Initial config with new server, domain and 2 IP adresses

Thank you Falko and thank you for the tutorials on "perfect server with ..." They have helped me twice now, and I really appreciate it.

The one thing that I need more help understanding - which has always been a problem for me with your tutorials (both lenny and ispconfig2 and squeeze + ISPConfig 3) - and it's not adequately covered in the documentation or manual - is the very first step. So I will post a thread on this:

Basically, your guide to installing the perfect server doesn't address the following in terms many of us newbies can understand:

I order my first real dedicated server and I am given 2 IP addresses. I must use a domain, so I choose "domain.com". and that is assignedIP #1. I go to my registrar and create child nameservers ns1.domain.com and ns2.domain.com and give them IP #1 and IP #2 - OR is this already a mistake, since how can IP #1 work for BOTH domain.com and ns1.domain.com ? SO, do I have to create child namservers of domain.com and ns2.domain.com ? This is unclear and seems crucial. I have tried it BOTH ways and still cannot get a dig with ns2.domain.com to return anything for any domain. Also, I cannot get the webmail to work for my main domain, domain.com.

I saw your guide about how to do this, but it says you need 2 servers. So, it is unclear to me if you mean 2 actual hardware servers or 2 virtual instances on a server - OR do you mean creating 2 servers - without virtualization - on 1 dedicated server? - ISPConfig3 doen't let me add another server.

So, I am hoping someone will help with this very first step - which I really want to get right.

Thanks;

Eddie

 

The configuration of the ISPConfig system falls outside the scope of the "Perfect How-to's" for installing them.

Just register the 2 IP's at your registrar as being the "Authoritative" servers for "domain.com. (You can use hostnames, if your registrar supports glue records)

"A glue record is the IP address of a name server held at the domain name registry.
Glue records are required when you wish to set the name servers of a domain name to a hostname under the domain name itself."

When you've done that, all dns lookup requests for "*.domain.com" will be forwarded to one of those 2 IP's. From that point on, it's up to what you enter in de DNS admin part of the ISPConfig web interface.

 

Yes I have done this

Thanks for your response. Of course I have already done this. I am wondering if the tutorial on "How To Run Your Own DNS Servers (Primary And Secondary) With ISPConfig 3 (Debian Squeeze) "

actually requires you to have two stand-alone servers or two virtual server instances - or is that use of the word "server" referring to something else?

In other words, can that tutorial be sucessfully completed with one (1) un-virtualized server?

Thanks.

Edddie

 

Well, if you keep it on one server, then there's no real secondary dns server. It's the same server that hosts the 2nd ip.

You can use 2 physical servers or 2 vm's to set up a more real pri/sec dns server setup.

It can be completed, just ignore all the replicating stuff, just set up the primary server and you're done.

 

Problem with Squirrelmail

Thanks for your response Mark.

Youll be glad to know that I bought the ISPConfig 3 Manual!

I installed the squeeze for amd_64 with courier and ispconfig3

I added the symbolic links to use "webmail" as shown in the guide.

I have followed the instructions very carefully, and now cannot access any squirrelmail or webmail - a security pop-up box appears and tells me that it is downloading a file called "webmail".

when I "intodns.com" the server's main domain, net-speed.com, and two add-on domains, compulistings.com and internetbillingcenter.biz, I get no errors.

I have a feeling that I am still missing something in the DNS zone area. Would you tell me if the following looks like a good setup, please?

I set ns1.net-speed.com to IP1 and ns2.net-speed.com to IP2 - GLUE is good.

My server is called "net-speed.com" and has IP1

1.) Did I make a fatal mistake by using the domain net-speed.com as the server hostname (instead of something like server.net-speed.com) ?

2.) I added IP2 to the servers' IP address list in ISPConfig3. IP1 was already there. Was this the right thing to do? The manual doesn't cover when or why one would do this. (I also added 2 DNS servers that the server provider let me use as local resolvers for he server, IP3 and IP4. I veriied that all 4 IP's are in the /etc/resolv.conf file along with 127.0.0.0.)

3.) Is it recommended to use IP1, IP2 or * when adding web sites in ISPConfig3. The difference between these is not dealt with in the manual.

