在Debian 10和Ubuntu 20.04上安装Perfect Server Automated ISP Config 3

在Debian 10和Ubuntu 20.04上安装Perfect Server Automated ISP Config 3

本教程介绍了如何使用ISPConfig自动安装程序来安装自己的ISPConfig3单服务器设置。该安装程序遵循旧的《 Perfect Server》指南,但更具模块化且易于遵循。如果您想为每个服务使用专用服务器来设置多服务器设置,请参阅《完美多服务器指南》。

本指南适用于Debian 10和Ubuntu 20.04。使用主机名server1.example.com。如有必要,请更换。

1.登录到服务器

登录或以root身份运行

su -

继续之前,请成为服务器的root用户。 重要的:必须同时使用“ su-”和“ su”。否则,Debian将错误地设置PATH变量。

2.配置主机名和主机

服务器的主机名必须是子域,例如“ server1.example.com”。 请勿使用没有子域部分的域名作为主机名,例如“ example.com”。您稍后可能会遇到设置问题。首先,您需要检查/ etc / hosts中的主机名,并在必要时进行更改。该行如下所示:“ IP地址空间完整的主机名,包括domain-space-subdomain部分”。对于主机名server1.example.com,文件如下所示(某些行可能有所不同,并且对于每个主机提供商,可能会有所不同):

nano /etc/hosts
127.0.0.1 localhost.localdomain   localhost# This line should be changed to the correct servername:127.0.1.1 server1.example.com server1
# The following lines are desirable for IPv6 capable hosts
::1     localhost ip6-localhost ip6-loopback
ff02::1 ip6-allnodes
ff02::2 ip6-allrouters

然后编辑/ etc / hostname文件。

nano /etc/hostname

在这种情况下,仅包含子域部分。

server1

最后,重新启动服务器以应用更改。

systemctl reboot

再次登录并使用以下命令来验证主机名是否正确。

hostnamehostname -f

输出看起来像这样:

[email protected]:~$ hostnameserver1[email protected]:~$ hostname -fserver1.example.com

您还需要在指向服务器的DNS提供程序中设置DNS记录。您需要一个指向您的公共IP的子域的A(和/或AAAA)记录。

3.运行自动安装程序

现在,您可以运行自动安装程序。基本设置包括以下软件包(当然还有它们的依赖性):Apache2,PHP(版本5.6-8.0),MariaDB,Postfix,Dovecot,Rspamd,BIND,Jailkit,Roundcube,PHPMyAdmin,Mailman,Webalizer,AWStats,GoAccess。您可以通过将参数传递给安装程序来轻松选择不使用特定功能或安装其他服务。您可以使用以下命令查看所有参数:

wget -O - https://get.ispconfig.org | sh -s -- --help

您现在可以使用其参数运行脚本。例如,如果您需要使用被动FTP +无人值守升级端口范围的常规安装,请运行以下命令:

wget -O - https://get.ispconfig.org | sh -s -- --use-ftp-ports=40110-40210 --unattended-upgrades

稍后,将显示以下内容。

WARNING! This script will reconfigure your complete server!It should be run on a freshly installed server and all current configuration that you have done will most likely be lost!Type 'yes' if you really want to continue:

回答“是”,然后按Enter。安装程序将启动。

安装程序完成后,您将看到ISPConfig管理员和MySQL root密码,如下所示:

[INFO] Your ISPConfig admin password is: 5GvfSSSYsdfdYC[INFO] Your MySQL root password is: kkAkft82d!kafMwqxdtYs

确保记下此信息,以备日后使用。

4.防火墙设置

最后要做的是设置防火墙。

登录到ISPConfig UI,然后[システム]->[ファイアウォール]去。下一个,[新しいファイアウォールレコードを追加]点击。

在常规设置中,它看起来像这样:

TCP:

20,21,22,80,443,40110:40210,110,143,465,587,993,995,53,8080,8081

UDP:

53

所有服务所需的端口是:

网络:20、21、22、80、443和40110:40210(均不使用TCP,UDP)

电子邮件:110、143、465、587、993和995(均不包含TCP,UDP)

DNS:53(TCP和UDP)

面板:8080和8081(均不带TCP,UDP)

现在,服务器已设置好并可以使用。您可以使用登录 https://server1.example.com:8080

5.高级选项

自动安装程序具有各种命令行选项,可用于微调您的设置。例如,您可以在Apache和Nginx Web服务器之间进行选择,然后选择要在系统上安装的服务。命令行参数为:

Usage: ispc3-ai.sh [] [...]

This script automatically installs all needed packages for an ISPConfig 3 setup using the guidelines from the "Perfect Server Setup" howtos on www.howtoforge.com.

