Hey Guys (eventually Ladies), before some days i finished my debian 9 multi server setup: control.domaint.tld (master (webspace, mail etc. for "company") web.domain.tld (web for customers) mail.domain.tld (mailserver) db.domain.tld (database server) ns1.domain.tld (primary dns) ns2.domain.tld (secondary dns) I have some questions about the next steps that recommended for a setup like this. But i perform in wishes - maybe easier to explain for me: I would like the master server to be accessible via the web panel only via the defined FQDN (port 8080) (https://control.domain.tld:8080) and not via port 8080 on each created web page. In this course also like to create a LE SSL certificate for web, mail, ftp. This server should only serve for the company website, administration and as a web panel for the customer accounts. The "web" server is to serve as a storage for customer web pages without web panel, the management of the pages should run on the master. Is that possible or already so? Is there generally recommended steps after setting up all systems on this foundation basis? I am looking forward to your support. Best regards Frankenstein
If you installed the control panel only on the master, then it is not available on the other hosts. Since you have several hosts, install unattended-upgrades and do Code: dpkg-reconfigure -plow unattended-upgrades so security updates are installed automatically. You still have to do apt-get upgrade when 9.6 comes. LE is a bit tricker when you have multiple hosts, but it can be done. @ahrasis has written a good documentation how to do it. The thread is very long: https://www.howtoforge.com/communit...l-port-8080-with-lets-encrypt-free-ssl.75554/ I dont't know how to prevent this. Users access their own subset of ISPConfig from their own control panel, I have not had a need to prevent this.
you can do this by editing the apache/nginx ispconfig.vhost file, set a server name (the name that this vhost shall be accessible trough) and change the port to 443. This will convert the ispconfig vhost to a normal name based vhost on port 443 (ssl).
Back with the same. ispconfig.vhost I added the servername control.domain.tld, deleted the line "Listen 8080" and changed the <VirtualHost _default_:8080> to <VirtualHost _default_:443> but when i try to reach the control panel over https://control.domain.tld its just show me the "standard welcome page". In the past i try'd the tutorial from @ahrasis but i cant activate le ssl to become a ssl certificate for control.domain.tld (e.g. master) but deleted again cauz the interface should run first on https://control.domain.tld before the le ssl works. Later want to have following link construct: (all working for all customers (without munin/monit)) https://domain.tld - company website, shop, customer area https://control.domain.tld- ispconfig interface https://control.domain.tld/webmail https://control.domain.tld/phpmyadmin https://control.domain.tld/monit https://control.domain.tld/munin https://control.domain.tld/webftp If anybody feel free to help me it would be welcome Best regards, Frankenstein
I think that should be control.domain.tld:443 in the ispconfig.vhost (based on my readings but I never tried).
#solved thanks @ahrasis https://domain.tld - company website, shop, customer area https://control.domain.tld- ispconfig interface now working. For Monitoring (munin/monit): Should i run an own server? Does it need extra configuration to work fine with ispconfig or did i just need a normal munin/monit monitoring server and fill in the links in the admin panel? for phpmyadmin: phpmyadmin is installed and i could create a easy alias in vHost from control.domain.tld - but can user login when their customers and theri database is on the database server (db.domain.tld) of the multi-server-setup or its just localhost (control.domain.tld)? Did i need more configuration for a working phpmyadmin connected to all servers with mariadb? Dumb idea? I think....thats would be all ^^
Customer must use PHPMyAdmin on the database server. If you have db.domain.tld in the name service, make that point to the db server customer is supposed to use.
So i need to setup webserver on db.domain.tld incl. phpmyadmin, setup db.domain.tld as A record to the db server, setup the vhost on db to db.domain.tld with document root to phpmyadmin and should use https://db.domain.tld/phpmyadmin for phpmyadmin or did i have any rewrite chance to let it shine like control.domain.tld^^? Did i should setup and include the webserver to ispConfig or just setup this little thing without config over update.php ? //offtopic i've setup my .biz domain to my own nameserver - the main content works (default template). I see it on all 2 ns servers with dig @Xns.domain.tld domain.tld. But i think there dont happen my changes which made over dns zone tool. All 2 bind9 running with following systemctl status bind9: ns1: Code: ● bind9.service - BIND Domain Name Server Loaded: loaded (/lib/systemd/system/bind9.service; enabled; vendor preset: enabled) Active: active (running) since Wed 2018-09-26 16:29:53 CEST; 21h ago Docs: man:named(8) Process: 30963 ExecReload=/usr/sbin/rndc reload (code=exited, status=0/SUCCESS) Main PID: 13573 (named) Tasks: 4 (limit: 4915) CGroup: /system.slice/bind9.service └─13573 /usr/sbin/named -f -u bind Sep 27 14:02:01 