8. Install Nginx, PHP5 (PHP-FPM), and Fcgiwrap
Nginx is available as a package for Ubuntu which we can install with the following command:
apt-get install nginx
When Apache2 is already installed on the system, stop it now…
service apache2 stop
… and remove Apache’s system startup links:
update-rc.d -f apache2 remove
Start nginx afterwards:
service nginx start
(If both Apache2 and nginx are installed, the ISPConfig 3 installer will ask you which one you want to use – answer nginx in this case. If only one of these both is installed, ISPConfig will do the necessary configuration automatically.)
We can make PHP5 work in nginx through PHP-FPM (PHP-FPM (FastCGI Process Manager) is an alternative PHP FastCGI implementation with some additional features useful for sites of any size, especially busier sites) which we install as follows:
apt-get install php5-fpm
PHP-FPM is a daemon process (with the init script /etc/init.d/php5-fpm ) that runs a FastCGI server on the socket /var/run/php5-fpm.sock .
To get MySQL support in PHP, we can install the php5-mysql package. It’s a good idea to install some other PHP5 modules as well as you might need them for your applications. You can search for available PHP5 modules like this:
apt-cache search php5
Pick the ones you need and install them like this:
apt-get install php5-mysql php5-curl php5-gd php5-intl php-pear php5-imagick php5-imap php5-mcrypt php5-memcache php5-ming php5-ps php5-pspell php5-recode php5-sqlite php5-tidy php5-xmlrpc php5-xsl
APCu is a free and open PHP opcode cacher for caching and optimizing PHP intermediate code. It’s similar to other PHP opcode cachers, such as eAccelerator and XCache. It is strongly recommended to have one of these installed to speed up your PHP page.
APCu can be installed as follows:
apt-get install php5-apcu
Next open /etc/php5/fpm/php.ini …
nano /etc/php5/fpm/php.ini
… and set cgi.fix_pathinfo=0 and your timezone:
[...]
cgi.fix_pathinfo=0
[...]
date.timezone="Europe/Berlin"
[...]
(You can find all available timezones in the /usr/share/zoneinfo directories and its subdirectories.)
Now reload PHP-FPM:
service php5-fpm reload
To get CGI support in nginx, we install Fcgiwrap.
Fcgiwrap is a CGI wrapper that should work also for complex CGI scripts and can be used for shared hosting environments because it allows each vhost to use its own cgi-bin directory.
Install the fcgiwrap package:
apt-get install fcgiwrap
After the installation, the fcgiwrap daemon should already be started; its socket is /var/run/fcgiwrap.socket . If it is not running, you can use the/etc/init.d/fcgiwrap script to start it.
That’s it! Now when you create an nginx vhost, ISPConfig will take care of the correct vhost configuration.
8.1 Additional PHP Versions
Starting with ISPConfig 3.0.5, it is possible to have multiple PHP versions on one server (selectable through ISPConfig) which can be run through PHP-FPM. To learn how to build additional PHP versions (PHP-FPM) and how to configure ISPConfig, please check this tutorial: How To Use Multiple PHP Versions (PHP-FPM & FastCGI) With ISPConfig 3 (Ubuntu 12.10) (works for Ubuntu 15.10 as well).
8.2 Install phpMyAdmin
Install phpMyAdmin as follows:
apt-get install phpmyadmin
You will see the following questions:
Web server to reconfigure automatically: <– select none (because only apache2 and lighttpd are available as options)
Configure database for phpmyadmin with dbconfig-common? <– Yes
Password of the database’s administrative user: <– yourrootmysqlpassword
MySQL application password for phpmyadmin: <– Press Enter
You can now find phpMyAdmin in the /usr/share/phpmyadmin/ directory.
After you have installed ISPConfig 3, you can access phpMyAdmin as follows:
The ISPConfig apps vhost on port 8081 for nginx comes with a phpMyAdmin configuration, so you can usehttp://server1.example.com:8081/phpmyadmin or http://server1.example.com:8081/phpMyAdmin to access phpMyAdmin.
If you want to use a /phpmyadmin or /phpMyAdmin alias that you can use from your web sites, this is a bit more complicated than for Apache because nginx does not have global aliases (i.e., aliases that can be defined for all vhosts). Therefore you have to define these aliases for each vhost from which you want to access phpMyAdmin.
