Embed Size (px)
Citation preview
The Perfect Server - CentOS 5.2
http://www.howtoforge.com/perfect_setup_debian_etch
Version 1.0Author: Falko Timme <ft [at] falkotimme [dot] com> Last edited 06/26/2008
This tutorial shows how to set up a CentOS 5.2 server that offers all services needed by ISPs and web hosters: Apache web server (SSL-capable), Postfix mail server with SMTP-AUTH and TLS, BIND DNS server, Proftpd FTP server, MySQL server, Dovecot POP3/IMAP, Quota, Firewall, etc. This tutorial is written for the 32-bit version of CentOS 5.2, but should apply to the 64-bit version with very little modifications as well.
I will use the following software:
Web Server: Apache 2.2 with PHP 5.1.6 Database Server: MySQL 5.0 Mail Server: Postfix DNS Server: BIND9 (chrooted) FTP Server: Proftpd POP3/IMAP server: Dovecot Webalizer for web site statistics
In the end you should have a system that works reliably, and if you like you can install the free webhosting control panel ISPConfig (i.e., ISPConfig runs on it out of the box).
I want to say first that this is not the only way of setting up such a system. There are many ways of achieving this goal but this is the way I take. I do not issue any guarantee that this will work for you!
1 Requirements
To install such a system you will need the following:
Download the CentOS 5.2 DVD or the six CentOS 5.2 CDs from a mirror next to you (the list of mirrors can be found here: http://isoredirect.centos.org/centos/5/isos/i386/).
a fast internet connection.
2 Preliminary Note
In this tutorial I use the hostname server1.example.com with the IP address 192.168.0.100 and the gateway 192.168.0.1. These settings might differ for you, so you have to replace them where appropriate.
3 Install The Base System
Boot from your first CentOS 5.2 CD (CD 1) or the CentOS 5.2 DVD. Press <ENTER> at the boot prompt:
Pag din 281
It can take a long time to test the installation media so we skip this test here:
The welcome screen of the CentOS installer appears. Click on Next:
Pag din 282
Choose your language next:
Select your keyboard layout:
Pag din 283
I'm installing CentOS 5.2 on a fresh system, so I answer Yes to the question Would you like to initialize this drive, erasing ALL DATA?
Now we must select a partitioning scheme for our installation. For simplicity's sake I select Remove linux partitions on selected drives and create default layout. This will result in a small /boot and a large / partition as well as a swap partition. Of course, you're free to partition your hard drive however you like it. Then I hit Next:
Pag din 284
Answer the following question (Are you sure you want to do this?) with Yes:
On to the network settings. The default setting here is to configure the network interfaces with DHCP, but we are installing a server, so static IP addresses are not a bad idea... Click on the Edit button at the top right.
Pag din 285
In the window that pops up uncheck Use dynamic IP configuration (DHCP) and Enable IPv6 support and give your network card a static IP address (in this tutorial I'm using the IP address 192.168.0.100 for demonstration purposes) and a suitable netmask (e.g. 255.255.255.0; if you are not sure about the right values, http://www.subnetmask.info might help you):
Set the hostname manually, e.g. server1.example.com, and enter a gateway (e.g. 192.168.0.1) and up to two DNS servers (e.g. 213.191.92.86 and 145.253.2.75):
Pag din 286
Choose your time zone:
Give root a password:
Pag din 287
Now we select the software we want to install. Select nothing but Server (uncheck everything else). Also don't check Packages from CentOS Extras. Then check Customize now, and click on Next:
Now we must select the package groups we want to install. Select Editors, Text-based Internet, Development Libraries, Development Tools, DNS Name Server, FTP Server, Mail Server, MySQL Database, Server Configuration Tools, Web Server, Administration Tools, Base, and System Tools (unselect all other package groups) and click on Next:
Pag din 288
The installer checks the dependencies of the selected packages:
Click on Next to start the installation:
Pag din 289
The hard drive is being formatted:
The installation begins. This will take a few minutes:
Pag din 2810
Finally, the installation is complete, and you can remove your CD or DVD from the computer and reboot it:
After the reboot, you will see this screen. Select Firewall configuration and hit Run Tool:
Pag din 2811
I want to install ISPConfig at the end of this tutorial which comes with its own firewall. That's why I disable the default CentOS firewall now. Of course, you are free to leave it on and configure it to your needs (but then you shouldn't use any other firewall later on as it will most probably interfere with the CentOS firewall).
