Ecrit par:  DAVID
Date création:  19-08-2018
Nombre de vues:  148
Catégorie:  ovh
Note: 
Tutoriel N° 2bb - Migration Ovh Release 3 / Ubuntu 14.04 Ispconfig3 : informatique > gestion > ovh

Migration Ovh Release 3 / Ubuntu 14.04 IspConfig3


Suite à l'envoi récent d'un mail d'ovh qui indique arrêter la Release3, j'ai décidé de migrer mon système sur une distribution Ubuntu 14.04 avec le panel IspConfig 3!

Votre serveur continuera de tourner, mais vous ne pourrez plus le réinstaller avec Ovh Release3 si besoin après le 30 Novembre 2018 !

613x337

582x408

579x662


Mes objectifs:

1/ Apache2, PHP, Mysql, Postfix
2/ Php 5.3.29 avec choix multiples versions
3/ Ispconfig3 comme Panel à la place de webmin/virtualmin
4/ Ajouter un domaine, les dns, un compte ftp

Je me suis inspiré de ces sources:

Installation php multiple avec php 5.3.29
http://www.casper-development.be/ajouter-autre-version-de-php-ispconfig-debian-8-php-5-3/

Installation Apache2, PHP, Mysql, Postfix, Ispconfig3
https://www.howtoforge.com/perfect-server-ubuntu-14.04-apache2-php-mysql-pureftpd-bind-dovecot-ispconfig-3

Convention et codes couleurs:

Rouge: modification à effectuer dans le fichier à éditer
Vert: Commande shell dans un terminal en ssh sur votre vps


A/ On reinstall son VPS avec Ubuntu 14.04 dans le manager OVH

548x628


B/ Installation de base

passwd root ==> on change le mot de passe root
sudo apt-get update
sudo apt-get upgrade
sudo apt-get install nano -y
sudo apt-get install curl -y
updatedb


nano /etc/ssh/sshd_config
on ajoute à la fin: MaxAuthTries 3

nano /etc/apt/sources.list
on diese tout et on remplace:

# deb cdrom:[Ubuntu-Server 14.04 LTS _Trusty Tahr_ - Release amd64 (20140416.2)]/ trusty main restricted

#deb cdrom:[Ubuntu-Server 14.04 LTS _Trusty Tahr_ - Release amd64 (20130423.2)]/ trusty main restricted

# See http://help.ubuntu.com/community/UpgradeNotes for how to upgrade to
# newer versions of the distribution.
deb http://de.archive.ubuntu.com/ubuntu/ trusty main restricted
deb-src http://de.archive.ubuntu.com/ubuntu/ trusty main restricted

## Major bug fix updates produced after the final release of the
## distribution.
deb http://de.archive.ubuntu.com/ubuntu/ trusty-updates main restricted
deb-src http://de.archive.ubuntu.com/ubuntu/ trusty-updates main restricted

## N.B. software from this repository is ENTIRELY UNSUPPORTED by the Ubuntu
## team. Also, please note that software in universe WILL NOT receive any
## review or updates from the Ubuntu security team.
deb http://de.archive.ubuntu.com/ubuntu/ trusty universe
deb-src http://de.archive.ubuntu.com/ubuntu/ trusty universe
deb http://de.archive.ubuntu.com/ubuntu/ trusty-updates universe
deb-src http://de.archive.ubuntu.com/ubuntu/ trusty-updates universe

## N.B. software from this repository is ENTIRELY UNSUPPORTED by the Ubuntu
## team, and may not be under a free licence. Please satisfy yourself as to
## your rights to use the software. Also, please note that software in
## multiverse WILL NOT receive any review or updates from the Ubuntu
## security team.
deb http://de.archive.ubuntu.com/ubuntu/ trusty multiverse
deb-src http://de.archive.ubuntu.com/ubuntu/ trusty multiverse
deb http://de.archive.ubuntu.com/ubuntu/ trusty-updates multiverse
deb-src http://de.archive.ubuntu.com/ubuntu/ trusty-updates multiverse

## N.B. software from this repository may not have been tested as
## extensively as that contained in the main release, although it includes
## newer versions of some applications which may provide useful features.
## Also, please note that software in backports WILL NOT receive any review
## or updates from the Ubuntu security team.
deb http://de.archive.ubuntu.com/ubuntu/ trusty-backports main restricted universe multiverse
deb-src http://de.archive.ubuntu.com/ubuntu/ trusty-backports main restricted universe multiverse

deb http://security.ubuntu.com/ubuntu trusty-security main restricted
deb-src http://security.ubuntu.com/ubuntu trusty-security main restricted
deb http://security.ubuntu.com/ubuntu trusty-security universe
deb-src http://security.ubuntu.com/ubuntu trusty-security universe
deb http://security.ubuntu.com/ubuntu trusty-security multiverse
deb-src http://security.ubuntu.com/ubuntu trusty-security multiverse

