We use cookies to improve our services and provide a better experience. By continuing to use this site, you agree with our Cookies Policy.

Tutorials
More than 400 step-by-step articles to guide you through online project development.
HomeTutorialsOperating SystemsLinuxAdministration

How to Install ISPConfig 3 on CentOS 7

USA VPS
KVM VPS
Linux KVM Hosting
cPanel KVM
OpenVZ VPS
Germany Cloud Servers
Windows Cloud Server
Brazil VPS
Linux Cloud Server
Ubuntu VPS

ISPConfig is an open source hosting control panel for Linux servers. It allows administrators to configure Apache or nginx web server, Postfix mail server, Courier or Dovecot IMAP/POP3 server, MySQL, BIND or MyDNS nameserver, PureFTPd, SpamAssassin, ClamAV, and many more through a web-based interface. ISPConfig also comes with an interface for administrators, re-sellers and clients. Here are the main features of ISPConfig 3:

• Multiple server management from one control panel.
• Web server management for Apache and Nginx.
• Mail server management (with virtual mail users).
• DNS server management (BIND and MyDNS).
• Configuration mirroring and clusters.
• Administrator, reseller and client login.
• Virtual server management for OpenVZ servers.

This tutorial will explain how to prepare your server for ISPConfig 3 installation running minimal versions of CentOS 7. NOTE: ISPConfig developers recommend running ISPConfig on Debian or Ubuntu operating systems in order to get the best performance.

Follow These Steps to Install ISPConfig 3 on CentOS 7

It is recommended for you to download and read ISPConfig 3 Manual in order to learn more about the administration process. It costs $5 per copy, but it is strongly recommended for you to get familiar with it if you are seriously planning to run a hosting server.

First, you have to make sure that your CentOS 7 installation is up-to-date and install Epel-release repository, which enables extra packages for enterprise Linux. Run the following command to update your OS and install nano text editor (or any other you like).

yum install nano epel-release patch libtool -y
yum groupinstall 'Development tools' -y
yum update -y

Be patient, it can take some time, depending on the speed of your server network connection.
Hostname can be changed by running hostname command:

hostname example.host1plus.com

CentOS 7 has its own firewall enabled by default, so you have to disable it manually after you already have installed CentOS 7 on your server.
Check if firewall is enabled:

iptables -L

Your firewall is not enabled if you see the following text:

Chain INPUT (policy ACCEPT)
target prot opt source destination
Chain FORWARD (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination

You have to run following commands if the text is different than the one displayed above:

systemctl stop firewalld.service
systemctl disable firewalld.service

SELinux is a set of kernel modifications and user-space tools that have been added to various Linux distributions. Its architecture strives to separate enforcement of security decisions from the security policy itself and streamlines the volume of software charged with security policy enforcement.
However its usage can cause more disadvantages than advantages, so it is recommended to disable it.

nano /etc/selinux/config

Write “disabled” next to SELinux as shown:

# This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
# enforcing – SELinux security policy is enforced.
# permissive – SELinux prints warnings instead of enforcing.
# disabled – No SELinux policy is loaded.
SELINUX=disabled
# SELINUXTYPE= can take one of these two values:
# targeted – Targeted processes are protected,
# mls – Multi Level Security protection.
SELINUXTYPE=targeted

Reboot your server:

shutdown -r now

Run the following command in order to install quota:

yum install quota -y

If you see this text, that means that quota is already installed on your server:

Loaded plugins: fastestmirror, priorities
Loading mirror speeds from cached hostfile
* base: mirrors.advancedhosters.com
* extras: lug.mtu.edu
* updates: centos.mirrors.tds.net
Package 1:quota-4.01-11.el7.x86_64 already installed and latest version
Nothing to do

Now you have to check if quota is enabled on ” / ” mount point:

mount | grep ‘ / ‘
/dev/ploop13749p1 on / type ext4 (rw,relatime,barrier=1,data=ordered,balloon_ino=12,jqfmt=vfsv0,
usrjquota=aquota.user,grpjquota=aquota.group)

As you can see it is already enabled on your server, so you must edit /etc/fstab or /etc/default/grub file if you see different output and enable quota:

