Instalare debian 7 cu ISPCONFIG in sistem Multiserver
Aici voi descrie pasii facuti pentru o instalare de Multiserver cu Panel ISPCONFIG pe Debian 7 64bit, impartit in 3 servere (ip-urile sunt puse ca idee…) – Mysql va avea ip privat.. nu va iesi in internet si va servi web si mail numai din local = protectie maxima:
web.widehosting.net : 192.168.0.20 catre internet si 192.168.1.3 catre mysql/ Web Server NGINX + NameServer Primar BIND,
mysql.widehosting.net : 192.168.1.2 / MYSQL Server,
mail.widehosting.net : 192.168.0.18 catre internet si 192.168.1.4 catre mysql/ MAIL SERVER + Nameserver Secundar BIND
Instalare debian pe fiecare server, Incepem cu WEB:
-Se ia ultimul debian de la http://cdimage.debian.org/debian-cd/ in cazul meu a fost http://cdimage.debian.org/debian-cd/7.0.0/amd64/iso-cd/debian-7.0.0-amd64-netinst.iso
-Se instaleaza debian in ce siste doriti (raid sau non-raid) cu mentiunile
La fiecare server se pune hostname definit mai sus
1.1 Pentru WebServer:
-la web am pus hostname: web si domain name: widehosting.net
-la paritionare am folosit partea usoara: Guided – use entire disk
-la file in one partition
-Se instaleaza doar ssh server si standard system utilities
-la Install the GRUB boot loader to the master boot record se lege optiunea Yes
GATA
– Dupa repornire facem update/upgrade si instalam cele necesare:
apt-get update && apt-get -y upgrade && apt-get -y dist-upgrade
apt-get -y install nano wget ntp ntpdate vim-nox mc rkhunter binutils
– Modificam /etc/network/interfaces, eu schimb allow-hotplug eth0 cu auto eth0 , astfel pot da restart la network fara sa dau restart la server.
-Modificam # vim /etc/hosts sa arate:
127.0.0.1 localhost
192.168.0.20 web.widehosting.net web
192.168.1.2 mysql.widehosting.net mysql
192.168.0.18 mail.widehosting.net mail
– Next, rulam:
echo web.widehosting.net > /etc/hostname
/etc/init.d/hostname.sh start
hostname
hostname -f
este important ca amandoua sa arata acelasi hostname
– urmatorul pass.. schimbam shell-ul… el vine default /bin/dash .. eu folosesc /bin/bash
dpkg-reconfigure dash
Use dash as the default system shell (/bin/sh)? <– No
2. Instalam Serverul WEB
– Va trebui sa instalam si un mysql pe serverul acesta. ISPConfig cere un db mysql pe fiecare server care foloseste la sincronizarea serverelor intre ele.
apt-get -y install mysql-client mysql-server
– se pune parola de root pentru mysql cand cere installerul- Vrem ca mysql sa asculte de pe toate ip-urile de pe server, ca atare:
vim /etc/mysql/my.cnf
[…]
# Instead of skip-networking the default is now to listen only on
# localhost which is more compatible and is not less secure.
#bind-address = 127.0.0.1
[…]
-restartam mysql/etc/init.d/mysql restart
3. Instalam NGINX, PHP5 (PHP-FPM), And Fcgiwrap
-oprim apache in caz ca e instalat:
/etc/init.d/apache2 stop
-daca e instalat, il stergem:
update-rc.d -f apache2 remove
-Instalam nginx si restul
apt-get -y install nginx
/etc/init.d/nginx start
++++++ Aici instalam multi PHP
-PHP-FPM este un proces (/etc/init.d/php5-fpm) care ruleaza ca un server FastCGI avand socket /var/run/php5-fpm.sock.
