ISPConfig ?? Debian Stretch

?????????????? ????????? ??? ispconfig
????????? ???????????
vim /etc/apt/sources.list:

deb http://ftp.ua.debian.org/debian/ stretch main
deb http://http.debian.net/debian/ stretch main contrib non-free

aptitude update
aptitude install mysql-server bind9 apache2 apache2.2-common apache2-doc apache2-mpm-prefork apache2-utils libexpat1 ssl-cert libapache2-mod-php5 php5 php5-common php5-gd php5-mysql php5-imap phpmyadmin php5-cli php5-cgi libapache2-mod-fcgid apache2-suexec php-pear php-auth php5-mcrypt mcrypt php5-imagick imagemagick libruby php5-curl php5-intl php5-memcache php5-memcached php5-pspell php5-recode php5-sqlite php5-tidy php5-xmlrpc php5-xsl memcached libapache2-mod-passenger libapache2-mod-fastcgi php5-fpm phpmyadmin quota quotatool roundcube roundcube-mysql vlogger webalizer fcgiwrap amavisd-new spamassassin nomarch cabextract apt-listchanges libnet-ldap-perl libauthen-sasl-perl zip unzip bzip2 sudo geoip-database libclass-dbi-mysql-perl build-essential autoconf automake libtool flex bison debhelper binutils fail2ban vim-nox iptables-persistent

????????????? ???????? ??????
????????????? FTP ?????? pure-ftpd
????????????? DNS ??????
????????????? awstats

?????? ???? ?????? ??? phpmyadmin ? roundcube
mysql -u root -p
create database phpmyadmin;
grant all on phpmyadmin.* to phpmyadmin@localhost identified by 'phpmyadmindbpasswd';
create database roundcube;
grant all on roundcube.* to roundcube@localhost identified by 'roundcubedbpasswd';
quit

??????? ????????????? ?????
vim /etc/fstab:

/dev/sda1 /    ext4  usrjquota=aquota.user,grpjquota=aquota.group,jqfmt=vfsv0,user_xattr,acl,errors=remount-ro 0       1

shutdown -r now
quotacheck -avugm
quotaon -avug

vim /etc/php5/apache2/php.ini:

memory_limit = 256M
post_max_size = 16M
upload_max_filesize = 64M
date.timezone = Europe/Moscow

???????????? ssh ? chroot
cd /usr/src/
wget http://olivier.sessink.nl/jailkit/jailkit-2.17.tar.gz
cd jailkit-2.17
./debian/rules binary
dpkg -i /usr/src/jailkit_2.17-1_amd64.deb

??????????? ?????? ?? ?????? ?? IP ??? ????????? ???????? fail2ban
vim /etc/fail2ban/jail.local

[pureftpd]
enabled  = true
port     = ftp,ftps
filter   = pureftpd
logpath  = /var/log/syslog
maxretry = 3

[dovecot-pop3imap]
enabled = true
filter = dovecot-pop3imap
action = iptables-multiport[name=dovecot-pop3imap, port="pop3,pop3s,imap,imaps", protocol=tcp]
logpath = /var/log/mail.log
maxretry = 5

[postfix-sasl]
enabled  = true
port     = smtp
filter   = postfix-sasl
logpath  = /var/log/mail.log
maxretry = 3

vim /etc/fail2ban/filter.d/pureftpd.conf:

[Definition]
failregex = .*pure-ftpd: \(.*@\) \[WARNING\] Authentication failed for user.*
ignoreregex =

vim /etc/fail2ban/filter.d/dovecot-pop3imap.conf:

[Definition]
failregex = (?: pop3-login|imap-login): .*(?:Authentication failure|Aborted login \(auth failed|Aborted login \(tried to use disabled|Disconnected \(auth failed|Aborted login \(\d+ authentication attempts).*rip=(?P\S*),.*
ignoreregex =

vim /etc/fail2ban/filter.d/postfix-sasl.conf:

ignoreregex =

/etc/init.d/fail2ban restart

????????????? ispconfig
wget http://sourceforge.net/projects/ispconfig/files/ISPConfig%203/ISPConfig-3.0.5.4p8/ISPConfig-3.0.5.4p8.tar.gz
tar xzf ISPConfig-3.0.5.4p8.tar.gz
php -q ispconfig3_install/install/install.php
Installation mode (standard,expert) [standard]: expert

????????????? ????
wget http://www.ispconfig.org/downloads/ispconfig_patch -P /usr/local/ispconfig/server/scripts
chmod 700 /usr/local/ispconfig/server/scripts/ispconfig_patch
ispconfig_patch

?????? ID ????? ? http://www.ispconfig.org/page/en/ispconfig/patches.html, ??????? ?????? ??????????

