====== Set-Up ispCP - on multiple servers ======
===== First of all! =====
Special thanks to the the guy who writes the initial HowTo. Can be found here! http://www.isp-control.net/ispcp/wiki/howto_separateemailandwebserver
Please note that this describes the run through for setup ispCP on multi servers. This enviroment isn't **Bold Text**completly testet and in an early alpha phase.
===== Firstly you need, =====
are seperate servers (Dedicated), or in my case a mix in Virtual-Servers (XEN 3.0.2 on RHEL-5 with Mail and Webserver guests, with fresh and minimal install of Debian Etch) and an dedicated RHEL-5 Database Server. These servers needs an internet connection and maybe a separate subnet for backend communication.
===== Security notice! =====
If you are planned to use this setup into the public Internet it's recomment that all NFS communications are protected for unauthorized acces by using VPN's or an backend network with private IP's.
====== Requirements: ======
Note! For examples i used private IP-Ranges in this HowTo. For productive Systems it's recommend to use public IP's (exepting the DB-Server which can be a backend system, connectet via internal network).
===== Basic's: =====
3 Debian Servers (can be extended with storage system)
mail.domain.tld (192.168.0.1)
web.domain.tld (192.168.0.2)
db.domain.tld (192.168.0.3)
Modify your /etc/hosts (on all servers)
to make sure DNS works on all systems correct
Add:
192.168.0.1 mail.domain.tld mail
192.168.0.2 web.domain.tld web
192.168.0.2 admin.domain.tld admin
192.168.0.3 db.domain.tld db
Debian Etch sources.list
deb http://ftp.de.debian.org/debian/ stable main contrib non-free
deb http://security.debian.org/ stable/updates main contrib non-free
**Before you are doing anything else, run on every server:**
$ apt-get update && apt-get upgrade
$ apt-get install nfs-common
Download the apt package-lists to your related servers
Download: [[Webserver_Packages-Debian-etch]]
Run the following on the web server:
$ apt-get install $(cat Webserver_Packages-Debian-etch)
Download: [[Mailserver_Packages-Debian-etch]]
Run the following on the mail server:
$ apt-get install $(cat Mailserver_Packages-Debian-etch)
* When you get to the “courier screen” select **no** to web directories.
* When you get to the “postfix screen” select **internet site**
* If your debian setup is correct your domain should already be displayed on the screen. If not, **enter the domain** without the 'www.' portion (i.e. yourdomain.com)
* Select **yes** when you are asked if you would like to continue installing without maildirs
* Select **no** to force sync updates.
* When you get to the proftpd screen, select **standalone**
====== Now we prepare the Database Server ======
$ apt-get update && apt-get upgrade
$ apt-get install mysql mysql-server
- Change MySQL root user
$ mysql -u root password
- Prepare Database remote access
ToDo: Adding how to add database user with global rights
user: ispCP
Pass: ChangeMe
Host-Rights: ALLOW 192.168.0.%
Remove not used databases and users, but not thee root use
Remove remote access for the root user
====== Now we focus on the Mail Server ======
Edit: /etc/exports
Add lines:
/etc/courier 192.168.0.2 (rw,no_root_squash)
/etc/postfix 192.168.0.2 (rw,no_root_squash)
/var/mail 192.168.0.2 (rw,no_root_squash)
/var/spool/postfix/etc 192.168.0.2 (rw,no_root_squash)
Edit: /etc/hosts.allow
Add lines:
portmap: 192.168.0.0/24
lockd: 192.168.0.0/24
rquotad: 192.168.0.0/24
mountd: 192.168.0.0/24
statd: 192.168.0.0/24
Edit: /etc/hosts.deny
Add lines:
portmap:ALL
lockd:ALL
mountd:ALL
rquotad:ALL
statd:ALL
Run:
/etc/init.d/portmap restart
/etc/init.d/nfs-common restart
/etc/init.d/nfs-kernel-server restart
(Expect some errors in ref to subtree_check)
====== Now we focus on the web server ======
===== Create Mountpoints =====
$ mkdir -p /var/mail
$ mkdir -p /etc/courier
$ mkdir -p /etc/postfix
$ mkdir -p /var/spool/postfix/etc
===== Edit: /etc/fstab =====
Add lines:
192.168.0.1:/var/mail /var/mail nfs rw 0 0
192.168.0.1:/etc/courier /etc/courier nfs rw 0 0
192.168.0.1:/etc/postfix /etc/postfix nfs rw 0 0
192.168.0.1:/var/spool/postfix/etc /var/spool/postfix/etc nfs rw 0 0
Run: mount -a
===== Download ISPCP. =====
$ apt-get update
$ apt-get upgrade
$ apt-get install tar bzip2 wget
$ mkdir -p /usr/local/src/ispcp
$ cd /usr/local/src/ispcp
$ wget http://mesh.dl.sourceforge.net/sourceforge/ispcp/ispcp-omega-1.0.0.tar.bz2
$ tar -xjvf ispcp-omega-1.0.0.tar.bz2
$ cd ./ispcp-*
$ make install
$ cp -Rv /tmp/ispcp/* /
$ cd /var/www/ispcp/engine/setup
Warning: Note the password for the vftp and pma user!!! You are warned.
$ perl ./ispcp-setup
FQDN: web.domain.tld
Admin: admin.domain.tld
Database: 192.268.0.3
DB-User: ispCP
DB-Pass: ChangeMe
If installation are well:
====== Modify your proftpd ======
Make sure your proftpd points to the correct database IP
/etc/proftpd/proftpd.conf
SQLConnectInfo ispCP@192.168.0.3 vftp xxxxxxxxxxxxxxxx
====== Modify Bind9 templates to point to the correct ftp-IP ======
/etc/ispcp/bind/parts/db_e.tpl
/etc/ispcp/bind/parts/db_master_e.tpl
mail IN A 192.168.0.1
====== Modify Backup sript: ======
Edit:
/var/www/ispcp/engine/backup/ispcp-backup-ispcp
Make sure that line ~339 looks like this:
my $db_backupcmd = "$main::cfg{'CMD_MYSQLDUMP'} --add-drop-table --allow-keywords --quote-names -h \'$main::cfg{'DATABASE_HOST'}\' -u\'$dbuser\' -p\'$dbpass\' \'$db_name\ ' >\'$db_backup_file\'";
====== Now we need to reconfigure Squirrelmail ======
Edit: /var/www/ispcp/gui/tools/webmail/config/config.php
Locate line:
$smtpServerAddress = 'localhost';
Replace localhost with mail server ip
$smtpServerAddress = '192.168.0.1';
and
Locate line:
$imapServerAddress = 'localhost';
Replace localhost with mail server ip
$smtpServerAddress = '192.168.0.1';
====== Back on the mail server. ======
Edit: /etc/postfix/main.cf
Change entries myhostname and mydomain to show email server name
Run: /etc/init.d/postfix restart
====== Back on the Database Server. ======
Modify access parameter for your vftp and pma user that remote access are possible.
Host-Rights: ALLOW 192.168.0.%
That's it! Enjoy your multiserver enviroment
When rebooting/powering on the servers, make sure the mail and Database servers comes up first before powering up the web server.
Troubleshooting: ...comes later
Planned extensions:
- Mailman Support
- DynDNS Support
- Network security with OpenVPN
- Nagios and Munin Support
- LDAP / MySQL Syncronisation