## Uncomment the following two lines to add software from Canonical's
## 'partner' repository.
## This software is not part of Ubuntu, but is offered by Canonical and the
## respective vendors as a service to Ubuntu users.
# deb http://archive.canonical.com/ubuntu trusty partner
# deb-src http://archive.canonical.com/ubuntu trusty partner

## Uncomment the following two lines to add software from Ubuntu's
## 'extras' repository.
## This software is not part of Ubuntu, but is offered by third-party
## developers who want to ship their latest software.
# deb http://extras.ubuntu.com/ubuntu trusty main
# deb-src http://extras.ubuntu.com/ubuntu trusty main


apt-get update
apt-get upgrade

reboot



C/ Installation PHP 5.3.29 [Optionnel si vous avez besoin d'une version anterieure]

mkdir /opt/php-5.3.29
mkdir /usr/local/src/php5-build
cd /usr/local/src/php5-build
wget http://fr2.php.net/get/php-5.3.29.tar.bz2/from/this/mirror -O php-5.3.29.tar.bz2
tar jxf php-5.3.29.tar.bz2
cd php-5.3.29/
apt-get install build-essential -y
apt-get build-dep php5 -y


==> mot de passe root mysql à définir

apt-get install libfcgi-dev libfcgi0ldbl libjpeg62-dbg libmcrypt-dev libssl-dev libc-client2007e libc-client2007e-dev -y

ln -s /usr/lib/libc-client.a /usr/lib/x86_64-linux-gnu/libc-client.a

mkdir /usr/include/freetype2
mkdir /usr/include/freetype2/freetype

ln -s /usr/include/freetype2/freetype.h /usr/include/freetype2/freetype/freetype.h

cd /usr/local/src/php5-build/php-5.3.29/

sudo apt-get install -y autoconf g++ make openssl libssl-dev libcurl4-openssl-dev
sudo apt-get install -y libcurl4-openssl-dev pkg-config
sudo apt-get install -y libsasl2-dev
sudo apt-get install libxml2-dev
sudo apt-get install libbz2-dev
sudo apt-get install libjpeg-turbo8-dev
sudo apt-get install libpng-dev
sudo apt-get install libmysqlclient-dev
apt-get install libssl-dev libsslcommon2-dev

apt-cache search mysql | grep dev
sudo apt-get install tasksel -y


find / -type f -name libXpm* ==> pour connaître le chemin exact ci dessous

ln -s /usr/lib/x86_64-linux-gnu/libXpm.so.4.11.0 /usr/lib/
ln -s /usr/lib/x86_64-linux-gnu/libXpm.a /usr/lib/

./configure
--prefix=/opt/php-5.3.29-cgi
--with-zlib-dir
--with-xpm-dir=/usr
--enable-mbstring
--with-libxml-dir=/usr
--enable-soap
--enable-calendar
--with-curl
--with-mcrypt
--with-zlib
--with-gd
--disable-rpath
--enable-inline-optimization
--with-bz2
--with-zlib
--enable-sockets
--enable-sysvsem
--enable-sysvshm
--enable-pcntl
--enable-mbregex
--enable-exif
--enable-bcmath
--with-mhash
--enable-zip
--with-pcre-regex
--with-mysql
--with-pdo-mysql
--with-mysqli
--with-jpeg-dir=/usr
--with-png-dir=/usr
--enable-gd-native-ttf
--with-openssl
--with-fpm-user=www-data
--with-fpm-group=www-data
--enable-ftp
--with-imap=/usr
--with-imap-ssl
--with-kerberos
--with-gettext
--with-xmlrpc
--with-xsl
--enable-cgi


make && make install

cp /usr/local/src/php5-build/php-5.3.29/php.ini-production /opt/php-5.3.29-cgi/lib/php.ini


D/ Installation suite avec POSTFIX

apt-get install ntp ntpdate

service sendmail stop; update-rc.d -f sendmail remove

apt-get install postfix postfix-mysql postfix-doc mysql-client mysql-server openssl getmail4 rkhunter binutils dovecot-imapd dovecot-pop3d dovecot-mysql dovecot-sieve sudo


