2. page content
Continuation
A Debian 9 (Stretch) is the perfect server for v1.0 on the first page of the installer description, we installed the Postfix, Dovecot, MariaDB and rkhunter programs. On this page we will continue with the installation, starting with Amavisd, SpamAssassin and ClamAV.
Install Amavisd-new, SpamAssassin and ClamAV
To install the titles, run the following apt-get command (I split it into several lines for clarity):
apt-get install -y \
amavisd-new spamassassin clamav clamav-daemon \
zoo unzip bzip2 arj nomarch lzop cabextract \
apt-listchanges libnet-ldap-perl libauthen-sasl-perl \
clamav-docs daemon libio-string-perl libio-socket-ssl-perl \
libnet-ident-perl zip libnet-dns-perl libdbd-mysql-perl postgrey
Az ISPConfig The 3 installation uses amavisd, which loads the SpamAssassin filter directory separately, so we can stop it now to free up some memory by using the service and systemctl commands:
service spamassassin stop
systemctl disable spamassassin
Installing Apache2, PHP, FCGI, suExec, Pear, phpMyAdmin, and mcrypt
Use the following command to install the Apache, PHP, FCGI, suExec, Pear, phpMyAdmin and mcrypt packages:
apt-get -y install \
apache2 apache2-doc apache2-utils libapache2-mod-php \
php7.0 php7.0-common php7.0-gd php7.0-mysql php7.0-imap \
phpmyadmin php7.0-cli php7.0-cgi \
libapache2-mod-fcgid apache2-suexec-pristine php-pear \
php7.0-mcrypt mcrypt imagemagick libruby \
libapache2-mod-python \
php7.0-curl php7.0-intl php7.0-pspell php7.0-recode \
php7.0-sqlite3 php7.0-tidy php7.0-xmlrpc php7.0-xsl \
memcached php-memcache php-imagick php-gettext \
php7.0-zip php7.0-mbstring libapache2-mod-passenger \
php7.0-soap
During the installation of the packages, some dialogs will appear with the questions.
Configure phpMyAdmin
You will first be asked which web server to configure to run phpMyAdmin:
Select Apache2 here.
To get started, phpMyAdmin needs a basic database in which to store its own settings, and so on. The following panel asks you about the automatic creation of this database:
Of course, we want to create the basic database automatically, so choose it here Yes option.
In addition, the system requires an application-level database access (control user) to perform administrative operations on the databases in the background. This access is used only by the system. You will be prompted for a new password in the following panel:
This account will have nothing to do in the future, so press enter to generate a password for yourself.
Finally, if we have done everything right, we can now log into phpMyAdmin with root:
Configuring Apache
Enable basic Apache modules:
a2enmod suexec rewrite ssl actions include cgi headers
And if you want WebDAV, then let's run this:
a2enmod dav_fs dav auth_digest
Then, a known vulnerability (httpoxy) with a small setting. Create a new Apache configuration file (/etc/apache2/conf-available/httpoxy.conf):
nano /etc/apache2/conf-available/httpoxy.conf
Then add the following content:
<IfModule mod_headers.c> RequestHeader unset Proxy early </IfModule>
Let's enable configuration with a2andconf command:
a2enconf httpoxy
And let's restart Apache:
service apache2 restart
Install Let's Encrypt
ISPConfig 3 supports Let's Encrypt complete treatment with which it is free SSL we can provide certificates to the websites we manage to be secure HTTPS to run them on a protocol.
If you are installing our server for live use, you should definitely install Let's Encrypt. Here's how:
Let's open it APT package manager source list:
nano /etc/apt/sources.list
And if you're not already on the list, add the backports repository to get the latest ACME Client package:
deb http://ftp.debian.org/debian stretch-backports main
Then update the package manager database:
apt-get update
Then install the latest certbot program (for Apache) from the backports repository:
apt-get install python-certbot-apache -t stretch-backports
I've made one about this before another description, in which I detailed the variations around the certbot versions.
The 0.28.0-1 certbot package, previously in backports only, has since been ported to Debian 9 (Stretch) main storage so you can install the same version without using backports. However, it is always worth looking at the backports packages as newer versions always appear first. So if you stay with the backports repository, you will probably get newer versions of your packages from there, but at least the same as the main repository.
That's why I left the original part in the description.
After installation, you can also query the version:
certbot --version
And the answer is:
certbot 0.28.0
So we got exactly the latest version.
After that, let's do no more with Let's Encryption, and ISPConfig3 will now handle retrieving / renewing SSLs for web pages.
