localectl set-keymap de
To get a list of all available keymaps, run:
localectl list-keymaps
I want to install ISPConfig at the end of this tutorial which comes with its own firewall. That's why I disable the default CentOS firewall now. Of course, you are free to leave it on and configure it to your needs (but then you shouldn't use any other firewall later on as it will most probably interfere with the CentOS firewall).
Run...
systemctl stop firewalld.service
systemctl disable firewalld.service
Now I will install some basic network tools and a shell based editor that we need in the next steps:
yum -y install nano wget net-tools NetworkManager-tui
If you did not configure your network card during the installation, you can do that now. Run...
nmtui
... and go to //''Edit a connection''//: \\
{{:linux:perfect_server_centos_7:nmtui1.png|}}
\\
Select your network interface: \\
{{:linux:perfect_server_centos_7:nmtui2.png|}}
\\
Then fill in your network details - disable DHCP and fill in a static IP address, a netmask, your gateway, and one or two nameservers, then hit //''Ok''//: \\
{{:linux:perfect_server_centos_7:nmtui3.png|}}
\\
Next select //''OK''// to confirm the changes that you made in the network settings \\
{{:linux:perfect_server_centos_7:nmtui4.png|}} \\
and //''Quit''// to close the nmtui network configuration tool. \\
{{:linux:perfect_server_centos_7:nmtui5.png|}}
\\
You should run
ifconfig
now to check if the installer got your IP address right:
nano /etc/sysconfig/network-scripts/ifcfg-ens33
and set ONBOOT to yes:
\\ //[...]\\
ONBOOT=yes\\
[...]//
and reboot the server.
Check your //''/etc/resolv.conf''// if it lists all nameservers that you've previously configured:
cat /etc/resolv.conf
If nameservers are missing, run
nmtui
and add the missing nameservers again.
Now, on to the configuration...
==== 4 Adjust /etc/hosts ====
Next we edit //''/etc/hosts''//. Make it look like this:
nano /etc/hosts
systemctl stop firewalld.service
systemctl disable firewalld.service
and disable the firewall.
To check that the firewall has really been disabled, you can run
iptables -L
afterwards. The output should look like this:
\\ //[root@server1 ~]# iptables -L\\
Chain INPUT (policy ACCEPT)\\
target prot opt source destination//
\\ //Chain FORWARD (policy ACCEPT)\\
target prot opt source destination//
\\ //Chain OUTPUT (policy ACCEPT)\\
target prot opt source destination//
Or use the firewall-cmd command:
firewall-cmd --state
\\ //[root@server1 ~]# firewall-cmd --state\\
not running\\
[root@server1 ~]#//
==== 6 Disable SELinux ====
SELinux is a security extension of CentOS that should provide extended security. In my opinion you don't need it to configure a secure system, and it usually causes more problems than advantages (think of it after you have done a week of trouble-shooting because some service wasn't working as expected, and then you find out that everything was ok, only SELinux was causing the problem). Therefore I disable it (this is a must if you want to install ISPConfig later on).
Edit //''/etc/selinux/config''// and set //''SELINUX=disabled''//:
nano /etc/selinux/config
reboot
==== 7 Enable Additional Repositories And Install Some Software ====
First we import the GPG keys for software packages:
rpm --import /etc/pki/rpm-gpg/RPM-GPG-KEY*
Then we enable the EPEL repository on our CentOS system as lots of the packages that we are going to install in the course of this tutorial are not available in the official CentOS 7 repository:
rpm -ivh[[http://dl.fedoraproject.org/pub/epel/7/x86_64/e/epel-release-7-2.noarch.rpm|http://dl.fedoraproject.org/pub/epel/7/x86_64/e/epel-release-7-2.noarch.rpm]]
yum -y install yum-priorities
Edit //''/etc/yum.repos.d/epel.repo''//...
nano /etc/yum.repos.d/epel.repo
... and add the line //''priority=10''// to the //''[epel]''// section:
yum update
Now we install some software packages that are needed later on:
yum -y groupinstall 'Development Tools'
==== 8 Quota ====
**//''(If you have chosen a different partitioning scheme than I did, you must adjust this chapter so that quota applies to the partitions where you need it.) ''//**
To install quota, we run this command:
yum -y install quota
Now we check if quota is already enabled for the filesystem where the website (/var/www) and maildir data (var/vmail) is stored. In this example setup, I have one big root partition, so I search for ' / ':
mount | grep ' / '
\\ //[root@server1 ~]# mount | grep ' / '\\
/dev/mapper/centos-root on / type xfs (rw,relatime,attr2,inode64,noquota)\\
[root@server1 ~]#//
If you have a separate /var partition, then use:
mount | grep ' /var '
instead. If the line contains the word "**noquota** ", then proceed with the following steps to enable quota.
