Technical details

From ISPWiki

Jump to: navigation, search

FreeBSD

The following software can be installed:

Apache versions 1.3, 2 and 2.2 PHP 4 and 5 MySQL 3.23, 4.1, 5.0 and Postgres Sendmail, Exim, Postfix and CommunigatePro SquirellMail MajorDomo and MailMan Dovecot Bind9 ProFTPD AwStats Webalizer phpMyAdmin mod_php fastcgi

Before you set the installation mode, the Setup Wizard synchronizes the system time and installs Perl, Bash, Unzip. Installer versions support updating of the ports to the latest version, and install kernel with support of disk quota and firewall, if necessary. If you select the first mode, ports archive will be download from FreeBSD official web-site and replaces all the existing files. If Minimal is selected, you can use either the above mentioned method or update the ports via cvs. This method takes a longer time, but all the changed files will be saved without rewriting.


Most software is installed from packages, unlike Apache and PhP that are always set up from posts. If a required package is missing, or you have the one but it is incompatible, the program will be installed from ports.

The following are the options for compiling Apache:

WITH_APACHE_SUEXEC=yes APACHE_SUEXEC_DOCROOT=/

The following are the options for compiling PHP:

WITH_CLI=true WITH_CGI=true WITH_APACHE=true WITH_FASTCGI=true WITH_PATHINFO=true WITHOUT_DEBUG=true WITHOUT_MULTIBYTE=true WITHOUT_IPV6=true WITHOUT_REDIRECT=true WITHOUT_DISCARD=true

For correct operation of the control panel, some changes will be made in the program config files during installation.

Apache

The directive below is added into the configuration file httpd.conf (the directive directive that allows to use ISPmanager):

Include /usr/local/ispmgr/etc/ispmgr.inc

Other directives will be added:

AddHandler cgi-script .cgi .pl AddType text/html .shtml AddHandler server-parsed .shtml AddType application/x-x509-ca-cert .crt AddType application/x-pkcs7-crl .crl

<Directory /home/*> Options +Includes AllowOverride FileInfo AuthConfig Limit Indexes Options </Directory> <Directory "/home/*/cgi-bin"> Options -Indexes </Directory>

For secure connection over SSL, the program creates secret keys with the command:

openssl req -new -newkey rsa:1024 -nodes -keyout /etc/mail/certs/server.key -x509 -days 5000 -subj "/C=XX/CN=host-name/emailAddress=root@host-name" -out /etc/mail/certs/server.crt

The key and certificate will be copied to the appropriate directories by the commands: 

cp /usr/local/ispmgr/etc/server.* /etc/mail/certs/

cp /etc/mail/certs/server.crt /etc/mail/certs/cacert.pem chmod 400 /etc/mail/certs/server.key cp /usr/local/ispmgr/etc/server.* /etc cp /etc/server.crt /etc/cacert.pem chmod 400 /etc/server.key

Sendmail

The following lines will be added into /etc/mail/host-name.mc:

define(`confCACERT_PATH', `/etc/mail/certs/CA') define(`confCACERT', `/etc/mail/certs/server.crt') define(`confSERVER_CERT', `/etc/mail/certs/server.crt') define(`confSERVER_KEY', `/etc/mail/certs/server.key') TRUST_AUTH_MECH(`DIGEST-MD5 CRAM-MD5 LOGIN PLAIN')dnl define(`confAUTH_MECHANISMS',`DIGEST-MD5 CRAM-MD5 LOGIN PLAIN')dnl define(`confDONT_BLAME_SENDMAIL',`GroupReadableSASLDBFile')dnl

The line below will be added into /usr/local/lib/sasl2/Sendmail.conf:

pwcheck_method: pam

The changes added into /etc/mail/mailer.conf are as follows:

  2. Execute a "real" sendmail program, named /usr/libexec/sendmail/sendmail

sendmail /usr/local/sbin/sendmail send-mail /usr/local/sbin/sendmail mailq /usr/local/sbin/sendmail newaliases /usr/local/sbin/sendmail hoststat /usr/local/sbin/sendmail purgestat /usr/local/sbin/sendmail into the file /usr/local/ispmgr/etc/ispmgr.conf MTA sendmail

