Thursday, December 31, 2009

Tagged Under: , ,

Settingan ISPCONFIG debian Lenny

debian lenny



Install The SSH Server
Debian Lenny secara default belum install OpenSSH, jadi kita install terlebih dahulu, ketik : apt-get install ssh openssh-server
Install vim-nox (Optional)
Disini saya menggunakan perintah vi, untuk menginstallnya yaitu : 
apt-get install vim-nox
Configure the network
vi /etc/network/interfaces
# This file describes the network interfaces available on your system
# and how to activate them. For more information, see interfaces(5).
# The loopback network interface
auto lo
iface lo inet loopback
# The primary network interface
#allow-hotplug eth0
#iface eth0 inet dhcp
auto eth0
iface eth0 inet static
address 192.168.1.100
netmask 255.255.255.0
network 192.168.1.0
broadcast 192.168.1.255
gateway 192.168.1.1

Lalu restart network :
/etc/init.d/networking restart
lalu edit /etc/hosts. misal :
vi /etc/hosts
127.0.0.1 localhost.localdomain localhost
192.168.1.100 server.tkj-smkn1.org server
# The following lines are desirable for IPv6 capable hosts
::1 localhost ip6-localhost ip6-loopback
fe00::0 ip6-localnet
ff00::0 ip6-mcastprefix
ff02::1 ip6-allnodes
ff02::2 ip6-allrouters
ff02::3 ip6-allhosts
sekarang run echo server.tkj-smkn1.org > /etc/hostname
/etc/init.d/hostname.sh start
setelah itu, run
hostname
hostname -f
Synchronize the System Clock
It is a good idea to synchronize the system clock with an NTP (network time protocol) server over the Internet. Simply run
apt-get install ntp ntpdate
Install Postfix, Courier, Saslauthd, MySQL, phpMyAdmin, rkhunter, binutils
We can install Postfix, Courier, Saslauthd, MySQL, phpMyAdmin, rkhunter, and binutils with a single command:
apt-get install postfix postfix-mysql postfix-doc mysql-client mysql-server courier-authdaemon courier-authlib-mysql courier-pop courier-pop-ssl courier-imap courier-imap-ssl libsasl2-2 libsasl2-modules libsasl2-modules-sql sasl2-bin libpam-mysql openssl courier-maildrop getmail4 rkhunter binutils
You will be asked the following questions:
New password for the MySQL "root" user: <-- yourrootsqlpassword Repeat password for the MySQL "root" user: <-- yourrootsqlpassword Create directories for web-based administration? <-- No
General type of mail configuration: <-- Internet Site
System mail name: <-- server.tkj-smkn1.org
SSL certificate required <-- Ok
We want MySQL to listen on all interfaces, not just localhost, therefore we edit /etc/mysql/my.cnf and comment out the line bind-address = 127.0.0.1:
vi /etc/mysql/my.cnf
[...]
# Instead of skip-networking the default is now to listen only on
# localhost which is more compatible and is not less secure.
#bind-address = 127.0.0.1
[...]
Then we restart MySQL:
/etc/init.d/mysql restart
Now check that networking is enabled. Run
netstat -tap | grep mysql
The output should look like this:
server:~# netstat -tap | grep mysql
tcp 0 0 *:mysql *:* LISTEN 6612/mysqldserver:~#
During the installation, the SSL certificates for IMAP-SSL and POP3-SSL are created with the hostname localhost. To change this to the correct hostname (server.tkj-smkn1.org in this tutorial), delete the certificates...
cd /etc/courier
rm -f /etc/courier/imapd.pem
rm -f /etc/courier/pop3d.pem
... and modify the following two files; replace CN=localhost with CN=server.tkj-smkn1.org (you can also modify the other values, if necessary):
vi /etc/courier/imapd.cnf
[...]
CN=server.tkj-smkn1.org
[...]
vi /etc/courier/pop3d.cnf
[...]
CN= server.tkj-smkn1.org
[...]
Then recreate the certificates...
mkimapdcert
mkpop3dcert
... and restart Courier-IMAP-SSL and Courier-POP3-SSL:
/etc/init.d/courier-imap-ssl restart
/etc/init.d/courier-pop-ssl restart 
Install Amavisd-new, SpamAssassin, And Clamav
To install amavisd-new, SpamAssassin, and ClamAV, we run
apt-get install amavisd-new spamassassin clamav clamav-daemon zoo unzip bzip2 arj nomarch lzop cabextract apt-listchanges libnet-ldap-perl libauthen-sasl-perl clamav-docs daemon libio-string-perl libio-socket-ssl-perl libnet-ident-perl zip libnet-dns-perl 
Install Apache2, PHP5, phpMyAdmin, FCGI, suExec, Pear, And mcrypt
