ISPConfig Perfect Multiserver setup on Ubuntu 20.04 and Debian 10

George · Сен. 13, 2022, 08:14

This tutorial will take you through installing your own ISPConfig 3 multiserver setup with dedicated servers for the panel, web, DNS, mail, and webmail. Both the DNS and mail server will have a mirror server for redundancy. You can easily add more servers of a certain type afterwards.

ISPConfig's official auto-installer will be used to set up the servers. Debian 10 will be used as operating system. The guide has been tested with Ubuntu 20.04.2 as well.

You can read more about the auto-installer https://www.howtoforge.com/community/threads/ispconfig-3-autoinstaller.86078/

1. Preliminary Note

These will be the hosts we're installing:

host FQDN IP
panel panel.example.com 10.0.64.12
web01 web01.example.com 10.0.64.13
mx1 mx1.example.com 10.0.64.14
mx2 mx2.example.com 10.0.64.15
ns1 ns1.example.com 10.0.64.16
ns2 ns2.example.com 10.0.64.17
webmail webmail.example.com 10.0.64.18

We will be using example hostnames, IP addresses, and IP ranges. Make sure to change them accordingly in your commands/configuration.

All servers are on the same private network but have their own public IP. If your servers don't have a shared local network, use their public IPv4 addresses.

Before starting the installation of a server, set up an A and eventual AAAA record that points to the public IP address of your server. For example, if the hostname is panel.example.com and the public IP is 11.22.33.44, you should set up an A record for panel.example.com pointing to 11.22.33.44. Every server should have its own public IP and hostname.
2. Installing the master server

Log in as root or run

su -

to become the root user on your server before you proceed. IMPORTANT: You must use 'su -' and not just 'su', otherwise your PATH variable is set wrong by Debian.
2.1 Configure the hostname and hosts

The hostname of your server should be a subdomain like "panel.example.com". Do not use a domain name without a subdomain part like "example.com" as hostname as this will cause problems later with your mail setup. First, you should check the hostname in /etc/hosts and change it when necessary. The line should be: "IP Address - space - full hostname incl. domain - space - subdomain part". For our hostname panel.example.com, the file shall look like this (some lines may be different, it can differ per hosting provider):

nano /etc/hosts

127.0.0.1 localhost.localdomain localhost
# This line should be changed on every node to the correct servername:
127.0.1.1 panel.example.com panel
# These lines are the same on every node:
10.0.64.12 panel.example.com panel
10.0.64.13 web01.example.com web01
10.0.64.14 mx1.example.com mx1
10.0.64.15 mx2.example.com mx2
10.0.64.16 ns1.example.com ns1
10.0.64.17 ns2.example.com ns2
10.0.64.18 webmail.example.com webmail

# The following lines are desirable for IPv6 capable hosts
::1 localhost ip6-localhost ip6-loopback
ff02::1 ip6-allnodes
ff02::2 ip6-allrouters

As you can see, we added the hostnames of our other servers aswell, so they can communicate over the internal network later.

Then edit the /etc/hostname file:

nano /etc/hostname

It shall contain only the subdomain part, in our case:

panel

Finally, reboot the server to apply the change:

systemctl reboot

Log in again and check if the hostname is correct now with these commands:

hostname
hostname -f

The output shall be like this:

root@panel:~$ hostname
panel
root@panel:~$ hostname -f
panel.example.com

Now we can run the autoinstaller to install all necessary packages and ISPConfig:

wget -O - https://get.ispconfig.org | sh -s -- --no-mail --no-dns --use-php=system

After some time, you will see:

WARNING! This script will reconfigure your complete server!
It should be run on a freshly installed server and all current configuration that you have done will most likely be lost!
Type 'yes' if you really want to continue:

Answer "yes" and hit enter. The installer will now start.

