Dicas Rápidas
Dicas Rápidas - Instalação COMPLETA do ISPConfig no Ubuntu usando o AWS Grátis
Nesse vídeo iremos conhecer o passo-a-passo completo de toda a instalação do ISPConfig no AWS (podendo ser feito em outro ambiente ou VM), usando o MobaXterm para acesso SSH, instalando e configurando o Postfix, MariaDb, Let's Encrypt, e outros serviços como PhpMyAdmin, Apache, PHP, etc.
Links e Comandos do Vídeo
Links
Comandos
sudo -s
# verificar a versão do linux
cat /etc/issue
# atualizar e fazer uma limpeza nos pacotes
apt-get update && apt-get upgrade && apt-get dist-upgrade
apt-get autoremove
apt-get autoclean
apt-get clean
# utilitário de descompactação
apt-get install unzip
# configurar linguagens do sistema
dpkg-reconfigure locales
# mudar o shell para usar bash
dpkg-reconfigure dash
# remover o AppArmor (para evitar problemas)
service apparmor stop
update-rc.d -f apparmor remove
apt-get remove apparmor apparmor-utils
# sincronizar o relógio com um NTP Server não é necessário para VM
apt-get -y install ntp
# remover o sendmail (para instalar o postfix)
service sendmail stop; update-rc.d -f sendmail remove
# instalar o Postfix (para email), MariaDb e outros utilitários necessários
apt-get -y install postfix postfix-mysql postfix-doc mariadb-client mariadb-server openssl getmail4 rkhunter binutils dovecot-imapd dovecot-pop3d dovecot-mysql dovecot-sieve sudo patch
# abrir as portas TLS do postfix
nano /etc/postfix/master.cf //tem que ter espaços em branco na frente dos -o..
# [...]
# submission inet n - y - - smtpd
# -o syslog_name=postfix/submission
# -o smtpd_tls_security_level=encrypt
# -o smtpd_sasl_auth_enable=yes
# -o smtpd_tls_auth_only=yes
# -o smtpd_client_restrictions=permit_sasl_authenticated,reject
# # -o smtpd_reject_unlisted_recipient=no
# # -o smtpd_client_restrictions=$mua_client_restrictions
# # -o smtpd_helo_restrictions=$mua_helo_restrictions
# # -o smtpd_sender_restrictions=$mua_sender_restrictions
# # -o smtpd_recipient_restrictions=permit_sasl_authenticated,reject
# # -o milter_macro_daemon_name=ORIGINATING
# smtps inet n - y - - smtpd
# -o syslog_name=postfix/smtps
# -o smtpd_tls_wrappermode=yes
# -o smtpd_sasl_auth_enable=yes
# -o smtpd_client_restrictions=permit_sasl_authenticated,reject
# # -o smtpd_reject_unlisted_recipient=no
# # -o smtpd_client_restrictions=$mua_client_restrictions
# # -o smtpd_helo_restrictions=$mua_helo_restrictions
# # -o smtpd_sender_restrictions=$mua_sender_restrictions
# # -o smtpd_recipient_restrictions=permit_sasl_authenticated,reject
# # -o milter_macro_daemon_name=ORIGINATING
# [...]
# reiniciar o postfix
service postfix restart
# liberar as portas do mysql (mariadb) (não só localhost)
nano /etc/mysql/mariadb.conf.d/50-server.cnf
# comentar bind-address = 127.0.0.1
# setar a senha do root mysql
mysql_secure_installation
# configurar o método e autenticação para nativo (para usar o phpmyadmin)
echo "update mysql.user set plugin = 'mysql_native_password' where user='root';" | mysql -u root
nano /etc/mysql/debian.cnf # informar a senha no arquivo
# adicionar essas linhas no fim do limits.conf
nano /etc/security/limits.conf
# mysql soft nofile 65535
# mysql hard nofile 65535
# criar um serviço para o mariadb (configurando os limites)
mkdir /etc/systemd/system/mysql.service.d/
nano /etc/systemd/system/mysql.service.d/limits.conf
# [Service]
# LimitNOFILE=infinity
systemctl daemon-reload
service mariadb restart
# testar o mariadb
netstat -tap | grep mysql
# vamos instalar o Apache, PHP, phpMyAdmin, SuExec, e outros utilitários
apt-get -y install apache2 apache2-doc apache2-utils libapache2-mod-php php7.4 php7.4-common php7.4-gd php7.4-mysql php7.4-imap phpmyadmin php7.4-cli php7.4-cgi libapache2-mod-fcgid apache2-suexec-pristine php-pear libruby libapache2-mod-python php7.4-curl php7.4-intl php7.4-pspell php7.4-sqlite3 php7.4-tidy php7.4-xmlrpc php7.4-xsl memcached php-memcache php-imagick php7.4-zip php7.4-mbstring php-soap php7.4-soap php7.4-opcache php-apcu php7.4-fpm libapache2-reload-perl