CommuniGatePro

To run CommuniGatePro, add the following lines into /usr/local/ispmgr/etc/ispmgr.conf:

MTA cgpro path CommunigateProPath /var/CommuniGate CommunigateProPassword path-to-passwords-file

Exim

To enable the control panel to work with Exim, add the following line into /usr/local/ispmgr/etc/ispmgr.conf:

MTA exim

Make the following changes in /etc/mail/mailer.conf:

  2. Execute \"real\" sendmail, named /usr/libexec/sendmail/sendmail

sendmail /usr/local/sbin/exim send-mail /usr/local/sbin/exim mailq /usr/local/sbin/exim newaliases /usr/local/sbin/exim hoststat /usr/local/sbin/exim purgestat /usr/local/sbin/exim

/usr/local/etc/exim/configure is copied from ISPmanager distribution, macros are changed by corresponding values. Postfix

To enable the control panel to work with Postfix, the following directives will be added into /usr/local/ispmgr/etc/ispmgr.conf

MTA postfix path local-host-names path-to-local-host-names path virtusertable path-to-virtusertable path aliases path-to-aliases path postmap path-to-postmap path postfix path-to-postfix path newaliases path-to-newaliases

The changes that will be made in /usr/local/etc/postfix/main.cf are as follows:

queue_directory = /var/spool/postfix command_directory = /usr/local/sbin daemon_directory = /usr/local/libexec/postfix mail_owner = postfix local_recipient_maps = unix:passwd.byname $alias_maps unknown_local_recipient_reject_code = 550 alias_maps = hash:/etc/mail/aliases alias_database = hash:/etc/mail/aliases mail_spool_directory = /var/mail debug_peer_level = 9 sendmail_path = /usr/local/sbin/sendmail newaliases_path = /usr/local/bin/newaliases mailq_path = /usr/local/bin/mailq setgid_group = maildrop html_directory = no manpage_directory = /usr/local/man sample_directory = /usr/local/etc/postfix readme_directory = no virtual_alias_domains = /etc/mail/local-host-names virtual_alias_maps = hash:/etc/mail/virtusertable smtpd_sasl_auth_enable = yes smtpd_sender_restrictions = permit_sasl_authenticated smtpd_recipient_restrictions = permit_sasl_authenticated, reject_unauth_destination

Dovecot

Make the following changes in /usr/local/etc/dovecot.conf:

protocols = imap imaps pop3 pop3s ssl_disable = no ssl_cert_file = /etc/mail/certs/server.crt ssl_key_file = /etc/mail/certs/server.key disable_plaintext_auth = no mail_extra_groups = mail auth_userdb = passwd-file /usr/local/etc/dovecot.passwd auth_passdb = passwd-file /usr/local/etc/dovecot.passwd auth default { passdb passwd-file { args = /usr/local/etc/dovecot.passwd } userdb passwd-file { args = /usr/local/etc/dovecot.passwd } user = root }

ProFTPD

Make the following changes in /usr/local/etc/proftpd.conf:

AllowOverwrite on DefaultRoot ~

The following lines will be commented

<Limit> Deny </Limit>

Bind

Add the path specified below into /usr/local/ispmgr/etc/ispmgr.conf in order to allow restarting the name server as its config files were changed:

path ndc path-to-rndc

To make name server listen all the IP-addresses, comment the line below in /etc/namedb/named.conf:

Listen

MySQL

Add the following directives into the control panel's configuration file:

DbServer "MySQL" { Type mysql Hostname localhost User root Password password }

If you select the Install most popular software mode, the Setup Wizard automatically creates root password for MySQL. If you select the mode Give you a choice of software, user need to provide it, and then the password will be created with the following command

mysqladmin -u root password

PostgreSQL

The following directives will be added into the control panel configuration file:

DbServer "Postgres" { Type pgsql Hostname localhost User pgsql Password password }

Since only the Give you a choice of software mode provides Postgres installation, the Setup Wizard will prompt you to enter a pgsql user password. Once you have done, the password will be set with the command

psql -U pgsql -c "ALTER USER pgsql WITH PASSWORD 'password'" template1

The lines below will be added into Postgres configuration file, and Postgres will be restarted

