ISPConfig è un pannello di controllo di web hosting open source per sistemi Linux.
Consente agli amministratori di sistema di gestire siti, indirizzi e-mail, account FTP, database MySQL e MariaDB, account Shell, record DNS e processi Cron tramite un’interfaccia utente basata sul Web.
Supporta diverse distribuzioni Linux come CentOS, Debian, Ubuntu, Fedora e OpenSUSE.
Questo tutorial illustra come installare e configurare il pannello di controllo ISPConfig su Ubuntu 22.04
PREREQUISITI
Server Ubuntu 22.04 con le seguenti caratterstiche:
CPU: 2 vCores
RAM: 2 GB and above
DISCO: 50 GB
AGGIORNAMENTO UBUNTU
Prima di iniziare con l’installazione di ISPConfig eseguire i seguenti comandi:
0
1
2
|
sudo apt update
sudo apt upgrade
sudo apt install lsb-release ca-certificates apt-transport-https software-properties-common
|
CONFIGURAZIONE HOSTNAME DEL SERVER
Editare il file /etc/hostname per configurare il nome FQDN del server
0 |
nano /etc/hostname
|
Inserire l’Hostname del server + il dominio quindi salavare e chiudere il file di configurazione.
ATTENZIONE: inserire il nome FQDN completo del server altrimenti l’installazione di ISPConfig fallirà!
Riavviare il server con il comando:
0 |
sudo systemctl reboot
|
Dopo il riavvio verificare che il nome del server sia corretto con il comando:
0 |
hostname -f
|
Dovremmo vedere un output come il seguente:
root@vm-srv-ubu-ispconfig:~# hostname -f
vm-srv-ubu-ispconfig.dominio.prv
INSTALLAZIONE DI ISPCONFIG
Per impostazione predefinita, ISPConfig non è disponibile nel repository di base di Ubuntu 22.04.
ISPConfig fornisce un programma di installazione che semplifica l’esecuzione dell’installazione e di altre configurazioni sottostanti.
Per visualizzare tutte le opzioni di configurazione disponibili per l’installazione eseguire il comando:
0 |
wget -O - https://get.ispconfig.org | sh -s -- --help
|
Dovremmo vedere una schermata con tutte le opzioni mostrate di seguito:
0
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
|
********************************************************************************
ISPConfig 3 Autoinstaller
********************************************************************************
Usage: ispc3-ai.sh [<argument>] [...]
This script automatically installs all needed packages for an ISPConfig 3 setup using the guidelines from the "Perfect Server Setup" howtos on www.howtoforge.com.
Possible arguments are:
--help Show this help page
--debug Enable verbose logging (logs each command with the exit
code)
--channel Choose the channel to use for ISPConfig.
--channel=<stable|dev>
"stable" is the latest ISPConfig release available on
www.ispconfig.org
"dev" is the latest dev-branch from the ISPConfig git
repository:
https://git.ispconfig.org/ispconfig/ispconfig3/tree/develop
-> The dev channel might contain bugs and less-tested
features and should only be used in production by very
experienced users.
--lang Use language for ISPConfig installation. Specify with
--lang=en|de (only en (English) and de (German) supported
currently).
--interactive Don't install ISPConfig in non-interactive mode. This is
needed if you want to use expert mode, e. g. to install a
slave server that shall be integrated into an existing
multiserver setup.
--use-nginx Use nginx webserver instead of apache2
--use-amavis Use amavis instead of rspamd for mail filtering
--use-unbound Use unbound instead of bind9 for local resolving. Only
allowed if --no-dns is set.
--use-php Use specific PHP versions, comma separated, instead of
installing multiple PHP, e.g. --use-php=7.4,8.0 (5.6, 7.0,
7.1, 7.2, 7.3, 7.4, 8.0 and 8.1 available).
--use-php=system disables the sury repository and just
installs the system's default PHP version.
ommiting the argument (use all versions)
--use-ftp-ports This option sets the passive port range for pure-ftpd. You
have to specify the port range separated by hyphen, e. g.
--use-ftp-ports=40110-40210.
If not provided the passive port range will not be
configured.
