====== Gentoo ======
^ispCP Version |1.0.6 |
^INSTALL Script|1.5 |
^Maintainer |pgentoo |
^Linux Distros |Gentoo |
^Last Update |09.13.2010 |
===== Disclaimer ======
//Please msg me (pgentoo) on the forum if you find anything that needs to be modified.//
\\
I have completed several installations and these steps worked well for me.
\\
\\
===== What is this guide for? ======
This Guide will help you to install ispCP on Gentoo freshly updated ~x86 or ~amd64 box. It is not a full howto or guide but more like a reference, if you use Gentoo you should be able to figure it out with what I have here.\\
===== Prerequisites ======
* You have a booting, working, running Gentoo installation.
* You have internet access working
* You are installing on a machine which you have root access to
* ...
===== If you have problems ======
By all means start a thread on the Installation section of the forum. Provide as much detail as you can, and someone will likely step in and help. Please also post your resolutions, so we can update the documentation appropriately.
===== Configure your /etc/make.conf ======
//This worked for me, but you may want to tweak it depending on your desired setup. Give this a shot first, then modify to your needs after you get ispCP up and running.//
USE="-doc -X -gnome -kde ctype iconv gdbm bash-completion hardened vim-syntax sasl ssl authdaemond imap courier postfix reiserfs bzip2 zlib apache2 php mysql ncurses crypt maildir mmx offensive perl python ruby sockets sse sse2 syslog tcl threads unicode tcpd pcre acl spl pam async ads automount winbind szip zip urandom gd png simplexml libwww curl xml xml2 softquota ftp session pdo cgi force-cgi-redirect exif suhosin mysqli suexec truetype"
LINGUAS="en"
APACHE2_MODULES="actions alias auth_basic auth_digest authn_anon authn_dbd authn_dbm authn_default authn_file authz_dbm authz_default authz_groupfile authz_host authz_owner authz_user autoindex cgi cgid dav dav_fs dav_lock dbd deflate dir env expires ext_filter filter headers ident imagemap include info log_config logio mime mime_magic negotiation proxy proxy_ajp proxy_balancer proxy_connect proxy_http rewrite setenvif so speling status unique_id userdir usertrack vhost_alias"
APACHE2_MPMS="worker"
\\
\\
Note: apache used to compile in CGI and CGID support natively, however now it has been moved to APACHE2_MODULES. If you have a previous ispcp installation where awstats has stopped working, make sure you have added "cgi cgid" to your APACHE_MODULES line.
\\
\\
===== Customize your use flags ======
There are a few packages which need some use flags removed. Put the following in /etc/portage/package.use
\\
net-libs/courier-authlib -mysql -pam
mail-mta/postfix -mysql -pam
\\
===== Unmask a few packages ======
A few packages that the default ispCP setup requires are masked.
\\Add the following to the /etc/portage/package.keywords
=mail-filter/policyd-1.82
=mail-filter/policyd-weight-0.1.14.17
dev-perl/Net-LibIDN
===== Install required packages ======
**Install Postfix, and remove ssmtp**
emerge --unmerge ssmtp && emerge -uDNva postfix
**Now emerge the rest of the packages ispCP requires**
\\
Note: this will take a while. Go grab a beer and some pizza.
emerge -uDNva vixie-cron syslog-ng iptables proftpd apache php mysql gdbm db courier-imap courier-authlib cyrus-sasl bind bind-tools logrotate zip spamassassin amavisd-new libidn mod_cband policyd policyd-weight clamav postgrey Term-ReadPassword Crypt-Blowfish Crypt-PasswdMD5 crypt-cbc MIME-tools DateManip IO-Tty Parse-Yapp XML-DOM XML-Parser rkhunter chkrootkit quota Net-LibIDN awstats File-MimeInfo TermReadKey
\\
\\
===== Modify Apache's configuration ======
**edit /etc/conf.d/apache2 you need to add these to the APACHE2_OPTS line**
-D PROXY -D CBAND
\\
**Also, if you plan to use mod_fcgid instead of mod_php edit /etc/conf.d/apache2 some more**
\\
Remove:
-D PHP5
\\
Add:
-D FCGID
\\
And after saving:
emerge mod_fcgid
\\
\\
**edit /etc/apache2/modules.d/10_mod_cband.conf and add allow from etc.. so no one can reset your clients stats**
SetHandler cband-status
Order deny,allow
Deny from all
Allow from 127.0.0.1
**Allow index.php to be a DirectoryIndex**\\
Apache doesn't by default put 'index.php' in the DirectoryIndex list, so we need to modify /etc/apache2/modules.d/00_default_settings.conf to change:
\\
DirectoryIndex index.html index.html.var
to
DirectoryIndex index.html index.html.var index.php
===== Setup MySQL ======
**Setup mysql root password and initial configuration if you haven't already**
Note: when prompted by mysql_secure_installation, provide all the defaults, except for the new root password.
