完美的服务器 ISPConfig 3.1-Debian 10(Apache,BIND,Dovecot,PureFTPD)
完美的服务器 ISPConfig 3.1-Debian 10(Apache,BIND,Dovecot,PureFTPD)
本教程显示如何为安装ISPConfig 3.1准备Debian 10服务器(带有Apache2,BIND,Dovecot)以及如何安装ISPConfig。网络托管控制面板ISPConfig 3允许您通过网络浏览器配置以下服务:Apache或Nginx Web服务器,Postfix邮件服务器,Courier或Dovecot IMAP / POP3服务器,MySQL,BIND或MyDNS名称服务器,PureFTPd,SpamAssassin,ClamAV,还有很多。此设置涵盖Apache(而不是nginx),BIND和Dovecot。
1初步说明
在本教程中,我将使用IP地址为192.168.0.100且网关为192.168.0.1的主机名server1.example.com。这些设置可能因您而异,因此您必须在适当的地方进行替换。在继续进行操作之前,您需要最小安装Debian10。这可能是托管服务提供商提供的Debian最小映像,或者您使用了Minimal Debian Server 教程来设置基本系统。
以下所有命令均以root用户身份运行。直接以root用户身份登录或以普通用户身份登录,然后使用以下命令
su -
在继续之前成为服务器上的root用户。重要信息:您必须使用’su-‘而不是’su’,否则Debian将PATH变量设置为错误。
2安装SSH服务器(可选)
如果您在系统安装过程中未安装OpenSSH服务器,则可以立即执行以下操作:
apt-get install ssh openssh-server
从现在开始,您可以使用SSH客户端(例如PuTTY)并将其从工作站连接到Debian 9服务器,并按照本教程中的其余步骤进行操作。
3安装外壳文本编辑器(可选)
在本教程中,我们将使用nano文本编辑器。一些用户更喜欢经典的vi编辑器,因此我们将在此处安装这两个编辑器。默认的vi程序在Debian和Ubuntu上有一些奇怪的行为。为了解决这个问题,我们安装了vim-nox:
apt-get install nano vim-nox
如果vi是您最喜欢的编辑器,请在以下命令中用vi替换nano以编辑文件。
4配置主机名
服务器的主机名应为子域,例如“ server1.example.com”。请勿将没有子域名的域名(例如“ example.com”)用作主机名,因为这将在以后的邮件设置中引起问题。首先,您应该检查/ etc / hosts中的主机名, 并在必要时进行更改。该行应为:“ IP地址-空间-完整主机名,包括域-空间-子域部分”。对于我们的主机名server1.example.com,文件应如下所示:
nano /etc/hosts
127.0.0.1 localhost.localdomain本地主机 192.168.0.100 server1.example.com server1 #以下行对于支持IPv6的主机是理想的 :: 1 localhost ip6-localhost ip6-loopback ff02 :: 1 ip6-allnodes ff02 :: 2 ip6-allrouters
然后编辑/ etc / hostname文件:
nano /etc/hostname
在我们的例子中,它应仅包含子域部分:
server1
最后,重新引导服务器以应用更改:
systemctl reboot
再次登录,并使用以下命令检查主机名现在是否正确:
hostname
hostname -f
输出应如下所示:
root@server1:/tmp# hostname
server1
root@server1:/tmp# hostname -f
server1.example.com
5更新您的Debian安装
首先,请确保您的/etc/apt/sources.list包含buster / updates存储库(这确保您始终获得最新的安全更新),并且确保contrib和non-free存储库已启用,因为某些必需的软件包未启用在主存储库中。
nano /etc/apt/sources.list
deb http://deb.debian.org/debian/ buster main contrib non-free
deb-src http://deb.debian.org/debian/ buster main contrib non-free
deb http://security.debian.org/debian-security buster/updates main contrib non-free
deb-src http://security.debian.org/debian-security buster/updates main contrib non-free
跑:
apt-get update
更新apt软件包数据库
apt-get upgrade
并安装最新的更新(如果有)。
6.更改默认外壳
/ bin / sh是/ bin / dash的符号链接,但是我们需要/ bin / bash,而不是/ bin / dash。因此,我们这样做:
dpkg-reconfigure dash
使用破折号作为默认系统外壳程序(/ bin / sh)? <-否
如果不这样做,则ISPConfig安装将失败。
7同步系统时钟
这是一个好主意,系统时钟与NTP(同步ñ etwork牛逼IME p通过Internet rotocol)服务器。只需运行
