ISPConfig는 하나의 제어패널에서 여러 서버 (웹, 메일, DNS, 가상화 등)를 관리 할 수 있는 Linux 용 제어 패널을 호스팅하는 오픈 소스로 웹 브라우저를 통해 다음과 같은 서비스 Apache web server, Postfix mail server, MySQL, BIND nameserver, PureFTPd, SpamAssassin, ClamAV, Mailman 등 )를 구성 할 수 있다.
1. 베이스 시스템 설치
- CentOS 6.4 x86_64 설치
- 방화벽을 사용하지 않도록 설정
- /etc/resolv.conf 에 nameserver 확인 및 추가
2. Disable SELinux
[root@localhost~]# vi /etc/selinux/config
# This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
# enforcing – SELinux security policy is enforced.
# permissive – SELinux prints warnings instead of enforcing.
# disabled – No SELinux policy is loaded.
SELINUX=disabled
# SELINUXTYPE= can take one of these two values:
# targeted – Targeted processes are protected,
# mls – Multi Level Security protection.
SELINUXTYPE=targeted
[root@localhost~]# reboot
3. Enable Additional Repositories And Install Some Software
[root@localhost~]# rpm –import /etc/pki/rpm-gpg/RPM-GPG-KEY*
*소프트웨어 패키지의 GPG키를 가져온다
[root@localhost~]# rpm –import http://dag.wieers.com/rpm/packages/RPM-GPG-KEY.dag.txt
[root@localhost~]# cd /tmp
[root@localhost tmp]# wget http://pkgs.repoforge.org/rpmforge-release/rpmforge-release-0.5.2-2.el6.rf.x86_64.rpm
[root@localhost tmp]# rpm -ivh rpmforge-release-0.5.2-2.el6.rf.x86_64.rpm
[root@localhost tmp]# rpm –import https://fedoraproject.org/static/0608B895.txt
[root@localhost tmp]# wget http://dl.fedoraproject.org/pub/epel/6/x86_64/epel-release-6-8.noarch.rpm
[root@localhost tmp]# rpm -ivh epel-release-6-8.noarch.rpm
[root@localhost~]# yum install yum-priorities
[root@localhost~]# vi /etc/yum.repos.d/epel.repo
[epel]
name=Extra Packages for Enterprise Linux 6 – $basearch
#baseurl=http://download.fedoraproject.org/pub/epel/6/$basearch
mirrorlist=https://mirrors.fedoraproject.org/metalink?repo=epel-6&arch=$basearch
failovermethod=priority
enabled=1
priority=10
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-6
[...]
* [epel] section에 priority=10 라인 추가
* 이렇게 되면 우리는 기존의 시스템을 업데이트 하게 된다
[root@localhost~]# yum update
[root@localhost~]# yum groupinstall ‘Development Tools’
* 나중에 필요한 일부 소프트웨어 설치
4.Quota ->파일시스템마다 사용자나 그룹이 생성할 수 있는 파일의 용량 및 개수를 제한한다
[root@localhost~]# yum install quota
[root@locahost~]# vi /etc/fstab
* 파일시스템에 제한여부를 설정한다
/dev/mapper/VolGroup-lv_home /home ext4 defaults,usrquota,grpquota 1 2
* /home 을 찾아 유저별 제한을 위해 usrquota 를 추가한다. 그룹별 제한을 위해서 grpquota 또한 추가한다.
[root@localhost~]# mount -o remount /home
* 설정 적용을 위해 재부팅 하거나 다시 마운트 한다
[root@localhost~]# mount
* 마운트 확인
[root@localhost~]# cd /home && touch aquota.user aquota.group
* 쿼터를 사용하기 위해서는 쿼타DB가 필요한데 이를위해 aquota.user(유저별제한), aquota.group(그룹별 제한)파일을 해당 파일시스템의 루트 디렉토리에 생성해야 한다
[root@localhost~]# chmod 600 aquota.user aquota.group
[root@localhost~]# quotacheck -avug
* 쿼터의 적용을 위해 현재 상태를 체크한다.