To do this, paste the following into the nginx Directives field on the Options tab of the web site in ISPConfig:
location /phpmyadmin {
root /usr/share/;
index index.php index.html index.htm;
location ~ ^/phpmyadmin/(.+\.php)$ {
try_files $uri =404;
root /usr/share/;
fastcgi_pass unix:/var/run/php5-fpm.sock;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $request_filename;
include /etc/nginx/fastcgi_params;
fastcgi_param PATH_INFO $fastcgi_script_name;
fastcgi_buffer_size 128k;
fastcgi_buffers 256 4k;
fastcgi_busy_buffers_size 256k;
fastcgi_temp_file_write_size 256k;
fastcgi_intercept_errors on;
}
location ~* ^/phpmyadmin/(.+\.(jpg|jpeg|gif|css|png|js|ico|html|xml|txt))$ {
root /usr/share/;
}
}
location /phpMyAdmin {
rewrite ^/* /phpmyadmin last;
}
If you use https instead of http for your vhost, you should add the line fastcgi_param HTTPS on; to your phpMyAdmin configuration like this:
location /phpmyadmin {
root /usr/share/;
index index.php index.html index.htm;
location ~ ^/phpmyadmin/(.+\.php)$ {
try_files $uri =404;
root /usr/share/;
fastcgi_pass unix:/var/run/php5-fpm.sock;
fastcgi_param HTTPS on; # <-- add this line
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $request_filename;
include /etc/nginx/fastcgi_params;
fastcgi_param PATH_INFO $fastcgi_script_name;
fastcgi_buffer_size 128k;
fastcgi_buffers 256 4k;
fastcgi_busy_buffers_size 256k;
fastcgi_temp_file_write_size 256k;
fastcgi_intercept_errors on;
}
location ~* ^/phpmyadmin/(.+\.(jpg|jpeg|gif|css|png|js|ico|html|xml|txt))$ {
root /usr/share/;
}
}
location /phpMyAdmin {
rewrite ^/* /phpmyadmin last;
}
If you use both http and https for your vhost, you need to add the following section to the http {} section in /etc/nginx/nginx.conf (before any include lines) which determines if the visitor uses http or https and sets the $fastcgi_https variable (which we will use in our phpMyAdmin configuration) accordingly:
nano /etc/nginx/nginx.conf
[...]
http {
[...]
## Detect when HTTPS is used
map $scheme $fastcgi_https {
default off;
https on;
}
[...]
}
[...]
Don’t forget to reload nginx afterwards:
service nginx reload
Then go to the nginx Directives field again, and instead of fastcgi_param HTTPS on; you add the line fastcgi_param HTTPS $fastcgi_https; so that you can use phpMyAdmin for both HTTP and HTTPS requests:
location /phpmyadmin {
root /usr/share/;
index index.php index.html index.htm;
location ~ ^/phpmyadmin/(.+\.php)$ {
try_files $uri =404;
root /usr/share/;
fastcgi_pass unix:/var/run/php5-fpm.sock;
fastcgi_param HTTPS $fastcgi_https; # <-- add this line
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $request_filename;
include /etc/nginx/fastcgi_params;
fastcgi_param PATH_INFO $fastcgi_script_name;
fastcgi_buffer_size 128k;
fastcgi_buffers 256 4k;
fastcgi_busy_buffers_size 256k;
fastcgi_temp_file_write_size 256k;
fastcgi_intercept_errors on;
}
location ~* ^/phpmyadmin/(.+\.(jpg|jpeg|gif|css|png|js|ico|html|xml|txt))$ {
root /usr/share/;
}
}
location /phpMyAdmin {
rewrite ^/* /phpmyadmin last;
}
9. Install Mailman
ISPConfig also allows you to manage (create/modify/delete) Mailman mailing lists. If you want to make use of this feature, install Mailman as follows:
apt-get install mailman
Select at least one language, e.g.:
Languages to support: <– en (English)
Missing site list <– Ok
Before we can start Mailman, a first mailing list called mailman must be created:
newlist mailman
root@server1:~# newlist mailman
Enter the email of the person running the list: <– admin email address, e.g. [email protected]
Initial mailman password: <– admin password for the mailman list
To finish creating your mailing list, you must edit your /etc/aliases (or
equivalent) file by adding the following lines, and possibly running the
`newaliases’ program:
## mailman mailing list
mailman: “|/var/lib/mailman/mail/mailman post mailman”
mailman-admin: “|/var/lib/mailman/mail/mailman admin mailman”
mailman-bounces: “|/var/lib/mailman/mail/mailman bounces mailman”
mailman-confirm: “|/var/lib/mailman/mail/mailman confirm mailman”
mailman-join: “|/var/lib/mailman/mail/mailman join mailman”
mailman-leave: “|/var/lib/mailman/mail/mailman leave mailman”
mailman-owner: “|/var/lib/mailman/mail/mailman owner mailman”
mailman-request: “|/var/lib/mailman/mail/mailman request mailman”
mailman-subscribe: “|/var/lib/mailman/mail/mailman subscribe mailman”
mailman-unsubscribe: “|/var/lib/mailman/mail/mailman unsubscribe mailman”
Hit enter to notify mailman owner… <– ENTER
root@server1:~#
Open /etc/aliases afterwards…
nano /etc/aliases
… and add the following lines:
[...]