ns1 named[13573]: automatic empty zone: 8.B.D.0.1.0.0.2.IP6.ARPA Sep 27 14:02:01 ns1 named[13573]: automatic empty zone: EMPTY.AS112.ARPA Sep 27 14:02:01 ns1 named[13573]: configuring command channel from '/etc/bind/rndc.key' Sep 27 14:02:01 ns1 named[13573]: configuring command channel from '/etc/bind/rndc.key' Sep 27 14:02:01 ns1 named[13573]: reloading configuration succeeded Sep 27 14:02:01 ns1 named[13573]: reloading zones succeeded Sep 27 14:02:01 ns1 named[13573]: zone domain.tld/IN: loaded serial 2018092712 Sep 27 14:02:01 ns1 named[13573]: zone domain.tld/IN: sending notifies (serial 2018092712) Sep 27 14:02:01 ns1 named[13573]: all zones loaded Sep 27 14:02:01 ns1 named[13573]: running ns2: Code: ● bind9.service - BIND Domain Name Server Loaded: loaded (/lib/systemd/system/bind9.service; enabled; vendor preset: enabled) Active: active (running) since Thu 2018-09-27 08:38:15 CEST; 5h 25min ago Docs: man:named(8) Process: 14987 ExecReload=/usr/sbin/rndc reload (code=exited, status=0/SUCCESS) Main PID: 811 (named) Tasks: 4 (limit: 4915) CGroup: /system.slice/bind9.service └─811 /usr/sbin/named -f -u bind Sep 27 14:02:01 ns2.domain.tld named[811]: automatic empty zone: 8.B.D.0.1.0.0.2.IP6.ARPA Sep 27 14:02:01 ns2.domain.tld named[811]: automatic empty zone: EMPTY.AS112.ARPA Sep 27 14:02:01 ns2.domain.tld named[811]: configuring command channel from '/etc/bind/rndc.key' Sep 27 14:02:01 ns2.domain.tld named[811]: configuring command channel from '/etc/bind/rndc.key' Sep 27 14:02:01 ns2.domain.tld named[811]: reloading configuration succeeded Sep 27 14:02:01 ns2.domain.tld named[811]: reloading zones succeeded Sep 27 14:02:01 ns2.domain.tld named[811]: zone domain.tld/IN: loaded serial 2018092712 Sep 27 14:02:01 ns2.domain.tld named[811]: zone domain.tld/IN: sending notifies (serial 2018092712) Sep 27 14:02:01 ns2.domain.tld named[811]: all zones loaded Sep 27 14:02:01 ns2.domain.tld named[811]: running dig just show me: dig @ns1.domain.tld any domain.tld Code: ; <<>> DiG 9.10.3-P4-Debian <<>> @ns1.domain.tld any domain.tld ; (2 servers found) ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 1550 ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 6, AUTHORITY: 0, ADDITIONAL: 4 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 4096 ;; QUESTION SECTION: ;domain.tld. IN ANY ;; ANSWER SECTION: domain.tld. 3600 IN NS ns2.domain.tld. domain.tld. 3600 IN NS ns1.domain.tld. domain.tld. 3600 IN MX 10 mail.domain.tld. domain.tld. 3600 IN TXT "v=spf1 mx a ~all" domain.tld. 3600 IN SOA ns1.domain.tld. support.domain.tld. 2018092712 7200 540 604800 3600 domain.tld. 3600 IN A ip.of.master.server ;; ADDITIONAL SECTION: ns1.domain.tld. 3600 IN A ip.of.ns1.server ns2.domain.tld. 3600 IN A ip.of.ns2.server mail.domain.tld. 3600 IN A ip.of.mail.server ;; Query time: 0 msec ;; SERVER: 159.69.205.24#53(159.69.205.24) ;; WHEN: Thu Sep 27 14:05:43 CEST 2018 ;; MSG SIZE rcvd: 235 dig @ns2.domain.tld any domain.tld Code: ; <<>> DiG 9.10.3-P4-Debian <<>> @ns2.domain.tld any domain.tld ; (1 server found) ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 22002 ;; flags: qr aa rd; QUERY: 1, ANSWER: 6, AUTHORITY: 0, ADDITIONAL: 4 ;; WARNING: recursion requested but not available ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 4096 ;; QUESTION SECTION: ;domain.tld. IN ANY ;; ANSWER SECTION: domain.tld. 3600 IN NS ns2.domain.tld. domain.tld. 3600 IN NS ns1.domain.tld. domain.tld. 3600 IN MX 10 mail.domain.tld. domain.tld. 3600 IN TXT "v=spf1 mx a ~all" domain.tld. 3600 IN SOA ns1.domain.tld. support.domain.tld. 2018092712 7200 540 604800 3600 domain.tld. 3600 IN A ip.of.master.server ;; ADDITIONAL SECTION: ns1.domain.tld. 3600 IN A ip.of.ns1.server ns2.domain.tld. 3600 IN A ip.of.ns2.server mail.domain.tld. 3600 IN A ip.of.mail.server ;; Query time: 0 msec ;; SERVER: 159.69.205.23#53(159.69.205.23) ;; WHEN: Thu Sep 27 14:06:04 CEST 2018 ;; MSG SIZE rcvd: 235 but if i done some dns lookups over differently services, its failed: https://mxtoolbox.com/SuperTool.aspx?action=a:techgods.biz&run=toolpage On a lookup for NS the query timed out. https://www.heise.de/netze/tools/dns/
Use Whois lookup on mxtoolbox.com. it shows the registered name servers. Why are the not working? Read DNS tutorial, the testing and registering parts. https://www.howtoforge.com/tutorial...vice-with-ispconfig/#nbspregistering-a-domain
I think it should be at the same server that you want to monitor (as I am not sure they can be on different server). Anyway, just refer to its tutorial. Since you have multi server setup, setting up database server of db.domain.tld should be fine. What setup did you use for your dns server; cluster or master / slave?
@Taleman just forgot to register my nameserver @ hetzner :x Which way should i prefer? @ahrasis converted the tutorial in the manual of 3.1 from debian 8 with php5 to debian 9.5 with php7.0+fpm After my setup is complete and working fine i would give my full tutorial for the tutorial blog ^^ (master, web, db, mail, ns1, ns2 actually) also planned: (master replication, db master-master replication, mail-replication, ns3 for global redundancy and a every 24h full backup system on 2 additional systems for master, web, db, ns1 - all servers protected by fail2ban, rkhunter, public key auth, ssh only reachable over a vpn and munit/monit monitoring)