[root@localhost~]# quotaon -avug
5. Install Apache, MySQL, phpMyAdmin
[root@localhost~]# yum install ntp httpd mod_ssl mysql-server php php-mysql php-mbstring phpmyadmin
* install시 필요 패키지 다운
6. Install Dovecot IMAP, POP3를 지원하는 메일서버
[root@localhost~]# yum install dovecot dovecot-mysql
[root@localhost~]# chkconfig –levels 235 dovecot on
* 시스템 링크를 만들고 dovecot 시작
[root@localhost~]# /etc/init.d/dovecot start
7. Install postfix ->IBM Public License를 따르고, Wietse Venema가 개발한 오픈소스 MTA(Mail Transfer Agent)
[root@localhost~]# yum install postfix
[root@localhost~]# chkconfig –levels 235 mysqld on
[root@localhost~]# /etc/init.d/mysqld start
[root@localhost~]# chkconfig –levels 235 sendmail off
[root@localhost~]# chkconfig –levels 235 postfix on
[root@localhost~]# /etc/init.d/sendmail stop
[root@localhost~]# /etc/init.d/postfix restart
* 샌드메일을 끄고 postfix와 mysql을 시작
8. Install Getmail
[root@localhost~]# yum install getmail
9. Set MySQL Passwords And Configure phpMyAdmin
[root@locahost~]# mysql_secure_installation
NOTE: RUNNING ALL PARTS OF THIS SCRIPT IS RECOMMENDED FOR ALL MySQL
SERVERS IN PRODUCTION USE! PLEASE READ EACH STEP CAREFULLY!
In order to log into MySQL to secure it, we’ll need the current
password for the root user. If you’ve just installed MySQL, and
you haven’t set the root password yet, the password will be blank,
so you should just press enter here.
Enter current password for root (enter for none):
OK, successfully used password, moving on…
Setting the root password ensures that nobody can log into the MySQL
root user without the proper authorisation.
Set root password? [Y/n] <-- ENTER
New password: <-- yourrootsqlpassword
Re-enter new password: <-- yourrootsqlpassword
Password updated successfully!
Reloading privilege tables..
... Success!
By default, a MySQL installation has an anonymous user, allowing anyone
to log into MySQL without having to have a user account created for
them. This is intended only for testing, and to make the installation
go a bit smoother. You should remove them before moving into a
production environment.
Remove anonymous users? [Y/n] <-- ENTER
... Success!
Normally, root should only be allowed to connect from 'localhost'. This
ensures that someone cannot guess at the root password from the network.
Disallow root login remotely? [Y/n] <-- ENTER
... Success!
By default, MySQL comes with a database named 'test' that anyone can
access. This is also intended only for testing, and should be removed
before moving into a production environment.
Remove test database and access to it? [Y/n] <-- ENTER
- Dropping test database...
... Success!
- Removing privileges on test database...
... Success!
Reloading the privilege tables will ensure that all changes made so far
will take effect immediately.
Reload privilege tables now? [Y/n] <-- ENTER
... Success!
Cleaning up...
All done! If you've completed all of the above steps, your MySQL
installation should now be secure.
Thanks for using MySQL!
[root@localhost~]# vi /etc/httpd/conf.d/phpmyadmin.conf
* phpMyAdmin을 구성
#
# Web application to manage MySQL
#
#
# Order Deny,Allow
# Deny from all
# Allow from 127.0.0.1
#
Alias /phpmyadmin /usr/share/phpmyadmin
Alias /phpMyAdmin /usr/share/phpmyadmin
Alias /mysqladmin /usr/share/phpmyadmin
[root@localhost~]# vi /uer/share/phpmyadmin/config.inc.php
[...]
/* Authentication type */
$cfg['Servers'][$i]['auth_type'] = ‘http’;
[...]
* phpMyAdmin에 있는 인증을 쿠키에서 http로 변경
[root@localhost~]# chkconfig –levels 235 httpd on
[root@localhost~]# /etc/init.d/httpd start
* 아파치 시스템 시작링크를 만들고 시작
* 이제 브라우저로 http://ip/phpmyadmin 접속할 수 있고 root와 mysql 암호로 로그인 할 수 있다
10. Install Amavisd-new, SpamAssassin And ClamAV -> SMTP기반의 안티바이러스 게이트웨이, 스팸메일 필터링 하는 메일 유틸리티, 자유크로스 플랫폼 형식의 바이러스 검사 소프트웨어
[root@localhost~]# yum install amavisd-new spamassassin clamav clamd unzip bzip2 unrar perl-DBD-mysql
[root@localhost~]# sa-update
[root@localhost~]# chkconfig –levels 235 amavisd on
[root@localhost~]# chkconfig –del clamd
[root@localhost~]# chkconfig –levels 235 clamd.amavisd on
[root@localhost~]# /usr/bin/freshclam
[root@localhost~]# /etc/init.d/amavisd start
[root@localhost~]# /etc/init.d/clamd.amavisd start
11. Installing Apache2 With mod_php, mod_fcgi/php5, And suPHP
[root@localhost~]# yum install php php-devel php-gd php-imap php-ldap php-mysql php-odbc php-pear php-xml php-xmlrpc php-pecl-apc php-mbstring php-mcrypt php-mssql php-snmp php-soap php-tidy curl curl-devel perl-libwww-perl ImageMagick libxml2 libxml2-devel mod_fcgid php-cli httpd-devel
[root@localhost~]# vi /etc/php.ini
[...]