  1. TYPE DATABASE USER IP-ADDRESS IP-MASK METHOD

local all pgsql password local template1 all password

SquirrelMail

Provide the following lines in Apache config (which refer to SquirrelMail):

Alias /webmail /usr/share/squirrelmail/

<Directory /usr/share/squirrelmail> php_admin_value open_basedir none php_admin_value session.save_path /tmp/ AddType application/x-httpd-php .php .php3 .php4 .phtml </Directory>

The line will be added into the control panel config file:

extaction webmail /webmail/

PhpMyAdmin

The following lines will be provided in the web-server's config file phpmyadmin.conf:

Alias /myadmin /usr/share/phpmyadmin

<Directory /usr/share/phpmyadmin/> php_admin_value open_basedir none php_admin_value session.save_path /tmp/ </Directory>

The line will be added into the control panel config file:

extaction myadmin /myadmin/

Secret key for BlowFish will be created and added into the file blowfish_secret.inc.php

<?php $cfg['blowfish_secret'] = 'key'; ?>

Linux

The following software will be installed, if necessary: Debian

Apache 1.3.x PHP4 MySQL4 and Postgres Bind9 ProFTPD Postfix and Exim4 dovecot-imapd dovecot-pop3d Squirrelmail Webalizer AwStats mod_php4 vacation iptables quota phpMyAdmin

RedHat and Fedora

Apache2 PHP5 Bind Sendmail Dovecot SquirrelMail Webalizer mysql-server-4 iptables quota vsftpd mod_ssl mod_php phpMyAdmin

Gentoo

The Setup Wizard does not install additional software for the distribution. You will have to install the required components manually. Once completed, the Set up Wizard will set it up to run with the control panel.

If you need a full-fledged control panel, the Setup program will check whether the kernel quotas are active, and enable them, if necessary.

It also checks iptables required for firewall by creating a file /etc/iptables.save

iptables -F iptables -N ISPMGR iptables -A INPUT -j ISPMGR iptables-save > /etc/iptables.save

If necessary, the program creates a script /etc/init.d/ispmanager_iptables with following access rights 0755:

  1. !/bin/sh

case \$1 in start) /sbin/iptables-restore /etc/iptables.save ;; stop) /sbin/iptables-save > /etc/iptables.save ;; reload|restart) /sbin/iptables-save > /etc/iptables.save /sbin/iptables-restore /etc/iptables.save ;; esac

And adds the following line into the control panel's configuration file:

path iptables /etc/iptables.save Option ForceFireWall

If selinux is active by default in your distribution, the Setup Wizard will disable it.

While installing the following programs, the configuration files will be changed: Apache

The directive that allows to use ISPmanager will be added:

Include /usr/local/ispmgr/etc/ispmgr.inc

If Apache does not support SSL, the following section will be added:

<VirtualHost _default_:443> SSLEngine on SSLCertificateFile /usr/local/ispmgr/etc/server.crt SSLCertificateKeyFile /usr/local/ispmgr/etc/server.key </VirtualHost>

If Apache is running without suexec, the Set up Wizard will enable it.

For PHP functioning, the Setup Wizard will check, whether Apache supports PHP or there is a libapache-mod-php4 library (libapache-mod-php5). If necessary, the following lines will be added:

Action php-cgi /php-bin/php AddHandler cgi-script .cgi AddHandler server-parsed .shtml

Sometimes all the lines referring to PHP extensions must be commented. That will allows the web-server to process PHP scripts correctly.