Apache2, PHP5, phpMyAdmin, FCGI, suExec, Pear, and mcrypt can be installed as follows:
apt-get install apache2 apache2.2-common apache2-doc apache2-mpm-prefork apache2-utils libexpat1 ssl-cert libapache2-mod-php5 php5 php5-common php5-gd php5-mysql php5-imap phpmyadmin php5-cli php5-cgi libapache2-mod-fcgid apache2-suexec php-pear php-auth php5-mcrypt mcrypt php5-imagick imagemagick libapache2-mod-suphp
You will see the following question:
Web server to reconfigure automatically: <-- apache2
Then run the following command to enable the Apache modules suexec, rewrite, ssl, actions, and include:
a2enmod suexec rewrite ssl actions include
Install PureFTPd And Quota
PureFTPd and quota can be installed with the following command:
apt-get install pure-ftpd-common pure-ftpd-mysql quota quotatool
Edit the file /etc/default/pure-ftpd-common...
vi /etc/default/pure-ftpd-common
... and change the start mode from inetd to standalone and set VIRTUALCHROOT=true:
[...]
STANDALONE_OR_INETD=standalone
[...]
VIRTUALCHROOT=true
[...]
Edit the file /etc/inetd.conf to prevent inetd from trying to start ftp:
vi /etc/inetd.conf
Comment out the line beginning with ftp stream tcp:
[...]
#:STANDARD: These are standard services.
#ftp stream tcp nowait root /usr/sbin/tcpd /usr/sbin/pure-ftpd-wrapper
[...]
Restart inetd afterwards:
/etc/init.d/openbsd-inetd restart
Then start PureFTPd:
/etc/init.d/pure-ftpd-mysql start
Edit /etc/fstab. Mine looks like this (I added ,usrquota,grpquota to the partition with the mount point /):
vi /etc/fstab
# /etc/fstab: static file system information.
#
#
proc /proc proc defaults 0 0
/dev/sda1 / ext3 errors=remount-ro,usrquota,grpquota 0 1
/dev/sda5 none swap sw 0 0
/dev/hda /media/cdrom0 udf,iso9660 user,noauto 0 0
/dev/fd0 /media/floppy0 auto rw,user,noauto 0 0
To enable quota, run these commands:
touch /quota.user /quota.group
chmod 600 /quota.*
mount -o remount /
quotacheck -avugm
quotaon -avug
Install MyDNS
Before we install MyDNS, we need to install a few prerequisites:
apt-get install g++ libc6 gcc gawk make texinfo libmysqlclient15-dev
MyDNS is not available in the Debian Lenny repositories, therefore we have to build it ourselves as follows:
cd /tmp
wget http://heanet.dl.sourceforge.net/sourceforge/mydns-ng/mydns-1.2.8.25.tar.gz
tar xvfz mydns-1.2.8.25.tar.gz
cd mydns-1.2.8
./configure
make
make install
Next we create the start/stop script for MyDNS:
vi /etc/init.d/mydns
#! /bin/sh
#
# mydns Start the MyDNS server
#
# Author: Philipp Kern .
# Based upon skeleton 1.9.4 by Miquel van Smoorenburg
# and Ian Murdock .
#
set -e
PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin
DAEMON=/usr/local/sbin/mydns
NAME=mydns
DESC="DNS server"
SCRIPTNAME=/etc/init.d/$NAME
# Gracefully exit if the package has been removed.
test -x $DAEMON || exit 0
case "$1" in
start)
echo -n "Starting $DESC: $NAME"
start-stop-daemon --start --quiet \
--exec $DAEMON -- -b
echo "."
;;
stop)
echo -n "Stopping $DESC: $NAME"
start-stop-daemon --stop --oknodo --quiet \
--exec $DAEMON
echo "."
;;
reload|force-reload)
echo -n "Reloading $DESC configuration..."
start-stop-daemon --stop --signal HUP --quiet \
--exec $DAEMON
echo "done."
;;
restart)
echo -n "Restarting $DESC: $NAME"
start-stop-daemon --stop --quiet --oknodo \
--exec $DAEMON
sleep 1
start-stop-daemon --start --quiet \
--exec $DAEMON -- -b
echo "."
;;
*)
echo "Usage: $SCRIPTNAME {start|stop|restart|reload|force-reload}" >&2
exit 1
;;
esac
exit 0
Then we make the script executable and create the system startup links for it:
chmod +x /etc/init.d/mydns
update-rc.d mydns defaults
14 Install Vlogger And Webalizer
Vlogger and webalizer can be installed as follows:
apt-get install vlogger webalizer
Open /etc/webalizer/webalizer.conf...
vi /etc/webalizer/webalizer.conf
... and change the following line from
#Incremental no
to
Incremental yes
15 Install Jailkit
Jailkit is needed only if you want to chroot SSH users. It can be installed as follows (important: Jailkit must be installed before ISPConfig - it cannot be installed afterwards!):
apt-get install build-essential autoconf automake1.9 libtool flex bison
cd /tmp
wget http://olivier.sessink.nl/jailkit/jailkit-2.5.tar.gz

