Escolar Documentos
Profissional Documentos
Cultura Documentos
1)
Tutorial search
Tutorials The Perfect Server Debian 8.4 Jessie (Apache2, BIN…
The Perfect Server Debian 8.4 Jessie (Apache2,
BIND, Dovecot, ISPConfig 3.1)
Ad Manage and secure your org's mobile devices with Mobile Device Manager Plus
This tutorial shows how to
On this page
prepare a Debian Jessie server
(with Apache2, BIND, Dovecot)
1 Preliminary Note
for the installation of ISPConfig
What's new in this version of the tutorial?
3.1, and how to install
2 Install the SSH server (Optional)
ISPConfig. The webhosting
3 Install a shell text editor (Optional)
control panel ISPConfig 3
4 Configure the Hostname
allows you to configure the
5 Update Your Debian Installation
following services through a
6 Change the default Shell
web browser: Apache or nginx
7 Synchronize the System Clock
web server, Postfix mail server,
8 Install Postfix, Dovecot, MySQL, phpMyAdmin, rkhunter,
Courier or Dovecot IMAP/POP3
binutils
server, MySQL, BIND or MyDNS
9 Install Amavisdnew, SpamAssassin, and Clamav
nameserver, PureFTPd,
9.1 Install Metronome XMPP Server (optional)
SpamAssassin, ClamAV, and
many more. This setup covers
Apache (instead of nginx),
BIND, and Dovecot (instead of Courier).
1 Preliminary Note
In this tutorial I will use the hostname server1.example.com with the IP address 192.168.1.100
and the gateway 192.168.1.1. These settings might differ for you, so you have to replace them
where appropriate. Before proceeding further you need to have a minimal installation of Debian 8. This
might be a Debian minimal image from your Hosting provider or you use the Minimal Debian
Server tutorial to setup the base system.
What's new in this version of the tutorial?
https://www.howtoforge.com/tutorial/perfectserverdebian84jessieapachebinddovecotispconfig31/ 1/13
7/8/2016 The Perfect Server Debian 8.4 Jessie (Apache2, BIND, Dovecot, ISPConfig 3.1)
Support for the new ISPConfig 3.1 features.
Support for Let's Encrypt SSL certificates.
Support for HHVM (HipHop Virtual Machine) to
run PHP scripts.
Support for XMPP (Metronome).
Support for EMail Greylisting with Postgrey.
Telefon Mobil Telefon Mobil LG Telefon Mobil UFW as Firewall to replace Bastille.
HTC One M8 Nexus 5X Samsung S7 RoundCube Webmail instead of Squirrelmail.
4G… 16GB LTE… Galaxy Edge…
If you did not install the OpenSSH server
during the system installation, you can do it now:
aptget install ssh opensshserver
From now on you can use an SSH client such as PuTTY and connect from your workstation to your
Debian Jessie server and follow the remaining steps from this tutorial.
3 Install a shell text editor (Optional)
We will use nano text editor in this tutorial. Some useres prefer the classic vi editor, therefor we will
install both editors here. The default vi program has some strange behavior on Debian and Ubuntu;
to fix this, we install vimnox:
aptget install nano vimnox
If vi is your favorite editor, then replace nano with vi in the following commands to edit files.
4 Configure the Hostname
The hostname of your server should be a subdomain like "server1.example.com". Do not use a
domain name without subdomain part like "example.com" as hostname as this will cause problems
later with your mail setup. First you should check the hostname in /etc/hosts and change it when
nescessary. The line should be: "IP Address space full hostname incl. domain space subdomain
part". For our hostname server1.example.com, the file shall look like this:
nano /etc/hosts
127.0.0.1 localhost.localdomain localhost
192.168.1.100 server1.example.com server1
# The following lines are desirable for IPv6 capable hosts
https://www.howtoforge.com/tutorial/perfectserverdebian84jessieapachebinddovecotispconfig31/ 2/13
7/8/2016 The Perfect Server Debian 8.4 Jessie (Apache2, BIND, Dovecot, ISPConfig 3.1)
::1 localhost ip6‐localhost ip6‐loopback
ff02::1 ip6‐allnodes
ff02::2 ip6‐allrouters
Then edit the /etc/hostname file:
nano /etc/hostname
It shall contain only the subdomain part, in our case:
server1
Finally, reboot the server to apply the change:
reboot
Login again and check if the hostname is correct now with these commands:
hostname
hostname f
The output shall be like this:
root@server1:/tmp# hostname
server1
root@server1:/tmp# hostname f
server1.example.com
5 Update Your Debian Installation
First make sure that your /etc/apt/sources.list contains the jessie/updates repository (this
makes sure you always get the newest security updates), and that the contrib and nonfree
repositories are enabled (some packages such as libapache2modfastcgi are not in the main
repository).