=== Enabling quota on the / (root) partition ===
Normally you would enable quota in the /etc/fstab file, but if the filesystem is the root filesystem "/", then quota has to be enabled by a boot parameter of the Linux Kernel.
Edit the grub configuration file:
nano /etc/default/grub
search fole the line that starts with //''GRUB_CMDLINE_LINUX''// and add //''rootflags=uquota,gquota''// to the commandline parameters so that the resulting line looks like this:
cp /boot/grub2/grub.cfg /boot/grub2/grub.cfg_bak
grub2-mkconfig -o /boot/grub2/grub.cfg
and reboot the server.
reboot
Now check if quota is enabled:
mount | grep ' / '
\\ //[root@server1 ~]# mount | grep ' / '\\
/dev/mapper/centos-root on / type xfs (rw,relatime,attr2,inode64,usrquota,grpquota)\\
[root@server1 ~]#//
When quota is active, we can see "**usrquota,grpquota** " in the mount option list.
=== Enabling quota on a separate /var partition ===
If you have a separate /var partition, then edit //''/etc/fstab''// and add //'',uquota,gquota''// to the //''/''// partition (//''/dev/mapper/centos-var''//):
nano /etc/fstab
mount -o remount /var
quotacheck -avugm
quotaon -avug
to enable quota.
==== 9 Install Apache, MySQL, phpMyAdmin ====
We can install the needed packages with one single command:
yum -y install ntp httpd mod_ssl mariadb-server php php-mysql php-mbstring phpmyadmin
==== 10 Install Dovecot ====
Dovecot can be installed as follows:
yum -y install dovecot dovecot-mysql dovecot-pigeonhole
Create a empty dovecot-sql.conf file and symlink:
touch /etc/dovecot/dovecot-sql.conf
ln -s /etc/dovecot/dovecot-sql.conf /etc/dovecot-sql.conf
Now create the system startup links and start Dovecot:
systemctl enable dovecot
systemctl start dovecot
==== 11 Install Postfix ====
Postfix can be installed as follows:
yum -y install postfix
Then turn off Sendmail and start Postfix and Mariadb (MySQL):
systemctl enable mariadb.service
systemctl start mariadb.service
systemctl stop sendmail.service
systemctl disable sendmail.service
systemctl enable postfix.service
systemctl restart postfix.service
We disable sendmail to ensure that it does not get started in case it is installed on your server. So the error message "Failed to issue method call: Unit sendmail.service not loaded." can be ignored.
==== 12 Install Getmail ====
Getmail can be installed as follows:
yum -y install getmail
==== 13 Set MySQL Passwords And Configure phpMyAdmin ====
Set passwords for the MySQL root account:
mysql_secure_installation
\\ //[root@server1 tmp]# mysql_secure_installation\\
\\
\\
NOTE: RUNNING ALL PARTS OF THIS SCRIPT IS RECOMMENDED FOR ALL MariaDB\\
SERVERS IN PRODUCTION USE! PLEASE READ EACH STEP CAREFULLY!//
\\ //In order to log into MariaDB to secure it, we'll need the current\\
password for the root user. If you've just installed MariaDB, and\\
you haven't set the root password yet, the password will be blank,\\
so you should just press enter here.//
\\ //Enter current password for root (enter for none):\\
OK, successfully used password, moving on...//
\\ //Setting the root password ensures that nobody can log into the MariaDB\\
root user without the proper authorisation.//''\\
\\
Set root password? [Y/n]''// **//''<- ENTER''//**\\
//''New password:''// **//''<- yourrootsqlpassword''//**\\
//''Re-enter new password:''// **//''<- yourrootsqlpassword''//**\\
//''Password updated successfully!\\
Reloading privilege tables..\\
... Success!\\
\\
\\
By default, a MariaDB installation has an anonymous user, allowing anyone\\
to log into MariaDB without having to have a user account created for\\
them. This is intended only for testing, and to make the installation\\
go a bit smoother. You should remove them before moving into a\\
production environment.\\
\\
Remove anonymous users? [Y/n]''// **//''<- ENTER''//**\\
//'' ... Success!\\
\\
Normally, root should only be allowed to connect from 'localhost'. This\\
ensures that someone cannot guess at the root password from the network.\\
\\
Disallow root login remotely? [Y/n]''// **//''<- ENTER''//**\\
//'' ... Success!\\
\\
By default, MariaDB comes with a database named 'test' that anyone can\\
access. This is also intended only for testing, and should be removed\\
before moving into a production environment.\\
\\
Remove test database and access to it? [Y/n]''// **//''<- ENTER''//**\\
//'' - Dropping test database...\\
... Success!\\
- Removing privileges on test database...\\
... Success!\\
\\
Reloading the privilege tables will ensure that all changes made so far\\
will take effect immediately.\\
\\
Reload privilege tables now? [Y/n]''// **//''<- ENTER''//**\\
//'' ... Success!\\
\\
Cleaning up...\\
\\
\\
\\
All done! If you've completed all of the above steps, your MariaDB\\
installation should now be secure.\\
\\
Thanks for using MariaDB!\\
\\
[root@server1 tmp]#''////
Now we configure phpMyAdmin. We change the Apache configuration so that phpMyAdmin allows connections not just from localhost (by commenting out the two "Require ip" lines and adding the new line "Require all granted" in the //''
nano /etc/httpd/conf.d/phpMyAdmin.conf
nano /etc/phpMyAdmin/config.inc.php
systemctl enable httpd.service
systemctl restart httpd.service
Now you can direct your browser to //''http://server1.example.com/phpmyadmin/''// or //''http://192.168.0.100/phpmyadmin/''// and log in with the user name //''root''// and your new root MySQL password.
