Auto-Installer script for installing ISPC 3.1 on Debian 9 incl. Horde (optional). This is based on The Perfect Server - Debian 9 Stretch (Apache2, BIND, Dovecot, ISPConfig 3.1) Get the script at: https://github.com/sjau/perfectDebian News: Single Installer Script now Seperate Configuration File Limitations: Only valid for Debian Stretch and ISPC 3.1 This script supports only 1 ethernet device and only 1 static IPv4 address -> if you have more devices and IPs, configure them after running This script assumes that quota is only to be enabled on the root-partition. If you have multiple partitions you need to manually alter the fstab entry
Updated the mysql utf8 settings. Now it's not deprecated anymore and I also set mysqldump and mysql itself to use utf8 by default
If you just want Horde, have a look here: https://www.howtoforge.com/install-horde-5-webmail-for-ispconfig-on-debian-wheezy
So, I updated my script for Debian 8 (Jessie). Also I added LogJam measures to the installer script. By default enabled but you can disable them if you want.
so, since Till released a new perfect howto for Debian 8.4 and it has ISPC 3.1 in it, I decided to upgrade my script to it. It works fine, except Roundcube is deactivated. For some reason the .debs provided to error out. Since I prefer Horde anyway, it's not a big deal.
Ah, these are the wonderful things you find AFTER you worked through the wrong set of instructions . Oh well, I'll nuke the vhost tomorrow (or rather, I'll ask the ISP to do it) so that I can start with a clean Debian amd64 net starting point, and consider today's first try good practice. It's been a while since I dabbled in Linux - in the days before SuSE became OpenSuSE - but there's quite a lot that hasn't changed at all. Maybe I'll write a bit about setting up NTP (if anyone's interested ). I noticed during the above trial run that the SQL entry in /var/www/horde/passwd/config/backends.local.php format had been updated. Your proposed rip & replace still applies, but the SQL entry looks a lot more comprehensive than in the tutorial (unless you left bits out for brevity, couldn't quite tell). One question that did emerge from the Horde setup was that the install process asked for an "existing mail user" for the admin role which was unclear. On a newly set up machine there's only root and the first user you set up to kill off root access to SSH, so when and where do I set up that first user for Horde to use as its admin user - and where do I go if I screw that up? Cheers, P
dont' worry about existing mail user. You can add it through ISPC later. If you follow my howto then Horde will authenticate against dovecot. So this menas in ISPC you will need to add a mail domain and create a mail user. Since both run on the same server, it doesn't even need to have dns entry or stuff. All that's needed is that dovecot accepts that user. By default the login form is set to use IMP for authentication. IMP will then use the setup mail server, in this case dovecot , for authentication. Dovecot itself will make a mysql lookup for the according ISPConfig mail user table. Since all lookups are on localhost, all you need to do is add a mail domain to ISPC and create an email user (of course, you can use your email account that you're going to use later anyway... it's up to you). If you want to make yourself feel important, you could setup e.g. president _AT_ whitehouse DOT gov The admin user is set in the horde.conf file IIRC. This user just has control to the Horde server stuff. Regarding the alteration of password change through horde - I think I need to have a look at it again. When I looked at it at first it looked all the same. Thx for pointing this out. P.S.: Just checked, the horde admin users are in the conf file -> /var/www/horde/config/horde.conf -> $conf['auth']['admins'] = array('[email protected]');
Thanks for that, very helpful. I initially missed your PS, but I found it indeed myself as well. Created a user in ISPC, edited the conf.php and away it went, telling me that "passwd" misses a config file. Well, that'll come out too in the rebuild tomorrow, and in the same process I'm going to check the setup of Apache so that it all moves to SSL-protected pages. I just need to find a cheap cert provider - both Firefox and Vivaldi have decided that a self-signed cert is such a terrible, heinous, mortal (etc) sin that you can't even have them accepted anymore in the browser, which isn't helpful for testing The only itchy bit in this setup is making phpmyadmin available on the webserver (well, OK, and maybe change the default 8080 port for ISPC, but that's easily changed afterwards). I must have a look at this to see if I can restrict it to localhost and then tunnel it out via SSH port forwarding. I haz done mad things with SSH and I'm not comfortable with system tools that are too exposed - the bad guys know those too. By way of illustration, this is a new machine on an IP address that has been offline for a while - it took 2 minutes and 31 seconds after the mail daemon going live before an attempt was made from a Chinese IP address to use it as a relay