;error_reporting = E_ALL & ~E_DEPRECATED
error_reporting = E_ALL & ~E_NOTICE
[...]
; cgi.fix_pathinfo provides *real* PATH_INFO/PATH_TRANSLATED support for CGI. PHP’s
; previous behaviour was to set PATH_TRANSLATED to SCRIPT_FILENAME, and to not grok
; what PATH_INFO is. For more information on PATH_INFO, see the cgi specs. Setting
; this to 1 will cause PHP CGI to fix its paths to conform to the spec. A setting
; of zero causes PHP to behave as before. Default is 1. You should fix your scripts
; to use SCRIPT_FILENAME rather than PATH_TRANSLATED.
; http://www.php.net/manual/en/ini.core.php#ini.cgi.fix-pathinfo
cgi.fix_pathinfo=1
[...]
* cgi.fix_pathinfo=1 부분 주석을 제거 한다
[root@localhost~]# cd /tmp
[root@localhost tmp]# wget http://suphp.org/download/suphp-0.7.1.tar.gz
[root@localhost tmp]# tar xvfz suphp-0.7.1.tar.gz
[root@localhost tmp]# cd suphp-0.7.1
[root@localhost suphp-0.7.1]# ./configure –prefix=/usr –sysconfdir=/etc –with-apr=/usr/bin/apr-1-config –with-apxs=/usr/sbin/apxs –with-apache-user=apache –with-setid-mode=owner –with-php=/usr/bin/php-cgi –with-logfile=/var/log/httpd/suphp_log –enable-SUPHP_USE_USERGROUP=yes
[root@localhost suphp-0.7.1]# make
[root@localhost suphp-0.7.1]# make install
그리고 아파치 구성에 suphp 모듈을 추가
[root@localhost~]# vi /etc/httpd/conf.d/suphp.conf
LoadModule suphp_module modules/mod_suphp.so
* 윗줄을 추가하여 모듈 추가
[root@localhost~]# vi /etc/suphp.conf
[global]
;Path to logfile
logfile=/var/log/httpd/suphp.log
;Loglevel
loglevel=info
;User Apache is running as
webserver_user=apache
;Path all scripts have to be in
docroot=/
;Path to chroot() to before executing script
;chroot=/mychroot
; Security options
allow_file_group_writeable=true
allow_file_others_writeable=false
allow_directory_group_writeable=true
allow_directory_others_writeable=false
;Check wheter script is within DOCUMENT_ROOT
check_vhost_docroot=true
;Send minor error messages to browser
errors_to_browser=false
;PATH environment variable
env_path=/bin:/usr/bin
;Umask to set, specify in octal notation
umask=0077
; Minimum UID
min_uid=100
; Minimum GID
min_gid=100
[handlers]
;Handler for php-scripts
x-httpd-suphp=”php:/usr/bin/php-cgi”
;Handler for CGI-scripts
x-suphp-cgi=”execute:!self”
* 위의 내용을 추가하여 파일 생성
[root@localhost~]# /etc/init.d/httpd restart
12. Ruby
[root@localhost~]# yum install httpd-devel ruby ruby-devel
[root@localhost~]# cd /tmp
[root@localhost tmp]# wget http://fossies.org/unix/www/apache_httpd_modules/mod_ruby-1.3.0.tar.gz
[root@localhost tmp]# tar zxvf mod_ruby-1.3.0.tar.gz
[root@localhost tmp]# cd mod_ruby-1.3.0
[root@localhost mod_ruby-1.3.0]# ./configure.rb –with-apr-includes=/usr/include/apr-1
[root@localhost mod_ruby-1.3.0]# make
[root@localhost mod_ruby-1.3.0]# make install
* CentOS 6.4의 경우 mod_ruby 패키지가 없다. 구성요소 설치 후 컴파일
[root@localhost~]# vi /etc/httpd/conf.d/ruby.conf
LoadModule ruby_module modules/mod_ruby.so
RubyAddPath /1.8
* 윗줄을 포함하여 아파치 구성에 mod_ruby 모듈 추가
[root@localhost~]# /etc/init.d/httpd restart
* 아파치 재시작
13. Python
[root@localhost~]# yum install mod_rython
[root@localhost~]# /etc/init.d/httpd restart
14. WebDAV
[root@localhost~]# vi /etc/httpd/conf/httpd.conf
[...]