==== 14 Install Amavisd-new, SpamAssassin And ClamAV ====
To install amavisd-new, spamassassin and clamav, run the following command:
yum -y install amavisd-new spamassassin clamav clamd clamav-update unzip bzip2 unrar perl-DBD-mysql
Edit the freshclam configuration file /etc/freshclam.conf
nano /etc/freshclam.conf
and comment out the line "Example"
\\ //[....]\\
# Example\\
[....]//
Then we start freshclam, amavisd, and clamd.amavisd:
sa-update
freshclam
systemctl enable amavisd.service
==== 15 Installing Apache2 With mod_php, mod_fcgi/PHP5, PHP-FPM And suPHP ====
ISPConfig 3 allows you to use mod_php, mod_fcgi/PHP5, cgi/PHP5, and suPHP on a per website basis.
We can install Apache2 with mod_php5, mod_fcgid, and PHP5 as follows:
yum -y install php php-devel php-gd php-imap php-ldap php-mysql php-odbc php-pear php-xml php-xmlrpc php-pecl-apc php-mbstring php-mcrypt php-mssql php-snmp php-soap php-tidy curl curl-devel perl-libwww-perl ImageMagick libxml2 libxml2-devel mod_fcgid php-cli httpd-devel php-fpm
Next we open //''/etc/php.ini''//...
nano /etc/php.ini
... and change the error reporting (so that notices aren't shown any longer), set the timezone and uncomment //''cgi.fix_pathinfo=1''//:
cd /usr/local/src
wget http://suphp.org/download/suphp-0.7.2.tar.gz
tar zxvf suphp-0.7.2.tar.gz
CentOS 7 uses apache-2.4, so we need a patch suphp before we can compile it aganst Apache. The patch gets applied like this:
wget -O suphp.patch https://lists.marsching.com/pipermail/suphp/attachments/20130520/74f3ac02/attachment.patch
patch -Np1 -d suphp-0.7.2
[root@server1 suphp-0.7.2]# autoreconf -if\\
libtoolize: putting auxiliary files in AC_CONFIG_AUX_DIR, `config'.\\
libtoolize: copying file `config/ltmain.sh'\\
libtoolize: Consider adding `AC_CONFIG_MACRO_DIR([m4])' to configure.ac and\\
libtoolize: rerunning libtoolize, to keep the correct libtool macros in-tree.\\
libtoolize: Consider adding `-I m4' to ACLOCAL_AMFLAGS in Makefile.am.\\
configure.ac:9: warning: AM_INIT_AUTOMAKE: two- and three-arguments forms are deprecated. For more info, see:\\
configure.ac:9: http://www.gnu.org/software/automake/manual/automake.html#Modernize-AM_005fINIT_005fAUTOMAKE-invocation\\
configure.ac:24: installing 'config/config.guess'\\
configure.ac:24: installing 'config/config.sub'\\
configure.ac:9: installing 'config/install-sh'\\
configure.ac:9: installing 'config/missing'\\
src/Makefile.am: installing 'config/depcomp'\\
[root@server1 suphp-0.7.2]#
It will apply the patch, now we can compile the new source as follows:
./configure --prefix=/usr/ --sysconfdir=/etc/ --with-apr=/usr/bin/apr-1-config --with-apache-user=apache --with-setid-mode=owner --with-logfile=/var/log/httpd/suphp_log
make
make install
Then we add the suPHP module to our Apache configuration...