apt-get -y install php5-fpm
-Ca sa avem suport mysql in php, instalam php5-mysql impreuna cu restul pachetelor de care vom avea nevoie:
apt-cache search php5
–Alegeti ce va trebuie si rulati ceva de genul:
apt-get -y install php5-mysql php5-curl php5-gd php5-intl php-pear php5-imagick php5-imap php5-mcrypt php5-memcache php5-memcached php5-ming php5-ps php5-pspell php5-recode php5-snmp php5-sqlite php5-tidy php5-xmlrpc php5-xsl memcached php5-geoip php5-rrd
– APCeste un optimizer php gratuit.
apt-get -y install php-apc
vim /etc/php5/fpm/php.ini
-si setam
[…]
cgi.fix_pathinfo=0
[…]
date.timezone=”Europe/Bucharest”
[…]
/etc/init.d/php5-fpm reload
-ca sa avem suport cgi in nginx, instalam Fcgiwrap
apt-get install fcgiwrap
/etc/init.d/fcgiwrap status
-daca nu e pornit, il pornim noi;
4. Instalam PHPMYADMIN
apt-get -y install phpmyadmin
-Cand suntem intrebati pentru care server este configurat, nu selectati niciunul.. deoarece noi folosim NGINX
– la intrebarea: Configure database for phpmyadmin with dbconfig-common?, selectati tot NO
– Putem folosi http://web.widehosting.net:8081/phpmyadmin sau http://web.widehosting.net:8081/phpMyAdmin
5. PureFTPD cu quota
apt-get -y install pure-ftpd-common pure-ftpd-mysql quota quotatool
vim /etc/default/pure-ftpd-common
[…]
VIRTUALCHROOT=true
[…]
-Acum configuram pureftpd sa se conecteze pe TLS
echo 1 > /etc/pure-ftpd/conf/TLS
-Normal ca ne trebuie si un certificat SSL, asa ca facem unul moka in /etc/ssl/private/
mkdir -p /etc/ssl/private/
-generam certificatul:
openssl req -x509 -nodes -days 7300 -newkey rsa:2048 -keyout /etc/ssl/private/pure-ftpd.pem -out /etc/ssl/private/pure-ftpd.pem
[…]
—–
Country Name (2 letter code) [AU]:RO
State or Province Name (full name) [Some-State]:Bucharest
Locality Name (eg, city) []:Bucharest
Organization Name (eg, company) [Internet Widgits Pty Ltd]:Wide Telecom
Organizational Unit Name (eg, section) []:Hosting
Common Name (e.g. server FQDN or YOUR name) []:web.widehosting.net
Email Address []:webmaster@panait.us
[…]
-Schimbam permisiunile la certificat
chmod 600 /etc/ssl/private/pure-ftpd.pem
– dupa care restartam pureftpd
/etc/init.d/pure-ftpd-mysql restart
-Modificam /etc/fstab, este adaugat usrjquota=aquota.user,grpjquota=aquota.group,jqfmt=vfsv0 la partitia /
[…]
# / was on /dev/sda1 during installation
UUID=95e04001-fe66-4f3f-8ca4-97aeb7f46783 / ext4 errors=remount-ro,usrjquota=aquota.user,grpjquota=aquota.group,jqfmt=vfsv0 0 1
# swap was on /dev/sda5 during installation
UUID=01d7c292-8444-4815-b9ef-c9066e5d5e4e none swap sw 0 0
/dev/sr0 /media/cdrom0 udf,iso9660 user,noauto 0 0
[…]
-pornim quota
mount -o remount /
quotacheck -avugm
quotaon -avug
6. Instalam vlogger, webalizer, si awstats
apt-get -y install vlogger webalizer awstats
vim /etc/cron.d/awstats
-Si comentam tot
[…]
#*/10 * * * * www-data [ -x /usr/share/awstats/tools/update.sh ] && /usr/share/awstats/tools/update.sh
# Generate static reports:
#10 03 * * * www-data [ -x /usr/share/awstats/tools/buildstatic.sh ] && /usr/share/awstats/tools/buildstatic.sh
[…]
7. Instalam Jailkit, asta daca vrem chroot SSH – trebuie obligatoriu instalat inainte de ispconfig
apt-get -y install build-essential autoconf automake1.9 libtool flex bison debhelper
cd /tmp
wget http://olivier.sessink.nl/jailkit/jailkit-2.16.tar.gz
tar xzvf jailkit-2.16.tar.gz
cd jailkit-2.16/
./debian/rules binary
cd ..