SELinux is a security extension of CentOS that should provide extended security. In my opinion you don't need it to configure a secure system, and it usually causes more problems than advantages (think of it after you have done a week of trouble-shooting because some service wasn't working as expected, and then you find out that everything was ok, only SELinux was causing the problem). Therefore I disable it, too (this is a must if you want to install ISPConfig later on). Hit OK afterwards:
Then leave the Setup Agent by selecting Exit:
Pag din 2812
Then log in as root and reboot the system so that your changes can be applied:
reboot
Now, on to the configuration...
4 Adjust /etc/hosts
Next we edit /etc/hosts. Make it look like this:
vi /etc/hosts
# Do not remove the following line, or various programs# that require network functionality will fail.127.0.0.1 localhost.localdomain localhost192.168.0.100 server1.example.com server1::1 localhost6.localdomain6 localhost6
5 Configure Additional IP Addresses
(This section is totally optional. It just shows how to add additional IP addresses to your network interface eth0 if you need more than one IP address. If you're fine with one IP address, you can skip this section.)
Let's assume our network interface is eth0. Then there is a file /etc/sysconfig/network-scripts/ifcfg-eth0 which contains the settings for eth0. We can use this as a sample for our new virtual network interface eth0:0:
cp /etc/sysconfig/network-scripts/ifcfg-eth0 /etc/sysconfig/network-scripts/ifcfg-eth0:0
Now we want to use the IP address 192.168.0.101 on the virtual interface eth0:0. Therefore we open the file /etc/sysconfig/network-scripts/ifcfg-eth0:0 and modify it as follows (we can leave out the HWADDR line as it is the same physical network card):
vi /etc/sysconfig/network-scripts/ifcfg-eth0:0
# Advanced Micro Devices [AMD] 79c970 [PCnet32 LANCE]DEVICE=eth0:0BOOTPROTO=staticBROADCAST=192.168.0.255IPADDR=192.168.0.101NETMASK=255.255.255.0
Pag din 2813
NETWORK=192.168.0.0ONBOOT=yes
Afterwards we have to restart the network:
/etc/init.d/network restart
You might also want to adjust /etc/hosts after you have added new IP addresses, although this is not necessary.
Now run
ifconfig
You should now see your new IP address in the output:
[root@server1 ~]# ifconfigeth0 Link encap:Ethernet HWaddr 00:0C:29:B1:97:E1 inet addr:192.168.0.100 Bcast:192.168.0.255 Mask:255.255.255.0 inet6 addr: fe80::20c:29ff:feb1:97e1/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:310 errors:0 dropped:0 overruns:0 frame:0 TX packets:337 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:28475 (27.8 KiB) TX bytes:72116 (70.4 KiB) Interrupt:177 Base address:0x1400
eth0:0 Link encap:Ethernet HWaddr 00:0C:29:B1:97:E1 inet addr:192.168.0.101 Bcast:192.168.0.255 Mask:255.255.255.0 UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 Interrupt:177 Base address:0x1400
lo Link encap:Local Loopback inet addr:127.0.0.1 Mask:255.0.0.0 inet6 addr: ::1/128 Scope:Host UP LOOPBACK RUNNING MTU:16436 Metric:1 RX packets:8 errors:0 dropped:0 overruns:0 frame:0 TX packets:8 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:560 (560.0 b) TX bytes:560 (560.0 b)
[root@server1 ~]#
6 Disable The Firewall And SELinux
(You can skip this chapter if you have already disabled the firewall and SELinux at the end of the basic system installation (in the Setup Agent).)
I want to install ISPConfig at the end of this tutorial which comes with its own firewall. That's why I disable the default CentOS firewall now. Of course, you are free to leave it on and configure it to your needs (but then you shouldn't use any other firewall later on as it will most probably interfere with the CentOS firewall).
SELinux is a security extension of CentOS that should provide extended security. In my opinion you don't need it to configure a secure system, and it usually causes more problems than advantages (think of it after you have done a week of trouble-shooting because some service wasn't working as expected, and then you find out that everything was ok, only SELinux was causing the problem). Therefore I disable it, too (this is a must if you want to install ISPConfig later on).
