for that server.

Please note that you will still need to go through and make sure
everything is correct. This does not change everything. There are
only a few settings that this will change.

Please select your IMAP server:
bincimap = Binc IMAP server
courier = Courier IMAP server
cyrus = Cyrus IMAP server
dovecot = Dovecot Secure IMAP server
exchange = Microsoft Exchange IMAP server
hmailserver = hMailServer
macosx = Mac OS X Mailserver
mercury32 = Mercury/32
uw = University of Washington’s IMAP server

quit = Do not change anything
Command >> courier

imap_server_type = courier
default_folder_prefix = INBOX.
trash_folder = Trash
sent_folder = Sent
draft_folder = Drafts
show_prefix_option = false
default_sub_of_inbox = false
show_contain_subfolders_option = false
optional_delimiter = .
delete_folder = true

Press any key to continue… <– 任意键
SquirrelMail Configuration : Read: config.php (1.4.0)
———————————————————
Main Menu —
1. Organization Preferences
2. Server Settings
3. Folder Defaults
4. General Options
5. Themes
6. Address Books
7. Message of the Day (MOTD)
8. Plugins
9. Database
10. Languages

D. Set pre-defined settings for specific IMAP servers

C Turn color on
S Save data
Q Quit

Command >> <– S
SquirrelMail Configuration : Read: config.php (1.4.0)
———————————————————
Main Menu —
1. Organization Preferences
2. Server Settings
3. Folder Defaults
4. General Options
5. Themes
6. Address Books
7. Message of the Day (MOTD)
8. Plugins
9. Database
10. Languages

D. Set pre-defined settings for specific IMAP servers

C Turn color on
S Save data
Q Quit

Command >> <– Q
 

      然后你就可以通过http://host.ispcpcn.com/webmail或者http://192.168.0.200/webmail来访问SquirrelMail了。
十五、安装ISPConfig 3

host:~# cd /tmp
host:~# wget http://downloads.sourceforge.net/ispconfig/ISPConfig-3.0.1.3.tar.gz?use_mirror=
host:~# tar xvfz ISPConfig-3.0.1.tar.gz
host:~# cd ispconfig3_install/install/
host:~# php -q install.php

      然后根据提示回答问题或者做出选择:

——————————————————————————–
_____ ___________ _____ __ _
|_ _/ ___| ___ \ / __ \ / _(_)
| | \ `–.| |_/ / | / \/ ___ _ __ | |_ _ __ _
| | `–. \ __/ | | / _ \| ‘_ \| _| |/ _` |
_| |_/\__/ / | | \__/\ (_) | | | | | | | (_| |
\___/\____/\_| \____/\___/|_| |_|_| |_|\__, |
__/ |
|___/
——————————————————————————–

>> Initial configuration

Operating System: Debian Lenny/Sid or compatible

Following will be a few questions for primary configuration so be careful.
Default values are in [brackets] and can be accepted with <ENTER>.
Tap in “quit” (without the quotes) to stop the installer.
Select language (en,de) [en]: <– 回车

Installation mode (standard,expert) [standard]: <– 回车

Full qualified hostname (FQDN) of the server, eg server1.domain.tld [host.ispcpcn.com]: <– 回车

MySQL server hostname [localhost]: <– 回车

MySQL root username [root]: <– 回车

MySQL root password []: <– MySQL的root用户密码

MySQL database to create [dbispconfig]: <– 回车

MySQL charset [utf8]: <– 回车

Generating a 2048 bit RSA private key
……………………………………………………………………………………………………+++
……………………………………………………………………………………………+++
writing new private key to ‘smtpd.key’
—–
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter ‘.’, the field will be left blank.
—–
Country Name (2 letter code) [AU]: <– 国家,填写CN
State or Province Name (full name) [Some-State]: <– 省份
Locality Name (eg, city) []: <– 回车
Organization Name (eg, company) [Internet Widgits Pty Ltd]: <– 回车
Organizational Unit Name (eg, section) []: <– 回车
Common Name (eg, YOUR name) []: <– 回车
Email Address []: <– 回车
Configuring Jailkit
Configuring SASL
Configuring PAM
Configuring Courier
Configuring Spamassassin
Configuring Amavisd
Configuring Getmail
Configuring Pureftpd
Configuring MyDNS
Configuring Apache
Configuring Firewall
Installing ISPConfig
ISPConfig Port [8080]: <– 回车

Configuring DBServer
Installing Crontab
no crontab for root
no crontab for getmail
Restarting services …
Stopping MySQL database server: mysqld.
Starting MySQL database server: mysqld.
Checking for corrupt, not cleanly closed and upgrade needing tables..
Stopping Postfix Mail Transport Agent: postfix.
Starting Postfix Mail Transport Agent: postfix.
Stopping SASL Authentication Daemon: saslauthd.
Starting SASL Authentication Daemon: saslauthd.
Stopping amavisd: amavisd-new.
Starting amavisd: amavisd-new.
Stopping ClamAV daemon: clamd.
Starting ClamAV daemon: clamd .
Stopping Courier authentication services: authdaemond.
Starting Courier authentication services: authdaemond.
Stopping Courier IMAP server: imapd.
Starting Courier IMAP server: imapd.
Stopping Courier IMAP-SSL server: imapd-ssl.
Starting Courier IMAP-SSL server: imapd-ssl.
Stopping Courier POP3 server: pop3d.
Starting Courier POP3 server: pop3d.
Stopping Courier POP3-SSL server: pop3d-ssl.
Starting Courier POP3-SSL server: pop3d-ssl.
Restarting web server: apache2 … waiting .
Restarting ftp server: Running: /usr/sbin/pure-ftpd-mysql-virtualchroot -l mysql:/etc/pure-ftpd/db/mysql.conf -l pam -E -A -u 1000 -O clf:/var/log/pure-ftpd/transfer.log -b -B
Installation completed.
 
 

      安装完成,这个时候,你可以通过http://host.ispcpcn.com:8080或者http://192.168.0.200:8080来访问控制面板,默认管理员用户名和密码都是admin。

作者博客地址:http://www.ispcpcn.com/

发表回复

您的电子邮箱地址不会被公开。 必填项已用 * 标注