<< HOWTO-Index
NEW!
Visit my Linux forums!
 This Howto is also available on HowtoForge! If you have also written tutorials, you can publish them there.
The Perfect
Setup - Debian Woody (3.0)
Version 1.6
Author: Falko Timme
<ft [at] falkotimme [dot] com>
Last edited 07/14/2005
This is a detailed
description about the steps to be taken to setup a Debian based server
(Debian Woody alias Debian 3.0) that offers all services needed by ISPs and
hosters (web server (SSL-capable), mail server (with SMTP-AUTH and TLS!), DNS
server, FTP server, MySQL server, POP3/IMAP, Quota, Firewall, etc.).
I will use the
following software:
- Web Server:
Apache 1.3.x
- Mail Server:
Postfix (easier to configure than sendmail; has a shorter history of security
holes than sendmail)
- DNS Server:
BIND9
- FTP Server:
proftpd (you could also use vsftpd)
- POP3/IMAP: in
this example you can choose between the traditional UNIX mailbox format (we
then use qpopper/uw-imapd) or the Maildir format (in this case we will use
Courier-POP3/Courier-IMAP).
- Webalizer for
web site statistics
In the end you
should have a system that works reliably and is ready for the free webhosting
control panel ISPConfig
(i.e., ISPConfig runs on it out of the box).
I want to say first
that this is not the only way of setting up such a system. There are many ways
of achieving this goal but this is the way I take. I do not issue any guarantee
that this will work for you!
Requirements
To install such
a system you will need the following:
- CD 1 of the
Debian Woody (Debian 3.0) release (available from http://www.debian.org)
- CD 1 of the
latest release of Mandrake Linux (9.2 at the time of this writing) (available
from http://www.mandrake-linux.com)
(you do not need it if you do not need to create partitions on your hard drive)
- an internet
connection since I will describe a network installation in this document
1 The
Base System
If you have an
unused hard drive you first will have to create partitions on it (you can skip
this step if you already have partitions on your hard drive). You can use the
Debian installer to do this but I think it is hard to use (especially for newbies).
This is where I cheat a little bit: I insert the Mandrake CD into my CD-ROM
and run the Mandrake installer (just until after my partitions have been created
unsing Mandrake's partitioning tool which I think is the best in the Linux world).


I create two partitions:
/dev/hda1 (with /boot
as mount point) and /dev/hda6
(with / as mount point).
Additionally, I create a swap partition (ususally on /dev/hda5).
I think, 50 MB -100 MB is a good size for /dev/hda1;
500 MB should be enough for the swap partition; the rest is for /dev/hda6
(where the users' web sites etc. will be).
After the partitions
have been created I stop the Mandrake installation, insert my Debian CD and
reboot the system.
At the boot prompt,
enter bf24 to install
Debian with a 2.4 Linux kernel:

Then select your
language:

Afterwards, you
will enter the main menu of the Debian installer. Configure your keyboard:

Initialize and
activate a swap partition:

When asked Scan
for Bad Blocks?, choose No.
Then initialize
a Linux partition:

Select the file
system you want. I take ext3
here.

Select /dev/hda1
as the partition to be initialized:

When asked Scan
for Bad Blocks?, enter No.


Select /boot
as the mount point for /dev/hda1:

Now you have to
initialize your second Linux partition:

Select your preferred
filesystem (again, I take ext3
here). Then select /dev/hda6
as the partition to be initialized:

When asked Scan
for Bad Blocks?, enter No.
Select /
as the mount point for /dev/hda6:

After your partitions
are formatted and initialized, select Install
Kernel and Driver Modules from the main menu. I think this does not
need any further explanation.
Configure Device
Driver modules:

Be sure to install
the driver for your network card (if you don't know the correct one it is safe
to install mutliple drivers):


Now go sure to
include iptables support (Firewall!) in your kernel:


After you have
left the driver modules menu you must configure your network:

For the hostname
I highly recommend a subdomain that will not be used for a virtual site on that
server later on. Something like server1,
server2, ... would be quite handy as it allows you to distinguish
your servers if you run multiple of them. So if your domain is example.com
(a real domain is recommended!) you can reach the server under server1.example.com
(don't forget to update the DNS record for example.com!).

