I am a danish programmer living in Bangkok.
Read more about me @ rasmus.rummel.dk.
Webmodelling Home > How to install ISPConfig multi server on Ubuntu
Do good

How to install ISPConfig multi server

Updated 17 Apr 2013. This tutorial is a step by step guide how to install ISPConfig hosting panel for multiple servers.

ISPConfig is a free Hosting Control Panel that can handle multiple linux servers : name servers, web servers, database servers and email servers. At the center is the panel server that host the Control Panel from which the other servers, resellers & clients are managed.

The reason to deploy a multi server setup, that is: spreading the different services over multiple servers is primarily for 2 reasons :

  • It is more scalable, you can just add servers as you host more web sites and more databases.
  • Compatibility problems can easily be dealt with by adding a dedicated server (eg. if you have some old PHP sites that cannot run on newer PHP versions, then you can just add an extra web server with an older version of PHP).

When you are finished with this how to install ispconfig tutorial, you will have a highly professional hosting infrastructure - in fact the multi-server setup is very flexible and your infrastructure will be as robust as any professional hosting provider - ISPConfig 3 is a highend contender then setup correctly.

Install ISPConfig multi-server system step-by-step :

  1. Install Panel server (test) - the server that host the Control Panel
  2. Install DNS server (test)
  3. Install Web server (test)
  4. Install Database server (test, configure phpMyAdmin)
  5. Install Email server (test, configure Squirrelmail)

Appendixes :

Relevant links :



Server Schema

In this tutorial I use 6 Ubuntu server 11.10 machines to build up the following server schema :

Hostname FQDN IP Function Additional services
panel panel.example.tld 192.168.1.40 Control Panel extra web server, phpMyAdmin
ns1 ns1.example.tld 192.168.1.41 Primary name server
ns2 ns2.example.tld 192.168.1.42 Secondary name server
web1 web1.example.tld 192.168.1.43 Web server
db1 db1.example.tld 192.168.1.44 Database server
mail1 mail1.example.tld 192.168.1.45 Email server Squirrelmail


Initial common server configuration

ALL the 6 servers share a common 9 step initial configuration. Instead of writing these steps for all the 6 server installation tutorials, I write them down here once - do not start here, the 6 server installation tutorials below will each one call upon this section asking you to perform the 9 steps here.

  1. shell> apt-get update : update the package information.
  2. shell> apt-get upgrade : install the latest updates.
  3. Remove AppArmor : (I do not myself have experience with AppArmor or any problems, however there seems to be significant advocates for removing AppArmor to avoid battling it then solving problems)
    1. shell> /etc/init.d/apparmor stop
    2. shell> update-rc.d -f apparmor remove
    3. shell> apt-get remove apparmor apparmor-utils
  4. shell> nano /etc/resolv.conf : open the resolv.conf file in the nano aditor and edit to point to your name servers, eg :
    • nameserver 192.168.1.41 : points to ns1.example.tld
    • nameserver 192.168.1.42 : points to ns2.example.tld
    • nameserver 8.8.8.8 : here I use googles nameserver as an extra nameserver, though typically you will use the nameserver provided by your hosting provider, your data center or your gateway.
    UPDATE for Ubuntu 12.04 : it is no longer safe to add static nameserver information to /etc/resolv.conf. Starting with Ubuntu 12.04, we should add static nameserver information to /etc/network/interfaces instead - read more here.
  5. Install MySQL server : (All ISPConfig installations rely on a local MySQL database in addition to the panel (master) server database)
    1. shell> apt-get -y install mysql-client mysql-server
      • While installing, you are prompted for a root password - remember that password later for step 9.
    2. shell> nano /etc/mysql/my.cnf : open my.cnf in the nano editor and comment out the bind-address :
      • #bind-address = 127.0.0.1 : this is to allow mysql to bind to other addresses as well.
    3. shell> /etc/init.d/mysql restart
  6. Install PHP : (ISPConfig is a PHP program and as such cannot run without PHP installed)
    1. shell> apt-get -y install php5-cli php5-mysql php5-mcrypt mcrypt
  7. shell> apt-get install fail2ban : not strictly necessary, but ISPConfig monitor tries to show the log from it.
  8. Download ISPConfig :
    1. shell> mkdir /ISPConfigInstall
    2. shell> cd /ISPConfigInstall
    3. shell> wget http://www.ispconfig.org/downloads/ISPConfig-3-stable.tar.gz 13 Jun 2013, I installed a new ISPConfig client server and it turned out that the ISPConfig-3-stable.tar.gz file have been updated and is not any longer compatible with the database created by the version of ISPConfig-3-stable.tar.gz I used about a year ago (dbispconfig.web_domain.ssl_key and dbispconfig.web_backup have been added) - to solve this problem I instead used the same version of ISPConfig-3-stable.tar.gz as I used to install the master server (which luckily I had not deleted from the master server)
    4. shell> tar xfz ISPConfig-3-stable.tar.gz
  9. Then installing the panel server itself, DO NOT do this step 9 - this step is only then installing the other (slave) servers.
    Then you add a new server to the ISPConfig multi-server system, the MySQL on the new server needs access to MySQL on the panel server.
    To give a new server this access, you need to execute the following 4 sql statements against MySQL on the panel server :
    • Either using MySQL CLI :
      • panel server shell> mysql -u root -p : start mysql cli (alternatively copy all 4 statements into phpmyadmin SQL execution page)
        1. mysql> create user 'root'@'ExternalServerIP' identified by 'MyPassword';
        2. mysql> grant all on *.* to 'root'@'ExternalServerIP' identified by 'MyPassword' with grant option max_queries_per_hour 0 max_connections_per_hour 0 max_updates_per_hour 0 max_user_connections 0;
        3. mysql> create user 'root'@'external.server.domain.name' identified by 'MyPassword';
        4. mysql> grant all on *.* to 'root'@'external.server.domain.name' identified by 'MyPassword' with grant option max_queries_per_hour 0 max_connections_per_hour 0 max_updates_per_hour 0 max_user_connections 0;
    • Or, if you installed phpMyAdmin on the panel server, you can also use phpMyAdmin SQL execution page.

Ok, your new server is now ready to install ISPConfig and be added to the overall ISPConfig system.

Install Panel server

The panel server is the server on which we install ISPConfig web interface - also called the control panel. It is from the control panel that you manage resellers, clients, domain names, ftp users, web sites, databases, email and more.

Let's get to it.

  1. Provision a new Ubuntu 11.10 server
  2. Configuring network :
    1. shell> echo panel > /etc/hostname :
    2. shell> service hostname start :
    3. shell> nano /etc/hosts : open the hosts file in the nano editor and edit to contain the following
      • 127.0.0.1 localhost
      • 192.168.1.40 panel.example.tld panel : (using the standard 127.0.0.1 panel.example.com panel will make Apache notify apache2: Could not reliably determine the server's fully qualified domain name, using 127.0.0.1 for ServerName everytime Apache restarts and while it does not make any difference, it is just annoying to look at.
    4. shell> hostname : confirm that hostname reports panel.
    5. shell> hostname -f : confirm that hostname reports panel.example.com.
    6. shell> nano /etc/network/interfaces : load the interfaces file in the nano editor and edit it to look like the following :
      • auto eth0 : we want eth0 to bind on system startup.
      • iface eth0 inet static : we of course want to bind a static IP.
      • address 192.168.1.40 : this is the IP we want to bind. Be sure to specify the correct IP for your server.
      • network 192.168.1.0 : whatever network you are on (I am on 192.168.1.0).
      • netmask 255.255.255.0 : whatever number of bits for your network address (I use 24 : 255.255.255.0).
      • broadcast 192.168.1.255
      • gateway 192.168.1.254 : be sure to use the correct IP for your gateway.
  3. Do all Initial common server configuration except the last step 9 (only panel server does not need step 9)
  4. Install web server specific packages :
    1. shell> apt-get -y install apache2 apache2.2-common apache2-doc apache2-mpm-prefork apache2-utils libapache2-mod-php5 libapache2-mod-fcgid apache2-suexec libapache2-mod-suphp
    2. shell> apt-get -y install php5 php5-common php5-gd php5-mysql php5-imap php5-cgi php-pear php-auth
    3. shell> apt-get -y install libexpat1 ssl-cert phpmyadmin php5-imagick imagemagick libopenssl-ruby libapache2-mod-ruby sudo : Note that for Ubuntu 14.04.1 that libopenssl-ruby & libapache2-mod-ruby does NOT exist anymore (actually I think these packages was phased out already from 13.10). Instead you need to install libruby1.9.1 as : apt-get install libruby1.9.1. For the phpmyadmin package you will be prompted
      • Which webserver to configure : you need to choose Apache.
      • If MySQL should be configured for phpMyAdmin : you should choose yes.
      • Administrative & root passwords for MySQL
    4. shell> a2enmod suexec rewrite ssl actions include ruby dav_fs dav auth_digest
    5. shell> service apache2 restart
    6. shell> apt-get -y install pure-ftpd-common pure-ftpd-mysql
  5. If you want to use the panel server not only for the Control Panel, but also to host client websites, then you should also install Jailkit and Quota :
    (I only host my own websites on the panel server and therefore don't need Jailkit nor Quota on the panel server)
    • Install Jailkit packages : (so ISPConfig is able to jailroot SSH users and cron jobs)
      1. shell> apt-get -y install build-essential autoconf automake1.9 libtool flex bison
      2. shell> cd /ISPConfigInstall
      3. shell> wget http://olivier.sessink.nl/jailkit/jailkit-2.14.tar.gz
      4. shell> tar xfz jailkit-2.14.tar.gz
      5. shell> cd jailkit-2.14
      6. shell> export LDFLAGS="-pthread" : be sure the linker gets the correct flags.
      7. shell> ./configure
      8. shell> make
      9. shell> make install
    • Setup Quota : (so ISPConfig is able to enforce quotas on disk usage)
      1. shell> apt-get install quota quotatool : install quota utilities.
        • quota : the actual code that enforce any quotas.
        • quotatool : quotatool is a utility to set filesystem quotas from the commandline (quotatool is not interactive and therefore very suited to edit disk quotas from scripts).
      2. shell> nano /etc/fstab : load fstab in the nano editor and add usrquota and grpquota (my additions in Fuchsia)
        • proc /proc proc nodev,noexec,nosuid 0 0
        • UUID=56068d40-6f77-46f1-9748-a0109939e45d / ext4 errors=remount-ro,usrquota,grpquota 0 1 : on errors remount the filesystem read-only (remount-ro). usrquota & grpquota are ignored, but the quota utilities will react to them.
        • UUID=c49f1dd8-c33d-4101-8fa1-38fe4cb069bb none swap sw 0 0
      3. Press ctrl-x and then y to exit and save.
      4. shell> mount -vo remount,usrquota,grpquota / : don't forget the ending slash. I got answer /dev/vda1 on / type ext4 (rw,errors=remount-ro,usrquota,grpquota,usrquota,grpquota) (the vda1 is because I install on a virtual harddisk)
      5. shell> quotacheck -F vfsv0 -afcvdugm : force format (-F) of quota files to vfsv0 for 32 bit User- & GroupIDs (vfsv1 for 64 bit).
      6. shell> quotaon -aug : set quota on all (-a) for both users (u) and groups (-g).
      7. shell> repquota / : confirm that quota works.
      8. shell> quota -u rasmus : shows quota for the rasmus linux user (currently there are none of course).
  6. Run the ISPConfig3 installer :
    1. shell> cd /ISPConfigInstall/ispconfig3_install/install : navigate to the decompressed installation folder.
    2. shell> php -q install.php : start the ISPConfig3 installer.
    3. Select language (en,de) [en]: <-- en
    4. Installation mode (standard,expert) [standard]: <-- expert
    5. Full qualified hostname (FQDN) of the server, eg server1.domain.tld [web1.example.tld]: <-- web1.example.tld
    6. MySQL server hostname [localhost]: <-- localhost :
    7. MySQL root username [root]: <-- root :
    8. MySQL root password []: <-- MySQLRootPassword : the root password for MySQL on this server.
    9. MySQL database to create [dbispconfig]: <-- dbispconfig
    10. MySQL charset [utf8]: <-- utf8 :
    11. ISPConfig mysql database username [ispconfig]: <-- ispconfig :
    12. ISPConfig mysql database password [6df001b977f42d898cd9c1890e44c49f]: <-- : press Enter to select the auto-generated password.
    13. Shall this server join an existing ISPConfig multiserver setup (y,n) [n]: <-- n : no, this is the master server (all other servers will answer yes here prompting the installer to ask for MySQL master server details).
    14. Configure Mail (y,n) [y]: <-- n : no, we don't want to install a mail server.
    15. Configure Jailkit (y,n) [y]: <-- y : yes, we want to jailroot SSH Users & Cron Jobs.
    16. Configure FTP Server (y,n) [y]: <-- y : yes, in case we want FTP access to the websites on the panel server (I myself don't have clients there and use only SFTP for file transfers and therefore answers no).
    17. Configure DNS Server (y,n) [y]: <-- n : no, we don't want to install a DNS server.
    18. Configure Apache Server (y,n) [y]: <-- y : yes, please configure our web server.
    19. Configure Firewall Server (y,n) [y]: <-- y : yes.
    20. Install ISPConfig Web Interface (y,n) [y]: <-- y : yes.
    21. ISPConfig Port [8080]: <-- 8080 : you can choose another port if you fancy, though I am not sure if port 80 is a good choice.
    22. Enable SSL for the ISPConfig web interface (y,n) [y] <-- y : yes, we better do that even if people (including me) often will forget the 's' in https. You will be prompted for certificate settings - just follow the prompt, you don't need to answer all questions.
  7. Install phpMyAdmin : (this is NOT necessary, but is important for 2 reasons : 1) if you don't you will need to use MySQL CLI for adding privileges to the slave servers and for debugging and 2) you will be hard pressed to install Apache & phpMyAdmin on your database server).
    1. shell> apt-get install phpmyadmin : well, that was easy.
    2. Open a browser on http://192.168.1.40/phpmyadmin to confirm phpMyAdmin is working.
    3. After login you should see the phpMyAdmin main page and the dbispconfig database.
Ok, your panel server should have been installed, lets test it.

