Esta contribuição está participando do sorteio da Mochila Targus Matrix. Envie seu texto e participe você também, você contribui com outros usuários e ainda pode faturar uma mochila novinha em folha para o seu laptop. Saiba mais sobre como participar.
Sobre o Autor:
Rafael Bernardes
O ISPConfig é uma boa alternativa ao Cpanel, pois apresenta ótimo gerenciamento de contas, controle de banda, e é free. Vamos lá…
Faça a instalação do Ubuntu Server, sem o DNS e o LAMP
Instalar o SSH server:
apt-get install ssh openssh-server
Alterar o Shell Padrão:
rm -f /bin/sh
ln -s /bin/bash /bin/sh
Instalar pacotes necessários para mais tarde:
apt-get install binutils cpp fetchmail flex gcc libarchive-zip-perl libc6-dev libcompress-zlib-perl libdb4.3-dev libpcre3 libpopt-dev linux-kernel-headers lynx m4 make ncftp nmap openssl perl perl-modules unzip zip zlib1g-dev autoconf automake1.9 libtool bison autotools-dev g++
Instalando quota:
apt-get install quota
vi /etc/fstab
Alterar conforme quadro abaixo:
# /etc/fstab: static file system information.
#
#
proc /proc proc defaults 0 0
# /dev/sda1
UUID=4e83bdf2-ea2b-416c-85b0-ed2c56a19433 / ext3
defaults,errors=remount-ro,usrquota,grpquota 0 1
# /dev/sda5
UUID=2ded13c4-6693-47ca-b1c8-18ebd32dbce9 none swap sw 0 0
/dev/scd0 /media/cdrom0 udf,iso9660 user,noauto 0 0
/dev/fd0 /media/floppy0 auto rw,user,noauto 0 0Habilitando Quota
touch /quota.user /quota.group
chmod 600 /quota.*
mount -o remount /
quotacheck -avugm
quotaon -avugServidor DNS
apt-get install bind9
Por razões de segurança vamos rodar o bind em chroot:
/etc/init.d/bind9 stop
Edite o arquivo /etc/default/bind9. Modifique a linha: OPTIONS=”-u bind” para que ela leia o var/lib/named -> OPTIONS=”-u bind -t /var/lib/named”:
vi /etc/default/bind9
OPTIONS=”-u bind -t /var/lib/named”
# Set RESOLVCONF=no to not run resolvconf
RESOLVCONF=yes
Criar os diretórios necessários em /var/lib:
mkdir -p /var/lib/named/etc
mkdir /var/lib/named/dev
mkdir -p /var/lib/named/var/cache/bind
mkdir -p /var/lib/named/var/run/bind/run
Mova o diretório config de /etc para /var/lib/named/etc:
mv /etc/bind /var/lib/named/etc
Criando um link simbólico:
ln -s /var/lib/named/etc/bind /etc/bind
Alterando permissões de diretório:
mknod /var/lib/named/dev/null c 1 3
mknod /var/lib/named/dev/random c 1 8
chmod 666 /var/lib/named/dev/null /var/lib/named/dev/random
chown -R bind:bind /var/lib/named/var/*
chown -R bind:bind /var/lib/named/etc/bind
Alterando o syslogd:
vi /etc/default/syslogd
#
# Top configuration file for syslogd
#
#
# Full documentation of possible arguments are found in the manpage
# syslogd(8).
#
#
# For remote UDP logging use SYSLOGD=”-r”
#
SYSLOGD=”-a /var/lib/named/dev/log”
Restartando o syslogd:
/etc/init.d/sysklogd restart
Startando o BIND:
/etc/init.d/bind9 start
MYSQL:
apt-get install mysql-server mysql-client libmysqlclient15-dev
Fazendo o mysql ouvir todas as interfaces:
vi /etc/mysql/my.cnf
Comente esta linha
[…]
#bind-address = 127.0.0.1
[…]
Restartar o mysql:
/etc/init.d/mysql restart
Checando:
netstat -tap
tcp 0 0 *:mysql *:* LISTEN 22565/mysqld
Rodando:
mysqladmin -u root password yourrootsqlpassword
mysqladmin -h server1.example.com -u root password yourrootsqlpassword
Postfix com SMTP-AUTH e TLS
apt-get install postfix libsasl2 sasl2-bin libsasl2-modules libdb3-util procmail
Responda as perguntas
General type of configuration? <– Internet Site
Mail name? <– server1.example.com
Novamente
dpkg-reconfigure postfix
General type of configuration? <– Internet Site Where should mail for root go <– [blank] Mail name? <– server1.example.com Other destinations to accept mail for? (blank for none) <– server1.example.com, localhost.example.com, localhost.localdomain, localhost Force synchronous updates on mail queue? <– No Local networks? <– 127.0.0.0/8 Use procmail for local delivery? <– Yes Mailbox size limit <– 0 Local address extension character? <– + Internet protocols to use? <– all Depois faça isso:
postconf -e ’smtpd_sasl_local_domain =’
postconf -e ’smtpd_sasl_auth_enable = yes’
postconf -e ’smtpd_sasl_security_options = noanonymous’
postconf -e ‘broken_sasl_auth_clients = yes’
postconf -e ’smtpd_recipient_restrictions =
permit_sasl_authenticated,permit_mynetworks,reject_unauth_destination’
postconf -e ‘inet_interfaces = all’
echo ‘pwcheck_method: saslauthd’ >> /etc/postfix/sasl/smtpd.conf
echo ‘mech_list: plain login’ >> /etc/postfix/sasl/smtpd.conf
Criando os certificados TLS:
mkdir /etc/postfix/ssl
cd /etc/postfix/ssl/
openssl genrsa -des3 -rand /etc/hosts -out smtpd.key 1024
chmod 600 smtpd.key
openssl req -new -key smtpd.key -out smtpd.csr
openssl x509 -req -days 3650 -in smtpd.csr -signkey smtpd.key -out smtpd.crt
openssl rsa -in smtpd.key -out smtpd.key.unencrypted
mv -f smtpd.key.unencrypted smtpd.key
openssl req -new -x509 -extensions v3_ca -keyout cakey.pem -out
cacert.pem -days 3650
Configurando o Postfix para o TLS:
postconf -e ’smtpd_tls_auth_only = no’
postconf -e ’smtp_use_tls = yes’
postconf -e ’smtpd_use_tls = yes’
postconf -e ’smtp_tls_note_starttls_offer = yes’
postconf -e ’smtpd_tls_key_file = /etc/postfix/ssl/smtpd.key’
postconf -e ’smtpd_tls_cert_file = /etc/postfix/ssl/smtpd.crt’
postconf -e ’smtpd_tls_CAfile = /etc/postfix/ssl/cacert.pem’
postconf -e ’smtpd_tls_loglevel = 1?
postconf -e ’smtpd_tls_received_header = yes’
postconf -e ’smtpd_tls_session_cache_timeout = 3600s’
postconf -e ‘tls_random_source = dev:/dev/urandom’
postconf -e ‘myhostname = server1.example.com’
O arquivo /etc/postfix/main.cf tem que estar assim:
# See /usr/share/postfix/main.cf.dist for a commented, more complete version
# Debian specific: Specifying a file name will cause the first
# line of that file to be used as the name. The Debian default
# is /etc/mailname.
#myorigin = /etc/mailname
smtpd_banner = $myhostname ESMTP $mail_name (Ubuntu)