When prompted for
Automatic Network Configuration,
select No.

Then enter the
main IP address of the system, its network mask, the gateway address and the
domain of the system (here: example.com).

Specify the DNS
servers the system should use (e.g. 193.174.32.18
and 145.253.2.11).

Install the base
system:

Make the system
bootable:

Select Install
LILO in the MBR:

Then reboot the
system. Go sure to remove the Debian CD from your CD-ROM:

After the reboot
configure your time zone:



Do not enable md5
passwords:

Enable shadow passwords:

Then set the root
password, create the additional user admin
and enter his password.
If you don't need
pcmcia packages remove them.
Don't use a PPP
connection to install the system (a server should have a permanent connection
to the internet):

I want to do a
network installation (that is why I only need disk 1 of the seven Debian CD-ROMs).
So I choose http as method
for accessing the Debian archive under Apt
Configuration:


Select a mirror
that is close to you:


Normally, you don't
use a proxy so leave the field empty:

When asked Use
security updates from security.debian.org? answer Yes.

Important:
Since June 2005 Debian Sarge (3.1) is the stable release of Debian. Because
we want to install Debian Woody (3.0) here instead of Sarge we have to change
the file /etc/apt/sources.list
now before we go on! The Woody installer still thinks that Woody is the stable
release. Press Ctrl + Alt + F2
on your keyboard. You are now on the shell. Login as
root. Then edit /etc/apt/sources.list
with a text editor (e.g. vi)
and replace stable with
woody wherever it appears.
Afterwards run
apt-get
update
and press Ctrl
+ Alt + F1 to return to the installation screen.
Then run tasksel:

I want to have
a minimal system at the beginning so I only select mail
server and C and C++
(so I can compile sources if I need to). The other software will be installed
later.

Don't run dselect
(don't even think of it, you will be lost!):

For the next steps
you can accept the default values.
Then configure
your locales. At least choose en_US
ISO-8859-1:

As the default
locale I select en_US:

Then set up your
ssh server:


The installation
begins. At the end you will be asked if you wish to delete any previously downloaded
.deb files. You can answer Y
here.

When the installer
wants to configure exim
enter 5 (no configuration)
because we will use postfix
as our mail server.

Now the base system
is ready:

2 Installing
and Configuring the Rest of the System
Configure additional
IP Addresses
If you have more
than one IP address you can add your additional IP addresses by editing /etc/network/interfaces.
It will look similar to this:
# /etc/network/interfaces -- configuration file for ifup(8), ifdown(8)
# The loopback interface
auto lo
iface lo inet loopback
# The first network card - this entry was created during the Debian installation
# (network, broadcast and gateway are optional)
auto eth0
iface eth0 inet static
address 192.168.0.100
netmask 255.255.255.0
network 192.168.0.0
broadcast 192.168.0.255
gateway 192.168.0.1
|
If you want to
add the IP address 192.168.0.101
to the interface eth0
you should change the file to look like this:
# /etc/network/interfaces -- configuration file for ifup(8), ifdown(8)
# The loopback interface
auto lo
iface lo inet loopback
# The first network card - this entry was created during the Debian installation
# (network, broadcast and gateway are optional)
auto eth0
iface eth0 inet static
address 192.168.0.100
netmask 255.255.255.0
network 192.168.0.0
broadcast 192.168.0.255
gateway 192.168.0.1
auto eth0:0
iface eth0:0 inet static
address 192.168.0.101
netmask 255.255.255.0
network 192.168.0.0
broadcast 192.168.0.255
gateway 192.168.0.1
|
Then restart your
network:
/etc/init.d/networking
restart
Setting the
Hostname
echo server1.example.com
> /etc/hostname
/bin/hostname -F /etc/hostname
Install/Remove
some Software
Add
deb http://backports.debian.skynet.be woody cyrus-sasl2
to /etc/apt/sources.list
and run
apt-get
update
apt-get install wget
bzip2 rdate fetchmail libdb3++-dev unzip zip ncftp xlispstat libarchive-zip-perl
zlib1g-dev libpopt-dev nmap openssl (1
line!)
apt-get remove lpr nfs-common
portmap pidentd pcmcia-cs pppoe pppoeconf ppp pppconfig
update-rc.d -f exim remove
update-inetd --remove
daytime
update-inetd --remove telnet
update-inetd --remove time
update-inetd --remove finger
update-inetd --remove talk
update-inetd --remove ntalk
update-inetd --remove ftp
update-inetd --remove discard
<- Yes [y]
/etc/init.d/inetd reload
Quota
apt-get install quota quotatool
Edit /etc/fstab
to look like this (I added ,usrquota,grpquota
to partition /dev/hda6):
# /etc/fstab: static file system information.
#
# <file system> <mount point> <type> <options> <dump> <pass>
/dev/hda1 /boot ext3 errors=remount-ro 0 1
/dev/hda5 none swap sw 0 0
proc /proc proc defaults 0 0
/dev/fd0 /floppy auto user,noauto 0 0
/dev/cdrom /cdrom iso9660 ro,user,noauto 0 0
/dev/hda6 / ext3 defaults,usrquota,grpquota 0 2
|
Then run:
touch /quota.user /quota.group
chmod 600 /quota.*
mount -o remount /
quotacheck -avugm
quotaon -avug
DNS-Server
apt-get
install bind9
For security reasons
we want to run BIND chrooted so we have to do the following steps:
/etc/init.d/bind9 stop
Edit the startup
script /etc/init.d/bind9
so that the daemon
will run as the unprivileged user 'nobody',
chrooted to /var/lib/named.
Modify the line: OPTS=""
so that it reads OPTS="-u nobody
-t /var/lib/named":
#!/bin/sh
PATH=/sbin:/bin:/usr/sbin:/usr/bin
# for a chrooted server: "-u nobody -t /var/lib/named"
OPTS="-u nobody -t /var/lib/named"
test -x /usr/sbin/named || exit 0
case "$1" in
start)
echo -n "Starting domain name service: named"
start-stop-daemon --start --quiet \