dpkg -i jailkit_2.16-1_*.deb
rm -rf jailkit-2.16*
8. Instalam fail2ban… e util pentru cei care incearca sa faca tampenii
apt-get -y install fail2ban
-Ne folosim de el si pentru ftp
vim /etc/fail2ban/jail.local
[…]
[pureftpd]
enabled = true
port = ftp
filter = pureftpd
logpath = /var/log/syslog
maxretry = 5
[…]
-Si creem filtrul
vim /etc/fail2ban/filter.d/pureftpd.conf
[…]
[Definition]
failregex = .*pure-ftpd: \(.*@<HOST>\) \[WARNING\] Autentificare esuata pentru user.*
ignoreregex =
[…]
/etc/init.d/fail2ban restart
9. Instalam BIND
apt-get install bind9 dnsutils
10. Instalam ISPCONFIG (luati ultima versiune de la http://www.ispconfig.org/ispconfig-3/download/
-Trebuie sa creem userii si drepturile din baza de date pentru a se lega celelalte servere la master, ca atare trebuie:
mysql -u root -p
-Introdusa parola, si rulati (schimbati in ce va trebuie voua):
CREATE USER ‘root’@’192.168.0.18’ IDENTIFIED BY ‘myrootmailpassword’;
GRANT ALL PRIVILEGES ON * . * TO ‘root’@’192.168.0.18’ IDENTIFIED BY ‘myrootmailpassword’ WITH GRANT OPTION MAX_QUERIES_PER_HOUR 0 MAX_CONNECTIONS_PER_HOUR 0 MAX_UPDATES_PER_HOUR 0 MAX_USER_CONNECTIONS 0 ;
CREATE USER ‘root’@’mysql.widehosting.net’ IDENTIFIED BY ‘myrootmysqlpassword’;
GRANT ALL PRIVILEGES ON * . * TO ‘root’@’mysql.widehosting.net’ IDENTIFIED BY ‘myrootmysqlpassword’ WITH GRANT OPTION MAX_QUERIES_PER_HOUR 0 MAX_CONNECTIONS_PER_HOUR 0 MAX_UPDATES_PER_HOUR 0 MAX_USER_CONNECTIONS 0 ;
quit
/etc/init.d/mysql restart
cd /tmp
wget http://prdownloads.sourceforge.net/ispconfig/ISPConfig-3.0.5.2.tar.gz
tar xzvf ISPConfig-3.0.5.2.tar.gz
cd ispconfig3_install/install/
php -q install.php
[…]
>> Initial configuration
Operating System: Debian or compatible, unknown version.
Following will be a few questions for primary configuration so be careful.
Default values are in [brackets] and can be accepted with <ENTER>.
Tap in “quit” (without the quotes) to stop the installer.
Select language (en,de) [en]:
Installation mode (standard,expert) [standard]: expert
Full qualified hostname (FQDN) of the server, eg server1.domain.tld [web.widehosting.net]:
MySQL server hostname [localhost]:
MySQL root username [root]:
MySQL root password []: XXXXXXXXXXXXXXXXXXXXX
MySQL database to create [dbispconfig]:
MySQL charset [utf8]:
The next two questions are about the internal ISPConfig database user and password.
It is recommended to accept the defaults which are ‘ispconfig’ as username and a random password.
If you use a different password, use only numbers and chars for the password.