nano /etc/apt/sources.list
#deb cdrom:[Debian GNU/Linux 8.0.0 _Jessie_ ‐ Official amd64 NETINST Binary‐1 2015
0425‐12:50]/ jessie main
deb http://ftp.us.debian.org/debian/ jessie main contrib non‐free
deb‐src http://ftp.us.debian.org/debian/ jessie main contrib non‐free
deb http://security.debian.org/ jessie/updates main contrib non‐free
deb‐src http://security.debian.org/ jessie/updates main contrib non‐free
https://www.howtoforge.com/tutorial/perfectserverdebian84jessieapachebinddovecotispconfig31/ 3/13
7/8/2016 The Perfect Server Debian 8.4 Jessie (Apache2, BIND, Dovecot, ISPConfig 3.1)
Run:
aptget update
To update the apt package database
aptget upgrade
and to install the latest updates (if there are any).
6 Change the default Shell
/bin/sh is a symlink to /bin/dash, however we need /bin/bash, not /bin/dash. Therefore we do
this:
dpkgreconfigure dash
Use dash as the default system shell (/bin/sh)? < no
If you don't do this, the ISPConfig installation will fail.
7 Synchronize the System Clock
It is a good idea to synchronize the system clock with an NTP (network time protocol) server over the
Internet. Simply run
aptget install ntp ntpdate
and your system time will always be in sync.
8 Install Postfix, Dovecot, MySQL, phpMyAdmin, rkhunter,
binutils
We can install Postfix, Dovecot, MySQL, rkhunter, and binutils with a single command:
aptget install postfix postfixmysql postfixdoc mariadbclient mariadbserver openssl
getmail4 rkhunter binutils dovecotimapd dovecotpop3d dovecotmysql dovecotsieve
dovecotlmtpd sudo
https://www.howtoforge.com/tutorial/perfectserverdebian84jessieapachebinddovecotispconfig31/ 4/13
7/8/2016 The Perfect Server Debian 8.4 Jessie (Apache2, BIND, Dovecot, ISPConfig 3.1)
dovecotlmtpd sudo
When you prefer MySQL over MariaDB, replace the packages "mariadbclient mariadbserver" in the
above command with "mysqlclient mysqlserver".
You will be asked the following questions:
General type of mail configuration: < Internet Site
System mail name: < server1.example.com
New password for the MariaDB "root" user: < yourrootsqlpassword
Repeat password for the MariaDB "root" user: < yourrootsqlpassword
To secure the MariaDB / MySQL installation and to disable the test database, run this command:
mysql_secure_installation
We dont have to change the MySQL root password as we just set a new one during installation.
Answer the questions as follows:
Change the root password? [Y/n] < n
Remove anonymous users? [Y/n] < y
Disallow root login remotely? [Y/n] < y
Remove test database and access to it? [Y/n] < y
Reload privilege tables now? [Y/n] < y
Next, open the TLS/SSL and submission ports in Postfix:
nano /etc/postfix/master.cf
Uncomment the submission and smtps
sections as follows and add lines where
Telefon Mobil Telefon Mobil Telefon Mobil
HTC One M8 Samsung S7 LG Nexus 5X nescessary so that this section of the master.cf
file looks exactly like the one below.
