CentOS 7 安装部署ISPConfig 3.1

ISPConfig是一个web托管控制面板,允许您通过web浏览器配置以下服务:Apache web服务器、Postfix
邮件服务器、MySQL、BIND nameserver、PureFTPd、SpamAssassin、ClamAV、Mailman等等。本次安
装采用CentOS7.3,系统采用最小化安装。
一,安装前准备
1,由于系统是最小化安装的,所以先安装一些必要的工具
yum -y install net-tools wget NetworkManager-tui
2,配置IP地址,可以使用nmtui进行配置,配置一个固定IP,最好不要使用DHCP,确保可以连接互联网
3,调整/etc/hosts 和 /etc/hostname
vi /etc/hosts
192.168.17.10 ispc.kclouder.local ISPConfig3
vi /etc/hostname
ispc.kclouder.local
4,关闭并禁用防火墙
systemctl stop firewalld
systemctl disable firewalld
5,禁用SELinux
编辑 /etc/selinux/config,设置SELINUX=disabled
6,在CentOS系统上启用EPEL存储库,因为安装的许多包在官方的CentOS 7存储库中不可用
yum -y install epel-release
yum -y install yum-priorities
7,然后更新系统上的现有包
yum -y update
8,安装开发工具
yum -y groupinstall 'Development Tools'
9,修改完成后,reboot重启系统
二,安装 Apache, MySQL, phpMyAdmin
1,执行以下命令
yum -y install ntp httpd mod_ssl mariadb-server php php-mysql php- mbstring phpmyadmin
2,在httpd配置文件末尾添加apache标头规则,重启httpd服务
echo "RequestHeader unset Proxy early" >> /etc/httpd/conf/httpd.conf
systemctl restart httpd
三,安装 Dovecot,Postfix,Getmail
1,安装Dovecot yum -y install dovecot dovecot-mysql dovecot-pigeonhole 2,创建一个空的dovecot-sql.conf文件和创建符号链接 touch /etc/dovecot/dovecot-sql.conf ln -s /etc/dovecot/dovecot-sql.conf /etc/dovecot-sql.conf ln -s /etc/dovecot/dovecot.conf /etc/dovecot.conf
3,创建系统启动链接并启动Dovecot
systemctl enable dovecot systemctl start dovecot
4,安装Postfix
yum -y install postfix
5,关闭Sendmail,启动Postfix和MariaDB (MySQL)
systemctl enable mariadb.service systemctl start mariadb.service
systemctl stop sendmail.service systemctl disable sendmail.service systemctl enable postfix.service systemctl restart postfix.service
6,安装Getmail
yum -y install getmail
四,设置MySQL密码并配置phpMyAdmin
1,设置MySQLroot帐户密码
mysql_secure_installation
Set root password? [Y/n] <-- ENTER New password: <-- yourrootsqlpassword Re-enter new password: <-- yourrootsqlpassword Password updated successfully! Reloading privilege tables.. … Success!
Remove anonymous users? [Y/n] <-- ENTER
Disallow root login remotely? [Y/n] <-- ENTER
Remove test database and access to it? [Y/n] <-- ENTER
Reload privilege tables now? [Y/n] <-- ENTER
2,配置phpMyAdmin
vi /etc/httpd/conf.d/phpMyAdmin.conf
修改如下行,注示掉Require ip,并添加一行
#Require ip 127.0.0.1
#Require ip ::1
Require all granted
3,将phpMyAdmin中的身份验证从cookie更改为http
vi /etc/phpMyAdmin/config.inc.php
$cfg['Servers'][$i]['auth_type'] = 'http';
4,创建系统启动链接并启动httpd服务
systemctl enable httpd.service systemctl restart httpd.service
五,安装 Amavisd-new,SpamAssassin,ClamAV,and Postgrey
1,执行以下命令进行安装
yum -y install amavisd-new spamassassin clamav-server clamav-data clamav-update clamav-filesystem clamav clamav-scanner-systemd clamav-devel clamav-lib clamav-server-systemd unzip bzip2 perl-DBD-mysql postgrey re2c
2,编辑freshclam配置文件/etc/freshclam.conf
vi /etc/freshclam.conf,并注释掉Example
3,要使用freshclam自动更新ClamAV签名,编辑文件/etc/sysconfig/freshclam
vi /etc/sysconfig/freshclam,并注释掉“FRESHCLAM_DELAY=”行
4,启动freshclam, amavisd, and clamd.amavisd
sa-update freshclam systemctl enable amavisd.service systemctl start amavisd.service systemctl start clamd@amavisd.service systemctl enable postgrey.service systemctl start postgrey.service
六,安装 Apache with mod_php, mod_fcgi/PHP5, PHP-FPM
1,执行以下命令进行安装
yum -y install php php-devel php-gd php-imap php-ldap php-mysql php-odbc php-pear php-xml php-xmlrpc php-pecl-apc php-mbstring php-mcrypt php-mssql php-snmp php-soap php-tidy curl curl-devel perl-libwww-perl ImageMagick libxml2 libxml2-devel mod_fcgid php-cli httpd-devel php-fpm