tar xvfz jailkit-2.5.tar.gz
cd jailkit-2.5
./configure
make
make install
cd ..
rm -rf jailkit-2.5*
Install fail2ban
This is optional but recommended, because the ISPConfig monitor tries to show the log:
apt-get install fail2ban
Install SquirrelMail
To install the SquirrelMail webmail client, run
apt-get install squirrelmail
Then create the following symlink...
ln -s /usr/share/squirrelmail/ /var/www/webmail
... and configure SquirrelMail:
squirrelmail-configure
We must tell SquirrelMail that we are using Courier-IMAP/-POP3:
SquirrelMail Configuration : Read: config.php (1.4.0)
---------------------------------------------------------
Main Menu --
1. Organization Preferences
2. Server Settings
3. Folder Defaults
4. General Options
5. Themes
6. Address Books
7. Message of the Day (MOTD)
8. Plugins
9. Database
10. Languages

D. Set pre-defined settings for specific IMAP servers

C Turn color on
S Save data
Q Quit

Command >> <-- D


SquirrelMail Configuration : Read: config.php
---------------------------------------------------------
While we have been building SquirrelMail, we have discovered some
preferences that work better with some servers that don't work so
well with others. If you select your IMAP server, this option will
set some pre-defined settings for that server.

Please note that you will still need to go through and make sure
everything is correct. This does not change everything. There are
only a few settings that this will change.

Please select your IMAP server:
bincimap = Binc IMAP server
courier = Courier IMAP server
cyrus = Cyrus IMAP server
dovecot = Dovecot Secure IMAP server
exchange = Microsoft Exchange IMAP server
hmailserver = hMailServer
macosx = Mac OS X Mailserver
mercury32 = Mercury/32
uw = University of Washington's IMAP server

quit = Do not change anything
Command >> <-- courier


SquirrelMail Configuration : Read: config.php
---------------------------------------------------------
While we have been building SquirrelMail, we have discovered some
preferences that work better with some servers that don't work so
well with others. If you select your IMAP server, this option will
set some pre-defined settings for that server.

Please note that you will still need to go through and make sure
everything is correct. This does not change everything. There are
only a few settings that this will change.

Please select your IMAP server:
bincimap = Binc IMAP server
courier = Courier IMAP server
cyrus = Cyrus IMAP server
dovecot = Dovecot Secure IMAP server
exchange = Microsoft Exchange IMAP server
hmailserver = hMailServer
macosx = Mac OS X Mailserver
mercury32 = Mercury/32
uw = University of Washington's IMAP server

quit = Do not change anything
Command >> courier

imap_server_type = courier
default_folder_prefix = INBOX.
trash_folder = Trash
sent_folder = Sent
draft_folder = Drafts
show_prefix_option = false
default_sub_of_inbox = false
show_contain_subfolders_option = false
optional_delimiter = .
delete_folder = true

Press any key to continue... <-- press a key

SquirrelMail Configuration : Read: config.php (1.4.0)
---------------------------------------------------------
Main Menu --
1. Organization Preferences
2. Server Settings
3. Folder Defaults
4. General Options
5. Themes
6. Address Books
7. Message of the Day (MOTD)
8. Plugins
9. Database
10. Languages

D. Set pre-defined settings for specific IMAP servers

C Turn color on
S Save data
Q Quit

Command >> <-- S


SquirrelMail Configuration : Read: config.php (1.4.0)
---------------------------------------------------------
Main Menu --
1. Organization Preferences
2. Server Settings
3. Folder Defaults
4. General Options
5. Themes
6. Address Books
7. Message of the Day (MOTD)
8. Plugins
9. Database
10. Languages