LoadModule auth_digest_module modules/mod_auth_digest.so
[...]
LoadModule dav_module modules/mod_dav.so
[...]
LoadModule dav_fs_module modules/mod_dav_fs.so
[...]
* WebDAV를 설정하기 전에 위와 같은 모듈이 활성화 되어 있는지 확인한다
[root@localhost~]# /etc/init.d/httpd restart
15. Install PureFTPd
[root@localhost~]# yum install pure-ftpd
[root@localhost~]# chkconfig –levels 235 pure-ftpd on
[root@localhost~]# /etc/init.d/pure-ftpd start
[root@localhost~]# yum install openssl
* FTP 및 TLS 세션을 허용하는 Puerftpd를 구성한다
* 모든 암호 및 데이터가 일반 텍스트로 전송되기 때문에 FTP는 안전하지 않은 프로토콜이다. TLS을 사용하여 모든 통신에 암호화 한다
* TLS은 openssl 이 필요하기 때문에 설치 진행
[root@localhost~]# vi /etc/pure-ftpd/pure-ftpd.conf
[...]
# This option can accept three values :
# 0 : disable SSL/TLS encryption layer (default).
# 1 : accept both traditional and encrypted sessions.
# 2 : refuse connections that don’t use SSL/TLS security mechanisms,
# including anonymous sessions.
# Do _not_ uncomment this blindly. Be sure that :
# 1) Your server has been compiled with SSL/TLS support (–with-tls),
# 2) A valid certificate is in place,
# 3) Only compatible clients will log in.
TLS 1
[...]
* FTP 및 TLS 세션을 설정할 수 있도록 TLS 1 추가
[
root@localhost~]# mkdir -p /etc/ssl/private
[root@localhost~]# openssl req -x509 -nodes -days 7300 -newkey rsa:2048 -keyout /etc/ssl/private/pure-ftpd.pem -out /etc/ssl/private/pure-ftpd.pem
Country Name (2 letter code) [XX]: <-- Enter your Country Name (e.g., "DE").
State or Province Name (full name) []: <-- Enter your State or Province Name.
Locality Name (eg, city) [Default City]: <-- Enter your City.
Organization Name (eg, company) [Default Company Ltd]: <-- Enter your Organization Name (e.g., the name of your company).
Organizational Unit Name (eg, section) []: <-- Enter your Organizational Unit Name (e.g. "IT Department").
Common Name (eg, your name or your server's hostname) []: <-- Enter the Fully Qualified Domain Name of the system (e.g. "server1.example.com").
Email Address []: <-- Enter your Email Address.