Run
system-config-securitylevel
Set both Security Level and SELinux to Disabled and hit OK:
Pag din 2814
Afterwards we must reboot the system:
reboot
7 Install Some Software
First we import the GPG keys for software packages:
rpm --import /etc/pki/rpm-gpg/RPM-GPG-KEY*
Then we update our existing packages on the system:
yum update
Now we install some software packages that are needed later on:
yum install fetchmail wget bzip2 unzip zip nmap openssl lynx fileutils ncftp gcc gcc-c++
8 Quota
(If you have chosen a different partitioning scheme than I did, you must adjust this chapter so that quota applies to the partitions where you need it.)
To install quota, we run this command:
yum install quota
Edit /etc/fstab and add ,usrquota,grpquota to the / partition (/dev/VolGroup00/LogVol00):
vi /etc/fstab
/dev/VolGroup00/LogVol00 / ext3 defaults,usrquota,grpquota 1 1LABEL=/boot /boot ext3 defaults 1 2tmpfs /dev/shm tmpfs defaults 0 0devpts /dev/pts devpts gid=5,mode=620 0 0sysfs /sys sysfs defaults 0 0
Pag din 2815
proc /proc proc defaults 0 0/dev/VolGroup00/LogVol01 swap swap defaults 0 0
Then run
touch /aquota.user /aquota.groupchmod 600 /aquota.*mount -o remount /quotacheck -avugmquotaon -avug
to enable quota.
9 Install A Chrooted DNS Server (BIND9)
To install a chrooted BIND9, we do this:
yum install bind-chroot
Then do this:
chmod 755 /var/named/chmod 775 /var/named/chroot/chmod 775 /var/named/chroot/var/chmod 775 /var/named/chroot/var/named/chmod 775 /var/named/chroot/var/run/chmod 777 /var/named/chroot/var/run/named/cd /var/named/chroot/var/named/ln -s ../../ chrootcp /usr/share/doc/bind-9.3.4/sample/var/named/named.local /var/named/chroot/var/named/named.localcp /usr/share/doc/bind-9.3.4/sample/var/named/named.root /var/named/chroot/var/named/named.roottouch /var/named/chroot/etc/named.confchkconfig --levels 235 named on/etc/init.d/named start
BIND will run in a chroot jail under /var/named/chroot/var/named/. I will use ISPConfig to configure BIND (zones, etc.).
10 MySQL (5.0)
To install MySQL, we do this:
yum install mysql mysql-devel mysql-server
Then we create the system startup links for MySQL (so that MySQL starts automatically whenever the system boots) and start the MySQL server:
chkconfig --levels 235 mysqld on/etc/init.d/mysqld start
Now check that networking is enabled. Run
netstat -tap | grep mysql
It should show a line like this:
[root@server1 ~]# netstat -tap | grep mysqltcp 0 0 *:mysql *:* LISTEN 2584/mysqld[root@server1 ~]#
If it does not, edit /etc/my.cnf and comment out the option skip-networking:
vi /etc/my.cnf
Pag din 2816
[...]#skip-networking[...]
and restart your MySQL server:
/etc/init.d/mysqld restart
Run
mysqladmin -u root password yourrootsqlpasswordmysqladmin -h server1.example.com -u root password yourrootsqlpassword
to set a password for the user root (otherwise anybody can access your MySQL database!).