## mailman mailing list
mailman: "|/var/lib/mailman/mail/mailman post mailman"
mailman-admin: "|/var/lib/mailman/mail/mailman admin mailman"
mailman-bounces: "|/var/lib/mailman/mail/mailman bounces mailman"
mailman-confirm: "|/var/lib/mailman/mail/mailman confirm mailman"
mailman-join: "|/var/lib/mailman/mail/mailman join mailman"
mailman-leave: "|/var/lib/mailman/mail/mailman leave mailman"
mailman-owner: "|/var/lib/mailman/mail/mailman owner mailman"
mailman-request: "|/var/lib/mailman/mail/mailman request mailman"
mailman-subscribe: "|/var/lib/mailman/mail/mailman subscribe mailman"
mailman-unsubscribe: "|/var/lib/mailman/mail/mailman unsubscribe mailman"
Run
newaliases
afterwards and restart Postfix:
service postfix restart
Then start the Mailman daemon:
service mailman start
After you have installed ISPConfig 3, you can access Mailman as follows:
The ISPConfig apps vhost on port 8081 for nginx comes with a Mailman configuration, so you can use http://server1.example.com:8081/cgi-bin/mailman/admin/<listname> or http://server1.example.com:8081/cgi-bin/mailman/listinfo/<listname> to access Mailman.
If you want to use Mailman from your web sites, this is a bit more complicated than for Apache because Nginx does not have global aliases (i.e., aliases that can be defined for all vhosts). Therefore, you have to define these aliases for each vhost from which you want to access Mailman.
To do this, paste the following into the nginx Directives field on the Options tab of the web site in ISPConfig:
location /cgi-bin/mailman {
root /usr/lib/;
fastcgi_split_path_info (^/cgi-bin/mailman/[^/]*)(.*)$;
include /etc/nginx/fastcgi_params;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param PATH_INFO $fastcgi_path_info;
fastcgi_param PATH_TRANSLATED $document_root$fastcgi_path_info;
fastcgi_intercept_errors on;
fastcgi_pass unix:/var/run/fcgiwrap.socket;
}
location /images/mailman {
alias /usr/share/images/mailman;
}
location /pipermail {
alias /var/lib/mailman/archives/public;
autoindex on;
}
This defines the alias /cgi-bin/mailman/ for your vhost, which means you can access the Mailman admin interface for a list at http://<vhost>/cgi-bin/mailman/admin/<listname> , and the web page for users of a mailing list can be found at http://<vhost>/cgi-bin/mailman/listinfo/<listname> .
Under http://<vhost>/pipermail you can find the mailing list archives.
10. Install PureFTPd And Quota
PureFTPd and quota can be installed with the following command:
apt-get install pure-ftpd-common pure-ftpd-mysql quota quotatool
Edit the file /etc/default/pure-ftpd-common …
nano /etc/default/pure-ftpd-common
… and make sure that the start mode is set to standalone and set VIRTUALCHROOT=true :
[...]
STANDALONE_OR_INETD=standalone
[...]
VIRTUALCHROOT=true
[...]