Control Panel server - test it works

What we need to test :

  • That the control panel is there.
  • That we can create a Client - a client is the owner of most other objects.
  1. Open a browser and navigate to https://192.168.1.40:8080 (don't forget the 's' in https). Since we made a self-signed certificate, the browser will warn you :
    • Certificate error in Firefox
    • Certificate error in Internet Explorer
    • Certificate error in Chrome
  2. After passing the certificate warning, you are presented with the login screen :
    • Username: admin
    • Password: admin
  3. behold the ISPConfig Control Panel (wait a little before the home page is populated).
  4. Create a client
    1. You can add a new client directly from the clients list.
    2. Fill in some details, scroll down and press the Save button.
    3. Client created.

Actually we need to define "Server Services" for the panel server before we are finished :

  1. Under "Server Services" click on the panel.example.tld server.
  2. De-select DB-Server and press the Save button.


Install DNS server

The very first thing we want to install after the panel server is a name server - it does not give much meaning to create websites if we do not have a name server.

  1. Provision a new Ubuntu 11.10 server
  2. Configuring network :
    1. shell> echo ns1 > /etc/hostname :
    2. shell> service hostname start :
    3. shell> nano /etc/hosts : open the hosts file in the nano editor and edit to contain the following :
      • 127.0.0.1 localhost
      • 127.0.0.1 ns1.example.tld ns1
      • 192.168.1.40 panel.example.tld : otherwise ISPConfig installer cannot find panel.example.tld.
    4. shell> hostname : confirm that hostname reports ns1.
    5. shell> hostname -f : confirm that hostname reports ns1.example.tld.
    6. panel server shell> nano /etc/hosts : open hosts file on the panel server and add ns1.example.com :
      You MUST do this, it is NOT enough to add ns1.example.tld to the DNS server
      • 127.0.0.1 localhost
      • 127.0.0.1 panel.example.tld panel
      • 192.168.1.41 ns1.example.tld
    7. shell> nano /etc/network/interfaces : load the interfaces file in the nano editor and edit it to look like the following :
      • auto eth0 : we want eth0 to bind on system startup.
      • iface eth0 inet static : we of course want to bind a static IP.
      • address 192.168.1.41 : this is the IP we want to bind. Be sure to specify the correct IP for your server.
      • network 192.168.1.0 : whatever network you are on (I am on 192.168.1.0).
      • netmask 255.255.255.0 : whatever number of bits for your network address (I use 24 : 255.255.255.0).
      • broadcast 192.168.1.255
      • gateway 192.168.1.254 : be sure to use the correct IP for your gateway.
  3. Do ALL Initial common server configuration
  4. shell> apt-get -y install bind9 dnsutils : install DNS server specific packages.
  5. Run the ISPConfig3 installer :
    1. shell> cd /ISPConfigInstall/ispconfig3_install/install : navigate to the decompressed installation folder.
    2. shell> php -q install.php : start the ISPConfig3 installer.
    3. Select language (en,de) [en]: <-- en
    4. Installation mode (standard,expert) [standard]: <-- expert
    5. Full qualified hostname (FQDN) of the server, eg server1.domain.tld [web1.example.tld]: <-- web1.example.tld
    6. MySQL server hostname [localhost]: <-- localhost :
    7. MySQL root username [root]: <-- root :
    8. MySQL root password []: <-- MySQLRootPassword : the root password for MySQL on this server.
    9. MySQL database to create [dbispconfig]: <-- dbispconfig
    10. MySQL charset [utf8]: <-- utf8 :
    11. ISPConfig mysql database username [ispconfig]: <-- ispconfig :
    12. ISPConfig mysql database password [6df001b977f42d898cd9c1890e44c49f]: <-- : : press Enter to select the autogenerated password.
    13. Shall this server join an existing ISPConfig multiserver setup (y,n) [n]: <-- y
    14. MySQL master server hostname []: <-- panel.example.com
    15. MySQL master server root username [root]: <-- root
    16. MySQL master server root password []: <-- MySQLRootPassword : the root password for MySQL server on the panel server.
    17. MySQL master server database name [dbispconfig]: <-- dbispconfig
    18. Configure Mail (y,n) [y]: <-- n : no, we don't want to install a mail server.
    19. Configure Jailkit (y,n) [y]: <-- y : no, there are no need to create shell users nor cron jobs for clients on this machine.
    20. Configure FTP Server (y,n) [y]: <-- n : no, clients do not need ftp access to this server.
    21. Configure DNS Server (y,n) [y]: <-- n : yes, we definitely want to configure the DNS server.
    22. Configure Firewall Server (y,n) [y]: <-- y : yes.
    23. Install ISPConfig Web Interface (y,n) [y]: <-- n : no, we already have the ISPConfig web interface on the panel server.
  6. Allow your DNS server to forward dns requests : (thereby being able to resolve names for which it does not have information itself)
    1. shell> cd /etc/bind : change directory to the Bind9 name server main directory.
    2. shell> nano named.conf.options : open the Bind9 options file in the nano editor and make it look like this :
      • options {
      •     directory "/var/cache/bind";
      •     allow-query {any;};
      •     forwarders {
      •         8.8.8.8; : if your data center or ISP have not provided you with a nameserver to forward to, you can use 8.8.8.8 (Google).
      •     };
      •     auth-nxdomain no;
      •     listen-on-v6 { any; };
      • };
    3. Press ctrl+x and then y to close and save
    4. shell> /etc/init.d/bind9 restart restart Bind9 to make the changes take effect.

Ok, your DNS server is installed - lets test it.


DNS server - test it works

What we need to test :

  • That the new server have been properly recognized by the panel (master) server.
  • That we can create domain names in ISPConfig Control Panel and that these names are properly resolved on remote systems.
  1. Open a browser and navigate to https://192.168.1.40:8080 (don't forget the 's' in https). Bypass the certificate warning and login.
  2. Ok, in the "Server Services" page, we can see that the new server have been properly recognized as a name server, however again we need to configure the "Server Services".
  3. De-select Fileserver & DB-Server and press the Save button.
  4. Correct.
  5. In ISPConfig click on the DNS tab and then on the "Add new DNS Zone with wizard" button.
  6. Create a Zone file for a domain, here rummelt.tld. Remember a Zone file is owned by a client, here rasmus. Click the "Create DNS Record" button.
  7. The rummel.tld zone is created.
  8. ping rummel.tld from a remote box, to be sure that the name server works : (the remote box MUST be on the same network if you use LAN IPs like 192.168.1.41)
    • ping from a remote Ubuntu box : (the panel server is ok to use as a remote box)
      1. remote Ubuntu shell> nano /etc/resolv.conf : load resolv.conf in nano and be sure the following record exists and is at the top :
        • nameserver 192.168.1.41
      2. Press ctrl+x and then y to close and save resolv.conf.
      3. remote Ubuntu shell> ping rummel.tld : rummel.tld resolves to 192.168.1.40 and we can also see that 192.168.1.40 is accessible.
    • ping from a remote windows 7 box :
      1. remote windows shell> netsh interface ip set dns "Local Area Connection" static 192.168.1.41 : set DNS server to 192.168.1.41.
      2. remote windows shell> nslookup rummel.tld : nslookup shows that DNS is set to 192.168.1.41 and that the DNS server can resolve rummel.tld (to 192.168.1.40).
      3. remote windows shell> services.msc : open services and stop the DNS Client before we can ping.
      4. remote windows shell> ping rummel.tld : ok, now we can ping.

Install Secondary DNS server

It is not strictly necessary to install a secondary DNS server and you can also wait doing it to later, however it is easily installed : just following the steps above but substiture ns2 for ns1 and 192.168.1.42 for 192.168.1.41 - you are done.



