Premessa - Installazione base
In stile Another Code prendo nota dei passaggi fatti per configurare ISPConfig 3 sul server kubuntu che ho in gestione. Un riassunto di quanto trovato in rete ovviamente nulla e' inventato ma gia' documentato altrove. Qui tengo un riassunto di quanto mi serve.
apt-get install ssh openssh-server ntp ntpdate postfix postfix-mysql postfix-doc mysql-client mysql-server openssl getmail4 rkhunter binutils dovecot-imapd dovecot-pop3d dovecot-mysql dovecot-sieve sudo
New password for the MySQL "root" user: <-- yourrootsqlpassword
Repeat password for the MySQL "root" user: <-- yourrootsqlpassword
General type of mail configuration: <-- Internet Site
System mail name: <-- server.example.com
nano /etc/postfix/master.cf
[...] submission inet n - - - - smtpd |
service postfix restartControllare che sia impostato un indirizzo ip statico
nano /etc/network/interfaces
[...]
# The loopback network interface
[...]
|
service networking restart
echo 192.168.1.10 server.example.com server > /etc/hosts
echo server.example.com > /etc/hostname
service hostname restart
Installiamo antivirus / antispam e ammenicoli
apt-get install amavisd-new spamassassin clamav clamav-daemon zoo unzip bzip2 arj nomarch lzop cabextract apt-listchanges libnet-ldap-perl libauthen-sasl-perl clamav-docs daemon libio-string-perl libio-socket-ssl-perl libnet-ident-perl zip libnet-dns-perl
service spamassassin stop
update-rc.d -f spamassassin remove
Spam assassin viene gestito da amavis quindi non serve farlo partire in automatico
Installazione servizi Apache2 / PHP / Squirrelmail e dipendenze
apt-get install apache2 apache2-doc apache2-utils libapache2-mod-php5 php5 php5-common php5-gd php5-mysql php5-imap phpmyadmin php5-cli php5-cgi libapache2-mod-fcgid apache2-suexec php-pear php-auth php5-mcrypt mcrypt php5-imagick imagemagick libapache2-mod-suphp libruby libapache2-mod-python php5-curl php5-intl php5-memcache php5-memcached php5-ming php5-ps php5-pspell php5-recode php5-snmp php5-sqlite php5-tidy php5-xmlrpc php5-xsl memcached snmp libapache2-mod-fastcgi php5-fpm pure-ftpd-common pure-ftpd-mysql quota quotatool bind9 dnsutils vlogger webalizer awstats geoip-database libclass-dbi-mysql-perl build-essential autoconf automake1.9 libtool flex bison debhelper binutils-gold fail2ban squirrelmail
Abilitiamo manualmente il modulo mcrypt
php5enmod mcrypt
Web server to reconfigure automatically: <-- apache2
Configure database for phpmyadmin with dbconfig-common? <-- No
a2enmod suexec rewrite ssl actions include cgi
a2enmod dav_fs dav auth_digest
nano /etc/apache2/mods-available/suphp.conf
Commentiamo <FilesMatch "\.ph(p3?|tml)$"> e aggiungiamo la linea AddType application/x-httpd-suphp .php .php3 .php4 .php5 .phtml
<IfModule mod_suphp.c>
#<FilesMatch "\.ph(p3?|tml)$">
# SetHandler application/x-httpd-suphp
#</FilesMatch>
AddType application/x-httpd-suphp .php .php3 .php4 .php5 .phtml
suPHP_AddHandler application/x-httpd-suphp
<Directory />
suPHP_Engine on
</Directory>
# By default, disable suPHP for debian packaged web applications as files
# are owned by root and cannot be executed by suPHP because of min_uid.
<Directory /usr/share>
suPHP_Engine off
</Directory>
# # Use a specific php config file (a dir which contains a php.ini file)
# suPHP_ConfigPath /etc/php5/cgi/suphp/
# # Tells mod_suphp NOT to handle requests with the type <mime-type>.
# suPHP_RemoveHandler <mime-type>
</IfModule>
|
service apache2 restart
Assicuriamoci di impostare il demone FTP correttamente mettendo start mode in standalone e impostando VIRTUALCHROOT=true:
nano /etc/default/pure-ftpd-common
[...]
STANDALONE_OR_INETD=standalone
[...]
VIRTUALCHROOT=true
[...]
|
Rendiamo piu' sicuro L'FTP attivando TLS e creando un certificato:
echo 1 > /etc/pure-ftpd/conf/TLS
mkdir -p /etc/ssl/private/
openssl req -x509 -nodes -days 7300 -newkey rsa:2048 -keyout /etc/ssl/private/pure-ftpd.pem -out /etc/ssl/private/pure-ftpd.pem
Country Name (2 letter code) [AU]: IT
State or Province Name (full name) [Some-State]: ITALY
Locality Name (eg, city) []: PADOVA
Organization Name (eg, company) [Internet Widgits Pty Ltd]: COMPANY-NAME
Organizational Unit Name (eg, section) []:
Common Name (eg, YOUR name) []:server.example.com
Email Address []:Questo indirizzo email è protetto dagli spambots. È necessario abilitare JavaScript per vederlo.
chmod 600 /etc/ssl/private/pure-ftpd.pem
service pure-ftpd-mysql restart
Configuriamo squirrel
squirrelmail-configure
D. Set pre-defined settings for specific IMAP servers
Command >> <-- dovecot
Command >> <-- S
Command >> <-- Q
Per fare in modo che Apache legga la configurazione di squirrelmail abbiamo bisogno di creare un link
cd /etc/apache2/conf-available/
ln -s ../../squirrelmail/apache.conf squirrelmail.conf
service apache2 reload
Apriamo /etc/apache2/conf.d/squirrelmail.conf
nano /etc/apache2/conf-available/squirrelmail.conf
E aggiungiamo nel contenitore <Directory /usr/share/squirrelmail></Directory> quanto segue, dobbiamo essere sicuri di usare php_mod per gestire squirrel
[...]
<Directory /usr/share/squirrelmail>
Options FollowSymLinks
<IfModule mod_php5.c>
AddType application/x-httpd-php .php
php_flag magic_quotes_gpc Off
php_flag track_vars On
php_admin_flag allow_url_fopen Off
php_value include_path .
php_admin_value upload_tmp_dir /var/lib/squirrelmail/tmp
php_admin_value open_basedir /usr/share/squirrelmail:/etc/squirrelmail:/var/lib/squirrelmail:/etc/hostname:/etc/mailname
php_flag register_globals off
</IfModule>
<IfModule mod_dir.c>
DirectoryIndex index.php
</IfModule>
# access to configtest is limited by default to prevent information leak
<Files configtest.php>
order deny,allow
deny from all
allow from 127.0.0.1
</Files>
</Directory>
[...]
|
mkdir /var/lib/squirrelmail/tmp
chown www-data /var/lib/squirrelmail/tmp
a2enconf squirrelmail
service apache2 reload
Non resta che installare ISPConfig3
cd /tmp
wget http://www.ispconfig.org/downloads/ISPConfig-3-stable.tar.gz
tar xfz ISPConfig-3-stable.tar.gz
cd ispconfig3_install/install/
php -q install.php
Seguire le istruzioni a schermo il gioco e' fatto.