Special thanks to the the guy who writes the initial HowTo. Can be found here! http://www.isp-control.net/ispcp/wiki/howto_separateemailandwebserver
Please note that this describes the run through for setup ispCP on multi servers. This enviroment isn't Bold Textcompletly testet and in an early alpha phase.
are seperate servers (Dedicated), or in my case a mix in Virtual-Servers (XEN 3.0.2 on RHEL-5 with Mail and Webserver guests, with fresh and minimal install of Debian Etch) and an dedicated RHEL-5 Database Server. These servers needs an internet connection and maybe a separate subnet for backend communication.
If you are planned to use this setup into the public Internet it's recomment that all NFS communications are protected for unauthorized acces by using VPN's or an backend network with private IP's.
Note! For examples i used private IP-Ranges in this HowTo. For productive Systems it's recommend to use public IP's (exepting the DB-Server which can be a backend system, connectet via internal network).
3 Debian Servers (can be extended with storage system) <cli> mail.domain.tld (192.168.0.1) web.domain.tld (192.168.0.2) db.domain.tld (192.168.0.3) </cli> Modify your /etc/hosts (on all servers) to make sure DNS works on all systems correct
Add: <cli>192.168.0.1 mail.domain.tld mail 192.168.0.2 web.domain.tld web 192.168.0.2 admin.domain.tld admin 192.168.0.3 db.domain.tld db</cli>
Debian Etch sources.list<cli> deb http://ftp.de.debian.org/debian/ stable main contrib non-free deb http://security.debian.org/ stable/updates main contrib non-free </cli> Before you are doing anything else, run on every server:
<cli> $ apt-get update && apt-get upgrade $ apt-get install nfs-common </cli> Download the apt package-lists to your related servers Download: Webserver_Packages-Debian-etch <cli>Run the following on the web server: $ apt-get install $(cat Webserver_Packages-Debian-etch)</cli>
Download: Mailserver_Packages-Debian-etch <cli>Run the following on the mail server: $ apt-get install $(cat Mailserver_Packages-Debian-etch)</cli>
<cli>$ apt-get update && apt-get upgrade $ apt-get install mysql mysql-server</cli>
- Change MySQL root user<cli> $ mysql -u root password</cli>
- Prepare Database remote access <cli> ToDo: Adding how to add database user with global rights user: ispCP Pass: ChangeMe Host-Rights: ALLOW 192.168.0.% </cli> Remove not used databases and users, but not thee root use Remove remote access for the root user
Edit: /etc/exports <cli>Add lines: /etc/courier 192.168.0.2 (rw,no_root_squash) /etc/postfix 192.168.0.2 (rw,no_root_squash) /var/mail 192.168.0.2 (rw,no_root_squash) /var/spool/postfix/etc 192.168.0.2 (rw,no_root_squash)</cli>
Edit: /etc/hosts.allow <cli>Add lines: portmap: 192.168.0.0/24 lockd: 192.168.0.0/24 rquotad: 192.168.0.0/24 mountd: 192.168.0.0/24 statd: 192.168.0.0/24</cli>
Edit: /etc/hosts.deny <cli>Add lines: portmap:ALL lockd:ALL mountd:ALL rquotad:ALL statd:ALL</cli>
Run: <cli>/etc/init.d/portmap restart /etc/init.d/nfs-common restart /etc/init.d/nfs-kernel-server restart (Expect some errors in ref to subtree_check)</cli>
<cli>$ mkdir -p /var/mail $ mkdir -p /etc/courier $ mkdir -p /etc/postfix $ mkdir -p /var/spool/postfix/etc</cli>
Add lines: <cli>192.168.0.1:/var/mail /var/mail nfs rw 0 0 192.168.0.1:/etc/courier /etc/courier nfs rw 0 0 192.168.0.1:/etc/postfix /etc/postfix nfs rw 0 0 192.168.0.1:/var/spool/postfix/etc /var/spool/postfix/etc nfs rw 0 0</cli>
Run: mount -a
<cli>$ apt-get update $ apt-get upgrade $ apt-get install tar bzip2 wget $ mkdir -p /usr/local/src/ispcp $ cd /usr/local/src/ispcp $ wget http://mesh.dl.sourceforge.net/sourceforge/ispcp/ispcp-omega-1.0.0.tar.bz2 $ tar -xjvf ispcp-omega-1.0.0.tar.bz2</cli>
<cli>$ cd ./ispcp-*</cli>
<cli>$ make install $ cp -Rv /tmp/ispcp/* / $ cd /var/www/ispcp/engine/setup</cli>
Warning: Note the password for the vftp and pma user!!! You are warned.
<cli>$ perl ./ispcp-setup</cli>
<cli>FQDN: web.domain.tld Admin: admin.domain.tld Database: 192.268.0.3 DB-User: ispCP DB-Pass: ChangeMe</cli>
If installation are well:
Make sure your proftpd points to the correct database IP
<cli>/etc/proftpd/proftpd.conf SQLConnectInfo ispCP@192.168.0.3 vftp xxxxxxxxxxxxxxxx</cli>
<cli>/etc/ispcp/bind/parts/db_e.tpl /etc/ispcp/bind/parts/db_master_e.tpl</cli>
<cli>mail IN A 192.168.0.1</cli>
Edit: /var/www/ispcp/engine/backup/ispcp-backup-ispcp
<cli>Make sure that line ~339 looks like this: my $db_backupcmd = “$main::cfg{'CMD_MYSQLDUMP'} –add-drop-table –allow-keywords –quote-names -h \'$main::cfg{'DATABASE_HOST'}\' -u\'$dbuser\' -p\'$dbpass\' \'$db_name\ ' >\'$db_backup_file\'”;</cli>
Edit: /var/www/ispcp/gui/tools/webmail/config/config.php
<cli>Locate line: $smtpServerAddress = 'localhost'; Replace localhost with mail server ip $smtpServerAddress = '192.168.0.1';</cli> and <cli>Locate line: $imapServerAddress = 'localhost'; Replace localhost with mail server ip $smtpServerAddress = '192.168.0.1';</cli>
<cli>Edit: /etc/postfix/main.cf</cli> Change entries myhostname and mydomain to show email server name
Run: /etc/init.d/postfix restart
Modify access parameter for your vftp and pma user that remote access are possible. <cli>Host-Rights: ALLOW 192.168.0.%</cli>
That's it! Enjoy your multiserver enviroment
When rebooting/powering on the servers, make sure the mail and Database servers comes up first before powering up the web server.
Troubleshooting: …comes later
Planned extensions: