OK, so I want to check the help for current arguments, because I want to know which versions of PHP I can install, this is what happens on a clean debain 12 install; Code: # wget -O - https://get.ispconfig.org | sh -s -- --help --2023-08-24 14:34:17-- https://get.ispconfig.org/ Resolving get.ispconfig.org (get.ispconfig.org)... 2606:4700:20::ac43:4b70, 2606:4700:20::681a:af6, 2606:4700:20::681a:bf6, ... Connecting to get.ispconfig.org (get.ispconfig.org)|2606:4700:20::ac43:4b70|:443... connected. HTTP request sent, awaiting response... 200 OK Length: 2003 (2.0K) [application/octet-stream] Saving to: ‘STDOUT’ - 100%[============================================================================================================================================================================>] 1.96K --.-KB/s in 0s 2023-08-24 14:34:18 (54.3 MB/s) - written to stdout [2003/2003] PHP Fatal error: Uncaught Error: Call to undefined function mb_strlen() in /tmp/ispconfig-ai/lib/class.ISPConfigLog.inc.php:74 Stack trace: #0 /tmp/ispconfig-ai/lib/class.ISPConfig.inc.php(368): ISPConfigLog::print() #1 /tmp/ispconfig-ai/lib/class.ISPConfig.inc.php(399): ISPConfig::printHelp() #2 /tmp/ispconfig-ai/ispconfig.ai.php(13): ISPConfig::run() #3 {main} thrown in /tmp/ispconfig-ai/lib/class.ISPConfigLog.inc.php on line 74
OK, sorry, never mind. Apparently there was already a php installed in this instance, lacking php-mbstring. Now I'm going to try; Code: wget -O - https://get.ispconfig.org | sh -s -- --use-nginx --no-dns --use-unbound --use-php=7.4,8.2 --no-mailman --no-quota --no-ntp --no-firewall --no-quota --unattended-upgrades=autoclean but I'm not sure what the --no-local-dns does, -use unbound requires --no-dns, so I set that, but should I also enter --no-local-dns ? Because it seems to install bind anyway if I don't? This is not entirely clear.. Using unbound does not require bind, as far as I know..
See the installation tutorial, you must start with a clean and empty system, installation will fail otherwise. The tutorial also lists the config options at the end: https://www.howtoforge.com/ispconfig-autoinstall-debian-ubuntu/
I'm already using that. The point is, I choose --use-unbound, so I set --no-dns. But this *still* installs bind! Then I see: --no-local-dns Do not install local DNS caching / resolving via bind. but it's unclear what this means. Do I set --no-local-dns and --use-unbound ? I would prefer to still have something resolving..
I can't say for sure as I have not written the auto installer, you would have to look it up in the code. But I guess this combination might work.
Hmm.. The installer just failed at the end, because after installing unbound there was no more dns resolving left. Now it fails to do anything because there's no DNS. Apparently ispconfig requires bind to do the basic resolving. That's a little strange, since unbound *replaces* bind. OK, obviously I'm the only user not using DNS with ISPconfig, plus using unbound for local dns caching? It's not been tested, it seems..
Unbound installation worked in older Debian versions as far as I know, but I do not use it on any of my systems. I use BIND for local resolving.
I have manually added 1.1.1.1 in /run/resolvconf/resolv.conf, rebooted and then ran the installer without --no-local-dns, and this seems succesful!
--no-local-dns will prevent your server being used for dns resolving. Then only upstream servers are being used.
Just a short FYI for those wanting to use unbound. The way ISPconfig now (10-2023) installs it defaults to lots of settings that can be improved upon. Here's my config (for use with iscpconfig). /etc/unbound/unbound.conf.d/myunbound.conf Code: server: verbosity: 0 do-ip4: yes do-udp: yes do-tcp: yes do-ip6: yes prefer-ip6: no root-hints: "/var/lib/unbound/root.hints" harden-glue: yes harden-large-queries: yes harden-dnssec-stripped: yes edns-buffer-size: 1232 rrset-roundrobin: yes cache-min-ttl: 300 cache-max-ttl: 86400 serve-expired: no harden-algo-downgrade: yes harden-short-bufsize: yes hide-identity: yes identity: "Server" hide-version: yes do-daemonize: no neg-cache-size: 8m qname-minimisation: yes deny-any: yes minimal-responses: yes num-threads: 1 msg-cache-size: 50m rrset-cache-size: 100m so-reuseport: yes so-rcvbuf: 4m so-sndbuf: 4m unwanted-reply-threshold: 1000000 prefetch: yes prefetch-key: yes log-queries: no log-replies: no log-servfail: yes log-local-actions: no logfile: /dev/null private-address: 127.0.0.0/8 private-address: fd00::/8 private-address: fe80::/10 remote-control: control-enable: no and then make sure you put this in crontab: 30 5 1 */3 * root curl -sSfL https://www.internic.net/domain/named.root -o /var/lib/unbound/root.hints so it updates the root dns entries every 3 months. Do: curl -sSfL https://www.internic.net/domain/named.root -o /var/lib/unbound/root.hints once before you systemctl restart unbound, of course.