=> Create a self signed SSL ... ==> Y OK OK OK

nano /etc/postfix/master.cf


on ajoute au dessus de #submission sans toucher au reste

[...]
submission inet n - - - - smtpd
-o syslog_name=postfix/submission
-o smtpd_tls_security_level=encrypt
-o smtpd_sasl_auth_enable=yes
-o smtpd_client_restrictions=permit_sasl_authenticated,reject
# -o smtpd_reject_unlisted_recipient=no
# -o smtpd_client_restrictions=$mua_client_restrictions
# -o smtpd_helo_restrictions=$mua_helo_restrictions
# -o smtpd_sender_restrictions=$mua_sender_restrictions
# -o smtpd_recipient_restrictions=permit_sasl_authenticated,reject
# -o milter_macro_daemon_name=ORIGINATING
smtps inet n - - - - smtpd
-o syslog_name=postfix/smtps
-o smtpd_tls_wrappermode=yes
-o smtpd_sasl_auth_enable=yes
-o smtpd_client_restrictions=permit_sasl_authenticated,reject
# -o smtpd_reject_unlisted_recipient=no
# -o smtpd_client_restrictions=$mua_client_restrictions
# -o smtpd_helo_restrictions=$mua_helo_restrictions
# -o smtpd_sender_restrictions=$mua_sender_restrictions
# -o smtpd_recipient_restrictions=permit_sasl_authenticated,reject
# -o milter_macro_daemon_name=ORIGINATING

[...]


apt-get install amavisd-new spamassassin clamav clamav-daemon zoo unzip bzip2 arj nomarch lzop cabextract apt-listchanges libnet-ldap-perl libauthen-sasl-perl clamav-docs daemon libio-string-perl libio-socket-ssl-perl libnet-ident-perl zip libnet-dns-perl

service spamassassin stop
update-rc.d -f spamassassin remove



E/ Installation suite avec APACHE2 et PHP

apt-get install apache2 apache2-doc apache2-utils libapache2-mod-php5 php5 php5-common php5-gd php5-mysql php5-imap phpmyadmin php5-cli php5-cgi libapache2-mod-fcgid apache2-suexec php-pear php-auth php5-mcrypt mcrypt php5-imagick imagemagick libapache2-mod-suphp libruby libapache2-mod-python php5-curl php5-intl php5-memcache php5-memcached php5-ming php5-ps php5-pspell php5-recode php5-snmp php5-sqlite php5-tidy php5-xmlrpc php5-xsl memcached snmp -y

Web server to reconfigure automatically: <-- apache2
Configure database for phpmyadmin with dbconfig-common? <-- No

php5enmod mcrypt

a2enmod userdir suexec rewrite ssl actions include cgi

a2enmod dav_fs dav auth_digest

nano /etc/apache2/mods-available/suphp.conf


<IfModule mod_suphp.c>
#<FilesMatch ".ph(p3?|tml)$">
# SetHandler application/x-httpd-suphp
#</FilesMatch>
suPHP_AddHandler application/x-httpd-suphp
AddType application/x-httpd-suphp .php .php3 .php4 .php5 .phtml



nano /etc/mime.types

[...]
#application/x-ruby rb
[...]



apt-get install php5-xcache

apt-get install libapache2-mod-fastcgi php5-fpm

a2enmod actions fastcgi alias

service apache2 restart

service postfix restart




F/ Installation suite BIND, FTP, ...

apt-get install pure-ftpd-common pure-ftpd-mysql quota quotatool -y

nano /etc/default/pure-ftpd-common


VIRTUALCHROOT=true


echo 1 > /etc/pure-ftpd/conf/TLS

mkdir -p /etc/ssl/private/

openssl req -x509 -nodes -days 7300 -newkey rsa:2048 -keyout /etc/ssl/private/pure-ftpd.pem -out /etc/ssl/private/pure-ftpd.pem


Country Name (2 letter code) [AU]: <-- Enter your Country Name (e.g., "DE").
State or Province Name (full name) [Some-State]:<-- Enter your State or Province Name.
Locality Name (eg, city) []:<-- Enter your City.
Organization Name (eg, company) [Internet Widgits Pty Ltd]:<-- Enter your Organization Name (e.g., the name of your company).
Organizational Unit Name (eg, section) []:<-- Enter your Organizational Unit Name (e.g. "IT Department").
Common Name (eg, YOUR name) []:<-- Enter the Fully Qualified Domain Name of the system (e.g. "server1.example.com").
Email Address []:<-- Enter your Email Address.

chmod 600 /etc/ssl/private/pure-ftpd.pem

service pure-ftpd-mysql restart

apt-get install bind9 dnsutils -y


apt-get install vlogger webalizer awstats geoip-database libclass-dbi-mysql-perl -y


on commente tout

nano /etc/cron.d/awstats

apt-get install build-essential autoconf automake1.9 libtool flex bison debhelper binutils-gold -y

cd /tmp
wget http://olivier.sessink.nl/jailkit/jailkit-2.17.tar.gz
tar xvfz jailkit-2.17.tar.gz
cd jailkit-2.17
./debian/rules binary
cd ..
dpkg -i jailkit_2.17-1_*.deb
rm -rf jailkit-2.17*
apt-get install fail2ban -y

nano /etc/fail2ban/jail.local


[pureftpd]
enabled = true
port = ftp
filter = pureftpd
logpath = /var/log/syslog
maxretry = 3