ISPConfig mysql database username [ispconfig]:
ISPConfig mysql database password [xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx]:
Shall this server join an existing ISPConfig multiserver setup (y,n) [n]:
Adding ISPConfig server record to database.
Configure Mail (y,n) [y]: n
Configure Jailkit (y,n) [y]:
Configuring Jailkit
Configure FTP Server (y,n) [y]:
Configuring Pureftpd
Restarting ftp server: Running: /usr/sbin/pure-ftpd-mysql-virtualchroot -l mysql:/etc/pure-ftpd/db/mysql.conf -l pam -Y 1 -E -O clf:/var/log/pure-ftpd/transfer.log -8 UTF-8 -H -D -u 1000 -A -b -B
Configure DNS Server (y,n) [y]:
Configuring BIND
Hint: If this server shall run the ISPConfig interface, select ‘y’ in the ‘Configure nginx Server’ option.
Configure nginx Server (y,n) [y]:
Configuring nginx
Configuring Apps vhost
Configure Firewall Server (y,n) [y]:
Configuring Bastille Firewall
Install ISPConfig Web Interface (y,n) [y]:
Installing ISPConfig
ISPConfig Port [8080]:
Enable SSL for the ISPConfig web interface (y,n) [y]:
Generating RSA private key, 4096 bit long modulus
……………………………………………………………………………………..++
…………………………………………………………………………………………………………….++
e is 65537 (0x10001)
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter ‘.’, the field will be left blank.
—–
Country Name (2 letter code) [AU]:RO
State or Province Name (full name) [Some-State]:Bucharest
Locality Name (eg, city) []:Bucharest
Organization Name (eg, company) [Internet Widgits Pty Ltd]:WideTelecom
Organizational Unit Name (eg, section) []:Hosting
Common Name (e.g. server FQDN or YOUR name) []:web.widehosting.net
Email Address []:webmaster@panait.us
Please enter the following ‘extra’ attributes
to be sent with your certificate request
A challenge password []:
An optional company name []:
writing RSA key
Configuring DBServer
Installing ISPConfig crontab
no crontab for root
Reloading PHP5 FastCGI Process Manager: php5-fpm.
Reloading nginx configuration: nginx.
Installation completed.
[…]
cd /tmp
rm -rf /tmp/ispconfig3_install/install
rm -f /tmp/ISPConfig-3-stable.tar.gz
GATA CU WEB SERVER
http(s)://web.widehosting.net:8080/ or http(s)://192.168.0.20:8080/
2. INSTALARE MYSQL Server
[…]
-Facem aceasi pasi pana la punctul 1.1
[…]
2.2. Instalam Mysql
apt-get -y install mysql-client mysql-server
– Ni se va cere sa punem parola de root
– Modificam configul sa asculte pe toate interfetele:
vi /etc/mysql/my.cnf
[…]
#bind-address = 127.0.0.1
[…]
/etc/init.d/mysql restart
-Instalam php sa putem rula scripturi de administrare pe server
apt-get -y install php5-cli php5-mysql php5-mcrypt mcrypt
– Instalam fail2ban
apt-get -y install fail2ban
-Instalam ISPCONFIG pe serverul de MYSQL
cd /tmp
wget http://prdownloads.sourceforge.net/ispconfig/ISPConfig-3.0.5.2.tar.gz
tar xzvf ISPConfig-3.0.5.2.tar.gz
cd ispconfig3_install/install/
php -q install.php
Select language (en,de) [en]:
Installation mode (standard,expert) [standard]: expert
Full qualified hostname (FQDN) of the server, eg server1.domain.tld [mysql.widehosting.net]:
MySQL server hostname [localhost]:
MySQL root username [root]:
MySQL root password []: mysqlrootpassword
MySQL database to create [dbispconfig]:
MySQL charset [utf8]:
The next two questions are about the internal ISPConfig database user and password.
It is recommended to accept the defaults which are ‘ispconfig’ as username and a random password.
