ISPmanager installation (ISPmanager)

From ISPWiki

Jump to: navigation, search


Contents

System requirements

Operating system

We always extend the list of supported operating systems by adding new items. The latest version of the list is here.

Operating system kernel must support disk space quota arrangement. The quotas must be configured and activated. We would not recommend you to divide hard drive into multiple partitions, since the limitation will be applied only for that partition which contains site directories (/home).

For your programs proper running, we would recommend you to set the right hostname and current time beforehand.

Software

All the needed software will be added during the installation process. If you have software that is already installed on your server, setup program will try configure it for work with ISPmanager.

If you want ISPsystem team to help you with ISPmanager installation, you will have to give them the root user password. This user must have the server access via SSH. Check if the option below is activated in the file /etc/ssh/sshd_config

PermitRootLogin yes

Server IP-address

IP-address licensed by ISPmanager control panel must be the first one in the IP-addresses list which ifconfig returns. That means the license is not valid for the main address aliases.

Installation instruction

Step 1

The first step requires an active license. In case you don't have the license, you can order it here. Then you not sure if you license active or not, you can check it by visiting our site page "For customers".

Step 2

Access shell on your server and then run any of the commands:

fetch "http://download.ispsystem.com/install.sh" curl -o install.sh "http://download.ispsystem.com/install.sh" wget "http://download.ispsystem.com/install.sh"

Then

sh install.sh

Installation script will ask you to choose the mode:

  • Express - the standard software set required by web-hosting (Apache-1.3, php-5, Sendmail, Dovecot, Proftpd, FastCgi, Squirrelmail, Bind, MySQL-4.1, Webalizer, AwStats, PhpMyAdmin) will be installed. The installation mode provides the fastest installation.
  • Custom - this mode is for more advanced user. Here you will be required to choose software proper version (Apache versions 1.3, 2, 2.2; PHP versions 4, 5; MySQL versions 3.23, 4.1, 5.0 or PostgreSQL; SMTP-server CommuniGatePro, Exim, Postfix or Sendmail; POP3-server Dovecot or Qpopper)
  • Manual - no additional software will be installed. You will have only the control panel and existing config files will have required changes for work with ISPmanager. You can use this mode for configuration then the server software which work with ISPmanager was changed.

Step 3

Use the URL given below to access ISPmanager (instead of xxx.xxx.xxx.xxx specify your server IP-address)

https://xxx.xxx.xxx.xxx/manager/

FreeBSD

The software can be installed is:

Apache versions 1.3, 2 and 2.2 PHP 4 and 5 MySQL 3.23, 4.1, 5.0 and Postgres Sendmail, Exim, Postfix and CommunigatePro SquirellMail MajorDomo and MailMan Dovecot Bind9 ProFTPD AwStats Webalizer phpMyAdmin mod_php fastcgi

Before you set the installation mode, the installation program sincronizes the system time and installs Perl, Bash, Unzip. Installator versions support ports updating up to the current version, and (when needed and with user consent) install kernel with disk quota and IP FireWall support. If you select the mode Express, ports archive will be download from FreeBSD official web-site and extract replacing all the files existing. Then the mode Custom is selected, you can use either the above mentioned method or update the ports via cvs. This method will take a bit more time, but all the changed files will be saved without rewriting.

The most of software is installed from precompiled packages (beside always making from ports Apache and PHP). If there is no needed package or the one you have is incompatible, the program required will be installed from ports.

The options used to compile Apache are:

WITH_APACHE_SUEXEC=yes APACHE_SUEXEC_DOCROOT=/

The options used to compile PHP are:

WITH_CLI=true WITH_CGI=true WITH_APACHE=true WITH_FASTCGI=true WITH_PATHINFO=true WITHOUT_DEBUG=true WITHOUT_MULTIBYTE=true WITHOUT_IPV6=true WITHOUT_REDIRECT=true WITHOUT_DISCARD=true

To provide the correct work with the control panel, some changes will be made in the program config files while installation.