nano /etc/httpd/conf.d/suphp.conf
LoadModule suphp_module modules/mod_suphp.so
... and create the file //''/etc/suphp.conf''// as follows:
nano /etc/suphp.conf
[global]
;Path to logfile
logfile=/var/log/httpd/suphp.log
;Loglevel
loglevel=info
;User Apache is running as
webserver_user=apache
;Path all scripts have to be in
docroot=/
;Path to chroot() to before executing script
;chroot=/mychroot
; Security options
allow_file_group_writeable=true
allow_file_others_writeable=false
allow_directory_group_writeable=true
allow_directory_others_writeable=false
;Check wheter script is within DOCUMENT_ROOT
check_vhost_docroot=true
;Send minor error messages to browser
errors_to_browser=false
;PATH environment variable
env_path=/bin:/usr/bin
;Umask to set, specify in octal notation
umask=0077
; Minimum UID
min_uid=100
; Minimum GID
min_gid=100
[handlers]
;Handler for php-scripts
x-httpd-suphp="php:/usr/bin/php-cgi"
;Handler for CGI-scripts
x-suphp-cgi="execute:!self"
Edit the file /etc/httpd/conf.d/php.confto enable php parsing only for phpmyadmin, roundcube and other system packages in /usr/share but not for websites in /var/www as ISPConfig will activate PHP for each website individually.
nano /etc/httpd/conf.d/php.conf
change the lines:
\\ //\\
SetHandler application/x-httpd-php\\
//
to:
\\ //\\
\\
SetHandler application/x-httpd-php\\
\\
//
So that the PHP handler is enclosed by the Directory directive.
Enable httpd and PHP-FPM to get started at boot time and start the PHP-FPM service.
systemctl start php-fpm.service
systemctl enable php-fpm.service
systemctl enable httpd.service
Finally we restart Apache:
systemctl restart httpd.service
=== 15.1 Installation of mod_python ===
The apache module mod_python is not available as RPM package, therefor we will compile it from source. The first step is to install the python development files and download the current mod_python version as tar.gz file
yum -y install python-devel
cd /usr/local/src/
wget http://dist.modpython.org/dist/mod_python-3.5.0.tgz
tar xfz mod_python-3.5.0.tgz
cd mod_python-3.5.0
and then configure and compile the module
./configure
make
make install
and enable the module in apache
echo 'LoadModule python_module modules/mod_python.so'>/etc/httpd/conf.modules.d/10-python.conf
systemctl restart httpd.service
==== 16 Install PureFTPd ====
PureFTPd can be installed with the following command:
yum -y install pure-ftpd
Then create the system startup links and start PureFTPd:
systemctl enable pure-ftpd.service
systemctl start pure-ftpd.service
Now we configure PureFTPd to allow FTP and TLS sessions. FTP is a very insecure protocol because all passwords and all data are transferred in clear text. By using TLS, the whole communication can be encrypted, thus making FTP much more secure.
OpenSSL is needed by TLS; to install OpenSSL, we simply run:
yum install openssl
Open //''/etc/pure-ftpd/pure-ftpd.conf''//...
vi /etc/pure-ftpd/pure-ftpd.conf
If you want to allow FTP and TLS sessions, set //''TLS''// to //''1''//:
[...]
# This option can accept three values :
# 0 : disable SSL/TLS encryption layer (default).
# 1 : accept both traditional and encrypted sessions.
# 2 : refuse connections that don't use SSL/TLS security mechanisms,
# including anonymous sessions.
# Do _not_ uncomment this blindly. Be sure that :
# 1) Your server has been compiled with SSL/TLS support (--with-tls),
# 2) A valid certificate is in place,
# 3) Only compatible clients will log in.
TLS 1
[...]
In order to use TLS, we must create an SSL certificate. I create it in //''/etc/ssl/private/''//, therefore I create that directory first:
mkdir -p /etc/ssl/private/
Afterwards, we can generate the SSL certificate as follows:
openssl req -x509 -nodes -days 7300 -newkey rsa:2048 -keyout /etc/ssl/private/pure-ftpd.pem -out /etc/ssl/private/pure-ftpd.pem
//''Country Name (2 letter code) [XX]: ''//**//''<- Enter your Country Name (e.g., "DE").''//**//''\\
State or Province Name (full name) []: ''//**//''<- Enter your State or Province Name.''//**//''\\
Locality Name (eg, city) [Default City]: ''//**//''<- Enter your City.''//**//''\\
Organization Name (eg, company) [Default Company Ltd]: ''//**//''<- Enter your Organization Name (e.g., the name of your company).''//**//''\\
Organizational Unit Name (eg, section) []: ''//**//''<- Enter your Organizational Unit Name (e.g. "IT Department").''//**//''\\
Common Name (eg, your name or your server's hostname) []: ''//**//''<- Enter the Fully Qualified Domain Name of the system (e.g. "server1.example.com").''//**//''\\
Email Address []: ''//**//''<- Enter your Email Address.''//** \\
Change the permissions of the SSL certificate:
chmod 600 /etc/ssl/private/pure-ftpd.pem
Finally restart PureFTPd:
systemctl restart pure-ftpd.service
That's it. You can now try to connect using your FTP client; however, you should configure your FTP client to use TLS.