* 위와 같은 SSl 인증서를 생성 할 수 있다
[root@localhost~]# chmod 600 /etc/ssl/private/pure-ftpd.pem
[root@localhost~]# /etc/ini.t/pure-ftpd restart
* 인증서의 권한을 변경 후 pure-ftpd 재시작
16. Install BIND nameserver
[root@localhost~]# yum install bind bind-utils
[root@localhost~]# vi /etc/sysconfig/named
# BIND named process options
# ~~~~~~~~~~~~~~~~~~~~~~~~~~
# Currently, you can use the following options:
#
# ROOTDIR=”/var/named/chroot” — will run named in a chroot environment.
# you must set up the chroot environment
# (install the bind-chroot package) before
# doing this.
# NOTE:
# Those directories are automatically mounted to chroot if they are
# empty in the ROOTDIR directory. It will simplify maintenance of your
# chroot environment.
# – /var/named
# – /etc/pki/dnssec-keys
# – /etc/named
# – /usr/lib64/bind or /usr/lib/bind (architecture dependent)
#
# Those files are mounted as well if target file doesn’t exist in
# chroot.
# – /etc/named.conf
# – /etc/rndc.conf
# – /etc/rndc.key
# – /etc/named.rfc1912.zones
# – /etc/named.dnssec.keys
# – /etc/named.iscdlv.key
#
# Don’t forget to add “$AddUnixListenSocket /var/named/chroot/dev/log”
# line to your /etc/rsyslog.conf file. Otherwise your logging becomes
# broken when rsyslogd daemon is restarted (due update, for example).
#
# OPTIONS=”whatever” — These additional options will be passed to named
# at startup. Don’t add -t here, use ROOTDIR instead.
#
# KEYTAB_FILE=”/dir/file” — Specify named service keytab file (for GSS-TSIG)
#
# DISABLE_ZONE_CHECKING — By default, initscript calls named-checkzone
# utility for every zone to ensure all zones are
# valid before named starts. If you set this option
# to ‘yes’ then initscript doesn’t perform those
# checks.
*ROOTDIR=/var/named/chroot 라인의 주석처리 확인
[root@localhost~]# cp /etc/named.conf /etc/named.con_bak
[root@locahost~]# cat /dev/null > /etc/named.conf
[root@localhost~]# vi /etc/named.cont
//
// named.conf
//
// Provided by Red Hat bind package to configure the ISC BIND named(8) DNS
// server as a caching only nameserver (as a localhost DNS resolver only).
//
// See /usr/share/doc/bind*/sample/ for example named configuration files.
//
options {
listen-on port 53 { any; };
listen-on-v6 port 53 { any; };
directory “/var/named”;
dump-file “/var/named/data/cache_dump.db”;
statistics-file “/var/named/data/named_stats.txt”;
memstatistics-file “/var/named/data/named_mem_stats.txt”;
allow-query { any; };
recursion yes;
};
logging {
channel default_debug {
file “data/named.run”;
severity dynamic;
};
};
zone “.” IN {
type hint;
file “named.ca”;
};
include “/etc/named.conf.local”;
* named.conf의 백업을 만들고 named.conf를 위의 내용과 같이 새로 생성
[root@localhost~]# touch /etc/named.conf.local
[root@localhost~]# chkconfig –levels 235 named on
[root@localhost~]# /etc/init.d/named start
* 시스템 시작 링크를 만들어주고 BIND를 시작
17. Install Webalizer, And AWStats
[root@localhost~]# yum install webalizer awstats perl-DateTime-Format-HTTP perl-DateTime-Format-Builder
18. Install Jailkit 특정명령을 사용하여 특정 파일에 사용자 계정을 제한하는 유틸리티
[root@localhost~]# cd /tmp
[root@localhost tmp]# wget http://olivier.sessink.nl/jailkit/jailkit-2.15.tar.gz
[root@localhost tmp]# tar xvfz jailkit-2.15.tar.gz
[root@localhost tmp]# cd jailkit-2.15
[root@localhost jailkit-2.15]# ./configure
[root@localhost jailkit-2.15]# make
[root@localhost jailkit-2.15]#]# make install
[root@localhost jailkit-2.15]# cd ..
[root@localhost tmp]# rm -rf jailkit-2.15*
* jailkit는 ISPConfig를 하기 전 설치해야 한다.
19. Install fail2ban
[root@localhost~]# yum install fail2ban
* ISPConfig 모니터 로그를 표시하려고 하기 때문에 선택사항이지만 권장
[root@localhost~]# vi /etc/fail2ban/fail2ban.conf
[...]
# Option: logtarget
# Notes.: Set the log target. This could be a file, SYSLOG, STDERR or STDOUT.
# Only one log target can be specified.
# Values: STDOUT STDERR SYSLOG file Default: /var/log/fail2ban.log
#
#logtarget = SYSLOG
logtarget = /var/log/fail2ban.log
[...]