Apache

The directive below is added into the configuration file httpd.conf added (the derictive directive that allows using ISPmanager):

Include /usr/local/ispmgr/etc/ispmgr.inc

In addition, other directives will be added:

AddHandler cgi-script .cgi .pl AddType text/html .shtml AddHandler server-parsed .shtml AddType application/x-x509-ca-cert .crt AddType application/x-pkcs7-crl .crl <Directory /home/*> Options +Includes AllowOverride FileInfo AuthConfig Limit Indexes Options </Directory> <Directory "/home/*/cgi-bin"> Options -Indexes </Directory>

To initiate a secure connection over SSL, the program creates secret keys by the command:

openssl req -new -newkey rsa:1024 -nodes -keyout /etc/mail/certs/server.key -x509 -days 5000 -subj "/C=XX/CN=host-name/emailAddress=root@host-name" -out /etc/mail/certs/server.crt

Then, the key and certificate will be copied to the proper directories by the commands:

cp /usr/local/ispmgr/etc/server.* /etc/mail/certs/ cp /etc/mail/certs/server.crt /etc/mail/certs/cacert.pem chmod 400 /etc/mail/certs/server.key cp /usr/local/ispmgr/etc/server.* /etc cp /etc/server.crt /etc/cacert.pem chmod 400 /etc/server.key

Sendmail

The following lines will be abbed into the file /etc/mail/host-name.mc:

define(`confCACERT_PATH', `/etc/mail/certs/CA') define(`confCACERT', `/etc/mail/certs/server.crt') define(`confSERVER_CERT', `/etc/mail/certs/server.crt') define(`confSERVER_KEY', `/etc/mail/certs/server.key') TRUST_AUTH_MECH(`DIGEST-MD5 CRAM-MD5 LOGIN PLAIN')dnl define(`confAUTH_MECHANISMS',`DIGEST-MD5 CRAM-MD5 LOGIN PLAIN')dnl define(`confDONT_BLAME_SENDMAIL',`GroupReadableSASLDBFile')dnl

Then the line below will be added into the file /usr/local/lib/sasl2/Sendmail.conf:

pwcheck_method: pam

The changes added into the file /etc/mail/mailer.conf are:

# # Execute the "real" sendmail program, named /usr/libexec/sendmail/sendmail # sendmail /usr/local/sbin/sendmail send-mail /usr/local/sbin/sendmail mailq /usr/local/sbin/sendmail newaliases /usr/local/sbin/sendmail hoststat /usr/local/sbin/sendmail purgestat /usr/local/sbin/sendmail into the file /usr/local/ispmgr/etc/ispmgr.conf MTA sendmail

CommuniGatePro

To keep CommuniGatePro running, the following lines will be added into the file /usr/local/ispmgr/etc/ispmgr.conf:

MTA cgpro path CommunigateProPath /var/CommuniGate CommunigateProPassword path-to-passwords-file

Exim

To let the control panel work with Exim, the following line will be added into the file /usr/local/ispmgr/etc/ispmgr.conf:

MTA exim

The changes that will be made in /etc/mail/mailer.conf are:

# # Execute the \"real\" sendmail program, named /usr/libexec/sendmail/sendmail # sendmail /usr/local/sbin/exim send-mail /usr/local/sbin/exim mailq /usr/local/sbin/exim newaliases /usr/local/sbin/exim hoststat /usr/local/sbin/exim purgestat /usr/local/sbin/exim

The file /usr/local/etc/exim/configure is copied from the ISPmanager distribution, macros are changed by corresponding values.

Postfix

To let the control panel work with Postfix the following directives will be added into the file /usr/local/ispmgr/etc/ispmgr.conf

MTA postfix path local-host-names path-to-local-host-names path virtusertable path-to-virtusertable path aliases path-to-aliases path postmap path-to-postmap path postfix path-to-postfix path newaliases path-to-newaliases

The changes that will be made in /usr/local/etc/postfix/main.cf are:

queue_directory = /var/spool/postfix command_directory = /usr/local/sbin daemon_directory = /usr/local/libexec/postfix mail_owner = postfix local_recipient_maps = unix:passwd.byname $alias_maps unknown_local_recipient_reject_code = 550 alias_maps = hash:/etc/mail/aliases alias_database = hash:/etc/mail/aliases mail_spool_directory = /var/mail debug_peer_level = 9 sendmail_path = /usr/local/sbin/sendmail newaliases_path = /usr/local/bin/newaliases mailq_path = /usr/local/bin/mailq setgid_group = maildrop html_directory = no manpage_directory = /usr/local/man sample_directory = /usr/local/etc/postfix readme_directory = no virtual_alias_domains = /etc/mail/local-host-names virtual_alias_maps = hash:/etc/mail/virtusertable smtpd_sasl_auth_enable = yes smtpd_sender_restrictions = permit_sasl_authenticated smtpd_recipient_restrictions = permit_sasl_authenticated, reject_unauth_destination

Dovecot

The changes that will be made in the file /usr/local/etc/dovecot.conf are:

protocols = imap imaps pop3 pop3s ssl_disable = no ssl_cert_file = /etc/mail/certs/server.crt ssl_key_file = /etc/mail/certs/server.key disable_plaintext_auth = no mail_extra_groups = mail auth_userdb = passwd-file /usr/local/etc/dovecot.passwd auth_passdb = passwd-file /usr/local/etc/dovecot.passwd auth default { passdb passwd-file { args = /usr/local/etc/dovecot.passwd } userdb passwd-file { args = /usr/local/etc/dovecot.passwd } user = root }

