mikrotik
Mikrotik routerOS adalah sistem operasi dan perangkat lunak yang dapat digunakan untuk menjadikan komputer biasa menjadi router network yang handal,mencakup berbagai fitur yang dibuat untuk ip network dan jaringan wireless.
Fitur-fitur tersebut diantaranya : Firewall & Nat, Routing, Hotspot, Point to Point Tunneling Protocol, DNS server, DHCP server, Hotspot, dan masih banyak lagi fitur lainnya.
Komputer yang akan digunakan sebagai router network cukup dengan spesifikasi menengah, di tempat saya bekerja, Mikrotik dipergunakan pada cpu Pentium III 800 Mhz, RAM 512 mb dan hdd 10 Gb sebagai firewall dan hotspot server untuk melayani sekitar 150 user.Berikut ini adalah step-step instalasi Mikrotik routerOS
Setelah cd siap maka masukkan ke cdrom dan lakukan boot from cd.
pastikan komputer yang akan dipergunakan memiliki minimal satu ethernet card.
Setelah proses booting selesai maka akan muncul tampilan berikut (klik untuk gambar yang lebih jelas):
Tampilan diatas adalah pilihan paket-paket yang akan di install, tekan 'a' untuk menginstall semuanya dan diteruskan dengan menekan 'I' untuk melanjutkan proses instalasi.Proses instalasi dilanjutkan dengan pembuatan partisi dan format harddisk, harap diingat bahwa mikrotik akan mengambil semua space yang ada di harddisk. karena itu tidak disarankan utk menginstall mikrotik pada harddisk operasional yang berisi data-data penting seperti mp3 atau mungkin file avi kesayangan anda. (lho kok data operasional penting mp3 dan avi .. jangan jangan )
Setelah melakukan pembuatan partisi dan memformat harddisk maka tahap terakhir adalah menginstall paket-paket yang dipilih pada awal tadi ke dalam harddisk. setelah selesai tekan enter untuk reboot.Mikrotik yang baru saja di download dan di install adalah versi shareware yang hanya bisa dipergunakan sementara dan akan bisa dipergunakan lebih lanjut bila melakukan registrasi terlebih dahulu, tapi jangan khawatir, versi ini sudah cukup untuk dipakai belajar kok.
Mikrotik telah selesai di install, dan bisa dipergunakan dengan login sebagai user admin dan tanpa password.
Selanjutnya adalah setting network, sebagai contoh mikrotik akan diberi alamat ip 192.168.202.1 dengan netmask 255.255.255.0.
Untuk itu ketikkan pada console perintah berikut
/ip address add address=192.168.202.1 broadcast=192.168.202.255 network=192.168.202.0 netmask=255.255.255.0 interface=ether1
Nah sekarang mikrotik sudah bisa diremote baik dengan telnet maupun dengan Winbox. Winbox adalah sebuah utility untuk melakukan remote ke server mikrotik kita dalam mode GUI.Untuk mendapatkan winbox, buka browser dan arahkan ke http://192.168.202.1/winbox/winbox.exe Berikut ini screenshot dari winbox tersebut
Demikian step-step instalasi mikrotik yang bisa saya sampaikan, selanjutnya Insya Allah di kesempatan lain akan saya lanjutkan dengan konfigurasi fitur-fitur mikrotik lainnya.
instalasi debian
Insert your Debian Lenny network installtion CD into your system and boot from it. Select Install (this will start the text installer - if you prefer a graphical installer, select Graphical install):
(JavaScript must be enabled in your browser to view the large image as an image overlay.)
Choose your language:
(JavaScript must be enabled in your browser to view the large image as an image overlay.)
Then select your location:
(JavaScript must be enabled in your browser to view the large image as an image overlay.)
(JavaScript must be enabled in your browser to view the large image as an image overlay.)
(JavaScript must be enabled in your browser to view the large image as an image overlay.)
Choose a keyboard layout:
(JavaScript must be enabled in your browser to view the large image as an image overlay.)
The installer checks the installation CD, your hardware, and configures the network with DHCP if there is a DHCP server in the network:
(JavaScript must be enabled in your browser to view the large image as an image overlay.)
