Linux Harbour

Open Source Technology Media

    • Linux

    Installing ISPConfig 3 with Nginx, Postfix, Dovecot

    Sammy Fung Posted on

    To provide new email and web hosting service to our customers, we deploys ISPConfig 3 with Nginx, Postfix and Dovecot on few Linux hosting systems. And our customers have their own private Linode and other cloud service providers. Their own systems are hosting their emails and web sites for business needs.

    We installed Ubuntu 16.04.1 LTS as the base Linux operating system with OpenSSH server. We refers to a document on howtoforge.

    Upgrading latest version software packages from repos
    $ apt-get update; apt-get upgrade
    Disable and Removing AppArmor
    $ service apparmor stop
    $ update-rc.d -f apparmor remove
    $ apt-get remove apparmor apparmor-utils
    Installing NTP
    $ apt-get install ntp ntpdate

    Installing Postfix + MySQL + OpenSSL + Dovecot
    $ apt-get install postfix postfix-mysql postfix-doc mysql-client mysql-server openssl getmail4 rkhunter binutils dovecot-imapd dovecot-pop3d dovecot-mysql dovecot-sieve sudo

    $ vim /etc/postfix/master.cf

    Un-comment following lines and add/change lines in bold and red colour.

    [...]
    submission inet n       -       y       -       -       smtpd
      -o syslog_name=postfix/submission
      -o smtpd_tls_security_level=encrypt
      -o smtpd_sasl_auth_enable=yes
      -o smtpd_client_restrictions=permit_sasl_authenticated,reject
    [...]
    smtps     inet  n       -       y       -       -       smtpd
      -o syslog_name=postfix/smtps
      -o smtpd_tls_wrappermode=yes
      -o smtpd_sasl_auth_enable=yes
      -o smtpd_client_restrictions=permit_sasl_authenticated,reject
    [...]

    Restart Postfix.

    $ service postfix restart

    We want to keep MySQL server listening to localhost only, so we skipped MySQL/MaroiaDB setting.

    Installing Amavisd-new, spamassassin, clamav

    $ apt-get install amavisd-new spamassassin clamav clamav-daemon zoo unzip bzip2 arj nomarch lzop cabextract apt-listchanges libnet-ldap-perl libauthen-sasl-perl clamav-docs daemon libio-string-perl libio-socket-ssl-perl libnet-ident-perl zip libnet-dns-perl

    ISPConfig 3 will use Amavisd-new to load Spamassassin filter internally, therefore we don’t need to load  Spamassassin as standalone process. So, we disable it to load at startup.

    $ service spamassassin stop
    $ update-rc.d -f spamassassin remove

    And freshclam and clamav will operate in background, so we skipped freshclam and clamav setting after some checkings.

    Installing Nginx, PHP7 (PHP-FPM), Fcgiwrap

    $ apt-get install nginx

    We didn’t install apache2 at previous installation, so we don’t need to stop and disable it.

    PHP5 is no longer available, so we install PHP7 (PHP-FPM) from repos

    $ apt-get install php-fpm

    $ apt-get install php-mysql php-curl php-gd php-intl php-pear php-imagick php-imap php-mcrypt php-memcache php-pspell php-recode php-sqlite3 php-tidy php-xmlrpc php-xml

    Installing open PHP opcode cacher

    $ apt-get install php-apcu

    Modify cgi.fix_pathinfo and timezone (eg. Hong Kong)

    $ vim /etc/php/7.0/fpm/php.ini

    [....]

cgi.fix_pathinfo=0

[....]

date.timezone = "Asia/Hong_Kong"

[....]

    Reloading PHP7 FPM

    $ service php7.0-fpm reload

    Installing fcgiwrap

    $ apt-get install fcgiwrap

    Installing PHPMyAdmin

    $ apt-get install phpmyadmin

    Installing mailman on Ubuntu

    Installing Mailman on Ubuntu

    Installing PureFTPD and quota

    $ apt-get install pure-ftpd-common pure-ftpd-mysql quota quotatool

    $ vim /etc/default/pure-ftpd-common

    VIRTUALCHROOT=true

    $ echo 1 > /etc/pure-ftpd/conf/TLS

    To create SSL cert for PureFTPD, we use letsencrypt instead of openssl self-CA cert.

    We install letsencrypt first

    $ apt-get install letsencrypt

    $ vim /etc/fstab

    Adding “,usrjquota=quota.user,grpjquota=quota.group,jqfmt=vfsv0”

    UUID=af5e4830-45e0-7f9a-edd4d81eb-3a92e53 /               ext4    errors=remount-ro,usrjquota=quota.user,grpjquota=quota.group,jqfmt=vfsv0 0

    Enabling quota using remount

    $ mount -o remount /
    $ quotacheck -avugm
    $ quotaon -avug

    Installing BIND DNS server

    $ apt-get install bind9 dnsutils

    Installing Vlogger, Webalizer and AWStats

    $ apt-get install vlogger webalizer awstats geoip-database libclass-dbi-mysql-perl

    $ vim /etc/cron.d/awstats

    and then remark all lines at above cron file for awstats.

    Installing Jailkit

    Install Jailkit on Ubuntu

    Installing Fail2ban

    Install Fail2ban on Ubuntu

    Installing ISPConfig 3

    $ cd /tmp
    $ wget http://www.ispconfig.org/downloads/ISPConfig-3-stable.tar.gz
    $ tar xfz ISPConfig-3-stable.tar.gz
    $ cd ispconfig3_install/install/

    Adding the following line to [mysqld] section and restart MySQL
    $ vim /etc/mysql/mysql.conf.d/mysqld.cnf

    sql-mode=”NO_ENGINE_SUBSTITUTION”

    $ /etc/init.d/mysql restart

    Run ISPConfig 3 install script

    $ php -q install.php

    PureFTPD, Postfix and ISPConfig used self-created self-CA SSL certificates, we should replace them with letsencrypt cert later.

    Try to login ISPConfig 3 admin web console on https://yourhostname.yourdomainname:8080/ with default login and password: admin / admin

    Please change admin password after successful login. Enjoy!

    Tagged:

    Sammy Fung
    Founder of Linux Harbour
    View all posts

    You Might Also Like