ProFTPD

The changes that will be made in /usr/local/etc/proftpd.conf are:

AllowOverwrite on DefaultRoot ~

The following lines will be commented

<Limit> Deny </Limit>

Bind

The path specified below will be added into the file /usr/local/ispmgr/etc/ispmgr.conf in order to provide the possibility to restart name server as its config files were changed:

path ndc path-to-rndc

To make name server listen on all the IP-addresses, the line below will be commented in the file /etc/namedb/named.conf:

Listen on

MySQL

The following directives will be added into the control panel [devel.config configuration file]:

DbServer "MySQL" { Type mysql Hostname localhost User root Password password }

Then you select the mode Express, the installation program creates root user password for MySQL automatically. Then you select the mode Custom, user is required to specify it, and then the password is created by the command

mysqladmin -u root password password

PostgreSQL

The following directives will be added into the control panel [devel.config configuration file]:

DbServer "Postgres" { Type pgsql Hostname localhost User pgsql Password password }

Since the only mode providing Postgres installation is Custom, the installation program will ask you to enter pgsql user password. Once you have done, the password will be set by the command

psql -U pgsql -c "ALTER USER pgsql WITH PASSWORD 'password'" template1

The lines below will be added into Postgres configuration file and then Postgres restart will follow

#TYPE DATABASE USER IP-ADDRESS IP-MASK METHOD local all pgsql password local template1 all password

SquirrelMail

The following lines will be specified in apache config file (which refer to SquirrelMail):

Alias /webmail /usr/share/squirrelmail/ <Directory /usr/share/squirrelmail> php_admin_value open_basedir none php_admin_value session.save_path /tmp/ AddType application/x-httpd-php .php .php3 .php4 .phtml </Directory>

The line will be added into the control panel [devel.config config file]:

extaction webmail /webmail/

PhpMyAdmin

The following lines will be specified in the web-server config file phpmyadmin.conf:

Alias /myadmin /usr/share/phpmyadmin <Directory /usr/share/phpmyadmin/> php_admin_value open_basedir none php_admin_value session.save_path /tmp/ </Directory>

The line will be added into the control panel [devel.config config file]:

extaction myadmin /myadmin/

Secret key for BlowFish will be created and added into the file blowfish_secret.inc.php

<?php $cfg['blowfish_secret'] = 'key'; ?>

Linux

The software can be installed is:

Debian

Apache 1.3.x PHP4 MySQL4 and Postgres Bind9 ProFTPD Postfix and Exim4 dovecot-imapd dovecot-pop3d Squirrelmail Webalizer AwStats mod_php4 vacation iptables quota phpMyAdmin

RedHat and Fedora

Apache2 PHP5 Bind Sendmail Dovecot SquirrelMail Webalizer mysql-server-4 iptables quota vsftpd mod_ssl mod_php phpMyAdmin

Gentoo

The installation program does not install additional software for the distribution. You will have to install the needed component manually. Once you have done, the installation program will set it up for work with control panel.

To provide control panel full functioning, install program checks quotas supported by kernel.

It also checks iptables config for firewall support creating the file /etc/iptables.save

iptables -F iptables -N ISPMGR iptables -A INPUT -j ISPMGR iptables-save > /etc/iptables.save

In case of need the program creates init script /etc/init.d/ispmanager_iptables with the access rights 0755 containing:

#!/bin/sh case \$1 in start) /sbin/iptables-restore /etc/iptables.save ;; stop) /sbin/iptables-save > /etc/iptables.save ;; reload|restart) /sbin/iptables-save > /etc/iptables.save /sbin/iptables-restore /etc/iptables.save ;; esac

And adds the following line into the control panel [devel.config config file]:

path iptables /etc/iptables.save Option ForceFireWall

If you have selinux enabled by default in your distribution, the installation program will disable it.

While installation the following programs configuration files will be changed:

Apache

The directive that allows ISPmanager using will be added:

Include /usr/local/ispmgr/etc/ispmgr.inc

Then apache is not set up with SSL suppor, the following section will be added:

<VirtualHost _default_:443> SSLEngine on SSLCertificateFile /usr/local/ispmgr/etc/server.crt SSLCertificateKeyFile /usr/local/ispmgr/etc/server.key </VirtualHost>

If apache is running without suexec, the installation program will enable it.