2,编辑/etc/php.ini
vi /etc/php.ini,更改错误报告(以便不再显示通知),设置时区并取消注释cgi.fix_pathinfo=1:
;error_reporting = E_ALL & ~E_DEPRECATED error_reporting = E_ALL & ~E_NOTICE & ~E_DEPRECATED & ~E_STRICT
cgi.fix_pathinfo=1
date.timezone = 'Asia/Shanghai'
3,允许httpd和PHP-FPM在引导时启动并启动PHP-FPM服务
systemctl start php-fpm.service systemctl enable php-fpm.service systemctl enable httpd.service
systemctl restart httpd.service
七,安装mod_python
1,Apache的mod_python模块不能通过RPM包安装,需要通过源代码编译安装。首先安装python开发文件并下载mod_python文件
yum -y install python-devel
cd /usr/local/src/ wget http://dist.modpython.org/dist/mod_python-3.5.0.tgz tar xfz mod_python-3.5.0.tgz cd mod_python-3.5.0
2,配置和编译模块,安装模块
./configure make
make install
3,在Apache中启用该模块
echo 'LoadModule python_module modules/mod_python.so' > /etc/httpd/conf.modules.d/10-python.conf systemctl restart httpd.service
五,安装 PureFTPd
1,执行以下命令进行安装
yum -y install pure-ftpd
2,创建系统启动链接并启动pure-ftpd服务
systemctl enable pure-ftpd.service systemctl start pure-ftpd.service
3,安装openssl
yum install openssl
4,编辑pure-ftpd.conf配置文件
vi /etc/pure-ftpd/pure-ftpd.conf
# This option can accept three values : # 0 : disable SSL/TLS encryption layer (default). # 1 : accept both traditional and encrypted sessions. # 2 : refuse connections that don't use SSL/TLS security mechanisms, # including anonymous sessions. # Do not uncomment this blindly. Be sure that : # 1) Your server has been compiled with SSL/TLS support (--with-tls), # 2) A valid certificate is in place, # 3) Only compatible clients will log in. TLS 1
5,创建一个SSL证书
mkdir -p /etc/ssl/private/
openssl req -x509 -nodes -days 7300 -newkey rsa:2048 -keyout /etc/ssl/private/pure-ftpd.pem -out /etc/ssl/private/pure-ftpd.pem
chmod 600 /etc/ssl/private/pure-ftpd.pem
6,重启pure-ftpd服务
systemctl restart pure-ftpd.service
六,安装BIND
1,执行以下命令进行安装
yum -y install bind bind-utils haveged
2,备份现有的/etc/named.conf文件,并创建一个新文件
cp /etc/named.conf /etc/named.conf_bak cat /dev/null > /etc/named.conf vi /etc/named.conf
3,配置内容如下
// // named.conf // // Provided by Red Hat bind package to configure the ISC BIND named(8) DNS // server as a caching only nameserver (as a localhost DNS resolver only). // // See /usr/share/doc/bind*/sample/ for example named configuration files. // options { listen-on port 53 { any; }; listen-on-v6 port 53 { any; }; directory "/var/named"; dump-file "/var/named/data/cache_dump.db"; statistics-file "/var/named/data/named_stats.txt"; memstatistics-file "/var/named/data/named_mem_stats.txt"; allow-query { any; }; allow-recursion {"none";}; recursion no; }; logging { channel default_debug { file "data/named.run"; severity dynamic; }; }; zone "." IN { type hint; file "named.ca"; }; include "/etc/named.conf.local";
4,创建文件/etc/ names.conf。
touch /etc/named.conf.local
5,创建启动链接并启动bind服务
systemctl enable named.service systemctl start named.service systemctl enable haveged.service systemctl start haveged.service
七,安装 Webalizer,AWStats,Jailkit
1,执行以下命令进行安装
yum -y install webalizer awstats perl-DateTime-Format-HTTP perl-DateTime-Format-Builder
2,编辑/etc/httpd/conf.d/awstats.conf
vi /etc/httpd/conf.d/awstats.conf
将 Require local 修改为 Require all granted
3,重启Apache
systemctl restart httpd.service
4,安装Jailkit,用于chroot SSH用户和cronjobs
cd /tmp wget http://olivier.sessink.nl/jailkit/jailkit-2.19.tar.gz tar xvfz jailkit-2.19.tar.gz cd jailkit-2.19 ./configure make && make install cd ..