4G Gunmetal… Galaxy Edge… 16GB LTE…
https://www.howtoforge.com/tutorial/perfectserverdebian84jessieapachebinddovecotispconfig31/ 5/13
7/8/2016 The Perfect Server Debian 8.4 Jessie (Apache2, BIND, Dovecot, ISPConfig 3.1)
TING
smtps inet n ‐ ‐ ‐ ‐ smtpd
‐o syslog_name=postfix/smtps
‐o smtpd_tls_wrappermode=yes
‐o smtpd_sasl_auth_enable=yes
‐o smtpd_client_restrictions=permit
_sasl_authenticated,reject
# ‐o smtpd_reject_unlisted_recipient=
no
# ‐o smtpd_client_restrictions=$mua_c
lient_restrictions
# ‐o smtpd_helo_restrictions=$mua_hel
o_restrictions
# ‐o smtpd_sender_restrictions=$mua_s
ender_restrictions
# ‐o smtpd_recipient_restrictions=
# ‐o smtpd_relay_restrictions=permit_
sasl_authenticated,reject
# ‐o milter_macro_daemon_name=ORIGINA
TING
[...]
Restart Postfix afterwards:
service postfix restart
We want MariaDB to listen on all interfaces, not just localhost, therefore, we edit
/etc/mysql/my.cnf and comment out the line bindaddress = 127.0.0.1:
nano /etc/mysql/my.cnf
[...]
# Instead of skip‐networking the default is now to listen only on
# localhost which is more compatible and is not less secure.
#bind‐address = 127.0.0.1
[...]
Then we restart MySQL:
service mysql restart
Now check that networking is enabled. Run
netstat tap | grep mysql
The output should look like this:
root@server1:/# netstat tap | grep mysql
tcp6 0 0 [::]:mysql [::]:* LISTEN 16806/mysqld
https://www.howtoforge.com/tutorial/perfectserverdebian84jessieapachebinddovecotispconfig31/ 6/13
7/8/2016 The Perfect Server Debian 8.4 Jessie (Apache2, BIND, Dovecot, ISPConfig 3.1)
9 Install Amavisdnew, SpamAssassin, and Clamav
To install amavisdnew, SpamAssassin and ClamAV, we run
aptget install amavisdnew spamassassin clamav clamavdaemon zoo unzip bzip2 arj nomarch
lzop cabextract aptlistchanges libnetldapperl libauthensaslperl clamavdocs daemon
libiostringperl libiosocketsslperl libnetidentperl zip libnetdnsperl postgrey
The ISPConfig 3 setup uses amavisd which loads the SpamAssassin filter library internally, so we can
stop SpamAssassin to free up some RAM:
service spamassassin stop
systemctl disable spamassassin
9.1 Install Metronome XMPP Server (optional)
This step installs the Metronome XMPP Server which provides a chat server that is compatible with the
XMPP protocol. This step is optional, if you do not need a chat server, then you can skip this step. No
other ISPConfig functions depend on this software.
Add the Prosody package repository in Debian.
echo "deb http://packages.prosody.im/debian jessie main" >
/etc/apt/sources.list.d/metronome.list
wget http://prosody.im/files/prosodydebianpackages.key O | sudo aptkey add
Update the package list:
aptget update
and install the packages with apt.
aptget install git lua5.1 liblua5.10dev luafilesystem libidn11dev libssldev luazlib
luaexpat luaevent luabitop luasocket luasec luarocks luarocks
luarocks install lpc
Add a shell user for Metronome.
adduser nocreatehome disabledlogin gecos 'Metronome' metronome
Download Metronome to the /opt directory and compile it.
https://www.howtoforge.com/tutorial/perfectserverdebian84jessieapachebinddovecotispconfig31/ 7/13
7/8/2016 The Perfect Server Debian 8.4 Jessie (Apache2, BIND, Dovecot, ISPConfig 3.1)
cd /opt; git clone https://github.com/maranda/metronome.git metronome
cd ./metronome; ./configure ostype=debian prefix=/usr
make
make install
Metronome has now be installed to /opt/metronome.
Next >>
view as pdf | print
Share this page: Tweet
Follow @howtoforgecom 18.6K followers Recommend 33
2
Sub pages
The Perfect Server Debian 8.4 Jessie (Apache2, BIND, Dovecot, ISPConfig 3.1)
The Perfect Server Debian 8.4 Jessie (Apache2, BIND, Dovecot, ISPConfig 3.1) Page 2
The Perfect Server Debian 8.4 Jessie (Apache2, BIND, Dovecot, ISPConfig 3.1) Page 3
21 Comment(s)
Add comment
Name * Email *
p
Submit comment
I'm not a robot
reCAPTCHA
Privacy - Terms
https://www.howtoforge.com/tutorial/perfectserverdebian84jessieapachebinddovecotispconfig31/ 8/13
7/8/2016 The Perfect Server Debian 8.4 Jessie (Apache2, BIND, Dovecot, ISPConfig 3.1)
Comments
From: David at: 20160429 22:07:09 Reply
Hi Folk, why do you install xcache? i would install zend opcache.