When the installer is finished it will show you the ISPConfig admin and MySQL root password like this:

[INFO] Your ISPConfig admin password is: 5GvfSSSYsdfdYC
[INFO] Your MySQL root password is: kkAkft82d!kafMwqxdtYs

Make sure you write this information down, along with server they are for, as you will need them later.
2.2 Setting up the remote MySQL users for our slave servers

We will log in to MySQL to allow the other servers to connect to the ISPConfig database on this node during installation, by adding MySQL root user records in the master database for every slave server hostname and IP address.

On the terminal, run

mysql -u root -p

Enter your MySQL password and then run the following commands:

CREATE USER 'root'@'10.0.64.13' IDENTIFIED BY 'myrootpassword';
GRANT ALL PRIVILEGES ON * . * TO 'root'@'10.0.64.13' IDENTIFIED BY 'myrootpassword' WITH GRANT OPTION MAX_QUERIES_PER_HOUR 0 MAX_CONNECTIONS_PER_HOUR 0 MAX_UPDATES_PER_HOUR 0 MAX_USER_CONNECTIONS 0 ;

CREATE USER 'root'@'10.0.64.14' IDENTIFIED BY 'myrootpassword';
GRANT ALL PRIVILEGES ON * . * TO 'root'@'10.0.64.14' IDENTIFIED BY 'myrootpassword' WITH GRANT OPTION MAX_QUERIES_PER_HOUR 0 MAX_CONNECTIONS_PER_HOUR 0 MAX_UPDATES_PER_HOUR 0 MAX_USER_CONNECTIONS 0 ;

CREATE USER 'root'@'10.0.64.15' IDENTIFIED BY 'myrootpassword';
GRANT ALL PRIVILEGES ON * . * TO 'root'@'10.0.64.15' IDENTIFIED BY 'myrootpassword' WITH GRANT OPTION MAX_QUERIES_PER_HOUR 0 MAX_CONNECTIONS_PER_HOUR 0 MAX_UPDATES_PER_HOUR 0 MAX_USER_CONNECTIONS 0 ;

CREATE USER 'root'@'10.0.64.16' IDENTIFIED BY 'myrootpassword';
GRANT ALL PRIVILEGES ON * . * TO 'root'@'10.0.64.16' IDENTIFIED BY 'myrootpassword' WITH GRANT OPTION MAX_QUERIES_PER_HOUR 0 MAX_CONNECTIONS_PER_HOUR 0 MAX_UPDATES_PER_HOUR 0 MAX_USER_CONNECTIONS 0 ;

CREATE USER 'root'@'10.0.64.17' IDENTIFIED BY 'myrootpassword';
GRANT ALL PRIVILEGES ON * . * TO 'root'@'10.0.64.17' IDENTIFIED BY 'myrootpassword' WITH GRANT OPTION MAX_QUERIES_PER_HOUR 0 MAX_CONNECTIONS_PER_HOUR 0 MAX_UPDATES_PER_HOUR 0 MAX_USER_CONNECTIONS 0 ;

CREATE USER 'root'@'10.0.64.18' IDENTIFIED BY 'myrootpassword';
GRANT ALL PRIVILEGES ON * . * TO 'root'@'10.0.64.18' IDENTIFIED BY 'myrootpassword' WITH GRANT OPTION MAX_QUERIES_PER_HOUR 0 MAX_CONNECTIONS_PER_HOUR 0 MAX_UPDATES_PER_HOUR 0 MAX_USER_CONNECTIONS 0 ;

CREATE USER 'root'@'web01.example.com' IDENTIFIED BY 'myrootpassword';
GRANT ALL PRIVILEGES ON * . * TO 'root'@'web01.example.com' IDENTIFIED BY 'myrootpassword' WITH GRANT OPTION MAX_QUERIES_PER_HOUR 0 MAX_CONNECTIONS_PER_HOUR 0 MAX_UPDATES_PER_HOUR 0 MAX_USER_CONNECTIONS 0 ;