For correct operation of the control panel, the following lines will be added into its configuration files:

ApacheVersion 1 (either ApacheVersion 2) path phpbinary path-to-php-cgi Option ForcePHP path DefaultHomeDir /var/www path httpd.conf path-to-httpd.conf path apachectl path-to-apachectl start Option ForceSSI

To initiate a secure connection over SSL, the program creates self-signed certificates with the command

/usr/bin/openssl req -config /tmp/ssl.cnf -x509 -days 365 -newkey rsa: -nodes -keyout /usr/local/ispmgr/etc/server.key -out /usr/local/ispmgr/etc/server.crt > /dev/null

The following he file /tmp/ssl.cnf

[req] distinguished_name = req_distinguished_name defaults_bits = 1024 prompt = no [req_distinguished_name] C=XX ST=XX L=XX O=XX OU=XX CN=host-name emailAddress=root@host-name

Then the key and certificate will be copied into the appropriate directories by the commands: 

cp /usr/local/ispmgr/etc/server.* /etc/mail/certs/

cp /etc/mail/certs/server.crt /etc/mail/certs/cacert.pem chmod 400 /etc/mail/certs/server.key cp /usr/local/ispmgr/etc/server.* /etc cp /etc/server.crt /etc/cacert.pem chmod 400 /etc/server.key

FTP

vsftpd and proftpd can be used as a FTP server. To set up them correctly, check, whether their configuration files contain the directive which forbid a user to leave his home directory. In case of proftpd:

DefaultRoot ~

In case of vsftpd:

chroot_local_user=YES

MySQL

The following directives will be added into the control panel's configuration file:

DbServer "MySQL" { Type mysql Hostname localhost User root Password password }

In the Express mode, the Setup Wizard automatically creates root user password for MySQL. If the mode Gives you a choice of software is used, a user must enter his password. Once you have done, the password will be set with the command


mysqladmin -u root password password

PostgreSQL

The following directives will be added into the control panel's configuration file:

DbServer "Postgres" { Type pgsql Hostname localhost User pgsql Password password }

Since only the Gives you a choice of software mode provides Postgres installation, the Setup Wizard will prompt you to enter a pgsql user password. Once you have done, the password will be set with the command

psql -U pgsql -c "ALTER USER pgsql WITH PASSWORD 'password'" template1

The lines below will be added into Postgres configuration file, and Postgres will restart

  1. TYPE DATABASE USER IP-ADDRESS IP-MASK METHOD

local all pgsql password local template1 all password

Sendmail

If necessary, the following lines will be added into /etc/mail/sendmail.mc:

TRUST_AUTH_MECH(`EXTERNAL DIGEST-MD5 CRAM-MD5 LOGIN PLAIN')dnl define(`confAUTH_MECHANISMS', `EXTERNAL GSSAPI DIGEST-MD5 CRAM-MD5 LOGIN PLAIN')dnl define(`confAUTH_OPTIONS', `A')dnl define(`confCACERT_PATH',`/etc/mail/certs')dnl define(`confCACERT',`/etc/mail/certs/cacert.pem')dnl define(`confSERVER_CERT',`/etc/mail/certs/cert.pem')dnl define(`confSERVER_KEY',`/etc/mail/certs/key.pem')dnl DAEMON_OPTIONS(`Port=smtp,Addr=0.0.0.0, Name=MTA')dnl

Then the file sendmail.cf will be created

m4 /etc/mail/sendmail.mc

The line below will be added into /etc/mail/aliases

root: root

And into /etc/mail/virtusertable

root@host-name root

For correct running of Exim4, the following settings will be added into the control panel's configuration file:

MTA sendmail path local-host-names path-to-file-local-host-names path newaliases path-to-program-newaliases path sasl path-to-program-saslpasswd2 path sendmail.pid path-to-file-sendmail.pid path virtusertable path-to-file-virtusertable

Exim4

The control panel installs this MTA on Debian only. For correct operation of Exim, the Setup Wizard checks libsasl2, libsasl2-modules, sasl2-bin, exim4-daemon-heavy packages availability. Then it creates the files /etc/exim4/multi-domains, /etc/exim4/alien-aliases, /etc/exim4/local-aliases, /usr/local/etc/exim/passwd, their permissions are set with the commands:

adduser Debian-exim sasl chmod 1777 /var/mail chmod 644 /etc/exim4/local-aliases chown Debian-exim:Debian-exim /etc/exim4/alien-aliases /etc/exim4/multi-domains /usr/local/etc/exim/passwd

