These are notes, I had taken down while setting up ISPConfig Hosting Control Panel on LayeredTechs Grid. Most of the steps were referenced via howtoforge and ispconfig installation notes. There were some gotchas to look out for and has bee noted below:
-
update all packages:
# yum update
Install screen if not already installed.
# yum install screen
Secure and lock down SSH.
-
Change ssh default port.
Only allow ssh protocol 2.
Disable direct root login.
Limit ssh access to certain users only.
Limit su access to certain users only.
Install and Setup ISPconfig required packages:
Setup quotas.# yum install quota
then in /etc/fstab:
/dev/hda1 / ext3 defaults,usrquota,grpquota 0 0
Enable quota:
# touch /aquota.user /aquota.group
# chmod 600 /aquota.*
# mount -o remount /
# quotacheck -avugm
# quotaon -avug
Install chroot DNS server.
# yum install bind-chroot
# chmod 755 /var/named/
# chmod 775 /var/named/chroot/
# chmod 775 /var/named/chroot/var/
# chmod 775 /var/named/chroot/var/named/r /># chmod 775 /var/named/chroot/var/run/
# chmod 777 /var/named/chroot/var/run/name d/
# cd /var/named/chroot/var/named/r /># ln -s ../../ chroot
# chkconfig --levels 235 named on
# /etc/init.d/named start
Install mysql:
I had some issues trying to start mysql and noticed that the /tmp directory permissions settings was not correct, which was set to 755.
# chmod 1777 /tmp
# yum install mysql mysql-devel mysql-server
Add some delay in restart, as sometime it tries to start MySQL before the old MySQL process has stopped which leads to a failure.
restart(){
stop
sleep 3
start
}
I've also had to disable bdb in my.cnf as there seems to be a problem with the xen environment.
Add the below two lines in /etc/my.cnf to skip bdb and indb.
skip-bdb
skip-innodb
Reset the root password.
# mysqladmin -u root password <new_password>
Install php and apache:
# yum install php php-devel php-gd php-mysql php-pear
# yum install mod_ssl
Update the DirectoryIndex directive with:
DirectoryIndex index.html index.htm index.shtml index.php index.cgi index.pl
Configure to start and boot and start the httpd service:
# chkconfig --levels 235 httpd on
# serivce httpd start
Install and start proftpd:
# cd /etc/yum.repos.d/
# wget http://centos.karan.org/kbsing h-CentOS-Extras.repo
# rpm --import http://centos.karan.org/RPM-GP G-KEY-karan.org.txt
# yum install proftpd
# chkcofig --levels 235 proftpd on
# service proftpd start
Create the /etc/pam.d/ftp file with the below content to enable system users for ftp access.
#%PAM-1.0
auth required &nbs p; pam_unix.so & nbsp; nullok
account required &nbs p; pam_unix.so
session required &nbs p; pam_unix.so
Install webalizer:
# yum -y install webalizer
Install squirrelmail for webmail access:
# yum -y install squirrelmail
Install dovecot to handle pop and imap access.
# yum -y install dovecot
# chkconfig --levels 235 dovecot on
# serivce dovecot start
By default dovecot only listens to imap and imaps, so add the pop3 and pop3s protocols to listen to. Restart dovecot to load the configuration changes:
protocols = imap imaps pop3 pop3s
Sendmail should already come installed, but is setup by default to only listen to the loopback address 127.0.0.1 and not on any other network devices. Remove the loopback address restriction to accept email from the internet.
DAEMON_OPTIONS(`Port=smtp, Name=MTA')dnl
Install perl modules required by SpamAssassin:
# yum install perl-HTML-Parser perl-DBI perl-Net-DNS perl-Digest-SHA1
CentOS comes with zlib-1.2.1, which is old and has security hole. Install the latest zlib else the installation of ISPConfig fails if the newer version is not found:
# wget http://www.zlib.net/zlib-1.2.3 .tar.gz
# tar xvfz zlib-1.2.3.tar.gz
# cd zlib-1.2.3
# ./configure --shared
# make
# make install
Install ISPconfig:
# wget http://easynews.dl.sourceforge .net/sourceforge/ispconfig/ISP Config-2.2.9.tar.gz
# tar -xvzf ISPConfig-2.2.9.tar.gz
# cd install_ispconfig/
Install any requirements for compiling such as gcc, make, flex etc..., I had to install flex and gcc-c++ as it was missing:
Check the dist.txt and see if the values given there suit the distribution before running `setup.sh`.
# yum install flex gcc-c++
./setup.sh
In step 7 and 8 when it confirms to protect the certificates with a pass phrase, choose "n" there because otherwise you will always be asked for a password whenever you want to restart the ISPConfig system which means it cannot be restarted without human interaction!
References:
- sandip's blog
- Login or register to post comments
Comments
From the Admin manual of ISPConfig:
When upgrading to 2.2.21 the SpamAssassin compile barfed out and the upgrade failed. CentOS package perl-HTML-Parser was too old for the SpamAssassin version that comes with ISPConfig.
Luckily, I had backups of the database, /root/ispconfig and /home/admispconfig. Restored the folders and database, then re-ran the installer with the latest HTML::Parser.
# perl -MCPAN -e 'install HTML::PARSER'