--pidfile /var/run/named.pid --exec /usr/sbin/named -- $OPTS
echo "."
;;
stop)
echo -n "Stopping domain name service: named"
/usr/sbin/rndc stop
echo "."
;;
reload)
/usr/sbin/rndc reload
;;
restart|force-reload)
$0 stop
sleep 2
$0 start
;;
*)
echo "Usage: /etc/init.d/bind {start|stop|reload|restart|force-reload}" >&2
exit 1
;;
esac
exit 0
|
Create the necessary
directories under /var/lib:
mkdir -p /var/lib/named/etc
mkdir /var/lib/named/dev
mkdir -p /var/lib/named/var/cache/bind
mkdir /var/lib/named/var/run
Then move the config
directory from /etc
to
/var/lib/named/etc:
mv /etc/bind /var/lib/named/etc
Create a symlink
to the new config directory from the old location (to avoid problems when bind
is upgraded in the future):
ln -s /var/lib/named/etc/bind
/etc/bind
Make null and random
devices, and fix permissions of the directories:
mknod /var/lib/named/dev/null
c 1 3
mknod /var/lib/named/dev/random c 1 8
chmod 666 /var/lib/named/dev/null /var/lib/named/dev/random
chown -R nobody:nogroup /var/lib/named/var/*
chown -R nobody:nogroup /var/lib/named/etc/bind
We need to modify
the startup script /etc/init.d/sysklogd
of sysklogd so that we
can still get important messages logged to the system logs. Modify the line:
SYSLOGD=""
so that it reads: SYSLOGD="-a
/var/lib/named/dev/log":
#! /bin/sh
# /etc/init.d/sysklogd: start the system log daemon.
PATH=/bin:/usr/bin:/sbin:/usr/sbin
pidfile=/var/run/syslogd.pid
binpath=/sbin/syslogd
test -x $binpath || exit 0
# Options for start/restart the daemons
# For remote UDP logging use SYSLOGD="-r"
#
SYSLOGD="-a /var/lib/named/dev/log"
create_xconsole()
{
if [ ! -e /dev/xconsole ]; then
mknod -m 640 /dev/xconsole p
else
chmod 0640 /dev/xconsole
fi
chown root.adm /dev/xconsole
}
running()
{
# No pidfile, probably no daemon present
#
if [ ! -f $pidfile ]
then
return 1
fi
pid=`cat $pidfile`
# No pid, probably no daemon present
#
if [ -z "$pid" ]
then
return 1
fi
cmd=`cat /proc/$pid/cmdline | tr "\000" "\n"|head -1`
# No syslogd?
#
if [ "$cmd" != "$binpath" ]
then
return 1
fi
return 0
}
case "$1" in
start)
echo -n "Starting system log daemon: syslogd"
create_xconsole
start-stop-daemon --start --quiet --exec $binpath -- $SYSLOGD
echo "."
;;
stop)
echo -n "Stopping system log daemon: syslogd"
start-stop-daemon --stop --quiet --exec $binpath --pidfile $pidfile
echo "."
;;
reload|force-reload)
start-stop-daemon --stop --quiet --signal 1 --exec $binpath --pidfile $pidfile
;;
restart)
echo -n "Stopping system log daemon: syslogd"
start-stop-daemon --stop --quiet --exec $binpath --pidfile $pidfile
echo "."
sleep 1
echo -n "Starting system log daemon: syslogd"
start-stop-daemon --start --quiet --exec $binpath -- $SYSLOGD
echo "."
;;
reload-or-restart)
if running
then
start-stop-daemon --stop --quiet --signal 1 --exec $binpath --pidfile $pidfile
else
start-stop-daemon --start --quiet --exec $binpath -- $SYSLOGD
fi
;;
*)
echo "Usage: /etc/init.d/sysklogd {start|stop|reload|restart|force-reload|reload-or-restart}"
exit 1
esac
exit 0
|
Restart the logging
daemon:
/etc/init.d/sysklogd restart
Start up BIND,
and check /var/log/syslog
for any errors:
/etc/init.d/bind9 start
MySQL
apt-get
install mysql-server mysql-client libmysqlclient10-dev
<- No
<- Yes
mysqladmin -u root password
yourrootsqlpassword