Install Web server

  1. Provision a new Ubuntu 11.10 server
  2. Configuring network :
    1. shell> echo web1 > /etc/hostname :
    2. shell> service hostname start :
    3. shell> nano /etc/hosts : open the hosts file in the nano editor and edit to contain the following
      • 127.0.0.1 localhost
      • 192.168.1.43 web1.example.tld web1 : again we use the outside IP instead of 127.0.0.1 to avoid Apache complaining upon restart.
      • 192.168.1.40 panel.example.tld : otherwise ISPConfig installer cannot find panel.example.tld.
    4. shell> hostname : confirm that hostname reports web1.
    5. shell> hostname -f : confirm that hostname reports web1.example.com.
    6. panel server shell> nano /etc/hosts : open hosts file on the panel server and add web1.example.tld :
      You MUST do this, it is NOT enough to add web1.example.tld to the DNS server
      • 127.0.0.1 localhost
      • 127.0.0.1 panel.example.tld panel
      • 192.168.1.41 ns1.example.tld
      • 192.168.1.43 web1.example.tld
    7. shell> nano /etc/network/interfaces : load the interfaces file in the nano editor and edit it to look like the following :
      • auto eth0 : we want eth0 to bind on system startup.
      • iface eth0 inet static : we of course want to bind a static IP.
      • address 192.168.1.43 : this is the IP we want to bind. Be sure to specify the correct IP for your server.
      • network 192.168.1.0 : whatever network you are on (I am on 192.168.1.0).
      • netmask 255.255.255.0 : whatever number of bits for your network address (I use 24 : 255.255.255.0).
      • broadcast 192.168.1.255
      • gateway 192.168.1.254 : be sure to use the correct IP for your gateway.
  3. Do ALL Initial common server configuration
  4. Install web server specific packages :
    1. shell> apt-get -y install apache2 apache2.2-common apache2-doc apache2-mpm-prefork apache2-utils libapache2-mod-php5 libapache2-mod-fcgid apache2-suexec libapache2-mod-suphp
    2. shell> apt-get -y install php5 php5-common php5-gd php5-mysql php5-imap php5-cgi php-pear php-auth
    3. shell> apt-get -y install libexpat1 ssl-cert php5-imagick imagemagick libopenssl-ruby libapache2-mod-ruby sudo
    4. shell> apt-get -y install sendmail-bin : not necessary, but many php sites rely on sendmail to send email.
    5. shell> a2enmod suexec rewrite ssl actions include ruby dav_fs dav auth_digest
    6. shell> service apache2 restart
    7. shell> apt-get -y install pure-ftpd-common pure-ftpd-mysql
  5. Install Jailkit packages : (so ISPConfig is able to jailroot SSH users and cron jobs)
    1. shell> apt-get -y install build-essential autoconf automake1.9 libtool flex bison
    2. shell> cd /ISPConfigInstall
    3. shell> wget http://olivier.sessink.nl/jailkit/jailkit-2.14.tar.gz
    4. shell> tar xfz jailkit-2.14.tar.gz
    5. shell> cd jailkit-2.14
    6. shell> export LDFLAGS="-pthread" : be sure the linker gets the correct flags.
    7. shell> ./configure
    8. shell> make
    9. shell> make install
  6. Setup Quota : (so ISPConfig is able to enforce quotas on disk usage)
    1. shell> apt-get install quota quotatool : install quota utilities.
      • quota : the actual code that enforce any quotas.
      • quotatool : quotatool is a utility to set filesystem quotas from the commandline (quotatool is not interactive and therefore very suited to edit disk quotas from scripts).
    2. shell> nano /etc/fstab : load fstab in the nano editor and add usrquota and grpquota (my additions in Fuchsia)
      • proc /proc proc nodev,noexec,nosuid 0 0
      • UUID=56068d40-6f77-46f1-9748-a0109939e45d / ext4 errors=remount-ro,usrquota,grpquota 0 1 : on errors remount the filesystem read-only (remount-ro). usrquota & grpquota are ignored, but the quota utilities will react to them.
      • UUID=c49f1dd8-c33d-4101-8fa1-38fe4cb069bb none swap sw 0 0
    3. Press ctrl+x and then y to exit and save.
    4. shell> mount -vo remount,usrquota,grpquota / : don't forget the ending slash. I got answer /dev/vda1 on / type ext4 (rw,errors=remount-ro,usrquota,grpquota,usrquota,grpquota) (the vda1 is because I install on a virtual harddisk)
    5. shell> quotacheck -F vfsv0 -afcvdugm : force format (-F) of quota files to vfsv0 for 32 bit User- & GroupIDs (vfsv1 for 64 bit).
    6. shell> quotaon -aug : set quota on all (-a) for both users (-u) and groups (-g).
    7. shell> repquota / : confirm that quota works.
    8. shell> quota -u rasmus : shows quota for the rasmus linux user (currently there are none of course).
  7. Run the ISPConfig3 installer :
    1. shell> cd /ISPConfigInstall/ispconfig3_install/install : navigate to the decompressed installation folder.
    2. shell> php -q install.php : start the ISPConfig3 installer.
    3. Select language (en,de) [en]: <-- en
    4. Installation mode (standard,expert) [standard]: <-- expert
    5. Full qualified hostname (FQDN) of the server, eg server1.domain.tld [web1.example.tld]: <-- web1.example.tld
    6. MySQL server hostname [localhost]: <-- localhost :
    7. MySQL root username [root]: <-- root :
    8. MySQL root password []: <-- MySQLRootPassword : the root password for MySQL on this server.
    9. MySQL database to create [dbispconfig]: <-- dbispconfig
    10. MySQL charset [utf8]: <-- utf8 :
    11. ISPConfig mysql database username [ispconfig]: <-- ispconfig :
    12. ISPConfig mysql database password [6df001b977f42d898cd9c1890e44c49f]: <-- : : press Enter to select the autogenerated password.
    13. Shall this server join an existing ISPConfig multiserver setup (y,n) [n]: <-- y
    14. MySQL master server hostname []: <-- panel.example.com
    15. MySQL master server root username [root]: <-- root
    16. MySQL master server root password []: <-- MySQLRootPassword : the root password for MySQL server on the panel server.
    17. MySQL master server database name [dbispconfig]: <-- dbispconfig
    18. Configure Mail (y,n) [y]: <-- n : no, we don't want to install a mail server.
    19. Configure Jailkit (y,n) [y]: <-- y : yes, we want to jailroot SSH Users & Cron Jobs.
    20. Configure FTP Server (y,n) [y]: <-- y : yes, please configure our FTP server, so we can give clients file access to their websites.
    21. Configure DNS Server (y,n) [y]: <-- n : no, we don't want to install a DNS server.
    22. Configure Apache Server (y,n) [y]: <-- y : yes, please configure our web server.
    23. Configure Firewall Server (y,n) [y]: <-- y : yes.
    24. Install ISPConfig Web Interface (y,n) [y]: <-- n : no, we already have the ISPConfig web interface on the panel server.

Ok, your web server is installed - lets test it.

Web server - test it works

This is going to be the most involved testing of the whole setup.

What we need to test :

  • That then creating a website in the ISPConfig panel, the website is actually created.
  • That after adding the domain to the DNS server, the website is accessible using http.
  • That we can create an FTP User in the ISPConfig panel and access the website.
  • That we can enforce quota.
  • That we can create an SSH User and jailroot it (SSH Users are both much more secure than FTP Users and SSH Users also allows to connect to the web servers shell).
  1. Open a browser and navigate to https://192.168.1.40:8080 (don't forget the 's' in https). Bypass the certificate warning and login.
  2. Confirm the webserver is recognized and configure it :
    1. Ok, in the "Server Services" page, we can see that the new server have been properly recognized as a web server, however again we need to configure the "Server Services".
    2. De-select DB-Server and press the Save button.
    3. Correct.
  3. Create a new Client to use for the rest of the test :
    1. Create a new client called companyA.
    2. Fill in some information and click the Limits tab.
    3. Change the following : (and then press the Save button)
      • Default Webserver = web1.example.tld
      • Web Quota = 2 MB : soft disk space limit is 2 MB (this will give a hard disk limit on 3 MB).
      • PHP Options > Disabled = false
      • SSH-Chroot > None = false : companyA is only allowed to create jailrooted SSH users.
    4. The new client, companyA, is created.
  4. Add a new Zone holding the domain for the website we want to create :
    1. Add a new Zone called web.tld.
    2. Call the domain weba.tld. Press the "Create DNS Record" button.
    3. ns1.example.tld shell> /etc/init.d/bind9 restart : this will immediately update the nameserver to resolve weba.tld.
    4. remote shell> ping weba.tld : if you do not get a ping result, either something is wrong or you must wait a minute or two.
  5. Add a new website for the domain we just created :
    1. Add a new website : press the Sites tab and then press the "Add new website" button.
    2. Change the following : (and then press the Save button)
      • Server = web1.example.tld : this is the default server for hosting companyA websites (we add this website as Admin, so web1.example.tld is not default selected).
      • Client = contactA : so companyA can edit the site properties, eg. give more space (though companyA have maximum 2 MB as we set it before).
      • Domain = weba.tld
      • Harddisk Quota = 1 MB : this is a soft disk limit.
    3. The new website appears in the website list.
    4. Open a browser and navigate to http://weba.tld :
  6. Test SSH Users :
    1. Navigate to the Sites tab, then select Shell-User and then press the "Add new Shell-User" button.
    2. Define the new SSH user : (and the press the Save button)
      • Site = weba.tld : an SSH user MUST belong to a website - a jailrooted SSH user can then access exactly that website and still belong to a client.
      • Username = 1 : will be prefixed the lowercased client name that owns the Site - the resulting username is contacta1.
      • Password = SomePassword
      • Chroot Shell = Jailkit : this SSH user will NOT be able to browse more of the filesystem than defined within ISPConfig.
    3. SSH user contacta1 created.
    4. ssh into web1.example.tld from either an Ubuntu prompt or using Putty on Windows :
      • Login using Putty on Windows.
      • Login using an Ubuntu shell.
    5. Check the chrooting :
      • using root user list the contents of weba.tld (weba.tld have ID=2 in my setup)
      • using contacta1 user list the contents of root folder - it is identical - chrooting using jailkit is working.
    6. Test SFTP is working
      1. UNDER CONSTRUCTION
  7. Test FTP Users :
    1. Navigate to the Sites tab, then to FTP user and then press the "Add new FTP-User" button.
    2. Define the new FTP user : (and then press the Save button)
      • Website = weba.tld : an FTP user MUST belong to a website (an FTP user can never excape the website root container).
      • Username = 1 : will be prefixed the lowercased client name that owns the Site - the resulting username is contacta1.
      • Password = SomePassword
    3. FTP user contacta1 is created and listed in the FTP user list.
    4. Connect using FileZilla, notice the root directory is again identical to the weba.tld directory.
  8. Test Quotas :
    1. Press the Sites tab and then the Website quota (Harddisk) to see quota & usage on websites (manual states that disk quota reports are updated once every 5 minute).
    2. FTP transfer more than 1 MB but less than 2 MB of files - it is possible.
    3. shell> du -sh /var/www/weba.tld/web : test the size of the web folder - I have 1.9 MB which is still allowed as long as the grace period (default 1 week).
    4. After I reach 2 MB, further file transfer will create empty filenames - disk quota is working (though unfortunately the ftp client will not raise any alert).


Database server

Most websites will need a database, therefore we need to setup a database server the clients can install databases on.

  1. Provision a new Ubuntu 11.10 server
  2. Configuring network :
    1. shell> echo db1 > /etc/hostname :
    2. shell> service hostname start :
    3. shell> nano /etc/hosts : open the hosts file in the nano editor and edit to contain the following
      • 127.0.0.1 localhost
      • 127.0.0.1 db1.example.com db1
      • 192.168.1.40 panel.example.tld : otherwise ISPConfig installer cannot find panel.example.tld.
    4. shell> hostname : confirm that hostname reports db1.
    5. shell> hostname -f : confirm that hostname reports db1.example.com.
    6. panel server shell> nano /etc/hosts : open hosts file on the panel server and add db1.example.tld :
      You MUST do this, it is NOT enough to add db1.example.tld to the DNS server
      • 127.0.0.1 localhost
      • 127.0.0.1 panel.example.tld panel
      • 192.168.1.41 ns1.example.tld
      • 192.168.1.42 ns2.example.tld
      • 192.168.1.43 web1.example.tld
      • 192.168.1.44 db1.example.tld
    7. shell> nano /etc/network/interfaces : load the interfaces file in the nano editor and edit it to look like the following :
      • auto eth0 : we want eth0 to bind on system startup.
      • iface eth0 inet static : we of course want to bind a static IP.
      • address 192.168.1.80 : this is the IP we want to bind. Be sure to specify the correct IP for your server.
      • network 192.168.1.0 : whatever network you are on (I am on 192.168.1.0).
      • netmask 255.255.255.0 : whatever number of bits for your network address (I use 24 : 255.255.255.0).
      • broadcast 192.168.1.255
      • gateway 192.168.1.254 : be sure to use the correct IP for your gateway.
  3. Do ALL Initial common server configuration
  4. Install database server specific packages : all necessary packages already installed!
  5. Run the ISPConfig3 installer :
    1. shell> cd /ISPConfigInstall/ispconfig3_install/install : navigate to the decompressed installation folder.
    2. shell> php -q install.php : start the ISPConfig3 installer.
    3. Select language (en,de) [en]: <-- en
    4. Installation mode (standard,expert) [standard]: <-- expert
    5. Full qualified hostname (FQDN) of the server, eg server1.domain.tld [db1.example.tld]: <-- db1.example.tld
    6. MySQL server hostname [localhost]: <-- localhost :
    7. MySQL root username [root]: <-- root :
    8. MySQL root password []: <-- MySQLRootPassword : the root password for MySQL on this server.
    9. MySQL database to create [dbispconfig]: <-- dbispconfig
    10. MySQL charset [utf8]: <-- utf8 :
    11. ISPConfig mysql database username [ispconfig]: <-- ispconfig :
    12. ISPConfig mysql database password [6df001b977f42d898cd9c1890e44c49f]: <-- : : press Enter to select the autogenerated password.
    13. Shall this server join an existing ISPConfig multiserver setup (y,n) [n]: <-- y
    14. MySQL master server hostname []: <-- panel.example.com
    15. MySQL master server root username [root]: <-- root
    16. MySQL master server root password []: <-- MySQLRootPassword : the root password for MySQL server on the panel server.
    17. MySQL master server database name [dbispconfig]: <-- dbispconfig
    18. Configure Mail (y,n) [y]: <-- n : no, we don't want to install a mail server.
    19. Configure Jailkit (y,n) [y]: <-- y : no, clients do not need SSH access to this machine.
    20. Configure FTP Server (y,n) [y]: <-- y : no, clients do not need FTP access to this machine.
    21. Configure DNS Server (y,n) [y]: <-- n : no, we don't want to install a DNS server.
    22. Configure Apache Server (y,n) [y]: <-- y : no, this is a database server (though later we need Apache to serve phpMyAdmin).
    23. Configure Firewall Server (y,n) [y]: <-- y : yes.
    24. Install ISPConfig Web Interface (y,n) [y]: <-- n : no, we already have the ISPConfig web interface on the panel server.