If you use a different password, use only numbers and chars for the password.
ISPConfig mysql database username [ispconfig]:
ISPConfig mysql database password [xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx]:
Shall this server join an existing ISPConfig multiserver setup (y,n) [n]: y
MySQL master server hostname []: web.widehosting.net
MySQL master server root username [root]:
MySQL master server root password []: mysqlwebrootpassword
MySQL master server database name [dbispconfig]:
Adding ISPConfig server record to database.
Configure Mail (y,n) [y]: n
Configure Jailkit (y,n) [y]: n
Configure FTP Server (y,n) [y]: n
Configure DNS Server (y,n) [y]: n
Configure Firewall Server (y,n) [y]:
Configuring Bastille Firewall
Install ISPConfig Web Interface (y,n) [y]: n
-Acum curatenie la locul de munca:
rm -f /var/www/ispconfig
rm -rf /tmp/ispconfig3_install/install
rm -f /tmp/ISPConfig-3-stable.tar.gz
ACUM INSTALAM MAIL
apt-get -y install postfix postfix-mysql postfix-doc mysql-client mysql-server openssl getmail4 rkhunter binutils dovecot-imapd dovecot-pop3d dovecot-mysql dovecot-sieve
-Raspundem la intrebari:
General type of configuration? <– Internet site
Mail name? <– mail.widehosting.net
apt-get -y install amavisd-new spamassassin clamav clamav-daemon zoo unzip bzip2 arj nomarch lzop cabextract apt-listchanges libnet-ldap-perl libauthen-sasl-perl clamav-docs daemon libio-string-perl libio-socket-ssl-perl libnet-ident-perl zip libnet-dns-perl
apt-get -y install mailman
-Instalam PHP sa putem rula scriptele:
apt-get -y install php5-cli php5-mysql php5-mcrypt mcrypt
apt-get -y install fail2ban
vim /etc/fail2ban/jail.local
[dovecot-pop3imap] enabled = true filter = dovecot-pop3imap action = iptables-multiport[name=dovecot-pop3imap, port="pop3,pop3s,imap,imaps", protocol=tcp] logpath = /var/log/mail.log maxretry = 5
vim /etc/fail2ban/filter.d/dovecot-pop3imap.conf
[Definition] failregex = (?: pop3-login|imap-login): .*(?:Authentication failure|Aborted login \(auth failed|Aborted login \(tried to use disabled|Disconnected \(auth failed|Aborted login \(\d+ authentication attempts).*rip=(?P<host>\S*),.* ignoreregex =
-Instalam DNS Secundar:
apt-get -y install bind9 dnsutils
-Instalam ispconfig
cd /tmp
wget http://prdownloads.sourceforge.net/ispconfig/ISPConfig-3.0.5.2.tar.gz
tar xzvf ISPConfig-3.0.5.2.tar.gz
cd ispconfig3_install/install/
php -q install.php
Select language (en,de) [en]:
Installation mode (standard,expert) [standard]: expert
Full qualified hostname (FQDN) of the server, eg server1.domain.tld [mail.widehosting.net]:
MySQL server hostname [localhost]:
MySQL root username [root]:
MySQL root password []: xxxxxxxxxxxxxxxxxxx
MySQL database to create [dbispconfig]:
MySQL charset [utf8]:
The next two questions are about the internal ISPConfig database user and password.
It is recommended to accept the defaults which are ‘ispconfig’ as username and a random password.
If you use a different password, use only numbers and chars for the password.
ISPConfig mysql database username [ispconfig]:
ISPConfig mysql database password [xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx]:
Shall this server join an existing ISPConfig multiserver setup (y,n) [n]: y
MySQL master server hostname []: web.widehosting.net
MySQL master server root username [root]:
MySQL master server root password []: XXXXXXXXXXXXXXXXXXX
MySQL master server database name [dbispconfig]:
Unable to connect to mysql server
MySQL master server hostname []: web.widehosting.net
MySQL master server root username [root]:
MySQL master server root password []: XXXXXXXXXXXXXXXXXX
MySQL master server database name [dbispconfig]:
Adding ISPConfig server record to database.