CREATE USER 'root'@'mx1.example.com' IDENTIFIED BY 'myrootpassword';
GRANT ALL PRIVILEGES ON * . * TO 'root'@'mx1.example.com' IDENTIFIED BY 'myrootpassword' WITH GRANT OPTION MAX_QUERIES_PER_HOUR 0 MAX_CONNECTIONS_PER_HOUR 0 MAX_UPDATES_PER_HOUR 0 MAX_USER_CONNECTIONS 0 ;

CREATE USER 'root'@'mx2.example.com' IDENTIFIED BY 'myrootpassword';
GRANT ALL PRIVILEGES ON * . * TO 'root'@'mx2.example.com' IDENTIFIED BY 'myrootpassword' WITH GRANT OPTION MAX_QUERIES_PER_HOUR 0 MAX_CONNECTIONS_PER_HOUR 0 MAX_UPDATES_PER_HOUR 0 MAX_USER_CONNECTIONS 0 ;

CREATE USER 'root'@'ns1.example.com' IDENTIFIED BY 'myrootpassword';
GRANT ALL PRIVILEGES ON * . * TO 'root'@'ns1.example.com' IDENTIFIED BY 'myrootpassword' WITH GRANT OPTION MAX_QUERIES_PER_HOUR 0 MAX_CONNECTIONS_PER_HOUR 0 MAX_UPDATES_PER_HOUR 0 MAX_USER_CONNECTIONS 0 ;

CREATE USER 'root'@'ns2.example.com' IDENTIFIED BY 'myrootpassword';
GRANT ALL PRIVILEGES ON * . * TO 'root'@'ns2.example.com' IDENTIFIED BY 'myrootpassword' WITH GRANT OPTION MAX_QUERIES_PER_HOUR 0 MAX_CONNECTIONS_PER_HOUR 0 MAX_UPDATES_PER_HOUR 0 MAX_USER_CONNECTIONS 0 ;

CREATE USER 'root'@'webmail.example.com' IDENTIFIED BY 'myrootpassword';
GRANT ALL PRIVILEGES ON * . * TO 'root'@'webmail.example.com' IDENTIFIED BY 'myrootpassword' WITH GRANT OPTION MAX_QUERIES_PER_HOUR 0 MAX_CONNECTIONS_PER_HOUR 0 MAX_UPDATES_PER_HOUR 0 MAX_USER_CONNECTIONS 0 ;

In the above SQL commands, replace the IP adresses (10.0.64.12 - 10.0.64.18) with the IP addresses of your servers, web01.example.com, mx1.example.com, mx2.example.com, ns1.example.com, ns2.example.com, and webmail.example.com with the hostnames of your servers and myrootpassword with the desired root password (it is good practice to use a different password for each host. Write them down, as you will need them later when installing or updating your slave servers).

When this is done, you can exit MySQL with:

EXIT;

You can now log in to ISPConfig on https://panel.example.com:8080 with the username admin and the password the installer showed you.
2.3 Setting up the firewall

The last thing to do is to set up our firewall.

Log in to the ISPConfig UI, and go to System -> Firewall. Then click "Add new firewall record".

For the panel server, we have to open the following ports:

TCP:

22,80,443,8080,8081

No UDP ports have to be opened through the UI.

We are also going to open port 3306, which is used for MySQL, but only from our local network for security reasons. To do so, run the following command from the CLI, after the change from the ISPConfig panel is propagated (when the red dot is gone):

ufw allow from 10.0.64.0/24 to any port 3306 proto tcp

Your panel is now set up and ready for use.

In the next step, we will install the webserver.

The autoinstaller updates the php versions only in the db of web01.

