Content
- page: Upgrading the system and installing and configuring basic accessories
- page: Install Let's Encrypt, FTP, DNS Server, Web Stats, Jailkit and Fail2Ban
- page: Install RoundCube webmail client and ISPConfig3 control panel
3. page content
Continuation
Az previous page we have installed some additional add-ons, on this page we will continue with the installation of the RoundCube webmail client.
Install RoundCube webmail client
A RoundCube a webmail client with a sophisticated interface and a convenient way to conveniently manage POP3 or IMAP our account. The bundled mail client package in Debian 10 contains an error, which means that it does not create the database user and database during installation, and then stops configuring it. But no problem, we can easily fix this problem by manually creating the required database and user before installing. To do this, log in to the MariaDB console:
mysql --defaults-file=/etc/mysql/debian.cnf
We then issue the following SQL commands line by line:
CREATE DATABASE roundcube;
grant all privileges on roundcube.* to roundcube@'localhost' identified by '<jelszó>';
flush privileges;
exit
Here is the enter a password of your choice. We will not use this database but the webmail interface. If all goes well, you will see a similar screen:
You can then install the required packages:
apt-get -y install roundcube roundcube-core roundcube-mysql roundcube-plugins
The installer starts and comes up with a dialog asking if you want to dbconfig-common set up database connection automatically for us:
Choose yes here.
The following panel will prompt you for the password of the created roundcube user:
Enter your password above. Then repeat:
If they are repeated, the installer will run fine afterwards.
Then open the /etc/roundcube/config.inc.php file editing, and set a couple more things:
nano /etc/roundcube/config.inc.php
Find the two options in the file, and set them to 'localhost' values:
$config['default_host'] = 'localhost'; $config['smtp_server'] = 'localhost';
Of these, smtp_server is already configured this way by default, but if it doesn't work out later in another version, set this to it and save it.
Next, set up the aliases on RoundCube Apache beĂĄllĂtĂĄsĂĄban:
nano /etc/apache2/conf-enabled/roundcube.conf
Here you can remove the comment from the line below:
# Alias /roundcube /var/lib/roundcube
And / or add another alias:
Alias /webmail /var/lib/roundcube
depending on which subdirectory (s) you want to be able to access the RoundCube webmail interface later.
For my part, I've set up both of these aliases:
# Those aliases do not work properly with several hosts on your apache server # Uncomment them to use it or adapt them to your configuration Alias /roundcube /var/lib/roundcube Alias /webmail /var/lib/roundcube [...]
Let's restart Apache:
systemctl restart apache2
And the RoundCube interface is now available from the following addresses:
- http://192.168.1.130/webmail/
- http://192.168.1.130/roundcube/
Of course, it will work with the IP address set during server installation. I have this address set.
In addition, if you create web pages later in ISPConfig, the interface will also be accessible from the / webmail and / roundcube alias directories below the web pages so that every client can easily access the mail from his / her own web page.
Installing the ISPConfig control panel
Finally it is ISPConfig control panel Deploying, which monitors and manages the server components installed over time. To install, download your package, uninstall it, and run the install.php file:
cd /tmp
wget http://www.ispconfig.org/downloads/ISPConfig-3-stable.tar.gz
tar -xzf ISPConfig-3-stable.tar.gz
cd ispconfig3_install/install/
php -q install.php
The installer starts:
He recognizes our distribution and then asks us what language we want to use (English or German). Here we select the one we want.
The installation will then continue, where we have to answer more questions:
Installation mode (standard,expert) [standard]: <-- Enter Full qualified hostname (FQDN) of the server, eg server1.domain.tld [debian10.linuxportal.vm]: <-- (kitölti magától a rendes szervernevünket) Enter MySQL server hostname [localhost]: <-- Enter MySQL server port [3306]: <-- Enter MySQL root username [root]: <-- Enter MySQL root password []: <-- Adjuk meg az adatbázis root jelszavát MySQL database to create [dbispconfig]: <-- Enter MySQL charset [utf8]: <-- Enter Configuring Postgrey Configuring Postfix Generating a RSA private key .........................................................................++++ ...............................................................................................................................................................................................................++++ writing new private key to 'smtpd.key' -----
Here is the Postfix during configuration, generates a key for SMTP, the data of which is requested to create the self-signed key. Here you can fill out the questionnaire with any data:
You are about to be asked to enter information that will be incorporated into your certificate request. What you are about to enter is what is called a Distinguished Name or a DN. There are quite a few fields but you can leave some blank For some fields there will be a default value, If you enter '.', the field will be left blank. ----- Country Name (2 letter code) [AU]:<-- HU State or Province Name (full name) [Some-State]:<-- Magyarország Locality Name (eg, city) []: <-- Városunk neve Organization Name (eg, company) [Internet Widgits Pty Ltd]:<-- Cégünk neve Organizational Unit Name (eg, section) []:<-- Cégen belüli osztály, stb neve Common Name (e.g. server FQDN or YOUR name) []:<-- Teljes hosztnevünk Email Address []: <-- email címünk
Of course, this data is irrelevant, as our self-signed SSL will be bugged by our mail client, for example ...