In /etc/mysql/my.cnf
comment out the following line:
skip-networking
It should now look
similar to this:
# You can copy this to one of:
# /etc/mysql/my.cnf to set global options,
# mysql-data-dir/my.cnf to set server-specific options (in this
# installation this directory is /var/lib/mysql) or
# ~/.my.cnf to set user-specific options.
#
# One can use all long options that the program supports.
# Run the program with --help to get a list of available options
# This will be passed to all mysql clients
[client]
#password = my_password
port = 3306
socket = /var/run/mysqld/mysqld.sock
# Here is entries for some specific programs
# The following values assume you have at least 32M ram
[safe_mysqld]
err-log = /var/log/mysql/mysql.err
[mysqld]
user = mysql
pid-file = /var/run/mysqld/mysqld.pid
socket = /var/run/mysqld/mysqld.sock
port = 3306
#
# You can also put it into /var/log/mysql/mysql.log but I leave it in /var/log
# for backward compatibility. Both location gets rotated by the cronjob.
#log = /var/log/mysql/mysql.log
log = /var/log/mysql.log
basedir = /usr
datadir = /var/lib/mysql
tmpdir = /tmp
language = /usr/share/mysql/english
skip-locking
#
# The skip-networkin option will no longer be set via debconf menu.
# You have to manually change it if you want networking i.e. the server
# listening on port 3306. The default is "disable" - for security reasons.
#skip-networking
set-variable = key_buffer=16M
set-variable = max_allowed_packet=1M
set-variable = thread_stack=128K
#
# Here you can see queries with especially long duration
#log-slow-queries = /var/log/mysql/mysql-slow.log
#
# The following can be used as easy to replay backup logs or for replication
#server-id = 1
#log-bin = /var/log/mysql/mysql-bin.log
#binlog-do-db = include_database_name
#binlog-ignore-db = include_database_name
#
# Read the manual if you want to enable InnoDB!
skip-innodb
[mysqldump]
quick
set-variable = max_allowed_packet=1M
[mysql]
#no-auto-rehash # faster start of mysql but no tab completition
[isamchk]
set-variable = key_buffer=16M
|
Restart MySQL:
/etc/init.d/mysql
restart
so that MySQL is
accessible on port 3306 (you can check that with netstat
-tap).
Postfix/Qpopper
addgroup sasl
apt-get install postfix-tls
qpopper sasl-bin libsasl-modules-plain libsasl2 libsasl-gssapi-mit libsasl-digestmd5-des
sasl2-bin libsasl2-modules (1
line!)
<- Kerberos: accept
default value (I don't want to use Kerberos so I don't really care about it)
<- Internetsite
<- Domainname
<- No
<- accept default values
<- Kerberos: accept default value
<- NONE
cd /etc/init.d/
wget http://hanselan.de/postfix/pwcheck
In case you cannot
access http://hanselan.de/postfix/pwcheck
here's the pwcheck script:
#! /bin/sh
#
# pwcheck Startet pwcheck für SMTP-Auth mit Postfix
#
PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin
DAEMON=/usr/sbin/pwcheck
NAME=pwcheck
DESC="pwcheck daemon"
test -x $DAEMON || exit 0
set -e
case "$1" in
start)
echo -n "Starting $DESC: $NAME"
ln -s /var/spool/postfix/var/run/pwcheck /var/run/pwcheck
$DAEMON
echo "."
;;
stop)
echo -n "Stopping $DESC: $NAME "
rm /var/run/pwcheck
/usr/bin/killall -KILL $NAME
echo "."
;;
*)
N=/etc/init.d/$NAME
echo "Usage: $N {start|stop}" >&2
exit 1
;;
esac
exit 0
|
chmod 755 /etc/init.d/pwcheck
update-rc.d pwcheck defaults
