Get A Sys Admin

A sysadmin blog about Linux and cloud IaaS

Get A Sys Admin - A sysadmin blog about Linux and cloud IaaS

Server setup ISPConfig 3 with Ubuntu 12.04

Note: This is work in progress! You should probably test this in a virtual machine first and play around with various settings.

There are a lot of tutorials over the Internet about how to configure an Ubuntu server for ISPConfig. I usually follow them, after all there aren’t so many variations on how to setup a LAMP. But I always find some things that bother me. I don’t claim my setup is “perfect”, but please read and make your own decisions.

Installing Ubuntu 12.04

Disk Partitioning

First of all, do yourself a favor and use at least 2 HDDs for the server you are going to setup. It doesn’t matter if they are of different sizes as long you have enough space on the smallest one. If they have same size, the better. The reason why I am insisting on using at least 2 HDDs is because you will be able to setup software RAID1. There are pro and cons of using software RAID1, but I think it’s better to have it. It’s not even hard to configure RAID1:

  • create 2 equal size partitions, one on each drive
  • mark them as “Use as: physical volume for RAID”
  • go to “Configure software RAID” and “Create MD device” -> RAID1, 2 disks, 0 spare and select the two partitions you have marked for RAID (probably /dev/sda1 and /dev/sdb1)

You should see now RAID1 device #0 which is commonly known as /dev/md0. Congrats, you have just finished setting up software RAID1! Press Alt+F2, Enter and check out the progress of RAID sync:

cat /proc/mdstat

Note: If you are using a system that has (U)EFI you might want to partition your disks before using GParted and you will need to create an EFIBoot partition of about 100MB at the beginning of HDD. To keep things looking nice you can create 2x 128MB partitions on both harddisks(one on each). More details about this on my previous article “Install Ubuntu 12.04 with RAID/LVM on UEFI system”

I prefer to use LVM over the RAID1 I’ve just created because I find it easier to manage this way. I usually create different logical volumes/partitions for:

  • /boot: this one is usually 128MB, for kernel; you skip it if you want
  • /: make this one about 10-20GB, for system
  • /tmp: can be anywhere from 2GB to 10GB, set nosuid and noexec for it
  • /var: this is where there are web files and databases, so I usually use the rest of the space for it; also set usrquota and grpquota for this

If you are using UEFI:You will need 1 vfat32 partition for EFIBoot and 1 ext4 partition for /boot, outside the software RAID. After playing around with all kinds of setups, this was the only working solution I have found. The bad thing with this setup is that in case of disk failure you will have to recover either EFI partition or/and the /boot partition. Sorry, it sucks, but I didn’t find a better way to do it.

Here is how to setup LVM

You can use LVM over RAID1 or simply use LVM. Here are the steps:

  • “Configure the Logical Volume Manager” and use /dev/md0 as Physical Volume.
  • Create a Volume Group and named it “VolGroup00″ (or whatever you want)
  • Create as many Logical Volumes as you need, set the right size for them (you can resize later). I usually name them LogVolRoot (for /) or LogVolTmp (for /tmp)
  • When you are done click “Finish”

You now have successfully setup LVM over RAID1. Just one more step and you are done partitioning. For each of the LVMs you have created, click on them and set the following:

  • Use as: file system of your choice; I use XFS because of fs freeze and resize on the fly, feel free to use ext4 or whatever you like most in the end I used ext4 because of quota issues with ISPConfig 3
  • Format the partition: yes
  • Mount point: put here where you want to mount it (be it /, /boot, /tmp, /var, /srv)
  • Mount options: set nosuid and noexec for /tmp and usrquota and grpquota for /var if you have them

Note: About swap partition(s) … there are many approaches to this. You can have 2 swap partitions, one on each drive, set same priority for both and put them outside RAID/LVM. Or you can create a LV for swap. If the harddisks don’t have the same size you can create the swap on the free space left. Recommended swap size is (according to RHEL) 2* RAM if you have less than 2GB, and 2+ RAM if you have over 2GB. I had 2 HDDs, one of 500GB and one of 250GB so I created the swap on the free space left on the big drive. The rest of the space I’ve created a partition, put XFS on it and mounted in /srv for later use (probably some FTP storage, whatever is not important)

Installing software and ISPConfig 3

For the most part I’ve followed this excellent tutorial The Perfect Server – Ubuntu 12.04 LTS (Apache2, BIND, Dovecot, ISPConfig 3), but there are some minor things changed.