* logtarget=SYSLOG 라인을 주석처리 한 후, logtarget=/var/log/fail2ban.log 라인을 추가 한다
[root@localhost~]# chkconfig –levels 235 fail2ban on
[root@localhost~]# /etc/init.d/fail2ban start
* 시스템시작 링크를 생성 후 fail2ban 시작
20. Install rkhunter
[root@localhost~]# yum install rkhunter
21. Install Mailman
[root@localhost~]# yum install mailman
[root@localhost~]# /usr/lib/mailman/bin/newlist mailman
[root@server1 tmp]# /usr/lib/mailman/bin/newlist mailman
Enter the email of the person running the list: <-- admin email address, e.g. listadmin@example.com
Initial mailman password: <-- admin password for the mailman list
To finish creating your mailing list, you must edit your /etc/aliases (or
equivalent) file by adding the following lines, and possibly running the
`newaliases' program:
## mailman mailing list
mailman: "|/usr/lib/mailman/mail/mailman post mailman"
mailman-admin: "|/usr/lib/mailman/mail/mailman admin mailman"
mailman-bounces: "|/usr/lib/mailman/mail/mailman bounces mailman"
mailman-confirm: "|/usr/lib/mailman/mail/mailman confirm mailman"
mailman-join: "|/usr/lib/mailman/mail/mailman join mailman"
mailman-leave: "|/usr/lib/mailman/mail/mailman leave mailman"
mailman-owner: "|/usr/lib/mailman/mail/mailman owner mailman"
mailman-request: "|/usr/lib/mailman/mail/mailman request mailman"
mailman-subscribe: "|/usr/lib/mailman/mail/mailman subscribe mailman"
mailman-unsubscribe: "|/usr/lib/mailman/mail/mailman unsubscribe mailman"
Hit enter to notify mailman owner... <-- ENTER
* mailman을 실행하기 전, mailman 메일링 리스트가 작성되어야 한다
[root@localhost~]# vi /etc/alias
[...]
mailman: "|/usr/lib/mailman/mail/mailman post mailman"
mailman-admin: "|/usr/lib/mailman/mail/mailman admin mailman"
mailman-bounces: "|/usr/lib/mailman/mail/mailman bounces mailman"
mailman-confirm: "|/usr/lib/mailman/mail/mailman confirm mailman"
mailman-join: "|/usr/lib/mailman/mail/mailman join mailman"
mailman-leave: "|/usr/lib/mailman/mail/mailman leave mailman"
mailman-owner: "|/usr/lib/mailman/mail/mailman owner mailman"
mailman-request: "|/usr/lib/mailman/mail/mailman request mailman"
mailman-subscribe: "|/usr/lib/mailman/mail/mailman subscribe mailman"
mailman-unsubscribe: "|/usr/lib/mailman/mail/mailman unsubscribe
* alias를 열어 윗줄을 추가한다.
[root@localhost~]# newailases
[root@localhost~]# /etc/init.d/postfix restart
* postfix를 재시작 해 준다
[root@localhost~]# vi /etc/httpd/conf.d/mailman.conf
#
# httpd configuration settings for use with mailman.
#
ScriptAlias /mailman/ /usr/lib/mailman/cgi-bin/
ScriptAlias /cgi-bin/mailman/ /usr/lib/mailman/cgi-bin/
AllowOverride None
Options ExecCGI
Order allow,deny
Allow from all
#Alias /pipermail/ /var/lib/mailman/archives/public/
Alias /pipermail /var/lib/mailman/archives/public/
Options Indexes MultiViews FollowSymLinks
AllowOverride None
Order allow,deny
Allow from all
AddDefaultCharset Off
# Uncomment the following line, to redirect queries to /mailman to the
# listinfo page (recommended).
# RedirectMatch ^/mailman[/]*$ /mailman/listinfo
* ScriptAlias /cgi-bin/mailman/ /usr/lib/mailman/cgi-bin/ 라인 추가
* Alias /pipermail/ /var/lib/mailman/archives/public/ 라인 주석 처리
* Alias /pipermail /var/lib/mailman/archives/public/ 라인 추가
[root@localhost~]# /etc/init.d/httpd restart
[root@localhost~]# chkconfig –levels 235 mailman on
[root@localhost~]# /etc/init.d/mailman start
22. Install SquirrelMail
[root@localhost~]# yum install squirrelmail
[root@localhost~]# /etc/init.d/httpd restart
[root@localhost~]# /usr/share/squirrelmail/config/conf.pl
SquirrelMail Configuration : Read: config.php (1.4.0)
———————————————————
Main Menu –
1. Organization Preferences
2. Server Settings
3. Folder Defaults
4. General Options
5. Themes
6. Address Books
7. Message of the Day (MOTD)
8. Plugins
9. Database
10. Languages
D. Set pre-defined settings for specific IMAP servers
C Turn color off
S Save data
Q Quit
Command >> <-- D
SquirrelMail Configuration : Read: config.php
---------------------------------------------------------
While we have been building SquirrelMail, we have discovered some
preferences that work better with some servers that don't work so
well with others. If you select your IMAP server, this option will
set some pre-defined settings for that server.
