ISPConf 3 Ubuntu serverile 13.04

From ICO wiki
Jump to navigationJump to search

Autorid

Aare Uibomäe AK31

Ülo Vardja AK31

Sissejuhatus

ISPConf 3 on serverite haldusvahend läbi veebiliidese, mis võimaldab hallata mitmeid servereid. Meie wiki õpetab teid seda installeerima.

Installeerimine

Kõigepealt installeerime Virualboxi Ubuntu serveri, mis meil on versiooniga 13.04


Võrgu seadistus

Meie võrguadapterite seadistamiseks muudame /etc/network/interfaces faili sisu järgnevaks 

nano /etc/network/interfaces

  The loopback network interface
  auto lo 
  iface lo inet loopback  
  The primary network interface
  auto eth0 
  iface eth0 inet dhcp
 
  auto eth1 
  iface eth1 inet static
        address 192.168.0.100
        netmask 255.255.255.0
        network 192.168.0.0
        broadcast 192.168.0.255
        gateway 192.168.0.1
        dns-nameservers 8.8.8.8 8.8.4.4

Peale võrgu seadistuse muutmist, tuleb teha restart teenusele. 

/etc/init.d/networking restart

Järgnevalt tuleb viia sisse muuatused /etc/hosts faili. 

nano /etc/hosts



127.0.0.1       localhost.localdomain   localhost 
192.168.0.100   server1.pingviin.com    server1 
# The following lines are desirable for IPv6 capable hosts 
::1     ip6-localhost ip6-loopback 
fe00::0 ip6-localnet 
ff00::0 ip6-mcastprefix 
ff02::1 ip6-allnodes 
ff02::2 ip6-allrouters


Järgnevalt lisame rea /etc/hostname faili, all järgneva käsuga 

echo server1.pingviin.com > /etc/hostname

Teeme teenusele restardi 

/etc/init.d/hostname restart

Järgnevalt saame kontrollida, kas kõik siiamaani toimib. 

hostname
hostname –f

Mõlema käsu puhul peab väljundiks tulema 

server1.pingviin.com

Modifitseerime /etc/apt/sources.list faili

Kontrollime, et universe and multiverse repositooriumid oleksid lubatud. 

nano /etc/apt/sources.list


#
#deb cdrom:[Ubuntu-Server 13.04 _Raring Ringtail_ - Release amd64 (20130423.1)]/ raring main restricted
#deb cdrom:[Ubuntu-Server 13.04 _Raring Ringtail_ - Release amd64 (20130423.1)]/ raring main restricted
# See http://help.ubuntu.com/community/UpgradeNotes for how to upgrade to
# newer versions of the distribution.
deb http://de.archive.ubuntu.com/ubuntu/ raring main restricted
deb-src http://de.archive.ubuntu.com/ubuntu/ raring main restricted
## Major bug fix updates produced after the final release of the
## distribution.
deb http://de.archive.ubuntu.com/ubuntu/ raring-updates main restricted
deb-src http://de.archive.ubuntu.com/ubuntu/ raring-updates main restricted
## N.B. software from this repository is ENTIRELY UNSUPPORTED by the Ubuntu
## team. Also, please note that software in universe WILL NOT receive any
## review or updates from the Ubuntu security team.
deb http://de.archive.ubuntu.com/ubuntu/ raring universe
deb-src http://de.archive.ubuntu.com/ubuntu/ raring universe
deb http://de.archive.ubuntu.com/ubuntu/ raring-updates universe
deb-src http://de.archive.ubuntu.com/ubuntu/ raring-updates universe
## N.B. software from this repository is ENTIRELY UNSUPPORTED by the Ubuntu
## team, and may not be under a free licence. Please satisfy yourself as to
## your rights to use the software. Also, please note that software in
## multiverse WILL NOT receive any review or updates from the Ubuntu
## security team.
deb http://de.archive.ubuntu.com/ubuntu/ raring multiverse
deb-src http://de.archive.ubuntu.com/ubuntu/ raring multiverse
deb http://de.archive.ubuntu.com/ubuntu/ raring-updates multiverse
deb-src http://de.archive.ubuntu.com/ubuntu/ raring-updates multiverse
## N.B. software from this repository may not have been tested as
## extensively as that contained in the main release, although it includes
## newer versions of some applications which may provide useful features.
## Also, please note that software in backports WILL NOT receive any review
## or updates from the Ubuntu security team.
deb http://de.archive.ubuntu.com/ubuntu/ raring-backports main restricted universe multiverse
deb-src http://de.archive.ubuntu.com/ubuntu/ raring-backports main restricted universe multiverse
deb http://security.ubuntu.com/ubuntu raring-security main restricted
deb-src http://security.ubuntu.com/ubuntu raring-security main restricted
deb http://security.ubuntu.com/ubuntu raring-security universe
deb-src http://security.ubuntu.com/ubuntu raring-security universe
deb http://security.ubuntu.com/ubuntu raring-security multiverse
deb-src http://security.ubuntu.com/ubuntu raring-security multiverse
## Uncomment the following two lines to add software from Canonical's
## 'partner' repository.
## This software is not part of Ubuntu, but is offered by Canonical and the
## respective vendors as a service to Ubuntu users.
# deb http://archive.canonical.com/ubuntu raring partner
# deb-src http://archive.canonical.com/ubuntu raring partner
## Uncomment the following two lines to add software from Ubuntu's
## 'extras' repository.
## This software is not part of Ubuntu, but is offered by third-party
## developers who want to ship their latest software.
# deb http://extras.ubuntu.com/ubuntu raring main
# deb-src http://extras.ubuntu.com/ubuntu raring main