It then sets up the different services:
[INFO] service Mailman not detected Configuring Dovecot Creating new DHParams file, this takes several minutes. Do not interrupt the script. Configuring Spamassassin Configuring Amavisd [INFO] service Rspamd not detected Configuring Getmail Configuring Jailkit Configuring Pureftpd Configuring BIND Configuring Apache Configuring vlogger [INFO] service OpenVZ not detected Configuring Ubuntu Firewall [INFO] service Metronome XMPP Server not detected Configuring Fail2ban Configuring Apps vhost Installing ISPConfig
And here's the installation of ISPConfig, where we have to answer new questions:
ISPConfig Port [8080]: <-- Enter Admin password [8208023b]: <-- Adjunk meg egy jelszót az ISPConfig admin felhasználója számára Re-enter admin password []: <-- Ismételjük meg Do you want a secure (SSL) connection to the ISPConfig web interface (y,n) [y]: <-- Enter
Here for the last request, if you chose SSL for the ISPConfig front end, it will generate a self-signed SSL for ISPConfig again. Here too, according to our opinion, we answer:
Generating RSA private key, 4096 bit long modulus (2 primes) ................................++++ .................++++ e is 65537 (0x010001) You are about to be asked to enter information that will be incorporated into your certificate request. What you are about to enter is what is called a Distinguished Name or a DN. There are quite a few fields but you can leave some blank For some fields there will be a default value, If you enter '.', the field will be left blank. ----- Country Name (2 letter code) [AU]: <-- HU State or Province Name (full name) [Some-State]: <-- Magyarország Locality Name (eg, city) []: <-- Városunk neve Organization Name (eg, company) [Internet Widgits Pty Ltd]: <-- Cégünk neve Organizational Unit Name (eg, section) []: <-- Osztály neve Common Name (e.g. server FQDN or YOUR name) []: <-- Teljes hosztnevünk Email Address []: <-- email címünk
Then ask two more questions, leave them blank:
Please enter the following 'extra' attributes to be sent with your certificate request A challenge password []: <-- Enter An optional company name []: <-- Enter writing RSA key
Finally, it sets the backlog:
Configuring DBServer Installing ISPConfig crontab Installing ISPConfig crontab no crontab for root no crontab for getmail Detect IP addresses Restarting services ... Installation completed.
And you're done with the installation.
Next, the ISPConfig interface can be accessed on port 8080 using the IP address of our server:
https://192.168.1.130:8080
First we drop a security warning to our spy, this is because of self-signed SSL. Here we go one step further another description of how to set up normal SSL for the ISPConfig interface, of course, only on a high-utilization server.
If you skipped the error message, the access panel will already appear:
Let's enter it here admin with and with the password above:
And we're already on the start page.
In the Monitor main menu, you can verify that all features are working properly:
Everything is perfect.
That is how much it would be to install ISPConfig.
Activate additional Fail2Ban filters (optional)
After installing ISPConfig, you have created the appropriate directory structure for the Apache logs, so as I expected earlier, we will activate another Apache filter Fail2Ban szĂĄmĂĄra. This section is only executed in a harsh server environment, and does not matter in a home test environment.
So if you are working on a full server and security is important, open it for editing /etc/fail2ban/jail.local file:
nano /etc/fail2ban/jail.local
And add the following two jails:
[apache-auth] enabled = true port = http,https filter = apache-auth # logpath = /var/log/apache*/*error.log logpath = /var/log/ispconfig/httpd/*/error.log findtime = 3600 maxretry = 2 [apache-noscript] enabled = true port = http,https filter = apache-noscript logpath = /var/log/ispconfig/httpd/*/error.log findtime = 3600 maxretry = 2
The first jail / filter is for Apache authentication errors. So, for example, if we have a password-protected directory that we protect with the .htpasswd file (such as web stats), it will block login attempts here in Fail2Ban. the original logpath is set up for a basic Apache installation (e.g. LAMP server), so I commented out and set up the error log files in the newly created directory structure for ISPConfig. I used the * character in the path, so the filter will work on all webpages created later. The second jail / filter monitors attempts to load non-existent script files. Both filters are useful.