GRUB_CMDLINE_LINUX="rd.lvm.lv=centos/swap vconsole.font=latarcyrheb-sun16 rd.lvm.lv=centos/root crashkernel=auto vconsole.keymap=us rhgb quiet
rootflags=uquota,gquota"

Run following commands for the changes to take effect:

cp /boot/grub2/grub.cfg /boot/grub2/grub.cfg_bak
grub2-mkconfig -o /boot/grub2/grub.cfg

And reboot the server:

shutdown -r now

In most cases Apache will be installed by default on your server (especially in OpenVZ templates). However, it is still recommended to run the following command in order to make sure that everything is installed properly.
yum -y install ntp httpd mod_ssl mariadb-server php php-mysql php-mbstring phpmyadmin

Now you have to set root password for your MySQL server and configure phpMyAdmin.

mysql_secure_installation

You will be asked the following questions:

Enter current password for root (enter for none): click enter
Set root password? [Y/n] y
New password: createsqlpassword
Re-enter new password: repeatsqlpassword
Remove anonymous users? [Y/n] y
Disallow root login remotely? [Y/n] y
Remove test database and access to it? [Y/n] y
Reload privilege tables now? [Y/n] y
Cleaning up…
All done! If you’ve completed all of the above steps, your MariaDB
installation should now be secure.
Thanks for using MariaDB!

NOTE: If you get this error while trying to start MySQL server, you need to run additional commands:

systemctl enable mariadb.service
systemctl start mariadb.service

First you have to edit phpMyAdmin configuration file: comment Require ip 127.0.0.1 and Require ip ::1 and add Require all granted in /etc/httpd/conf.d/phpMyAdmin.conf

nano /etc/httpd/conf.d/phpMyAdmin.conf
# phpMyAdmin - Web based MySQL browser written in php
#
# Allows only localhost by default
#
# But allowing phpMyAdmin to anyone other than localhost should be considered
# dangerous unless properly secured by SSL
Alias /phpMyAdmin /usr/share/phpMyAdmin
Alias /phpmyadmin /usr/share/phpMyAdmin<Directory /usr/share/phpMyAdmin/>
<IfModule mod_authz_core.c>
# Apache 2.4
<RequireAny>
# Require ip 127.0.0.1
# Require ip ::1
Require all granted
</RequireAny>
</IfModule>
<IfModule !mod_authz_core.c>
# Apache 2.2
Order Deny,Allow
Deny from All
Allow from 127.0.0.1
Allow from ::1
</IfModule>
</Directory>

Also, you need to change authentication method from cookies to http in /etc/phpMyAdmin/config.inc.php

nano /etc/phpMyAdmin/config.inc.php
$cfg[‘Servers’][$i][‘controlpass’] = ”; // access to the “mysql/user”
$cfg[‘Servers’][$i][‘auth_type’] = ‘http’; // Authentication method (config, http or cookie based)?
$cfg[‘Servers’][$i][‘user’] = ”; // MySQL user

Afterwardsyou have to create a system startup link for Apache and start it:

systemctl enable httpd.service
systemctl restart httpd.service

Your PhpMyAdmin is now accessible via link: http://your_ip/phpmyadmin or http://your_hostname/phpmyadmin – you can log in with MySQL root username and your SQL password.

Postfix is a free and open-source mail transfer agent (MTA) that routes and delivers electronic mail, intended as an alternative to the widely used Sendmail MTA.

yum install postfix -y

Disable and turn off sendmail (if turned on) and start Postfix service:

systemctl stop sendmail.service
systemctl disable sendmail.service
systemctl enable postfix.service
systemctl restart postfix.service

8. Install Dovecot and Getmail

Dovecot mail server and Getmail mail retriever can be installed as shown:

yum install dovecot dovecot-mysql dovecot-pigeonhole getmail -y

After successfull installation, you have to create empty dovecot-sql.conf file and link it to etc/dovecot-sql.conf:

touch /etc/dovecot/dovecot-sql.conf
ln -s /etc/dovecot/dovecot-sql.conf /etc/dovecot-sql.conf

Create system startup link and start Dovecot:

systemctl enable dovecot
systemctl start dovecot

Amavisd-new, SpamAssassin and Clamav are responsible for the security of your server – these programs keep your server virus-free.

yum install amavisd-new spamassassin clamav clamd clamav-update unzip bzip2 unrar perl-DBD-mysql -y

