Centos 5 - Instalacao e Configuracao

7/30/2019 Centos 5 - Instalacao e Configuracao

1/35


2/35

[email protected]'s

# /etc/init.d/apache2 reload

Fedora/CentOS

O diretrio "/etc/httpd" onde fica os arquivos de configurao. Todas as configuraes

so feitas no arquivo "httpd.conf" que fica no diretrio "/etc/httpd/conf". Para mudar aporta do servidor, modifique a seguinte linha:

Listen 80

Salve o arquivo e recarregue as configuraes no servidor:

[email protected]'s

# service httpd reload

Slackware

O diretrio "/etc/httpd" onde fica os arquivos de configurao. Para mudar a porta doservidor, modifique no arquivo "httpd.conf" a seguinte linha:

Listen 80

Salve o arquivo e reinicie o servidorApache:

[email protected]'s

# apachectl restart

Testando o Apache

Com oApache instalado, acesse o endereo "http://localhost/" que ser exibida uma pgina de testepara indicar que o servidor est funcionando.


3/35

Figura: Pgina Teste doApache

Suporte a PHP

Para hospedar noApache, pginas dinmicas desenvolvida emPHP, necessrio instalar osmdulos doPHP.

Instalando o PHP

Debian/Ubuntu

Instale o pacote doPHPe depois reinicie oApache:

[email protected]'s

# apt-get install php5# /etc/init.d/apache2 restart

Fedora/CentOSInstale o pacote doPHPe depois reinicie oApache:

[email protected]'s

# yum install php# service httpd restart

Slackware

Baixe o pacote doPHPe instale:

ftp://ftp.slackware-brasil.com.br/slackware(...)/n/php-5.2.8-i486-1.tgz

[email protected]'s
ftp://ftp.slackware-brasil.com.br/slackware-12.2/slackware/n/php-5.2.8-i486-1.tgzftp://ftp.slackware-brasil.com.br/slackware-12.2/slackware/n/php-5.2.8-i486-1.tgz


4/35

# installpkg php-5.2.8-i486-1.tgz

Aps a instalao, para habilitar oPHPnoApache edite o arquivo "httpd.conf"descomentando a seguinte linha:

Include /etc/httpd/mod_php.conf

Salve o arquivo e reinicie o servidorApache.

[email protected]'s

# apachectl restart

Mdulos PHP

Na instalao doPHP instalado apenas os seguintes mdulos para o funcionamento doPHP:

libapache2-mod-php: Permite que oApache 2 "entenda" oPHP. php: Contm os arquivos binrios e de configurao para utilizao doPHP. common: Contm documentao e arquivos de exemplo. hash: Suporte a algoritmos hash comoMD5 e SHA1.

Porm h diversos mdulos para cada funcionalidade noPHP:

cli: Fornece um interpretador de comando para testarScripts PHP. curl: CURL uma biblioteca para recuperar arquivos viaFTP, GOPHER eHTTP. dev: Pacote contendo os arquivos fonte doPHPnecessrios para compilar mdulos

adicionais

gd: Responsvel por manipular arquivosPNG,JPEG,XPMe TTFdiretamente de scriptsPHP.

imagick: Pacote que possibilita a manipulao de arquivos de imagem. imap: Pacote que permite suporte aIMAP. interbase: Responsvel pela conexo ao banco de dadosInterbase/Firebird. mcrypt: Suporta uma grande variedade de algoritmos de criptografia. memcache: Objeto de cache de memria. Muito til para performance. mysql: Responsvel pela conexo ao banco de dadosMySQL. pear: um repositrio de cdigoPHPfocado na reutilizao de cdigo. pgsql: Responsvel pela conexo ao banco de dadosPostgreSQL.

pspell: Checagem de ortografia. Vale a pena dar uma olhada noAspell. recode: Permite a recodificao de caracteres. sybase: Responsvel pela conexo ao banco de dados Sybase e Microsoft SQL Server. tidy: Permite limpar e manipular de arquivosHTML. xmlrpc: Basicamente utilizado para webservices, permite a comunicao entre processos. xsl: Permite transformar arquivosXML tanto em outro atravs deXSLTquantoHTML ou

texto.