Now we configure PureFTPd to allow FTP and TLS sessions. FTP is a very insecure protocol because all passwords and all data are transferred in clear text. By using TLS, the whole communication can be encrypted, thus making FTP much more secure.
If you want to allow FTP and TLS sessions, run
echo 1 > /etc/pure-ftpd/conf/TLS
In order to use TLS, we must create an SSL certificate. I create it in /etc/ssl/private/ , therefore I create that directory first:
mkdir -p /etc/ssl/private/
Afterwards, we can generate the SSL certificate as follows:
openssl req -x509 -nodes -days 7300 -newkey rsa:2048 -keyout /etc/ssl/private/pure-ftpd.pem -out /etc/ssl/private/pure-ftpd.pem
Country Name (2 letter code) [AU]: <– Enter your Country Name (e.g., “DE”).
State or Province Name (full name) [Some-State]:<– Enter your State or Province Name.
Locality Name (eg, city) []:<– Enter your City.
Organization Name (eg, company) [Internet Widgits Pty Ltd]:<– Enter your Organization Name (e.g., the name of your company).
Organizational Unit Name (eg, section) []:<– Enter your Organizational Unit Name (e.g. “IT Department”).
Common Name (eg, YOUR name) []:<– Enter the Fully Qualified Domain Name of the system (e.g. “server1.example.com”).
Email Address []:<– Enter your Email Address.
Change the permissions of the SSL certificate:
chmod 600 /etc/ssl/private/pure-ftpd.pem
Then restart PureFTPd:
service pure-ftpd-mysql restart
Edit /etc/fstab . Mine looks like this (I added ,usrjquota=quota.user,grpjquota=quota.group,jqfmt=vfsv0 to the partition with the mount point / ):
nano /etc/fstab
# /etc/fstab: static file system information.
#
# Use 'blkid' to print the universally unique identifier for a
# device; this may be used with UUID= as a more robust way to name devices
# that works even if disks are added and removed. See fstab(5).
#
# <file system> <mount point> <type> <options> <dump> <pass>
/dev/mapper/server1--vg-root / ext4 errors=remount-ro,usrjquota=quota.user,grpjquota=quota.group,jqfmt=vfsv0 0 1
# /boot was on /dev/sda1 during installation
UUID=de7aa90b-241d-4ee6-825c-36031409763f /boot ext2 defaults 0 2
/dev/mapper/server1--vg-swap_1 none swap sw 0 0
To enable quota, run these commands:
mount -o remount /
quotacheck -avugm
quotaon -avug
The following error messages are normal for the command and can be ignored:
quotacheck: Cannot stat old user quota file //quota.user: No such file or directory. Usage will not be subtracted.
quotacheck: Cannot stat old group quota file //quota.group: No such file or directory. Usage will not be subtracted.
quotacheck: Cannot stat old user quota file //quota.user: No such file or directory. Usage will not be subtracted.
quotacheck: Cannot stat old group quota file //quota.group: No such file or directory. Usage will not be subtracted.
11. Install BIND DNS Server
BIND is installed as follows:
apt-get install bind9 dnsutils
12. Install Vlogger, Webalizer, And AWStats
Vlogger, Webalizer, and AWStats can be installed as follows:
apt-get install vlogger webalizer awstats geoip-database libclass-dbi-mysql-perl
Open /etc/cron.d/awstats afterwards…
nano /etc/cron.d/awstats
… and comment out everything in that file:
# MAILTO=root
# */10 * * * * www-data [ -x /usr/share/awstats/tools/update.sh ] && /usr/share/awstats/tools/update.sh
# Generate static reports:
# 10 03 * * * www-data [ -x /usr/share/awstats/tools/buildstatic.sh ] && /usr/share/awstats/tools/buildstatic.sh
13. Install Jailkit
Jailkit is needed only if you want to chroot SSH users. It can be installed as follows (important: Jailkit must be installed before ISPConfig – it cannot be installed afterwards! ):
apt-get install build-essential autoconf automake1.11 libtool flex bison debhelper binutils
cd /tmp
wget http://olivier.sessink.nl/jailkit/jailkit-2.19.tar.gz
tar xvfz jailkit-2.19.tar.gz
cd jailkit-2.19
./debian/rules binary
You can now install the Jailkit .deb package as follows:
cd ..