The following changes will be made in update-exim4.conf.conf:

dc_eximconfig_configtype='internet' dc_other_hostnames='lsearch;/etc/exim4/multi-domains' dc_local_interfaces='0.0.0.0'

and macros will be changed into corresponding values in the file /usr/local/ispmgr/var/linux.exim.config.sasl:

  • __ISP_MAILMAN_HOME__ is the concrete distribution special macro; usually it is directory /usr/lib/mailman/.
  • __ISP_MAILMAN_VAR__ also depens on distribution; usually it is /var/lib/mailman/.
  • __ISP_DOMAINS__ is the whole path to the file multi-domains.
  • __LOCAL_IP__ is a server main IP-address.
  • __ISP_PASSWD__ - /usr/local/etc/exim/passwd.
  • __ISP_ALIASES__ is the whole path to the file alien-aliases.

The file will be copied into /etc/exim4/exim4.conf.template, and the following command will be executed

update-exim.conf

For correct operation of Exim4, the following lines will be added into the control panel's configuration file:

MTA exim Option EximConverted EximAuth sasl path aliases path-to-file-alien-aliases path exim-passwd path-to-file-passwd path exim-users path-to-file-passwd path exim-virtualdomains path-to-file-multi-domains path local-aliases path-to-file-local-aliases path maildir path-to-directory-storing-mail-boxes

Dovecot

For CentOS and Fedora distributives, make the following changes in /usr/local/etc/dovecot.conf:

protocols = imap imaps pop3 pop3s ssl_disable = no ssl_cert_file = /etc/mail/certs/server.crt ssl_key_file = /etc/mail/certs/server.key disable_plaintext_auth = no mail_extra_groups = mail auth_userdb = passwd-file /usr/local/etc/dovecot.passwd auth_passdb = passwd-file /usr/local/etc/dovecot.passwd auth default { passdb passwd-file { args = /usr/local/etc/dovecot.passwd } userdb passwd-file { args = /usr/local/etc/dovecot.passwd } user = root }

For Debian make the following changes

protocols = pop3 pop3s imap imaps ssl_disable = no ssl_cert_file = /etc/mail/certs/server.crt ssl_key_file = /etc/mail/certs/server.key disable_plaintext_auth = no mail_extra_groups = mail auth_mechanisms = plain cram-md5 digest-md5 auth_userdb = passwd-file /etc/dovecot/dovecot.passwd auth_passdb = passwd-file /etc/dovecot/dovecot.passwd

If /etc/dovecot/dovecot.passwd is missing, this file will be created. And the followings will be specified in the control panel's configuration file

POP3 dovecot path dovecot.passwd /etc/dovecot.passwd

SquirrelMail

In the Apache configuration file associated with SquirrelMail, the following lines will be specified:

Alias /webmail /usr/share/squirrelmail/

<Directory /usr/share/squirrelmail> php_admin_value open_basedir none php_admin_value session.save_path /tmp/ AddType application/x-httpd-php .php .php3 .php4 .phtml </Directory>

The line below will be added into the control panel's configuration file:

extaction webmail /webmail/

PhpMyAdmin

The following lines will be added into the web-server's configuration file phpmyadmin.conf:

Alias /myadmin /usr/share/phpmyadmin

<Directory /usr/share/phpmyadmin/> php_admin_value open_basedir none php_admin_value session.save_path /tmp/ </Directory>

The line below will be added into the control panel's configuration file:

extaction myadmin /myadmin/

The Set up Wizard will create a secret key for BlowFish and add the following lines into blowfish_secret.inc.php

<?php $cfg['blowfish_secret'] = 'key'; ?>

Bind

For correct operation of Bind, the following directives will be added into the control panel's configuration file:

NameServers ns1.host-name. ns2.host name. MailServers mail path NamedChrootDir /var/named path DomainZonesPath path-to-derectory-containing-zones-files path named.conf path-to-configuration-file-named path ndc path-to-ndc-program

Webalizer

For correct operation of Webalizer, the following directives will be added into the control panel's configuration file:

path webalizer path-to-webalizer extaction webalizer http://$site/webstat/

Retrieved from "http://en.ispdoc.com/index.php/Technical_details"
Was this helpful? Yes | No
Views