For PHP functioning, the installation program will checks if apache was compiled with PHP support or if there is libapache-mod-php4 library (libapache-mod-php5). In case of need the following lines will be added:

Action php-cgi /php-bin/php AddHandler cgi-script .cgi AddHandler server-parsed .shtml

Sometimes all the lines referring to PHP extensions must be commented. That will let web-server PHP process scripts correctly.

To provide the correct work with the control panel, the following lines will be added into [devel.config its config files]:

ApacheVersion 1 (either ApacheVersion 2) path phpbinary path-to-php-cgi Option ForcePHP path DefaultHomeDir /var/www path httpd.conf path-to-httpd.conf path apachectl path-to-apachectl start Option ForceSSI

To initiate a secure connection over SSL, the program creates selfsigned certificates by the command

/usr/bin/openssl req -config /tmp/ssl.cnf -x509 -days 365 -newkey rsa: -nodes -keyout /usr/local/ispmgr/etc/server.key -out /usr/local/ispmgr/etc/server.crt > /dev/null

The file /tmp/ssl.cnf with content

[req] distinguished_name = req_distinguished_name defaults_bits = 1024 prompt = no [req_distinguished_name] C=XX ST=XX L=XX O=XX OU=XX CN=host-name emailAddress=root@host-name

Then the key and certificate will be copied into the proper directories by the commands:

cp /usr/local/ispmgr/etc/server.* /etc/mail/certs/ cp /etc/mail/certs/server.crt /etc/mail/certs/cacert.pem chmod 400 /etc/mail/certs/server.key cp /usr/local/ispmgr/etc/server.* /etc cp /etc/server.crt /etc/cacert.pem chmod 400 /etc/server.key

FTP

vsftpd and proftpd can be used as FTP server. To set up these servers correctly, check if their configuration files contain the directive which forbid user to leave his home directory. In case of proftpd, it is:

DefaultRoot ~

In case of vsftpd, it is:

chroot_local_user=YES

MySQL

The following directives will be added into the control panel [devel.config config file]:

DbServer "MySQL" { Type mysql Hostname localhost User root Password password }

As the mode Express is activated, the installation program creates root user password for MySQL automatically. As the mode Custom is activated, user will be required to enter his/her password. Once you have done, the password will be set by the command

mysqladmin -u root password password

PostgreSQL

The following directives will be added into the control panel [devel.config config file]:

DbServer "Postgres" { Type pgsql Hostname localhost User pgsql Password password }

Since the only mode providing Postgres installation is Custom, the installation program will ask you to enter pgsql user password. Once you have done, the password will be set by the command

psql -U pgsql -c "ALTER USER pgsql WITH PASSWORD 'password'" template1

The lines below will be added into Postgres configuration file and then Postgres restart will follow

#TYPE DATABASE USER IP-ADDRESS IP-MASK METHOD local all pgsql password local template1 all password

Sendmail

In case of need the following lines will be added into the file /etc/mail/sendmail.mc:

TRUST_AUTH_MECH(`EXTERNAL DIGEST-MD5 CRAM-MD5 LOGIN PLAIN')dnl define(`confAUTH_MECHANISMS', `EXTERNAL GSSAPI DIGEST-MD5 CRAM-MD5 LOGIN PLAIN')dnl define(`confAUTH_OPTIONS', `A')dnl define(`confCACERT_PATH',`/etc/mail/certs')dnl define(`confCACERT',`/etc/mail/certs/cacert.pem')dnl define(`confSERVER_CERT',`/etc/mail/certs/cert.pem')dnl define(`confSERVER_KEY',`/etc/mail/certs/key.pem')dnl DAEMON_OPTIONS(`Port=smtp,Addr=0.0.0.0, Name=MTA')dnl

Then the file sendmail.cf will be created

m4 /etc/mail/sendmail.mc

The line below will be added into the file /etc/mail/aliases

root: root

And into the file /etc/mail/virtusertable

root@host-name root

To provide the correct Exim4 running, the following settings will be added into the control panel [devel.config configuration file]:

MTA sendmail path local-host-names path-to-file-local-host-names path newaliases path-to-program-newaliases path sasl path-to-program-saslpasswd2 path sendmail.pid path-to-file-sendmail.pid path virtusertable path-to-file-virtusertable

Exim4

The control panel installs this MTA type on Debian only. To provide the correct Exim running, the installation program checks libsasl2, libsasl2-modules, sasl2-bin, exim4-daemon-heavy packages availability. Then it creates the files /etc/exim4/multi-domains, /etc/exim4/alien-aliases, /etc/exim4/local-aliases, /usr/local/etc/exim/passwd, with the permissions set by the commands:

adduser Debian-exim sasl chmod 1777 /var/mail chmod 644 /etc/exim4/local-aliases chown Debian-exim:Debian-exim /etc/exim4/alien-aliases /etc/exim4/multi-domains /usr/local/etc/exim/passwd