From: sannom at: 20160505 20:07:05 Reply
hello, I can't install hhvm "failed to fetch http://dl.hhvm.com/debian/dists/jessie/InRelease Unable to
find entry 'main/binaryarmhf/Packages' in release file(wrong sources.list entry or malformed file) some
index files failes to dowload......ect
Could you help me fix this?
From: sannom at: 20160505 21:07:12 Reply
hello,
i don't know if hhvm is necesary but it doesn't install, so i continue step 11 and 12 but now i have
E:package 'libapache2modfastcgi' has no installation candidate
could you help me fix it..
From: till at: 20160515 09:18:12 Reply
Check your /etc(apt/sources.list file and ensure that all Debian repositories (main contrib nonfree)
are active as described in this tutorial.
From: BatteriesInc at: 20160510 17:17:56 Reply
Small note: might be worth adding your excellent munin/monit tutorial to this setup, ISPC has support
for it.
From: Tim at: 20160510 17:23:13 Reply
I wen through this whole install and everything works except for roundcube. When I try to login I get
"Connection to storage server failed". I have tried removing and reinstalling roundcube, also removed
and readded user to ispconfig. Please help
From: corpus at: 20160514 04:43:24 Reply
Hello. HHVM is available only for 64bit
From: erama at: 20160518 21:44:42 Reply
Thank you!You are genius. Always do you help me with the best tutorials.
From: Ritooon at: 20160519 22:16:45 Reply
Hi !
First, thanks for the tutorial !
I have an error at the 14th step, when I try to modify fstab
I do it, then use the next command (mount o remount /) and then the next (quotacheck avugm),
that give me an error :
quotacheck: Cannot stat() mounted device /dev/root: Aucun fichier ou dossier de ce type
https://www.howtoforge.com/tutorial/perfectserverdebian84jessieapachebinddovecotispconfig31/ 9/13
7/8/2016 The Perfect Server Debian 8.4 Jessie (Apache2, BIND, Dovecot, ISPConfig 3.1)
quotacheck: Cannot find filesystem to check or filesystem not mounted with quota option.
This is my file :
# <file system> <mount point> <type> <options> <dump> <pass>
/dev/sda1 / ext4 errors=remount
ro,relatime,discard,usrjquota=quota.user,grpjquota=quota.group,jqfmt=vfsv0 0 1
#/dev/sda1 / ext4 errors=remount
ro,relatime,discard,usrjquota=quota.user,grpjquota=quota=quota.group,jqfmt=vfsv0 0 1
/dev/sda2 /home ext4 defaults,relatime,discard 1 2
/dev/sda3 swap swap defaults 0 0
proc /proc proc defaults 0 0
sysfs /sys sysfs defaults 0 0
tmpfs /dev/shm tmpfs defaults 0 0
devpts /dev/pts devpts defaults 0 0
Thanks for your help !
Cheers ! :)
From: uniQ at: 20160524 13:21:48 Reply
Hi, does anyone here know how to sign my ISPConfig webinterface with letsencrypt? I tried to create a
certificate manually but it returned with an error saying "Domain: web1.mysite.com
Type: unauthorized
Detail: Invalid response from http://server.mysite.com/.wellknown
/acmechallenge/qZt7CN6rTnOoyfVWxbGEaPgxvzmYRWU0ryYlSiuFs:
"<!DOCTYPE html>
<html lang="enUS" prefix="og: http://ogp.me/ns# fb:
http://ogp.me/ns/fb#">
<head>
<meta charset="UTF8">"
From: uniQ at: 20160525 07:09:22 Reply
Jesse Norell posted this in another thread, which actually works:
[CODE]/root/.local/share/letsencrypt/bin/letsencrypt auth text agreetos authenticator webroot
server https://acmev01.api.letsencrypt.org/directory rsakeysize 4096 email
postmaster@`hostname d` domains `hostname f` webrootpath
/usr/local/ispconfig/interface/acme
dt=`date '+%Y%m%d%H%M%S'`
cd /usr/local/ispconfig/interface/ssl/
for ext in csr key.secure key crt; do if [ f ispserver.$ext ]; then mv ispserver.$ext
ispserver.$ext.old.$dt; fi; done
ln s /etc/letsencrypt/live/`hostname f`/privkey.pem ispserver.key
ln s /etc/letsencrypt/live/`hostname f`/fullchain.pem ispserver.crt
service apache2 restart[CODE]
From: Keldan at: 20160524 15:11:33 Reply
By default, fail2ban and IspConfig don't use UFW to ban/unban IP or create Firewall rules. This
parameter can be change into Sytem Tab > Server Config for ISPC. But for fail2ban ? Directly into a
.conf file ? Or IspConfig configure fail2ban automatically ?