Para instalar os mdulos descrito acima, segue abaixo o nome dos pacotes de cada mdulo,respectivamente:

Debian/[email protected]'s

# apt-get install php5-cli php5-curl php5-dev php5-gd php5-imagick


5/35

php5-imap php5-interbase php5-mcrypt php5-memcache php5-mysql php-pearphp5-pgsql php5-pspell php5-recode php5-sybase php5-tidy php5-xmlrpcphp5-xsl

Fedora/CentOS

[email protected]'s

# yum install php-cli php-curl php-devel php-gd php-pecl-imagick php-imap php-interbase php-mcrypt php-pecl-memcache php-mysql php-pearphp-pgsql php-pspell php-recode php-mssql php-tidy php-xmlrpc php-xml

Testando o PHP

Para verificar se oPHPest ativo noApache, crie um arquivo com o nome "info.php" no diretrioraiz do servidor Web:

Debian/Ubuntu: "/var/www"

Fedora/CentOS: "/var/www/html" Slackware: "/srv/httpd/htdocs"

E adicione as seguintes linhas abaixo:

Salve o arquivo, e acesse o endereo "http://localhost/info.php", que ser exibida a pgina com osdetalhes da configurao doPHPe mdulos ativos.

Figura: Pgina Teste doPHP

Virtual Hosts

O Virtual Hostpermite hospedar diversos sites, com domnios ou subdomnios diferentes num nico


6/35

servidor web e com um nico endereoIP.

Vamos criar dois sites com os seguintes domnios:

website1.com.br website2.com.br

Crie um diretrio para cada site no diretrio raiz do servidor Web:

Debian/Ubuntu

[email protected]'s

# mkdir /var/www/website1# mkdir /var/www/website2

Fedora/CentOS

[email protected]'s

# mkdir /var/www/html/website1# mkdir /var/www/html/website2

Slackware

[email protected]'s

# mkdir /srv/httpd/htdocs/website1# mkdir /srv/httpd/htdocs/website2

Em cada diretrio, crie dois subdiretrios com os seguintes nomes:

public_html: onde ser armazenado as pginas do site que sero acessados. logs: onde ser armazenado os arquivos deLogde acesso.

Debian/Ubuntu

[email protected]'s

# mkdir /var/www/website1/public_html# mkdir /var/www/website2/public_html# mkdir /var/www/website1/logs# mkdir /var/www/website2/logs

Fedora/CentOS

[email protected]'s

# mkdir /var/www/html/website1/public_html# mkdir /var/www/html/website2/public_html# mkdir /var/www/html/website1/logs# mkdir /var/www/html/website2/logs

Slackware

[email protected]'s

# mkdir /srv/httpd/htdocs/website1/public_html# mkdir /srv/httpd/htdocs/website2/public_html# mkdir /srv/httpd/htdocs/website1/logs# mkdir /srv/httpd/htdocs/website2/logs

Agora vai configurar noApache para adicionar os dois sites.


7/35

Debian/Ubuntu

Crie um arquivo para cada site no diretrio "sites-available":

[email protected]'s

# touch /etc/apache2/sites-available/website1

# touch /etc/apache2/sites-available/website2

Adicione no arquivo "website1" as seguintes linhas abaixo:

ServerAdmin [email protected] /var/www/website1/public_htmlServerName website1.com.brErrorLog /var/www/website1/logs/error.logCustomLog /var/www/website1/logs/access.log combined

E adicione no arquivo "website2" as seguintes linhas abaixo:

ServerAdmin [email protected] /var/www/website2/public_htmlServerName website2.com.brErrorLog /var/www/website2/logs/error.logCustomLog /var/www/website2/logs/access.log combined

Depois ative ambos os sites e recarregue as configuraes no servidor:

[email protected]'s

# a2ensite website1# a2ensite website2# /etc/init.d/apache2 reload

Fedora/CentOS

Edite o arquivo "/etc/httpd/conf/httpd.conf", descomentando a seguinte linha abaixo:

NameVirtualHost *:80

E adicione no final do arquivo as seguintes linhas:

ServerAdmin [email protected] /var/www/html/website1/public_htmlServerName website1.com.brErrorLog /var/www/html/website1/logs/error.logCustomLog /var/www/html/website1/logs/access.log combined

ServerAdmin [email protected] /var/www/html/website2/public_html

ServerName website2.com.brErrorLog /var/www/html/website2/logs/error.logCustomLog /var/www/html/website2/logs/access.log combined


8/35

Depois de configurar, recarregue as configuraes no servidor:

[email protected]'s

# service httpd reload

Slackware

Edite o arquivo "/etc/httpd/httpd.conf", descomentando a seguinte linha abaixo:

Include /etc/httpd/extra/httpd-vhosts.conf

Salve o arquivo, abre o arquivo "/etc/httpd/extra/httpd-vhosts.conf" e adicione asseguintes linhas:

ServerAdmin [email protected] /srv/httpd/htdocs/website1/public_htmlServerName website1.com.br

ErrorLog /srv/httpd/htdocs/website1/logs/error.logCustomLog /srv/httpd/htdocs/website1/logs/access.log combined

ServerAdmin [email protected] /srv/httpd/htdocs/website2/public_htmlServerName website2.com.brErrorLog /srv/httpd/htdocs/website2/logs/error.logCustomLog /srv/httpd/htdocs/website2/logs/access.log combined

Depois de configurar, reinicie o servidorApache:[email protected]'s

# apachectl restart

Acessando os Sites

Crie uma pgina de teste para cada site, e salve com o nome "index.html" no subdiretrio"public_html" de cada site.