First of all I don’t like to disable AppArmor as suggested in the tutorial. From my experience is not that hard to figure out when you screwed up things. Most of the times you will have problems with AppArmor if you change data_dir for MySQL or you made changes to Apache, etc. If you have recently made changes to configuration of MySQL(let’s say you have moved database files from /var/lib to /srv/mysql) and the server is not starting up take a quick look at /var/log/syslog and look up for apparmor entries. If you see something like denied, edit the file /etc/apparmor.d/usr.sbin.mysqld and try to find the entries related to the directories modified. For /var/lib you will find 2 entries similar to these:

  /var/lib/mysql/ r,
  /var/lib/mysql/** rwk,

Either replace /var/lib with /srv/mysql or append 2 new lines, your choice. Restart AppArmor and this should be all. MySQL should start now.

Also in the tutorial at some point you are advised to comment out this line in /etc/mysql/my.cnf:

bind-address           = 127.0.0.1

You only need to do this if you plan to access the MySQL server/databases from another server(you have the website files on another server, you need to set replication). But if all you want to do is to run web sites that use “host= localhost” for their database settings don’t comment out that line. Most of the times you should be fine with MySQL listening only on local interface.

Install MySQL

apt-get install mysql-client mysql-server
mysql_secure_installation

I know there is a lot of debate about using innodb_file_per_table, but after getting a corrupted ibdata1 file and losing all the InnoDB tables I will go with having 1 file per table.

Install Apache2 + PHP-FPM

apt-get install apache2 apache2.2-common apache2-doc apache2-mpm-prefork apache2-utils libexpat1 ssl-cert libapache2-mod-php5 php5 php5-common php5-gd php5-mysql php5-imap phpmyadmin php5-cli php5-cgi libapache2-mod-fcgid apache2-suexec php-pear php-auth php5-mcrypt mcrypt php5-imagick imagemagick libapache2-mod-suphp libruby libapache2-mod-ruby

Also I found I was missing php5-curl package:

apt-get install php5-curl

Enable required mods:

a2enmod suexec rewrite ssl actions include

If you plan to use PHP-FPM and fastcgi mod (available in ISPConfig 3.0.5 or svn release):

apt-get install libapache2-mod-fastcgi php5-fpm
a2enmod fastcgi

Install Postfix and Courier

I am only installing Postfix without Amavis and AV/AS capabilities since I am planing to integrate ISPConfig with Zimbra in the future. I find SquirrelMail to be dated and I prefer the modern look and all the features available in the Zimbra Open Source edition. More on the integration of ISPConfig and Zimbra in a future article. Back to work:

apt-get install postfix postfix-mysql postfix-doc openssl getmail4
apt-get install courier-authdaemon courier-authlib-mysql courier-pop courier-pop-ssl courier-imap courier-imap-ssl libsasl2-2 libsasl2-modules libsasl2-modules-sql sasl2-bin libpam-mysql openssl courier-maildrop

Install PureFTPD

apt-get install pure-ftpd-common pure-ftpd-mysql

Install BIND (named, DNS)

apt-get install bind9 dnsutils

Install fail2ban and rkhunter

apt-get install fail2ban rkhunter binutils

Vlogger, Webalizer, Awstats

If you don’t use Awstats you can comment out all the entries in /etc/crond.d/awstats.

apt-get install vlogger webalizer awstats geoip-database libclass-dbi-mysql-perl

Quota tools

apt-get install quota quotatool

Install ISPConfig 3

cd /tmp
wget http://www.ispconfig.org/downloads/ISPConfig-3-stable.tar.gz
tar xfz ISPConfig-3-stable.tar.gz
cd ispconfig3_install/install/
php -q install.php

Fix /etc/postfix/master.cf:

sed -i -e 's/smtpd_bind_address/smtp_bind_address/' /etc/postfix/master.cf

In case you have missed the note at the top of the article: This is Work in Progress!

Category: Linux, Ubuntu
  • chrisw says:

    Thanks, this makes the install process way quicker.

    thanks again.

    June 26, 2013 at 7:33 am
  • moving companies Fort Worth says:

    Very nice article, totally what I was looking for.

    April 25, 2013 at 3:37 am
  • Brian says:

    Worked out very well for me. Extremely easy to follow your guide. Thank you very much as this has been quite the headache trying to follow some of the other guides on the net. Great work!

    September 25, 2012 at 4:50 pm
    • Octavian says:

      Glad to hear that! Thanks for your comment Brian :)

      September 27, 2012 at 6:43 pm

Your email address will not be published. Required fields are marked *

*