apt-get -y install ntp
并且您的系统时间将始终保持同步。
8安装Postfix,Dovecot,MariaDB,rkhunter和Binutils
我们可以使用单个命令安装Postfix,Dovecot,MariaDB作为MySQL替代品,rkhunter和Binutils:
apt-get -y install postfix postfix-mysql postfix-doc mariadb-client mariadb-server openssl getmail4 rkhunter binutils dovecot-imapd dovecot-pop3d dovecot-mysql dovecot-sieve dovecot-lmtpd sudo curl
您将被询问以下问题:
邮件配置的常规类型: <-Internet站点
系统邮件名称:<-server1.example.com
要保护MariaDB的安装并禁用测试数据库,请运行以下命令:
mysql_secure_installation
回答以下问题:
Change the root password? [Y/n] <-- y
New password: <-- Enter a new MariaDB root password
Re-enter new password: <-- Repeat the MariaDB root password
Remove anonymous users? [Y/n] <-- y
Disallow root login remotely? [Y/n] <-- y
Remove test database and access to it? [Y/n] <-- y
Reload privilege tables now? [Y/n] <-- y
接下来,在Postfix中打开TLS / SSL和提交端口:
nano /etc/postfix/master.cf
取消对提交和SMTPS部分如下,并添加行必要使master.cf文件看起来完全像下面这样的这个部分。重要提示:删除以smtps开头并提交的行前面的#,而不仅仅是从这些行之后的-o行中删除!
[...] 提交inet n----smtpd -o syslog_name =后缀/提交 -o smtpd_tls_security_level =加密 -o smtpd_sasl_auth_enable =是 -o smtpd_client_striction = permit_sasl_authenticated,拒绝 #-s smtpdd_re_ients = client -restriction = -smptpd_re_recipients = client -restriction = -smptpd_re_recipients = client -restriction = -smptpd_re_recipients = client $ mua_helo_restrictions #-o smtpd_sender_restrictions = $ mua_sender_restrictions #-o smtpd_recipient_restrictions = #-o smtpd_relay_restrictions = permit_sasl_authenticated,拒绝 #-o milter_macro_daemon_name =原诉 SMTPS INET N - - - - smtpd的 -o syslog_name =后缀/ SMTPS -o smtpd_tls_wrappermode = YES -o smtpd_sasl_auth_enable =是 -o smtpd_client_restrictions = permit_sasl_authenticated,拒绝 #-o smtpd_reject_unlisted_recipient =无 #-o smtpd_client_restrictions = $ mua_client_restrictions #-o smtpd_helo_restrictions = $ mua_helo_restrictions #-o smtpd_sender_restrictions = $ mua_sender_restrictions #-o smtpd_recipient_restrictions = #-o smtpd_relay_restrictions = permit_sasl_authenticated,拒绝 #-o milter_macro_daemon_name =发起 [...]
之后重新启动Postfix:
systemctl restart postfix
我们希望MySQL在所有接口上侦听,而不仅仅是localhost。因此,我们编辑/etc/mysql/mariadb.conf.d/50-server.cnf并 在其前面加上#来注释掉bind-address = 127.0.0.1行。
nano /etc/mysql/mariadb.conf.d/50-server.cnf
[...] #现在默认不监听网络,而不是跳过网络 #本地主机,兼容性更高,安全性也更高。 #绑定地址= 127.0.0.1 [...]
将MariaDB中的密码身份验证方法设置为本机,以便稍后我们可以使用PHPMyAdmin以root用户身份进行连接:
echo "update mysql.user set plugin = 'mysql_native_password' where user='root';" | mysql -u root