Turn off demo mode of freshclam by commenting example line in /etc/freshclam.conf configuration file:

nano /etc/freshclam.conf
# Comment or remove the line below.
# Example

Start the newly installed software:

sa-update
freshclam
systemctl enable amavisd.service

ISPConfig 3 allows you to use mod_php, mod_fcgi/PHP5, cgi/PHP5, and suPHP on a per website basis.

yum -y install php php-devel php-gd php-imap php-ldap php-mysql php-odbc php-pear php-xml php-xmlrpc php-pecl-apc php-mbstring php-mcrypt php-mssql php-snmp php-soap php-tidy curl curl-devel perl-libwww-perl ImageMagick libxml2 libxml2-devel mod_fcgid php-cli httpd-devel php-fpm

Now you have to edit php configuration file:

nano /etc/php.ini

Set the timezone and uncomment the line cgi.fix_pathinfo=1:

; cgi.fix_pathinfo provides *real* PATH_INFO/PATH_TRANSLATED support for CGI. PHP’s
; previous behaviour was to set PATH_TRANSLATED to SCRIPT_FILENAME, and to not grok
; what PATH_INFO is. For more information on PAppp.tldTH_INFO, see the cgi specs. Setting
; this to 1 will cause PHP CGI to fix its paths to conform to the spec. A setting
; of zero causes PHP to behave as before. Default is 1. You should fix your scripts
; to use SCRIPT_FILENAME rather than PATH_TRANSLATED.
; http://www.php.net/manual/en/ini.core.php#ini.cgi.fix-pathinfo
cgi.fix_pathinfo=1

date.timezone = ‘Europe/Berlin’

Save and close the file. Next you have to install SuPHP module, which allows to execute PHP scripts with particular owner permissions.

cd /usr/local/src
wget http://suphp.org/download/suphp-0.7.2.tar.gz
tar zxvf suphp-0.7.2.tar.gz

CentOS 7 use apache-2.4, so we need a patch suphp before we can compile it against Apache. The patch is applied like this:

wget -O suphp.patch https://lists.marsching.com/pipermail/suphp/attachments/20130520/74f3ac02/attachment.patch
patch -Np1 -d suphp-0.7.2 < suphp.patch
cd suphp-0.7.2
autoreconf -if

You can compile the new source if you performed earlier steps without errors:

./configure –prefix=/usr/ –sysconfdir=/etc/ –with-apr=/usr/bin/apr-1-config –with-apache-user=apache –with-setid-mode=owner –with-logfile=/var/log/httpd/suphp_log –with-apxs=/usr/bin/apxs2
make
make install

Now you have to add SuPHP module in Apache configuration:

nano /etc/httpd/conf.d/suphp.conf
LoadModule suphp_module modules/mod_suphp.so
create and copy following text to /etc/suphp.conf file:
nano /etc/suphp.conf
[global]
;Path to logfile
logfile=/var/log/httpd/suphp.log
;Loglevel
loglevel=info
;User Apache is running as
webserver_user=apache
;Path all scripts have to be in
docroot=/
;Path to chroot() to before executing script
;chroot=/mychroot
; Security options
allow_file_group_writeable=true
allow_file_others_writeable=false
allow_directory_group_writeable=true
allow_directory_others_writeable=false
;Check wheter script is within DOCUMENT_ROOT
check_vhost_docroot=true
;Send minor error messages to browser
errors_to_browser=false
;PATH environment variable
env_path=/bin:/usr/bin
;Umask to set, specify in octal notation
umask=0077
; Minimum UID
min_uid=100
; Minimum GID
min_gid=100
[handlers]
;Handler for php-scripts
x-httpd-suphp=”php:/usr/bin/php-cgi”
;Handler for CGI-scripts
x-suphp-cgi=”execute:!self”

Edit the file /etc/httpd/conf.d/php.conf to enable php parsing only for phpMyAdmin, roundcube and other system packages in /usr/share but not for websites in /var/www as ISPConfig will activate PHP for each website individually.
nano /etc/httpd/conf.d/php.conf
Change the text from:

<FilesMatch \.php$>
SetHandler application/x-httpd-php
</FilesMatch>

To:

<Directory /usr/share>
<FilesMatch \.php$>
SetHandler application/x-httpd-php
</FilesMatch>
</Directory>