11 Postfix With SMTP-AUTH And TLS
Now we install Postfix and Dovecot (Dovecot will be our POP3/IMAP server):
yum install cyrus-sasl cyrus-sasl-devel cyrus-sasl-gssapi cyrus-sasl-md5 cyrus-sasl-plain postfix dovecot
Next we configure SMTP-AUTH and TLS:
postconf -e 'smtpd_sasl_local_domain ='postconf -e 'smtpd_sasl_auth_enable = yes'postconf -e 'smtpd_sasl_security_options = noanonymous'postconf -e 'broken_sasl_auth_clients = yes'postconf -e 'smtpd_sasl_authenticated_header = yes'postconf -e 'smtpd_recipient_restrictions = permit_sasl_authenticated,permit_mynetworks,reject_unauth_destination'postconf -e 'inet_interfaces = all'postconf -e 'mynetworks = 127.0.0.0/8'
We must edit /usr/lib/sasl2/smtpd.conf so that Postfix allows PLAIN and LOGIN logins. On a 64Bit Centos 5.2 you must edit the file /usr/lib64/sasl2/smtpd.conf instead. It should look like this:
vi /usr/lib/sasl2/smtpd.conf
pwcheck_method: saslauthdmech_list: plain login
Afterwards we create the certificates for TLS:
mkdir /etc/postfix/sslcd /etc/postfix/ssl/openssl genrsa -des3 -rand /etc/hosts -out smtpd.key 1024
chmod 600 smtpd.keyopenssl req -new -key smtpd.key -out smtpd.csr
openssl x509 -req -days 3650 -in smtpd.csr -signkey smtpd.key -out smtpd.crt
openssl rsa -in smtpd.key -out smtpd.key.unencrypted
mv -f smtpd.key.unencrypted smtpd.keyopenssl req -new -x509 -extensions v3_ca -keyout cakey.pem -out cacert.pem -days 3650
Next we configure Postfix for TLS:
postconf -e 'smtpd_tls_auth_only = no'postconf -e 'smtp_use_tls = yes'postconf -e 'smtpd_use_tls = yes'postconf -e 'smtp_tls_note_starttls_offer = yes'postconf -e 'smtpd_tls_key_file = /etc/postfix/ssl/smtpd.key'postconf -e 'smtpd_tls_cert_file = /etc/postfix/ssl/smtpd.crt'postconf -e 'smtpd_tls_CAfile = /etc/postfix/ssl/cacert.pem' Pag din 2817
postconf -e 'smtpd_tls_loglevel = 1'postconf -e 'smtpd_tls_received_header = yes'postconf -e 'smtpd_tls_session_cache_timeout = 3600s'postconf -e 'tls_random_source = dev:/dev/urandom'
Then we set the hostname in our Postfix installation (make sure you replace server1.example.com with your own hostname):
postconf -e 'myhostname = server1.example.com'
After these configuration steps you should now have a /etc/postfix/main.cf that looks like this (I have removed all comments from it):
cat /etc/postfix/main.cf
queue_directory = /var/spool/postfixcommand_directory = /usr/sbindaemon_directory = /usr/libexec/postfixmail_owner = postfixinet_interfaces = allmydestination = $myhostname, localhost.$mydomain, localhostunknown_local_recipient_reject_code = 550alias_maps = hash:/etc/aliasesalias_database = hash:/etc/aliasesdebug_peer_level = 2debugger_command = PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin xxgdb $daemon_directory/$process_name $process_id & sleep 5
sendmail_path = /usr/sbin/sendmail.postfixnewaliases_path = /usr/bin/newaliases.postfixmailq_path = /usr/bin/mailq.postfixsetgid_group = postdrophtml_directory = nomanpage_directory = /usr/share/mansample_directory = /usr/share/doc/postfix-2.3.3/samplesreadme_directory = /usr/share/doc/postfix-2.3.3/README_FILESsmtpd_sasl_local_domain =smtpd_sasl_auth_enable = yessmtpd_sasl_security_options = noanonymousbroken_sasl_auth_clients = yessmtpd_sasl_authenticated_header = yessmtpd_recipient_restrictions = permit_sasl_authenticated,permit_mynetworks,reject_unauth_destinationmynetworks = 127.0.0.0/8smtpd_tls_auth_only = nosmtp_use_tls = yessmtpd_use_tls = yessmtp_tls_note_starttls_offer = yessmtpd_tls_key_file = /etc/postfix/ssl/smtpd.keysmtpd_tls_cert_file = /etc/postfix/ssl/smtpd.crtsmtpd_tls_CAfile = /etc/postfix/ssl/cacert.pemsmtpd_tls_loglevel = 1smtpd_tls_received_header = yessmtpd_tls_session_cache_timeout = 3600stls_random_source = dev:/dev/urandommyhostname = server1.example.com
By default, CentOS' Dovecot daemon provides only IMAP and IMAPs services. Because we also want POP3 and POP3s we must configure Dovecot to do so. We edit /etc/dovecot.conf and enable the line protocols = imap imaps pop3 pop3s:
vi /etc/dovecot.conf
[...]# Base directory where to store runtime data.#base_dir = /var/run/dovecot/
# Protocols we want to be serving: imap imaps pop3 pop3s# If you only want to use dovecot-auth, you can set this to "none".protocols = imap imaps pop3 pop3s
# IP or host address where to listen in for connections. It's not currently# possible to specify multiple addresses. "*" listens in all IPv4 interfaces.