编辑文件/etc/mysql/debian.cnf,并在以单词password开头的行中两次设置MYSQL / MariaDB根密码。
nano /etc/mysql/debian.cnf
需要添加的MySQL root密码以红色显示。在此示例中,密码为“ howtoforge”。
# Automatically generated for Debian scripts. DO NOT TOUCH!
[client]
host = localhost
user = root
password = howtoforge
socket = /var/run/mysqld/mysqld.sock
[mysql_upgrade]
host = localhost
user = root
password = howtoforge
socket = /var/run/mysqld/mysqld.sock
basedir = /usr
为了防止错误“接受错误:打开的文件太多”,我们现在将为MariaDB设置更高的打开文件限制。
使用编辑器打开文件/etc/security/limits.conf:
nano /etc/security/limits.conf
并将这些行添加到文件末尾。
mysql soft nofile 65535
mysql hard nofile 65535
接下来,使用mkdir命令创建一个新目录/etc/systemd/system/mysql.service.d/。
mkdir -p /etc/systemd/system/mysql.service.d/
并在其中添加一个新文件:
nano /etc/systemd/system/mysql.service.d/limits.conf
将以下行粘贴到该文件中:
[Service]
LimitNOFILE=infinity
保存文件并关闭nano编辑器。
然后,我们重新加载systemd并重新启动MariaDB:
systemctl daemon-reload
systemctl restart mariadb
现在检查是否已启用网络连接。跑
netstat -tap | grep mysql
输出应如下所示:
root@server1:/home/administrator# netstat -tap | grep mysql
tcp6 0 0 [::]:mysql [::]:* LISTEN 16623/mysqld
9安装新的Amavisd,SpamAssassin和ClamAV
要安装新的amavisd,SpamAssassin和ClamAV,我们运行
apt-get install amavisd-new spamassassin clamav clamav-daemon unzip bzip2 arj nomarch lzop cabextract p7zip p7zip-full unrar lrzip apt-listchanges libnet-ldap-perl libauthen-sasl-perl clamav-docs daemon libio-string-perl libio-socket-ssl-perl libnet-ident-perl zip libnet-dns-perl libdbd-mysql-perl postgrey
ISPConfig 3设置使用amavisd在内部加载SpamAssassin筛选器库,因此我们可以停止SpamAssassin释放一些RAM:
systemctl stop spamassassin
systemctl disable spamassassin
10安装Apache Web服务器和PHP
可以如下安装Apache2,PHP,FCGI,suExec,Pear和mcrypt:
apt-get -y install apache2 apache2-doc apache2-utils libapache2-mod-php php7.3 php7.3-common php7.3-gd php7.3-mysql php7.3-imap php7.3-cli php7.3-cgi libapache2-mod-fcgid apache2-suexec-pristine php-pear mcrypt imagemagick libruby libapache2-mod-python php7.3-curl php7.3-intl php7.3-pspell php7.3-recode php7.3-sqlite3 php7.3-tidy php7.3-xmlrpc php7.3-xsl memcached php-memcache php-imagick php-gettext php7.3-zip php7.3-mbstring memcached libapache2-mod-passenger php7.3-soap php7.3-fpm php7.3-opcache php-apcu libapache2-reload-perl
然后运行以下命令以启用Apache模块suexec,rewrite,ssl,actions和include(如果要使用WebDAV ,则加上dav,dav_fs和auth_digest):
a2enmod suexec rewrite ssl actions include dav_fs dav auth_digest cgi headers actions proxy_fcgi alias
为了确保服务器不会受到HTTPOXY漏洞的攻击,我们将通过添加配置文件/etc/apache2/conf-available/httpoxy.conf来全局禁用apache中的HTTP_PROXY标头。
注意: 该漏洞名为httpoxy(不带“ r”),因此我们在其中添加配置以防止该漏洞的文件名为httpoxy.conf,而不是httproxy.conf,因此文件名中不缺少“ r”。
nano /etc/apache2/conf-available/httpoxy.conf
将以下内容粘贴到文件中:
<IfModule mod_headers.c> RequestHeader提前取消设置代理 </ IfModule>
并通过运行以下命令启用该模块:
a2enconf httpoxy
systemctl restart apache2
11安装让我们加密
ISPConfig现在将acme.sh用作“让我们加密客户端”。使用以下命令安装acme.sh:
curl https://get.acme.sh | sh -s
12安装Mailman
ISPConfig允许您管理(创建/修改/删除)Mailman邮件列表。如果要使用此功能,请按以下步骤安装Mailman:
apt-get install mailman
选择至少一种语言,例如:
Languages to support: <-- en (English)
Missing site list <-- Ok
在启动Mailman之前,必须创建一个名为mailman的第一个邮件列表:
newlist mailman
root@server1:~# newlist mailman
Enter the email of the person running the list: <-- admin email address, e.g. listadmin@example.com
Initial mailman password: <-- admin password for the mailman list
To finish creating your mailing list, you must edit your /etc/aliases (or
