To provide new email and web hosting service to our customers, we deploys ISPConfig 3 with Nginx, Postfix and Dovecot on few Linux hosting systems. And our customers have their own private Linode and other cloud service providers. Their own systems are hosting their emails and web sites for business needs.
We installed Ubuntu 16.04.1 LTS as the base Linux operating system with OpenSSH server. We refers to a document on howtoforge.
$ apt-get install ntp ntpdate
Installing Postfix + MySQL + OpenSSL + Dovecot
$ apt-get install postfix postfix-mysql postfix-doc mysql-client mysql-server openssl getmail4 rkhunter binutils dovecot-imapd dovecot-pop3d dovecot-mysql dovecot-sieve sudo
$ vim /etc/postfix/master.cf
Un-comment following lines and add/change lines in bold and red colour.
[...]
submission inet n - y - - smtpd
-o syslog_name=postfix/submission
-o smtpd_tls_security_level=encrypt
-o smtpd_sasl_auth_enable=yes
-o smtpd_client_restrictions=permit_sasl_authenticated,reject
[...]
smtps inet n - y - - smtpd
-o syslog_name=postfix/smtps
-o smtpd_tls_wrappermode=yes
-o smtpd_sasl_auth_enable=yes
-o smtpd_client_restrictions=permit_sasl_authenticated,reject
[...]
Restart Postfix.
$ service postfix restart
We want to keep MySQL server listening to localhost only, so we skipped MySQL/MaroiaDB setting.
Installing Amavisd-new, spamassassin, clamav
$ apt-get install amavisd-new spamassassin clamav clamav-daemon zoo unzip bzip2 arj nomarch lzop cabextract apt-listchanges libnet-ldap-perl libauthen-sasl-perl clamav-docs daemon libio-string-perl libio-socket-ssl-perl libnet-ident-perl zip libnet-dns-perl
ISPConfig 3 will use Amavisd-new to load Spamassassin filter internally, therefore we don’t need to load Spamassassin as standalone process. So, we disable it to load at startup.
$ service spamassassin stop
$ update-rc.d -f spamassassin remove
And freshclam and clamav will operate in background, so we skipped freshclam and clamav setting after some checkings.
Installing Nginx, PHP7 (PHP-FPM), Fcgiwrap
$ apt-get install nginx
We didn’t install apache2 at previous installation, so we don’t need to stop and disable it.
PHP5 is no longer available, so we install PHP7 (PHP-FPM) from repos
$ apt-get install php-fpm
$ apt-get install php-mysql php-curl php-gd php-intl php-pear php-imagick php-imap php-mcrypt php-memcache php-pspell php-recode php-sqlite3 php-tidy php-xmlrpc php-xml
Installing open PHP opcode cacher
$ apt-get install php-apcu
Modify cgi.fix_pathinfo and timezone (eg. Hong Kong)
$ vim /etc/php/7.0/fpm/php.ini
[....] cgi.fix_pathinfo=0 [....] date.timezone = "Asia/Hong_Kong" [....]
Reloading PHP7 FPM
$ service php7.0-fpm reload
Installing fcgiwrap
$ apt-get install fcgiwrap
Installing PHPMyAdmin
$ apt-get install phpmyadmin
Installing mailman on Ubuntu
Installing PureFTPD and quota
$ apt-get install pure-ftpd-common pure-ftpd-mysql quota quotatool
$ vim /etc/default/pure-ftpd-common
VIRTUALCHROOT=true
$ echo 1 > /etc/pure-ftpd/conf/TLS
To create SSL cert for PureFTPD, we use letsencrypt instead of openssl self-CA cert.
We install letsencrypt first
$ apt-get install letsencrypt
$ vim /etc/fstab
Adding “,usrjquota=quota.user,grpjquota=quota.group,jqfmt=vfsv0”
UUID=af5e4830-45e0-7f9a-edd4d81eb-3a92e53 / ext4 errors=remount-ro,usrjquota=quota.user,grpjquota=quota.group,jqfmt=vfsv0 0
Enabling quota using remount
$ mount -o remount /
$ quotacheck -avugm
$ quotaon -avug
Installing BIND DNS server
$ apt-get install bind9 dnsutils
Installing Vlogger, Webalizer and AWStats
$ apt-get install vlogger webalizer awstats geoip-database libclass-dbi-mysql-perl
$ vim /etc/cron.d/awstats
and then remark all lines at above cron file for awstats.
Installing Jailkit
Installing Fail2ban
Installing ISPConfig 3
$ cd /tmp
$ wget http://www.ispconfig.org/downloads/ISPConfig-3-stable.tar.gz
$ tar xfz ISPConfig-3-stable.tar.gz
$ cd ispconfig3_install/install/
Adding the following line to [mysqld] section and restart MySQL
$ vim /etc/mysql/mysql.conf.d/mysqld.cnf
sql-mode=”NO_ENGINE_SUBSTITUTION”
$ /etc/init.d/mysql restart
Run ISPConfig 3 install script
$ php -q install.php
PureFTPD, Postfix and ISPConfig used self-created self-CA SSL certificates, we should replace them with letsencrypt cert later.
Try to login ISPConfig 3 admin web console on https://yourhostname.yourdomainname:8080/ with default login and password: admin / admin
Please change admin password after successful login. Enjoy!