Based and abuttet to the HowTo - The Perfect Setup Debian Sarge (3.1) - of Falko Timme I wrote this HowTo for STRATO-Server, because Strato has some specifics in it´s Debian Sarge (3.1) - Image. Let me say first: This is one way of many possible, but I try this more than one time and it works. Anyway I must say to you, too -> If you use this HowTo you do it on your own risk ! You will lose all Files on the Strato-Server, ´cause we start with a brandnew installation of the Debian-Image ! If you have question mail me or send me a PM. If you want to have it in german language please mail me, too. >>Wer diese Anleitung auf deutsch haben möchte, muss mir nur eine eMail oder PN schreiben.<< You will need: a Strato - Dedicatet Server WinSCP3 and Putty or similar software on your computer at home We use (based on the HowTo by Falko Timme) for the Server: Apache 2 as web-server Postfix as mailserver Courier-POP3 and Courier-IMAP for eMail, too BIND as DNS-server proftpd as FTP-server Webalizer for statistics STEP 1 Install a new Debian-Image 3.1 with the Strato-Konfigurationsmenü ->Serverkonfiguration ->Neuinstallation mark the Box and choose Debian GNU/Linux 3.1 für Profis click on weiter fill in the code you will see Don´t forget: You will lose all Files on the Strato-Server, ´cause we start with a brandnew installation of the Debian-Image ! click on weiter wait until you get the eMail from Strato that the reinstallation is finished. STEP 2 Update the Debian Sarge Image login your server as root by Putty copy here the code and paste it in Putty follow the instructions Code: apt-get update If you´re asked that you want to stop now, ´cause a new kernell will be installed answer with no. But don´t forget to reboot your server after this upgrade. Code: apt-get dist-upgrade Code: apt-get upgrade (If someone said, that this is to much update and -grade, let me first answer: I try it many times and it works everytime a little bit other - and rather one time often than one time too little.) STEP 3 Add some more nameservers open and edit the file /etc/resolv.conf add some more nameservers (only if you want) Code: nameserver 81.169.163.104 nameserver 81.169.163.106 search serverkompetenz.net nameserver [I]ip.number.from.another[/I] STEP 4 Setting the hostname Instead of server1.example.com put in your real serverdomain (h12345.serverkompetenz.net) Code: echo [I]server1.example.com[/I] > /etc/hostname /bin/hostname -F /etc/hostname STEP 5 Install needed and missing software and remove unneeded software Code: apt-get install make gcc wget flex bzip2 rdate fetchmail libdb3++-dev unzip zip ncftp xlispstat libarchive-zip-perl zlib1g-dev libpopt-dev nmap openssl lynx fileutils Answer the questions with the default answers. Code: update-rc.d -f exim remove update-inetd --remove daytime update-inetd --remove telnet update-inetd --remove time update-inetd --remove finger update-inetd --remove talk update-inetd --remove ntalk update-inetd --remove ftp update-inetd --remove discard /etc/init.d/inetd reload STEP 6 Install and configure quota Code: apt-get install quota quotatool Answer the question with no. open and edit the file /etc/fstab Code: # /etc/fstab: static file system information. # # file system mount point type options dump pass /dev/sda1 /boot ext2 nosuid,nodev 0 2 /dev/sda2 none swap sw 0 0 /dev/sda3 / ext3 defaults,errors=remount-ro,usrquota,grpquota 0 1 proc /proc proc defaults 0 0 run the following steps: Code: touch /quota.user /quota.group chmod 600 /quota.