equivalent) file by adding the following lines, and possibly running the
`newaliases' program:
## mailman mailing list
mailman: "|/var/lib/mailman/mail/mailman post mailman"
mailman-admin: "|/var/lib/mailman/mail/mailman admin mailman"
mailman-bounces: "|/var/lib/mailman/mail/mailman bounces mailman"
mailman-confirm: "|/var/lib/mailman/mail/mailman confirm mailman"
mailman-join: "|/var/lib/mailman/mail/mailman join mailman"
mailman-leave: "|/var/lib/mailman/mail/mailman leave mailman"
mailman-owner: "|/var/lib/mailman/mail/mailman owner mailman"
mailman-request: "|/var/lib/mailman/mail/mailman request mailman"
mailman-subscribe: "|/var/lib/mailman/mail/mailman subscribe mailman"
mailman-unsubscribe: "|/var/lib/mailman/mail/mailman unsubscribe mailman"
Hit enter to notify mailman owner... <-- ENTER
root@server1:~#
然后打开/ etc / aliases …
nano /etc/aliases
…并添加以下行:
[...] ## mailman邮件列表 邮递员:“ | / var / lib / mailman / mail / mailman post mailman” mailman-admin:“ | / var / lib / mailman / mail / mailman admin mailman” mailman-bounces:“ | / var / lib / mailman / mail / mailman反弹mailman” mailman-confirm:“ | / var / lib / mailman / mail / mailman确认mailman” mailman-join:“ | / var / lib / mailman / mail / mailman加入mailman” mailman-leave:“ | / var / lib / mailman / mail / mailman离开mailman” mailman所有者:“ | / var / lib / mailman / mail / mailman所有者mailman” mailman-request:“ | / var / lib / mailman / mail / mailman请求mailman” mailman-subscribe:“ | / var / lib / mailman / mail / mailman订阅mailman” mailman-unsubscribe:“ | / var / lib / mailman / mail / mailman退订mailman”
跑:
newaliases
并重新启动Postfix:
systemctl restart postfix
最后,我们必须启用Mailman Apache配置:
ln -s /etc/mailman/apache.conf /etc/apache2/conf-enabled/mailman.conf
这定义别名/ cgi-bin目录/邮差/所有的Apache虚拟主机,这意味着你可以在访问邮差管理界面的列表http://server1.example.com/cgi-bin/mailman/admin/,和邮件列表用户的网页可以在http://server1.example.com/cgi-bin/mailman/listinfo/中找到。
在http://server1.example.com/pipermail下,您可以找到邮件列表档案。
之后重新启动Apache:
systemctl restart apache2
然后启动Mailman守护程序:
systemctl restart mailman
13安装PureFTPd和配额
可以使用以下命令安装PureFTPd和quota:
apt-get install pure-ftpd-common pure-ftpd-mysql quota quotatool
为pure-ftpd创建dhparam文件:
openssl dhparam -out /etc/ssl/private/pure-ftpd-dhparams.pem 2048
编辑文件/ etc / default / pure-ftpd-common …
nano /etc/default/pure-ftpd-common
…并确保将启动模式设置为独立模式并设置VIRTUALCHROOT = true:
[...] STANDALONE_OR_INETD =独立 [...] VIRTUALCHROOT =真 [...]
现在,我们将PureFTPd配置为允许FTP和TLS会话。FTP是一种非常不安全的协议,因为所有密码和所有数据均以明文形式传输。通过使用TLS,可以加密整个通信,从而使FTP更加安全。
如果要允许FTP和TLS会话,请运行
echo 1 > /etc/pure-ftpd/conf/TLS
为了使用TLS,我们必须创建一个SSL证书。我在/ etc / ssl / private /中创建它,因此我首先创建该目录:
mkdir -p /etc/ssl/private/
之后,我们可以生成SSL证书,如下所示:
openssl req -x509 -nodes -days 7300 -newkey rsa:2048 -keyout /etc/ssl/private/pure-ftpd.pem -out /etc/ssl/private/pure-ftpd.pem
Country Name (2 letter code) [AU]: <-- Enter your Country Name (e.g., "DE").
State or Province Name (full name) [Some-State]: <-- Enter your State or Province Name.
Locality Name (eg, city) []: <-- Enter your City.
Organization Name (eg, company) [Internet Widgits Pty Ltd]: <-- Enter your Organization Name (e.g., the name of your company).
Organizational Unit Name (eg, section) []: <-- Enter your Organizational Unit Name (e.g. "IT Department").
Common Name (eg, YOUR name) []: <-- Enter the Fully Qualified Domain Name of the system (e.g. "server1.example.com").
Email Address []: <-- Enter your Email Address.