Install PHP-FPM
In order to PHP-FPM We can run PHP in SAPI mode, we need to install the appropriate package separately:
apt-get -y install php7.0-fpm
I have the 7.0.33 version, which is now the latest from the 7.0 branch (2018. December 6 release).
Next, we need to enable some Apache modules that are required for PHP-FPM to work properly:
a2enmod actions proxy_fcgi alias
Then restart Apache:
service apache2 restart
Install PHP opcode cache (optional)
For PHP-based websites - especially if any CMS system we are running - it is advisable to install the PHP intermediate code cache module. Optional, but significantly reduces the generation time of more complex PHP-based websites.
To install, run the following command:
apt-get -y install php7.0-opcache php-apcu
Then restart Apache:
service apache2 restart
Installing PureFTPd
PureFTPd is a free FTP daemon, with which we can provide FTP and FTPS access to web hosting on the server for our customers. To install it, run the following command:
apt-get -y install pure-ftpd-common pure-ftpd-mysql
Let's create one dhparam file for PureFTPd:
openssl dhparam -out /etc/ssl/private/pure-ftpd-dhparams.pem 2048
(Generates about 1 minutes, generating dots and extra signs, don't stop.)
Then open the / Etc / default / pure-ftpd-common file:
nano /etc/default/pure-ftpd-common
And make sure the STANDALONE_OR_INETD and VIRTUALCHROOT settings get the following values:
[...] STANDALONE_OR_INETD=standalone [...] VIRTUALCHROOT=true [...]
Then save it.
By default, FTP is an unencrypted channel, the data transmitted over it migrates as plain text between the parties. Therefore, it must be encrypted using the TLS / SSL protocol to upload / download files in encrypted form between the server and the FTP client.
To set this up, enter the following command:
echo 1 > /etc/pure-ftpd/conf/TLS
Next, create a directory for your certificate to create:
mkdir -p /etc/ssl/private/
And let's create our self-signed certificate:
openssl req -x509 -nodes -days 7300 -newkey rsa:2048 -keyout /etc/ssl/private/pure-ftpd.pem -out /etc/ssl/private/pure-ftpd.pem
Some information is needed to create the certificate, which is requested from us by the openssl program.
So the full output and the data to be input in green:
pem -out /etc/ssl/private/pure-ftpd.pem Generating a RSA private key ..................................................................................................+++++ ............................+++++ writing new private key to '/etc/ssl/private/pure-ftpd.pem' ----- You are about to be asked to enter information that will be incorporated into your certificate request. What you are about to enter is what is called a Distinguished Name or a DN. There are quite a few fields but you can leave some blank For some fields there will be a default value, If you enter '.', the field will be left blank. ----- Country Name (2 letter code) [AU]:HU State or Province Name (full name) [Some-State]:Magyarország Locality Name (eg, city) []:Budapest Organization Name (eg, company) [Internet Widgits Pty Ltd]:Linuxportal Organizational Unit Name (eg, section) []:IT Department Common Name (e.g. server FQDN or YOUR name) []:debian9.linuxportal.vm Email Address []:email címem
Next, set the permissions of your generated pem file to chmod command to prevent other users from accessing the server:
chmod 600 /etc/ssl/private/pure-ftpd.pem
Then restart PureFTPd:
service pure-ftpd-mysql restart
A next page we continue with installing Quota.
- Download perfect server: Debian 9 (Stretch) V1.0
- Perfect server: Debian 8 (Jessie) V1.0
- Perfect server: Debian 10 (Buster) V1.0
- Perfect server: Debian 11 (Bullseye) v1.0
- How to build and arming our ISPConfig3 server and how to secure our control panel, main services and websites with Let's Encrypt SSL
- Install Debian 9 (Stretch) Minimum Server
- Howtoforge - The Perfect Server - Debian 9 (Stretch) with Apache, BIND, Dovecot, PureFTPD and ISPConfig 3.1 (source)
- Installing Debian 8 (Jessie) LAMP Server v1.0
- Installing Debian 9 (Stretch) LAMP Server v1.0
- Install v18.04 on the Ubuntu 1.0 LTS (Bionic Beaver) LAMP Server
- Debian 11 (Bullseye) LAMP server v1.0 installation
- How to install PHP 5.6.40 as an optional version on Debian 9 (Stretch) perfect server
- How to configure custom PHP versions on our ISPConfig server
- Installing and setting up Drupal 8 CMS system
- Installing WordPress 5.2 CMS on an ISPConfig server environment
- Install a minimum server for Ubuntu 18.04 LTS (Bionic Beaver)
- How to set the default website on our ISPConfig server so that the Apache2 Debian Default page is not loaded when accessing the server's IP address or full hostname
Navigation
- To post registration and login required
- 1015 views