Ok, your database server is installed - lets test it.

Database server - test it works

What we need to test :

  • That then creating a database in the Control Panel, the database is actually created on the Database server.
  • That we can access the new database using the credentials specified then we created the database.
  1. The new server is recognized, but as usual we need to configure the services - click on the db1.example.tld link.
  2. De-select Fileserver and press the Save button.
  3. Correct.
  4. Press the Sites tab and then Database and then the "Add new Database" button.
  5. Specify the properties of the new database : (and then press the Save button)
    • Server = db1.example.tld : we only have one server with the db service, so the correct server is automatically selected.
    • Client = contactA : a database MUST belong to a client
    • Type = MySQL : I think ISPConfig only supports MySQL.
    • Database name = A1 : the name is prefixed c[client_id] so the resulting name is c2A1 (as contactA have clientID=2).
    • Database user = A1 : I like to use the same name for the database and the user.
    • Database password = SomePassword
    • Remote Access = true : don't forget, otherwise websites on web1.example.tld will not be able to access the database.
  6. .
  7. Check that the database was actually created and that we can access it using the specified credentials :
    1. db1 shell> mysql -u c2A1 -p : logon to MySQL server using the c2A1 user and supply the password then prompted.
    2. mysql> show databases; : you should now see the c2A1 database. Also the c2A1 user does not have permission to see other databases, eg. the dbispconfig database which you would see if you logon as root instead.
    3. mysql> exit : exit to the db1 system prompt.

Database server - configure phpMyAdmin

phpMyAdmin is a web interface to MySQL. It is not strictly necessary to install phpMyAdmin, however your clients will expect you to provide a web interface to manage their databases.

  1. Actually right now, there is a link to phpMyAdmin in the database list - try to click it.
  2. Ok, you arrived at the panel server, however the databases we want to manage is on the db1 server - there are 2 solutions, you need to choose one of them :
    • Solution 1 : Let phpMyAdmin on the panel server connect to db1 : (advantages : No need to run a webserver on the database server. Automatically secure (https) phpMyAdmin connection).
      1. Start by giving the panel server access to the MySQL server on db1 :
        1. db1 shell> mysql -u root -p : logon to MySQL as root on db1.
        2. mysql> create user 'root'@'192.168.1.40' identified by 'MyPassword';
        3. mysql> grant all on *.* to 'root'@'192.168.1.40' identified by 'MyPassword' with grant option max_queries_per_hour 0 max_connections_per_hour 0 max_updates_per_hour 0 max_user_connections 0;
        4. mysql> create user 'root'@'panel.example.com' identified by 'MyPassword';
        5. mysql> grant all on *.* to 'root'@'panel.example.com' identified by 'MyPassword' with grant option max_queries_per_hour 0 max_connections_per_hour 0 max_updates_per_hour 0 max_user_connections 0;
      2. Configure phpMyAdmin on the panel server to connect to both localhost and db1.example.tld :
        1. panel shell> nano /etc/phpmyadmin/config.inc.php : open phpMyAdmin main configuration file on the panel server and add the following to the bottom :
          • $cfg['Servers'][$i]['auth_type'] = 'cookie';
          • $cfg['Servers'][$i]['host'] = 'db1.example.tld';
          • $cfg['Servers'][$i]['connect_type'] = 'tcp';
          • $cfg['Servers'][$i]['compress'] = false;
          • $cfg['Servers'][$i]['extension'] = 'mysqli';
          • $i++; : next server.
          • $cfg['Servers'][$i]['auth_type'] = 'cookie';
          • $cfg['Servers'][$i]['host'] = 'localhost';
          • $cfg['Servers'][$i]['connect_type'] = 'tcp';
          • $cfg['Servers'][$i]['compress'] = false;
          • $cfg['Servers'][$i]['extension'] = 'mysqli';
          • $cfg['DisplayServersList'] = true; : this will add a server select dropdownlist to the phpMyAdmin login page.
      3. Ok, in ISPConfig database list try to click on the phpMyAdmin link again.
      4. A new field "Server Choice" have appeared on the login page and a dropdownlist is populated with our defined servers.
      5. Logged on as c2A1.

    • Solution 2 : Install phpMyAdmin on the database server and let the Control Panel redirect to phpMyAdmin on the database server on which the selected database is hosted: (advantages : No database server select on phpMyAdmin login page. More easy to set up IP restriction on database creation).
      1. Start by installing phpMyAdmin on db1 :
        1. db1 shell> apt-get -y install apache2 phpmyadmin : install phpMyAdmin on the db1 server (Apache is necessary to serve phpMyAdmin).
      2. Configure ISPConfig to redirect to phpMyAdmin on the server on which the selected database is hosted :
        1. In ISPConfig press the System tab and then select "Interface Config" and then delete /phpadmin from the "PHPMyAdmin URL" field - this field MUST be empty. Then press the Save button.
      3. Change ISPConfig protocol from secure (https) to non-secure (http) then redirecting to phpMyAdmin :
        1. panel shell> nano /usr/local/ispconfig/interface/web/sites/database_phpmyadmin.php : open the ISPConfig phpMyAdmin redirection file and hardcode the $http variable (my addition in Fuchsia) : (the last section at the bottom)
          • if($global_config['phpmyadmin_url'] != '') {
          •     $phpmyadmin_url = $global_config['phpmyadmin_url'];
          •     $phpmyadmin_url = str_replace('[SERVERNAME]',$serverData['server_name'],$phpmyadmin_url);
          •     header('Location:'.$phpmyadmin_url);
          • } else {
          •     isset($_SERVER['HTTPS'])? $http = 'https' : $http = 'http';
          •     $http = 'http'; : just insert this line exactly here.
          •     if($web_config['server_type'] == 'nginx') {
          •         header('location:' . $http . '://' . $serverData['server_name'] . ':8081/phpmyadmin');
          •     } else {
          •         header('location:' . $http . '://' . $serverData['server_name'] . '/phpmyadmin');
          •     }
          • }
        2. Press ctrl+x and then y to close and save. The change to the ISPConfig system takes effect immediately.
      4. Add db1.example.tld to your DNS server :
        1. Create a new zone file.
        2. Call the zone file for example.tld and be sure you own it yourself
        3. The zone file is created, however we need to add the db1 subdomain, so click on the zone record.
        4. Select the Records tab and then click on the A-button to create a new A-record.
        5. Specify the A-record : (and then press the Save button)
          • Hostname = db1
          • IP-Address = 192.168.1.40
        6. Restart the name server on ns1 to propagate the new domain immediately (here I SSH into ns1 from the panel server prompt)
        7. Test ping from your dev box (your dev box MUST have DNS server set to ns1, here 192.168.1.40).
      5. At last it should work :
        1. Ok, try to click on the phpMyAdmin link in the database list.
        2. This time you get a server-select free login page on db1. Logon as c2A1.
        3. Perfect.


Install Email server

First off : ISPConfig 3.0.4 does not have support for Dovecot 2.x and also the ISPConfig manual have (then I write this) not been updated to even tell you, instead ISPConfig installer and the manual as well goes on to install the web server as though we still use some older Dovecot 1.x. However, we will proceed with the ISPConfig installer and then re-configure the email server to get it all working.

Install :

  1. Provision a new Ubuntu 11.10 server
  2. Configuring network :
    1. shell> echo mail1 > /etc/hostname :
    2. shell> service hostname start :
    3. shell> nano /etc/hosts : open the hosts file in the nano editor and edit to contain the following
      • 127.0.0.1 localhost
      • 127.0.0.1 mail1.example.tld mail1
      • 192.168.1.40 panel.example.tld : otherwise ISPConfig installer cannot find panel.example.tld.
    4. shell> hostname : confirm that hostname reports mail1.
    5. shell> hostname -f : confirm that hostname reports mail1.example.com.
    6. panel server shell> nano /etc/hosts : open hosts file on the panel server and add db1.example.tld :
      You MUST do this, it is NOT enough to add db1.example.tld to the DNS server
      • 127.0.0.1 localhost
      • 127.0.0.1 panel.example.tld panel
      • 192.168.1.41 ns1.example.tld
      • 192.168.1.42 ns2.example.tld
      • 192.168.1.43 web1.example.tld
      • 192.168.1.44 db1.example.tld
      • 192.168.1.45 mail1.example.tld
    7. shell> nano /etc/network/interfaces : load the interfaces file in the nano editor and edit it to look like the following :
      • auto eth0 : we want eth0 to bind on system startup.
      • iface eth0 inet static : we of course want to bind a static IP.
      • address 192.168.1.45 : this is the IP we want to bind. Be sure to specify the correct IP for your server.
      • network 192.168.1.0 : whatever network you are on (I am on 192.168.1.0).
      • netmask 255.255.255.0 : whatever number of bits for your network address (I use 24 : 255.255.255.0).
      • broadcast 192.168.1.255
      • gateway 192.168.1.254 : be sure to use the correct IP for your gateway.
  3. Do ALL Initial common server configuration.
  4. Install email server specific packages :
    1. shell> apt-get -y install postfix postfix-mysql postfix-doc dovecot-common dovecot-imapd dovecot-pop3d dovecot-mysql dovecot-postfix rkhunter binutils getmail4 : install the mail server.
    2. shell> apt-get install dovecot-mysql : DO NOT FORGET, otherwise you will get dovecot: auth: Fatal: Unknown database driver 'mysql'
    3. shell> apt-get -y install amavisd-new spamassassin clamav clamav-daemon zoo unzip bzip2 arj nomarch lzop cabextract apt-listchanges libnet-ldap-perl libauthen-sasl-perl clamav-docs daemon libio-string-perl libio-socket-ssl-perl libnet-ident-perl zip libnet-dns-perl : all the spam and virus fighting.
  5. Run the ISPConfig3 installer :
    1. shell> cd /ISPConfigInstall/ispconfig3_install/install : navigate to the decompressed installation folder.
    2. shell> php -q install.php : start the ISPConfig3 installer.
    3. Select language (en,de) [en]: <-- en
    4. Installation mode (standard,expert) [standard]: <-- expert
    5. Full qualified hostname (FQDN) of the server, eg server1.domain.tld [db1.example.tld]: <-- db1.example.tld
    6. MySQL server hostname [localhost]: <-- localhost :
    7. MySQL root username [root]: <-- root :
    8. MySQL root password []: <-- MySQLRootPassword : the root password for MySQL on this server.
    9. MySQL database to create [dbispconfig]: <-- dbispconfig
    10. MySQL charset [utf8]: <-- utf8 :
    11. ISPConfig mysql database username [ispconfig]: <-- ispconfig :
    12. ISPConfig mysql database password [6df001b977f42d898cd9c1890e44c49f]: <-- : : press Enter to select the autogenerated password.
    13. Shall this server join an existing ISPConfig multiserver setup (y,n) [n]: <-- y
    14. MySQL master server hostname []: <-- panel.example.com
    15. MySQL master server root username [root]: <-- root
    16. MySQL master server root password []: <-- MySQLRootPassword : the root password for MySQL server on the panel server.
    17. MySQL master server database name [dbispconfig]: <-- dbispconfig
    18. Configure Mail (y,n) [y]: <-- y : yes, this is a mail server. You will be prompted for certificate creation, you don't need to answer all questions.
    19. Configure Jailkit (y,n) [y]: <-- n : no, clients do not need SSH access to this machine.
    20. Configure FTP Server (y,n) [y]: <-- n : no, clients do not need FTP access to this machine.
    21. Configure DNS Server (y,n) [y]: <-- n : no, we don't want to install a DNS server.
    22. Configure Apache Server (y,n) [y]: <-- n : no, this is a mail server (though later we need Apache to serve Squirrelmail).
    23. Configure Firewall Server (y,n) [y]: <-- y : yes.
    24. Install ISPConfig Web Interface (y,n) [y]: <-- n : no, we already have the ISPConfig web interface on the panel server.