rm -rf jailkit-2.19*
八,安装 Fail2Ban,rkhunter
1,执行以下命令进行安装
yum -y install iptables-services fail2ban fail2ban-systemd 2,创建/etc/fail2ban/jail.local文件,启用对ssh、mail和ftp服务的monitor
vi /etc/fail2ban/jail.local
[sshd] enabled = true action = iptables[name=sshd, port=ssh, protocol=tcp]
[pure-ftpd] enabled = true action = iptables[name=FTP, port=ftp, protocol=tcp] maxretry = 3
[dovecot] enabled = true action = iptables-multiport[name=dovecot, port="pop3,pop3s,imap,imaps", protocol=tcp] maxretry = 5
[postfix-sasl] enabled = true action = iptables-multiport[name=postfix-sasl, port="smtp,smtps,submission", protocol=tcp] maxretry = 3
3,创建启动链接并启动fail2ban服务
systemctl enable fail2ban.service systemctl start fail2ban.service
4,安装 rkhunter
yum -y install rkhunter
九,安装Mailman
1,执行以下命令进行安装
yum -y install mailman
2,在开始使用Mailman之前,必须先创建一个名为Mailman的邮件列表
touch /var/lib/mailman/data/aliases postmap /var/lib/mailman/data/aliases /usr/lib/mailman/bin/newlist mailman ln -s /usr/lib/mailman/mail/mailman /usr/bin/mailman
3,/usr/lib/mailman/bin/newlist mailman 配置如下:
Enter the email of the person running the list: <-- admin email address, e.g. listadmin@example.com Initial mailman password: <-- admin password for the mailman list To finish creating your mailing list, you must edit your /etc/aliases (or equivalent) file by adding the following lines, and possibly running the `newaliases' program: ## mailman mailing list mailman: "|/usr/lib/mailman/mail/mailman post mailman" mailman-admin: "|/usr/lib/mailman/mail/mailman admin mailman" mailman-bounces: "|/usr/lib/mailman/mail/mailman bounces mailman" mailman-confirm: "|/usr/lib/mailman/mail/mailman confirm mailman" mailman-join: "|/usr/lib/mailman/mail/mailman join mailman" mailman-leave: "|/usr/lib/mailman/mail/mailman leave mailman" mailman-owner: "|/usr/lib/mailman/mail/mailman owner mailman" mailman-request: "|/usr/lib/mailman/mail/mailman request mailman" mailman-subscribe: "|/usr/lib/mailman/mail/mailman subscribe mailman" mailman-unsubscribe: "|/usr/lib/mailman/mail/mailman unsubscribe mailman"
Hit enter to notify mailman owner… <-- ENTER
4,编辑/etc/aliases
vi /etc/aliases,添加如下行
mailman: "|/usr/lib/mailman/mail/mailman post mailman" mailman-admin: "|/usr/lib/mailman/mail/mailman admin mailman" mailman-bounces: "|/usr/lib/mailman/mail/mailman bounces mailman" mailman-confirm: "|/usr/lib/mailman/mail/mailman confirm mailman" mailman-join: "|/usr/lib/mailman/mail/mailman join mailman" mailman-leave: "|/usr/lib/mailman/mail/mailman leave mailman" mailman-owner: "|/usr/lib/mailman/mail/mailman owner mailman" mailman-request: "|/usr/lib/mailman/mail/mailman request mailman" mailman-subscribe: "|/usr/lib/mailman/mail/mailman subscribe mailman" mailman-unsubscribe: "|/usr/lib/mailman/mail/mailman unsubscribe mailman"
5,执行以下操作
newaliases
systemctl restart postfix.service
6,编辑/etc/httpd/conf.d/mailman.conf
vi /etc/httpd/conf.d/mailman.conf
编辑内容如下:
# httpd configuration settings for use with mailman. # ScriptAlias /mailman/ /usr/lib/mailman/cgi-bin/ ScriptAlias /cgi-bin/mailman/ /usr/lib/mailman/cgi-bin/
AllowOverride None Options ExecCGI Order allow,deny Allow from all
Alias /pipermail/ /var/lib/mailman/archives/public/ Alias /pipermail /var/lib/mailman/archives/public/ Options Indexes MultiViews FollowSymLinks AllowOverride None Order allow,deny Allow from all AddDefaultCharset Off Uncomment the following line, to redirect queries to /mailman to the listinfo page (recommended). RedirectMatch ^/mailman[/]*$ /mailman/listinfo
7,重启Apache,创建启动链接并启动Mailman
systemctl restart httpd.service
systemctl enable mailman.service systemctl start mailman.service
十,安装 Roundcube webmail
1,执行以下命令进行安装
yum -y install roundcubemail
2,编辑配置文件如下图:
vi /etc/httpd/conf.d/roundcubemail.conf
3,重启Apache
systemctl restart httpd.service
4,创建RoundCube数据库
mysql -u root -p
CREATE DATABASE roundcubedb; CREATE USER roundcubeuser@localhost IDENTIFIED BY 'roundcubepassword'; GRANT ALL PRIVILEGES on roundcubedb.* to roundcubeuser@localhost ; FLUSH PRIVILEGES; exit
5,配置RoundCube Webmail
通过浏览器登录 http://192.168.17.10/roundcubemail/installer,输入上一步创建的数据库名
称,账号密码
6,编辑配置文件如下,将网页里生成的文件拷贝到如下配置文件中
vi /etc/roundcubemail/config.inc.php
<?php
/* Local configuration for Roundcube Webmail */
// ---------------------------------- // SQL DATABASE // ---------------------------------- // Database connection string (DSN) for read+write operations // Format (compatible with PEAR MDB2): db_provider://user:password@host/database // Currently supported db_providers: mysql, pgsql, sqlite, mssql or sqlsrv // For examples see http://pear.php.net/manual/en/package.database.mdb2.intro-dsn.php // NOTE: for SQLite use absolute path: 'sqlite:////full/path/to/sqlite.db?mode=0646' $config['db_dsnw'] = 'mysql://roundcubeuser:roundcubepassword@localhost/roundcubedb';
// ---------------------------------- // IMAP // ---------------------------------- // The mail host chosen to perform the log-in. // Leave blank to show a textbox at login, give a list of hosts // to display a pulldown menu or set one host as string. // To use SSL/TLS connection, enter hostname with prefix ssl:// or tls:// // Supported replacement variables: // %n - hostname ($_SERVER['SERVER_NAME']) // %t - hostname without the first part // %d - domain (http hostname $_SERVER['HTTP_HOST'] without the first part) // %s - domain name after the '@' from e-mail address provided at login screen // For example %n = mail.domain.tld, %t = domain.tld // WARNING: After hostname change update of mail_host column in users table is // required to match old user data records with the new host. $config['default_host'] = 'localhost';
// provide an URL where a user can get support for this Roundcube installation // PLEASE DO NOT LINK TO THE ROUNDCUBE.NET WEBSITE HERE! $config['support_url'] = '';
// this key is used to encrypt the users imap password which is stored // in the session record (and the client cookie if remember password is enabled). // please provide a string of exactly 24 chars. $config['des_key'] = 'FHgaM7ihtMkM1cBwckOcxPdT';
// ---------------------------------- // PLUGINS // ---------------------------------- // List of active plugins (in plugins/ directory) $config['plugins'] = array();
// Set the spell checking engine. Possible values: // - 'googie' - the default // - 'pspell' - requires the PHP Pspell module and aspell installed // - 'enchant' - requires the PHP Enchant module // - 'atd' - install your own After the Deadline server or check with the people at http://www.afterthedeadline.com before using their API // Since Google shut down their public spell checking service, you need to // connect to a Nox Spell Server when using 'googie' here. Therefore specify the 'spellcheck_uri' $config['spellcheck_engine'] = 'pspell';
7,然后在web安装程序中按下“继续”按钮。在下面的页面中,按下“初始化数据库”按钮。
最后,禁用Roundecubemail安装程序。更改apache roundcubemail.conf配置文件
vi /etc/httpd/conf.d/roundcubemail.conf
8,重启Apache
systemctl restart httpd.service
9,确认RoundCube Mail可以正常登录
在浏览器登录 http://192.168.17.10/roundcubemail/
10,输入邮箱账号,验证可以正常登录
11,验证邮箱可以正常发送邮件
测试向一个163邮箱账号发送一封邮件,确认邮件可以正常接收到
十一,安装 ISPConfig 3.1
1,执行以下操作进行安装
cd /tmp wget -O ispconfig.tar.gz https://git.ispconfig.org/ispconfig/ispconfig3/repository/archive.tar.gz?ref=stable-3.1 tar xfz ispconfig.tar.gz cd ispconfig3*/install/
php -q install.php
Initial configuration 
Operating System: CentOS 7.3
Following will be a few questions for primary configuration so be careful.