Para poder acessar o site com o domnio, adicione no arquivo "/etc/hosts" oIPdo servidor e odomnio:

127.0.0.1 website1.com.br127.0.0.1 website2.com.br

Acesse os endereos "http://website1.com.br/" e "http://website2.com.br/", ser exibido a pgina deteste que foi criada.

Pronto.


9/35

CentOS 5.1 Server Setup: LAMP, Email, DNS, FTP,

ISPConfig (a.k.a. The Perfect Server)

Version 1.0Author: Falko Timme Last edited 12/04/2007

This tutorial shows how to set up a CentOS 5.1 based server that offers all services needed by ISPsand web hosters: Apache web server (SSL-capable), Postfix mail server with SMTP-AUTH andTLS, BIND DNS server, Proftpd FTP server, MySQL server, Dovecot POP3/IMAP, Quota,Firewall, etc. This tutorial is written for the 32-bit version of CentOS 5.1, but should apply to the64-bit version with very little modifications as well.

I will use the following software: Web Server: Apache 2.2 with PHP 5.1.6 Database Server: MySQL 5.0 Mail Server: Postfix DNS Server: BIND9 (chrooted) FTP Server: Proftpd POP3/IMAP server: Dovecot Webalizer for web site statistics

In the end you should have a system that works reliably, and if you like you can install the freewebhosting control panel ISPConfig (i.e., ISPConfig runs on it out of the box).

I want to say first that this is not the only way of setting up such a system. There are many ways ofachieving this goal but this is the way I take. I do not issue any guarantee that this will work foryou!

1 Requirements

To install such a system you will need the following:

Download the CentOS 5.1 DVD or the six CentOS 5.1 CDs from a mirror next to you (the

list of mirrors can be found here: http://isoredirect.centos.org/centos/5/isos/i386/). a fast internet connection.

2 Preliminary Note

In this tutorial I use the hostname server1.example.com with the IP address 192.168.0.100 and thegateway 192.168.0.1. These settings might differ for you, so you have to replace them whereappropriate.
http://www.ispconfig.org/http://isoredirect.centos.org/centos/5/isos/i386/http://www.ispconfig.org/http://isoredirect.centos.org/centos/5/isos/i386/


10/35

3 Install The Base System

Boot from your first CentOS 5.1 CD (CD 1) or the CentOS 5.1 DVD. Press at the bootprompt:

It can take a long time to test the installation media so we skip this test here:

The welcome screen of the CentOS installer appears. Click on Next:


11/35

Choose your language next:

Select your keyboard layout:


12/35

I'm installing CentOS 5.1 on a fresh system, so I answer Yes to the question Would you like toinitialize this drive, erasing ALL DATA?


13/35

Now we must select a partitioning scheme for our installation. For simplicity's sake I select Removelinux partitions on selected drives and create default layout. This will result in a small /boot and alarge / partition as well as a swap partition. Of course, you're free to partition your hard drivehowever you like it. Then I hit Next:


14/35

Answer the following question (Are you sure you want to do this?) with Yes:

On to the network settings. The default setting here is to configure the network interfaces withDHCP, but we are installing a server, so static IP addresses are not a bad idea... Click on the Edit

button at the top right.


15/35

In the window that pops up uncheck Use dynamic IP configuration (DHCP) and Enable IPv6support and give your network card a static IP address (in this tutorial I'm using the IP address192.168.0.100 for demonstration purposes) and a suitable netmask (e.g. 255.255.255.0; if you arenot sure about the right values, http://www.subnetmask.info might help you):

Set the hostname manually, e.g. server1.example.com, and enter a gateway (e.g. 192.168.0.1) andup to two DNS servers (e.g. 145.253.2.75 and 193.174.32.18):
http://www.subnetmask.info/http://www.subnetmask.info/


16/35

Choose your time zone:

Give root a password:


17/35

Now we select the software we want to install. Select nothing but Server (uncheck everything else).Also don't check Packages from CentOS Extras. Then check Customize now, and click on Next:

Now we must select the package groups we want to install. Select Editors, Text-based Internet,Development Libraries, Development Tools, DNS Name Server, FTP Server, Mail Server, MySQL


18/35

Database, Server Configuration Tools, Web Server, Administration Tools, Base, and System Tools(unselect all other package groups) and click on Next:

The installer checks the dependencies of the selected packages:


19/35

Click on Next to start the installation:

The hard drive is being formatted:

The installation begins. This will take a few minutes:


20/35

Finally, the installation is complete, and you can remove your CD or DVD from the computer andreboot it:


21/35

After the reboot, you will see this screen. Select Firewall configuration and hit Run Tool:

I want to install ISPConfig at the end of this tutorial which comes with its own firewall. That's whyI disable the default CentOS firewall now. Of course, you are free to leave it on and configure it toyour needs (but then you shouldn't use any other firewall later on as it will most probably interferewith the CentOS firewall).

SELinux is a security extension of CentOS that should provide extended security. In my opinion

you don't need it to configure a secure system, and it usually causes more problems than advantages(think of it after you have done a week of trouble-shooting because some service wasn't working asexpected, and then you find out that everything was ok, only SELinux was causing the problem).


22/35

Therefore I disable it, too (this is a must if you want to install ISPConfig later on). Hit OKafterwards:

Then leave the Setup Agent by selecting Exit:

Then log in as root and reboot the system so that your changes can be applied:

shutdown -r now

Now, on to the configuration...

4 Adjust /etc/hosts

Next we edit /etc/hosts. Make it look like this:

vi /etc/hosts


23/35

# Do not remove the following line, or various programs# that require network functionality will fail.127.0.0.1 localhost.localdomain localhost192.168.0.100 server1.example.com server1::1 localhost6.localdomain6 localhost6

5 Configure Additional IP Addresses

(This section is totally optional. It just shows how to add additional IP addresses to your networkinterface eth0 if you need more than one IP address. If you're fine with one IP address, you can skipthis section.)

Let's assume our network interface is eth0. Then there is a file /etc/sysconfig/network-scripts/ifcfg-eth0 which contains the settings for eth0. We can use this as a sample for our new virtual networkinterface eth0:0:

cp /etc/sysconfig/network-scripts/ifcfg-eth0 /etc/sysconfig/network-scripts/ifcfg-eth0:0

Now we want to use the IP address 192.168.0.101 on the virtual interface eth0:0. Therefore we openthe file /etc/sysconfig/network-scripts/ifcfg-eth0:0 and modify it as follows (we can leave out theHWADDR line as it is the same physical network card):

vi /etc/sysconfig/network-scripts/ifcfg-eth0:0

# Advanced Micro Devices [AMD] 79c970 [PCnet32 LANCE]DEVICE=eth0:0BOOTPROTO=staticBROADCAST=192.168.0.255IPADDR=192.168.0.101NETMASK=255.255.255.0

NETWORK=192.168.0.0ONBOOT=yes

Afterwards we have to restart the network:

/etc/init.d/network restart

You might also want to adjust /etc/hosts after you have added new IP addresses, although this is notnecessary.

Now run

ifconfig

You should now see your new IP address in the output:[root@server1 ~]# ifconfigeth0 Link encap:Ethernet HWaddr 00:0C:29:55:33:B3

inet addr:192.168.0.100 Bcast:192.168.0.255 Mask:255.255.255.0inet6 addr: fe80::20c:29ff:fe55:33b3/64 Scope:LinkUP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1RX packets:355 errors:0 dropped:0 overruns:0 frame:0TX packets:300 errors:0 dropped:0 overruns:0 carrier:0collisions:0 txqueuelen:1000RX bytes:31326 (30.5 KiB) TX bytes:47669 (46.5 KiB)

Interrupt:177 Base address:0x1400

eth0:0 Link encap:Ethernet HWaddr 00:0C:29:55:33:B3


24/35

inet addr:192.168.0.101 Bcast:192.168.0.255 Mask:255.255.255.0UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1Interrupt:177 Base address:0x1400

lo Link encap:Local Loopbackinet addr:127.0.0.1 Mask:255.0.0.0

inet6 addr: ::1/128 Scope:HostUP LOOPBACK RUNNING MTU:16436 Metric:1RX packets:8 errors:0 dropped:0 overruns:0 frame:0TX packets:8 errors:0 dropped:0 overruns:0 carrier:0collisions:0 txqueuelen:0RX bytes:560 (560.0 b) TX bytes:560 (560.0 b)

[root@server1 ~]#

6 Disable The Firewall And SELinux(You can skip this chapter if you have already disabled the firewall and SELinux at the end of the

basic system installation (in the Setup Agent).)