I did the manual setup that you based the script on, and that worked OK although I made the mistake of installing ISPC 3.0 instead of 3.1 beta (is there an update path?). I then decided to start with a blank host (the benefit of a vhost template), and run the script. That produced errors late into the setup which I've copied below - not sure if that's a function of the vhost I'm using at an ISP or the script. I assume it's just me . From what I can see it's the usual fight keeping up to date with versions. Side question: why the network/hostname setup in the script, or do you use that info elsewhere? For a machine to download the script it has to be online already . Setup: debian 8.3 amd64 net on a vhost with 1GB memory, logged in via SSH. SSH on non-standard port, root login disabled, accessed as user and "su -" into root level. Only issue is with locale. It's not set on the template, and I need to work out how to fix that as I need it to be British English. Not because of the language, but because of the default date format. There appears to be a bug in Horde which means that it ignores user date/time format preferences in the calendar system, and insists on using US formats (which are rubbish IMHO). Errors/comments output (copied in begin/end so you can see where in the script it is): WARNING: "pear/Console_Getopt" is deprecated in favor of "pear/Console_GetoptPlus" Unknown remote channel: phpseclib.sourceforge.net WARNING: "pear/Net_Sieve" is deprecated in favor of "horde/Horde_ManageSieve" Failed to download pear/Date_Holidays within preferred state "stable", latest release is version 0.21.8, stability "alpha", use "channel://pear.php.net/Date_Holidays-0.21.8" to install Failed to download pear/Text_LanguageDetect within preferred state "stable", latest release is version 0.3.0, stability "alpha", use "channel://pear.php.net/Text_LanguageDetect-0.3.0" to install Failed to download pecl/idn within preferred state "stable", latest release is version 0.2.0, stability "beta", use "channel://pecl.php.net/idn-0.2.0" to install WARNING: "pear/HTTP_Request" is deprecated in favor of "pear/HTTP_Request2" WARNING: "pear/DB" is deprecated in favor of "pear/MDB2" Failed to download pear/XML_Serializer within preferred state "stable", latest release is version 0.20.2, stability "beta", use "channel://pear.php.net/XML_Serializer-0.20.2" to install Failed to download pear/Console_Color2 within preferred state "stable", latest release is version 0.1.2, stability "alpha", use "channel://pear.php.net/Console_Color2-0.1.2" to install Failed to download pecl/msgpack within preferred state "stable", latest release is version 2.0.1, stability "beta", use "channel://pecl.php.net/msgpack-2.0.1" to install WARNING: "pear/Auth_SASL" is deprecated in favor of "pear/Auth_SASL2" WARNING: "pear/HTTP_Request" is deprecated in favor of "pear/HTTP_Request2" Unknown remote channel: pear.nrk.io WARNING: "pecl/mongo" is deprecated in favor of "channel:///mongodb" Failed to download pear/Numbers_Words within preferred state "stable", latest release is version 0.18.1, stability "beta", use "channel://pear.php.net/Numbers_Words-0.18.1" to install Failed to download pear/Image_Text within preferred state "stable", latest release is version 0.7.0, stability "beta", use "channel://pear.php.net/Image_Text-0.7.0" to install WARNING: "pear/HTTP_Request" is deprecated in favor of "pear/HTTP_Request2" WARNING: "pear/Auth_SASL" is deprecated in favor of "pear/Auth_SASL2" horde/imp can optionally use package "channel://phpseclib.sourceforge.net/File_ASN1" horde/kronolith can optionally use package "pear/Date_Holidays" (version >= 0.21.0) horde/Horde_Core can optionally use package "pear/Text_LanguageDetect" horde/Horde_Db can optionally use PHP extension "oci8" horde/Horde_Cache can optionally use PHP extension "eaccelerator" (version >= 0.9.5, version <= 0.9.6, excluded versions: 0.9.6) horde/Horde_Cache can optionally use PHP extension "xcache" horde/Horde_Mime can optionally use package "pecl/idn" pear/Services_Weather can optionally use package "pear/XML_Serializer" (version >= 0.8) pear/Console_Table can optionally use package "pear/Console_Color2" (version >= 0.1.2) horde/Horde_Pack can optionally use package "pecl/msgpack" horde/Horde_HashTable can optionally use package "channel://pear.nrk.io/Predis" (version >= 0.8.3) pear/Text_CAPTCHA can optionally use package "pear/Numbers_Words" pear/Text_CAPTCHA can optionally use package "pear/Image_Text" (version >= 0.7.0) pecl/xdiff requires PHP (version >= 7.0.0), installed version is 5.6.20-0+deb8u1 downloading webmail-5.2.14.tgz ... Starting to download webmail-5.2.14.tgz (166,345 bytes) ....................................done: 166,345 bytes Some seem to be the inevitable version upgrades . It's now busy generating keys so I'll come back to it in an hour and check again. Or start anew with the manual process and then install ISPC 3.1 beta
Yeah, they are fixed further down in the script. By default you get those errors but they aren't that important anyway. https://github.com/sjau/perfectDebian/blob/master/install.sh Lines 453 - 462
FYI, ISPC login is still using a standard SSL cert (or maybe Vivaldi doesn't have Let's Encrypt as a CA), and has remained admin/admin so you still have to change the password. I'll have to see how this Let's Encrypt idea works, but that'll be for another day . As a hands off exercise the script seems to do the job!
well, it will generate only ssl certs for domains you add as websites. If you want to create a SAN cert for postfix/dovecot/pureftp you'll have to create another cert yourself. It's not really hard though. I haven't bothered to replace the ispc ssl cert yet myself
Hey, Thanks for the script. I am having this odd issue. I went through and ran the script. It worked fine and I was able to enter ispconfig, I setup a domain and it was working fine. Then the script suggested a reboot and I did that. Now I get connection refused whenever I try to access the site. Any ideas?