dpkg -i jailkit_2.19-1_*.deb
rm -rf jailkit-2.19*
14. Install fail2ban
This is optional but recommended, because the ISPConfig monitor tries to show the log:
apt-get install fail2ban
To make fail2ban monitor PureFTPd and Dovecot, create the file /etc/fail2ban/jail.local :
nano /etc/fail2ban/jail.local
[pureftpd]
enabled = true
port = ftp
filter = pureftpd
logpath = /var/log/syslog
maxretry = 3
[dovecot-pop3imap]
enabled = true
filter = dovecot-pop3imap
action = iptables-multiport[name=dovecot-pop3imap, port="pop3,pop3s,imap,imaps", protocol=tcp]
logpath = /var/log/mail.log
maxretry = 5
[postfix-sasl]
enabled = true
port = smtp
filter = postfix-sasl
logpath = /var/log/mail.log
maxretry = 3
Then create the following two filter files:
nano /etc/fail2ban/filter.d/pureftpd.conf
[Definition]
failregex = .*pure-ftpd: \(.*@<HOST>\) \[WARNING\] Authentication failed for user.*
ignoreregex =
nano /etc/fail2ban/filter.d/dovecot-pop3imap.conf
[Definition]
failregex = (?: pop3-login|imap-login): .*(?:Authentication failure|Aborted login \(auth failed|Aborted login \(tried to use disabled|Disconnected \(auth failed|Aborted login \(\d+ authentication attempts).*rip=(?P<host>\S*),.*
ignoreregex =
Add the missing ignoreregex line in the postfix-sasl file:
echo “ignoreregex =” >> /etc/fail2ban/filter.d/postfix-sasl.conf
Restart fail2ban afterward:
service fail2ban restart
15. Install SquirrelMail
To install the SquirrelMail webmail client, run
apt-get install squirrelmail
Then configure SquirrelMail:
squirrelmail-configure
We must tell SquirrelMail that we are using Dovecot-IMAP/-POP3:
SquirrelMail Configuration : Read: config.php (1.4.0)
———————————————————
Main Menu —
1. Organization Preferences
2. Server Settings
3. Folder Defaults
4. General Options
5. Themes
6. Address Books
7. Message of the Day (MOTD)
8. Plugins
9. Database
10. Languages
D. Set pre-defined settings for specific IMAP servers
C Turn color on
S Save data
Q Quit
Command >> <– D
SquirrelMail Configuration : Read: config.php
———————————————————
While we have been building SquirrelMail, we have discovered some
preferences that work better with some servers that don’t work so
well with others. If you select your IMAP server, this option will
set some pre-defined settings for that server.
Please note that you will still need to go through and make sure
everything is correct. This does not change everything. There are
only a few settings that this will change.
Please select your IMAP server:
bincimap = Binc IMAP server
courier = Courier IMAP server
cyrus = Cyrus IMAP server
dovecot = Dovecot Secure IMAP server
exchange = Microsoft Exchange IMAP server
hmailserver = hMailServer
macosx = Mac OS X Mailserver
mercury32 = Mercury/32
uw = University of Washington’s IMAP server
gmail = IMAP access to Google mail (Gmail) accounts
quit = Do not change anything
Command >> <– dovecot
SquirrelMail Configuration : Read: config.php
———————————————————
While we have been building SquirrelMail, we have discovered some
preferences that work better with some servers that don’t work so
well with others. If you select your IMAP server, this option will
set some pre-defined settings for that server.
Please note that you will still need to go through and make sure
everything is correct. This does not change everything. There are
only a few settings that this will change.
