ISPConf 3 Ubuntu serverile 13.04
Autorid
Aare Uibomäe AK31
Ülo Vardja AK31
Sissejuhatus
ISPConf 3 on serverite haldusvahend läbi veebiliidese, mis võimaldab hallata mitmeid servereid. Meie wiki õpetab teid seda installeerima.
Installeerimine
Kõigepealt installeerime Virualboxi Ubuntu serveri, mis meil on versiooniga 13.04
Võrgu seadistus
Meie võrguadapterite seadistamiseks muudame /etc/network/interfaces faili sisu järgnevaks
nano /etc/network/interfaces
The loopback network interface auto lo iface lo inet loopback The primary network interface auto eth0 iface eth0 inet dhcp auto eth1 iface eth1 inet static address 192.168.0.100 netmask 255.255.255.0 network 192.168.0.0 broadcast 192.168.0.255 gateway 192.168.0.1 dns-nameservers 8.8.8.8 8.8.4.4
Peale võrgu seadistuse muutmist, tuleb teha restart teenusele.
/etc/init.d/networking restart
Järgnevalt tuleb viia sisse muuatused /etc/hosts faili.
nano /etc/hosts
127.0.0.1 localhost.localdomain localhost 192.168.0.100 server1.pingviin.com server1 # The following lines are desirable for IPv6 capable hosts ::1 ip6-localhost ip6-loopback fe00::0 ip6-localnet ff00::0 ip6-mcastprefix ff02::1 ip6-allnodes ff02::2 ip6-allrouters
Järgnevalt lisame rea /etc/hostname faili, all järgneva käsuga
echo server1.pingviin.com > /etc/hostname
Teeme teenusele restardi
/etc/init.d/hostname restart
Järgnevalt saame kontrollida, kas kõik siiamaani toimib.
hostname hostname –f
Mõlema käsu puhul peab väljundiks tulema
server1.pingviin.com
Modifitseerime /etc/apt/sources.list faili ja uuendame linuxi.
Kontrollige, et universe and multiverse repositooriumid oleksid lubatud.
nano /etc/apt/sources.list
# #deb cdrom:[Ubuntu-Server 13.04 _Raring Ringtail_ - Release amd64 (20130423.1)]/ raring main restricted #deb cdrom:[Ubuntu-Server 13.04 _Raring Ringtail_ - Release amd64 (20130423.1)]/ raring main restricted # See http://help.ubuntu.com/community/UpgradeNotes for how to upgrade to # newer versions of the distribution. deb http://de.archive.ubuntu.com/ubuntu/ raring main restricted deb-src http://de.archive.ubuntu.com/ubuntu/ raring main restricted ## Major bug fix updates produced after the final release of the ## distribution. deb http://de.archive.ubuntu.com/ubuntu/ raring-updates main restricted deb-src http://de.archive.ubuntu.com/ubuntu/ raring-updates main restricted ## N.B. software from this repository is ENTIRELY UNSUPPORTED by the Ubuntu ## team. Also, please note that software in universe WILL NOT receive any ## review or updates from the Ubuntu security team. deb http://de.archive.ubuntu.com/ubuntu/ raring universe deb-src http://de.archive.ubuntu.com/ubuntu/ raring universe deb http://de.archive.ubuntu.com/ubuntu/ raring-updates universe deb-src http://de.archive.ubuntu.com/ubuntu/ raring-updates universe ## N.B. software from this repository is ENTIRELY UNSUPPORTED by the Ubuntu ## team, and may not be under a free licence. Please satisfy yourself as to ## your rights to use the software. Also, please note that software in ## multiverse WILL NOT receive any review or updates from the Ubuntu ## security team. deb http://de.archive.ubuntu.com/ubuntu/ raring multiverse deb-src http://de.archive.ubuntu.com/ubuntu/ raring multiverse deb http://de.archive.ubuntu.com/ubuntu/ raring-updates multiverse deb-src http://de.archive.ubuntu.com/ubuntu/ raring-updates multiverse ## N.B. software from this repository may not have been tested as ## extensively as that contained in the main release, although it includes ## newer versions of some applications which may provide useful features. ## Also, please note that software in backports WILL NOT receive any review ## or updates from the Ubuntu security team. deb http://de.archive.ubuntu.com/ubuntu/ raring-backports main restricted universe multiverse deb-src http://de.archive.ubuntu.com/ubuntu/ raring-backports main restricted universe multiverse deb http://security.ubuntu.com/ubuntu raring-security main restricted deb-src http://security.ubuntu.com/ubuntu raring-security main restricted deb http://security.ubuntu.com/ubuntu raring-security universe deb-src http://security.ubuntu.com/ubuntu raring-security universe deb http://security.ubuntu.com/ubuntu raring-security multiverse deb-src http://security.ubuntu.com/ubuntu raring-security multiverse ## Uncomment the following two lines to add software from Canonical's ## 'partner' repository. ## This software is not part of Ubuntu, but is offered by Canonical and the ## respective vendors as a service to Ubuntu users. # deb http://archive.canonical.com/ubuntu raring partner # deb-src http://archive.canonical.com/ubuntu raring partner ## Uncomment the following two lines to add software from Ubuntu's ## 'extras' repository. ## This software is not part of Ubuntu, but is offered by third-party ## developers who want to ship their latest software. # deb http://extras.ubuntu.com/ubuntu raring main # deb-src http://extras.ubuntu.com/ubuntu raring main
Peale seda värskenda repositooriumid.