D. Set pre-defined settings for specific IMAP servers

C Turn color on
S Save data
Q Quit

Command >> <-- Q
Afterwards you can access SquirrelMail under http://server1.example.com/webmail or http://192.168.0.100/webmail:
I. Install ISPConfig 3
To install ISPConfig 3 from the latest released version, do this:
cd /tmp
wget http://downloads.sourceforge.net/ispconfig/ISPConfig-3.0.1.tar.gz?use_mirror=
tar xvfz ISPConfig-3.0.1.tar.gz
cd ispconfig3_install/install/
(Replace ISPConfig-3.0.1.tar.gz with the latest version.)
The next step is to run
php -q install.php
This will start the ISPConfig 3 installer:
server:/tmp/ispconfig3_install/install# php -q install.php


--------------------------------------------------------------------------------
_____ ___________ _____ __ _
|_ _/ ___| ___ \ / __ \ / _(_)
| | \ `--.| |_/ / | / \/ ___ _ __ | |_ _ __ _
| | `--. \ __/ | | / _ \| '_ \| _| |/ _` |
_| |_/\__/ / | | \__/\ (_) | | | | | | | (_| |
\___/\____/\_| \____/\___/|_| |_|_| |_|\__, |
__/ |
|___/
--------------------------------------------------------------------------------


>> Initial configuration

Operating System: Debian Lenny/Sid or compatible

Following will be a few questions for primary configuration so be careful.
Default values are in [brackets] and can be accepted with .
Tap in "quit" (without the quotes) to stop the installer.


Select language (en,de) [en]: <-- ENTER

Installation mode (standard,expert) [standard]: <-- ENTER

Full qualified hostname (FQDN) of the server, eg server1.domain.tld [server1.example.com]: <-- ENTER

MySQL server hostname [localhost]: <-- ENTER

MySQL root username [root]: <-- ENTER

MySQL root password []: <-- yourrootsqlpassword

MySQL database to create [dbispconfig]: <-- ENTER

MySQL charset [utf8]: <-- ENTER

Generating a 2048 bit RSA private key
..................................................................................................................+++
.........................................................................................................+++
writing new private key to 'smtpd.key'
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [ID]: <-- ENTER
State or Province Name (full name) [Jawa Barat]: <-- ENTER
Locality Name (eg, city) [Bogor]: <-- ENTER
Organization Name (eg, company) [ICT Foundation]: <-- ENTER
Organizational Unit Name (eg, section) [TKJ]: <-- ENTER
Common Name (eg, YOUR name) [ICT]: <-- ENTER
Email Address []: <-- ENTER
Configuring Jailkit
Configuring SASL
Configuring PAM
Configuring Courier
Configuring Spamassassin
Configuring Amavisd
Configuring Getmail
Configuring Pureftpd
Configuring MyDNS
Configuring Apache
Configuring Firewall
Installing ISPConfig
ISPConfig Port [8080]: <-- ENTER

Configuring DBServer
Installing Crontab
no crontab for root
no crontab for getmail
Restarting services ...
Stopping MySQL database server: mysqld.
Starting MySQL database server: mysqld.
Checking for corrupt, not cleanly closed and upgrade needing tables..
Stopping Postfix Mail Transport Agent: postfix.
Starting Postfix Mail Transport Agent: postfix.
Stopping SASL Authentication Daemon: saslauthd.
Starting SASL Authentication Daemon: saslauthd.
Stopping amavisd: amavisd-new.
Starting amavisd: amavisd-new.
Stopping ClamAV daemon: clamd.
Starting ClamAV daemon: clamd .
Stopping Courier authentication services: authdaemond.
Starting Courier authentication services: authdaemond.
Stopping Courier IMAP server: imapd.
Starting Courier IMAP server: imapd.
Stopping Courier IMAP-SSL server: imapd-ssl.
Starting Courier IMAP-SSL server: imapd-ssl.
Stopping Courier POP3 server: pop3d.
Starting Courier POP3 server: pop3d.
Stopping Courier POP3-SSL server: pop3d-ssl.
Starting Courier POP3-SSL server: pop3d-ssl.
Restarting web server: apache2 ... waiting .
Restarting ftp server: Running: /usr/sbin/pure-ftpd-mysql-virtualchroot -l mysql:/etc/pure-ftpd/db/mysql.conf -l pam -E -A -u 1000 -O clf:/var/log/pure-ftpd/transfer.log -b -B
Installation completed.
server:/tmp/ispconfig3_install/install#
The installer automatically configures all underlying services, so no manual configuration is needed.

1 comments:

Unknown said...

makasih atas bantuan artikelnya. ada yg saya mau tanyakan,apakah sama konfigurasi antara debian dengan ubuntu 10.04?