Note: This is work in progress! You should probably test this in a virtual machine first and play around with various settings.
There are a lot of tutorials over the Internet about how to configure an Ubuntu server for ISPConfig. I usually follow them, after all there aren’t so many variations on how to setup a LAMP. But I always find some things that bother me. I don’t claim my setup is “perfect”, but please read and make your own decisions.
Installing Ubuntu 12.04
First of all, do yourself a favor and use at least 2 HDDs for the server you are going to setup. It doesn’t matter if they are of different sizes as long you have enough space on the smallest one. If they have same size, the better. The reason why I am insisting on using at least 2 HDDs is because you will be able to setup software RAID1. There are pro and cons of using software RAID1, but I think it’s better to have it. It’s not even hard to configure RAID1:
- create 2 equal size partitions, one on each drive
- mark them as “Use as: physical volume for RAID”
- go to “Configure software RAID” and “Create MD device” -> RAID1, 2 disks, 0 spare and select the two partitions you have marked for RAID (probably /dev/sda1 and /dev/sdb1)
You should see now RAID1 device #0 which is commonly known as /dev/md0. Congrats, you have just finished setting up software RAID1! Press Alt+F2, Enter and check out the progress of RAID sync:
Note: If you are using a system that has (U)EFI you might want to partition your disks before using GParted and you will need to create an EFIBoot partition of about 100MB at the beginning of HDD. To keep things looking nice you can create 2x 128MB partitions on both harddisks(one on each). More details about this on my previous article “Install Ubuntu 12.04 with RAID/LVM on UEFI system”
I prefer to use LVM over the RAID1 I’ve just created because I find it easier to manage this way. I usually create different logical volumes/partitions for:
- /boot: this one is usually 128MB, for kernel; you skip it if you want
- /: make this one about 10-20GB, for system
- /tmp: can be anywhere from 2GB to 10GB, set nosuid and noexec for it
- /var: this is where there are web files and databases, so I usually use the rest of the space for it; also set usrquota and grpquota for this
If you are using UEFI:You will need 1 vfat32 partition for EFIBoot and 1 ext4 partition for /boot, outside the software RAID. After playing around with all kinds of setups, this was the only working solution I have found. The bad thing with this setup is that in case of disk failure you will have to recover either EFI partition or/and the /boot partition. Sorry, it sucks, but I didn’t find a better way to do it.
Here is how to setup LVM
You can use LVM over RAID1 or simply use LVM. Here are the steps:
- “Configure the Logical Volume Manager” and use /dev/md0 as Physical Volume.
- Create a Volume Group and named it “VolGroup00″ (or whatever you want)
- Create as many Logical Volumes as you need, set the right size for them (you can resize later). I usually name them LogVolRoot (for /) or LogVolTmp (for /tmp)
- When you are done click “Finish”
You now have successfully setup LVM over RAID1. Just one more step and you are done partitioning. For each of the LVMs you have created, click on them and set the following:
- Use as: file system of your choice;
I use XFS because of fs freeze and resize on the fly, feel free to use ext4 or whatever you like mostin the end I used ext4 because of quota issues with ISPConfig 3
- Format the partition: yes
- Mount point: put here where you want to mount it (be it /, /boot, /tmp, /var, /srv)
- Mount options: set nosuid and noexec for /tmp and usrquota and grpquota for /var if you have them
Note: About swap partition(s) … there are many approaches to this. You can have 2 swap partitions, one on each drive, set same priority for both and put them outside RAID/LVM. Or you can create a LV for swap. If the harddisks don’t have the same size you can create the swap on the free space left. Recommended swap size is (according to RHEL) 2* RAM if you have less than 2GB, and 2+ RAM if you have over 2GB. I had 2 HDDs, one of 500GB and one of 250GB so I created the swap on the free space left on the big drive. The rest of the space I’ve created a partition, put XFS on it and mounted in /srv for later use (probably some FTP storage, whatever is not important)
Installing software and ISPConfig 3
For the most part I’ve followed this excellent tutorial The Perfect Server – Ubuntu 12.04 LTS (Apache2, BIND, Dovecot, ISPConfig 3), but there are some minor things changed.