https://www.howtoforge.com/tutorial/perfectserverdebian84jessieapachebinddovecotispconfig31/ 10/13
7/8/2016 The Perfect Server Debian 8.4 Jessie (Apache2, BIND, Dovecot, ISPConfig 3.1)
Thanks
From: till at: 20160524 15:16:55 Reply
Fail2ban is active automatically and there is no additional configuration required then what is written
in this tutorial.
From: mzips at: 20160601 04:37:58 Reply
Pleas Update the Lets Encrypt part withe CertBot
Thanks
From: webhunter at: 20160603 20:35:14 Reply
Hm, installation completed but postfix throws an error:
"fatal: no SASL authentication mechanisms"
I followed the instructions step by step. ISPConfig is working fine. But emails do not work..
Any suggestions?
Thank you!
From: NixXxon at: 20160606 08:54:35 Reply
Hello,
thank you for the great guide worked fine on a virtual machine on my laptop BUT on my VServer i
get the following error:
Failed to read /proc/cmdline. Ignoring: No such file or directory
Failed to get DBus connection: Unknown error 1
I googled and read something about a bug in debian with sysvinit and upstart
(http://unix.stackexchange.com/questions/6042/upstartondebian) but I'm not really pro and not sure
if that REALLY related to my problem.
I really hope you can help me out?!
Thanks in advance,
NixXxon
From: marcel at: 20160607 09:45:56 Reply
On https://test.name:8080/webmail/ the PHP code is not being executed. It shows me the code
insteadt.
http://test.name:8080/webmail/ is working.
From: jrodgers at: 20160609 20:52:40 Reply
The command aptget install libapache2modfastcgi php5fpm won't run without adding contrib and
nonfree after main in the sources list.
From: till at: 20160610 06:46:42 Reply
Correct, and that's why step 5 of the tutorial how you how to do that.
https://www.howtoforge.com/tutorial/perfectserverdebian84jessieapachebinddovecotispconfig31/ 11/13
7/8/2016 The Perfect Server Debian 8.4 Jessie (Apache2, BIND, Dovecot, ISPConfig 3.1)
From: Michael at: 20160614 20:16:04 Reply
Lets Encrypt ist out of date can you Fix it that was very nice.
From: ralf at: 20160622 23:55:16 Reply
Irgent etwas scheint bei der roundcube install nicht zu stimmen. Beim aufrufen nach der ispconfig 3.1
install kommt nur das:
/ // include environment require_once 'program/include/iniset.php'; ... etc gibt es da schon eine lösung?
Tutorials The Perfect Server Debian 8.4 Jessie (Apache2, BIN…
Sign up now!
Tutorial Info
Author: Till Brehm
Published: Apr 29, 2016
Tags:
apache, control panels, debian, ispconfig, web
server
Share This Page
Recommend 33
https://www.howtoforge.com/tutorial/perfectserverdebian84jessieapachebinddovecotispconfig31/ 12/13
7/8/2016 The Perfect Server Debian 8.4 Jessie (Apache2, BIND, Dovecot, ISPConfig 3.1)
Telefon Mobil
HTC One M8
1.199,00 lei
Selfie Stick Android iOS
cel.ro
Howtoforge © projektfarm GmbH. Terms
https://www.howtoforge.com/tutorial/perfectserverdebian84jessieapachebinddovecotispconfig31/ 13/13