Please select your IMAP server:
bincimap = Binc IMAP server
courier = Courier IMAP server
cyrus = Cyrus IMAP server
dovecot = Dovecot Secure IMAP server
exchange = Microsoft Exchange IMAP server
hmailserver = hMailServer
macosx = Mac OS X Mailserver
mercury32 = Mercury/32
uw = University of Washington’s IMAP server
gmail = IMAP access to Google mail (Gmail) accounts
quit = Do not change anything
Command >> dovecot
imap_server_type = dovecot
default_folder_prefix = <none>
trash_folder = Trash
sent_folder = Sent
draft_folder = Drafts
show_prefix_option = false
default_sub_of_inbox = false
show_contain_subfolders_option = false
optional_delimiter = detect
delete_folder = false
Press enter to continue… <– ENTER
SquirrelMail Configuration : Read: config.php (1.4.0)
———————————————————
Main Menu —
1. Organization Preferences
2. Server Settings
3. Folder Defaults
4. General Options
5. Themes
6. Address Books
7. Message of the Day (MOTD)
8. Plugins
9. Database
10. Languages
D. Set pre-defined settings for specific IMAP servers
C Turn color on
S Save data
Q Quit
Command >> <– S
SquirrelMail Configuration : Read: config.php (1.4.0)
———————————————————
Main Menu —
1. Organization Preferences
2. Server Settings
3. Folder Defaults
4. General Options
5. Themes
6. Address Books
7. Message of the Day (MOTD)
8. Plugins
9. Database
10. Languages
D. Set pre-defined settings for specific IMAP servers
C Turn color on
S Save data
Q Quit
Command >> <– Q
You can now find SquirrelMail in the /usr/share/squirrelmail/ directory.
After you have installed ISPConfig 3, you can access SquirrelMail as follows:
The ISPConfig apps vhost on port 8081 for nginx comes with a SquirrelMail configuration, so you can usehttp://server1.example.com:8081/squirrelmail or http://server1.example.com:8081/webmail to access SquirrelMail.
If you want to use a /webmail or /squirrelmail alias that you can use from your web sites, this is a bit more complicated than for Apache because nginx does not have global aliases (i.e., aliases that can be defined for all vhosts). Therefore you have to define these aliases for each vhost from which you want to access SquirrelMail.
To do this, paste the following into the nginx Directives field on the Options tab of the web site in ISPConfig:
location /squirrelmail {
root /usr/share/;
index index.php index.html index.htm;
location ~ ^/squirrelmail/(.+\.php)$ {
try_files $uri =404;
root /usr/share/;
fastcgi_pass unix:/var/run/php5-fpm.sock;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $request_filename;
include /etc/nginx/fastcgi_params;
fastcgi_param PATH_INFO $fastcgi_script_name;
fastcgi_buffer_size 128k;
fastcgi_buffers 256 4k;
fastcgi_busy_buffers_size 256k;
fastcgi_temp_file_write_size 256k;
fastcgi_intercept_errors on;
}
location ~* ^/squirrelmail/(.+\.(jpg|jpeg|gif|css|png|js|ico|html|xml|txt))$ {
root /usr/share/;
}
}
location /webmail {
rewrite ^/* /squirrelmail last;
}
If you use https instead of http for your vhost, you should add the line fastcgi_param HTTPS on; to your SquirrelMail configuration like this:
location /squirrelmail {
root /usr/share/;
index index.php index.html index.htm;
location ~ ^/squirrelmail/(.+\.php)$ {
try_files $uri =404;
root /usr/share/;
fastcgi_pass unix:/var/run/php5-fpm.sock;
fastcgi_param HTTPS on; # <-- add this line
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $request_filename;
include /etc/nginx/fastcgi_params;
fastcgi_param PATH_INFO $fastcgi_script_name;
fastcgi_buffer_size 128k;
fastcgi_buffers 256 4k;
fastcgi_busy_buffers_size 256k;
fastcgi_temp_file_write_size 256k;
fastcgi_intercept_errors on;
}
location ~* ^/squirrelmail/(.+\.(jpg|jpeg|gif|css|png|js|ico|html|xml|txt))$ {
root /usr/share/;
}
}
location /webmail {
rewrite ^/* /squirrelmail last;
}
If you use both http and https for your vhost, you need to add the following section to the http {} section in /etc/nginx/nginx.conf (before any include lines) which determines if the visitor uses http or https and sets the $fastcgi_https variable (which we will use in our SquirrelMail configuration) accordingly:
nano /etc/nginx/nginx.conf
[...]
http {
[...]
## Detect when HTTPS is used
map $scheme $fastcgi_https {
default off;
https on;
}
[...]
}
[...]