Mail server - reconfigure

Because the current state of ISPConfig 3 (3.0.4) does not support Dovecot 2.x, we need to handle Dovecot configuration ourselves.

  1. First confirm Dovecot version :
    1. mail1 server shell> dpkg -l | grep dovecot : Dovecot is version 2.0.13 on my system.
  2. Second confirm that Dovecot cannot start :
    1. mail1 server shell> nmap localhost : check to see which services are running - smtp is running but both pop3 & imap is down (you may need to install nmap).
    2. mail1 server shell> service dovecot start : it looks like we can start Dovecot, but ..
    3. mail1 server shell> service dovecot status : .. actually we cannot.
  3. Ok, time to reconfigure Dovecot. There are so many changes needed that it is most easy to rewrite the /etc/dovecot/dovecot.conf file from scratch. Here is the full dovecot.conf file as it should look like :
    • !include_try /usr/share/dovecot/protocols.d/*.protocol
    • !include conf.d/*.conf.
    • mail_location = maildir:/var/vmail/%d/%n/Maildir : overwrite the default mail_location value. %d is domain, %n is account.
      (email messages to rasmus@example.com will be stored in /home/vmail/example.com/rasmus/Maildir)
    • disable_plaintext_auth = no : otherwise I cannot get Gmail POP3 integration to work.
    • namespace {
    •     type = private : this namespace contains only the users own mailboxes. (there are also shared and public types).
    •     separator = . : char for separating child folders, eg. work.design or work.programming.
    •     prefix = INBOX.
    •     inbox = yes : this namespace contains the inbox (there are only one inbox).
    • }
    • protocol lda { : we need to overwrite the protocol lda setting in conf.d/01-mail-stack-delivery.conf
    •     auth_socket_path = /var/run/dovecot/auth-master : UNIX socket path to Dovecot LDA.
    •     postmaster_address = root@localhost : here it may be better to use your own email address
    •     mail_plugins = sieve
    •     log_path = /var/vmail/dovecot-deliver.log : ISPConfig creates the /var/vmail base directory
    •     deliver_log_format = msgid=%m: %$
    •     rejection_reason = Your message to <%t> was automatically rejected:%n%r
    • }
    • auth default {
    •     user = root
    •     mechanisms = plain login
    •     passdb sql {
    •         args = /etc/dovecot/dovecot-sql.conf
    •     }
    •     userdb static {
    •         args = uid=5000 gid=5000 home=/var/vmail/%d/%n allow_all_users=yes
    •     }
    •     socket listen {
    •         master { : master socket gives access to userdb information typically so the Dovecot LDA can find mailbox locations
    •             path = /var/run/dovecot/auth-master
    •             mode = 0600
    •             user = vmail
    •         }
    •         client {
    •             path = /var/spool/postfix/private/auth : tells Dovecot where to communicate with Postfix authentication.
    •             mode = 0660 : tells Dovecot that there are read & write access.
    •             user = postfix : tells Dovecot to use the postfix user for access.
    •             group = postfix : tells Dovecot use the postfix group for access.
    •         }
    •     }
    • }
  4. mail1 server shell> /etc/init.d/dovecot stop && sleep 5 && /etc/init.d/dovecot start : restart Dovecot to activate the new configuration (sleep 5 seconds between stop & start to bypass the anvil child process bug in dovecot-common version 2.0.13).
  5. ISPConfig 3.0.4 also wrongly changes Postfix SASL path configuration from private/dovecot-auth to the old private/auth which is not working anymore, so let's just change it back :
    1. mail1 server shell> postconf -e 'smtpd_sasl_path = private/dovecot-auth' : default is private/auth
    2. mail1 server shell> postconf -e 'smtpd_tls_auth_only = no' : now we change Postfix configuration anyway, let's also make it easy for ourselves by relaxing a little on the security (if you set this to yes, you may have difficulties debugging remote clients and may need to help customers set up their email clients)
    3. mail1 server shell> service postfix reload : reload Postfix configuration.
  6. Confirm that it works :
    1. mail1 server shell> nmap localhost : services are up.
    2. mail1 server shell> telnet localhost smtp : SASL authentication is announched.

Ok, your email server is installed and reconfigured to match Dovecot 2.x - lets test it.

Mail server - test it works

What we need to test :

  • That we in the panel can add mail domains and that they correctly appears in the mail server database
  • That we in the panel can add mail accounts and that they correctly appears in the mail server database
  • That the mail server can send mail.
  • That the mail server can deliver mail.
  1. Check Server services :
    1. The new server is recognized, but as usual we need to configure the services - click on the mail1.example.tld link.
    2. De-select Fileserver and DB-Server and press the Save button.
    3. Correct.
  2. Set up an MX record for weba.tld so that we can create an email like rasmus@weba.tld :
    1. Find the weba.tld zone and click to edit.
    2. In the Records tab we can see that a default MX record have been created and that it that points to mail.weba.tld - this means that email clients needs to specify mail.web.tld as the mail server. We now need to specify where that mail.web.tld server is - we can see it has already been specified to 192.168.1.43, however we need to edit it to 192.168.1.45 as that is the IP of our mail server, so click on the mail sub domain record to edit it.
    3. Change the IP-Address to 192.168.1.45 (our mail server) and click the Save button.
    4. Ok, the mail sub domain have been changed to 192.168.1.45
    5. From ns1 system prompt restart the name server to make the DNS change take effect immediately (here I SSH into ns1 from the panel server).
    6. Ping mail.weba.tld to be sure it works (here I ping from the panel server).
  3. Add a new email domain (we need to do that before we can add emailbox'es)
    1. In ISPConfig navigate to the Email tab, then domain and then press the "Add new Domain" button.
    2. Create the mail domain : (and press the Save button then finished).
      1. Server = mail1.example.tld :Where to host the mail domain - we only have one mail server (mail1), so it is automatically correct selected.
      2. Client = contactA : The owner (and the administrator) can edit the mail domain.
      3. Domain = weba.tld : We want to get mail on xxx@weba.tld, so the mail domain is weba.tld.
    3. Ok, the mail domain is created.
  4. Add a new mailbox - that is : an email account, here rasmus@weba.tld.
    1. In ISPConfig navigate to the Email tab, then "Email Mailbox" and then press the "Add new Mailbox" button.
    2. Define the mailbox : (and then press the Save button then finished)
      • Email > Alias = rasmus
      • Email > Domain = weba.tld
      • Password = SomePassword
      • Quota = 2 MB
    3. Mailbox created.
  5. Let's see if the mail records were actually created in the database on the mail server :
    1. mail server shell> mysql -u root -p : start mysql cli on the mail server to see if there are any records
    2. mysql use dbispconfig; : change default database to dbispconfig.
    3. mysql select * from mail_domain; : the domain added from the panel should be here.
    4. mysql select mailuser_id, email, login, name, maildir, quota from mail_user; : the mailbox added from the panel should be here.
  6. Test mail delivery with Telnet :
    1. mail1 server shell> telnet localhost smtp : telnet on the smtp port to talk with the Postfix server and send an email message. Because Postfix is already final destination for this message, Postfix will now hand off the email message to the LDA (in our case Dovecot LDA) which upon the first message for this domain/user will create the following directory structure :
      • /var/vmail/
        • weba.tld/ : domain
          • rasmus/ : user
            • Maildir/ : mailbox format
              • cur
              • new : here messages will be stored until they are retrieved upon which they will be moved to the cur folder.
              • tmp
    2. mail1 server shell> ls -l /var/vmail/weba.tld/rasmus/Maildir/new : ok, the email was delivered.
    3. mail1 server shell> telnet localhost pop3 : telnet on the pop3 port to talk with the Dovecot server to retrieve the email message just send.
  7. Test mail delivery with Thunderbird :
    1. Start Thunderbird and navigate to "Tools > Account Settings".
    2. Under "Account Actions" click on "Add Mail Account".
    3. Define the account : (and then press on the Continue button).
      • Your Name = Rasmus Rummel
      • Email Address = rasmus@weba.tld
      • Password = SomePassword
    4. The account setup dialog will try to fill in the rest of the account properties, however the logic will not get the Username correct, so you need to press the "Manual config" button.
    5. Then edit the Username to rasmus@weba.tld and press the "Create Account" button.
    6. The account is created. Press the Ok button.
    7. Go to your Inbox.
    8. Ok, the email sent using telnet is retrieved.
    9. (Don't try to send an email message to your real email address from Thunderbird based on your test domain - most MTA's will reject a message if the sender domain cannot be looked up. If you absolutely want to test the SASL AUTH capability, you should either use a test domain that can be looked up globally, eg. google.com, or you can use telnet, see here).
  8. Testing Email Quota :
    1. UNDER CONSTRUCTION


Mail server - configure Squirrelmail

Squirrelmail is a web based email client that allows you to send & receive email messages. Installing Squirrelmail is easy and allows you to offer webmail to your customers which is industry standard among hosting companies.

  1. mail1 server shell> apt-get -y install apache squirrelmail : install Squirrelmail (and also install Apache since Squirrelmail needs a web server).
  2. Open a browser and navigate to http://192.168.1.45/squirrelmail - it should work right away and you can even logon.
  3. Indeed, the message from before is there.
  4. Integrate Squirrelmail with ISPConfig panel :
    1. In ISPConfig navigate to mail interface config. You can see that ISPConfig will display a link to webmail in the mailbox list and that this url is something/webmail - which currently does NOT translate to http://192.168.1.45/squirrelmail as above, there are 2 problems :
      • ISPConfig panel will redirect to the mail server, but use /webmail instead of squirrelmail subdirectory.
      • ISPConfig panel will redirect to the mail server, but use https instead of http protocol.
      The fast solution would be to hardcode the correct url and it would work. However if at any time we add a new mailserver to the system, it would not work no more - therefore we better continue to do the right thing.
    2. On the panel server, in /usr/local/ispconfig/interface/web/mail/webmailer.php at the bottom change :
      • FROM :
        • isset($_SERVER['HTTPS'])? $http = 'https' : $http = 'http';
        • header('Location:' . $http . '://' . $serverData['server_name'] . '/webmail');
      • TO :
        • isset($_SERVER['HTTPS'])? $http = 'https' : $http = 'http';
        • $http = 'http';
        • header('Location:' . $http . '://' . $serverData['server_name'] . '/squirrelmail');
    3. In ISPConfig mail interface config, be sure the "Webmail URL" field is empty. Press the Save button.
    4. From the mailbox list, click on the webmail icon for rasmus@weba.tld.
    5. Ok, it works.

Indeed Squirrelmail is now working and integrated with the ISPConfig panel, however we can enhance the integration so that a client can access Squirrelmail on the clients own domain instead of accessing Squirrelmail on your domain - see Appendix : Webmail as a subdomain of client domain.


Congratulation - your ISPConfig multi-server setup is finished. You now have an industry level hosting infrastructure to serve your customers.