[dovecot-pop3imap]
enabled = true
filter = dovecot-pop3imap
action = iptables-multiport[name=dovecot-pop3imap, port="pop3,pop3s,imap,imaps", protocol=tcp]
logpath = /var/log/mail.log
maxretry = 5

[postfix-sasl]
enabled = true
port = smtp
filter = postfix-sasl
logpath = /var/log/mail.log
maxretry = 3



nano /etc/fail2ban/filter.d/pureftpd.conf

[Definition]
failregex = .*pure-ftpd: (.*@<HOST>) [WARNING] Authentication failed for user.*
ignoreregex =


nano /etc/fail2ban/filter.d/dovecot-pop3imap.conf

[Definition]failregex = (?: pop3-login|imap-login): .*(?:Authentication failure|Aborted login (auth failed|Aborted login (tried to use disabled|Disconnected (auth failed|Aborted login (d+ authentication attempts).*rip=(?P<host>S*),.*
ignoreregex =


echo "ignoreregex =" >> /etc/fail2ban/filter.d/postfix-sasl.conf

service fail2ban restart

apt-get install squirrelmail -y

squirrelmail-configure


Command >> <-- D
dovecot
[Enter]
S
[Enter]
Q


cd /etc/apache2/conf-available/
ln -s ../../squirrelmail/apache.conf squirrelmail.conf
service apache2 reload

nano /etc/apache2/conf-available/squirrelmail.conf


<Directory /usr/share/squirrelmail>
Options FollowSymLinks
<IfModule mod_php5.c>

====> on ajoute apres ca

AddType application/x-httpd-php .php
php_flag magic_quotes_gpc Off
php_flag track_vars On
php_admin_flag allow_url_fopen Off
php_value include_path .
php_admin_value upload_tmp_dir /var/lib/squirrelmail/tmp
php_admin_value open_basedir /usr/share/squirrelmail:/etc/squirrelmail:/var/lib/squirrelmail:/etc/hostname:/etc/mailname


mkdir /var/lib/squirrelmail/tmp

chown www-data /var/lib/squirrelmail/tmp

a2enconf squirrelmail

service apache2 reload


http://your-ip/squirrelmail



cd /tmp
wget http://www.ispconfig.org/downloads/ISPConfig-3-stable.tar.gz
tar xfz ISPConfig-3-stable.tar.gz
cd ispconfig3_install/install/

php -q install.php


ISPConfig Port [8080]: 5050

do you want secure ssl ==> No

http://your_ip:5050
admin
password que vous avez choisi en root

system > system > Additionnal PHP versions
php name: php5.3.29

Puis dans l’onglet FastCGI Settings :
Path to the PHP FastCGI binary : /opt/php-5.3.29-cgi/bin/php-cgi
Path to the php.ini directory : /opt/php-5.3.29-cgi/lib


/etc/init.d/pure-ftpd-mysql start

http://your_ip/phpmyadmin
root
pawword_root


cree un compte sftp
sites > Shell-user > add new shell user

cree un compte ftp

==> il cree le user defaultuser
defaultuser
mot_de_passe_ftp


Ma config php.ini pour php 5.3.29

nano /opt/php-5.3.29-cgi/lib/php.ini

short_open_tag = On

date.timezone = 'Europe/Paris'

max_execution_time = 3000
max_input_time = 120

;;;;;;;;;;;;;;;;
; File Uploads ;
;;;;;;;;;;;;;;;;
allow_url_include = 1

allow_url_include = On

register_globals = On
display_errors = Off
log_errors = Off


; Add X-PHP-Originaiting-Script: that will include uid of the script followed by the filename
mail.add_x_header = Off


service apache2 restart

1323x878


C fini !

Je complèterai ce tutoriel avec l'ajout de https avec Letsencrypt ainsi que la signature DKIM pour les emails !

Je ne traite pas de la prise en main d'IspConfig mais c'est tres intuitif ! eventuellement vous trouverez de la doc sur google !


Autres fiches (news, tutoriaux ou petites annonces) de David de la même catégorie >
How to check if TLS 2.1 is installed ovh
Ecrit par DAVID
Contrer une attaque ddos
Ecrit par DAVID
Nettoyer serveur vps release3 hack rootkit
Ecrit par DAVID
Bounces - Mailer-Daemon avec POSTFIX
Ecrit par DAVID
Sécuriser serveur OVH release 3 avec un firewall
Ecrit par DAVID
Migration installation vps kimsufi release3 OVH
Ecrit par DAVID
Release 3 OVH Guide des problèmes et bugs corrigés
Ecrit par DAVID
Serveur OVH hacké gentoo release 2
Ecrit par DAVID
Gestion spam reçu sur serveur OVH gentoo release 2
Ecrit par DAVID
 
ShareAnnonce version 1.0 Tous droits reserves. | Condition d'utilisation | Qui sommes nous ? | Contact