| ispCP Version | 1.0.6 |
|---|---|
| INSTALL Script | 1.5 |
| Maintainer | pgentoo |
| Linux Distros | Gentoo |
| Last Update | 09.13.2010 |
Please msg me (pgentoo) on the forum if you find anything that needs to be modified.
I have completed several installations and these steps worked well for me.
This Guide will help you to install ispCP on Gentoo freshly updated ~x86 or ~amd64 box. It is not a full howto or guide but more like a reference, if you use Gentoo you should be able to figure it out with what I have here.
By all means start a thread on the Installation section of the forum. Provide as much detail as you can, and someone will likely step in and help. Please also post your resolutions, so we can update the documentation appropriately.
This worked for me, but you may want to tweak it depending on your desired setup. Give this a shot first, then modify to your needs after you get ispCP up and running.
USE="-doc -X -gnome -kde ctype iconv gdbm bash-completion hardened vim-syntax sasl ssl authdaemond imap courier postfix reiserfs bzip2 zlib apache2 php mysql ncurses crypt maildir mmx offensive perl python ruby sockets sse sse2 syslog tcl threads unicode tcpd pcre acl spl pam async ads automount winbind szip zip urandom gd png simplexml libwww curl xml xml2 softquota ftp session pdo cgi force-cgi-redirect exif suhosin mysqli suexec truetype" LINGUAS="en" APACHE2_MODULES="actions alias auth_basic auth_digest authn_anon authn_dbd authn_dbm authn_default authn_file authz_dbm authz_default authz_groupfile authz_host authz_owner authz_user autoindex cgi cgid dav dav_fs dav_lock dbd deflate dir env expires ext_filter filter headers ident imagemap include info log_config logio mime mime_magic negotiation proxy proxy_ajp proxy_balancer proxy_connect proxy_http rewrite setenvif so speling status unique_id userdir usertrack vhost_alias" APACHE2_MPMS="worker"
Note: apache used to compile in CGI and CGID support natively, however now it has been moved to APACHE2_MODULES. If you have a previous ispcp installation where awstats has stopped working, make sure you have added “cgi cgid” to your APACHE_MODULES line.
There are a few packages which need some use flags removed. Put the following in /etc/portage/package.use
net-libs/courier-authlib -mysql -pam mail-mta/postfix -mysql -pam
A few packages that the default ispCP setup requires are masked. \\Add the following to the /etc/portage/package.keywords
=mail-filter/policyd-1.82 =mail-filter/policyd-weight-0.1.14.17 dev-perl/Net-LibIDN
Install Postfix, and remove ssmtp
emerge --unmerge ssmtp && emerge -uDNva postfix
Now emerge the rest of the packages ispCP requires
Note: this will take a while. Go grab a beer and some pizza.
emerge -uDNva vixie-cron syslog-ng iptables proftpd apache php mysql gdbm db courier-imap courier-authlib cyrus-sasl bind bind-tools logrotate zip spamassassin amavisd-new libidn mod_cband policyd policyd-weight clamav postgrey Term-ReadPassword Crypt-Blowfish Crypt-PasswdMD5 crypt-cbc MIME-tools DateManip IO-Tty Parse-Yapp XML-DOM XML-Parser rkhunter chkrootkit quota Net-LibIDN awstats File-MimeInfo TermReadKey
edit /etc/conf.d/apache2 you need to add these to the APACHE2_OPTS line
-D PROXY -D CBAND
Also, if you plan to use mod_fcgid instead of mod_php edit /etc/conf.d/apache2 some more
Remove:
-D PHP5
Add:
-D FCGID
And after saving:
emerge mod_fcgid
edit /etc/apache2/modules.d/10_mod_cband.conf and add allow from etc.. so no one can reset your clients stats
<Location /cband-status>
SetHandler cband-status
Order deny,allow
Deny from all
Allow from 127.0.0.1
</Location>
Allow index.php to be a DirectoryIndex
Apache doesn't by default put 'index.php' in the DirectoryIndex list, so we need to modify /etc/apache2/modules.d/00_default_settings.conf to change:
<IfModule dir_module>
DirectoryIndex index.html index.html.var
</IfModule>
to
<IfModule dir_module>
DirectoryIndex index.html index.html.var index.php
</IfModule>
Setup mysql root password and initial configuration if you haven't already Note: when prompted by mysql_secure_installation, provide all the defaults, except for the new root password.
/usr/bin/mysql_install_db /etc/init.d/mysql restart /usr/bin/mysql_secure_installation /etc/init.d/mysql restart
Verify you can login with your root password by running the following and typing your password.
