Ispconfig – Alternativa ao CPANEL (Ubuntu Linux)

Esta contribuição está participando do sorteio da Mochila Targus Matrix. Envie seu texto e participe você também, você contribui com outros usuários e ainda pode faturar uma mochila novinha em folha para o seu laptop. Saiba mais sobre como participar.

Sobre o Autor:

Rafael Bernardes

O ISPConfig é uma boa alternativa ao Cpanel, pois apresenta ótimo gerenciamento de contas, controle de banda, e é free. Vamos lá…

Faça a instalação do Ubuntu Server, sem o DNS e o LAMP


Instalar o SSH server:

apt-get install ssh openssh-server

Alterar o Shell Padrão:

rm -f /bin/sh
ln -s /bin/bash /bin/sh

Instalar pacotes necessários para mais tarde:

apt-get install binutils cpp fetchmail flex gcc libarchive-zip-perl libc6-dev libcompress-zlib-perl libdb4.3-dev libpcre3 libpopt-dev linux-kernel-headers lynx m4 make ncftp nmap openssl perl perl-modules unzip zip zlib1g-dev autoconf automake1.9 libtool bison autotools-dev g++

Instalando quota:

apt-get install quota
vi /etc/fstab

Alterar conforme quadro abaixo:

# /etc/fstab: static file system information.
#
#

proc /proc proc defaults 0 0
# /dev/sda1
UUID=4e83bdf2-ea2b-416c-85b0-ed2c56a19433 / ext3
defaults,errors=remount-ro,usrquota,grpquota 0 1
# /dev/sda5
UUID=2ded13c4-6693-47ca-b1c8-18ebd32dbce9 none swap sw 0 0
/dev/scd0 /media/cdrom0 udf,iso9660 user,noauto 0 0
/dev/fd0 /media/floppy0 auto rw,user,noauto 0 0Habilitando Quota
touch /quota.user /quota.group
chmod 600 /quota.*
mount -o remount /
quotacheck -avugm
quotaon -avugServidor DNS
apt-get install bind9

Por razões de segurança vamos rodar o bind em chroot:

/etc/init.d/bind9 stop

Edite o arquivo /etc/default/bind9. Modifique a linha: OPTIONS=”-u bind” para que ela leia o var/lib/named -> OPTIONS=”-u bind -t /var/lib/named”:

vi /etc/default/bind9
OPTIONS=”-u bind -t /var/lib/named”
# Set RESOLVCONF=no to not run resolvconf
RESOLVCONF=yes

Criar os diretórios necessários em /var/lib:

mkdir -p /var/lib/named/etc
mkdir /var/lib/named/dev
mkdir -p /var/lib/named/var/cache/bind
mkdir -p /var/lib/named/var/run/bind/run

Mova o diretório config de /etc para /var/lib/named/etc:

mv /etc/bind /var/lib/named/etc

Criando um link simbólico:

ln -s /var/lib/named/etc/bind /etc/bind

Alterando permissões de diretório:

mknod /var/lib/named/dev/null c 1 3
mknod /var/lib/named/dev/random c 1 8
chmod 666 /var/lib/named/dev/null /var/lib/named/dev/random
chown -R bind:bind /var/lib/named/var/*
chown -R bind:bind /var/lib/named/etc/bind

Alterando o syslogd:

vi /etc/default/syslogd

#
# Top configuration file for syslogd
#

#
# Full documentation of possible arguments are found in the manpage
# syslogd(8).
#

#
# For remote UDP logging use SYSLOGD=”-r”
#
SYSLOGD=”-a /var/lib/named/dev/log”

Restartando o syslogd:

/etc/init.d/sysklogd restart

Startando o BIND:

/etc/init.d/bind9 start

MYSQL:

apt-get install mysql-server mysql-client libmysqlclient15-dev

Fazendo o mysql ouvir todas as interfaces:

vi /etc/mysql/my.cnf

Comente esta linha
[…]
#bind-address = 127.0.0.1
[…]

Restartar o mysql:

/etc/init.d/mysql restart

Checando:

netstat -tap
tcp 0 0 *:mysql *:* LISTEN 22565/mysqld

Rodando:

mysqladmin -u root password yourrootsqlpassword
mysqladmin -h server1.example.com -u root password yourrootsqlpassword

Postfix com SMTP-AUTH e TLS
apt-get install postfix libsasl2 sasl2-bin libsasl2-modules libdb3-util procmail

Responda as perguntas
General type of configuration? <– Internet Site Mail name? <– server1.example.com Novamente
dpkg-reconfigure postfix

General type of configuration? <– Internet Site Where should mail for root go <– [blank] Mail name? <– server1.example.com Other destinations to accept mail for? (blank for none) <– server1.example.com, localhost.example.com, localhost.localdomain, localhost Force synchronous updates on mail queue? <– No Local networks? <– 127.0.0.0/8 Use procmail for local delivery? <– Yes Mailbox size limit <– 0 Local address extension character? <– + Internet protocols to use? <– all Depois faça isso:

postconf -e ’smtpd_sasl_local_domain =’
postconf -e ’smtpd_sasl_auth_enable = yes’
postconf -e ’smtpd_sasl_security_options = noanonymous’
postconf -e ‘broken_sasl_auth_clients = yes’
postconf -e ’smtpd_recipient_restrictions =
permit_sasl_authenticated,permit_mynetworks,reject_unauth_destination’
postconf -e ‘inet_interfaces = all’
echo ‘pwcheck_method: saslauthd’ >> /etc/postfix/sasl/smtpd.conf
echo ‘mech_list: plain login’ >> /etc/postfix/sasl/smtpd.conf

Criando os certificados TLS:

mkdir /etc/postfix/ssl
cd /etc/postfix/ssl/
openssl genrsa -des3 -rand /etc/hosts -out smtpd.key 1024

chmod 600 smtpd.key
openssl req -new -key smtpd.key -out smtpd.csr

openssl x509 -req -days 3650 -in smtpd.csr -signkey smtpd.key -out smtpd.crt

openssl rsa -in smtpd.key -out smtpd.key.unencrypted

mv -f smtpd.key.unencrypted smtpd.key
openssl req -new -x509 -extensions v3_ca -keyout cakey.pem -out
cacert.pem -days 3650

Configurando o Postfix para o TLS:

postconf -e ’smtpd_tls_auth_only = no’
postconf -e ’smtp_use_tls = yes’
postconf -e ’smtpd_use_tls = yes’
postconf -e ’smtp_tls_note_starttls_offer = yes’
postconf -e ’smtpd_tls_key_file = /etc/postfix/ssl/smtpd.key’
postconf -e ’smtpd_tls_cert_file = /etc/postfix/ssl/smtpd.crt’
postconf -e ’smtpd_tls_CAfile = /etc/postfix/ssl/cacert.pem’
postconf -e ’smtpd_tls_loglevel = 1?
postconf -e ’smtpd_tls_received_header = yes’
postconf -e ’smtpd_tls_session_cache_timeout = 3600s’
postconf -e ‘tls_random_source = dev:/dev/urandom’
postconf -e ‘myhostname = server1.example.com’

O arquivo /etc/postfix/main.cf tem que estar assim:

# See /usr/share/postfix/main.cf.dist for a commented, more complete version

# Debian specific: Specifying a file name will cause the first
# line of that file to be used as the name. The Debian default
# is /etc/mailname.
#myorigin = /etc/mailname

smtpd_banner = $myhostname ESMTP $mail_name (Ubuntu)
biff = no

# appending .domain is the MUA’s job.
append_dot_mydomain = no

# Uncomment the next line to generate “delayed mail” warnings
#delay_warning_time = 4h

# TLS parameters
smtpd_tls_cert_file = /etc/postfix/ssl/smtpd.crt
smtpd_tls_key_file = /etc/postfix/ssl/smtpd.key
smtpd_use_tls = yes
smtpd_tls_session_cache_database = btree:${queue_directory}/smtpd_scache
smtp_tls_session_cache_database = btree:${queue_directory}/smtp_scache

# See /usr/share/doc/postfix/TLS_README.gz in the postfix-doc package for
# information on enabling SSL in the smtp client.

myhostname = server1.example.com
alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases
myorigin = /etc/mailname
mydestination = server1.example.com, localhost.example.com,
localhost.localdomain, localhost
relayhost =
mynetworks = 127.0.0.0/8
mailbox_command = procmail -a “$EXTENSION”
mailbox_size_limit = 0
recipient_delimiter = +
inet_interfaces = all
inet_protocols = all
smtpd_sasl_local_domain =
smtpd_sasl_auth_enable = yes
smtpd_sasl_security_options = noanonymous
broken_sasl_auth_clients = yes
smtpd_recipient_restrictions =
permit_sasl_authenticated,permit_mynetworks,reject_unauth_destination
smtpd_tls_auth_only = no
smtp_use_tls = yes
smtp_tls_note_starttls_offer = yes
smtpd_tls_CAfile = /etc/postfix/ssl/cacert.pem
smtpd_tls_loglevel = 1
smtpd_tls_received_header = yes
smtpd_tls_session_cache_timeout = 3600s
tls_random_source = dev:/dev/urandom