So that the PHP handler would be enclosed by the Directory directive and adds startup link and start the service:

systemctl start php-fpm.service
systemctl enable php-fpm.service
systemctl enable httpd.service

At last, restart Apache service:

systemctl restart httpd.service

Mod_phyton is not enabled in CentOS repository by default, so you will have to download and install it from source, but first you have to install phyton development tools:

yum -y install python-devel

Download and extract the latest version of mod_phyton:

cd /usr/local/src/
wget http://dist.modpython.org/dist/mod_python-3.5.0.tgz
tar xfz mod_python-3.5.0.tgz
cd mod_python-3.5.0
configure and compile the module:
./configure
make
make install

Finally, enable it:

echo ‘LoadModule python_module modules/mod_python.so’ > /etc/httpd/conf.modules.d/10-python.conf

Restart Apache service:

systemctl restart httpd.service

PureFTP software is FTP (File Transfer Protocol) server is responsible for FTP connections to your server.

yum install pure-ftpd -y

Next, create a startup link and start the service:

systemctl enable pure-ftpd.service
systemctl start pure-ftpd.service

FTP protocol is unsafe because it sends login credentials in plain text, so you can setup FTP to work via TLS protocol, which encrypts data in order to increase security of your server.

TIP: This part is optional and you need to perform the following steps only if you want to connect to FTP via TLS protocol.
In order to be able to connect to your server via TLS session, you will need OpenSSL. Usually it is installed by default, but it is recommended to check:

yum install openssl -y
Now you have to edit PureFTP configuration file and set TLS value to 1:

nano /etc/pure-ftpd/pure-ftpd.conf
# 1 : accept both traditional and encrypted sessions.
# 2 : refuse connections that don't use SSL/TLS security mechanisms,
# including anonymous sessions.
# Do _not_ uncomment this blindly. Be sure that :
# 1) Your server has been compiled with SSL/TLS support (--with-tls),
# 2) A valid certificate is in place,
# 3) Only compatible clients will log in.
TLS 1

In order to use TLS, you must create an SSL certificate. Create it in /etc/ssl/private/, therefore you create that directory first:

mkdir -p /etc/ssl/private/

Now you will have to generate SSL certificate in your newly created directory:

openssl req -x509 -nodes -days 7300 -newkey rsa:2048 -keyout /etc/ssl/private/pure-ftpd.pem -out /etc/ssl/private/pure-ftpd.pem

You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is is the so-called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter ‘.’, the field will be left blank.
—–
Country Name (2 letter code) [AU]:UK
State or Province Name (full name) [Some-State]:London
Locality Name (eg, city) []:London
Organization Name (eg, company) [Internet Widgits Pty Ltd]:Host1plus
Organizational Unit Name (eg, section) []:Host1plus
Common Name (e.g. server FQDN or YOUR name) []:Host1plus
Email Address []:support@host1plus.com

Now, you have to change permissions of your newly created SSL Certificate:

chmod 600 /etc/ssl/private/pure-ftpd.pem

Restart PureFTPd service:

systemctl restart pure-ftpd.service

Now you can connect to your FTP server via TLS session.

BIND is the most widely used Domain Name System (DNS) software on the Internet. It is necessary to install it for ISPConfig to work properly.

yum -y install bind bind-utils

Make a backup of the existing configuration file and create a new one as displayed:

cp /etc/named.conf /etc/named.conf_bak

cat /dev/null > /etc/named.conf
nano /etc/named.conf
//
// named.conf
//
// Provided by Red Hat bind package to configure the ISC BIND named(8) DNS
// server as a caching only nameserver (as a localhost DNS resolver only).
//
// See /usr/share/doc/bind*/sample/ for example named configuration files.
//
options {
listen-on port 53 { any; };
listen-on-v6 port 53 { any; };
directory “/var/named”;
dump-file “/var/named/data/cache_dump.db”;
statistics-file “/var/named/data/named_stats.txt”;
memstatistics-file “/var/named/data/named_mem_stats.txt”;
allow-query { any; };
allow-recursion {“none”;};
recursion no;
};
logging {
channel default_debug {
file “data/named.run”;
severity dynamic;
};
};
zone “.” IN {
type hint;
file “named.ca”;
};
include “/etc/named.conf.local”;