/usr/bin/mysql_install_db
/etc/init.d/mysql restart
/usr/bin/mysql_secure_installation
/etc/init.d/mysql restart
\\
\\
**Verify you can login with your root password by running the following and typing your password.**
\\Note: Type “exit” to exit.
mysql -u root -p
\\
\\
===== Download and Install ispCP Omega! ======
mkdir -p /usr/local/src/ispcp
cd /usr/local/src/ispcp
wget http://kent.dl.sourceforge.net/sourceforge/ispcp/ispcp-omega-1.0.6.tar.bz2
tar -xjvf ispcp-omega-1.0.6.tar.bz2
\\
\\
**now install it. duh.**
cd ./ispcp-*
make -f Makefile.gentoo install
cp -Rv /tmp/ispcp/* /
\\
\\
**Now run the setup**
cd /var/www/ispcp/engine/setup
./ispcp-setup
===== Optional Post-Install Tweaks ======
**to disable the annoying admin email notices, edit /var/www/ispcp/gui/include/ispcp-lib.php and search/replace the following**
$cfg['LOG_LEVEL'] = E_USER_NOTICE;
to
$cfg['LOG_LEVEL'] = E_USER_ERROR;
\\
\\
**make the ssl certs. the postfix already had some made in /etc/ssl/postfix so i just used them. see in my main.cf down lower.**
/usr/sbin/mkpop3dcert
/usr/sbin/mkimapdcert
cd /etc/proftpd/
openssl genrsa -des3 -out ssl.key 5120
openssl rsa -noout -text -in ssl.key
openssl req -new -x509 -days 365 -key ssl.key -out ssl.crt
openssl x509 -noout -text -in ssl.crt
cp ssl.key ssl.key.orig
openssl rsa -in ssl.key.orig -out ssl.key
\\
\\
**edit /etc/proftpd/proftpd.conf comment out line 66. and uncomment line 123 till 131 and also change 124 to ON**
TLSEngine on
\\
\\
===== mod_php specific steps ======
If you are running mod_php, instead of suexec [fast]cgi, then you need to grant the 'apache' user access to your phptmp folder.
\\//If you are running fastcgi/fcgid, then skip this step and keep your session files locked down.//
chmod 775 -R /var/www/ispcp/gui/phptmp
===== *Required* post install fixes ======
**Fix courier-authlib**
\\
It seems that there is an issue with the sasldb2 file, and removing it allows it to be recreated as a working copy. If you don't do this, you will likely get errors when adding email addresses to the system via ispCP.
\\
rm /etc/sasl2/sasldb2
\\
\\
Postfix defaults to being configured to run in a chroot, however this does not work and gives transport errors when the system tries to deliver mail.
\\
To remove the chroot configuration change:
* the "-" to an "n" in the chroot column for the two "smtp" entries in /etc/postfix/master.conf.
\\
\\
Postgrey in gentoo runs on a different port that ispCP expects. Modify /etc/conf.d/postgrey to change to:
POSTGREY_PORT="60000"
\\
\\
**Get SMTP Auth working**
\\
Edit /etc/sasl2/smtpd.conf to look like:
#pwcheck_method:pam
pwcheck_method: auxprop
auxprop_plugin: sasldb
mech_list: PLAIN LOGIN CRAM-MD5 DIGEST-MD5
Then restart services
/etc/init.d/courier-authlib restart
/etc/init.d/postfix restart
\\
\\
**Fix ProFTPD startup error**
\\
If you configured your system without ipv6 use flag, then you need to comment out the following in /etc/proftpd/proftpd.conf
#UseIPv6 off
\\
\\
===== Start required services, and set them to start on boot =====
\\
unless you don't want/need some of them. but you might have to do more configuring if you dont...
rc-update add vixie-cron default
rc-update add syslog-ng default
rc-update add apache2 default
rc-update add mysql default
rc-update add named default
rc-update add postfix default
rc-update add proftpd default
rc-update add courier-authlib default
rc-update add courier-imapd default
rc-update add courier-pop3d default
rc-update add courier-imapd-ssl default
rc-update add courier-pop3d-ssl default
rc-update add amavisd default
rc-update add clamd default
rc-update add policyd default
rc-update add policyd-weight default
rc-update add saslauthd default
rc-update add spamd default
rc-update add postgrey default
rc-update add ispcp_daemon default
rc-update add ispcp_network default
/etc/init.d/vixie-cron restart
/etc/init.d/syslog-ng restart
/etc/init.d/apache2 restart
/etc/init.d/mysql restart
/etc/init.d/named restart
/etc/init.d/postfix restart
/etc/init.d/proftpd restart
/etc/init.d/courier-authlib restart
/etc/init.d/courier-imapd restart
/etc/init.d/courier-pop3d restart
/etc/init.d/courier-imapd-ssl restart
/etc/init.d/courier-pop3d-ssl restart
/etc/init.d/amavisd restart
/etc/init.d/clamd restart
/etc/init.d/policyd restart
/etc/init.d/policyd-weight restart
/etc/init.d/saslauthd restart
/etc/init.d/spamd restart
/etc/init.d/postgrey restart
/etc/init.d/ispcp_daemon restart
/etc/init.d/ispcp_network restart
\\
\\
===== Lock down your server ======
**It's recommended to change the default policies on the INPUT iptables chain to DROP, and explicitly allow the ports you want.**\\
//Instructions to come soon...//
\\
\\
===== Celebrate! ======
**Browse to http://admin.yourdomain.com and enjoy ispcp in all its glory!**