apt-get update
Paigaldada viimased uuendused
apt-get upgrade
Peale uuenduste paigaldamist, tuleb teha restart
reboot
Vahetame shelli
Kuna /bin/sh on symlink /bin/dash `le ,aga meil on vaja /bin/bash, mitte /bin/dash , selleks kasutame käsku.
dpkg-reconfigure dash
Use dash as the default system shell (/bin/sh)? <-- No
Kui me seda ei teeks siis ISPConfig`i install ei õnnestu.
AppArmor`i väljalülitamine
/etc/init.d/apparmor stop update-rc.d -f apparmor remove apt-get remove apparmor apparmor-utils
Süsteemi kella sünroniseerimine
Et süsteemi kell oleks alati õige, selleks sisestame
apt-get install ntp ntpdate
Programmide Postfix, Dovecot, MySQL, phpMyAdmin, rkhunter, binutils paigaldamine
apt-get install postfix postfix-mysql postfix-doc mysql-client mysql-server openssl getmail4 rkhunter binutils
dovecot-imapd dovecot-pop3d dovecot-mysql dovecot-sieve sudo
Peale käsu sisestamist küsitakse mõned küsimused.
New password for the MySQL "root" user: <-- sinurootSQLparool Repeat password for the MySQL "root" user: <-- sinurootSQLparool General type of mail configuration: <-- Internet Site System mail name: <-- server1.pingviin.com
Järgmiseks tuleb Postfix`i master.cf failis submission ja smtps sektsioonides trellid eest ära võtta järgmiselt:
nano /etc/postfix/master.cf
submission inet n - - - - smtpd -o syslog_name=postfix/submission -o smtpd_tls_security_level=encrypt -o smtpd_sasl_auth_enable=yes # -o smtpd_reject_unlisted_recipient=no # -o smtpd_client_restrictions=$mua_client_restrictions # -o smtpd_helo_restrictions=$mua_helo_restrictions # -o smtpd_sender_restrictions=$mua_sender_restrictions -o smtpd_recipient_restrictions=permit_sasl_authenticated,reject # -o milter_macro_daemon_name=ORIGINATING smtps inet n - - - - smtpd -o syslog_name=postfix/smtps -o smtpd_tls_wrappermode=yes -o smtpd_sasl_auth_enable=yes # -o smtpd_reject_unlisted_recipient=no # -o smtpd_client_restrictions=$mua_client_restrictions # -o smtpd_helo_restrictions=$mua_helo_restrictions # -o smtpd_sender_restrictions=$mua_sender_restrictions -o smtpd_recipient_restrictions=permit_sasl_authenticated,reject # -o milter_macro_daemon_name=ORIGINATING
Peale muudatuste tegemist tuleb Postfix`ile restart teha
/etc/init.d/postfix restart
Selleks, et MySQL kuulaks kõiki interface, mitte ainult 127.0.0.1, tuleb väljakommenteerida bind-address = 127.0.0.1 , all näidatud failis.
nano /etc/mysql/my.cnf
[...] # Instead of skip-networking the default is now to listen only on # localhost which is more compatible and is not less secure. # bind-address = 127.0.0.1 [...]
Teeme MySQL`ile restardi
/etc/init.d/mysql restart
Programmide Amavisd-new, SpamAssassin, Clamav paigaldamine
apt-get install amavisd-new spamassassin clamav clamav-daemon zoo unzip bzip2 arj nomarch lzop cabextract
apt-listchanges libnet-ldap-perl libauthen-sasl-perl clamav-docs daemon libio-string-perl libio-socket-ssl-perl
libnet-ident-perl zip libnet-dns-perl
SpamAssassin`i peatamine
/etc/init.d/spamassassin stop update-rc.d -f spamassassin remove
Programmide Apache2, PHP5, phpMyAdmin, FCGI, suExec, Pear ja mcrypt paigaldamine
apt-get install apache2 apache2.2-common apache2-doc apache2-mpm-prefork apache2-utils libexpat1 ssl-cert
libapache2-mod-php5 php5 php5-common php5-gd php5-mysql php5-imap phpmyadmin php5-cli php5-cgi
libapache2-mod-fcgid apache2-suexec php-pear php-auth php5-mcrypt mcrypt php5-imagick imagemagick
libapache2-mod-suphp libruby libapache2-mod-ruby libapache2-mod-python php5-curl php5-intl php5-memcache
php5-memcached php5-ming php5-ps php5-pspell php5-recode php5-snmp php5-sqlite php5-tidy php5-xmlrpc
php5-xsl memcached
Peale käsu sisestamist, näed järgmisi küsimusi:
Web server to reconfigure automatically: <-- apache2
Configure database for phpmyadmin with dbconfig-common? <-- No
Apache moodulite suexec, rewrite, ssl, actions, ja include aktiveerimine
a2enmod suexec rewrite ssl actions include
a2enmod dav_fs dav auth_digest