Потребовалось мне настроить сервер виртуального хостинга со всеми вытекающими (Postfix,mysql,phpmyadmin,apache,php,spamassasin,bind,dovecot ну и приличной мордой управления а ля ispconfig при этом для каждого пользователя доступ в свой сайт как по ftp так и ssh. Приступимс…
Имеем чистый установленый ubuntu
root@mail:~# uname -a
Linux mail.iamroot.ru 2.6.35-22-server #35-Ubuntu SMP Sat Oct 16 22:02:33 UTC 2010 x86_64 GNU/Linux
Выставляем статические сетевые адреса
nano /etc/network/interfaces
# This file describes the network interfaces available on your system # and how to activate them. For more information, see interfaces(5).
# The loopback network interface auto lo iface lo inet loopback
# The primary network interface
#allow-hotplug eth0
#iface eth0 inet dhcp auto eth1
iface eth1 inet static address 192.168.0.222
netmask 255.255.255.0
network 192.168.0.0
broadcast 192.168.0.255
gateway 192.168.0.12
Рестартим сеть
/etc/init.d/networking restart
Правим /etc/hosts
127.0.0.1 localhost.localdomain localhost
192.168.0.222 mail.iamroot.ru mail
echo mail.iamroot.ru > /etc/hostname
hostname
hostname -f
Ставим обновления, обновляем источники пакетов
apt-get update
apt-get upgrade
dpkg-reconfigure dash
apt-get install ntp ntpdate install postfix postfix-mysql postfix-doc mysql-client mysql-server openssl getmail4 rkhunter binutils dovecot-imapd dovecot-pop3d sudo amavisd-new spamassassin clamav clamav-daemon zoo unzip bzip2 arj nomarch lzop cabextract apt-listchanges libnet-ldap-perl libauthen-sasl-perl clamav-docs daemon libio-string-perl libio-socket-ssl-perl libnet-ident-perl zip libnet-dns-perl apache2 apache2.2-common apache2-doc apache2-mpm-prefork apache2-utils libexpat1 ssl-cert libapache2-mod-php5 php5 php5-common php5-gd php5-mysql php5-imap phpmyadmin php5-cli php5-cgi libapache2-mod-fcgid apache2-suexec php-pear php-auth php5-mcrypt mcrypt php5-imagick imagemagick libapache2-mod-suphp libruby libapache2-mod-ruby
General type of mail configuration: <— Internet Site
System mail name: <— mail.iamroot.ru
New password for the MySQL «root» user: <— pAsSw0rD
Repeat password for the MySQL «root» user: <— pAsSw0rD
Web server to reconfigure automatically: <— apache2
Configure database for phpmyadmin with dbconfig-common? <— No
Комментим в /etc/mysql/my.cnf
#bind-address = 127.0.0.1
/etc/init.d/mysql restart
netstat -tap | grep mysql
Если видим следующую строку то всё окей
tcp 0 0 *:mysql *:* LISTEN 10237/mysqld
/etc/init.d/spamassassin stop
update-rc.d -f spamassassin remove
a2enmod suexec rewrite ssl actions include
a2enmod dav_fs dav auth_digest
/etc/init.d/apache2 restart
apt-get install pure-ftpd-common pure-ftpd-mysql quota quotatool
nano /etc/default/pure-ftpd-common
….
STANDALONE_OR_INETD=standalone
VIRTUALCHROOT=true
…..
echo 1 > /etc/pure-ftpd/conf/TLS
mkdir -p /etc/ssl/private/
openssl req -x509 -nodes -days 7300 -newkey rsa:2048 -keyout /etc/ssl/private/pure-ftpd.pem -out /etc/ssl/private/pure-ftpd.pem
Country Name (2 letter code) [AU]: < RU
State or Province Name (full name) [Some-State]: < SPB
Locality Name (eg, city) []: <—SPB
chmod 600 /etc/ssl/private/pure-ftpd.pem
/etc/init.d/pure-ftpd-mysql restart
nano /etc/fstab
К корневой точке монтирования добавляем ,usrjquota=aquota.user,grpjquota=aquota.group,jqfmt=vfsv0
nano /etc/fstab
mount -o remount /
quotacheck -avugm
quotaon -avug
apt-get install bind9 dnsutils vlogger webalizer awstats
nano /etc/cron.d/awstats
Закомментим все строки
Ставим Jailkit
apt-get install build-essential autoconf automake1.9 libtool flex bison debhelper
mkdir /tmp/src
cd /tmp/src
wget http://olivier.sessink.nl/jailkit/jailkit-2.15.tar.gz
tar xvfz jailkit-2.15.tar.gz
cd jailkit-2.15
./debian/rules binary
cd ..