(JavaScript must be enabled in your browser to view the large image as an image overlay.)
Enter the hostname. In this example, my system is called server1.example.com, so I enter server1:
(JavaScript must be enabled in your browser to view the large image as an image overlay.)
Enter your domain name. In this example, this is example.com:
(JavaScript must be enabled in your browser to view the large image as an image overlay.)
Now you have to partition your hard disk. For simplicity's sake I will create one big partition (with the mount point /) and a little swap partition so I select Guided - use entire disk (of course, the partitioning is totally up to you - if you like, you can create more than just one big partition, and you can also use LVM):
(JavaScript must be enabled in your browser to view the large image as an image overlay.)
Select the disk that you want to partition:
(JavaScript must be enabled in your browser to view the large image as an image overlay.)
Then select the partitioning scheme. As mentioned before, I select All files in one partition (recommended for new users) for simplicity's sake - it's up to your likings what you choose here:
(JavaScript must be enabled in your browser to view the large image as an image overlay.)
When you're finished, select Finish partitioning and write changes to disk:
(JavaScript must be enabled in your browser to view the large image as an image overlay.)
Select Yes when you're asked Write changes to disks?:
Submitted by falko (Contact Author) (Forums) on Tue, 2009-02-17 17:28. ::
Afterwards, your new partitions are created and formatted:
(JavaScript must be enabled in your browser to view the large image as an image overlay.)
Now the base system is installed:
(JavaScript must be enabled in your browser to view the large image as an image overlay.)
Afterwards, give the root user a password:
(JavaScript must be enabled in your browser to view the large image as an image overlay.)
Confirm that password to avoid typos:
(JavaScript must be enabled in your browser to view the large image as an image overlay.)
Create a normal user account, for example the user Administrator with the user name administrator (don't use the user name admin as it is a reserved name on Debian Lenny):
(JavaScript must be enabled in your browser to view the large image as an image overlay.)
(JavaScript must be enabled in your browser to view the large image as an image overlay.)
(JavaScript must be enabled in your browser to view the large image as an image overlay.)
(JavaScript must be enabled in your browser to view the large image as an image overlay.)
Next you must configure apt. Because you are using the Debian Lenny Netinstall CD which contains only a minimal set of packages, you must use a network mirror. Select the country where the network mirror that you want to use is located (usually this is the country where your Debian Lenny system is located):
(JavaScript must be enabled in your browser to view the large image as an image overlay.)
Then select the mirror you want to use (e.g. ftp2.de.debian.org):
(JavaScript must be enabled in your browser to view the large image as an image overlay.)
Unless you use an HTTP proxy, leave the following field empty and hit Continue:
(JavaScript must be enabled in your browser to view the large image as an image overlay.)
Apt is now updating its packages database:
(JavaScript must be enabled in your browser to view the large image as an image overlay.)
You can skip the package usage survey by selecting No:
(JavaScript must be enabled in your browser to view the large image as an image overlay.)
We need a web server, DNS server, mail server, and a MySQL database, but nevertheless I don't select any of them now because I like to have full control over what gets installed on my system. We will install the needed packages manually later on. Therefore we just select Standard system and hit Continue:
(JavaScript must be enabled in your browser to view the large image as an image overlay.)
The required packages are downloaded and installed on the system:
(JavaScript must be enabled in your browser to view the large image as an image overlay.)
(JavaScript must be enabled in your browser to view the large image as an image overlay.)
When you're asked Install the GRUB boot loader to the master boot record, select Yes:
(JavaScript must be enabled in your browser to view the large image as an image overlay.)
The base system installation is now finished. Remove the Debian Lenny Netinstall CD from the CD drive and hit Continue to reboot the system:
4 Install The SSH Server
Debian Lenny does not install OpenSSH by default, therefore we do it now. Run
apt-get install ssh openssh-server
From now on you can use an SSH client such as PuTTY and connect from your workstation to your Debian Lenny server and follow the remaining steps from this tutorial.
5 Install vim-nox (Optional)
I'll use vi as my text editor in this tutorial. The default vi program has some strange behaviour on Debian and Ubuntu; to fix this, we install vim-nox:
apt-get install vim-nox
(You don't have to do this if you use a different text editor such as joe or nano.)