Create the /etc/named.conf.local file which will later on get populated by ISPConfig if you create DNS zones in ISPConfig:
touch /etc/named.conf.local
Create startup link and start BIND service:

systemctl enable named.service
systemctl start named.service

Now you have to install statistics and security tools. Those can be installed by a single command:

yum -y install webalizer awstats perl-DateTime-Format-HTTP perl-DateTime-Format-Builder fail2ban rkhunter

You need to create a startup link and start only fail2ban service, other services will be configured during the installation of ISPConfig 3:

systemctl enable fail2ban.service
systemctl start fail2ban.service

Mailman is a software for managing electronic mail discussion and e-newsletter lists. Since ISPConfig 3.04 version you are allowed to manage mailing lists – create, modify, delete. This software is optional, so you can skip this step if you don’t want it.

yum -y install mailman

You need to create a first mailing list before starting the service, so first create the aliases file:

touch /var/lib/mailman/data/aliases

Create a mailing list:

/usr/lib/mailman/bin/newlist mailman

Enter the email of the person running the list: example@host1plus.com
Initial mailman password: Enter password
To finish creating your mailing list, you must edit your /etc/aliases (or
equivalent) file by adding the following lines, and possibly running the
`newaliases’ program:
## mailman mailing list
mailman: “|/usr/lib/mailman/mail/mailman post mailman”
mailman-admin: “|/usr/lib/mailman/mail/mailman admin mailman”
mailman-bounces: “|/usr/lib/mailman/mail/mailman bounces mailman”
mailman-confirm: “|/usr/lib/mailman/mail/mailman confirm mailman”
mailman-join: “|/usr/lib/mailman/mail/mailman join mailman”
mailman-leave: “|/usr/lib/mailman/mail/mailman leave mailman”
mailman-owner: “|/usr/lib/mailman/mail/mailman owner mailman”
mailman-request: “|/usr/lib/mailman/mail/mailman request mailman”
mailman-subscribe: “|/usr/lib/mailman/mail/mailman subscribe mailman”
mailman-unsubscribe: “|/usr/lib/mailman/mail/mailman unsubscribe mailman”

Hit enter to notify mailman owner…
Open /etc/aliases file and add the following text atn the bottom of the file:

nano /etc/aliases

mailman: “|/usr/lib/mailman/mail/mailman post mailman”
mailman-admin: “|/usr/lib/mailman/mail/mailman admin mailman”
mailman-bounces: “|/usr/lib/mailman/mail/mailman bounces mailman”
mailman-confirm: “|/usr/lib/mailman/mail/mailman confirm mailman”
mailman-join: “|/usr/lib/mailman/mail/mailman join mailman”
mailman-leave: “|/usr/lib/mailman/mail/mailman leave mailman”
mailman-owner: “|/usr/lib/mailman/mail/mailman owner mailman”
mailman-request: “|/usr/lib/mailman/mail/mailman request mailman”
mailman-subscribe: “|/usr/lib/mailman/mail/mailman subscribe mailman”
mailman-unsubscribe: “|/usr/lib/mailman/mail/mailman unsubscribe mailman”
Run:

newaliases

Restart Postfix service:

systemctl restart postfix.service

Open Mailman Apache configuration file:

nano /etc/httpd/conf.d/mailman.conf

Add the line ScriptAlias /cgi-bin/mailman/ /usr/lib/mailman/cgi-bin/. Comment out Alias /pipermail/ /var/lib/mailman/archives/public/ and add the line Alias /pipermail /var/lib/mailman/archives/public/:

#
# httpd configuration settings for use with mailman.
#
ScriptAlias /cgi-bin/mailman/ /usr/lib/mailman/cgi-bin/
ScriptAlias /mailman/ /usr/lib/mailman/cgi-bin/
<Directory /usr/lib/mailman/cgi-bin/>
AllowOverride None
Options ExecCGI
Require all granted
</Directory>
# Alias /pipermail/ /var/lib/mailman/archives/public/
Alias /pipermail /var/lib/mailman/archives/public/
<Directory /var/lib/mailman/archives/public>
Options MultiViews FollowSymLinks
AllowOverride None

Restart Apache:

systemctl restart httpd.service

Create startup link and start Mailman service:

systemctl enable mailman.service

systemctl start mailman.service

Mailman usage:
You can use the alias /cgi-bin/mailman for all Apache vhosts (please note that suExec and CGI must be disabled for all vhosts from which you want to access Mailman!), which means you can access the Mailman admin interface for a list at Error! Hyperlink reference not valid.>, and the web page for users of a mailing list can be found at Error! Hyperlink reference not valid.>.
Under Error! Hyperlink reference not valid.> you can find the mailing list archives.