All websites are resolving, but I cannot get webmail on individual sites, only at the ip1:8080/squirrelmail URL.

I appreciate your help,

Ed

 

Thanks - different problem now

Thanks for your response Till.

This server is an IBM and maybe that explains why it has eth0:67 instead of eth0:1 for the second ip address I added as regards the network card. The second IP ends in 67. If this doesn't seem right, please let me know.

Now that I have made the changes to change the server hostname to server1.net-speed.com, I receive the ISPConfig3 index.php landing page for all the sites, and I obtain the Squirrelmail login. Now I get the following error message when attempting all squirrrelmail logins - even newly created ones, even when I deleted email accounts and mailboxes and recreated, and with domains having both fast cgi and mod_php:

Error opening ../config/default_pref
Could not create initial preference file!
/var/lib/squirrelmail/data/ should be writable by user www-data
Please contact your system administrator and report this error.

I tried chmod ing the acl for the folder /var/squirrelmail/data/ and the .perf files inside it to allow group read, write and execute, but that did not help.

Is it supposed to work with fast_cgi or only with mod_php ? - I read about the mod_php fix in a different thread, but that was for a virtualized instance.

What would you suggest to allow login to squirrelmail?

Thanks again.

Also, I re-read the pages in the manual you listed, and nowhere in there does it explain why one would want to have ns1 rather than ns2 be the listed nameserver for any given website.

 

More problems and 2 questions

HELLO,

7 hours later my server is different - and I can no longer get the squirrelmail login page on most domains, only on 1! This seems very "buggy" to me.

Aditionally now "intodns.com" shows no reverse pointer record for MX

So I have a few questions:

1. How long after making changes to the DNS zones or websites areas in ISPConfig3 does it take for the changes to be reflected in the server? And, do I need to reload apache2 or not to make the changes in ISPConfig3 stick? Or is a full server reboot needed?

2. I have added the TXT record to my DNS Zones as follows (without really understanding it - just following the guide): "v=spf1 a mx ip4:94.228.222.66 -all"

I am trying to use 94.228.222.66 for mail (this is also the main IP for the server.net-speed.com and the IP for ns1.net-speed.com - it IS possible to have the same IP for these, isn't it?) and am using 94.228.222.67 for ns2.net-speed.com and setting the websites to that IP. Since I am trying to do it this way, - please tell me i this is wrong, if the "a" and the "mx" in that TXT record, above refer to A and MX records, should I remove the "a" from that TXT record?

3. The manual doesn't mention anything about whether or not it is important to set up a web domain or a DNS Zone first - could this be important, and what do you recommend, please?

4. Is it possible to change a Web Domain from fast_CGI to mod_PHP and back again at will in the ISPConig3 Manage - or is that the problem - since they involve different permissions/problems? Is there a tutorial on how to fix this?
Do we have to decide definitively which type of PHP we will use for each Web Domain when we create it, and then never change it for ISPConfig3 to work properly with squeeze?

5. Would an uninstall and then re-install of squirrelmail be the easiest thing to do at this point to get this server working right with email functioning with logins at each domain functioning? Or would you recommend deleting all web domains, dns zones, email accounts and mailboxes and start fresh?

There is nothing of value on this server, I want to get it right before starting to use it.

Thanks for your help.

Best regards,

Eddie

 

Error Example - buggy ISPConfig3?

For example, "internetbillingcenter.biz" and "compulistings.com" are setup EXACTLY the same way in ISPCongif - down to the least detail in DNS Zones, and Web Domains - yet when trying to access webmail - one gives a login screen which does not work and has the above-mentioned error, while the other does not give a login screen and a security pop-up box pops up and tries to download a file called "webmail"?

Lastly, I re-read Till's response, above in this thread, and perhaps did not comprehend what he states about choosing * or an IP for each Web Domain. I am hosting many many sites on this server, so without talking about ssl - which I know requires a dedicates Ip for each site, I want to use one IP for a hundred or more sites - Till says to choose the *, or if no other website is using an Ip an IP address, then says it is safer to choose an IP? I don't understand - I don't think this is very important, but I am trying to eliminate errors and set up the server properly - is it better to use the *, IP1 (which is being used for sever1.net-speed.com and ns1.net-speed.com) or IP2, which is being used for ns2.net-speed.com, OR try to balance the web domains and give half to each IP? I would appreciate a recommendation on this - or a clear statement that it doesn't matter at all.