Don’t forget to reload nginx afterwards:
service nginx reload
Then go to the nginx Directives field again, and instead of fastcgi_param HTTPS on; you add the line fastcgi_param HTTPS $fastcgi_https; so that you can use SquirrelMail for both http and https requests:
location /squirrelmail {
root /usr/share/;
index index.php index.html index.htm;
location ~ ^/squirrelmail/(.+\.php)$ {
try_files $uri =404;
root /usr/share/;
fastcgi_pass unix:/var/run/php5-fpm.sock;
fastcgi_param HTTPS $fastcgi_https; # <-- add this line
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $request_filename;
include /etc/nginx/fastcgi_params;
fastcgi_param PATH_INFO $fastcgi_script_name;
fastcgi_buffer_size 128k;
fastcgi_buffers 256 4k;
fastcgi_busy_buffers_size 256k;
fastcgi_temp_file_write_size 256k;
fastcgi_intercept_errors on;
}
location ~* ^/squirrelmail/(.+\.(jpg|jpeg|gif|css|png|js|ico|html|xml|txt))$ {
root /usr/share/;
}
}
location /webmail {
rewrite ^/* /squirrelmail last;
}
16. Install ISPConfig 3
Before you start the ISPConfig installation, make sure that Apache is stopped (if it is installed – it is possible that some of your installed packages have installed Apache as a dependency without you knowing). If Apache2 is already installed on the system, stop it now…
service apache2 stop
… and remove Apache’s system startup links:
update-rc.d -f apache2 remove
Make sure that nginx is running:
service nginx restart
(If you have both Apache and nginx installed, the installer asks you which one you want to use: Apache and nginx detected. Select server to use for ISPConfig: (apache,nginx) [apache]:
Type nginx . If only Apache or Nginx are installed, this is automatically detected by the installer, and no question is asked.)
To install ISPConfig 3 from the latest released version, do this:
cd /tmp
wget http://www.ispconfig.org/downloads/ISPConfig-3-stable.tar.gz
tar xfz ISPConfig-3-stable.tar.gz
cd ispconfig3_install/install/
The next step is to run
php -q install.php
This will start the ISPConfig 3 installer. The installer will configure all services like Postfix, SASL, Courier, etc. for you.
root@server1:/tmp/ispconfig3_install/install# php -q install.php
——————————————————————————–
_____ ___________ _____ __ _ ____
|_ _/ ___| ___ \ / __ \ / _(_) /__ \
| | \ `–.| |_/ / | / \/ ___ _ __ | |_ _ __ _ _/ /
| | `–. \ __/ | | / _ \| ‘_ \| _| |/ _` | |_ |
_| |_/\__/ / | | \__/\ (_) | | | | | | | (_| | ___\ \
\___/\____/\_| \____/\___/|_| |_|_| |_|\__, | \____/
__/ |
|___/
——————————————————————————–
>> Initial configuration
Operating System: 15.04 (Vivid Vervet)
Following will be a few questions for primary configuration so be careful.
Default values are in [brackets] and can be accepted with <ENTER>.
Tap in “quit” (without the quotes) to stop the installer.
Select language (en,de) [en]: <– ENTER
Installation mode (standard,expert) [standard]: <– ENTER
Full qualified hostname (FQDN) of the server, eg server1.domain.tld [server1.example.com]: <– ENTER
MySQL server hostname [localhost]: <– ENTER
MySQL root username [root]: <– ENTER
MySQL root password []: <– yourrootsqlpassword
MySQL database to create [dbispconfig]: <– ENTER
MySQL charset [utf8]: <– ENTER
Apache and nginx detected. Select server to use for ISPConfig: (apache,nginx) [apache]: <– nginx
Generating a 4096 bit RSA private key
………………………………………………………………….++
…………………++
writing new private key to ‘smtpd.key’
—–
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter ‘.’, the field will be left blank.
—–
Country Name (2 letter code) [AU]: <– DE (your country code, in my case DE for Germany)
State or Province Name (full name) [Some-State]: <– ENTER
Locality Name (eg, city) []: <– Lueneburg (your city)
Organization Name (eg, company) [Internet Widgits Pty Ltd]: <– ISPConfig UG (your company name)
Organizational Unit Name (eg, section) []: <– ENTER
Common Name (e.g. server FQDN or YOUR name) []: <– server1.example.com
Email Address []: <– ENTER
Configuring Jailkit
Configuring Dovecot
Configuring Spamassassin
Configuring Amavisd
Configuring Getmail
Configuring Pureftpd
Configuring BIND
Configuring Apache
Configuring Vlogger
Configuring Apps vhost
Configuring Bastille Firewall
Configuring Fail2ban
Installing ISPConfig
ISPConfig Port [8080]: <– ENTER
Do you want a secure (SSL) connection to the ISPConfig web interface (y,n) [y]: <– ENTER
Generating RSA private key, 4096 bit long modulus
……….++
……++
e is 65537 (0x10001)
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter ‘.’, the field will be left blank.
