Perfect Server: Debian 10 (Buster) V1.0 (Page 3)

botond published March 2020, 01, Thu - 02:17 time

Content

 

3. page content

 

Continuation

Az previous page we have installed some additional add-ons, on this page we will continue with the installation of the RoundCube webmail client.

 

 

Install RoundCube webmail client

A RoundCube a webmail client with a sophisticated interface and a convenient way to conveniently manage POP3 or IMAP our account. The bundled mail client package in Debian 10 contains an error, which means that it does not create the database user and database during installation, and then stops configuring it. But no problem, we can easily fix this problem by manually creating the required database and user before installing. To do this, log in to the MariaDB console:

mysql --defaults-file=/etc/mysql/debian.cnf

We then issue the following SQL commands line by line:

CREATE DATABASE roundcube;
grant all privileges on roundcube.* to roundcube@'localhost' identified by '<jelszó>';
flush privileges;
exit

Here is the enter a password of your choice. We will not use this database but the webmail interface. If all goes well, you will see a similar screen:

Create a Roundcube database and password

You can then install the required packages:

apt-get -y install roundcube roundcube-core roundcube-mysql roundcube-plugins

The installer starts and comes up with a dialog asking if you want to dbconfig-common set up database connection automatically for us:

Configuring RoundCube with dbconfig-common

Choose yes here.

The following panel will prompt you for the password of the created roundcube user:

Configure RoundCube - Set a password

Enter your password above. Then repeat:

Configure RoundCube - Password Repeat

If they are repeated, the installer will run fine afterwards.

Then open the /etc/roundcube/config.inc.php file editing, and set a couple more things:

nano /etc/roundcube/config.inc.php

Find the two options in the file, and set them to 'localhost' values:

$config['default_host'] = 'localhost';
$config['smtp_server'] = 'localhost';

Of these, smtp_server is already configured this way by default, but if it doesn't work out later in another version, set this to it and save it.

 

 

Next, set up the aliases on RoundCube Apache beĂĄllĂtĂĄsĂĄban:

nano /etc/apache2/conf-enabled/roundcube.conf

Here you can remove the comment from the line below:

#    Alias /roundcube /var/lib/roundcube

And / or add another alias:

Alias /webmail /var/lib/roundcube

depending on which subdirectory (s) you want to be able to access the RoundCube webmail interface later.

Here the developers of ISPConfig call attention to the fact that we can use our own aliases for the RoundCube, but do not use the "/ mail" alias, because it will block the email module of ISPConfig.

For my part, I've set up both of these aliases:

# Those aliases do not work properly with several hosts on your apache server
# Uncomment them to use it or adapt them to your configuration
Alias /roundcube /var/lib/roundcube
Alias /webmail /var/lib/roundcube

[...]

Let's restart Apache:

systemctl restart apache2

And the RoundCube interface is now available from the following addresses:

  • http://192.168.1.130/webmail/
  • http://192.168.1.130/roundcube/

RoundCube - Entrance

Of course, it will work with the IP address set during server installation. I have this address set.

In addition, if you create web pages later in ISPConfig, the interface will also be accessible from the / webmail and / roundcube alias directories below the web pages so that every client can easily access the mail from his / her own web page.

 

Installing the ISPConfig control panel

Finally it is ISPConfig control panel Deploying, which monitors and manages the server components installed over time. To install, download your package, uninstall it, and run the install.php file:

cd /tmp
wget http://www.ispconfig.org/downloads/ISPConfig-3-stable.tar.gz
tar -xzf ISPConfig-3-stable.tar.gz
cd ispconfig3_install/install/
php -q install.php

The installer starts:

Installing ISPConfig3

He recognizes our distribution and then asks us what language we want to use (English or German). Here we select the one we want.