Possible arguments are:
    --help          Show this help page
    --debug         Enable verbose logging (logs each command with the exit code)
    --channel       Choose the channel to use for ISPConfig. --channel=<stable|dev>
                    "stable" is the latest ISPConfig release available on www.ispconfig.org
                    "dev" is the latest stable-branch from the ISPConfig git repository: https://git.ispconfig.org/ispconfig/ispconfig3/tree/stable-3.1
                    -> The dev channel might contain bugs and less-tested features and should only be used in production by very experienced users.
    --lang          Use language for ISPConfig installation. Specify with --lang=en|de (only en (English) and de (German) supported currently).
    --interactive   Don't install ISPConfig in non-interactive mode. This is needed if you want to use expert mode, e. g. to install a slave server that shall be integrated into an existing
                    multiserver setup.
    --use-nginx     Use nginx webserver instead of apache2
    --use-amavis    Use amavis instead of rspamd for mail filtering
    --use-unbound   Use unbound instead of bind9 for local resolving. Only allowed if --no-dns is set.
    --use-php       Use specific PHP versions, comma separated, instead of installing multiple PHP, e.g. --use-php=7.4,8.0 (5.6, 7.0, 7.1, 7.2, 7.3, 7.4 and 8.0 available).
                    --use-php=system disables the sury repository and just installs the system's default PHP version.
                    ommiting the argument (use all versions)
    --use-ftp-ports This option sets the passive port range for pure-ftpd. You have to specify the port range separated by hyphen, e. g. --use-ftp-ports=40110-40210.
                    If not provided the passive port range will not be configured.
    --use-certbot   Use Certbot instead of acme.sh for issuing Let's Encrypt certificates. Not adviced unless you are migrating from a old server that uses Certbot.
    --no-web        Do not use ISPConfig on this server to manage webserver setting and don't install nginx/apache or pureftpd. This will also prevent installing an ISPConfig UI and implies
                    --no-roundcube as well as --no-pma
    --no-mail       Do not use ISPConfig on this server to manage mailserver settings. This will install postfix for sending system mails, but not dovecot and not configure any settings for
                    ISPConfig mail. It implies --no-mailman.
    --no-dns        Do not use ISPConfig on this server to manage DNS entries. Bind will be installed for local DNS caching / resolving only.
    --no-local-dns  Do not install local DNS caching / resolving via bind.
    --no-firewall   Do not install ufw and tell ISPConfig to not manage firewall settings on this server.
    --no-roundcube  Do not install roundcube webmail.
    --roundcube     Install Roundcube even when --no-mail is used. Manual configuration of Roundcube config is needed.
    --no-pma        Do not install PHPMyAdmin on this server.
    --no-mailman    Do not install Mailman mailing list manager.
    --no-quota      Disable file system quota
    --no-ntp        Disable NTP setup
    --unattended-upgrades
                    Install UnattendedUpgrades. You can add extra arguments for automatic cleanup and automatic reboots when necessary with --unattended-upgrades=autoclean,reboot (or only
                    one of them).
    --i-know-what-i-am-doing
                    Prevent the autoinstaller to ask for confirmation before continuing to reconfigure the server.

例如,要使用Nginx而不是Apache来安装安装程序等“完美服务器”,请使用以下命令:

wget -O - https://get.ispconfig.org | sh -s -- --use-nginx --use-ftp-ports=40110-40210 --unattended-upgrades

或安装没有电子邮件和DNS服务的Nginx Web Server:

wget -O - https://get.ispconfig.org | sh -s -- --use-nginx --no-dns --no-mail --use-ftp-ports=40110-40210 --unattended-upgrades

6.敲定

设置现已完成。

您可以通过购买手册来支持ISPConfig。 https://www.ispconfig.org/documentation/

下面的链接是一些有用的教程/指针,用于进一步的设置。

  • 电子邮件设置(rDNS,SPF,DKIM):https://www.howtoforge.com/how-to-install-an-email-server-with-ispconfig-on-debian-10/
  • Roundcube调整:https://www.howtoforge.com/community/threads/tweaking-the-roundcube-settings.86387/
  • 自动配置设置(电子邮件客户端的自动配置): https://schaal-it.com/ispconfig-automail/
  • 改善PHPMyAdmin和rspamd界面的安全性:https://www.howtoforge.com/community/threads/improving-the-security-of-phpmyadmin-and-rspamd-ui.86544/
  • ISPConfig自动安装程序代码存储库和问题跟踪系统: https://git.ispconfig.org/thom/ispconfig-autoinstaller

如有任何疑问,请在论坛中提问。

Source

Sidebar