Peale seda värskendame repositooriumid käsuga: 

apt-get update

ja paigaldada viimased uuendused: 

apt-get upgrade

Peale uuenduste paigaldamist, tuleb teha serverile restart 

reboot

Vahetame shelli

Kuna /bin/sh on symlink /bin/dash `le ,aga meil on vaja /bin/bash, mitte /bin/dash , selleks kasutame käsku. 

dpkg-reconfigure dash

Use dash as the default system shell (/bin/sh)? <--No

Kui me seda ei teeks siis ISPConfig`i install ei õnnestu.

AppArmor`i väljalülitamine

/etc/init.d/apparmor stop
update-rc.d -f apparmor remove
apt-get remove apparmor apparmor-utils

Süsteemi kella sünroniseerimine

Et süsteemi kell oleks alati õige, selleks sisestame 

apt-get install ntp ntpdate

Programmide Postfix, Dovecot, MySQL, phpMyAdmin, rkhunter, binutils paigaldamine

apt-get install postfix postfix-mysql postfix-doc mysql-client mysql-server openssl getmail4 rkhunter binutils 
dovecot-imapd dovecot-pop3d dovecot-mysql dovecot-sieve sudo

Peale käsu sisestamist küsitakse mõned küsimused. 

New password for the MySQL "root" user: <-- sinurootSQLparool
Repeat password for the MySQL "root" user: <-- sinurootSQLparool
General type of mail configuration: <-- Internet Site
System mail name: <-- server1.pingviin.com

Järgmiseks tuleb Postfix`i master.cf failis submission ja smtps sektsioonides trellid eest ära võtta järgmiselt: 

nano /etc/postfix/master.cf


...
submission inet n       -       -       -       -       smtpd
 -o syslog_name=postfix/submission
 -o smtpd_tls_security_level=encrypt
 -o smtpd_sasl_auth_enable=yes
#  -o smtpd_reject_unlisted_recipient=no
#  -o smtpd_client_restrictions=$mua_client_restrictions
#  -o smtpd_helo_restrictions=$mua_helo_restrictions
#  -o smtpd_sender_restrictions=$mua_sender_restrictions
 -o smtpd_recipient_restrictions=permit_sasl_authenticated,reject
#  -o milter_macro_daemon_name=ORIGINATING
smtps     inet  n       -       -       -       -       smtpd
 -o syslog_name=postfix/smtps
 -o smtpd_tls_wrappermode=yes
 -o smtpd_sasl_auth_enable=yes
#  -o smtpd_reject_unlisted_recipient=no
#  -o smtpd_client_restrictions=$mua_client_restrictions
#  -o smtpd_helo_restrictions=$mua_helo_restrictions
#  -o smtpd_sender_restrictions=$mua_sender_restrictions
 -o smtpd_recipient_restrictions=permit_sasl_authenticated,reject
#  -o milter_macro_daemon_name=ORIGINATING
...

Peale muudatuste tegemist tuleb Postfix`ile restart teha 

/etc/init.d/postfix restart

Selleks, et MySQL kuulaks kõiki interface, mitte ainult 127.0.0.1, tuleb väljakommenteerida bind-address = 127.0.0.1 , all näidatud failis. 

nano /etc/mysql/my.cnf

...
# Instead of skip-networking the default is now to listen only on
# localhost which is more compatible and is not less secure.
# bind-address           = 127.0.0.1
...

Teeme MySQL`ile restardi 

/etc/init.d/mysql restart

Programmide Amavisd-new, SpamAssassin, Clamav paigaldamine

apt-get install amavisd-new spamassassin clamav clamav-daemon zoo unzip bzip2 arj nomarch lzop cabextract 
apt-listchanges libnet-ldap-perl libauthen-sasl-perl clamav-docs daemon libio-string-perl libio-socket-ssl-perl 
libnet-ident-perl zip libnet-dns-perl

SpamAssassin`i peatamine

/etc/init.d/spamassassin stop
update-rc.d -f spamassassin remove

Programmide Apache2, PHP5, phpMyAdmin, FCGI, suExec, Pear ja mcrypt paigaldamine

apt-get install apache2 apache2.2-common apache2-doc apache2-mpm-prefork apache2-utils libexpat1 ssl-cert 
libapache2-mod-php5 php5 php5-common php5-gd php5-mysql php5-imap phpmyadmin php5-cli php5-cgi
libapache2-mod-fcgid apache2-suexec php-pear php-auth php5-mcrypt mcrypt php5-imagick imagemagick
libapache2-mod-suphp libruby libapache2-mod-ruby libapache2-mod-python php5-curl php5-intl php5-memcache
php5-memcached php5-ming php5-ps php5-pspell php5-recode php5-snmp php5-sqlite php5-tidy php5-xmlrpc
php5-xsl memcached

Peale käsu sisestamist, näed järgmisi küsimusi: 

Web server to reconfigure automatically: <-- apache2

Configure database for phpmyadmin with dbconfig-common? <-- No

Apache moodulite suexec, rewrite, ssl, actions, ja include aktiveerimine 

a2enmod suexec rewrite ssl actions include

a2enmod dav_fs dav auth_digest

Järgmiseks tuleb avada /etc/apache2/mods-available/suphp.conf... 

nano /etc/apache2/mods-available/suphp.conf

Välja tuleb seal kommenteerida rida <FilesMatch "\.ph(p3?|tml)$">
lisame rea AddType application/x-httpd-suphp .php .php3 .php4 .php5 .phtml , muidu hakkaks iga PHP fail käivituma suPHP all. 

...
<IfModule mod_suphp.c>
   #<FilesMatch "\.ph(p3?|tml)$">
   #    SetHandler application/x-httpd-suphp
   #</FilesMatch>
       AddType application/x-httpd-suphp .php .php3 .php4 .php5 .phtml
       suPHP_AddHandler application/x-httpd-suphp
...

Teeme Apache`le restardi, et tehtud muudatused saaksid jõustuda 

/etc/init.d/apache2 restart

Järgmisena muudame /etc/mime.types faili sellepärast, et Ruby failid laiendiga .rb oleksid toetatud. 

nano /etc/mime.types

Selleks kommenteerime failis välja järgmise rea application/x-ruby 

...
#application/x-ruby                             rb
...

Teeme Apache`le uuesti restardi, et tehtud muudatused saaksid jõustuda 

/etc/init.d/apache2 restart

Xcache

Xcache on PHP koodi kiirendi selleks, et kiirendada ja optimeerida PHP koodi. See on vägagi soovitatud et oleks installeeriyud PHP kiirendaja selleks et PHP lehed kiiremini laeksid. Selleks sisestame terminalis 

apt-get install php5-xcache

ja teeme Apache`le restardi 

/etc/init.d/apache2 restart
Retrieved from "https://wiki.itcollege.ee/index.php?title=ISPConf_3_Ubuntu_serverile_13.04&oldid=72603"