Pag din 2818
# "[::]" listens in all IPv6 interfaces, but may also listen in all IPv4# interfaces depending on the operating system.[...]
Now start Postfix, saslauthd, and Dovecot:
chkconfig --levels 235 sendmail offchkconfig --levels 235 postfix onchkconfig --levels 235 saslauthd onchkconfig --levels 235 dovecot on/etc/init.d/sendmail stop/etc/init.d/postfix start/etc/init.d/saslauthd start/etc/init.d/dovecot start
To see if SMTP-AUTH and TLS work properly now run the following command:
telnet localhost 25
After you have established the connection to your Postfix mail server type
ehlo localhost
If you see the lines
250-STARTTLS
and
250-AUTH PLAIN LOGIN
everything is fine.
[root@server1 ssl]# telnet localhost 25Trying 127.0.0.1...Connected to localhost.localdomain (127.0.0.1).Escape character is '^]'.220 server1.example.com ESMTP Postfixehlo localhost250-server1.example.com250-PIPELINING250-SIZE 10240000250-VRFY250-ETRN250-STARTTLS250-AUTH PLAIN LOGIN250-AUTH=PLAIN LOGIN250-ENHANCEDSTATUSCODES250-8BITMIME250 DSNquit221 2.0.0 ByeConnection closed by foreign host.[root@server1 ssl]#
Type
quit
to return to the system's shell.
11.1 Maildir
Dovecot uses Maildir format (not mbox), so if you install ISPConfig on the server, please make sure you enable Maildir under Management -> Server -> Settings -> Email. ISPConfig will then do the necessary configuration.
Pag din 2819
If you do not want to install ISPConfig, then you must configure Postfix to deliver emails to a user's Maildir (you can also do this if you use ISPConfig - it doesn't hurt ;-)):
postconf -e 'home_mailbox = Maildir/'postconf -e 'mailbox_command ='/etc/init.d/postfix restart
12 Apache2 With PHP & Ruby
Now we install Apache with PHP (this is PHP 5.1.6):
yum install php php-devel php-gd php-imap php-ldap php-mysql php-odbc php-pear php-xml php-xmlrpc curl curl-devel perl-libwww-perl ImageMagick libxml2 libxml2-devel
Then edit /etc/httpd/conf/httpd.conf:
vi /etc/httpd/conf/httpd.conf
and change DirectoryIndex to
[...]DirectoryIndex index.html index.htm index.shtml index.cgi index.php index.php3 index.pl[...]
Now configure your system to start Apache at boot time:
chkconfig --levels 235 httpd on
Start Apache:
/etc/init.d/httpd start
12.1 Disable PHP Globally
(If you do not plan to install ISPConfig on this server, please skip this section!)
In ISPConfig you will configure PHP on a per-website basis, i.e. you can specify which website can run PHP scripts and which one cannot. This can only work if PHP is disabled globally because otherwise all websites would be able to run PHP scripts, no matter what you specify in ISPConfig.
To disable PHP globally, we edit /etc/httpd/conf.d/php.conf and comment out the AddHandler and AddType lines:
vi /etc/httpd/conf.d/php.conf
## PHP is an HTML-embedded scripting language which attempts to make it# easy for developers to write dynamically generated webpages.#
LoadModule php5_module modules/libphp5.so
## Cause the PHP interpreter to handle files with a .php extension.##AddHandler php5-script .php#AddType text/html .php
## Add index.php to the list of files that will be served as directory# indexes.#DirectoryIndex index.php
Pag din 2820
## Uncomment the following line to allow PHP to pretty-print .phps# files as PHP source code:##AddType application/x-httpd-php-source .phps
Afterwards we restart Apache:
/etc/init.d/httpd restart
12.2 Installing mod_ruby
For CentOS 5.2, there's no mod_ruby package available, so we must compile it ourselves. First we install some prerequisites:
yum install httpd-devel ruby ruby-devel
Next we download and install mod_ruby as follows:
cd /tmpwget http://www.modruby.net/archive/mod_ruby-1.2.6.tar.gztar zxvf mod_ruby-1.2.6.tar.gzcd mod_ruby-1.2.6/./configure.rb --with-apr-includes=/usr/include/apr-1makemake install
Finally we must add the mod_ruby module to the Apache configuration, so we create the file /etc/httpd/conf.d/ruby.conf...