\\Note: Type “exit” to exit.
mysql -u root -p
mkdir -p /usr/local/src/ispcp cd /usr/local/src/ispcp wget http://kent.dl.sourceforge.net/sourceforge/ispcp/ispcp-omega-1.0.6.tar.bz2 tar -xjvf ispcp-omega-1.0.6.tar.bz2
now install it. duh.
cd ./ispcp-* make -f Makefile.gentoo install cp -Rv /tmp/ispcp/* /
Now run the setup
cd /var/www/ispcp/engine/setup ./ispcp-setup
to disable the annoying admin email notices, edit /var/www/ispcp/gui/include/ispcp-lib.php and search/replace the following
$cfg['LOG_LEVEL'] = E_USER_NOTICE; to $cfg['LOG_LEVEL'] = E_USER_ERROR;
make the ssl certs. the postfix already had some made in /etc/ssl/postfix so i just used them. see in my main.cf down lower.
/usr/sbin/mkpop3dcert /usr/sbin/mkimapdcert cd /etc/proftpd/ openssl genrsa -des3 -out ssl.key 5120 openssl rsa -noout -text -in ssl.key openssl req -new -x509 -days 365 -key ssl.key -out ssl.crt openssl x509 -noout -text -in ssl.crt cp ssl.key ssl.key.orig openssl rsa -in ssl.key.orig -out ssl.key
edit /etc/proftpd/proftpd.conf comment out line 66. and uncomment line 123 till 131 and also change 124 to ON
TLSEngine on
If you are running mod_php, instead of suexec [fast]cgi, then you need to grant the 'apache' user access to your phptmp folder. \\If you are running fastcgi/fcgid, then skip this step and keep your session files locked down.
chmod 775 -R /var/www/ispcp/gui/phptmp
Fix courier-authlib
It seems that there is an issue with the sasldb2 file, and removing it allows it to be recreated as a working copy. If you don't do this, you will likely get errors when adding email addresses to the system via ispCP.
rm /etc/sasl2/sasldb2
Postfix defaults to being configured to run in a chroot, however this does not work and gives transport errors when the system tries to deliver mail.
To remove the chroot configuration change:
Postgrey in gentoo runs on a different port that ispCP expects. Modify /etc/conf.d/postgrey to change to:
POSTGREY_PORT="60000"
Get SMTP Auth working
Edit /etc/sasl2/smtpd.conf to look like:
#pwcheck_method:pam pwcheck_method: auxprop auxprop_plugin: sasldb mech_list: PLAIN LOGIN CRAM-MD5 DIGEST-MD5
Then restart services
/etc/init.d/courier-authlib restart /etc/init.d/postfix restart
Fix ProFTPD startup error
If you configured your system without ipv6 use flag, then you need to comment out the following in /etc/proftpd/proftpd.conf
#UseIPv6 off
unless you don't want/need some of them. but you might have to do more configuring if you dont…
rc-update add vixie-cron default rc-update add syslog-ng default rc-update add apache2 default rc-update add mysql default rc-update add named default rc-update add postfix default rc-update add proftpd default rc-update add courier-authlib default rc-update add courier-imapd default rc-update add courier-pop3d default rc-update add courier-imapd-ssl default rc-update add courier-pop3d-ssl default rc-update add amavisd default rc-update add clamd default rc-update add policyd default rc-update add policyd-weight default rc-update add saslauthd default rc-update add spamd default rc-update add postgrey default rc-update add ispcp_daemon default rc-update add ispcp_network default /etc/init.d/vixie-cron restart /etc/init.d/syslog-ng restart /etc/init.d/apache2 restart /etc/init.d/mysql restart /etc/init.d/named restart /etc/init.d/postfix restart /etc/init.d/proftpd restart /etc/init.d/courier-authlib restart /etc/init.d/courier-imapd restart /etc/init.d/courier-pop3d restart /etc/init.d/courier-imapd-ssl restart /etc/init.d/courier-pop3d-ssl restart /etc/init.d/amavisd restart /etc/init.d/clamd restart /etc/init.d/policyd restart /etc/init.d/policyd-weight restart /etc/init.d/saslauthd restart /etc/init.d/spamd restart /etc/init.d/postgrey restart /etc/init.d/ispcp_daemon restart /etc/init.d/ispcp_network restart
It's recommended to change the default policies on the INPUT iptables chain to DROP, and explicitly allow the ports you want.
Instructions to come soon…
Browse to http://admin.yourdomain.com and enjoy ispcp in all its glory!