—–
Country Name (2 letter code) [AU]: <– DE (enter your country code, in my case DE for Germany)
State or Province Name (full name) [Some-State]: <– ENTER
Locality Name (eg, city) []: <– Lueneburg (your city)
Organization Name (eg, company) [Internet Widgits Pty Ltd]: <– ISPConfig UG (name of your company)
Organizational Unit Name (eg, section) []: <– ENTER
Common Name (e.g. server FQDN or YOUR name) []: <– server1.example.com
Email Address []: <– ENTER
Please enter the following ‘extra’ attributes
to be sent with your certificate request
A challenge password []: <– ENTER
An optional company name []: <– ENTER
writing RSA key
Configuring DBServer
Installing ISPConfig crontab
no crontab for root
no crontab for getmail
Restarting services …
Installation completed.
root@server1:/tmp/ispconfig3_install/install#
The installer automatically configures all underlying services, so there is no manual configuration needed.
You now also have the possibility to let the installer create an SSL vhost for the ISPConfig control panel, so that ISPConfig can be accessed usinghttps:// instead of http:// . To achieve this, just press ENTER when you see this question: Do you want a secure (SSL) connection to the ISPConfig web interface (y,n) [y]: .
Afterwards you can access ISPConfig 3 under http(s)://server1.example.com:8080/ or http(s)://192.168.1.100:8080/ ( http or https depends on what you chose during installation). Log in with the username admin and the password admin (you should change the default password after your first login):
The system is now ready to be used.
17 Add Dkim support in ISPConfig
Dkim is a technology to digitally sign all outgoing emails. Dkim support will be integrated in ISPConfig 3.1, for the current ISPConfig 3.0.5.4p8 there is a backport of the Dkim functions available. In this step, I will show you how to install this patch.
Download the patch and run the installation script:
cd /tmp
wget blog.schaal-24.de/files/dkim-latest_ispconfig3.tar.gz
tar xfz dkim-latest_ispconfig3.tar.gz
cd dkim-patch
php -q install.php
Answer the questions of the installer:
Configure amavis? [ Y | n ]? <– Press Enter to accept the default.
Directory for DKIM-Keys [ /var/lib/amavis/dkim ] <– Press Enter to accept the default.
Configure postfix? [ Y | n ]? <– Press Enter to accept the default.
Update databse? [ Y | n ]? <– Press Enter to accept the default.
Login to ISPConfig and set the Dkim Path to “/var/lib/amavis/dkim” under System > Server Config > Mail and press “Save” to save the changes.
18. Additional Notes
18.1 OpenVZ
If the Ubuntu server that you’ve just set up in this tutorial is an OpenVZ container (virtual machine), you should do this on the host system (I’m assuming that the ID of the OpenVZ container is 101 – replace it with the correct VPSID on your system):
VPSID=101
for CAP in CHOWN DAC_READ_SEARCH SETGID SETUID NET_BIND_SERVICE NET_ADMIN SYS_CHROOT SYS_NICE CHOWN DAC_READ_SEARCH SETGID SETUID NET_BIND_SERVICE NET_ADMIN SYS_CHROOT SYS_NICE
do
vzctl set $VPSID –capability ${CAP}:on –save
done
18.2 Virtual machine image download of this tutorial
This tutorial is available as ready to use virtual machine image in ovf/ova format that is compatible with VMWare and Virtualbox. The virtual machine image uses the following login details:
SSH / Shell Login
Username: administrator
Password: howtoforge
This user has sudo rights.
ISPConfig Login
Username: admin
Password: howtoforge
MySQL Login
Username: root
Password: howtoforge
The IP of the VM is 192.168.1.100, it can be changed in the file /etc/network/interfaces. Please change all the above passwords to secure the virtual machine.
19. Links