--use-certbot Use Certbot instead of acme.sh for issuing Let's Encrypt
certificates. Not adviced unless you are migrating from a
old server that uses Certbot.
--no-web Do not use ISPConfig on this server to manage webserver
setting and don't install nginx/apache or pureftpd. This
will also prevent installing an ISPConfig UI and implies
--no-roundcube as well as --no-pma
--no-mail Do not use ISPConfig on this server to manage mailserver
settings. This will install postfix for sending system
mails, but not dovecot and not configure any settings for
ISPConfig mail. It implies --no-mailman.
--no-dns Do not use ISPConfig on this server to manage DNS entries.
Bind will be installed for local DNS caching / resolving
only.
--no-local-dns Do not install local DNS caching / resolving via bind.
--no-firewall Do not install ufw and tell ISPConfig to not manage firewall
settings on this server.
--no-roundcube Do not install roundcube webmail.
--roundcube Install Roundcube even when --no-mail is used. Manual
configuration of Roundcube config is needed.
--no-pma Do not install PHPMyAdmin on this server.
--no-mailman Do not install Mailman mailing list manager.
--no-quota Disable file system quota
--no-ntp Disable NTP setup
--monit Install Monit and set it up to monitor installed services.
Supported services: Apache2, NGINX, MariaDB,
pure-ftpd-mysql, php-fpm, ssh, named, Postfix, Dovecot,
rspamd.
--monit-alert-email
Set up alerts for Monit to be send to given e-mail address.
e.g. --monit-alert-email=me@example.com
--ssh-port -> Configure the SSH server to listen on a non-default port.
Port number must be between 1 and 65535 and can not be in use by other
services. e.g. --ssh-port=64
--ssh-permit-root
-> Configure the SSH server wether or not to allow root
login. Available options: yes | without-password | no - e.g.
--ssh-permit-root=without-password
--ssh-password-authentication
-> Configure the SSH server wether or not to allow password
authentication. Available options: yes | no - e.g.
-ssh-password-authentication=no
--ssh-harden -> Configure the SSH server to have a stronger security config.
--unattended-upgrades
Install UnattendedUpgrades. You can add extra arguments for
automatic cleanup and automatic reboots when necessary with
--unattended-upgrades=autoclean,reboot (or only one of
them).
--i-know-what-i-am-doing
Prevent the autoinstaller to ask for confirmation before
continuing to reconfigure the server.
|
Ad esempio utilizzare il seguente comando per installare ISPConfig con NGINX
0 |
wget -O - https://get.ispconfig.org | sudo sh -s -- --use-nginx --use-php=8.0 --use-ftp-ports=21-22
|
Invece se si intende utilizzare Apache eseguire il comando:
0 |
wget -O - https://get.ispconfig.org | sudo sh -s -- --use-php=8.0 --use-ftp-ports=21-22 --lang=en --no-quota --unattended-upgrades
|
In questo tutorial procederò con l’installazione di ISPConfig e Nginx quindi digitare il comando:
0 |
wget -O - https://get.ispconfig.org | sudo sh -s -- --use-nginx --use-php=8.0 --use-ftp-ports=21-22
|
Dovremmo vedere una schermata come quella sovrastante
Scrivere yes e premere INVIO
Attendere qualche istante fino al termine dell’installazione.
0
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
|
WARNING! This script will reconfigure your complete server!
It should be run on a freshly installed server and all current configuration that you have done will most likely be lost!
Type 'yes' if you really want to continue: yes
[INFO] Starting perfect server setup for Ubuntu 22.04.1 LTS
[INFO] Checking hostname.
[INFO] Configuring apt repositories.
[INFO] Updating packages
[INFO] Updated packages
[INFO] Installing packages ssh, openssh-server, nano, vim-nox, lsb-release, apt-transport-https, ca-certificates, wget, git, gnupg, software-properties-common,curl, cron, ntp
[INFO] Installed packages ssh, openssh-server, nano, vim-nox, lsb-release, apt-transport-https, ca-certificates, wget, git, gnupg, software-properties-common, curl, cron, ntp
[INFO] Activating rspamd repository.
[INFO] Activating sury php repository.
[INFO] Activating GoAccess repository.
[INFO] Updating packages (after enabling 3rd party repos).
[INFO] Updated packages
[INFO] Default shell is currently dash.
[INFO] Setting bash as default shell.
[INFO] Default shell is now bash.
[INFO] Installing packages dbconfig-common, postfix, postfix-mysql, postfix-doc,mariadb-client, mariadb-server, openssl, rkhunter, binutils, sudo, getmail6
[INFO] Installed packages dbconfig-common, postfix, postfix-mysql, postfix-doc,mariadb-client, mariadb-server, openssl, rkhunter, binutils, sudo, getmail6
[INFO] Installing packages dovecot-imapd, dovecot-pop3d, dovecot-mysql, dovecot-sieve, dovecot-managesieved, dovecot-lmtpd
[INFO] Installed packages dovecot-imapd, dovecot-pop3d, dovecot-mysql, dovecot-sieve, dovecot-managesieved, dovecot-lmtpd
[INFO] Generating MySQL password.
[INFO] Writing MySQL config files.
[INFO] Configuring postfix.
[INFO] Restarting postfix
[INFO] Installing packages software-properties-common, update-inetd, dnsutils, resolvconf, clamav, clamav-daemon, clamav-docs, zip, unzip, bzip2, xz-utils, lzip, rar, borgbackup, arj, nomarch, lzop, cabextract, apt-listchanges, libnet-ldap-perl, libauthen-sasl-perl, daemon, libio-string-perl, libio-socket-ssl-perl, libnet-ident-perl, libnet-dns-perl, libdbd-mysql-perl, bind9, rspamd, redis-server,postgrey, p7zip, p7zip-full, unrar-free, lrzip
[INFO] Installed packages software-properties-common, update-inetd, dnsutils, resolvconf, clamav, clamav-daemon, clamav-docs, zip, unzip, bzip2, xz-utils, lzip, rar, borgbackup, arj, nomarch, lzop, cabextract, apt-listchanges, libnet-ldap-perl, libauthen-sasl-perl, daemon, libio-string-perl, libio-socket-ssl-perl, libnet-ident-perl, libnet-dns-perl, libdbd-mysql-perl, bind9, rspamd, redis-server, postgrey, p7zip, p7zip-full, unrar-free, lrzip
[INFO] Stopping Rspamd.
[INFO] (Re)starting Bind.
[INFO] Disabling spamassassin daemon.
[INFO] Checking local dns resolver.
[INFO] Installing packages nginx-full, fcgiwrap
[INFO] Installed packages nginx-full, fcgiwrap
[INFO] Installing packages php-pear, php-memcache, php-imagick, mcrypt, imagemagick, libruby, memcached, php-apcu, jailkit, php8.0, php8.0-common, php8.0-gd, php8.0-mysql, php8.0-imap, php8.0-cli, php8.0-curl, php8.0-intl, php8.0-pspell, php8.0-sqlite3, php8.0-tidy, php8.0-xsl, php8.0-zip, php8.0-mbstring, php8.0-soap, php8.0-opcache, php8.0-cgi, php8.0-fpm, php8.1, php8.1-common, php8.1-gd, php8.1-mysql, php8.1-imap, php8.1-cli, php8.1-curl, php8.1-intl, php8.1-pspell, php8.1-sqlite3, php8.1-tidy, php8.1-xsl, php8.1-zip, php8.1-mbstring, php8.1-soap, php8.1-opcache, php8.1-cgi, php8.1-fpm
[INFO] Installed packages php-pear, php-memcache, php-imagick, mcrypt, imagemagick, libruby, memcached, php-apcu, jailkit, php8.0, php8.0-common, php8.0-gd, php8.0-mysql, php8.0-imap, php8.0-cli, php8.0-curl, php8.0-intl, php8.0-pspell, php8.0-sqlite3, php8.0-tidy, php8.0-xsl, php8.0-zip, php8.0-mbstring, php8.0-soap, php8.0-opcache, php8.0-cgi, php8.0-fpm, php8.1, php8.1-common, php8.1-gd, php8.1-mysql, php8.1-imap, php8.1-cli, php8.1-curl, php8.1-intl, php8.1-pspell, php8.1-sqlite3, php8.1-tidy, php8.1-xsl, php8.1-zip, php8.1-mbstring, php8.1-soap, php8.1-opcache, php8.1-cgi, php8.1-fpm
[INFO] Setting default system PHP version.
[INFO] Installing phpMyAdmin
[INFO] Installing acme.sh (Let's Encrypt).
[INFO] acme.sh (Let's Encrypt) installed.
[INFO] ISPConfig does not yet support mailman3 and mailman2 is no longer available in Ubuntu 22.04.
[INFO] Installing packages quota, quotatool, haveged, geoip-database, libclass-dbi-mysql-perl, libtimedate-perl, build-essential, autoconf, automake, libtool, flex, bison, debhelper, binutils
[INFO] Installed packages quota, quotatool, haveged, geoip-database, libclass-dbi-mysql-perl, libtimedate-perl, build-essential, autoconf, automake, libtool, flex, bison, debhelper, binutils
[INFO] Adding quota to fstab.
[INFO] Installing packages pure-ftpd-common, pure-ftpd-mysql, webalizer, awstats, goaccess
[INFO] Installed packages pure-ftpd-common, pure-ftpd-mysql, webalizer, awstats, goaccess
[INFO] Enabling TLS for pureftpd
[INFO] Disabling awstats cron.
[INFO] Installing packages fail2ban, ufw
[INFO] Installed packages fail2ban, ufw
[INFO] Configuring SSHd
[INFO] Installing roundcube.
[INFO] Installing packages roundcube, roundcube-core, roundcube-mysql, roundcube-plugins
[INFO] Installed packages roundcube, roundcube-core, roundcube-mysql, roundcube-plugins
[INFO] Installing ISPConfig3.
[INFO] Adding PHP version(s) to ISPConfig.
[INFO] Checking all services are running.
[INFO] mysql: OK
[INFO] clamav-daemon: OK
[INFO] postfix: OK
[INFO] bind9: OK
[INFO] pureftpd: FAILED
[WARN] pureftpd seems not to be running! (/lib/os/class.ISPConfigDebianOS.inc.php:2107)
[INFO] nginx: OK
[INFO] rspamd: OK
[INFO] redis-server: OK
[INFO] dovecot: OK
[INFO] Installation ready.
[INFO] Your ISPConfig admin password is: MMzpJYuAxQYlhsx9g
[INFO] Your MySQL root password is: mQDX4xsh8dhsqlsd8iQKvc5
[INFO] Warning: Please delete the log files in /tmp/ispconfig-ai/var/log/setup-* once you don't need them anymore because they contain your passwords!
|
ATTENZIONE: al fondo delle righe sovrastanti segnarsi le password relative a ISPCOnfig e MySQL.
Nel mio caso le seguenti password:
[INFO] Your ISPConfig admin password is: MMzpJYuAxQYlhsx9g
[INFO] Your MySQL root password is: mQDX4xsh8dhsqlsd8iQKvc5
CONFIGURAZIONE DI ISPCONFIG DA INTERFACCIA WEB
Aprire da un qualsiasi browser il seguente link
https://hostname.dominio.prv:8080/
Inserire come utente admin e come password quella generata dallo script precedentemente. Qunidi cliccare Login
Se abbiamo fatto tutto correttamente dovremmo vedere una schermata come quella sovrastante
Adesso la prima cosa da fare è cambiare la password dell’utente admin
Cliccare su Tools quindi User Settings quindi Cambiare la password come mostrato nell’immagine sovrastante.
A questo punto è possibile procedere con:
La gestione completa del Web Server per i server Apache e Nginx.
La gestione di BIND Server e gestione del server DNS.
La gestione server di posta con filtri antispam e antivirus tramite Postfix (MTA) e Dovecot (IMAP).
Le statistiche dei siti web con Webalizer e AWStats.
La gestione degli account di accesso amministratore, rivenditore, cliente e utenti di posta.
Possibilità di gestire uno o più server da un unico pannello di controllo. Utilizzo della configurazione Master/Slave
0 commenti