Workaround:

http://web01.example.com/phpmyadmin

login with root and given sql pw

export table server_php

remove all lines except the insert into part

remove id in all 7 lines

https://panel.webprofi.space:8080/phpmyadmin

login as root with panel sql pw

open server_php

import the table

George · Сен. 13, 2022, 08:22

3 Installing the webserver

Log in as root or run

su -

to become root user on your server before you proceed. IMPORTANT: You must use 'su -' and not just 'su', otherwise your PATH variable is set wrong by Debian.
3.1 Configure the hostname

The hostname of your server should be a subdomain like "web01.example.com". Do not use a domain name without a subdomain part like "example.com" as hostname as this will cause problems later with your mail setup. First, you should check the hostname in /etc/hosts and change it when necessary. The line should be: "IP Address - space - full hostname incl. domain - space - subdomain part". For our hostname web01.example.com, the file shall look like this:

nano /etc/hosts

127.0.0.1 localhost.localdomain localhost
# This line should be changed on every node to the correct servername:
127.0.1.1 web01.example.com web01
# These lines are the same on every node:
10.0.64.12 panel.example.com panel
10.0.64.13 web01.example.com web01
10.0.64.14 mx1.example.com mx1
10.0.64.15 mx2.example.com mx2
10.0.64.16 ns1.example.com ns1
10.0.64.17 ns2.example.com ns2
10.0.64.18 webmail.example.com webmail

# The following lines are desirable for IPv6 capable hosts
::1 localhost ip6-localhost ip6-loopback
ff02::1 ip6-allnodes
ff02::2 ip6-allrouters

As you can see, we added the hostnames of our other servers aswell, so they can communicate over the internal network later.

Then edit the /etc/hostname file:

nano /etc/hostname

It shall contain only the subdomain part, in our case:

web01

Finally, reboot the server to apply the change:

systemctl reboot

Log in again and check if the hostname is correct now with these commands:

hostname
hostname -f

The output shall be like this:

root@web01:~$ hostname
web01
root@web01:~$ hostname -f
web01.example.com

3.2 Installing ISPConfig

Now we can run the autoinstaller for all packages and ISPConfig:

wget -O - https://get.ispconfig.org | sh -s -- --no-mail --no-dns --interactive

After some time, you will see:

WARNING! This script will reconfigure your complete server!
It should be run on a freshly installed server and all current configuration that you have done will most likely be lost!
Type 'yes' if you really want to continue:

Answer "yes" and hit enter. The installer will now start.

When the installation and configuration of the packages is done, the root password for MySQL on web01 will be shown. Write this down (along with the servername, to prevent any confusion later).

Now we will have to answer some questions as we are using interactive mode. This is necessary as this server will be added to your multiserver setup.

[INFO] Installing ISPConfig3.
[INFO] Your MySQL root password is: kl3994aMsfkkeE

--------------------------------------------------------------------------------
_____ ___________ _____ __ _ ____
|_ _/ ___| ___ \ / __ \ / _(_) /__ \
| | \ `--.| |_/ / | / \/ ___ _ __ | |_ _ __ _ _/ /
| | `--. \ __/ | | / _ \| '_ \| _| |/ _` | |_ |
_| |_/\__/ / | | \__/\ (_) | | | | | | | (_| | ___\ \
\___/\____/\_| \____/\___/|_| |_|_| |_|\__, | \____/
__/ |
|___/
--------------------------------------------------------------------------------

>> Initial configuration

Operating System: Debian 10.0 (Buster) or compatible

Following will be a few questions for primary configuration so be careful.
Default values are in [brackets] and can be accepted with <ENTER>.
Tap in "quit" (without the quotes) to stop the installer.

Select language (en,de) [en]: <-- Hit enter

Installation mode (standard,expert) [standard]: <-- expert

Full qualified hostname (FQDN) of the server, eg server1.domain.tld [web01.example.com]: <-- Hit Enter

MySQL server hostname [localhost]: <-- Hit Enter

MySQL server port [3306]: <-- Hit Enter

MySQL root username [root]: <-- Hit Enter

MySQL root password []: <-- Enter the MySQL password the script just gave you

MySQL database to create [dbispconfig]: <-- Hit Enter

MySQL charset [utf8]: <-- Hit Enter

The next two questions are about the internal ISPConfig database user and password.
It is recommended to accept the defaults which are 'ispconfig' as username and a random password.
If you use a different password, use only numbers and chars for the password.