Jailkit installation is needed only if you want to chroot SSH users. The installation can be performed as displayed below.
NOTE: Please note that Jailkit can be installed only before the installation of ISPConfig.

cd /tmp
wget http://olivier.sessink.nl/jailkit/jailkit-2.17.tar.gz
tar xvfz jailkit-2.17.tar.gz
cd jailkit-2.17
./configure
make
make install
cd ..
rm -rf jailkit-2.17*

It is recommended to install Roundcube software as your webmail client as it is more comfortable than the old and ugly Squirrelmail.

yum install roundcubemail -y

Edit Roundcube configuration file:

nano /etc/httpd/conf.d/roundcubemail.conf


Make the file look like:

# Round Cube Webmail is a browser-based multilingual IMAP client
Alias /roundcubemail /usr/share/roundcubemail
Alias /webmail /usr/share/roundcubemail
# Define who can access the Webmail
# You can enlarge permissions once configured#<Directory /usr/share/roundcubemail/>
# <IfModule mod_authz_core.c>
# # Apache 2.4
# Require local
# </IfModule>
# <IfModule !mod_authz_core.c>
# # Apache 2.2
# Order Deny,Allow
# Deny from all
# Allow from 127.0.0.1
# Allow from ::1
# </IfModule>
#</Directory><Directory /usr/share/roundcubemail/>
Options none
AllowOverride Limit
Require all granted
</Directory># Define who can access the installer
# keep this secured once configured#<Directory /usr/share/roundcubemail/installer/>
# <IfModule mod_authz_core.c>
# # Apache 2.4
# Require local
# </IfModule>
# <IfModule !mod_authz_core.c>
# # Apache 2.2
# Order Deny,Allow
# Deny from all
# Allow from 127.0.0.1
# Allow from ::1
# </IfModule>
#</Directory>
<Directory /usr/share/roundcubemail/installer>
Options none
AllowOverride Limit
Require all granted
</Directory># Those directories should not be viewed by Web clients.
<Directory /usr/share/roundcubemail/bin/>
Order Allow,Deny
Deny from all
</Directory>
<Directory /usr/share/roundcubemail/plugins/enigma/home/>
Order Allow,Deny
Deny from all
</Directory>

Restart Apache:

 systemctl restart httpd.service

Now it is time to create a database for Roundcube. Login to MySQL server with your MySQL root credentials:

mysql -p


Enter password:

Run following commands:

CREATE DATABASE roundcubedb;

CREATE USER roundcubeuser@localhost IDENTIFIED BY ’roundcubepassword’;
GRANT ALL PRIVILEGES on roundcubedb.* to roundcubeuser@localhost ;
FLUSH PRIVILEGES;
exit

Now open the link for installation on your Internet browser: http://your_ip//roundcubemail/installer

x1

 

Click ‘Next’ and type the required information:

x2

Fill all the fields and click ‘OK’.

x3

Copy the text displayed in this field to /etc/roundcubemail/config.inc.php file.

nano /etc/roundecubemail/config.inc.php


Save the file, go to the browser and initialize the database:

x4

After completing the installation and the final tests disable the Roundecube mail installer.

nano /etc/httpd/conf.d/roundcubemail.conf

Make sure that the file looks like the one displayed below:

#
# Round Cube Webmail is a browser-based multilingual IMAP client
#
Alias /roundcubemail /usr/share/roundcubemail
Alias /webmail /usr/share/roundcubemail
# Define who can access the Webmail
# You can enlarge permissions once configured#<Directory /usr/share/roundcubemail/>
# <IfModule mod_authz_core.c>
# # Apache 2.4
# Require local
# </IfModule>
# <IfModule !mod_authz_core.c>
# # Apache 2.2
# Order Deny,Allow
# Deny from all
# Allow from 127.0.0.1
# Allow from ::1
# </IfModule>
#</Directory>