Please note that you will still need to go through and make sure
everything is correct. This does not change everything. There are
only a few settings that this will change.
Please select your IMAP server:
bincimap = Binc IMAP server
courier = Courier IMAP server
cyrus = Cyrus IMAP server
dovecot = Dovecot Secure IMAP server
exchange = Microsoft Exchange IMAP server
hmailserver = hMailServer
macosx = Mac OS X Mailserver
mercury32 = Mercury/32
uw = University of Washington's IMAP server
gmail = IMAP access to Google mail (Gmail) accounts
quit = Do not change anything
Command >> <-- dovecot
SquirrelMail Configuration : Read: config.php
---------------------------------------------------------
While we have been building SquirrelMail, we have discovered some
preferences that work better with some servers that don't work so
well with others. If you select your IMAP server, this option will
set some pre-defined settings for that server.
Please note that you will still need to go through and make sure
everything is correct. This does not change everything. There are
only a few settings that this will change.
Please select your IMAP server:
bincimap = Binc IMAP server
courier = Courier IMAP server
cyrus = Cyrus IMAP server
dovecot = Dovecot Secure IMAP server
exchange = Microsoft Exchange IMAP server
hmailserver = hMailServer
macosx = Mac OS X Mailserver
mercury32 = Mercury/32
uw = University of Washington's IMAP server
gmail = IMAP access to Google mail (Gmail) accounts
quit = Do not change anything
Command >> courier
imap_server_type = courier
default_folder_prefix = INBOX.
trash_folder = Trash
sent_folder = Sent
draft_folder = Drafts
show_prefix_option = false
default_sub_of_inbox = false
show_contain_subfolders_option = false
optional_delimiter = .
delete_folder = true
Press enter to continue… <-- press ENTER
SquirrelMail Configuration : Read: config.php (1.4.0)
---------------------------------------------------------
Main Menu --
1. Organization Preferences
2. Server Settings
3. Folder Defaults
4. General Options
5. Themes
6. Address Books
7. Message of the Day (MOTD)
8. Plugins
9. Database
10. Languages
D. Set pre-defined settings for specific IMAP servers
C Turn color off
S Save data
Q Quit
Command >> <--S
SquirrelMail Configuration : Read: config.php (1.4.0)
---------------------------------------------------------
Main Menu --
1. Organization Preferences
2. Server Settings
3. Folder Defaults
4. General Options
5. Themes
6. Address Books
7. Message of the Day (MOTD)
8. Plugins
9. Database
10. Languages
D. Set pre-defined settings for specific IMAP servers
C Turn color off
S Save data
Q Quit
Command >> <--Q
* Squirrelmail 구성
[root@localhost~]# vi /etc/squirrelmail/config_local.php
23. Install ISPConfig 3
[root@localhost~]# cd /tmp
[root@localhost tmp]# wget http://www.ispconfig.org/downloads/ISPConfig-3-stable.tar.gz
[root@localhost tmp]# tar xfz ISPConfig-3-stable.tar.gz
[root@localhost tmp]# cd ispconfig3_install/install/
[root@localhost tmp]# php -q install.php
——————————————————————————–
_____ ___________ _____ __ _ ____
|_ _/ ___| ___ \ / __ \ / _(_) /__ \
| | \ `–.| |_/ / | / \/ ___ _ __ | |_ _ __ _ _/ /
| | `–. \ __/ | | / _ \| ‘_ \| _| |/ _` | |_ |
_| |_/\__/ / | | \__/\ (_) | | | | | | | (_| | ___\ \
\___/\____/\_| \____/\___/|_| |_|_| |_|\__, | \____/
__/ |
|___/
——————————————————————————–
>> Initial configuration
Operating System: Redhat or compatible, unknown version.
Following will be a few questions for primary configuration so be careful.
Default values are in [brackets] and can be accepted with
Tap in “quit” (without the quotes) to stop the installer.