Thanks

How can this be possible?

Thanks,

Eddie

 

Thanks Till - any response to the ilportant questions re ISPConfig3, please?

Hello Till,

Just wanted to let you know that i really did buy the manual
([email protected] - Date: 2011-09-21)

and either i've done somehing wrong;, or ISPConfig is buggy.

1.) I am wondering if it takes more than a minute for ISP config to write modifications - there were times I made modiications in ISPConfig and then rebooted the server after only a minute or two - could this have caused problems?

2.) Does it matter whether I creat a dns zone file first and then a website for a domain - or vice-versa? Is order important her?

3.) Is it a known problem that fast_CGI - the default - will not allow squirrelmail with postfix and courier to work properly?

4.) Is it a known problem that once a dns zone and website have been setup that a change in the type of PHP will cause errors when trying to login to squirrelmail - an inability to login ? And, if so, is there a fix?

Thanks,

I've got to get this thing right and i've been at it 3 days of 12 hoiurs and can't find another pos with the exact same problem.

Would you recommend removing squirrelmail and the re-installing it? Could I do this without touching postfix or courier?


Best

Eddie

 

If the shut down was executed the moment the ISPConfig backend process ran, the backend process might have been cut in the middle, so yes, this could have caused problems. Please check if the /usr/local/ispconfig/server/temp/.ispconfig_lock exists - if so, either there is a backend process running currently, or it is a remainder from an interrupted backend process. If it is till there after a few seconds, it probably is a remainder, and you can delete it. The next time the backend process runs, it should catch up on everything.

No. It's only important when you register a domain - the zone should exist before you register a domain because otherwise you will get a warning from the registry.

 

Still having problems with permissions I think?

OK, I am giving ISPConfig time to make its changes before rebooting.

I am still having the same problem trying to get webmail login with http://domain.com/webmail, and there is a brower security popup - instead of the login page - I have just tried to install phpmyadmin, and have created an alias and <Directory> entry in the /etc/apache2/sites-available file for the main domain, and when I try to get that page, I receive the same security popup asking me if I want ot download the "phpmyadmin" file.

SO, there is something going on here that I don't understand. Is it a permissions problem for accessing the page domain.com/webmail and domain.com/phpmyadmin? If so, what is the recommended fix? "chmod 755 /etc/apache2/sites-available/domain.com/webmail - for each of them and "chmod 755 for /etc/apache2/sites-available/domain.com vhost/phpmyadmin" OR would it be
"chmod 755 for /etc/apache2/sites-available/domain.com/phpmyadmin"


I really don't get how to make this work. Any help is truly appreciated. I saw that no-one answered another member who asked about this problem. I don't know why.

Thanks,

Eddie

 

The phpMyAdmin and SquirrelMail configuration files for Apache must be in the /etc/apache2/conf.d directory.

Is mod_php enabled for the websites from which you try to access phpMyAdmin/SquirrelMail?

 

Problems still exist

Hello,

Thanks for your advice. I have done extensive testing and have the following problems:

1. Squirrelmail, phpMyAdmin and phpPgAdmin at domain.com/squirrelmail, domain.com/phpMyAdmin and domain.com/phppgadmin ONLY show a login screen in sites that are set as MOD_PHP and NEVER show a login screen for sites that are set in ISPConfig3 as FastCGI.

2. To get the mod_php sites to show a login screen I had to make the following changes:

in /etc/phpmyadmin/config.inc.php I had to add the line:
$cfg['PmaAbsoluteUri'] = 'http://localhost/phpmyadmin';

in /etc/phppgadmin/config.inc.php I had to modify the 'host' value to be 'localhost'

3. When I try to access the login for any of the 3, squirrelmail, phpmyadmin or phppgadmin, at sites which are set to FastCGI I get no login screen, and a file is trying to download. In squirrelmail I also get the following error message:

Error opening .../config/default_pref
Could not create initial preference file
/var/lib/squirrelmail/data should be writeable by user www-data

And most strange of all, in my /etc/apache2/conf.d directory I have entries for phppgadmin and squirrelmail:

phppgadmin@
squirrelmail.conf@

but NO entry for phpmyadmin.