Appendix : Webmail as a subdomain of client domain

Clients are used to be able to access their webmail as a subdomain of their own domain, eg. webmail.mycustomer.com - this is what we will setup here.

Configure Squirrelmail to be accessible as a subdomain of customers own domains - 3 main steps : (we will call the subdomain for webmail)

  1. Apache on the email server must direct all non-configured domains to Squirrelmail - luckily Squirrelmail is default installed to do exactly that, however we better test that this is indeed the case :
    1. Open a browser and navigate to http://27.254.33.59 (substituting 27.254.33.59 for your own email server IP) - ok, Squirrelmail is loaded and therefore the default website for non-configured domains.
    If you do NOT get the above result, then do the following :
    1. shell> cp /etc/squirrelmail/apache.conf /etc/apache2/sites-available/squirrelmail.conf : copy the squirrelmail apache.conf file to sites-available (renaming the file to squirrelmail.conf)
    2. shell> nano /etc/apache2/squirrelmail.conf : load the squirrelmail.conf file in the nano editor for editing.
      1. Uncomment the <VirtualHost *:80> section and be sure it looks like this :
        • <VirtualHost *:80>
        •   DocumentRoot /usr/share/squirrelmail
        •   ServerName webmail.yourdomain.com : eg. I use webmail.favouritehosting.com
        • <VirtualHost>
      2. Press ctrl+x and then y to exit and save.
    3. shell> a2ensite squirrelmail.conf : (for apache2.4.7 on Ubuntu 14.04 you don't need the ".conf" part, just a2ensite squirrelmail)
    4. shqll> service apache2 restart : (don't use service apache2 reload as you will NOT get warning & error messages)
    5. Ok, try your browser again : http://YourIp/
  2. All your clients domains must define an A-record for the webmail subdomain pointing to your email server, eg. here for favouritedesign.com :
    1. In ISPConfig zones list click on the customer domain.
    2. Add the webmail A-record pointing to the IP of the email server (here 27.254.33.59).
    3. nameserver shell> /etc/init.d/bind9 restart : restart bind9 on your nameserver (mine is 27.254.33.61) so that the new A-record takes effect.
    4. dev shell> ping webmail.favouritedesign.com : be sure that your dev machine gets an answer on webmail.favouritedesign.com (change favouritedesign.com to your own test client domain). If you do NOT get an answer and you are on a windows machine :
      1. dev shell> netsh interface ip set dns "Local Area Connection" static 27.254.33.61 : temporarily set your DNS directly to your ISPConfig nameserver (changing 27.254.33.61 to your own nameserver IP).
      2. dev shell> ipconfig /flushdns : remove the ping utility IP cache, which also seems to be used by the browsers (nslookup utility does not use a cache and will show you a more correct result but will not share the result with your browsers)
      3. dev shell> ping webmail.favouritedesign.com : try again - this time it should work.
    5. Open a browser and navigate to http://webmail.favouritedesign.com (substituting favouritedesign.com for your own test client domain) - ok, Squirrelmail is loaded.
  3. ISPConfig integration - then a client clicks the webmail button for his email address in the emailbox list, the client should be taken to http://webmail.clientdomain (here to rasmus@favouritedesign.com) :
    1. On the panel server, in /usr/local/ispconfig/interface/web/mail/webmailer.php at the bottom change :
      • From :
        • isset($_SERVER['HTTPS'])? $http = 'https' : $http = 'http';
        • $http = 'http';
        • header('Location:' . $http . '://' . $serverData['server_name'] . '/squirrelmail');
      • To :
        • isset($_SERVER['HTTPS'])? $http = 'https' : $http = 'http';
        • $http = 'http';
        • $mailbox = $app->db->queryOneRecord("SELECT email FROM mail_user WHERE mailuser_id = " . $emailId); : select the email address based on the userID and store the email address in a variable called $mailbox.
        • list($mailname, $maildomain) = explode('@', $mailbox['email']); : extract the mail domain from the email address and store it in a variable called $maildomain.
        • header('Location:' . $http . '://webmail.' . $maildomain); : build up the redirection url as http://webmail.maildomain.
    2. Try agian !
    3. SUCCESS


Appendix : Access Control Panel as a subdomain of client domain

Clients are used to be able to access their Control Panel as a subdomain of their own domain, eg. cp.mycustomer.com - this is what we will setup here.

Configure ISPConfig web interface to be accessible as a subdomain of customers own domains : (we will call the subdomain for cp)

  1. All your clients domains must define an A-record for the cp subdomain pointing to your panel server, eg. here for favouritedesign.com :
    1. In ISPConfig zones list click on the customer domain.
    2. Add the cp A-record pointing to the IP of the panel server (here 27.254.33.60).
    3. nameserver shell> /etc/init.d/bind9 restart : restart bind9 on your nameserver (mine is 27.254.33.61) so that the new A-record takes effect.
    4. dev shell> ping cp.favouritedesign.com : be sure that your dev machine gets an answer on cp.favouritedesign.com (change favouritedesign.com to your own test client domain). If you do NOT get an answer and you are on a windows machine :
      1. dev shell> netsh interface ip set dns "Local Area Connection" static 27.254.33.61 : temporarily set your DNS directly to your ISPConfig nameserver (changing 27.254.33.61 to your own nameserver IP).
      2. dev shell> ipconfig /flushdns : remove the ping utility IP cache, which also seems to be used by the browsers.
      3. dev shell> ping cp.favouritedesign.com : try again - this time it should work.
    5. Open a browser and navigate to http://cp.favouritedesign.com (substituting favouritedesign.com for your own test client domain) - ok, the Apache default page (index.html) is loaded.
  2. panel shell> rm /var/www/index.html : delete the default page.
  3. panel shell> nano /var/www/index.php : create a new php default page and make it look like this :
    • <?php
    •     $url_domain = $_SERVER['SERVER_NAME'];
    •     $domain_parts = explode('.', $url_domain);
    •     $domain_parts_count = count($domain_parts);
    •     if ($domain_parts_count >= 3 && $domain_parts[0] == 'cp'){
    •         header('Location:https://' . $url_domain . ':8080');
    •         exit;
    •     }
    •     else{
    •         echo "Sorry, the requested resource does not exist";
    •     }
    • ?>
  4. Press ctrl+x and then y to exit and save.
  5. Open a browser and navigate to http://cp.favouritedesign.com - Successfully redirects to https://cp.favouritedesign.com:8080 - the ISPConfig web interface.


Appendix : ISPConfig Monitor App

If you have an Android phone, you can install the ISPConfig Monitor App which allows you from your phone to check server status on all your servers and especially request server details from those of your servers that have ISPConfig installed - it's a handy program.

I have it myself and I think it is worth the money (EUR 3.99), though as another commenter pointed out : the lack of alerts is somewhat disappointing as this app does cost money.



Appendix : Other Control Panels

ISPConfig is only one of many popular Hosting Control Panels, here are some of the most popular : (all panels here are hosting panels as they have the ability to manage clients, in fact all panels in this list feature the "administrator, reseller, client" stack.)

Name Price Multi Server Multi OS Comment
ISPConfig Free Yes Linux If you manage to get it installed with all whistle and bells, ISPConfig is a joyride.
PLESK Very Expensive Possible. Linux, Windows Without comparison the best I have tried. If I had the money, I would use this.
cPanel Expensive Possible Possible No personal experience
DirectAdmin Cheap ($299 for lifetime license) Possible Possible No personal experience, but likely the fastest (written in c++). It have a cartonish design, I don't like.
HSPhere Very expensive Possible Linux, Windows. Integrated UI. The slowest and most annoying UI I have tried. I quit my former hosting after I fought HSPhere for more than a year (many years ago, maybe it is better now).

Detailed hosting control panel comparisons @Wikiepedia


Appendix : fail2ban

If you fail too many times trying to logon to the server using wrong credentials, fail2ban will set a 10 minute ban on the source IP (it happened for me then I was testing ISPConfig shell users)

So if ssh or Putty seems not be able to connect to the target host, it may be because fail2ban have set a 10 minute ban on the source IP

  • shell> iptables -L -n : will show whether there is a ban
  • shell> iptables -D fail2ban-ssh 1 : will remove all blocks
  • shell> iptables -D fail2ban-SSH -s IP -j DROP : should remove the specified IP from being blocked, however it did not seem to work


Appendix : ISPConfig important directory & file structure examples

  • /usr/local/ispconfig/ : ISPConfig main directory.
    • /usr/local/ispconfig/)interface/web/ : ISPConfig web interface (also symlinked as /var/www/ispconfig).
    • (/usr/local/ispconfig/)server/lib/config.inc.php : ISPConfig server config file.
    • (/usr/local/ispconfig/)interface/lib/config.inc.php : ISPConfig server config file.
  • /var/www/clients/ : the base web directory on a web server.
    • client1/ : folder that contains all web for client with ID 1.
    • client2/ : folder that contains all web for client with ID 2.
      • rummel.com --> /var/www/clients/client2/web4 : a symlink to the folder that contains the web for rummel.com (domain_id = 4).
      • web4/ : folder that contains the website with domain_id 4, rummel.com, (panel server > MySQL > dbispconfig.web_domain.domain_id).
        • web/ : http web files.
        • ssl/ : https web files.

Other directories & files :

  • /etc/postfix/smtpd.key : private key.
  • /etc/postfix/smtpd.cert : certificate containing the public key.
  • /var/log/ispconfig/httpd/rummel.com : access & error logs for rummel.com.


Appendix : ISPConfig variables

  • [client_id] : example System > Server Config > Web.
  • [website_id] : example System > Server Config > Web.
  • [website_domain] : example System > Server Config > Web.
  • [website_path] : example System > Server Config > Web.
  • [domain] : example System > Server Config > Mail.
  • [localpart] : example System > Server Config > Mail.
  • [system_user] : example System > Server Config > FastCGI.
  • [username] : example System > Server Config > Jailkit.


Appendix : Annoyances

ISPConfig is not only free, it is also an awesome Control Panel competing with the best in the industry. This does not mean though, that I don't note it then I stumple upon annoyances :

  • Apparently email quota report is availabe only with Dovecot while email traffic report is available only with Courier
  • The website list should obviously include a link to the website, but it doesn't.
  • All the lists should have a counter of how many records in the list - it is annoying that I don't know how many say emailboxes there are on my system if I don't start the slow process of counting them myself.
  • It should of course be possible to sort the lists on their filter headers - but it isn't.
  • It is not possible to give the same database user access to 2 databases. Eg. if a website uses 2 databases, it would be nice to have only 1 set of credentials, instead it is necessary to create 2 distinct database users.
  • While it is great that there is kind of a help desk system built in to ISPConfig, it is severely limited by the fact that it is for the administrator ONLY possible to see messages the client have sent, not possible to list all the answers the administrator have replied. Also the help desk system would be dramatically improved if we can list threads (not eg. list the client messages in one list and the administrator replies in another disconnected list) as well as allowing links in the messages.


Appendix : Debugging

  • Check that mysql on a client server can connect to mysql on the panel server
    1. Get panel server host, username and password from the client server config file
      • Client server : /usr/local/ispconfig/server/lib/config.inc.php
    2. client server shell> mysql -h panel.server.host -u username -p : connect to mysql on the panel server.
    3. If you came that far, you know that mysql on your client server can connect to mysql on the panel server.
  • Check log files :
    1. shell> cd /var/log/ispconfig : navigate to the ISPConfig log folder.
    2. shell> ls -l : list files & folders, you should see cron.job, httpd & ispconfig.log.
    3. shell> tail -50 cron.log : cron.log is generated then the ISPConfig cron job executes - here take a look at the last 50 lines.
    4. shell> ls -l httpd : there is a log folder for each website you host on this server.
    5. shell> cd httpd/WEBSITE : navigate to the log folder for a specific website.
    6. shell> ls -l : you should now see a lot of access logs and maybe some error.logs.
    7. shell> tail -50 error.log : view the last 50 lines of the current error.log file.
  • Run server.sh in debug mode :
    1. In ISPConfig panel go to System > server config and select the server you want to debug and then set the log level to Debug.
    2. client server shell> cd /usr/local/ispconfig/server : navigate to the ISPConfig server configuration folder.
    3. client server shell> ./server.sh : execute the server.sh shell script (which in turn will execute server.php) - you should now get debug information on the screen.