更改SSL证书的权限:
chmod 600 /etc/ssl/private/pure-ftpd.pem
然后重新启动PureFTPd:
systemctl restart pure-ftpd-mysql
编辑/ etc / fstab。我的看起来像这样(我将,usrjquota = quota.user,grpjquota = quota.group,jqfmt = vfsv0添加到了具有挂载点/的分区):
nano /etc/fstab
# /etc/fstab: static file system information.
#
# Use 'blkid' to print the universally unique identifier for a
# device; this may be used with UUID= as a more robust way to name devices
# that works even if disks are added and removed. See fstab(5).
#
# <file system> <mount point> <type> <options> <dump> <pass>
# / was on /dev/sda1 during installation
UUID=45576b38-39e8-4994-b8c1-ea4870e2e614 / ext4 errors=remount-ro,usrjquota=quota.user,grpjquota=quota.group,jqfmt=vfsv0 0 1
# swap was on /dev/sda5 during installation
UUID=8bea0d1e-ec37-4b20-9976-4b7daaa3eb69 none swap sw 0 0
/dev/sr0 /media/cdrom0 udf,iso9660 user,noauto 0 0
要启用配额,请运行以下命令:
mount -o remount /
quotacheck -avugm
quotaon -avug
14安装BIND DNS服务器
BIND可以按以下方式安装:
apt-get install bind9 dnsutils
如果您的服务器是虚拟机,则强烈建议安装hadged守护程序,以获取更高的DNSSEC签名熵。您也可以在非虚拟服务器上安装Haveged,这不会造成伤害。
apt-get install haveged
关于该主题的说明可以在这里找到。
15安装Webalizer和AWStats
Webalizer和AWStats可以按以下方式安装:
apt-get install webalizer awstats geoip-database libclass-dbi-mysql-perl libtimedate-perl
然后打开/etc/cron.d/awstats …
nano /etc/cron.d/awstats
…并注释掉该文件中的所有内容:
#MAILTO =根 #* / 10 * * * * www-data [-x /usr/share/awstats/tools/update.sh] && /usr/share/awstats/tools/update.sh #生成静态报告: #10 03 * * * www-data [-x /usr/share/awstats/tools/buildstatic.sh] && /usr/share/awstats/tools/buildstatic.sh
16安装Jailkit
仅当您想要chroot SSH用户时才需要Jailkit。可以如下安装:
apt-get install build-essential autoconf automake libtool flex bison debhelper binutils
cd /tmp
wget http://olivier.sessink.nl/jailkit/jailkit-2.20.tar.gz
tar xvfz jailkit-2.20.tar.gz
cd jailkit-2.20
echo 5 > debian/compat
./debian/rules binary
现在,您可以按以下方式安装Jailkit .deb软件包:
cd ..
dpkg -i jailkit_2.20-1_*.deb
rm -rf jailkit-2.20*
17安装fail2ban和UFW防火墙
这是可选的,但建议这样做,因为ISPConfig监视器尝试显示日志:
apt-get install fail2ban
要使fail2ban监视PureFTPd和Dovecot,请创建文件/etc/fail2ban/jail.local:
nano /etc/fail2ban/jail.local
并添加以下配置。
[pure-ftpd]
enabled = true
port = ftp
filter = pure-ftpd
logpath = /var/log/syslog
maxretry = 3
[dovecot]
enabled = true
filter = dovecot
logpath = /var/log/mail.log
maxretry = 5
[postfix-sasl]
enabled = true
port = smtp
filter = postfix[mode=auth]
logpath = /var/log/mail.log
maxretry = 3
之后重新启动fail2ban:
systemctl restart fail2ban
要安装UFW防火墙,请运行以下apt命令:
apt-get install ufw
18安装PHPMyAdmin数据库管理工具
从Debian 10开始,PHPMyAdmin不再以.deb软件包形式提供。因此,我们将从源代码安装它。
为PHPMyadmin创建文件夹:
mkdir /usr/share/phpmyadmin
mkdir /etc/phpmyadmin
mkdir -p /var/lib/phpmyadmin/tmp
chown -R www-data:www-data /var/lib/phpmyadmin
touch /etc/phpmyadmin/htpasswd.setup
转到/ tmp目录并下载PHPMyAdmin源:
cd /tmp
wget https://files.phpmyadmin.net/phpMyAdmin/4.9.0.1/phpMyAdmin-4.9.0.1-all-languages.tar.gz
解压缩下载的存档文件,并将文件移至/ usr / share / phpmyadmin文件夹,并清理/ tmp目录。
tar xfz phpMyAdmin-4.9.0.1-all-languages.tar.gz
mv phpMyAdmin-4.9.0.1-all-languages/* /usr/share/phpmyadmin/
rm phpMyAdmin-4.9.0.1-all-languages.tar.gz
rm -rf phpMyAdmin-4.9.0.1-all-languages
根据提供的示例文件为PHPMyaAdmin创建一个新的配置文件:
cp /usr/share/phpmyadmin/config.sample.inc.php /usr/share/phpmyadmin/config.inc.php
使用nano编辑器打开配置文件:
nano /usr/share/phpmyadmin/config.inc.php
设置一个安全密码(河豚密码),该密码必须为32个字符长:
$cfg['blowfish_secret'] = 'bD3e6wva9fnd93jVsb7SDgeiBCd452Dh'; /* YOU MUST FILL IN THIS FOR COOKIE AUTH! */
不要以我的河豚秘密为例,设置您自己的秘密!