dpkg -i jailkit_2.15-1_*.deb
rm -rf jailkit-2.15*
apt-get install fail2ban
nano /etc/fail2ban/jail.local
[pureftpd]
enabled = true
port = ftp
filter = pureftpd
logpath = /var/log/syslog
maxretry = 3
[dovecot-pop3imap]
enabled = true
filter = dovecot-pop3imap
action = iptables-multiport[name=dovecot-pop3imap, port=»pop3,pop3s,imap,imaps», protocol=tcp]
logpath = /var/log/mail.log
maxretry = 5
nano /etc/fail2ban/jail.local
nano /etc/fail2ban/filter.d/pureftpd.conf
[Definition]
failregex = .*pure-ftpd: (.*@<HOST>) [WARNING] Authentication failed for user.*
ignoreregex =
nano /etc/fail2ban/filter.d/dovecot-pop3imap.conf
[Definition]
failregex = (?: pop3-login|imap-login): .*(?:Authentication failure|Aborted login (auth failed|Aborted login (tried to use disabled|Disconnected (auth failed|Aborted login (d+ authentication attempts).*rip=(?P<host>S*),.*
ignoreregex =
/etc/init.d/fail2ban restart
apt-get install squirrelmail
ln -s /usr/share/squirrelmail/ /var/www/webmail
squirrelmail-configure
На вопросы отвечаем
D
Dovecot
Любую клавишу чтоб продолжить
S
Q
cd /tmp/src
wget http://www.ispconfig.org/downloads/ISPConfig-3-stable.tar.gz
tar xfz ISPConfig-3-stable.tar.gz
cd ispconfig3_install/install/
php -q install.php
>> Initial configuration
Operating System: Debian 6.0 (Squeeze/Sid) or compatible
Following will be a few questions for primary configuration so be careful.
Default values are in [brackets] and can be accepted with <ENTER>.
Tap in «quit» (without the quotes) to stop the installer.
Select language (en,de) [en]: <— ENTER
Installation mode (standard,expert) [standard]: <— ENTER
Full qualified hostname (FQDN) of the server, eg server1.domain.tld [server1.example.com]: <— ENTER
MySQL server hostname [localhost]: <— ENTER
MySQL root username [root]: <— ENTER
MySQL root password []: <— pAsSw0rD
MySQL database to create [dbispconfig]: <— ENTER
MySQL charset [utf8]: <— ENTER
Generating a 2048 bit RSA private key
….+++
……………………….+++
writing new private key to ‘smtpd.key’
——
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter ‘.’, the field will be left blank.
——
Country Name (2 letter code) [AU]: <— ENTER
State or Province Name (full name) [Some-State]: <— ENTER
Locality Name (eg, city) []: <— ENTER
Organization Name (eg, company) [Internet Widgits Pty Ltd]: <— ENTER
Organizational Unit Name (eg, section) []: <— ENTER
Common Name (eg, YOUR name) []: <— ENTER
Email Address []: <— ENTER
Configuring Jailkit
Configuring Dovecot
Configuring Spamassassin
Configuring Amavisd
Configuring Getmail
Configuring Pureftpd
Configuring BIND
Configuring Apache
Configuring Vlogger
Configuring Apps vhost
Configuring Firewall
Installing ISPConfig
ISPConfig Port [8080]: <— ENTER
Configuring DBServer
Installing ISPConfig crontab
no crontab for root
no crontab for getmail
Restarting services …
Stopping MySQL database server: mysqld.
Starting MySQL database server: mysqld.
Checking for corrupt, not cleanly closed and upgrade needing tables..
Stopping Postfix Mail Transport Agent: postfix.
Starting Postfix Mail Transport Agent: postfix.
Stopping amavisd: amavisd-new.
Starting amavisd: amavisd-new.
Stopping ClamAV daemon: clamd.
Starting ClamAV daemon: clamd Bytecode: Security mode set to «TrustSigned».
.
If you have trouble with authentication failures,
enable auth_debug setting. See http://wiki.dovecot.org/WhyDoesItNotWork
This message goes away after the first successful login.
Restarting IMAP/POP3 mail server: dovecot.
Restarting web server: apache2 … waiting ..
Restarting ftp server: Running: /usr/sbin/pure-ftpd-mysql-virtualchroot -l mysql:/etc/pure-ftpd/db/mysql.conf -l pam -Y 1 -8 UTF-8 -H -D -b -O clf:/var/log/pure-ftpd/transfer.log -E -u 1000 -A -B
Installation completed.
Шагаем в
http://192.168.0.222:8080/
Логин admin Пароль admin
Закончили.
Перезагрузимся, смотрим /var/log/boot.log
Stopping jailkit: jk_socketd/usr/sbin/jk_socketd: no process found
done.
Starting jailkit: jk_socketdversion 2.15, no sockets specified in configfile /etc/jail/jk_socketd.ini or on commandline, nothing to do, exiting…
done.
Не пугаемся и создаем юзера для ssh в ispconfig
после чего делаем
/etc/init.d/jailkit restart
и всё начинает работать как часики…
Будут вопросы — с удовольствием отвечу