Appendix : Common errors & solutions



  1. jailkit make errors src/jk_socketd.c:474: undefined reference to `pthread_create'.

Reason : The linker isn't getting the correct flags.

Solution :

  1. navigate to the jailkit install folder (in this tutorial it is /ISPConfigInstall/jailkit-2.14).
  2. shell> make clean : undo what you have done.
  3. shell> export LDFLAGS="-pthread"
  4. shell> ./configure
  5. shell> make
  6. shell> make install
  1. ISPConfig Control Panel does not create the website on the webserver - (you need to give the panel server 3 minutes to physically write the website).
  2. webserver shell> /etc/init.d/apache2 restart errors mysql connection problem.

Example : here the domain is weba.tld

  • I should see this (and I have already waited 3 minutes after creating the new website).
  • Instead I see this - showing the webservers default website, not the weba.tld website I just created.

Common Reason : The panel (master) server does not have your webserver in it's hosts file.
First confirm whether the webserver have a /var/www/clients folder - if it does not, then the panel (master) server cannot write to the webservers filesystem.

This is what you SHOULD see, but if the panel server cannot write to your webservers filesystem, then you will not see the clients folder (and some other).

Solution :

  1. panel server shell> nano /etc/hosts : open the panel servers hosts file and be sure it contains this record :
    • 192.168.1.43 web1.example.tld : of course substituting IP & webserver domain with your own.
  2. Press ctrl+x and then y to close and save the hosts file.
  3. Wait just a little and the website should be written to your webserver (ISPConfig have the writing in queue).
  1. ISPConfig installer errors Unable to connect to mysql server.

Reason 1 : Your new server cannot find the master (panel) server. You can test this using ping from your new server shell :

  • new server shell> ping panel.example.tld : you need to change panel.exampel.tld to the name of your master server.
    • If ping does not resolve and/or does not answer, then go to Solution 1.
    • If ping both resolve and answer, then go to Reason 2.

Reason 2 : Your new server does not have access to the master (panel) servers database. You can test this from your new server shell :

  • new server shell> mysql -h panel.example.tld -u root -p : changing panel.example.tld to the name or IP of your master server.
    • If you get error ERROR 1130 (HY000): Host 'newserver.example.tld' is not allowed to connect to this MySQL server, then you need to add privileges for newserver.example.tld to your master servers database.

Solution 1 :

  1. new server shell> nano /etc/hosts : open the new servers hosts file and be sure it contains this record :
    • 192.168.1.40 panel.example.tld : of course substituting IP & panel server domain with your own.
  2. Press ctrl+x and then y to close and save the hosts file.
  3. Retry the ISPConfig installer.

Solution 2 :

  1. Your new server need acccess to your master (panel) server database, please do Initial common server configuration step 9 - it will solve the problem.
  1. shell> /usr/local/ispconfig/server/server.sh errors - DEBUG - There is already an instance of server.php running. Exiting..

Then you get this error, changes you make to the server through the ISPConfig panel will NOT be implemented and also the ISPConfig monitor will NOT remove the changes from the job queue.

I got this error on a mail server with the queue filled up with spam. After I stopped postfix, I could run server.sh without problems just 5 seconds after postfix stopped. I then started postfix again. I don't understand the problem though.

I tried to run server.sh again a little while after starting postfix, and again I got the above error 5.

I think I have seen this error in another context, there the problem was the existence of a file that prohibits server.php from running. Then server.php executes it starts by writing a lock file /usr/local/ispconfig/server/temp/.ispconfig_lock and just before exiting server.php will remove that file again - I think this is to avoid 2 instances of server.php running at the same time. I think if encountering that server.php cannot run because that lock file exist, then you can just delete the file, wait a minute and then try to execute server.sh again :

  1. Comment out the server.sh from your crontab :
    1. shell> crontab -e : open the crontab editor.
    2. Comment out the line containing executing server.sh.
    3. Press ctrl+x to save and get out.
  2. shell> rm -f /usr/local/ispconfig/server/temp/.ispconfig_lock : delete the log file.
  3. shell> /usr/bin/php -q /usr/local/ispconfig/server/server.php : run server.php with the -q option.




Comments

You can comment without logging in
 
 B  U  I  S 
Words: Chars: Chars left: 
 Captcha 
 Nickname
Facebook
    
nada2rindu
--------------
      report  reply  
Thanks...!! 
Kenneth Nielsen
--------------
      report  reply  
Hejsa

Først og fremmest, tak for en super fed guide! Den er velskrevet, til at forstå og meget anvendelig!

Jeg er dog stødt på det problem, at FTP serveren laver en fejl 530 på alle users.
Har set efter i databasen, username og pass er oprettet korrekt der. Har prøvet at ændrer /etc/pure-ftpd/mysql.conf så den ikke kigger på 127.0.0.1 men localhost, endvidere også prøvet at bede den kigge på panel serverens SQL men også uden held.

Er dette noget du er stødt på?

PS: Kører på Ubuntu 12.04 lts
Kenneth Nielsen
--------------
      report  reply  
Opdatering...

FTP virker fint hvis jeg opretter et sub-domæne og peger direkte ind på "web1" ... Men går jeg på med domænet som peger på "panel" er den gal
Kenneth Nielsen
--------------
      report  reply  
Har løst det!

Endnu en gang, tak for en super god guide!
Rasmus
User type : Admin
Register : 2012-Dec-21
Topics : 0
Replies : 108
--------------
      report  reply  

Hi Kenneth

Great that you solved the problem. I was actually about to collect some ideas of how to approach the problem, however now that you have solved it, I am very interested in how you solved it, so other people can benefit from your experience.

web fiddler by nature

Kenneth Nielsen
--------------
      report  reply  
Hey Rasmus

Will reply in english this time, sorry to the rest for using danish, was tired, and lazy :) ... The problem was, that I set up without the nameservers. I have "panel, db1, web1 and mail1" set up and all have dedicated IP´s that I can route A-records towards. So I just created records for the indvidual hostnames and pointed them towards the individual IP´s.

How ever... I have run in to something different... Webalizer stats is not working in the multiserver setup. Havent been fiddeling a lot with it yet, since this is my second night without sleep, setting up servers ;) Any pointers?

Secondly, your guide on squirrelmail is, well... not correct, or at least not working. I tried it, following it to the letter, but no alas.
So I went with Roundcube, wich I also like better because of the fancy graphics ;) I am writing up a complete guide on what to do, in the same way you have written the above, will send it either by mail to you Rasmus, or post it here as a comment. So that, if you want, you can put it in your wonderful guide above.
Rasmus
User type : Admin
Register : 2012-Dec-21
Topics : 0
Replies : 108
--------------
      report  reply  

Hi Kenneth

I take it that your first problem, that FTP did not work, was a nameserver problem, eg. if trying to FTP connect to web1.example.com, then you got an error 530. You then solved the problem by adding the appropriate A records.

Regarding Webalizer, I have never used it myself, however one reason Webalizer may not work is if Webalizer have not been installed (the above tutorial will NOT install Webalizer). Say that you are trying to view Webalizer statistics on this url : mysite.com/stats/ and that mysite.com is hosted on your web1 server, then you can confirm if Webalizer is installed like this :
web1 shell> which webalizer
, at least that would be the first thing to confirm.

Regarding my Squirrelmail guide. I have not had the time to confirm whether there is an error in the guide, I have made a note to test it then I have some free times on my hands.

Then you finish your Roundcube guide, please post a link to it here in the comments so we can take a look or if your guide can fit within 2,000 characters, then just copy the whole guide here in the comments (with a link to the original so other people can reach you). I think a lot of people would be interested in using Roundcube with ISPConfig.

web fiddler by nature

student
--------------
      report  reply  
wow... great tutorial... thanks for your work.
bahgat
User type : Standard
Register : 2013-Jun-25
Topics : 0
Replies : 2
--------------
      report  reply  
Dear Rasmus

Thank you very much for useful guide on installing multi server environment.

I had a problem yesterday, i was on digitalocean.com CP and by accedient i destroyed the "panel" droplet and also for bad luck i was not taking any backups :(.

i reinstalled the panel server, the question here is there any way to make the mail server and ns server rejoin the panel without losing data????

the mail server is working fine and ppls can access their mails and same for the NS, but for sure all records at the panel server are gone :(

can you help me please

Bahgat

Rasmus
User type : Admin
Register : 2012-Dec-21
Topics : 0
Replies : 108
--------------
      report  reply  

Hi bahgat

So sorry, somehow I missed your post. I am not aware of any way to rebuild your panel database without a backup. I think the way to go is to :

  1. Backup your customer website files and your customer databases.
  2. Write down your clients on a paper.
  3. Write down your email accounts on a paper.
  4. Write down your ftp accounts on a paper.
  5. Write down your dns records on a paper.
  6. Reset your web server, your database server, your email server and your ns server.
  7. Recreate the whole ISPConfig multiserver setup.
  8. Recreate the clients.
  9. Recreate the dns records.
  10. Recreate the customer websites and then copy the website files into the new websites
  11. Recreate the databases and then restore them.
  12. Recreate the email accounts.
  13. Recreate the ftp accounts.

 

web fiddler by nature

purs
User type : Standard
Register : 2013-Jul-03
Topics : 0
Replies : 3
--------------
      report  reply  
Hi,
Thank you for this very helpful tutorial 

I need some help on Appendix : Access Control Panel as a subdomain of client domain

I have my panel server installed on https://xxx.xxx.xxx.xxx:8080

My NS are NS1.MYDOMAIN.COM NS2.MYDOMAIN.COM

Also created a site mydomain.com

My question is do I need to create a New site for sub domain cp.mydomain.com and add index.php in Sub Domain Website

Thanks
Purs
Rasmus
User type : Admin
Register : 2012-Dec-21
Topics : 0
Replies : 108
--------------
      report  reply  

Hi purs

You do NOT need to create a new site for cp.mydomain.com.

Lets say that you have mydomain.com on 27.254.33.57 and your panel server is on 27.254.33.60.

  1. Go to your panel and in the DNS tab select the mydomain.com zone.
  2. Create a new A record for the mydomain.com zone called cp pointing to 27.254.33.60
  3. After the A record have been created you need to confirm that cp.mydomain.com is pointing to the panel server (27.254.33.60), so on your dev box open a prompt and ping cp.mydomain.com
  4. On the panel server (not your panel) you need to redirect any http://cp.xxxx.xxx to https://cp.xxxx.xxx:8080 (note the 's' in https):
  5. On your panel server (not your panel) open /var/www/index.php for editing :
  6. panel server> cd /var/www
  7. panel server> nano index.php : open index.php for editing.
  8. Add the following code to index.php :
  • $url_domain = $_SERVER['SERVER_NAME'];
  • $domain_parts = explode('.', $url_domain);
  • $domain_parts_count = count($domain_parts);
  • if ($domain_parts_count >= 3 && $domain_parts[0] == 'cp'){
  •     header('Location:https://' . $url_domain . ':8080'); //change http to https and append port 8080 and then redirect
  •     exit;
  • }


http://mydomain.com will direct your browser to 27.254.33.57
http://cp.mydomain.com will direct your browser to 27.254.33.60 and then redirect your browser to https://cp.mydomain.com:8080 (which is also 27.254.33.60, but it will open the panel).

web fiddler by nature

purs
User type : Standard
Register : 2013-Jul-03
Topics : 0
Replies : 3
--------------
      report  reply  
Hi,

Thank you for your post.

I need help on the following Set up

Let us say I have a Dedicated Server with four or more Ips & want to allocate ips as under

Ip #1name server(DNS)-198.10.100.99 - Assign this as NS1.example.com
Ip # 2 name server(DNS)- 198.10.100.100 - Assign this as NS2.example.com
Ip # 3 web server- 198.10.100.101 - Assign this as example.com
Ip # 4 for outgoing mails- 198.10.100.102 - Assign this as mail.example.com
and so on...

