ispconfig

SSH Chroot in ISPConfig Centos-4.6

Below is reference of how I have setup chroot SSH jail for users in CentOS-4.6 with ISPConfig installed replacing the openssh rpm with the one from chrootssh.sourceforge.net .

It's easy on ISPConfig as support for chroot SSH is now built in with the control panel, you simply need to get chrootSSH installed and then enable the ssh option located in the config file at "/home/admispconfig/ispconfig/lib/config.inc.php":

$go_info["server"]["ssh_chroot"] = 1;

If you need for the ssh chroot to access additional application, the file "/root/ispconfig/scripts/shell/create_chroot_env.sh" which builds the chroot needs to be edited. Also, check and edit the location of mysql socket file.

custom procmail rules on ispconfig

Edit "/root/ispconfig/isp/conf/procmailrc.master" and add the below ".custom.rc" line.

{MAILDIR_COMMENT}MAILDIR=$HOME/Maildir/
{MAILDIR_COMMENT}DEFAULT=$MAILDIR
{MAILDIR_COMMENT}ORGMAIL=$MAILDIR
{QUOTA}
INCLUDERC={PMDIR}/.mailsize.rc
{QUOTA_COMMENT}INCLUDERC={PMDIR}/.quota.rc
{ANTIVIRUS_COMMENT}INCLUDERC={PMDIR}/.antivirus.rc
{MAILSCAN_COMMENT}INCLUDERC={PMDIR}/.local-rules.rc
{MAILSCAN_COMMENT}INCLUDERC={PMDIR}/.html-trap.rc
{SPAMASSASSIN_COMMENT}INCLUDERC={PMDIR}/.spamassassin.rcr />{AUTORESPONDER_COMMENT}INCLUDERC={PMDIR}/.autoresponder.rc
INCLUDERC={PMDIR}/.custom.rc

Now include any custom rules that you may have to the ".custom.rc" file in the users home directory.

Custom webalizer.conf for each ISPConfig site

I needed custom configuration for each site to exclude the domain which would otherwise show up in the webalizer referrer report.

I patched "/root/ispconfig/scripts/shell/webalizer.php" with the below diff for ispconfig-2.2.21.

--- webalizer.php.orig  2008-02-27 13:39:38.000000000 -0600
+++ webalizer.php   ;    2008-02-27 14:26:03.000000000 -0600
@@ -86,6 +86,9 @@
               $web_path = $web_home . "/$webname/web";
               $stats_path = $web_path . "/stats";
               $logfile = $web_home . "/$webname/log/web.log";
+             // Begin: addition by wizap
+             $webalizer_conf = $web_home."/".$webname."/webalizer.conf";
+             // End: by wizap
               $web_user = fileowner($web_path);
               $web_group = filegroup($web_path);

@@ -144,7 +147,14 @@
                   } else {
                     $web_real_name = $web_data["web_domain"];
                   }
-                  $message .= exec("webalizer -n $web_real_name -s $web_real_name -r $web_real_name -q -T -o $stats_path -c /root/ispconfig/scripts/shell/webalizer.conf $logfile")."\n";
+                 // Begin: addition by wizap
+                 if(@is_file($webalizer_conf)) {
+                       $message .= exec("webalizer -n $web_real_name -s $web_real_name -r $web_real_name -q -T -o $stats_path -c $webalizer_conf $logfile")."\n";
+                 }
+                 else {
+                       $message .= exec("webalizer -n $web_real_name -s $web_real_name -r $web_real_name -q -T -o $stats_path -c /root/ispconfig/scripts/shell/webalizer.conf $logfile")."\n";
+                 }
+                 // End: by wizap
               }

               exec("chown -R $web_user:$web_group $stats_path &> /dev/null");
@@ -249,4 +259,4 @@
   }
}
//////////////// LOGSIZE ENDE ////////////////
\ No newline at end of file
+?>

So, now it will detect if there is a custom webalizer.conf file in the sites root directory and include it instead of the default. You can simply copy over the default webalizer.conf file to the site root and add the site name to the HideReferrer section:

HideReferrer        <domain.tld>

Migrating ISPConfig CentOS server

Recently did a full server migration with ISPConfig installed. Luckily it was within the same distro but an updated version of CentOS-4.5, had to add centos-4.5 support to ispconfig conf file prior to the install. I also made sure that I was installing the same version of ISPConfig on the new server, and upgrading to the latest once the migration was complete and the server stable.

These are just notes I took down for later reference, just in case it happens again!!

Preparation:

In preparation for the migration, create A records to point to the new server IP, for all domains to do temporary redirection:

{newhost.domain.tld} : xx.xx.xx.xx
www1.{domain.tld}  ;  : xx.xx.xx.xx

Comment