* mount -o remount / quotacheck -avugm quotaon -avug STEP 7 Install and configure bind9 the DNS-Server Code: apt-get install bind9 /etc/init.d/bind9 stop open and edit the file /etc/default/bind9 Code: OPTIONS="-u bind -t /var/lib/named" run the following steps: Code: mkdir -p /var/lib/named/etc mkdir /var/lib/named/dev mkdir -p /var/lib/named/var/cache/bind mkdir -p /var/lib/named/var/run/bind/run mv /etc/bind /var/lib/named/etc ln -s /var/lib/named/etc/bind /etc/bind mknod /var/lib/named/dev/null c 1 3 mknod /var/lib/named/dev/random c 1 8 chmod 666 /var/lib/named/dev/null /var/lib/named/dev/random chown -R bind:bind /var/lib/named/var/* chown -R bind:bind /var/lib/named/etc/bind open and edit the file /etc/init.d/sysklogd. But only the line SYSLOGD="" Code: SYSLOGD="-a /var/lib/named/dev/log" run the following steps: Code: /etc/init.d/sysklogd restart /etc/init.d/bind9 start open and check the file /var/log/syslog for any errors in the last few lines. STEP 8 Install and configure MySQL Code: apt-get install mysql-server mysql-client libmysqlclient12-dev mysqladmin -u root password [I]replacethiswithyourrootmysqlpassword[/I] netstat -tap Now you should see something like: tcp 0 0 localhost:mysql *:* LISTEN 3133/mysqld STEP 9 Install and configure Postfix the mail-server with POP3/IMAP run the following steps: Code: apt-get install postfix postfix-tls procmail libsasl2 sasl2-bin libsasl2-modules ipopd-ssl uw-imapd-ssl Answer the questions in following steps: yes pop3 and pop3s no imap2/imaps no Internet Site NONE h12345.serverkompetenz.net h12345.serverkompetenz.net, localhost.serverkompetenz.net, localhost no 127.0.0.0/8 0 + yes Run the following steps: Code: postconf -e 'smtpd_sasl_local_domain =' postconf -e 'smtpd_sasl_auth_enable = yes' postconf -e 'smtpd_sasl_security_options = noanonymous' postconf -e 'broken_sasl_auth_clients = yes' postconf -e 'smtpd_recipient_restrictions = permit_sasl_authenticated,permit_mynetworks,reject_unauth_destination' postconf -e 'inet_interfaces = all' echo 'pwcheck_method: saslauthd' >> /etc/postfix/sasl/smtpd.conf echo 'mech_list: plain login' >> /etc/postfix/sasl/smtpd.conf For secure email-transport run the following steps: Code: mkdir /etc/postfix/ssl cd /etc/postfix/ssl/ openssl genrsa -des3 -rand /etc/hosts -out smtpd.key 1024 chmod 600 smtpd.key openssl req -new -key smtpd.key -out smtpd.csr openssl x509 -req -days 3650 -in smtpd.csr -signkey smtpd.key -out smtpd.crt openssl rsa -in smtpd.key -out smtpd.key.unencrypted mv -f smtpd.key.unencrypted smtpd.key openssl req -new -x509 -extensions v3_ca -keyout cakey.pem -out cacert.pem -days 3650 answer all the questions Code: postconf -e 'smtpd_tls_auth_only = no' postconf -e 'smtp_use_tls = yes' postconf -e 'smtpd_use_tls = yes' postconf -e 'smtp_tls_note_starttls_offer = yes' postconf -e 'smtpd_tls_key_file = /etc/postfix/ssl/smtpd.key' postconf -e 'smtpd_tls_cert_file = /etc/postfix/ssl/smtpd.crt' postconf -e 'smtpd_tls_CAfile = /etc/postfix/ssl/cacert.pem' postconf -e 'smtpd_tls_loglevel = 1' postconf -e 'smtpd_tls_received_header = yes' postconf -e 'smtpd_tls_session_cache_timeout = 3600s' postconf -e 'tls_random_source = dev:/dev/urandom' /etc/init.d/postfix restart mkdir -p /var/spool/postfix/var/run/saslauthd open and edit the file /etc/default/saslauthd that it looks like this: Code: # This needs to be uncommented before saslauthd will be run automatically [COLOR="Red"]START=yes PARAMS="-m /var/spool/postfix/var/run/saslauthd -r"[/COLOR] # You must specify the authentication mechanisms you wish to use. # This defaults to "pam" for PAM support, but may also include # "shadow" or "sasldb", like this: # MECHANISMS="pam shadow" MECHANISMS="pam" open file /etc/init.d/saslauthd and edit the PIDFILE-Entry that it looks like this: Code: PIDFILE="/var/spool/postfix/var/run/${NAME}/saslauthd.pid" Run the following step: Code: /etc/init.d/saslauthd start Create the new file /etc/c-client.cf with following content: Code: I accept the risk set disable-plaintext 0 Run the following few steps: Code: /etc/init.d/inetd restart telnet localhost 25 quit If you can see the lines 250-STARTTLS 250-AUTH LOGIN PLAIN everything is fine. STEP 10 Install and configure Courier for Maildir-support Run the following step: Code: apt-get install courier-imap courier-imap-ssl courier-pop courier-pop-ssl Answer the questions in following steps: no Maildir (ok) OK Run the following steps: Code: postconf -e 'home_mailbox = Maildir/' postconf -e 'mailbox_command =' /etc/init.d/postfix restart Don´t forget to enable the Maildir-Support in ISPConfig-Menu !