vi /etc/httpd/conf.d/ruby.conf
LoadModule ruby_module modules/mod_ruby.so
... and restart Apache:
/etc/init.d/httpd restart
13 ProFTPd
ISPConfig has better support for proftpd than vsftpd, so let's remove vsftpd:
yum remove vsftpd
Because CentOS has no proftpd package, we have to compile Proftpd manually:
cd /tmp/wget --passive-ftp ftp://ftp.proftpd.org/distrib/source/proftpd-1.3.1.tar.gztar xvfz proftpd-1.3.1.tar.gzcd proftpd-1.3.1/./configure --sysconfdir=/etcmakemake installcd ..rm -fr proftpd-1.3.1*
The proftpd binary gets installed in /usr/local/sbin, but we need it in /usr/sbin, so we create a symlink:
ln -s /usr/local/sbin/proftpd /usr/sbin/proftpd
Now create the init script /etc/init.d/proftpd:
vi /etc/init.d/proftpd
Pag din 2821
#!/bin/sh# $Id: proftpd.init,v 1.1 2004/02/26 17:54:30 thias Exp $## proftpd This shell script takes care of starting and stopping# proftpd.## chkconfig: - 80 30# description: ProFTPD is an enhanced FTP server with a focus towards \# simplicity, security, and ease of configuration. \# It features a very Apache-like configuration syntax, \# and a highly customizable server infrastructure, \# including support for multiple 'virtual' FTP servers, \# anonymous FTP, and permission-based directory visibility.# processname: proftpd# config: /etc/proftp.conf# pidfile: /var/run/proftpd.pid
# Source function library.. /etc/rc.d/init.d/functions
# Source networking configuration.. /etc/sysconfig/network
# Check that networking is up.[ ${NETWORKING} = "no" ] && exit 0
[ -x /usr/sbin/proftpd ] || exit 0
RETVAL=0
prog="proftpd"
start() { echo -n $"Starting $prog: " daemon proftpd RETVAL=$? echo [ $RETVAL -eq 0 ] && touch /var/lock/subsys/proftpd}
stop() { echo -n $"Shutting down $prog: " killproc proftpd RETVAL=$? echo [ $RETVAL -eq 0 ] && rm -f /var/lock/subsys/proftpd}
# See how we were called.case "$1" in start) start ;; stop) stop ;; status) status proftpd RETVAL=$? ;; restart) stop start ;; condrestart) if [ -f /var/lock/subsys/proftpd ]; then stop start fi ;; reload) echo -n $"Re-reading $prog configuration: " killproc proftpd -HUP RETVAL=$? echo
Pag din 2822
;; *) echo "Usage: $prog {start|stop|restart|reload|condrestart|status}" exit 1esac
exit $RETVAL
Then we make the init script executable:
chmod 755 /etc/init.d/proftpd
Next we open /etc/proftpd.conf and change Group to nobody:
vi /etc/proftpd.conf
[...]Group nobody[...]
For security reasons you can also add the following lines to /etc/proftpd.conf (thanks to Reinaldo Carvalho; more information can be found here: http://proftpd.org/localsite/Userguide/linked/userguide.html):
vi /etc/proftpd.conf
[...]DefaultRoot ~IdentLookups offServerIdent on "FTP Server ready."[...]
Now we can create the system startup links for Proftpd:
chkconfig --levels 235 proftpd on
And finally we start Proftpd:
/etc/init.d/proftpd start
14 Webalizer
To install webalizer, just run
yum install webalizer
15 Synchronize The System Clock
If you want to have the system clock synchronized with an NTP server do the following:
yum install ntp
chkconfig --levels 235 ntpd onntpdate 0.pool.ntp.org/etc/init.d/ntpd start
16 Install Some Perl Modules
ISPConfig comes with SpamAssassin which needs a few Perl modules to work. We install the required Perl modules with a single command:
Pag din 2823
yum install perl-HTML-Parser perl-DBI perl-Net-DNS perl-Digest-SHA1
17 The End
The configuration of the server is now finished, and if you wish you can now install ISPConfig on it.
17.1 A Note On SuExec
If you want to run CGI scripts under suExec, you should specify /var/www as the home directory for websites created by ISPConfig as CentOS' suExec is compiled with /var/www as Doc_Root. Run
/usr/sbin/suexec -V
and the output should look like this:
[root@server1 ~]# /usr/sbin/suexec -V -D AP_DOC_ROOT="/var/www" -D AP_GID_MIN=100 -D AP_HTTPD_USER="apache" -D AP_LOG_EXEC="/var/log/httpd/suexec.log" -D AP_SAFE_PATH="/usr/local/bin:/usr/bin:/bin" -D AP_UID_MIN=500 -D AP_USERDIR_SUFFIX="public_html"[root@server1 ~]#
So if you want to use suExec with ISPconfig, don't change the default web root (which is /var/www) if you use expert mode during the ISPConfig installation (in standard mode you can't change the web root anyway so you'll be able to use suExec in any case).
18 Links
CentOS: http://www.centos.org ISPConfig: http://www.ispconfig.org
yum install zlib-devel isSubmitted by FractalizeR (registered user) on Sat, 2008-08-30 19:56.yum install zlib-devel is also needed to compile PHP for ISPConfig.
reply | view as pdfyum install openssl-devel isSubmitted by FractalizeR (registered user) on Sat, 2008-08-30 19:53.
yum install openssl-devel
is also needed for ISPConfig to successfully complete PHP compilation
reply | view as pdfRe: yum install openssl-devel isSubmitted by admin (registered user) on Sun, 2008-08-31 09:17.These packages are already installed if you select the same package groups as I did during the initial system installation.
reply | view as pdfncftpSubmitted by StealthyC (registered user) on Wed, 2008-07-23 14:27.
ncftp does not install during the yum install command. ncftp is not listed during a yum list ncftp*
Pag din 2824
reply | view as pdfRe: ncftpSubmitted by Noodle2732 (not registered) on Sun, 2008-09-14 16:19.
I had the same prob, i managed to get around it though after a bit of searching google.
btw i am a linux n00b so if this is the wrong waay to do things then i apologize.
I had to add the Karan extras testing repo and set gpgcheck=0 then it installed
vi /etc/yum.conf
add this to the bottom:
[ kbs-CentOS-Testing]
name=CentOS.Karan.Org-ELS - Testing
gpgcheck=0
gpgkey=http://centos.karan.org/RPM-GPG-KEY-karan.org.txt
enabled=1
baseurl=http://centos.karan.org/el5/extras/testing/i386/RPMS/
Then import the key
rpm --import http://centos.karan.org/RPM-GPG-KEY-karan.org.txt
And then finally install ncftp
yum install ncftp
reply | view as pdfRe: Re: ncftpSubmitted by gobok (not registered) on Mon, 2008-12-15 05:22.
thanks for the ncftp
and the updated repo is supposed to be in
/etc/yum.repos.d/CentOS-Base.repo
reply | view as pdfRe: Re: ncftpSubmitted by Anonymous (not registered) on Wed, 2008-11-19 04:32.worked for me, thanks Noodle
reply | view as pdf
mysqladminSubmitted by rezilient1 (not registered) on Tue, 2008-11-18 21:10.
This line doesn't work for me, same issue for anyone else? Is it important? I confirmed the root password was successfull set, what does this do?
# mysqladmin -h server1.example.com -u root password yourrootsqlpassword
reply | view as pdfRe: mysqladminSubmitted by Anonymous (not registered) on Mon, 2009-03-16 18:24.use this to fix it. worked for me.
reply | view as pdf Pag din 2825
Re: mysqladminSubmitted by Milan (not registered) on Thu, 2009-01-15 14:45.Read step 4 of this howto carefully. It is important to assign server1.example.com (replace with Your server name) to actual IP address of the server.
reply | view as pdfRe: mysqladminSubmitted by Augusto (not registered) on Wed, 2009-01-07 13:05.
It doesn't seem to work fine. I can't find the option "-h" for the command mysqladmin:
http://dev.mysql.com/doc/refman/5.1/en/mysqladmin.html
If you can access to the mysql server, then it's ok:
[root@hello tmp]# mysql -u root -pEnter password:Welcome to the MySQL monitor. Commands end with ; or \g.Your MySQL connection id is 14 to server version: 5.1 Type 'help;' or '\h' for help. Type '\c' to clear the buffer. mysql>
reply | view as pdfRe: Re: mysqladminSubmitted by Narcarsiss (not registered) on Tue, 2010-07-06 02:42.