ISPConfig mysql database username [ispconfig]: <-- Hit Enter

ISPConfig mysql database password [aakl203920459853sak20284204]: <-- Hit Enter

Shall this server join an existing ISPConfig multiserver setup (y,n) [n]: <-- y

MySQL master server hostname []: <-- panel.example.com

MySQL master server port []: <-- Hit Enter

MySQL master server root username [root]: <-- Hit Enter

MySQL master server root password []: <-- the password you gave the external root user on the master server.

MySQL master server database name [dbispconfig]: <-- Hit Enter

Adding ISPConfig server record to database.

Configure Mail (y,n) [y]: <-- n

Configuring Jailkit
Configuring Pureftpd
Configure DNS Server (y,n) [y]: <-- n

The Web Server option has to be enabled when you want run a web server or when this node shall host the ISPConfig interface.
Configure Web Server (y,n) [y]: <-- Hit Enter

Configuring Apache
Configuring vlogger
[WARN] autodetect for OpenVZ failed
Force configure OpenVZ (y,n) [n]: <-- Hit Enter

Skipping OpenVZ

Configure Firewall Server (y,n) [y]: <-- Hit Enter

Configuring Ubuntu Firewall
[WARN] autodetect for Metronome XMPP Server failed
Force configure Metronome XMPP Server (y,n) [n]: <-- Hit Enter

Skipping Metronome XMPP Server

Configuring Fail2ban
Install ISPConfig Web Interface (y,n) [n]: <-- Hit Enter

Do you want to create SSL certs for your server? (y,n) [y]: <-- Hit Enter

Checking / creating certificate for web01.example.com
Using certificate path /etc/letsencrypt/live/web01.example.com
Using apache for certificate validation
Symlink ISPConfig SSL certs to Postfix? (y,n) [y]: <-- Hit Enter

Symlink ISPConfig SSL certs to Pure-FTPd? Creating dhparam file may take some time. (y,n) [y]: <-- Hit Enter

Generating DH parameters, 2048 bit long safe prime, generator 2
This is going to take a long time
......................+...........................................+...............
Configuring Apps vhost
Configuring DBServer
Installing ISPConfig crontab
Detect IP addresses
Restarting services ...
Installation completed.
[INFO] Adding php versions to ISPConfig.
[INFO] Checking all services are running.
[INFO] mysql: OK
[INFO] clamav-daemon: OK
[INFO] postfix: OK
[INFO] bind9: OK
[INFO] pureftpd: OK
[INFO] apache2: OK
[INFO] Installation ready.
[INFO] Your MySQL root password is: kl3994aMsfkkeE
[INFO] Warning: Please delete the log files in /tmp/ispconfig-ai/var/log/setup-* once you don't need them anymore because they contain your passwords!

Note: if you want to redirect example.com/webmail to webmail.example.com, follow this guide.

To set this server as default for your websites and databases, log in to ISPConfig and go to System -> Main config. Select web01.example.com as default server.
3.3 Setting up the firewall

The last thing to do is to set up our firewall.

Log in to the ISPConfig UI, and go to System -> Firewall. Then click "Add new firewall record".

Make sure you select the correct server. For our webserver, we have to open the following ports:

TCP:

20,21,22,80,443

No UDP ports have to be opened through the UI.

We are also going to open port 3306, which is used for MySQL, but only from our local network for security reasons. To do so, run the following command from the CLI, after the change from the ISPConfig panel is propagated (when the red dot is gone):

ufw allow from 10.0.64.0/24 to any port 3306 proto tcp

Your webserver is now ready to use. In the next step, we will install the first mailserver.

Моя шпаргалка :)

Новости:

ISPConfig Perfect Multiserver setup on Ubuntu 20.04 and Debian 10

George

George