STEP 11 Install and configure Apache - the server Run the following steps: Code: apt-get install apache2 apache2-doc apt-get install libapache2-mod-php4 libapache2-mod-perl2 php4 php4-cli php4-common php4-curl php4-dev php4-domxml php4-gd php4-imap php4-ldap php4-mcal php4-mhash php4-mysql php4-odbc php4-pear php4-xslt curl libwww-perl imagemagick Answer all questions with yes open and edit the file /etc/apache2/apache2.conf. But only the line DirectoryIndex index.html index.cgi index.pl index.php index.xhtml Code: DirectoryIndex index.html index.htm index.shtml index.cgi index.php open the file /etc/mime.types. comment out the following lines (with #): Code: #application/x-httpd-php phtml pht php #application/x-httpd-php-source phps #application/x-httpd-php3 php3 #application/x-httpd-php3-preprocessed php3p #application/x-httpd-php4 php4 open the file /etc/apache2/mods-enabled/php4.conf. comment out the following lines (with #): Code: <IfModule mod_php4.c> # AddType application/x-httpd-php .php .phtml .php3 # AddType application/x-httpd-php-source .phps </IfModule> open the file /etc/apache2/ports.conf. add the line Listen 443: Code: Listen 80 [COLOR="Red"]Listen 443[/COLOR] run the following steps: Code: a2enmod ssl a2enmod rewrite a2enmod suexec a2enmod include /etc/init.d/apache2 restart STEP 12 Install and configure ProFTPd - the ftp-server run the following step: Code: apt-get install proftpd Answer the question with initd. open the file /etc/proftpd.conf. add the following lines: Code: DefaultRoot ~ IdentLookups off ServerIdent on "FTP Server ready." run the following step: Code: /etc/init.d/proftpd restart STEP 13 Install and Webalizer - the Logfile-analyzer run the following step: Code: apt-get install webalizer Answer the questions in following steps: /var/www/webalizer Usage Statistics for /var/log/apache/access.log.1 STEP 14 Install some Perl-modules run the following step: Code: perl -MCPAN -e shell Answer the question with no ! go ahead by running the following steps: Code: install HTML::Parser install DB_File install Net::DNS q apt-get install libdigest-sha1-perl libnet-dns-perl libpoe-component-client-dns-perl razor libio-socket-inet6-perl libdb-file-lock-perl libarchive-tar-perl If there comes a question with test answer with no. The other questions with yes. Here is the rest you waited for: STEP 15 Install and configure ISPConfig run the following steps: Code: cd /root wget [I]typeinhereyourfavoritemirror[/I] tar xvfz ISPConfig-[I]2.2.7[/I].tar.gz cd install_ispconfig ./setup Answer the questions like that: pleasemakeyourownchoise y y 1 y y And know you have to wait...and pray The next few questions you have to answer like this: (these questions are for the SSL-Server-certificates) R typeinhereyourcountrycode-like-DE or US or UK... typeinhereyourstate typeinhereyourcity typeinhereyourorganizationname typeinhereyourorganizationunitname typeinhereyourname typeinhereyouremailadress 3650 (this mean your certificate validity is 10 years) 3 typeinhereyourcountrycode-like-DE or US or UK... typeinhereyourstate typeinhereyourcity typeinhereyourorganizationname typeinhereyourorganizationunitname typeinhereyourinternetadress typeinhereyouremailadress 3650 (this mean your certificate validity is 10 years) 3 n (! in step 7 of the setup) n (! in step 8 of the setup) And know you have to wait...and pray again, ´cause it can take a little while Now there comes some questions needed by Spamassassin: typeinhereatext Last there are some questions about the configuration. Answer it like the following: localhost root typeinhereyourmysqlpassword db_ispconfig (it´s the default) typeinhereyourserverIP like 85.123.456.789 h123456 [*]serverkompetenz.net [*]1 (it´s more secure with SSL) That´s it - if you don´t see any ERROR-Message -> CONGRATIOLATIONS
So - that´s it... The tutorial for the HowToForge I will edit in next time Have a lot of fun with ISPconfig ! If you find an error in my HowTo, please mail me or send me a private message.
Step 8: i type "netstat -tap" Code: Aktive Internetverbindungen (Server und stehende Verbindungen) Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name tcp 0 0 h1095988.serverk:domain *:* LISTEN 11445/named tcp 0 0 localhost:domain *:* LISTEN 11445/named tcp 0 0 localhost:953 *:* LISTEN 11445/named tcp 0 0 localhost:smtp *:* LISTEN 601/exim4 tcp6 0 0 *:ssh *:* LISTEN 9061/sshd tcp6 0 0 localhost:953 *:* LISTEN 11445/named tcp6 0 0 h1095988.serverkomp:ssh p54AFBC7C.dip0.t-:65038 VERBUNDEN 8211/0 tcp6 0 908 h1095988.serverkomp:ssh p54AFBC7C.dip0.t-:65039 VERBUNDEN 8213/1 There is nothing like "tcp 0 0 localhost:mysql *:* LISTEN 3133/mysqld" Server: Strato PowerServer Debian 3.1 [ EDIT: Edit /etc/my.cnf comment out skip-networking bind-address = 127.0.0.1
Do you follow the steps here in the forum or in the HowTo ? Because the HowTo is more up to date. PS: If you want I can send you the german HowTo by email.
Is this setup checked with the latest software at Strato? Because when following it I cannot set the quota and I have a problem starting Proftpd. I'm now setting up the server once more to see if I did something wrong
Same here, I looked in the my.cnf and there is no skip-networking in it. Bind address is already in it
Hi, this setup is made with the current version of the debian 3-image that you can install from the Strato-"Kundenmenü" (www.config.strato.de) Please besure, to use the How-To in the "How-To-Area", ´cause this is a little bit more update. http://www.howtoforge.com/perfect_setup_debian_sarge_strato I hope this will help you. Greets - Tobi
SSL received a record that exceeded the maximum permissible length. (Error code: ssl_error_rx_record_too_long) Yeah it's work greatest.