Restartar postfix:

/etc/init.d/postfix restart

Algumas alterações para o postfix funcionar com o saslauthd:

mkdir -p /var/spool/postfix/var/run/saslauthd

Editar o /etc/default/saslauthd.Alterar a linha OPTIONS=”-c” para OPTIONS=”-c -m /var/spool/postfix/var/run/saslauthd -r”

vi /etc/default/saslauthd

#
# Settings for saslauthd daemon
#

# Should saslauthd run automatically on startup? (default: no)
START=yes

# Which authentication mechanisms should saslauthd use? (default: pam)
#
# Available options in this Debian package:
# getpwent — use the getpwent() library function
# kerberos5 — use Kerberos 5
# pam — use PAM
# rimap — use a remote IMAP server
# shadow — use the local shadow password file
# sasldb — use the local sasldb database file
# ldap — use LDAP (configuration is in /etc/saslauthd.conf)
#
# Only one option may be used at a time. See the saslauthd man page
# for more information.
#
# Example: MECHANISMS=”pam”
MECHANISMS=”pam”

# Additional options for this mechanism. (default: none)
# See the saslauthd man page for information about mech-specific options.
MECH_OPTIONS=””

# How many saslauthd processes should we run? (default: 5)
# A value of 0 will fork a new process for each connection.
THREADS=5

# Other options (default: -c)
# See the saslauthd man page for information about these options.
#
# Example for postfix users: “-c -m /var/spool/postfix/var/run/saslauthd”
# Note: See /usr/share/doc/sasl2-bin/README.Debian
OPTIONS=”-c -m /var/spool/postfix/var/run/saslauthd -r”

Startando o saslauthd:

/etc/init.d/saslauthd start

Courier-IMAP/Courier-POP3:

apt-get install courier-authdaemon courier-base courier-imap courier-imap-ssl courier-pop courier-pop-ssl courier-ssl gamin libgamin0 libglib2.0-0

Responda as perguntas:

Create directories for web-based administration ? <– No SSL certificate required <– Ok Apache:

apt-get install apache2 apache2-doc apache2-mpm-prefork apache2-utils libexpat1 ssl-cert

PHP5:

apt-get install libapache2-mod-php5 php5 php5-common php5-curl php5-dev php5-gd php5-idn php-pear php5-imagick php5-imap php5-json php5-mcrypt php5-memcache php5-mhash php5-ming php5-mysql php5-ps php5-pspell php5-recode php5-snmp php5-sqlite php5-tidy php5-xmlrpc php5-xsl

Responda a pergunta:

Continue installing libc-client without Maildir support? <– Yes vi /etc/apache2/mods-available/dir.conf Altere o DirectoryIndex:

#DirectoryIndex index.html index.cgi index.pl index.php index.xhtml
DirectoryIndex index.html index.htm index.shtml index.cgi index.php
index.php3 index.pl index.xhtml

Adicione a porta 443 no arquivo ports.conf:

vi /etc/apache2/ports.conf

Listen 80
Listen 443

Habilitando alguns módulos no apache:

a2enmod ssl
a2enmod rewrite
a2enmod suexec
a2enmod include

Restartando o apache:

/etc/init.d/apache2 force-reload

Instalar o ProFTPD:

apt-get install proftpd ucf

Responda a pergunta:

Run proftpd from inetd or standalone? <– standalone Setar o ipv6 off no proftpd.conf:

vi /etc/proftpd/proftpd.conf

[…]
UseIPv6 off
[…]

Adicione tambem essas linhas por razões de segurança:
[…]
DefaultRoot ~
IdentLookups off
ServerIdent on “FTP Server ready.”
[…]

Criar um link simbólico para o funcionamente do proftpd no ispconfig:

ln -s /etc/proftpd/proftpd.conf /etc/proftpd.conf

Restartando o ProFTPD:

/etc/init.d/proftpd restart

Instalando o Webalizer:

apt-get install webalizer

Sincronizando o sistema de hora:

apt-get install ntp ntpdate

Instalando alguns módulos PERL:

apt-get install libhtml-parser-perl libdb-file-lock-perl libnet-dns-perl

Seu sistema está pronto para a instalaçao do ISPconfig.Faça o download em http://www.ispconfig.org/downloads.htm e boa sorte!