??????????? apache
vim /etc/apache2/sites-available/ispconfig.conf:

#<Directory /usr/share/phpMyAdmin/>
#                                Require all granted
#                </Directory>

#<Directory /usr/share/squirrelmail>
#                               Require all granted
#               </Directory>

#<Directory /usr/lib/mailman/cgi-bin>
#                               Require all granted
#               </Directory>

#<Directory /usr/lib/mailman/icons>
#                               Require all granted
#               </Directory>

#<Directory /var/lib/mailman/archives/>
#        Options +FollowSymLinks
#                               Require all granted
#               </Directory>

#NameVirtualHost *:80
#NameVirtualHost *:443

vim /etc/apache2/conf-enabled/phpmyadmin.conf:

Alias /pma /usr/share/phpmyadmin

chown -R www-data:www-data /usr/share/phpmyadmin

??????????? roundcube
??????? ? ispconfig (https://example.com:8080 ????? ? ?????? ?? ????????? admin)->???????->????????? ????????????->???????? ?????? ????????????
?????: roundcube
??????: roundcubepasswd
?????? ???????:

Server functions
??????? ????????
??????? ???????? ?????????????
??????? ???????? ???????
??????? ????????? ????-???????
??????? ?????? ????????? ????-???????
??????? fetchmail
Mail spamfilter whitelist functions
Mail spamfilter blacklist functions
??????? ???????????????? ???????? ?????

????? «?????????»

????????????? ??????? ??? ?????? ? ispconfig
wget https://github.com/w2c/ispconfig3_roundcube/archive/master.zip
unzip master.zip
cp -r ispconfig3_roundcube-master/{ispconfig3_account,ispconfig3_autoreply,ispconfig3_fetchmail,ispconfig3_filter,ispconfig3_forward,ispconfig3_pass,ispconfig3_spam,ispconfig3_wblist} /var/lib/roundcube/plugins/
cp /var/lib/roundcube/plugins/ispconfig3_account/config/config.inc.php.dist /var/lib/roundcube/plugins/ispconfig3_account/config/config.inc.php

vim /var/lib/roundcube/plugins/ispconfig3_account/config/config.inc.php:

$rcmail_config['remote_soap_user'] = '????? ?????????? ????????????';
$rcmail_config['remote_soap_pass'] = '?????? ?????????? ????????????';
$rcmail_config['soap_url'] = 'https://example.com:8080/remote/';

vim /etc/roundcube/debian-db.php:

$dbuser='roundcube';
$dbpass='roundcubedbpasswd';
$dbname='roundcube';

vim /etc/roundcube/main.inc.php:

$rcmail_config['default_host'] = 'mail.example.com';
$rcmail_config['smtp_server'] = 'mail.example.com';
$rcmail_config['smtp_user'] = '%u';
$rcmail_config['smtp_pass'] = '%p';
$rcmail_config['smtp_helo_host'] = 'mail.example.com';
$rcmail_config['force_https'] = true;
$rcmail_config['username_domain'] = 'example.com';
$rcmail_config['mail_domain'] = 'mail.example.com';
$rcmail_config['language'] = 'ru_RU';
$rcmail_config['plugins'] = array('jqueryui', 'ispconfig3_account', 'ispconfig3_autoreply', 'ispconfig3_pass', 'ispconfig3_spam', 'ispconfig3_fetchmail', 'ispconfig3_filter', 'ispconfig3_forward', 'ispconfig3_wblist');

vim /etc/roundcube/apache.conf:

Alias /mail /var/lib/roundcube

chown -R www-data:www-data /var/lib/roundcube/
chown -R www-data:www-data /usr/share/roundcube/
chown -R www-data:www-data /usr/share/tinymce/www/

a2enmod suexec rewrite ssl actions include dav_fs dav auth_digest cgi fastcgi alias
/etc/init.d/apache2 restart

????????? ?????
iptables -I INPUT 1 -m state --state RELATED,ESTABLISHED -j ACCEPT
iptables -I INPUT 2 -s 192.168.30.0/24 -d 192.168.30.1 -i br0 -p tcp -m state --state NEW -m multiport --dports 80,443,8080,8081 -j ACCEPT
/etc/init.d/netfilter-persistent save

Добавить комментарий

Ваш e-mail не будет опубликован. Обязательные поля помечены *