Easy fix Apply -p after password
for example; mysqladmin -h Xeon.com -u root password -p ********************
Cheers Narcarsiss
reply | view as pdf
ProFTPd Installation TutorialSubmitted by Mike Shafer (not registered) on Fri, 2009-05-15 03:31.
Great bit of work. I followed this to the letter and it worked perfectly. Learned a few new tricks on the process! Thanks for the efforts.
Mike Shafer
reply | view as pdfCant install ProftpdSubmitted by Anonymous (not registered) on Wed, 2009-02-11 12:27.
Hy
This tutorial is very good but I have a problem. When I try to install proftpd it just don't stop to checking. I leave server to install 24 hours but it still checking. I can't complete install. I saw an warning message:
make: Warning: File `Make.rules.in' has modification time 1e+08 s in the future
What could be a problem?
reply | view as pdfGreat Tut!!Submitted by Jeremy (not registered) on Mon, 2008-12-01 17:54.
Pag din 2826
Great Tutorial.
I have always setup LAMP for local development, but have been wanting to do some smaller sites in house.
Followed your tutorial almost step-by-step (I prefer building php).
reply | view as pdfThis manual is missing justSubmitted by FractalizeR (registered user) on Sat, 2008-08-30 19:38.This manual is missing just one thing relative to ISPConfig. It requires flex package to be installed (2.2.25 at least). So, `yum install flex` is needed
reply | view as pdfBottom of Form In the spirit of helpfulness,,,,Submitted by Jason Barnett (not registered) on Mon, 2009-02-09 20:21.
Here are some quick and dirty instructions for installing ISPConfig:
cd /tmphttp://prdownloads.sourceforge.net/ispconfig/ISPConfig-2.2.29.tar.gz?downloadtar xvzf ISPConfig-2.2.29.tar.gzcd install_ispconfig./setup
Accepting all the defaults will do the job quite nicely.
reply | view as pdfGRACIAS!!!Submitted by Elber (not registered) on Sun, 2009-02-22 02:58.Muchas gracias amigos (Thank so much!!!) Excelente documentación!!!
reply | view as pdfI don't want to seem ungrateful...Submitted by Jason Barnett (not registered) on Mon, 2009-02-09 20:13.
...but after seven pages of excellent documentation I would have expected the job to be finished properly with detailed steps on how to install ISPConfig.
In my opinion this takes the shine of an otherwise excellent how-to.
reply | view as pdfReally useful tutorial but... How do I install mysql for PHPSubmitted by Simon (not registered) on Mon, 2009-01-19 14:52.
I followed this tutorial through and everything works great but PHP doesn't load mysql by default.
I check phpinfo() and it doesn't show mysql as loaded. I know its a bit of a noob question and it should be obvious.
reply | view as pdfI still needed the followingSubmitted by rezilient (not registered) on Thu, 2008-11-20 04:39.
I still needed the following in order to install ISPConfig 3.0.
postgresql-devel is needed by courier-authlib-0.61.0-1.x86_64 expect is needed by courier-authlib-0.61.0-1.x86_64 /usr/include/ltdl.h is needed by courier-authlib-0.61.0-1.x86_64
reply | view as pdfRe: I still needed the followingSubmitted by Anonymous (not registered) on Wed, 2008-12-31 01:03.I followed this setup to install ISPConfig, and sure, this tutorial may be comprehensive, but it left me with A TON of unanswered questions and problems that made it seem not worth putting in the time to finish. Honestly, at this point, I may just wipe it and install a fresh copy of Centos and pay for cpanel. It will be cheaper in the end.....
reply | view as pdf
Pag din 2827
On the 64bits version ofSubmitted by PanzerThorr (not registered) on Tue, 2008-11-18 11:08.
On the 64bits version of CentOS i need to do this because the installation crash :
yum install openssl-devel flex zlib-devel libxml2-devel libpng-devel libxslt-devel
reply | view as pdfflex missingSubmitted by Kuzmich (not registered) on Fri, 2008-11-14 11:58.
It is need flex for ./setup
yum install flex
reply | view as pdfThank YouSubmitted by ip-adresa (not registered) on Thu, 2008-09-11 10:57.Thank You for great tutorial! I am going to install CentOS on my small server. Well done :-)
reply | view as pdfRe: Thank YouSubmitted by javsan (not registered) on Mon, 2008-10-13 06:41.Really, a good manual. Thanks you very much.
reply | view as pdfBottom of Form
Pag din 2828