==== 17 Install BIND ====
We can install BIND as follows:
yum -y install bind bind-utils
Make a backup of the existing //''/etc/named.conf''// file and create a new one as follows:
cp /etc/named.conf /etc/named.conf_bak
cat /dev/null>/etc/named.conf
nano /etc/named.conf
//
// named.conf
//
// Provided by Red Hat bind package to configure the ISC BIND named(8) DNS
// server as a caching only nameserver (as a localhost DNS resolver only).
//
// See /usr/share/doc/bind*/sample/ for example named configuration files.
//
options {
listen-on port 53 { any; };
listen-on-v6 port 53 { any; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
allow-query { any; };
allow-recursion {"none";};
recursion no;
};
logging {
channel default_debug {
file "data/named.run";
severity dynamic;
};
};
zone "." IN {
type hint;
file "named.ca";
};
include "/etc/named.conf.local";
Create the file //''/etc/named.conf.local''// that is included at the end of //''/etc/named.conf''// (//''/etc/named.conf.local''// will later on get populated by ISPConfig if you create DNS zones in ISPConfig):
touch /etc/named.conf.local
Then we create the startup links and start BIND:
systemctl enable named.service
systemctl start named.service
==== 18 Install Webalizer, And AWStats ====
Webalizer and AWStats can be installed as follows:
yum -y install webalizer awstats perl-DateTime-Format-HTTP perl-DateTime-Format-Builder
==== 19 Install Jailkit ====
Jailkit is used to chroot SSH users and cronjobs. It can be installed as follows (**//''important: Jailkit must be installed before ISPConfig - it cannot be installed afterwards!''//**):
cd /tmp
wget http://olivier.sessink.nl/jailkit/jailkit-2.17.tar.gz
tar xvfz jailkit-2.17.tar.gz
cd jailkit-2.17
./configure
make
make install
cd ..
rm -rf jailkit-2.17*
==== 20 Install fail2ban ====
This is optional but recommended, because the ISPConfig monitor tries to show the log:
yum -y install fail2ban
Then create the system startup links for fail2ban and start it:
systemctl enable fail2ban.service
systemctl start fail2ban.service
==== 21 Install rkhunter ====
rkhunter can be installed as follows:
yum -y install rkhunter
==== 22 Install Mailman ====
Since version 3.0.4, ISPConfig also allows you to manage (create/modify/delete) Mailman mailing lists. If you want to make use of this feature, install Mailman as follows:
yum -y install mailman
Before we can start Mailman, a first mailing list called //''mailman''// must be created:
touch /var/lib/mailman/data/aliases
/usr/lib/mailman/bin/newlist mailman
//''[root@server1 tmp]# /usr/lib/mailman/bin/newlist mailman\\
Enter the email of the person running the list:''// **//''<- admin email address, e.g. listadmin@example.com''//**\\
//''Initial mailman password:''// **//''<- admin password for the mailman list''//**\\
//''To finish creating your mailing list, you must edit your /etc/aliases (or\\
equivalent) file by adding the following lines, and possibly running the\\
`newaliases' program:\\
\\
## mailman mailing list\\
mailman: "|/usr/lib/mailman/mail/mailman post mailman"\\
mailman-admin: "|/usr/lib/mailman/mail/mailman admin mailman"\\
mailman-bounces: "|/usr/lib/mailman/mail/mailman bounces mailman"\\
mailman-confirm: "|/usr/lib/mailman/mail/mailman confirm mailman"\\
mailman-join: "|/usr/lib/mailman/mail/mailman join mailman"\\
mailman-leave: "|/usr/lib/mailman/mail/mailman leave mailman"\\
mailman-owner: "|/usr/lib/mailman/mail/mailman owner mailman"\\
mailman-request: "|/usr/lib/mailman/mail/mailman request mailman"\\
mailman-subscribe: "|/usr/lib/mailman/mail/mailman subscribe mailman"\\
mailman-unsubscribe: "|/usr/lib/mailman/mail/mailman unsubscribe mailman"\\
\\
Hit enter to notify mailman owner...''// **//''<- ENTER''//**\\
\\
//''[root@server1 tmp]#''//
Open //''/etc/aliases''// afterwards...
vi /etc/aliases
... and add the following lines:
[...]