Configure Mail (y,n) [y]:
Configuring Postfix
Generating a 4096 bit RSA private key
………………………………………………………………………………………………………………………………………………………………….++
…………………………………………………………………….++
writing new private key to ‘smtpd.key’
—–
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter ‘.’, the field will be left blank.
—–
Country Name (2 letter code) [AU]:RO
State or Province Name (full name) [Some-State]:Bucharest
Locality Name (eg, city) []:Bucharest
Organization Name (eg, company) [Internet Widgits Pty Ltd]:Wide Telecom
Organizational Unit Name (eg, section) []:Hosting
Common Name (e.g. server FQDN or YOUR name) []:mail.widehosting.net
Email Address []:webmaster@panait.us
Configuring Mailman
Configuring Dovecot
Configuring Spamassassin
Configuring Amavisd
Configuring Getmail
Stopping Postfix Mail Transport Agent: postfix.
Starting Postfix Mail Transport Agent: postfix.
Stopping amavisd: amavisd-new.
Starting amavisd: amavisd-new.
Stopping ClamAV daemon: clamd.
Starting ClamAV daemon: clamd .
Restarting IMAP/POP3 mail server: dovecot.
Configure Jailkit (y,n) [y]: n
Configure FTP Server (y,n) [y]: n
Configure DNS Server (y,n) [y]: y
Configuring BIND
Hint: If this server shall run the ISPConfig interface, select ‘y’ in the ‘Configure Apache Server’ option.
Configure Apache Server (y,n) [y]: n
Configure Firewall Server (y,n) [y]:
Configuring Bastille Firewall
Install ISPConfig Web Interface (y,n) [y]: n
-facem curatenie:
Ultimele știri ispconfig:
Am o problema. Cum fac sa adaug un webserver la cel primar? Am facut deja asta dar din pacate din CP Ispconfig creez website-ul dar pe serverul secund, nu apare nici un folder in /var/www/ …… nu inteleg care este problema.
Pe al 2-lea webserver l-am legat la mysql-ul celui principal, am instalat cam tot ce era de instalat si am urmat pasii la instalarea ISPCONFIG dupa configurarea expert. In CP am adaugat serverul la servicii de webserver, file si FTP dar…… nu vad care este problema.
Un sfat ar fi de mare folos.
Chiar cred ca ai o problema grava….. in a intelege Linux-ul si retelistica sub Linux. Fara suparare prietene, nu vreau sa te jignesc dar tu intelegi ce vrei sa faci acolo?
Webserverul este primar. Vrei mai multe webservere, le configurezi separat, nu poti sa le configurezi primary/secondary…. etc.
Sper ca ti-a mai explicat si altcineva treaba asta pentru ca sincer te-am gasit pe mai multe forumuri de linux cu problema asta si sunt mai mult ca sigur ca tot tu erai.
PS: ai putea sa faci treaba asta daca ai intelege principiile ssh-ului pentru ca mai mult ca sigur nu ai sincronizat key-urile intre servere si automat nu ai cum sa creezi un director pe alt server si mai ales sa ii aloci si permisiuni specifice atata timp cat tu in primul rand nu ai setat ssh-ul sa se conecteze automat la serverul secundar (sa ii spun asa).
Dar pana una alta, iti dau acest mic sfat: configureaza separat al doilea server web, individual de primul si daca vrei si leaga mail-ul, db-ul si ns-urile si la acest server prin ISPConfig (daca ai manualul, o sa iti dai seama cum poti sa legi un mailserver la mai multe webservere pentru ca nu este tocmai greu. La fel poti face si cu celalalte servere (in afara de webserver-ul principal).