====== Set-Up ispCP - on multiple servers ======

===== First of all! =====
Special thanks to the the guy who writes the initial HowTo. Can be found here! http://www.isp-control.net/ispcp/wiki/howto_separateemailandwebserver

Please note that this describes the run through for setup ispCP on multi servers. This enviroment isn't **Bold Text**completly testet and in an early alpha phase. 
===== Firstly you need, =====
are seperate servers (Dedicated), or in my case a mix in Virtual-Servers (XEN 3.0.2 on RHEL-5 with Mail and Webserver guests, with fresh and minimal install of Debian Etch) and an dedicated RHEL-5 Database Server. These servers needs an internet connection and maybe a separate subnet for backend communication.

===== Security notice! =====
If you are planned to use this setup into the public Internet it's recomment that all NFS communications are protected for unauthorized acces by using VPN's or an backend network with private IP's.

====== Requirements: ======
Note! For examples i used private IP-Ranges in this HowTo. For productive Systems it's recommend to use public IP's (exepting the DB-Server which can be a backend system, connectet via internal network).
===== Basic's: =====

3 Debian Servers (can be extended with storage system)
<cli>
mail.domain.tld (192.168.0.1)
web.domain.tld (192.168.0.2)
db.domain.tld (192.168.0.3)
</cli>
Modify your /etc/hosts (on all servers) 
to make sure DNS works on all systems correct

Add:
<cli>192.168.0.1	mail.domain.tld		mail
192.168.0.2	web.domain.tld		web
192.168.0.2	admin.domain.tld	admin
192.168.0.3	db.domain.tld		db</cli>

Debian Etch sources.list<cli>
deb http://ftp.de.debian.org/debian/ stable main contrib non-free
deb http://security.debian.org/ stable/updates main contrib non-free
</cli>
**Before you are doing anything else, run on every server:**

<cli>
$ apt-get update && apt-get upgrade
$ apt-get install nfs-common
</cli>
Download the apt package-lists to your related servers
Download: [[Webserver_Packages-Debian-etch]]
<cli>Run the following on the web server:
$ apt-get install $(cat Webserver_Packages-Debian-etch)</cli>

Download: [[Mailserver_Packages-Debian-etch]]
<cli>Run the following on the mail server:
$ apt-get install $(cat Mailserver_Packages-Debian-etch)</cli>
  * When you get to the “courier screen” select **no** to web directories.
  * When you get to the “postfix screen” select **internet site**
  * If your debian setup is correct your domain should already be displayed on the screen. If not, **enter the domain** without the 'www.' portion (i.e. yourdomain.com)
  * Select **yes** when you are asked if you would like to continue installing without maildirs
  * Select **no** to force sync updates.
  * When you get to the proftpd screen, select **standalone**

====== Now we prepare the Database Server ======
<cli>$ apt-get update && apt-get upgrade
$ apt-get install mysql mysql-server</cli>

- Change MySQL root user<cli>
$ mysql -u root password</cli>

- Prepare Database remote access
<cli>
ToDo: Adding how to add database user with global rights
user: ispCP
Pass: ChangeMe
Host-Rights: ALLOW 192.168.0.%
</cli>
Remove not used databases and users, but not thee root use
Remove remote access for the root user

====== Now we focus on the Mail Server ======

Edit: /etc/exports
<cli>Add lines:
/etc/courier 192.168.0.2 (rw,no_root_squash)
/etc/postfix 192.168.0.2 (rw,no_root_squash)
/var/mail 192.168.0.2 (rw,no_root_squash)
/var/spool/postfix/etc 192.168.0.2 (rw,no_root_squash)</cli>

Edit: /etc/hosts.allow
<cli>Add lines:
portmap: 192.168.0.0/24
lockd: 192.168.0.0/24
rquotad: 192.168.0.0/24
mountd: 192.168.0.0/24
statd: 192.168.0.0/24</cli>

Edit: /etc/hosts.deny
<cli>Add lines:
portmap:ALL
lockd:ALL
mountd:ALL
rquotad:ALL
statd:ALL</cli>