mailman: "|/usr/lib/mailman/mail/mailman post mailman"
mailman-admin: "|/usr/lib/mailman/mail/mailman admin mailman"
mailman-bounces: "|/usr/lib/mailman/mail/mailman bounces mailman"
mailman-confirm: "|/usr/lib/mailman/mail/mailman confirm mailman"
mailman-join: "|/usr/lib/mailman/mail/mailman join mailman"
mailman-leave: "|/usr/lib/mailman/mail/mailman leave mailman"
mailman-owner: "|/usr/lib/mailman/mail/mailman owner mailman"
mailman-request: "|/usr/lib/mailman/mail/mailman request mailman"
mailman-subscribe: "|/usr/lib/mailman/mail/mailman subscribe mailman"
mailman-unsubscribe: "|/usr/lib/mailman/mail/mailman unsubscribe mailman"
Run
newaliases
afterwards and restart Postfix:
systemctl restart postfix.service
Now open the Mailman Apache configuration file //''/etc/httpd/conf.d/mailman.conf''//...
nano /etc/httpd/conf.d/mailman.conf
... and add the line //''ScriptAlias /cgi-bin/mailman/ /usr/lib/mailman/cgi-bin/''//. Comment out //''Alias /pipermail/ /var/lib/mailman/archives/public/''// and add the line //''Alias /pipermail /var/lib/mailman/archives/public/''//:
#
# httpd configuration settings for use with mailman.
#
ScriptAlias /mailman/ /usr/lib/mailman/cgi-bin/
ScriptAlias /cgi-bin/mailman/ /usr/lib/mailman/cgi-bin/Options Indexes MultiViews FollowSymLinks
AllowOverride None
Order allow,deny
Allow from all
AddDefaultCharset Off # Uncomment the following line, to redirect queries to /mailman to the
# listinfo page (recommended).
# RedirectMatch ^/mailman[/]*$ /mailman/listinfo
Restart Apache:
systemctl restart httpd.service
Create the system startup links for Mailman and start it:
systemctl enable mailman.service
systemctl start mailman.service
After you have installed ISPConfig 3, you can access Mailman as follows:
You can use the alias //''/cgi-bin/mailman''// for all Apache vhosts (please note that **//''suExec and CGI must be disabled''//** for all vhosts from which you want to access Mailman!), which means you can access the Mailman admin interface for a list at //''http://[vhost]/cgi-bin/mailman/admin/''//, and the web page for users of a mailing list can be found at //''http://[vhost]/cgi-bin/mailman/listinfo/''//.
Under //''http://[vhost]/pipermail/''// you can find the mailing list archives.
==== 23 Install Roundcube webmail ====
To install the Roundcube webmail client, run...
yum -y install roundcubemail
Change the roundcubemail configuration file as follows:
vi /etc/httpd/conf.d/roundcubemail.conf
#
# Round Cube Webmail is a browser-based multilingual IMAP client
#
Alias /roundcubemail /usr/share/roundcubemail
Alias /webmail /usr/share/roundcubemail
# Define who can access the Webmail
# You can enlarge permissions once configured
#
# # Apache 2.4
# Require local
#
#
# # Apache 2.2
# Order Deny,Allow
# Deny from all
# Allow from 127.0.0.1
# Allow from ::1
#
#
# # Apache 2.4
# Require local
#
#
# # Apache 2.2
# Order Deny,Allow
# Deny from all
# Allow from 127.0.0.1
# Allow from ::1
#
#
Options none
AllowOverride Limit
Require all granted
# Those directories should not be viewed by Web clients.
Restart Apache:
systemctl restart httpd.service
Now we need a database for roundcube mail, we will initialise it as follows:
mysql -u root -p
At mariadb prompt use:
CREATE DATABASE roundcubedb;
CREATE USER roundcubeuser@localhost IDENTIFIED BY 'roundcubepassword';
GRANT ALL PRIVILEGES on roundcubedb.* to roundcubeuser@localhost ;
FLUSH PRIVILEGES;
exit
I am using details for roundcube database as a test, please replace the values as per your choice for security reasons.
Now we will install the roundcube on browser at //''http://192.168.1.100/roundcubemail/installer''// \\
{{:linux:perfect_server_centos_7:roundcubemail.png|}}
\\
Now fill the entries for the
nano /etc/roundcubemail/config.inc.php
Then press on the button "continue" in the web installer. On the following page, press on the button "Initialize database".
Finally, disable the Roundecubemail installer. Change the apacheroundcubemail configuration file:
vi /etc/httpd/conf.d/roundcubemail.conf
#
# Round Cube Webmail is a browser-based multilingual IMAP client
#
Alias /roundcubemail /usr/share/roundcubemail
Alias /webmail /usr/share/roundcubemail
# Define who can access the Webmail
# You can enlarge permissions once configured
## # Apache 2.4
# Require local
# ## # Apache 2.2
# Order Deny,Allow
# Deny from all
# Allow from 127.0.0.1
# Allow from ::1
# ## Apache 2.4
Require local # Apache 2.2
Order Deny,Allow
Deny from all
Allow from 127.0.0.1
Allow from ::1 # Those directories should not be viewed by Web clients.