Points to be noted

1.  Only One dedicated server for NS1,NS2,Web & Mail
 2. to create virtual interfaces such as eth0:0 ethh0:1 where 0:0 is ip#3 & 0:1 is ip#4

Thanks in advance

Regards
Purs
Rasmus
User type : Admin
Register : 2012-Dec-21
Topics : 0
Replies : 108
--------------
      report  reply  
Hi purs

I am not sure if what you want is possible.

In an ISPConfig multi-server setup, you can easily have different IP's for your different services since each server you add will have their own IP and you can choose to separate your services so that eg. mail service is on one server and web service is on another server.

However since you want to use only 1 server, you need an ISPConfig single server setup with all services (NS, mail, web, database) on the same server - I don't think ISPConfig can separate these services on different IP's (though I am really only guessing).

I think you will need to either use multiple servers (if you have a barebone server, you can setup multiple virtual servers) or accept that all services are available on the same IP.

web fiddler by nature

Jeff
--------------
      report  reply  
Hi, got a small problem. When I'm installing the webserver it says cannot connect to the panel server's mysql. Says

ERROR 1130 (HY000): Host '192.XXX.XX.60' is not allowed to connect to this server

I've done everything in your guide.

Rasmus
User type : Admin
Register : 2012-Dec-21
Topics : 0
Replies : 108
--------------
      report  reply  

Hi Jeff

You error is likely either a network error or missing MySql access.

Run the following tests in the specified order :

  1. Disable any firewall on the panel server and on the webserver so you are sure no firewall is making problems
  2. webserver shell> ping PanelServerIP : be sure there is network connection
  3. webserver shell> ping PanelServerDomain : be sure your webserver host file is correct setup
  4. webserver shell> mysql -h PanelServerIP -u root -p : be sure the webserver MySql client have access to the panel MySql server
  5. webserver shell> mysql -h PanelServerDomain -u root -p : be sure the panel MySql server also added remote access to 'root'@'WebserverDomain'
  6. panelserver shell> mysql -u root -pRootPassword : logon locally to MySql on the panel server (there is no space between -p and RootPassword)
    1. mysql shell> use mysql; : change current database to mysql
    2. mysql shell> select User,Host from user; : select all users from the user table and be sure you have the following entries for the webserver :
      • WebserverIP root
      • WebserverIP ispcsrv#
      • WebserverDomain root
      • WebserverDomain ispcsrv#

Let me know the result of your tests.

web fiddler by nature

Jeff
--------------
      report  reply  
Step #4 is where the error begins it says webserverip is not allowed to connect to this server. I'm using Debian 7 though, but it should be almost exacting for the tutorial.
Rasmus
User type : Admin
Register : 2012-Dec-21
Topics : 0
Replies : 108
--------------
      report  reply  

Hi Jeff

I have never used Debian myself, however like you, I think the difference between Ubuntu & Debian is irrelevant in this case.

Ok, lets get to it, try the following :

  1. webserver shell> nmap PanelServerIP : be fully sure that the panel MySql server is listening on port 3306 and no firewall is blocking the port. You should among other records see 3306/tcp open mysql.
  2. webserver shell> telnet PanelServerIP 3306 : confirm the service using telnet (use ctrl+] to get out of the MySql server dialog and then quit to exit the telnet prompt)
  3. On both the panel & webserver, you need to edit the /etc/mysql/my.cnf file and comment out the "bind-address = 127.0.0.1" (prefix the line with a # sign) - see "Initial common server configuration" step 5.2
  4. On the panel MySql server, you need to add 2 users with full access : 'root'@'WebserverIP' and 'root'@'WebserverDomain' - see "Initial common server configuration" step 9 (actually you can check if the users exist using my reply above test 6)

(Be sure to login next time you post so you will get an email notification immediately if you get an answer).

web fiddler by nature

bahgat
User type : Standard
Register : 2013-Jun-25
Topics : 0
Replies : 2
--------------
      report  reply  
Hello Rasmus

Hope you are fine and everything is ok with i checked your website many times but it was down.

Remember when i told you about that i lost my panel server by accdient.

i was successfully able to build its database again refering to other NS and mail server.

After building the panel server i was able to manage other servers from the panel, and i left it for about a week, then got back again and i canot add to ns or mail any more, every thing is being added to the db on panel server fine but no changes takes effect on NS or mail, knowing that panel is reading NS and MAIL logs fine, BUT i will show you an error from ISPClog


PHP Warning: mysqli::mysqli(): (HY000/2013): Lost connection to MySQL server at 'reading authorization packet', system error: 0 in /usr/local/ispconfig/server/lib/classes/db_mysql.inc.php on line 62
DB::__construct Lost connection to MySQL server at 'reading authorization packet', system error: 0
PHP Warning: mysqli::mysqli(): (HY000/2013): Lost connection to MySQL server at 'reading authorization packet', system error: 0 in /usr/local/ispconfig/server/lib/classes/db_mysql.inc.php on line 62
DB::__construct Lost connection to MySQL server at 'reading authorization packet', system error: 0

DB::__construct Can't connect to MySQL server on 'panel.xenvoy.com' (110)
PHP Warning: mysqli::mysqli(): (HY000/2003): Can't connect to MySQL server on 'panel.xenvoy.com' (111) in /usr/local/ispconfig/server/lib/classes/db_mysql.inc.php on line 72
DB::__construct Can't connect to MySQL server on 'panel.xenvoy.com' (111)
PHP Warning: mysqli::mysqli(): (HY000/2003): Can't connect to MySQL server on 'panel.xenvoy.com' (111) in /usr/local/ispconfig/server/lib/classes/db_mysql.inc.php on line 72


Tue Aug 20 20:46:01 UTC 2013 PHP Warning: mysqli::mysqli(): (HY000/2002): Can't connect to local MySQL server through socket '/var/run/mysqld/mysqld.sock' (2) in /usr/local/ispconfig/server/lib/classes/db_mysql.inc.php on line 62

can you help me please
regards

Rasmus
User type : Admin
Register : 2012-Dec-21
Topics : 0
Replies : 108
--------------
      report  reply  
Hi bahgat

I am not sure exactly how you rebuild your panel server. I think it will be very difficult to rebuild it correctly and without a backup I would recreate the whole system from scratch following the steps I gave in my reply to your first post.

Regarding your MySql connection problems, you should confirm that you can connect from panel server to client server and from client server to panel server using MySql client command line utility :

  1. panel server shell> mysql -u root -p : confirm that you can connect locally on the panel server.
  2. panel server shell> mysql -h clientServerIP -u root -p : confirm you can connect from panel to client.
  3. client server shell> mysql -u root -p : confirm that you can connect locally on the client server.
  4. client server shell> mysql -h panelServerIP -u root -p : confirm you can connect from client to panel.

If you don't get any errors in the 4 tests above after you have supplied the relevant root passwords, you need to test the actual user account used by ISPConfig : (here I specify how to do it from the client server)

  1. On your client server open /usr/local/ispconfig/server/lib/config.inc.php
    1. In the client config.inc.php file locate the Database section for db_host = localhost and notice the db_user & db_password 
      1. client server shell> mysql -u db_user -pdb_password : logon to MySql locally on the client server using the ispconfig user (notice there is no space between -p and the password)
    2. In the client config.inc.php file locate the Database section for the master database and notice the db_host, db_user and db_password
      1. client server shell> mysql -h db_host -u db_user -pdb_password : logon to MySql on the panel server from the client server using the ispconfig master database ispconfig user
  2. Repeat the process from the panel server

web fiddler by nature

chika.tambun
--------------
      report  reply  
i've got this message
"

Forbidden

You don't have permission to access / on this server."

i do have the permission .. please take a look here
Rasmus
User type : Admin
Register : 2012-Dec-21
Topics : 0
Replies : 108
--------------
      report  reply  
Hi chika, try to use the root user to install. 

To enable the root user, you need to do the following :
  1. shell> sudo passwd root : (you will be prompted for your own password and then for the new root password)
  2. shell> su root : switch user to root (you will be prompted for password again)

web fiddler by nature

timna
--------------
      report  reply  
Dear all

As Per  the  post of How to install ISPConfig multi server

http://webmodelling.com/webbits/ubuntu/ubuntu-ispconfig3-multi-server-setup.aspx I  hope to build small data center I purchased 10 Mpbs Internet connection with public IP. I hope to Installed Pfsence firewall and arrange port forwarding. I have small issue wen I make port forwarding for DNS service how can do it because Primary and secondary servers use same  port Number port 53 know. 

Please advice How can I do It     
Rasmus
User type : Admin
Register : 2012-Dec-21
Topics : 0
Replies : 108
--------------
      report  reply  
Hi timna

I don't understand your problem exactly and also it does not seem to be ISPConfig related. I give you a couple a days to describe your problem more precise and to describe how it relate to ISPConfig before I otherwise delete your question.

web fiddler by nature

Andrea
--------------
      report  reply  
thanks a lot!
only a question.
Is there a way in order to select the default web server for all client?
Now, when I've to create a new client, I see two webserver (panel and  web1).
In order to avoid errors can I show only the correct server??

I don't want to use the panel server also as webserver.

Thanks
Andrea
Rasmus
User type : Admin
Register : 2012-Dec-21
Topics : 0
Replies : 108
--------------
      report  reply  
Hi Andrea

Then you login as Admin, you will have the option to create a website on any ISPConfig associated webserver (in your case panel & web1).

Then you as Admin create a new Client (or edit an existing Client), you can set which webserver is available for the Client (say web1).

Then you login as the Client, you cannot select any webserver at all, any website the Client is creating himself will be created on the webserver (web1) you associated with the Client.

web fiddler by nature

Anonymous
--------------
      report  reply  
thansk Rasmus
yes, I've seen.

But is possible to uncheck in the systrem-->server service the option webserver and fileserver in the panel server?

in this way will have only one web server..

Thanks,
Andrea


Rasmus
User type : Admin
Register : 2012-Dec-21
Topics : 0
Replies : 108
--------------
      report  reply  
Yes, it is a good idea. 

Go to System -> Server Services, select your panel server and uncheck the Webserver service. Next time you create a website, the panel server will no longer be in the Server list.

Your panel server will still be a webserver and existing websites (eg. the panel website) will still run.

If you later need to make a new website on the panel server then just temporarily enable the Webserver service for the panel server.

web fiddler by nature

sussox
User type : Standard
Register : 2014-Apr-07
Topics : 0
Replies : 1
--------------
      report  reply  
Hi! 

Im trying to follow the guide. Everything works fine until i get to the db-server part. i have configured the server (tried 2 times, with db1 and db2) but when creating a test-db it only shows in the ISPconfig-GUI, its not beeing created on the db-server. What could be wrong and where to start looking for errors?

Regards Johan

Anonymous
--------------
      report  reply  
Seems to work now. I managed to enable the Debug logging and saw that ispcsrv6'@db2.xxx.xx could not write to the db.

So i corrected theese permissions. Are they suppose to be set somewhere in the guide that i missed?

/Johan 

Rasmus
User type : Admin
Register : 2012-Dec-21
Topics : 0
Replies : 108
--------------
      report  reply  
Hi sussox

I think ispcsrvX@host is automatically granted access to the Panel DB as part of adding a new server to the ISPConfig system. Especially before running the ISPConfig installer to add a new system, you MUST go through the "Initial Common Server Configuration" section in which database grants are setup in step9 (however it is so long time since I setup this system that I am not sure my comment is precise).

On another note I am very happy that you wrote how you solved the problem.

web fiddler by nature

mquintana
User type : Standard
Register : 2016-Apr-21
Topics : 0
Replies : 2
--------------
      report  reply  
how to apply this configuration to Mirror setup when the database are master to master. 
mquintana
User type : Standard
Register : 2016-Apr-21
Topics : 0
Replies : 2
--------------
      report  reply  
how to apply this configuration to Mirror setup when the database are master to master. 


click to top