6 Configure The Network
Because the Debian Lenny installer has configured our system to get its network settings via DHCP, we have to change that now because a server should have a static IP address. Edit /etc/network/interfaces and adjust it to your needs (in this example setup I will use the IP address 192.168.0.100) (please note that I replace allow-hotplug eth0 with auto eth0; otherwise restarting the network doesn't work, and we'd have to reboot the whole system):
vi /etc/network/interfaces
# This file describes the network interfaces available on your system
# and how to activate them. For more information, see interfaces(5).
# The loopback network interface
auto lo
iface lo inet loopback
# The primary network interface
#allow-hotplug eth0
#iface eth0 inet dhcp
auto eth0
iface eth0 inet static
address 192.168.0.100
netmask 255.255.255.0
network 192.168.0.0
broadcast 192.168.0.255
gateway 192.168.0.1
Then restart your network:
/etc/init.d/networking restart
Then edit /etc/hosts. Make it look like this:
vi /etc/hosts
127.0.0.1 localhost.localdomain localhost
192.168.0.100 server1.example.com server1
# The following lines are desirable for IPv6 capable hosts
::1 localhost ip6-localhost ip6-loopback
fe00::0 ip6-localnet
ff00::0 ip6-mcastprefix
ff02::1 ip6-allnodes
ff02::2 ip6-allrouters
ff02::3 ip6-allhosts
Now run
echo server1.example.com > /etc/hostname
/etc/init.d/hostname.sh start
Afterwards, run
hostname
hostname -f
Both should show server1.example.com.
7 Update Your Debian Installation
Run
apt-get update
to update the apt package database and
apt-get upgrade
to install the latest updates (if there are any).
8 Install Some Software
Now we install a few packages that are needed later on. Run
apt-get install binutils cpp fetchmail flex gcc libarchive-zip-perl libc6-dev libcompress-zlib-perl libdb4.6-dev libpcre3 libpopt-dev lynx m4 make ncftp nmap openssl perl perl-modules unzip zip zlib1g-dev autoconf automake1.9 libtool bison autotools-dev g++ build-essential
(This command must go into one line!)
9 Quota
(If you have chosen a different partitioning scheme than I did, you must adjust this chapter so that quota applies to the partitions where you need it.)
To install quota, run
apt-get install quota
Edit /etc/fstab. Mine looks like this (I added ,usrquota,grpquota to the partition with the mount point /):
vi /etc/fstab
# /etc/fstab: static file system information.
#
#
proc /proc proc defaults 0 0
/dev/sda1 / ext3 errors=remount-ro,usrquota,grpquota 0 1
/dev/sda5 none swap sw 0 0
/dev/hda /media/cdrom0 udf,iso9660 user,noauto 0 0
/dev/fd0 /media/floppy0 auto rw,user,noauto 0 0
To enable quota, run these commands:
touch /quota.user /quota.group
chmod 600 /quota.*
mount -o remount /
quotacheck -avugm
quotaon -avug
10 BIND9 DNS Server
Run
apt-get install bind9
to install BIND9.
For security reasons we want to run BIND chrooted so we have to do the following steps:
/etc/init.d/bind9 stop
Edit the file /etc/default/bind9 so that the daemon will run as the unprivileged user bind, chrooted to /var/lib/named. Modify the line: OPTIONS="-u bind" so that it reads OPTIONS="-u bind -t /var/lib/named":
vi /etc/default/bind9
# run resolvconf?
RESOLVCONF=yes
# startup options for the server
OPTIONS="-u bind -t /var/lib/named"
Create the necessary directories under /var/lib:
mkdir -p /var/lib/named/etc
mkdir /var/lib/named/dev
mkdir -p /var/lib/named/var/cache/bind
mkdir -p /var/lib/named/var/run/bind/run
Then move the config directory from /etc to /var/lib/named/etc:
mv /etc/bind /var/lib/named/etc
Create a symlink to the new config directory from the old location (to avoid problems when BIND gets updated in the future):
ln -s /var/lib/named/etc/bind /etc/bind
Make null and random devices, and fix permissions of the directories:
mknod /var/lib/named/dev/null c 1 3
mknod /var/lib/named/dev/random c 1 8
chmod 666 /var/lib/named/dev/null /var/lib/named/dev/random
chown -R bind:bind /var/lib/named/var/*
chown -R bind:bind /var/lib/named/etc/bind
We need to open /etc/rsyslog.d/bind-chroot.conf...