I am able to successfully login to squirrelmail, phpmyadmin and phppgadmin on MOD_PHP sites.

4. In my /etc/apache2/conf.d/squirrelmail.conf file I have:

Alias /squirrelmail /usr/share/squirrelmail
Alias /webmail /usr/share/squirrelmail

and I have:

<Files configtest.php
deny from all
allow from 127.0.0.1 etc


everything else looks OK

5. In my /etc/apache2/conf.d/phppgadmin file I have:

Alias /phppgadmin /usr/share/phppgadmin


and


#deny from all
allow from 127.0.0.0/255.0.0.0 ::1/128
#allow from all

Can you make any sense of this and give me any advice, please. I do want to use FastCGI on some sites.

Thank you very much,

Eddie

 

Thanks for the detailed report. I've added this to our bugtracker.

 

Are you sure that phpMyAdmin doesn't work under FastCGI? For me it works out of the box under all PHP modes with the following configuration in /etc/apache2/conf.d/phpmyadmin.conf:

Code:

# phpMyAdmin default Apache configuration

Alias /phpmyadmin /usr/share/phpmyadmin

<Directory /usr/share/phpmyadmin>
        Options FollowSymLinks
        DirectoryIndex index.php

        <IfModule mod_php5.c>
                AddType application/x-httpd-php .php

                php_flag magic_quotes_gpc Off
                php_flag track_vars On
                php_flag register_globals Off
                php_admin_flag allow_url_fopen Off
                php_value include_path .
                php_admin_value upload_tmp_dir /var/lib/phpmyadmin/tmp
                php_admin_value open_basedir /usr/share/phpmyadmin/:/etc/phpmyadmin/:/var/lib/phpmyadmin/
        </IfModule>

</Directory>

# Authorize for setup
<Directory /usr/share/phpmyadmin/setup>
    <IfModule mod_authn_file.c>
    AuthType Basic
    AuthName "phpMyAdmin Setup"
    AuthUserFile /etc/phpmyadmin/htpasswd.setup
    </IfModule>
    Require valid-user
</Directory>

# Disallow web access to directories that don't need it
<Directory /usr/share/phpmyadmin/libraries>
    Order Deny,Allow
    Deny from All
</Directory>
<Directory /usr/share/phpmyadmin/setup/lib>
    Order Deny,Allow
    Deny from All
</Directory>

SquirrelMail works under mod_php; for FastCGI and suPHP, I had to modify /etc/apache2/conf.d/squirrelmail.conf as follows:

Code:

Alias /squirrelmail /usr/share/squirrelmail
Alias /webmail /usr/share/squirrelmail

<Directory /usr/share/squirrelmail>
  Options FollowSymLinks
  <IfModule mod_php5.c>
    [COLOR="Red"]AddType application/x-httpd-php .php
    php_flag magic_quotes_gpc Off
    php_flag track_vars On
    php_admin_flag allow_url_fopen Off
    php_value include_path .
    php_admin_value upload_tmp_dir /var/lib/squirrelmail/tmp
    php_admin_value open_basedir /usr/share/squirrelmail:/etc/squirrelmail:/var/lib/squirrelmail:/etc/hostname:/etc/mailname[/COLOR]
    php_flag register_globals off
  </IfModule>
  <IfModule mod_dir.c>
    DirectoryIndex index.php
  </IfModule>

  # access to configtest is limited by default to prevent information leak
  <Files configtest.php>
    order deny,allow
    deny from all
    allow from 127.0.0.1
  </Files>
</Directory>

(Despite these changes, it doesn't work under CGI + suExec (CGI without suExec does work), but you don't use this mode.)

Create /var/lib/squirrelmail/tmp and make it writable for the www-data user...

Code:

mkdir /var/lib/squirrelmail/tmp
chown www-data /var/lib/squirrelmail/tmp

... and reload Apache:

Code:

/etc/init.d/apache2 reload