Run:
<cli>/etc/init.d/portmap restart
/etc/init.d/nfs-common restart
/etc/init.d/nfs-kernel-server restart
(Expect some errors in ref to subtree_check)</cli>

====== Now we focus on the web server ======

===== Create Mountpoints =====
<cli>$ mkdir -p /var/mail
$ mkdir -p /etc/courier
$ mkdir -p /etc/postfix
$ mkdir -p /var/spool/postfix/etc</cli>

===== Edit: /etc/fstab =====
Add lines:
<cli>192.168.0.1:/var/mail /var/mail nfs rw 0 0
192.168.0.1:/etc/courier /etc/courier nfs rw 0 0
192.168.0.1:/etc/postfix /etc/postfix nfs rw 0 0
192.168.0.1:/var/spool/postfix/etc /var/spool/postfix/etc nfs rw 0 0</cli>


Run: mount -a
===== Download ISPCP. =====
<cli>$ apt-get update  
$ apt-get upgrade
$ apt-get install tar bzip2 wget
$ mkdir -p /usr/local/src/ispcp
$ cd /usr/local/src/ispcp
$ wget http://mesh.dl.sourceforge.net/sourceforge/ispcp/ispcp-omega-1.0.0.tar.bz2
$ tar -xjvf ispcp-omega-1.0.0.tar.bz2</cli>

<cli>$ cd ./ispcp-*</cli>

<cli>$ make install
$ cp -Rv /tmp/ispcp/* /
$ cd /var/www/ispcp/engine/setup</cli>

Warning: Note the password for the vftp and pma user!!! You are warned.

<cli>$ perl ./ispcp-setup</cli>

<cli>FQDN: web.domain.tld
Admin: admin.domain.tld
Database: 192.268.0.3
DB-User: ispCP
DB-Pass: ChangeMe</cli>

If installation are well:

====== Modify your proftpd ======
Make sure your proftpd points to the correct database IP

<cli>/etc/proftpd/proftpd.conf
SQLConnectInfo             ispCP@192.168.0.3 vftp xxxxxxxxxxxxxxxx</cli>
====== Modify Bind9 templates to point to the correct ftp-IP ======
<cli>/etc/ispcp/bind/parts/db_e.tpl
/etc/ispcp/bind/parts/db_master_e.tpl</cli>

<cli>mail  IN  A  192.168.0.1</cli>

====== Modify Backup sript: ======
Edit:
/var/www/ispcp/engine/backup/ispcp-backup-ispcp

<cli>Make sure that line ~339 looks like this:
my $db_backupcmd = "$main::cfg{'CMD_MYSQLDUMP'} --add-drop-table --allow-keywords --quote-names -h \'$main::cfg{'DATABASE_HOST'}\' -u\'$dbuser\' -p\'$dbpass\' \'$db_name\    ' >\'$db_backup_file\'";</cli>

====== Now we need to reconfigure Squirrelmail ======

Edit: /var/www/ispcp/gui/tools/webmail/config/config.php

<cli>Locate line:
$smtpServerAddress = 'localhost';
Replace localhost with mail server ip
$smtpServerAddress = '192.168.0.1';</cli>
and
<cli>Locate line:
$imapServerAddress = 'localhost';
Replace localhost with mail server ip
$smtpServerAddress = '192.168.0.1';</cli>

====== Back on the mail server. ======
<cli>Edit: /etc/postfix/main.cf</cli>
Change entries myhostname and mydomain to show email server name

Run: /etc/init.d/postfix restart
====== Back on the Database Server. ======
Modify access parameter for your vftp and pma user that remote access are possible.
<cli>Host-Rights: ALLOW 192.168.0.%</cli>

That's it! Enjoy your multiserver enviroment

When rebooting/powering on the servers, make sure the mail and Database servers comes up first before powering up the web server.


Troubleshooting: ...comes later

Planned extensions:
	- Mailman Support
	- DynDNS Support
	- Network security with OpenVPN
	- Nagios and Munin Support
	- LDAP / MySQL Syncronisation