Restart Apache:
systemctl restart httpd.service
==== 24 Install ISPConfig 3 ====
Download the [[http://www.ispconfig.org/ispconfig-3/download/|current ISPConfig 3 version]] and install it. The ISPConfig installer will configure all services like Postfix, Dovecot, etc. for you. A manual setup as required for ISPConfig 2 is not necessary anymore.
You now also have the possibility to let the installer create an SSL vhost for the ISPConfig control panel, so that ISPConfig can be accessed using //''https://''// instead of //''http://''//. To achieve this, just press //''ENTER''// when you see this question: //''Do you want a secure (SSL) connection to the ISPConfig web interface (y,n) [y]:''//.
To install ISPConfig 3 from the latest released version, do this:
cd /tmp
wget http://www.ispconfig.org/downloads/ISPConfig-3-stable.tar.gz
tar xfz ISPConfig-3-stable.tar.gz
cd ispconfig3_install/install/
The next step is to run
php -q install.php
This will start the ISPConfig 3 installer:
//''[root@server1 install]# php -q install.php''//
--------------------------------------------------------------------------------
_____ ___________ _____ __ _ ____
|_ _/ ___| ___ \ / __ \ / _(_) /__ \
| | \ `--.| |_/ / | / \/ ___ _ __ | |_ _ __ _ _/ /
| | `--. \ __/ | | / _ \| '_ \| _| |/ _` | |_ |
_| |_/\__/ / | | \__/\ (_) | | | | | | | (_| | ___\ \
\___/\____/\_| \____/\___/|_| |_|_| |_|\__, | \____/
__/ |
|___/
--------------------------------------------------------------------------------
>> Initial configuration
Operating System: Redhat or compatible, unknown version.\\
Following will be a few questions for primary configuration so be careful.\\
Default values are in [brackets] and can be accepted with .\\
Tap in "quit" (without the quotes) to stop the installer.\\
Select language (en,de) [en]:''// **//''<- ENTER''//**\\
\\
//''Installation mode (standard,expert) [standard]:''// **//''<- ENTER''//**\\
\\
//''Full qualified hostname (FQDN) of the server, eg server1.domain.tld [server1.example.com]:''// **//''<- ENTER''//**\\
\\
//''MySQL server hostname [localhost]:''// **//''<- ENTER''//**\\
\\
//''MySQL root username [root]:''// **//''<- ENTER''//**\\
\\
//''MySQL root password []:''// **//''<- yourrootsqlpassword''//**\\
\\
//''MySQL database to create [dbispconfig]:''// **//''<- ENTER''//**\\
\\
//''MySQL charset [utf8]:''// **//''<- ENTER''//**\\
\\
//''Generating a 2048 bit RSA private key\\
..........................................................+++\\
................................+++\\
writing new private key to 'smtpd.key'\\
-----\\
You are about to be asked to enter information that will be incorporated\\
into your certificate request.\\
What you are about to enter is what is called a Distinguished Name or a DN.\\
There are quite a few fields but you can leave some blank\\
For some fields there will be a default value,\\
If you enter '.', the field will be left blank.\\
-----\\
Country Name (2 letter code) [XX]:''// **//''<- ENTER''//**\\
//''State or Province Name (full name) []:''// **//''<- ENTER''//**\\
//''Locality Name (eg, city) [Default City]:''// **//''<- ENTER''//**\\
//''Organization Name (eg, company) [Default Company Ltd]:''// **//''<- ENTER''//**\\
//''Organizational Unit Name (eg, section) []:''// **//''<- ENTER''//**\\
//''Common Name (eg, your name or your server's hostname) []:''// **//''<- ENTER''//**\\
//''Email Address []:''// **//''<- ENTER''//**\\
//''Configuring Jailkit\\
Configuring Dovecot\\
Configuring Spamassassin\\
Configuring Amavisd\\
Configuring Getmail\\
Configuring Pureftpd\\
Configuring BIND\\
Configuring Apache\\
Configuring Vlogger\\
Configuring Apps vhost\\
Configuring Bastille Firewall\\
Configuring Fail2ban\\
Installing ISPConfig\\
ISPConfig Port [8080]:''// **//''<- ENTER''//**\\
\\
//''Do you want a secure (SSL) connection to the ISPConfig web interface (y,n) [y]:''// **//''<- ENTER''//**\\
\\
//''Generating RSA private key, 4096 bit long modulus\\
.....................++\\
.......++\\
e is 65537 (0x10001)\\
You are about to be asked to enter information that will be incorporated\\