然后添加一行以设置PHPMyAdmin用于存储临时文件的目录:
$cfg['TempDir'] = '/var/lib/phpmyadmin/tmp';
接下来,我们通过在nano编辑器中打开一个新文件来为PHPMyAdmin创建Apache配置文件:
nano /etc/apache2/conf-available/phpmyadmin.conf
将以下配置粘贴到文件中并保存。
# phpMyAdmin default Apache configuration
Alias /phpmyadmin /usr/share/phpmyadmin
<Directory /usr/share/phpmyadmin>
Options FollowSymLinks
DirectoryIndex index.php
<IfModule mod_php7.c>
AddType application/x-httpd-php .php
php_flag magic_quotes_gpc Off
php_flag track_vars On
php_flag register_globals Off
php_value include_path .
</IfModule>
</Directory>
# Authorize for setup
<Directory /usr/share/phpmyadmin/setup>
<IfModule mod_authn_file.c>
AuthType Basic
AuthName "phpMyAdmin Setup"
AuthUserFile /etc/phpmyadmin/htpasswd.setup
</IfModule>
Require valid-user
</Directory>
# Disallow web access to directories that don't need it
<Directory /usr/share/phpmyadmin/libraries>
Order Deny,Allow
Deny from All
</Directory>
<Directory /usr/share/phpmyadmin/setup/lib>
Order Deny,Allow
Deny from All
</Directory>
激活配置并重新启动Apache。
a2enconf phpmyadmin
systemctl restart apache2
在下一步中,我们将配置phpMyadmin配置存储(数据库)。
以root用户身份登录MariaDB:
mysql -u root -p
在MariaDB Shell中,为PHPMyAdmin创建一个新数据库:
MariaDB [(none)]> CREATE DATABASE phpmyadmin;
然后创建一个新用户:
MariaDB [(none)]> CREATE USER 'pma'@'localhost' IDENTIFIED BY 'mypassword';
在上面和下面的命令中,用您选择的安全密码替换单词mypassword,两次都使用相同的密码。然后,授予用户对此数据库的访问权限并重新加载数据库权限。
MariaDB [(none)]> GRANT ALL PRIVILEGES ON phpmyadmin.* TO 'pma'@'localhost' IDENTIFIED BY 'mypassword' WITH GRANT OPTION;
MariaDB [(none)]> FLUSH PRIVILEGES;
MariaDB [(none)]> EXIT;
最后,将SQL表加载到数据库中:
mysql -u root -p phpmyadmin < /usr/share/phpmyadmin/sql/create_tables.sql
根据要求输入MariaDB根密码。
现在我们要做的就是在配置文件中设置phpmyadmin用户详细信息。再次在nano编辑器中打开文件:
nano /usr/share/phpmyadmin/config.inc.php
向下滚动,直到看到下面的行并进行编辑:
/* User used to manipulate with storage */
$cfg['Servers'][$i]['controlhost'] = 'localhost';
$cfg['Servers'][$i]['controlport'] = '';
$cfg['Servers'][$i]['controluser'] = 'pma';
$cfg['Servers'][$i]['controlpass'] = 'mypassword';
/* Storage database and tables */
$cfg['Servers'][$i]['pmadb'] = 'phpmyadmin';
$cfg['Servers'][$i]['bookmarktable'] = 'pma__bookmark';
$cfg['Servers'][$i]['relation'] = 'pma__relation';
$cfg['Servers'][$i]['table_info'] = 'pma__table_info';
$cfg['Servers'][$i]['table_coords'] = 'pma__table_coords';
$cfg['Servers'][$i]['pdf_pages'] = 'pma__pdf_pages';
$cfg['Servers'][$i]['column_info'] = 'pma__column_info';
$cfg['Servers'][$i]['history'] = 'pma__history';
$cfg['Servers'][$i]['table_uiprefs'] = 'pma__table_uiprefs';
$cfg['Servers'][$i]['tracking'] = 'pma__tracking';
$cfg['Servers'][$i]['userconfig'] = 'pma__userconfig';
$cfg['Servers'][$i]['recent'] = 'pma__recent';
$cfg['Servers'][$i]['favorite'] = 'pma__favorite';
$cfg['Servers'][$i]['users'] = 'pma__users';
$cfg['Servers'][$i]['usergroups'] = 'pma__usergroups';
$cfg['Servers'][$i]['navigationhiding'] = 'pma__navigationhiding';
$cfg['Servers'][$i]['savedsearches'] = 'pma__savedsearches';
$cfg['Servers'][$i]['central_columns'] = 'pma__central_columns';
$cfg['Servers'][$i]['designer_settings'] = 'pma__designer_settings';
$cfg['Servers'][$i]['export_templates'] = 'pma__export_templates';
我已将已编辑的行标记为红色。将mypassword替换为您为phpmyadmin用户选择的密码。请注意,行前的//也已删除!