I want to install ISPConfig at the end of this tutorial which comes with its own firewall. That's why

I disable the default CentOS firewall now. Of course, you are free to leave it on and configure it toyour needs (but then you shouldn't use any other firewall later on as it will most probably interferewith the CentOS firewall).

SELinux is a security extension of CentOS that should provide extended security. In my opinionyou don't need it to configure a secure system, and it usually causes more problems than advantages(think of it after you have done a week of trouble-shooting because some service wasn't working asexpected, and then you find out that everything was ok, only SELinux was causing the problem).Therefore I disable it, too (this is a must if you want to install ISPConfig later on).

Run

system-config-securitylevel

Set both Security Level and SELinux to Disabled and hit OK:


25/35

Afterwards we must reboot the system:

shutdown -r now

7 Install Some Software

First we import the GPG keys for software packages:

rpm --import /etc/pki/rpm-gpg/RPM-GPG-KEY*

Then we update our existing packages on the system:

yum update

Now we install some software packages that are needed later on:

yum install fetchmail wget bzip2 unzip zip nmap openssl lynx fileutils ncftp gcc gcc-c++

8 Quota

(If you have chosen a different partitioning scheme than I did, you must adjust this chapter so thatquota applies to the partitions where you need it.)

To install quota, we run this command:

yum install quota

Edit /etc/fstab and add ,usrquota,grpquota to the / partition (/dev/VolGroup00/LogVol00):

vi /etc/fstab

/dev/VolGroup00/LogVol00 / ext3 defaults,usrquota,grpquota 1 1LABEL=/boot /boot ext3 defaults 1 2tmpfs /dev/shm tmpfs defaults 0 0


26/35

devpts /dev/pts devpts gid=5,mode=620 0 0sysfs /sys sysfs defaults 0 0proc /proc proc defaults 0 0/dev/VolGroup00/LogVol01 swap swap defaults 0 0

Then run

touch /aquota.user /aquota.groupchmod 600 /aquota.*mount -o remount /quotacheck -avugmquotaon -avug

to enable quota.

9 Install A Chrooted DNS Server (BIND9)

To install a chrooted BIND9, we do this:yum install bind-chroot

Then do this:

chmod 755 /var/named/chmod 775 /var/named/chroot/chmod 775 /var/named/chroot/var/chmod 775 /var/named/chroot/var/named/chmod 775 /var/named/chroot/var/run/chmod 777 /var/named/chroot/var/run/named/cd /var/named/chroot/var/named/ln -s ../../ chrootcp /usr/share/doc/bind-9.3.3/sample/var/named/named.local/var/named/chroot/var/named/named.localcp /usr/share/doc/bind-9.3.3/sample/var/named/named.root/var/named/chroot/var/named/named.roottouch /var/named/chroot/etc/named.confchkconfig --levels 235 named on/etc/init.d/named start

BIND will run in a chroot jail under /var/named/chroot/var/named/. I will use ISPConfig toconfigure BIND (zones, etc.).

10 MySQL (5.0)

To install MySQL, we do this:

yum install mysql mysql-devel mysql-server

Then we create the system startup links for MySQL (so that MySQL starts automatically whenever


27/35

the system boots) and start the MySQL server:

chkconfig --levels 235 mysqld on/etc/init.d/mysqld start

Now check that networking is enabled. Run

netstat -tap | grep mysql

It should show a line like this:

[root@server1 named]# netstat -tap | grep mysqltcp 0 0 *:mysql *:* LISTEN 2470/mysqld[root@server1 named]#

If it does not, edit /etc/my.cnf and comment out the option skip-networking:

vi /etc/my.cnf

#skip-networking

and restart your MySQL server:/etc/init.d/mysqld restart

Run

mysqladmin -u root password yourrootsqlpasswordmysqladmin -h server1.example.com -u root password yourrootsqlpassword

to set a password for the user root (otherwise anybody can access your MySQL database!).

11 Postfix With SMTP-AUTH And TLS

Now we install Postfix and Dovecot (Dovecot will be our POP3/IMAP server):

yum install cyrus-sasl cyrus-sasl-devel cyrus-sasl-gssapi cyrus-sasl-md5 cyrus-sasl-plain postfixdovecot

Next we configure SMTP-AUTH and TLS:

postconf -e 'smtpd_sasl_local_domain ='postconf -e 'smtpd_sasl_auth_enable = yes'postconf -e 'smtpd_sasl_security_options = noanonymous'

postconf -e 'broken_sasl_auth_clients = yes'postconf -e 'smtpd_recipient_restrictions =permit_sasl_authenticated,permit_mynetworks,reject_unauth_destination'postconf -e 'inet_interfaces = all'postconf -e 'mynetworks = 127.0.0.0/8'

We must edit /usr/lib/sasl2/smtpd.conf so that Postfix allows PLAIN and LOGIN logins. On a 64BitCentos 5.1 you must edit the file /usr/lib64/sasl2/smtpd.conf instead. It should look like this:

vi /usr/lib/sasl2/smtpd.conf

pwcheck_method: saslauthdmech_list: plain login

Afterwards we create the certificates for TLS:

mkdir /etc/postfix/ssl


28/35

cd /etc/postfix/ssl/openssl genrsa -des3 -rand /etc/hosts -out smtpd.key 1024

chmod 600 smtpd.keyopenssl req -new -key smtpd.key -out smtpd.csr

openssl x509 -req -days 3650 -in smtpd.csr -signkey smtpd.key -out smtpd.crt

openssl rsa -in smtpd.key -out smtpd.key.unencryptedmv -f smtpd.key.unencrypted smtpd.keyopenssl req -new -x509 -extensions v3_ca -keyout cakey.pem -out cacert.pem -days 3650

Next we configure Postfix for TLS:

postconf -e 'smtpd_tls_auth_only = no'postconf -e 'smtp_use_tls = yes'postconf -e 'smtpd_use_tls = yes'postconf -e 'smtp_tls_note_starttls_offer = yes'postconf -e 'smtpd_tls_key_file = /etc/postfix/ssl/smtpd.key'

postconf -e 'smtpd_tls_cert_file = /etc/postfix/ssl/smtpd.crt'postconf -e 'smtpd_tls_CAfile = /etc/postfix/ssl/cacert.pem'postconf -e 'smtpd_tls_loglevel = 1'postconf -e 'smtpd_tls_received_header = yes'postconf -e 'smtpd_tls_session_cache_timeout = 3600s'postconf -e 'tls_random_source = dev:/dev/urandom'

Then we set the hostname in our Postfix installation (make sure you replace server1.example.comwith your own hostname):

postconf -e 'myhostname = server1.example.com'

After these configuration steps you should now have a /etc/postfix/main.cf that looks like this (I

have removed all comments from it):

cat /etc/postfix/main.cf

ue_directory = /var/spool/postfixmand_directory = /usr/sbinmon_directory = /usr/libexec/postfixl_owner = postfixt_interfaces = allestination = $myhostname, localhost.$mydomain, localhostnown_local_recipient_reject_code = 550as_maps = hash:/etc/aliasesas_database = hash:/etc/aliases

ug_peer_level = 2ugger_command =PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/binxxgdb $daemon_directory/$process_name $process_id & sleep 5

dmail_path = /usr/sbin/sendmail.postfixaliases_path = /usr/bin/newaliases.postfixlq_path = /usr/bin/mailq.postfixgid_group = postdropl_directory = nopage_directory = /usr/share/manple_directory = /usr/share/doc/postfix-2.3.3/samplesdme_directory = /usr/share/doc/postfix-2.3.3/README_FILES

pd_sasl_local_domain =pd_sasl_auth_enable = yespd_sasl_security_options = noanonymousken_sasl_auth_clients = yes


29/35

pd_recipient_restrictions = permit_sasl_authenticated,permit_mynetworks,reject_unauth_destinatioetworks = 127.0.0.0/8pd_tls_auth_only = nop_use_tls = yespd_use_tls = yesp_tls_note_starttls_offer = yespd_tls_key_file = /etc/postfix/ssl/smtpd.key

pd_tls_cert_file = /etc/postfix/ssl/smtpd.crtpd_tls_CAfile = /etc/postfix/ssl/cacert.pempd_tls_loglevel = 1pd_tls_received_header = yespd_tls_session_cache_timeout = 3600s_random_source = dev:/dev/urandomostname = server1.example.com

By default, CentOS' Dovecot daemon provides only IMAP and IMAPs services. Because we alsowant POP3 and POP3s we must configure Dovecot to do so. We edit /etc/dovecot.conf and enablethe line protocols = imap imaps pop3 pop3s:

vi /etc/dovecot.conf

[...]# Base directory where to store runtime data.#base_dir = /var/run/dovecot/

# Protocols we want to be serving: imap imaps pop3 pop3s# If you only want to use dovecot-auth, you can set this to "none".protocols = imap imaps pop3 pop3s

# IP or host address where to listen in for connections. It's not currently# possible to specify multiple addresses. "*" listens in all IPv4 interfaces.# "[::]" listens in all IPv6 interfaces, but may also listen in all IPv4# interfaces depending on the operating system.

[...]

Now start Postfix, saslauthd, and Dovecot:

chkconfig --levels 235 sendmail off

chkconfig --levels 235 postfix onchkconfig --levels 235 saslauthd onchkconfig --levels 235 dovecot on/etc/init.d/sendmail stop/etc/init.d/postfix start/etc/init.d/saslauthd start/etc/init.d/dovecot start

To see if SMTP-AUTH and TLS work properly now run the following command:

telnet localhost 25

After you have established the connection to your Postfix mail server type

ehlo localhost

If you see the lines


30/35

250-STARTTLS

and

250-AUTH PLAIN LOGIN

everything is fine.

[root@server1 ssl]# telnet localhost 25Trying 127.0.0.1...Connected to localhost.localdomain (127.0.0.1).Escape character is '^]'.220 server1.example.com ESMTP Postfixehlo localhost250-server1.example.com250-PIPELINING250-SIZE 10240000250-VRFY250-ETRN

250-STARTTLS250-AUTH PLAIN LOGIN250-AUTH=PLAIN LOGIN250-ENHANCEDSTATUSCODES250-8BITMIME250 DSNquit221 2.0.0 ByeConnection closed by foreign host.[root@server1 ssl]#

Type

quit

to return to the system's shell.

11.1 Maildir

Dovecot uses Maildir format (not mbox), so if you install ISPConfig on the server, please make sureyou enable Maildir under Management -> Server -> Settings -> Email. ISPConfig will then do thenecessary configuration.

If you do not want to install ISPConfig, then you must configure Postfix to deliver emails to a user'sMaildir (you can also do this if you use ISPConfig - it doesn't hurt ;-)):

postconf -e 'home_mailbox = Maildir/'postconf -e 'mailbox_command ='/etc/init.d/postfix restart

12 Apache2 With PHP

Now we install Apache with PHP (this is PHP 5.1.6):


31/35

yum install php php-devel php-gd php-imap php-ldap php-mysql php-odbc php-pear php-xml php-xmlrpc curl curl-devel perl-libwww-perl ImageMagick libxml2 libxml2-devel

Then edit /etc/httpd/conf/httpd.conf:

vi /etc/httpd/conf/httpd.conf

and change DirectoryIndex to

[...]DirectoryIndex index.html index.htm index.shtml index.cgi index.php index.php3 index.pl[...]

Now configure your system to start Apache at boot time:

chkconfig --levels 235 httpd on

Start Apache:

/etc/init.d/httpd start

12.1 Disable PHP Globally

(If you do not plan to install ISPConfig on this server, please skip this section!)

In ISPConfig you will configure PHP on a per-website basis, i.e. you can specify which website canrun PHP scripts and which one cannot. This can only work if PHP is disabled globally becauseotherwise all websites would be able to run PHP scripts, no matter what you specify in ISPConfig.

To disable PHP globally, we edit /etc/httpd/conf.d/php.conf and comment out the AddHandler andAddType lines:

vi /etc/httpd/conf.d/php.conf## PHP is an HTML-embedded scripting language which attempts to make it# easy for developers to write dynamically generated webpages.#

LoadModule php5_module modules/libphp5.so

## Cause the PHP interpreter to handle files with a .php extension.##AddHandler php5-script .php#AddType text/html .php

## Add index.php to the list of files that will be served as directory# indexes.#DirectoryIndex index.php

## Uncomment the following line to allow PHP to pretty-print .phps# files as PHP source code:##AddType application/x-httpd-php-source .phps

Afterwards we restart Apache:

/etc/init.d/httpd restart


32/35

13 ProFTPd

ISPConfig has better support for proftpd than vsftpd, so let's remove vsftpd:

yum remove vsftpd

Because CentOS has no proftpd package, we have to compile Proftpd manually:

cd /tmp/wget --passive-ftp ftp://ftp.proftpd.org/distrib/source/proftpd-1.3.1.tar.gztar xvfz proftpd-1.3.1.tar.gz

cd proftpd-1.3.1/./configure --sysconfdir=/etcmakemake installcd ..rm -fr proftpd-1.3.1*