mkdir -p /var/spool/postfix/var/run/pwcheck
chown postfix.root /var/spool/postfix/var/run/pwcheck/
chmod 700 /var/spool/postfix/var/run/pwcheck/
ln -s /var/spool/postfix/var/run/pwcheck /var/run/pwcheck
postconf -e 'smtpd_sasl_local_domain
= $myhostname'
postconf -e 'smtpd_sasl_auth_enable = yes'
postconf -e 'smtpd_sasl_security_options = noanonymous'
postconf -e 'broken_sasl_auth_clients = yes'
postconf -e 'smtpd_recipient_restrictions = permit_sasl_authenticated,permit_mynetworks,check_relay_domains'
postconf -e 'inet_interfaces = all'
echo 'pwcheck_method: pwcheck' >> /etc/postfix/sasl/smtpd.conf
mkdir /etc/postfix/ssl
cd /etc/postfix/ssl/
openssl genrsa -des3 -rand /etc/hosts -out smtpd.key 1024
chmod 600 smtpd.key
openssl req -new -key smtpd.key -out smtpd.csr
openssl x509 -req -days 3650 -in smtpd.csr -signkey smtpd.key -out smtpd.crt
openssl rsa -in smtpd.key -out smtpd.key.unencrypted
mv -f smtpd.key.unencrypted smtpd.key
openssl req -new -x509 -extensions v3_ca -keyout cakey.pem -out cacert.pem -days
3650
postconf -e 'smtpd_tls_auth_only
= no'
postconf -e 'smtp_use_tls = yes'
postconf -e 'smtpd_use_tls = yes'
postconf -e 'smtp_tls_note_starttls_offer = yes'
postconf -e 'smtpd_tls_key_file = /etc/postfix/ssl/smtpd.key'
postconf -e 'smtpd_tls_cert_file = /etc/postfix/ssl/smtpd.crt'
postconf -e 'smtpd_tls_CAfile = /etc/postfix/ssl/cacert.pem'
postconf -e 'smtpd_tls_loglevel = 1'
postconf -e 'smtpd_tls_received_header = yes'
postconf -e 'smtpd_tls_session_cache_timeout = 3600s'
postconf -e 'tls_random_source = dev:/dev/urandom'
The file /etc/postfix/main.cf
should now look like this:
# see /usr/share/postfix/main.cf.dist for a commented, fuller
# version of this file.
# Do not change these directory settings - they are critical to Postfix
# operation.
command_directory = /usr/sbin
daemon_directory = /usr/lib/postfix
program_directory = /usr/lib/postfix
smtpd_banner = $myhostname ESMTP $mail_name (Debian/GNU)
setgid_group = postdrop
biff = no
# appending .domain is the MUA's job.
append_dot_mydomain = no
myhostname = server1.example.com
alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases
myorigin = /etc/mailname
mydestination = server1.example.com, localhost.example.com, localhost
relayhost =
mynetworks = 127.0.0.0/8
mailbox_command = procmail -a "$EXTENSION"
mailbox_size_limit = 0
recipient_delimiter = +
smtpd_sasl_local_domain = $myhostname
smtpd_sasl_auth_enable = yes
smtpd_sasl_security_options = noanonymous
broken_sasl_auth_clients = yes
smtpd_recipient_restrictions = permit_sasl_authenticated,permit_mynetworks,check_relay_domains
inet_interfaces = all
smtpd_tls_auth_only = no
smtp_use_tls = yes
smtpd_use_tls = yes
smtp_tls_note_starttls_offer = yes
smtpd_tls_key_file = /etc/postfix/ssl/smtpd.key
smtpd_tls_cert_file = /etc/postfix/ssl/smtpd.crt
smtpd_tls_CAfile = /etc/postfix/ssl/cacert.pem
smtpd_tls_loglevel = 1
smtpd_tls_received_header = yes
smtpd_tls_session_cache_timeout = 3600s
tls_random_source = dev:/dev/urandom
|
/etc/init.d/pwcheck
start
/etc/init.d/postfix restart
To see if SMTP-AUTH
and TLS work properly now run the following command:
telnet
localhost 25
After you have
established the connection to your postfix mail server type
ehlo
localhost
If you see the
lines
250-STARTTLS
and
250-AUTH
everything is fine.