The installation will then continue, where we have to answer more questions:

Installation mode (standard,expert) [standard]: <-- Enter

Full qualified hostname (FQDN) of the server, eg server1.domain.tld  [debian10.linuxportal.vm]: <-- (kitölti magától a rendes szervernevünket) Enter

MySQL server hostname [localhost]: <-- Enter

MySQL server port [3306]: <-- Enter

MySQL root username [root]: <-- Enter

MySQL root password []: <-- Adjuk meg az adatbázis root jelszavát

MySQL database to create [dbispconfig]: <-- Enter

MySQL charset [utf8]: <-- Enter

Configuring Postgrey
Configuring Postfix
Generating a RSA private key
.........................................................................++++
...............................................................................................................................................................................................................++++
writing new private key to 'smtpd.key'
-----

Here is the Postfix during configuration, generates a key for SMTP, the data of which is requested to create the self-signed key. Here you can fill out the questionnaire with any data:

You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [AU]:<-- HU
State or Province Name (full name) [Some-State]:<-- Magyarország
Locality Name (eg, city) []: <-- Városunk neve
Organization Name (eg, company) [Internet Widgits Pty Ltd]:<-- Cégünk neve
Organizational Unit Name (eg, section) []:<-- Cégen belüli osztály, stb neve
Common Name (e.g. server FQDN or YOUR name) []:<-- Teljes hosztnevünk
Email Address []: <-- email címünk

Of course, this data is irrelevant, as our self-signed SSL will be bugged by our mail client, for example ...

 

 

It then sets up the different services:

[INFO] service Mailman not detected
Configuring Dovecot
Creating new DHParams file, this takes several minutes. Do not interrupt the script.
Configuring Spamassassin
Configuring Amavisd
[INFO] service Rspamd not detected
Configuring Getmail
Configuring Jailkit
Configuring Pureftpd
Configuring BIND
Configuring Apache
Configuring vlogger
[INFO] service OpenVZ not detected
Configuring Ubuntu Firewall
[INFO] service Metronome XMPP Server not detected
Configuring Fail2ban
Configuring Apps vhost
Installing ISPConfig

And here's the installation of ISPConfig, where we have to answer new questions:

ISPConfig Port [8080]: <-- Enter

Admin password [8208023b]: <-- Adjunk meg egy jelszót az ISPConfig admin felhasználója számára

Re-enter admin password []: <-- Ismételjük meg

Do you want a secure (SSL) connection to the ISPConfig web interface (y,n) [y]: <-- Enter

Here for the last request, if you chose SSL for the ISPConfig front end, it will generate a self-signed SSL for ISPConfig again. Here too, according to our opinion, we answer:

Generating RSA private key, 4096 bit long modulus (2 primes)
................................++++
.................++++
e is 65537 (0x010001)
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [AU]: <-- HU
State or Province Name (full name) [Some-State]: <-- Magyarország
Locality Name (eg, city) []: <-- Városunk neve
Organization Name (eg, company) [Internet Widgits Pty Ltd]: <-- Cégünk neve
Organizational Unit Name (eg, section) []: <-- Osztály neve
Common Name (e.g. server FQDN or YOUR name) []: <-- Teljes hosztnevünk
Email Address []: <-- email címünk

Then ask two more questions, leave them blank:

Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []: <-- Enter
An optional company name []: <-- Enter
writing RSA key

Finally, it sets the backlog:

Configuring DBServer
Installing ISPConfig crontab
Installing ISPConfig crontab
no crontab for root
no crontab for getmail
Detect IP addresses
Restarting services ...
Installation completed.

And you're done with the installation.

Next, the ISPConfig interface can be accessed on port 8080 using the IP address of our server:

https://192.168.1.130:8080

First we drop a security warning to our spy, this is because of self-signed SSL. Here we go one step further another description of how to set up normal SSL for the ISPConfig interface, of course, only on a high-utilization server.

If you skipped the error message, the access panel will already appear:

ISPConfig Access Panel

Let's enter it here admin with and with the password above:

ISPConfig Start Page

And we're already on the start page.

In the Monitor main menu, you can verify that all features are working properly:

ISPConfig - Check for server services

Everything is perfect.

That is how much it would be to install ISPConfig.