Then the following cganges will be made in the file update-exim4.conf.conf:

dc_eximconfig_configtype='internet' dc_other_hostnames='lsearch;/etc/exim4/multi-domains' dc_local_interfaces='0.0.0.0'

and macros will be changed by corresponding values in the file /usr/local/ispmgr/var/linux.exim.config.sasl:

  • __ISP_MAILMAN_HOME__ is the concrete distribution special macro; usually it is directory /usr/lib/mailman/.
  • __ISP_MAILMAN_VAR__ also depens on distribution; usually it is /var/lib/mailman/.
  • __ISP_DOMAINS__ is the whole path to the file multi-domains.
  • __LOCAL_IP__ is a server main IP-address.
  • __ISP_PASSWD__ - /usr/local/etc/exim/passwd.
  • __ISP_ALIASES__ is the whole path to the file alien-aliases.

Then the file will be copied into the file /etc/exim4/exim4.conf.template and the following command is executed

update-exim.conf

To provide the correct Exim4 running, the following lines will be added into the control panel [devel.config configuration file]:

MTA exim Option EximConverted EximAuth sasl path aliases path-to-file-alien-aliases path exim-passwd path-to-file-passwd path exim-users path-to-file-passwd path exim-virtualdomains path-to-file-multi-domains path local-aliases path-to-file-local-aliases path maildir path-to-directory-storing-mail-boxes

Dovecot

For CentOS and Fedora distributions the following changes will be added into the file /usr/local/etc/dovecot.conf:

protocols = imap imaps pop3 pop3s ssl_disable = no ssl_cert_file = /etc/mail/certs/server.crt ssl_key_file = /etc/mail/certs/server.key disable_plaintext_auth = no mail_extra_groups = mail auth_userdb = passwd-file /usr/local/etc/dovecot.passwd auth_passdb = passwd-file /usr/local/etc/dovecot.passwd auth default { passdb passwd-file { args = /usr/local/etc/dovecot.passwd } userdb passwd-file { args = /usr/local/etc/dovecot.passwd } user = root }

For Debian the changes will be the following

protocols = pop3 pop3s imap imaps ssl_disable = no ssl_cert_file = /etc/mail/certs/server.crt ssl_key_file = /etc/mail/certs/server.key disable_plaintext_auth = no mail_extra_groups = mail auth_mechanisms = plain cram-md5 digest-md5 auth_userdb = passwd-file /etc/dovecot/dovecot.passwd auth_passdb = passwd-file /etc/dovecot/dovecot.passwd

In case there is no the file /etc/dovecot/dovecot.passwd, it will be created. And in the control panel [devel.config configuration file] will be specified -

POP3 dovecot path dovecot.passwd /etc/dovecot.passwd

SquirrelMail

In apache configuration file refering to SquirrelMail the following lines will be specified:

Alias /webmail /usr/share/squirrelmail/ <Directory /usr/share/squirrelmail> php_admin_value open_basedir none php_admin_value session.save_path /tmp/ AddType application/x-httpd-php .php .php3 .php4 .phtml </Directory>

The the line below will be added into the control panel [devel.config configuration file]:

extaction webmail /webmail/

PhpMyAdmin

The following lines will be added into the web-server configuration file phpmyadmin.conf:

Alias /myadmin /usr/share/phpmyadmin <Directory /usr/share/phpmyadmin/> php_admin_value open_basedir none php_admin_value session.save_path /tmp/ </Directory>

The line below will be added into the control panel [devel.config configuration file]:

extaction myadmin /myadmin/

The installation program will create secret key for BlowFish and add the following lines into blowfish_secret.inc.php

<?php $cfg['blowfish_secret'] = 'key'; ?>

Bind

To provide the correct work with Bind, the following directives will be added into the control panel [devel.config configuration file]:

NameServers ns1.host-name. ns2.host name. MailServers mail path NamedChrootDir /var/named path DomainZonesPath path-to-derectory-containing-zones-files path named.conf path-to-configuration-file-named path ndc path-to-ndc-program

Webalizer

To provide the correct work with Webalizer, the following directives will be added into the control panel [devel.config configuration file]:

path webalizer path-to-webalizer extaction webalizer http://$site/webstat/

Retrieved from "http://en.ispdoc.com/index.php/ISPmanager_installation_(ISPmanager)"
Personal tools