# habilitar os módulos do apache, ssl, suexec, rewrite ...
a2enmod suexec rewrite ssl actions include cgi alias proxy_fcgi
a2enmod dav_fs dav auth_digest headers
# desabilitar o proxy nos cabeçalhos do apache
nano /etc/apache2/conf-available/httpoxy.conf
# <IfModule mod_headers.c>
# RequestHeader unset Proxy early
# </IfModule>
a2enconf httpoxy
# reiniciar o apache
service apache2 restart
# instalar o Let's Encrypt (para criar sites SSL)
apt-get install certbot
# instalar o mailman para criação de listas de email
apt-get -y install mailman
# instalar o PureFTPd e configurações de cota
apt-get -y install pure-ftpd-common pure-ftpd-mysql quota quotatool
nano /etc/default/pure-ftpd-common
# talvez não seja necessário:
# VIRTUALCHROOT=true
# configurar o FTP com TLS (criando um certificado SSL)...
echo 1 > /etc/pure-ftpd/conf/TLS
mkdir -p /etc/ssl/private/
openssl req -x509 -nodes -days 7300 -newkey rsa:2048 -keyout /etc/ssl/private/pure-ftpd.pem -out /etc/ssl/private/pure-ftpd.pem
# mudar as permissões do certificado
chmod 600 /etc/ssl/private/pure-ftpd.pem
# reiniciar o PureFTPd
service pure-ftpd-mysql restart
# configurar cotas
nano /etc/fstab
# # /etc/fstab: static file system information.
# #
# # Use 'blkid' to print the universally unique identifier for a
# # device; this may be used with UUID= as a more robust way to name devices
# # that works even if disks are added and removed. See fstab(5).
# #
# # <file system> <mount point> <type> <options> <dump> <pass>
# /dev/mapper/server1--vg-root / ext4 errors=remount-ro,usrjquota=quota.user,grpjquota=quota.group,jqfmt=vfsv0 0 1
# /dev/mapper/server1--vg-swap_1 none swap sw 0 0
# /dev/fd0 /media/floppy0 auto rw,user,noauto,exec,utf8 0 0
mount -o remount /
quotacheck -avugm
quotaon -avug
# instalar um servidor de DNS (BIND)
apt-get -y install bind9 dnsutils haveged
systemctl enable haveged
systemctl start haveged
# instalar o Vlogger, Webalizer, AWStats e o GoAccess (para estatísticas e análises)
apt-get -y install vlogger webalizer awstats geoip-database libclass-dbi-mysql-perl
echo "deb [<https://deb.goaccess.io/>](https://deb.goaccess.io/) $(lsb_release -cs) main" | sudo tee -a /etc/apt/sources.list.d/goaccess.list
wget -O - [<https://deb.goaccess.io/gnugpg.key>](https://deb.goaccess.io/gnugpg.key) | sudo apt-key --keyring /etc/apt/trusted.gpg.d/goaccess.gpg add -
sudo apt-get update
sudo apt-get install goaccess
nano /etc/cron.d/awstats //comentar tudo
# instalar o Jailkit (para que o ispconfig possa exibir um shell de comandos)
apt-get -y install jailkit
# instalar o fail2ban e o firewall UFW (para o ispconfig monitorar tentativas de acesso)
apt-get -y install fail2ban
nano /etc/fail2ban/jail.local # definir as tentativas
# [pure-ftpd]
# enabled = true
# port = ftp
# filter = pure-ftpd
# logpath = /var/log/syslog
# maxretry = 3
# [dovecot]
# enabled = true
# filter = dovecot
# action = iptables-multiport[name=dovecot-pop3imap, port="pop3,pop3s,imap,imaps", protocol=tcp]
# logpath = /var/log/mail.log
# maxretry = 5
# [postfix]
# enabled = true
# port = smtp
# filter = postfix
# logpath = /var/log/mail.log
# maxretry = 3
service fail2ban restart
apt-get install ufw
# instalar o Roundcube (interface para ler e enviar email)
apt-get -y install roundcube roundcube-core roundcube-mysql roundcube-plugins roundcube-plugins-extra javascript-common libjs-jquery-mousewheel php-net-sieve tinymce
# habilitar php e webmail
nano /etc/apache2/conf-enabled/roundcube.conf
# # Those aliases do not work properly with several hosts on your apache server
# # Uncomment them to use it or adapt them to your configuration
# Alias /roundcube /var/lib/roundcube
# Alias /webmail /var/lib/roundcube
# [...]
# <Directory /var/lib/roundcube>
# AddType application/x-httpd-php .php
# [...]
# reiniciar o apache
service apache2 restart
# evitar que o roundcube exiba na tela do servername
nano /etc/roundcube/config.inc.php
# $config['default_host'] = 'localhost';
# $config['smtp_server'] = 'localhost';
# $config['smtp_port'] = 25;
# instalar o ispconfig 3.2 (usando o php)! obs. o ideal é que você utilize um subdomínio já configurado
cd /tmp
wget -O ispconfig.tar.gz [<https://www.ispconfig.org/downloads/ISPConfig-3-stable.tar.gz>](https://www.ispconfig.org/downloads/ISPConfig-3-stable.tar.gz)
tar xfz ispconfig.tar.gz
cd ispconfig3\*/install/
php -q install.php
# liberar a porta 8080 e testar!