19安装RoundCube Webmail(可选)
在本章中,我们将安装RoundCube Webmail客户端。首先,我们必须为Roundcube手动创建数据库,因为RoundCube Debian安装程序中当前存在一个问题,该问题导致它无法自动创建数据库。运行以下命令以创建数据库:
echo "CREATE DATABASE roundcube;" | mysql --defaults-file=/etc/mysql/debian.cnf
然后使用以下命令安装RoundCube:
apt-get install roundcube roundcube-core roundcube-mysql roundcube-plugins
安装程序将询问以下问题:
Configure database for roundcube with dbconfig.common? <-- yes
MySQL application password for roundcube: <-- press enter
然后编辑RoundCube /etc/roundcube/config.inc.php文件并调整一些设置:
nano /etc/roundcube/config.inc.php
将default_host和smtp_server设置为localhost。
$config['default_host'] = 'localhost';
$config['smtp_server'] = 'localhost';
然后编辑Apache roundcube配置文件/etc/apache2/conf-enabled/roundcube.conf:
nano /etc/apache2/conf-enabled/roundcube.conf
并为apache / webmail别名添加一个别名行,为/ roundcube添加一个别名行,您可以在文件的开头添加该行。注意:请勿使用/ mail作为别名,否则ispconfig电子邮件模块将停止工作!
Alias /roundcube /var/lib/roundcube
Alias /webmail /var/lib/roundcube
然后重新加载Apache:
systemctl reload apache2
现在,您可以按以下方式访问RoundCube:
http://192.168.0.100/webmail
http://www.example.com/webmail
http://server1.example.com:8080/webmail(安装ISPConfig之后,请参见下一章)
存在一些用于将RoundCube Webmail与ISPConfig集成的插件,请在此处查看ISPConfig RoundCube插件的安装说明。
20下载ISPConfig 3
20.1下载稳定版本(推荐)
要从最新发布的版本安装ISPConfig 3,请执行以下操作:
cd /tmp
wget http://www.ispconfig.org/downloads/ISPConfig-3-stable.tar.gz
tar xfz ISPConfig-3-stable.tar.gz
cd ispconfig3_install/install/
20.2下载下一个3.1版本的预发行版本
如果您想试用即将发布的3.1稳定版本的预发行版本,请使用此命令下载它。该稳定的分支版本是最后一个稳定版本以及下一个稳定版本的更改:
cd /tmp
wget -O ISPConfig-3.1-dev.tar.gz https://git.ispconfig.org/ispconfig/ispconfig3/repository/archive.tar.gz?ref=stable-3.1
tar xfz ISPConfig-3.1-dev.tar.gz
cd ispconfig3-stable-3.1*
cd install
21安装ISPConfig
下一步是运行ISPConfig安装程序。
php -q install.php
这将启动ISPConfig 3安装程序。安装程序将为您配置所有服务,如Postfix,Dovecot等。不需要ISPConfig 2所需的手动设置(完善的安装指南)。
# php -q install.php
--------------------------------------------------------------------------------
_____ ___________ _____ __ _ ____
|_ _/ ___| ___ / / __ / / _(_) /__ /
| | / `--.| |_/ / | / // ___ _ __ | |_ _ __ _ _/ /
| | `--. / __/ | | / _ /| '_ /| _| |/ _` | |_ |
_| |_//__/ / | | /__// (_) | | | | | | | (_| | ___/ /
/___//____//_| /____//___/|_| |_|_| |_|/__, | /____/
__/ |
|___/
--------------------------------------------------------------------------------
>> Initial configuration
Operating System: Debian 10.0 (Buster) or compatible
Following will be a few questions for primary configuration so be careful.