First of all I don’t like to disable AppArmor as suggested in the tutorial. From my experience is not that hard to figure out when you screwed up things. Most of the times you will have problems with AppArmor if you change data_dir for MySQL or you made changes to Apache, etc. If you have recently made changes to configuration of MySQL(let’s say you have moved database files from /var/lib to /srv/mysql) and the server is not starting up take a quick look at /var/log/syslog and look up for apparmor entries. If you see something like denied, edit the file /etc/apparmor.d/usr.sbin.mysqld and try to find the entries related to the directories modified. For /var/lib you will find 2 entries similar to these:
/var/lib/mysql/ r, /var/lib/mysql/** rwk,
Either replace /var/lib with /srv/mysql or append 2 new lines, your choice. Restart AppArmor and this should be all. MySQL should start now.
Also in the tutorial at some point you are advised to comment out this line in /etc/mysql/my.cnf:
bind-address = 127.0.0.1
You only need to do this if you plan to access the MySQL server/databases from another server(you have the website files on another server, you need to set replication). But if all you want to do is to run web sites that use “host= localhost” for their database settings don’t comment out that line. Most of the times you should be fine with MySQL listening only on local interface.
apt-get install mysql-client mysql-server mysql_secure_installation
I know there is a lot of debate about using innodb_file_per_table, but after getting a corrupted ibdata1 file and losing all the InnoDB tables I will go with having 1 file per table.
Install Apache2 + PHP-FPM
apt-get install apache2 apache2.2-common apache2-doc apache2-mpm-prefork apache2-utils libexpat1 ssl-cert libapache2-mod-php5 php5 php5-common php5-gd php5-mysql php5-imap phpmyadmin php5-cli php5-cgi libapache2-mod-fcgid apache2-suexec php-pear php-auth php5-mcrypt mcrypt php5-imagick imagemagick libapache2-mod-suphp libruby libapache2-mod-ruby
Also I found I was missing php5-curl package:
apt-get install php5-curl
Enable required mods:
a2enmod suexec rewrite ssl actions include
If you plan to use PHP-FPM and fastcgi mod (available in ISPConfig 3.0.5 or svn release):
apt-get install libapache2-mod-fastcgi php5-fpm a2enmod fastcgi
Install Postfix and Courier
I am only installing Postfix without Amavis and AV/AS capabilities since I am planing to integrate ISPConfig with Zimbra in the future. I find SquirrelMail to be dated and I prefer the modern look and all the features available in the Zimbra Open Source edition. More on the integration of ISPConfig and Zimbra in a future article. Back to work:
apt-get install postfix postfix-mysql postfix-doc openssl getmail4
apt-get install courier-authdaemon courier-authlib-mysql courier-pop courier-pop-ssl courier-imap courier-imap-ssl libsasl2-2 libsasl2-modules libsasl2-modules-sql sasl2-bin libpam-mysql openssl courier-maildrop
apt-get install pure-ftpd-common pure-ftpd-mysql
Install BIND (named, DNS)
apt-get install bind9 dnsutils
Install fail2ban and rkhunter
apt-get install fail2ban rkhunter binutils
Vlogger, Webalizer, Awstats
If you don’t use Awstats you can comment out all the entries in /etc/crond.d/awstats.
apt-get install vlogger webalizer awstats geoip-database libclass-dbi-mysql-perl
apt-get install quota quotatool
Install ISPConfig 3
cd /tmp wget http://www.ispconfig.org/downloads/ISPConfig-3-stable.tar.gz tar xfz ISPConfig-3-stable.tar.gz cd ispconfig3_install/install/ php -q install.php
sed -i -e 's/smtpd_bind_address/smtp_bind_address/' /etc/postfix/master.cf
In case you have missed the note at the top of the article: This is Work in Progress!