Default values are in [brackets] and can be accepted with .
Tap in "quit" (without the quotes) to stop the installer.

Select language (en,de) [en]: <-- Hit Enter Installation mode (standard,expert) [standard]: <-- Hit Enter Full qualified hostname (FQDN) of the server, eg server1.domain.tld [server1.canomi.com]: <-- Hit Enter MySQL server hostname [localhost]: <-- Hit Enter MySQL server port [3306]: <-- Hit Enter MySQL root username [root]: <-- Hit Enter MySQL root password []: <-- Enter your MySQL root password MySQL database to create [dbispconfig]: <-- Hit Enter MySQL charset [utf8]: <-- Hit Enter

Configuring Postgrey Configuring Postfix Generating a 4096 bit RSA private key ……………………………………………………………..++ ……………………………………………………………………………………………………………………….++ writing new private key to 'smtpd.key' You are about to be asked to enter information that will be incorporated into your certificate request. What you are about to enter is what is called a Distinguished Name or a DN. There are quite a few fields but you can leave some blank For some fields there will be a default value, If you enter '.', the field will be left blank. Country Name (2 letter code) [AU]: <-- Enter 2 letter country code State or Province Name (full name) [Some-State]: <-- Enter the name of the state Locality Name (eg, city) []: <-- Enter your city Organization Name (eg, company) [Internet Widgits Pty Ltd]: <-- Enter company name or press enter Organizational Unit Name (eg, section) []: <-- Hit Enter Common Name (e.g. server FQDN or YOUR name) []: <-- Enter the server hostname Email Address []: <-- Hit Enter Configuring Mailman Configuring Dovecot Configuring Spamassassin Configuring Amavisd Configuring Getmail Configuring BIND Configuring Jailkit Configuring Pureftpd Configuring Apache Configuring vlogger Configuring Bastille Firewall

Configuring Fail2ban [INFO] service OpenVZ not detected Configuring Apps vhost Installing ISPConfig ISPConfig Port [8080]: Admin password [admin]: Do you want a secure (SSL) connection to the ISPConfig web interface (y,n) [y]: <-- Hit Enter Generating RSA private key, 4096 bit long modulus …………………..++ ………………………………………………………………………………………………………………..++ e is 65537 (0x10001) You are about to be asked to enter information that will be incorporated into your certificate request. What you are about to enter is what is called a Distinguished Name or a DN. There are quite a few fields but you can leave some blank For some fields there will be a default value, If you enter '.', the field will be left blank. Country Name (2 letter code) [AU]: <-- Enter 2 letter country code State or Province Name (full name) [Some-State]: <-- Enter the name of the state Locality Name (eg, city) []: <-- Enter your city Organization Name (eg, company) [Internet Widgits Pty Ltd]: <-- Enter company name or press enter Organizational Unit Name (eg, section) []: <-- Hit Enter Common Name (e.g. server FQDN or YOUR name) []: <-- Enter the server hostname Email Address []: <-- Hit Enter

Please enter the following 'extra' attributes to be sent with your certificate request A challenge password []: <-- Hit Enter An optional company name []: <-- Hit Enter writing RSA key Configuring DBServer Installing ISPConfig crontab no crontab for root no crontab for getmail Detect IP addresses Restarting services … Installation completed.
2,登录 ISPConfig
在浏览器通过http(s)://server1.example.com:8080/ or http(s)://ipaddress:8080/
登录ISPConfig web页面
https://192.168.17.10:8080/login/
ISPConfig主界面,首次登录后,请修改admin账号的默认密码
到这里ISPConfig的安装配置是全部完成了。后期我们再来介绍ISPConfig的具体使用

发表评论