Type
quit
to return to the
system's shell.
Courier-IMAP/Courier-POP3
If you want to
use a POP3/IMAP daemon that has Maildir support (if you do not want to use the
traditional Unix mailbox format) you can install Courier-IMAP and Courier-POP3.
Otherwise you can proceed with the Apache configuration.
apt-get install courier-imap
courier-pop
qpopper and UW-IMAP
will then be replaced.
Then configure
Postfix to deliver emails to a user's Maildir*:
postconf -e 'home_mailbox
= Maildir/'
postconf -e 'mailbox_command ='
/etc/init.d/postfix restart
*Please note: You
do not have to do this if you intend to use ISPConfig
on your system as ISPConfig does the necessary configuration using procmail
recipes. But please go sure to enable Maildir
under Management -> Settings ->
EMail in the ISPConfig web interface.
Apache
Add
deb http://packages.dotdeb.org ./
to /etc/apt/sources.list
and run
apt-get
update
apt-get
install apache apache-doc libapache-mod-ssl libapache-mod-ssl-doc
apt-get install libapache-mod-php4
php4 php4-cli php4-common php4-curl php4-dev php4-domxml php4-gd php4-gmp php4-imap
php4-ldap php4-mcal php4-mcrypt php4-mhash php4-ming php4-mysql php4-odbc php4-pear
php4-xslt curl libwww-perl imagemagick (1 line!)
Edit /etc/apache/httpd.conf.
Under LoadModules add:
LoadModule
php4_module /usr/lib/apache/1.3/libphp4.so
LoadModule ssl_module /usr/lib/apache/1.3/mod_ssl.so
Under Listen
add:
Listen
80
Listen 443
Under "Addtype
application" insert:
<IfModule
mod_ssl.c>
AddType application/x-x509-ca-cert .crt
AddType application/x-pkcs7-crl .crl
</IfModule>
Before "Section
3 : Virtual Hosts" add:
<IfModule
mod_ssl.c>
SSLCACertificateFile /etc/apache/ssl.crt/ca-bundle.crt
SSLPassPhraseDialog builtin
SSLSessionCache dbm:/var/run/ssl_scache
SSLSessionCacheTimeout 300
SSLMutex file:/var/run/ssl_mutex
SSLRandomSeed startup builtin
SSLRandomSeed connect builtin
</IfModule>
Change
DirectoryIndex
index.html index.htm index.shtml index.cgi
to
DirectoryIndex
index.html index.htm index.shtml index.cgi index.php index.php3 index.pl
Save /etc/apache/httpd.conf
and run
/etc/init.d/apache
restart
Proftpd
apt-get
install proftpd
<- No
For security reasons
you can add the following lines to /etc/proftpd.conf
(thanks to Reinaldo Carvalho; more information can be found here: http://proftpd.linux.co.uk/localsite/Userguide/linked/userguide.html):
DefaultRoot ~
IdentLookups off
ServerIdent on "FTP Server ready."
and restart Proftpd:
/etc/init.d/proftpd restart
Webalizer
apt-get
install webalizer
<- accept default values
Synchronize
the System Clock
If you want to
have the system clock synchronized with an NTP server you can add the following
lines to /var/spool/cron/crontabs/root
(if the file does not exist, create it by running
touch
/var/spool/cron/crontabs/root):
#
update time with ntp server
0 3,9,15,21 * * * /usr/sbin/rdate 128.2.136.71 | logger -t NTP
Then run
chmod
600 /var/spool/cron/crontabs/root
/etc/init.d/cron
restart
Install some
Perl Modules needed by SpamAssassin (comes with ISPConfig)
Installation
using the Perl Shell
Login to your command
line as root and run the following command to start the Perl shell:
perl -MCPAN -e shell
If you run the
Perl shell for the first time you will be asked some questions. In most cases
the default answers are ok.
Please note: If
you run a firewall on your system you might have to turn it off while working
on the Perl shell in order for the Perl shell to be able to fetch the needed
modules without a big delay. You can switch it on afterwards.
The big advantage
of the Perl shell compared to the two other methods described here is that it
cares about dependencies when installing new modules. I.e., if it turns out
that a prerequisite Perl module is missing when you install another module the
Perl shell asks you if it should install the prerequisite module for you. You
should answer that question with "Yes".
Run the following
commands to install the modules needed by SpamAssassin:
install HTML::Parser
install DB_File
install Net::DNS
(when prompted to enable tests, choose no)
install Digest::SHA1
q (to leave the Perl shell)
If a module is
already installed on your system you will get a message similar to this one:
HTML::Parser
is up to date.
Successful installation
of a module looks like this:
/usr/bin/make
install -- OK
Compile a Custom
Kernel
If you need to
compile a new kernel for some reason (e.g. because you want to use the latest
bleeding-edge kernel or need a feature that the standard Debian kernel does
not offer), you can find more information here: Debian-Kernel-Compile-Howto.
The End
The configuration
of the server is now finished, and if you wish you can now install ISPConfig
on it.
A Note On SuExec
If you want to
run CGI scripts under suExec, you should specify /var/www
as the home directory for websites created by ISPConfig as Debian's suExec is
compiled with /var/www
as Doc_Root.
Run /usr/lib/apache/suexec -V,
and the output should look like this:

To select /var/www
as the home directory for websites during the installation of ISPConfig do the
following: When you are asked for the installation mode, select the expert
mode.

Later during the
installation you are asked if the default directory /home/www
should be the directory where ISPConfig will create websites in. Answer n
and enter /var/www as
the home directory for websites.

Links
NEW!
Visit my Linux forums!
 This Howto is also available on HowtoForge! If you have also written tutorials, you can publish them there.
<< HOWTO-Index
|