 

 

Activate additional Fail2Ban filters (optional)

After installing ISPConfig, you have created the appropriate directory structure for the Apache logs, so as I expected earlier, we will activate another Apache filter Fail2Ban szĂĄmĂĄra. This section is only executed in a harsh server environment, and does not matter in a home test environment.

So if you are working on a full server and security is important, open it for editing /etc/fail2ban/jail.local file:

nano /etc/fail2ban/jail.local

And add the following two jails:

[apache-auth]
enabled  = true
port     = http,https
filter   = apache-auth
# logpath  = /var/log/apache*/*error.log
logpath  = /var/log/ispconfig/httpd/*/error.log
findtime = 3600
maxretry = 2

[apache-noscript]
enabled   = true
port      = http,https
filter    = apache-noscript
logpath   = /var/log/ispconfig/httpd/*/error.log
findtime  = 3600
maxretry  = 2

The first jail / filter is for Apache authentication errors. So, for example, if we have a password-protected directory that we protect with the .htpasswd file (such as web stats), it will block login attempts here in Fail2Ban. the original logpath is set up for a basic Apache installation (e.g. LAMP server), so I commented out and set up the error log files in the newly created directory structure for ISPConfig. I used the * character in the path, so the filter will work on all webpages created later. The second jail / filter monitors attempts to load non-existent script files. Both filters are useful.

However, the configured error log files still do not exist, so Fail2Ban cannot start the two new jails. To do this, create a blank log file below the primary hostname of the server. So once you find a log file, the jail will start:

touch /var/log/ispconfig/httpd/$(hostname -f)/error.log

Now let's restart Fail2Ban:

systemctl restart fail2ban

I'll check to make sure it's working:

systemctl status fail2ban
 fail2ban.service - Fail2Ban Service
   Loaded: loaded (/lib/systemd/system/fail2ban.service; enabled; vendor preset: enabled)
   Active: active (running) since Thu 2020-01-02 16:55:43 CET; 7s ago
     Docs: man:fail2ban(1)
  Process: 22645 ExecStartPre=/bin/mkdir -p /var/run/fail2ban (code=exited, status=0/SUCCESS)
 Main PID: 22646 (fail2ban-server)
    Tasks: 13 (limit: 4701)
   Memory: 14.5M
   CGroup: /system.slice/fail2ban.service
           └─22646 /usr/bin/python3 /usr/bin/fail2ban-server -xf start

jan 02 16:55:43 debian10 systemd[1]: Starting Fail2Ban Service...
jan 02 16:55:43 debian10 systemd[1]: Started Fail2Ban Service.
jan 02 16:55:43 debian10 fail2ban-server[22646]: Server ready

 

Download server

The server VirtualBox your image file is available at downloads.

 

Conclusion

This installation will provide you with a complete web server that will allow you to start operating your web pages. And with the help of the ISPConfig control panel, you can manage all the important corners of your system in one place.

 

 

What's next?

Once our server is ready, you may be wondering where we are going next. First I suggest it Create your first web pages, after which the content of a web page can be uploaded. It is also worth re-solving the following related links here.

 

 

Navigation

This description consists of several pages:

 

Hozzászólások

I wrote with the title above earlier. Clicking on the front view makes the typed text disappear. Should I start over? The problem is that my Webmail password is wrong, I can't log in with the roundcube user. (password starting with 45r3R .... etc)

Greetings: fgabor

Hi!

In the RoundCube interface, the username is the email address and can be accessed with the password entered.
If the password is incorrect, such as a typo, etc., a new password must be set in the ISPConfig interface and then accessed in the RoundCube webmail.

 

 

Hi!

I got stuck installing the roundcube. It writes, "The following packages have unfulfilled dependencies:
 roundcube-core: Depends on libjs-codemirror (> = 5.46.0 ~) but only 5.43.0-1 + deb10u1 can be installed
E: The problems can't be fixed, it took back damaged packages. "

What should I do then?

Thanks in advance for the answer.

Bye bye.