Default values are in [brackets] and can be accepted with <ENTER>.
Tap in "quit" (without the quotes) to stop the installer.
Select language (en,de) [en]: <-- Hit Enter
Installation mode (standard,expert) [standard]: <-- Hit Enter
Full qualified hostname (FQDN) of the server, eg server1.domain.tld [server1.example.com]: <-- Hit Enter
MySQL server hostname [localhost]: <-- Hit Enter
MySQL server port [3306]: <-- Hit Enter
MySQL root username [root]: <-- Hit Enter
MySQL root password []: <-- Enter your MySQL root password
MySQL database to create [dbispconfig]: <-- Hit Enter
MySQL charset [utf8]: <-- Hit Enter
Configuring Postgrey
Configuring Postfix
Generating a 4096 bit RSA private key
.......................................................................++
........................................................................................................................................++
writing new private key to 'smtpd.key'
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [AU]: <-- Enter 2 letter country code
State or Province Name (full name) [Some-State]: <-- Enter the name of the state
Locality Name (eg, city) []: <-- Enter your city
Organization Name (eg, company) [Internet Widgits Pty Ltd]: <-- Enter company name or press enter
Organizational Unit Name (eg, section) []: <-- Hit Enter
Common Name (e.g. server FQDN or YOUR name) []: <-- Enter the server hostname, in my case: server1.example.com
Email Address []: <-- Hit Enter
Configuring Mailman
Configuring Dovecot
Configuring Spamassassin
Configuring Amavisd
Configuring Getmail
Configuring BIND
Configuring Jailkit
Configuring Pureftpd
Configuring Apache
Configuring vlogger
[INFO] service Metronome XMPP Server not detected
Configuring Ubuntu Firewall
Configuring Fail2ban
[INFO] service OpenVZ not detected
Configuring Apps vhost
Installing ISPConfig
ISPConfig Port [8080]:
Admin password [admin]:
Do you want a secure (SSL) connection to the ISPConfig web interface (y,n) [y]: <-- Hit Enter
Generating RSA private key, 4096 bit long modulus
.......................++
................................................................................................................................++
e is 65537 (0x10001)
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [AU]: <-- Enter 2 letter country code
State or Province Name (full name) [Some-State]: <-- Enter the name of the state
Locality Name (eg, city) []: <-- Enter your city
Organization Name (eg, company) [Internet Widgits Pty Ltd]: <-- Enter company name or press enter
Organizational Unit Name (eg, section) []: <-- Hit Enter
Common Name (e.g. server FQDN or YOUR name) []: <-- Enter the server hostname, in my case: server1.example.com
Email Address []: <-- Hit Enter
Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []: <-- Hit Enter
An optional company name []: <-- Hit Enter
writing RSA key
Configuring DBServer
Installing ISPConfig crontab
no crontab for root
no crontab for getmail
Detect IP addresses
Restarting services ...
Installation completed.
安装程序会自动配置所有基础服务,因此不需要手动配置。
之后,您可以在http(s://://server1.example.com:8080 /或http(s)://192.168.0.100:8080 /下访问ISPConfig 3 (http或https取决于您在安装过程中选择的内容)。使用用户名admin和密码admin登录(您应该在首次登录后更改默认密码):
现在可以使用该系统了。
21.1 ISPConfig 3手册
为了学习如何使用ISPConfig 3,我强烈建议下载 ISPConfig 3手册。
在300多个页面上,它涵盖了ISPConfig(管理员,代理商,客户端)的概念,解释了如何安装和更新ISPConfig 3,包括ISPConfig中所有表单和表单字段的参考以及有效输入的示例,并提供了教程。 ISPConfig 3中最常见的任务。它还列出了如何使服务器更安全,并在最后提供了一个故障排除部分。
22本教程的虚拟机映像下载
本教程可立即使用,并且可以使用与VMWare和Virtualbox兼容的ovf / ova格式的虚拟机映像。虚拟机映像使用以下登录详细信息:
SSH / Shell登录
用户名:管理员
密码:howtoforge
用户名:root
密码:howtoforge
ISPConfig登录
用户名:admin
密码:admin
MySQL登录
用户名:root
密码:howtoforge
VM的IP为192.168.0.100,可以在文件/ etc / network / interfaces中进行更改。请更改以上所有密码以保护虚拟机。
23个链接
- Debian:http://www.debian.org/
- ISPConfig:http://www.ispconfig.org/
原创文章,作者:ItWorker,如若转载,请注明出处:https://blog.ytso.com/32324.html