However, the configured error log files still do not exist, so Fail2Ban cannot start the two new jails. To do this, create a blank log file below the primary hostname of the server. So once you find a log file, the jail will start:
touch /var/log/ispconfig/httpd/$(hostname -f)/error.log
Now let's restart Fail2Ban:
systemctl restart fail2ban
I'll check to make sure it's working:
systemctl status fail2ban
● fail2ban.service - Fail2Ban Service
Loaded: loaded (/lib/systemd/system/fail2ban.service; enabled; vendor preset: enabled)
Active: active (running) since Thu 2020-01-02 16:55:43 CET; 7s ago
Docs: man:fail2ban(1)
Process: 22645 ExecStartPre=/bin/mkdir -p /var/run/fail2ban (code=exited, status=0/SUCCESS)
Main PID: 22646 (fail2ban-server)
Tasks: 13 (limit: 4701)
Memory: 14.5M
CGroup: /system.slice/fail2ban.service
└─22646 /usr/bin/python3 /usr/bin/fail2ban-server -xf start
jan 02 16:55:43 debian10 systemd[1]: Starting Fail2Ban Service...
jan 02 16:55:43 debian10 systemd[1]: Started Fail2Ban Service.
jan 02 16:55:43 debian10 fail2ban-server[22646]: Server ready
Download server
Conclusion
This installation will provide you with a complete web server that will allow you to start operating your web pages. And with the help of the ISPConfig control panel, you can manage all the important corners of your system in one place.
What's next?
Once our server is ready, you may be wondering where we are going next. First I suggest it Create your first web pages, after which the content of a web page can be uploaded. It is also worth re-solving the following related links here.
- Perfect server: Debian 8 (Jessie) V1.0
- Perfect server: Debian 9 (stretch) V1.0
- Perfect server: Debian 11 (Bullseye) v1.0
- How to build and arming our ISPConfig3 server and how to secure our control panel, main services and websites with Let's Encrypt SSL
- Installing Debian 10 (Buster) LAMP Server v1.0
- Debian 11 (Bullseye) LAMP server v1.0 installation
- Creating the first Web account in the ISPConfig server configuration
- Update the ISPConfig 3 control panel
- How to secure our ISPConfig3 control panel and key services with free Let's Encrypt SSL
- Installing and setting up Drupal 8 CMS system
- Installing WordPress 5.2 CMS on an ISPConfig server environment
- The Perfect Server - Debian 10 (Buster) with Apache, BIND, Dovecot, PureFTPD and ISPConfig 3.1
- How to configure custom PHP versions on our ISPConfig server
- How to install PHP 8 on your Debian or Ubuntu server
- Download the perfect server: Debian 10 (Buster) v1.1
- How to set the default website on our ISPConfig server so that the Apache2 Debian Default page is not loaded when accessing the server's IP address or full hostname
- How to upgrade our perfect server based on Debian 10 (Buster) to Debian 11 (Bullseye)
Navigation
Hozzászólások
Hi! On the RoundCube interface…
Hi!
In the RoundCube interface, the username is the email address and can be accessed with the password entered.
If the password is incorrect, such as a typo, etc., a new password must be set in the ISPConfig interface and then accessed in the RoundCube webmail.
Hi! I got stuck in the roundcube…
Hi!
I got stuck installing the roundcube. It writes, "The following packages have unfulfilled dependencies:
roundcube-core: Depends on libjs-codemirror (> = 5.46.0 ~) but only 5.43.0-1 + deb10u1 can be installed
E: The problems can't be fixed, it took back damaged packages. "
What should I do then?
Thanks in advance for the answer.
Bye bye.
- To post registration and login required
- 1201 views
perfect deb10 server
I wrote with the title above earlier. Clicking on the front view makes the typed text disappear. Should I start over? The problem is that my Webmail password is wrong, I can't log in with the roundcube user. (password starting with 45r3R .... etc)
Greetings: fgabor