into your certificate request.\\
What you are about to enter is what is called a Distinguished Name or a DN.\\
There are quite a few fields but you can leave some blank\\
For some fields there will be a default value,\\
If you enter '.', the field will be left blank.\\
-----\\
//''Country Name (2 letter code) [XX]:''// **//''<- ENTER''//**\\
//''State or Province Name (full name) []:''// **//''<- ENTER''//**\\
//''Locality Name (eg, city) [Default City]:''// **//''<- ENTER''//**\\
//''Organization Name (eg, company) [Default Company Ltd]:''// **//''<- ENTER''//**\\
//''Organizational Unit Name (eg, section) []:''// **//''<- ENTER''//**\\
//''Common Name (eg, your name or your server's hostname) []:''// **//''<- ENTER''//**\\
//''Email Address []:''// **//''<- ENTER''//**\\
\\
//''Please enter the following "extra" attributes''// \\
//''to be sent with your certificate request''// \\
//''A challenge password []:''// **//''<- ENTER''//** \\
//''An optional company name []:''// **//''<- ENTER''//** \\
//''writing RSA key''// \\
//''Configuring DBServer''// \\
//''Installing ISPConfig crontab''// \\
//''no crontab for root''// \\
//''no crontab for getmail''// \\
//''Restarting services ...''// \\
Stopping mysqld: [ OK ]
Starting mysqld: [ OK ]
Shutting down postfix: [ OK ]
Starting postfix: [ OK ]
Stopping saslauthd: [FAILED]
Starting saslauthd: [ OK ]
Waiting for the process [1424] to terminate
Shutting down amavisd: Daemon [1424] terminated by SIGTERM
[ OK ]
amavisd stopped
Starting amavisd: [ OK ]
Stopping clamd.amavisd: [ OK ]
Starting clamd.amavisd: [ OK ]
Stopping Dovecot Imap: [ OK ]
Starting Dovecot Imap: [ OK ]
Stopping httpd: [ OK ]
[Thu Mar 14 14:12:32 2013] [warn] NameVirtualHost *:80 has no VirtualHosts
Starting httpd: [ OK ]
Stopping pure-ftpd: [ OK ]
Starting pure-ftpd: [ OK ]
Installation completed.
[root@server1 install]#
The error message "usage: doveadm [-Dv] [-f ] []" can be ignored, in case that you get it during ispconfig installation.
To fix the Mailman errors you might get during the ISPConfig installation, open /usr/lib/mailman/Mailman/mm_cfg.py...
vi /usr/lib/mailman/Mailman/mm_cfg.py
... and set DEFAULT_SERVER_LANGUAGE = 'en':
[...]
#-------------------------------------------------------------
# The default language for this server.
DEFAULT_SERVER_LANGUAGE = 'en'
[...]
Restart Mailman:
systemctl restart mailman.service
Afterwards you can access ISPConfig 3 under //''http(s)://server1.example.com:8080/ ''// or //''http(s)://192.168.1.100:8080/ ''// (//''http''// or //''https''// depends on what you chose during installation). Log in with the username //''admin''// and the password //''admin''// (you should change the default password after your first login): \\
{{:linux:perfect_server_centos_7:30.png|}}
\\
{{:linux:perfect_server_centos_7:31.png|}}
\\
The system is now ready to be used.
** 24.1 ISPConfig 3 Manual **
-----
In order to learn how to use ISPConfig 3, I strongly recommend to [[http://www.howtoforge.com/download-the-ispconfig-3-manual|download the ISPConfig 3 Manual]] .
On more than 300 pages, it covers the concept behind ISPConfig (admin, resellers, clients), explains how to install and update ISPConfig 3, includes a reference for all forms and form fields in ISPConfig together with examples of valid inputs, and provides tutorials for the most common tasks in ISPConfig 3. It also lines out how to make your server more secure and comes with a troubleshooting section at the end.
==== 25 Links ====
* CentOS: [[http://www.centos.org/|http://www.centos.org/]]
* ISPConfig: [[http://www.ispconfig.org/|http://www.ispconfig.org/]]
==== Revisioni ====
^ Revisioni ^^
^ Versione | 1.0 |
^ Autore | Till Brehm |
^ Iltima Modifica | 28/Oct/2014 |
^ Pagine ^^
| [[https://www.howtoforge.com/perfect-server-centos-7-apache2-mysql-php-pureftpd-postfix-dovecot-and-ispconfig3]] ||
| [[https://www.howtoforge.com/perfect-server-centos-7-apache2-mysql-php-pureftpd-postfix-dovecot-and-ispconfig3-p2]] ||
| [[https://www.howtoforge.com/perfect-server-centos-7-apache2-mysql-php-pureftpd-postfix-dovecot-and-ispconfig3-p3]] ||