biff = no
# appending .domain is the MUA’s job.
append_dot_mydomain = no
# Uncomment the next line to generate “delayed mail” warnings
#delay_warning_time = 4h
# TLS parameters
smtpd_tls_cert_file = /etc/postfix/ssl/smtpd.crt
smtpd_tls_key_file = /etc/postfix/ssl/smtpd.key
smtpd_use_tls = yes
smtpd_tls_session_cache_database = btree:${queue_directory}/smtpd_scache
smtp_tls_session_cache_database = btree:${queue_directory}/smtp_scache
# See /usr/share/doc/postfix/TLS_README.gz in the postfix-doc package for
# information on enabling SSL in the smtp client.
myhostname = server1.example.com
alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases
myorigin = /etc/mailname
mydestination = server1.example.com, localhost.example.com,
localhost.localdomain, localhost
relayhost =
mynetworks = 127.0.0.0/8
mailbox_command = procmail -a “$EXTENSION”
mailbox_size_limit = 0
recipient_delimiter = +
inet_interfaces = all
inet_protocols = all
smtpd_sasl_local_domain =
smtpd_sasl_auth_enable = yes
smtpd_sasl_security_options = noanonymous
broken_sasl_auth_clients = yes
smtpd_recipient_restrictions =
permit_sasl_authenticated,permit_mynetworks,reject_unauth_destination
smtpd_tls_auth_only = no
smtp_use_tls = yes
smtp_tls_note_starttls_offer = yes
smtpd_tls_CAfile = /etc/postfix/ssl/cacert.pem
smtpd_tls_loglevel = 1
smtpd_tls_received_header = yes
smtpd_tls_session_cache_timeout = 3600s
tls_random_source = dev:/dev/urandom
Restartar postfix:
/etc/init.d/postfix restart
Algumas alterações para o postfix funcionar com o saslauthd:
mkdir -p /var/spool/postfix/var/run/saslauthd
Editar o /etc/default/saslauthd.Alterar a linha OPTIONS=”-c” para OPTIONS=”-c -m /var/spool/postfix/var/run/saslauthd -r”
vi /etc/default/saslauthd
#
# Settings for saslauthd daemon
#
# Should saslauthd run automatically on startup? (default: no)
START=yes
# Which authentication mechanisms should saslauthd use? (default: pam)
#
# Available options in this Debian package:
# getpwent — use the getpwent() library function
# kerberos5 — use Kerberos 5
# pam — use PAM
# rimap — use a remote IMAP server
# shadow — use the local shadow password file
# sasldb — use the local sasldb database file
# ldap — use LDAP (configuration is in /etc/saslauthd.conf)
#
# Only one option may be used at a time. See the saslauthd man page
# for more information.
#
# Example: MECHANISMS=”pam”
MECHANISMS=”pam”
# Additional options for this mechanism. (default: none)
# See the saslauthd man page for information about mech-specific options.
MECH_OPTIONS=””
# How many saslauthd processes should we run? (default: 5)
# A value of 0 will fork a new process for each connection.
THREADS=5
# Other options (default: -c)
# See the saslauthd man page for information about these options.
#
# Example for postfix users: “-c -m /var/spool/postfix/var/run/saslauthd”
# Note: See /usr/share/doc/sasl2-bin/README.Debian
OPTIONS=”-c -m /var/spool/postfix/var/run/saslauthd -r”
Startando o saslauthd:
/etc/init.d/saslauthd start
Courier-IMAP/Courier-POP3:
apt-get install courier-authdaemon courier-base courier-imap courier-imap-ssl courier-pop courier-pop-ssl courier-ssl gamin libgamin0 libglib2.0-0
Responda as perguntas:
Create directories for web-based administration ? <– No SSL certificate required <– Ok Apache:
apt-get install apache2 apache2-doc apache2-mpm-prefork apache2-utils libexpat1 ssl-cert
PHP5:
apt-get install libapache2-mod-php5 php5 php5-common php5-curl php5-dev php5-gd php5-idn php-pear php5-imagick php5-imap php5-json php5-mcrypt php5-memcache php5-mhash php5-ming php5-mysql php5-ps php5-pspell php5-recode php5-snmp php5-sqlite php5-tidy php5-xmlrpc php5-xsl
Responda a pergunta:
Continue installing libc-client without Maildir support? <– Yes vi /etc/apache2/mods-available/dir.conf Altere o DirectoryIndex:
#DirectoryIndex index.html index.cgi index.pl index.php index.xhtml
DirectoryIndex index.html index.htm index.shtml index.cgi index.php
index.php3 index.pl index.xhtml
Adicione a porta 443 no arquivo ports.conf:
vi /etc/apache2/ports.conf
Listen 80
Listen 443
Habilitando alguns módulos no apache:
a2enmod ssl
a2enmod rewrite
a2enmod suexec
a2enmod include
Restartando o apache:
/etc/init.d/apache2 force-reload
Instalar o ProFTPD:
apt-get install proftpd ucf
Responda a pergunta:
Run proftpd from inetd or standalone? <– standalone Setar o ipv6 off no proftpd.conf:
vi /etc/proftpd/proftpd.conf
[…]
UseIPv6 off
[…]
Adicione tambem essas linhas por razões de segurança:
[…]
DefaultRoot ~
IdentLookups off
ServerIdent on “FTP Server ready.”
[…]
Criar um link simbólico para o funcionamente do proftpd no ispconfig:
ln -s /etc/proftpd/proftpd.conf /etc/proftpd.conf
Restartando o ProFTPD:
/etc/init.d/proftpd restart
Instalando o Webalizer:
apt-get install webalizer
Sincronizando o sistema de hora:
apt-get install ntp ntpdate
Instalando alguns módulos PERL:
apt-get install libhtml-parser-perl libdb-file-lock-perl libnet-dns-perl
Seu sistema está pronto para a instalaçao do ISPconfig.Faça o download em http://www.ispconfig.org/downloads.htm e boa sorte!