<Directory /usr/share/roundcubemail/>
Options none
AllowOverride Limit
Require all granted
</Directory>

# Define who can access the installer
# keep this secured once configured

<Directory /usr/share/roundcubemail/installer/>
<IfModule mod_authz_core.c>
# Apache 2.4
Require local
</IfModule>
<IfModule !mod_authz_core.c>
# Apache 2.2
Order Deny,Allow
Deny from all
Allow from 127.0.0.1
Allow from ::1
</IfModule>
</Directory>

# Those directories should not be viewed by Web clients.
<Directory /usr/share/roundcubemail/bin/>
Order Allow,Deny
Deny from all
</Directory>
<Directory /usr/share/roundcubemail/plugins/enigma/home/>
Order Allow,Deny
Deny from all
</Directory>

Restart Apache service:

systemctl restart httpd.service

Finally, your server is prepared for the installation of the latest version of ISPConfig. Run the following commands:

cd /tmp/
wget http://www.ispconfig.org/downloads/ISPConfig-3-stable.tar.gz
tar xfz ISPConfig-3-stable.tar.gz
cd ispconfig3_install/install/

Proceed with the installation:

php -q install.php

>> Initial configuration

Operating System: 14.04.3 LTS (Trusty Tahr)

Following will be a few questions for primary configuration so be careful.
Default values are in [brackets] and can be accepted with <ENTER>.
Tap in “quit” (without the quotes) to stop the installer.
Select language (en,de) [en]: en

Installation mode (standard,expert) [standard]: standard

Full qualified hostname (FQDN) of the server, eg server1.domain.tld [server.exa mple.com]: example.host1plus.com

MySQL server hostname [localhost]: localhost

MySQL root username [root]: root

MySQL root password []: asdfgh

MySQL database to create [dbispconfig]: dbispconfig

MySQL charset [utf8]: utf8

Generating a 4096 bit RSA private key
…………………………………………………………………….. ………………………………………………..++
…………++
writing new private key to ‘smtpd.key’
—–
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter ‘.’, the field will be left blank.
—–
Country Name (2 letter code) [AU]:UK
State or Province Name (full name) [Some-State]:London
Locality Name (eg, city) []:London
Organization Name (eg, company) [Internet Widgits Pty Ltd]:Host1plus
Organizational Unit Name (eg, section) []:IT
Common Name (e.g. server FQDN or YOUR name) []:host1plus
Email Address []:support@host1plus.com
Configuring Jailkit
Configuring Dovecot
Configuring Spamassassin
Configuring Amavisd
adduser: The user `clamav’ does not exist.
Configuring Getmail
Configuring Pureftpd
Configuring BIND
Configuring Apache
Configuring Vlogger
Configuring Apps vhost
Configuring Bastille Firewall
Installing ISPConfig
ISPConfig Port [8080]: 8080

Do you want a secure (SSL) connection to the ISPConfig web interface (y,n) [y]: y

Generating RSA private key, 4096 bit long modulus
………………………………………………………….++
…………………………………………………………………….. …………………………………………………………………….. …………………………………………………………………….. ……………………….++
e is 65537 (0x10001)
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter ‘.’, the field will be left blank.
—–
Country Name (2 letter code) [AU]:UK
State or Province Name (full name) [Some-State]:London
Locality Name (eg, city) []:London
Organization Name (eg, company) [Internet Widgits Pty Ltd]:Host1plus
Organizational Unit Name (eg, section) []:IT
Common Name (e.g. server FQDN or YOUR name) []:Host1plus
Email Address []:support@host1plus.com

Please enter the following ‘extra’ attributes
to be sent with your certificate request
A challenge password []:asdfgh
An optional company name []:Host1plus

Done! Now you can access ISPConfig panel through an Internet browservia address: http(s)://your_ip:8080 or http(s)://your domain:8080. The username is admin and password – admin.

x5

x7

TIP: If you are getting the following error that means that you are trying to connect via http, not httpS protocol:

x8

Germany Cloud Servers
KVM VPS
Linux Cloud Server
Linux KVM Hosting
Brazil VPS
cPanel KVM
Ubuntu VPS
Windows Cloud Server
USA VPS
OpenVZ VPS
Rate this Tutorial:
No Comments

Other (3)

Popular Keywords