The proftpd binary gets installed in /usr/local/sbin, but we need it in /usr/sbin, so we create asymlink:

ln -s /usr/local/sbin/proftpd /usr/sbin/proftpd

Now create the init script /etc/init.d/proftpd:vi /etc/init.d/proftpd

#!/bin/sh# $Id: proftpd.init,v 1.1 2004/02/26 17:54:30 thias Exp $## proftpd This shell script takes care of starting and stopping# proftpd.## chkconfig: - 80 30# description: ProFTPD is an enhanced FTP server with a focus towards \# simplicity, security, and ease of configuration. \# It features a very Apache-like configuration syntax, \

# and a highly customizable server infrastructure, \# including support for multiple 'virtual' FTP servers, \# anonymous FTP, and permission-based directory visibility.# processname: proftpd# config: /etc/proftp.conf# pidfile: /var/run/proftpd.pid

# Source function library.. /etc/rc.d/init.d/functions

# Source networking configuration.. /etc/sysconfig/network

# Check that networking is up.[ ${NETWORKING} = "no" ] && exit 0

[ -x /usr/sbin/proftpd ] || exit 0


33/35

RETVAL=0

prog="proftpd"

start() {echo -n $"Starting $prog: "

daemon proftpdRETVAL=$?echo[ $RETVAL -eq 0 ] && touch /var/lock/subsys/proftpd

}

stop() {echo -n $"Shutting down $prog: "killproc proftpdRETVAL=$?echo[ $RETVAL -eq 0 ] && rm -f /var/lock/subsys/proftpd

}

# See how we were called.case "$1" instart)

start;;

stop)stop;;

status)status proftpdRETVAL=$?;;

restart)stopstart;;

condrestart)if [ -f /var/lock/subsys/proftpd ]; thenstopstart

fi;;

reload)echo -n $"Re-reading $prog configuration: "killproc proftpd -HUPRETVAL=$?echo;;

*)echo "Usage: $prog {start|stop|restart|reload|condrestart|status}"exit 1

esac

exit $RETVAL

Then we make the init script executable:

chmod 755 /etc/init.d/proftpd

Next we open /etc/proftpd.conf and change Group to nobody:

vi /etc/proftpd.conf


34/35

[...]Group nobody[...]

For security reasons you can also add the following lines to /etc/proftpd.conf (thanks to ReinaldoCarvalho; more information can be found here:

http://proftpd.org/localsite/Userguide/linked/userguide.html):vi /etc/proftpd.conf

[...]DefaultRoot ~IdentLookups offServerIdent on "FTP Server ready."[...]

Now we can create the system startup links for Proftpd:

chkconfig --levels 235 proftpd on

And finally we start Proftpd:/etc/init.d/proftpd start

14 Webalizer

To install webalizer, just run

yum install webalizer

15 Synchronize The System Clock

If you want to have the system clock synchronized with an NTP server do the following:

yum install ntp

chkconfig --levels 235 ntpd onntpdate 0.pool.ntp.org/etc/init.d/ntpd start

16 Install Some Perl Modules

ISPConfig comes with SpamAssassin which needs a few Perl modules to work. We install therequired Perl modules with a single command:

yum install perl-HTML-Parser perl-DBI perl-Net-DNS perl-Digest-SHA1
http://proftpd.org/localsite/Userguide/linked/userguide.htmlhttp://proftpd.org/localsite/Userguide/linked/userguide.html


35/35

17 The End

The configuration of the server is now finished, and if you wish you can now install ISPConfig onit.

17.1 A Note On SuExec

If you want to run CGI scripts under suExec, you should specify /var/www as the home directoryfor websites created by ISPConfig as CentOS' suExec is compiled with /var/www as Doc_Root.Run

/usr/sbin/suexec -V

and the output should look like this:

[root@server1 ~]# /usr/sbin/suexec -V-D AP_DOC_ROOT="/var/www"-D AP_GID_MIN=100-D AP_HTTPD_USER="apache"-D AP_LOG_EXEC="/var/log/httpd/suexec.log"-D AP_SAFE_PATH="/usr/local/bin:/usr/bin:/bin"-D AP_UID_MIN=500-D AP_USERDIR_SUFFIX="public_html"

[root@server1 ~]#

So if you want to use suExec with ISPconfig, don't change the default web root (which is/var/www) if you use expert mode during the ISPConfig installation (in standard mode you can't

change the web root anyway so you'll be able to use suExec in any case).

18 Links

CentOS: http://www.centos.org ISPConfig: http://www.ispconfig.org
http://www.ispconfig.org/http://www.centos.org/http://www.ispconfig.org/http://www.ispconfig.org/http://www.centos.org/http://www.ispconfig.org/

Documents

Centos 5 - Instalacao e Configuracao