Select language (en,de) [en]: <-- ENTER
Installation mode (standard,expert) [standard]: <-- ENTER
Full qualified hostname (FQDN) of the server, eg server1.domain.tld [server1.example.com]: <-- ENTER
MySQL server hostname [localhost]: <-- ENTER
MySQL root username [root]: <-- ENTER
MySQL root password []: <-- yourrootsqlpassword
MySQL database to create [dbispconfig]: <-- ENTER
MySQL charset [utf8]: <-- ENTER
Generating a 2048 bit RSA private key
..........................................................+++
................................+++
writing new private key to 'smtpd.key'
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [XX]: <-- ENTER
State or Province Name (full name) []: <-- ENTER
Locality Name (eg, city) [Default City]: <-- ENTER
Organization Name (eg, company) [Default Company Ltd]: <-- ENTER
Organizational Unit Name (eg, section) []: <-- ENTER
Common Name (eg, your name or your server's hostname) []: <-- ENTER
Email Address []: <-- ENTER
Configuring Jailkit
Configuring Dovecot
Configuring Spamassassin
Configuring Amavisd
Configuring Getmail
Configuring Pureftpd
Configuring BIND
Configuring Apache
Configuring Vlogger
Configuring Apps vhost
Configuring Bastille Firewall
Configuring Fail2ban
Installing ISPConfig
ISPConfig Port [8080]: <-- ENTER
Do you want a secure (SSL) connection to the ISPConfig web interface (y,n) [y]: <-- ENTER
Generating RSA private key, 4096 bit long modulus
.....................++
.......++
e is 65537 (0x10001)
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [XX]: <-- ENTER
State or Province Name (full name) []: <-- ENTER
Locality Name (eg, city) [Default City]: <-- ENTER
Organization Name (eg, company) [Default Company Ltd]: <-- ENTER
Organizational Unit Name (eg, section) []: <-- ENTER
Common Name (eg, your name or your server's hostname) []: <-- ENTER
Email Address []: <-- ENTER
Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []: <-- ENTER
An optional company name []: <-- ENTER
writing RSA key
Configuring DBServer
Installing ISPConfig crontab
no crontab for root
no crontab for getmail
Restarting services ...
Stopping mysqld: [ OK ]
Starting mysqld: [ OK ]
Shutting down postfix: [ OK ]
Starting postfix: [ OK ]
Stopping saslauthd: [FAILED]
Starting saslauthd: [ OK ]
Waiting for the process [1424] to terminate
Shutting down amavisd: Daemon [1424] terminated by SIGTERM
[ OK ]
amavisd stopped
Starting amavisd: [ OK ]
Stopping clamd.amavisd: [ OK ]
Starting clamd.amavisd: [ OK ]
Stopping Dovecot Imap: [ OK ]
Starting Dovecot Imap: [ OK ]
Stopping httpd: [ OK ]
[Thu Mar 14 14:12:32 2013] [warn] NameVirtualHost *:80 has no VirtualHosts
Starting httpd: [ OK ]
Stopping pure-ftpd: [ OK ]
Starting pure-ftpd: [ OK ]
Installation completed.
[root@localhost~]# vi /usr/lib/mailman/Mailman/mm_cfg.py -> ISPConfig를 구성하는 동안 생긴 mailman 오류 수정
[...]
#————————————————————-
# The default language for this server.
DEFAULT_SERVER_LANGUAGE = ‘en’
[...]
* DEFAULT_SERVER_LANGUAGE=’en’ 부분 설정
[root@localhost~]# /etc/init.d/mailman restart
24. 기타 수정
[root@localhost~] vi /etc/httpd/conf.d/php.conf
#
# PHP is an HTML-embedded scripting language which attempts to make it
# easy for developers to write dynamically generated webpages.
#
LoadModule php5_module modules/libphp5.so
LoadModule php5_module modules/libphp5-zts.so
#
# Cause the PHP interpreter to handle files with a .php extension.
#
AddHandler php5-script .php
AddType text/html .php
#
# Add index.php to the list of files that will be served as directory
# indexes.
#
DirectoryIndex index.php index.htm index.html
#
# Uncomment the following line to allow PHP to pretty-print .phps
# files as PHP source code:
#
AddType application/x-httpd-php-source .phps
* 마지막줄 주석제거 및 index.htm, index.html 추가
**이제 ISPConfig3에 액세스 할 수 있다 HTTP (S) :/ / ip:8080 /
Admin/admin 으로 접속하여 기본 암호 변경
'넋두리 > linux 이야기' 카테고리의 다른 글
| nmon 소개 (0) | 2013.10.01 |
|---|---|
| Bacula 설정과 사용하기 -Part I (0) | 2013.10.01 |
| 클라우드스택에서 젠서버(agent) 설치 방법 (0) | 2013.10.01 |
| 서버 랜(hardware) 포트 확인 시 (0) | 2013.10.01 |
| Ubuntu Cloudstack repo 구성 방법 (0) | 2013.10.01 |