vi /etc/rsyslog.d/bind-chroot.conf
... and add the following line so that we can still get important messages logged to the system logs:
$AddUnixListenSocket /var/lib/named/dev/log
Restart the logging daemon:
/etc/init.d/rsyslog restart
Start up BIND, and check /var/log/syslog for errors:
/etc/init.d/bind9 start
11 MySQL
In order to install MySQL, we run
apt-get install mysql-server mysql-client libmysqlclient15-dev
You will be asked to provide a password for the MySQL root user - this password is valid for the user root@localhost as well as root@server1.example.com, so we don't have to specify a MySQL root password manually later on:
New password for the MySQL "root" user: <-- yourrootsqlpassword Repeat password for the MySQL "root" user: <-- yourrootsqlpassword We want MySQL to listen on all interfaces, not just localhost, therefore we edit /etc/mysql/my.cnf and comment out the line bind-address = 127.0.0.1: vi /etc/mysql/my.cnf [...] # Instead of skip-networking the default is now to listen only on # localhost which is more compatible and is not less secure. #bind-address = 127.0.0.1 [...] Then we restart MySQL: /etc/init.d/mysql restart Now check that networking is enabled. Run netstat -tap | grep mysql The output should look like this: server1:~# netstat -tap | grep mysql tcp 0 0 *:mysql *:* LISTEN 6612/mysqld server1:~# 12 Postfix With SMTP-AUTH And TLS In order to install Postfix with SMTP-AUTH and TLS do the following steps: apt-get install postfix libsasl2-2 sasl2-bin libsasl2-modules procmail You will be asked two questions. Answer as follows: General type of mail configuration: <-- Internet Site System mail name: <-- server1.example.com Then run dpkg-reconfigure postfix Again, you'll be asked some questions: General type of mail configuration: <-- Internet Site System mail name: <-- server1.example.com Root and postmaster mail recipient: <-- [blank] Other destinations to accept mail for (blank for none): <-- server1.example.com, localhost.example.com, localhost.localdomain, localhost Force synchronous updates on mail queue? <-- No Local networks: <-- 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128 Use procmail for local delivery? <-- Yes Mailbox size limit (bytes): <-- 0 Local address extension character: <-- + Internet protocols to use: <-- all Next, do this: postconf -e 'smtpd_sasl_local_domain =' postconf -e 'smtpd_sasl_auth_enable = yes' postconf -e 'smtpd_sasl_security_options = noanonymous' postconf -e 'broken_sasl_auth_clients = yes' postconf -e 'smtpd_sasl_authenticated_header = yes' postconf -e 'smtpd_recipient_restrictions = permit_sasl_authenticated,permit_mynetworks,reject_unauth_destination' postconf -e 'inet_interfaces = all' echo 'pwcheck_method: saslauthd' >> /etc/postfix/sasl/smtpd.conf
echo 'mech_list: plain login' >> /etc/postfix/sasl/smtpd.conf
Afterwards we create the certificates for TLS:
mkdir /etc/postfix/ssl
cd /etc/postfix/ssl/
openssl genrsa -des3 -rand /etc/hosts -out smtpd.key 1024
chmod 600 smtpd.key
openssl req -new -key smtpd.key -out smtpd.csr
openssl x509 -req -days 3650 -in smtpd.csr -signkey smtpd.key -out smtpd.crt
openssl rsa -in smtpd.key -out smtpd.key.unencrypted
mv -f smtpd.key.unencrypted smtpd.key
openssl req -new -x509 -extensions v3_ca -keyout cakey.pem -out cacert.pem -days 3650
Next we configure Postfix for TLS (make sure that you use the correct hostname for myhostname):
postconf -e 'myhostname = server1.example.com'
postconf -e 'smtpd_tls_auth_only = no'
postconf -e 'smtp_use_tls = yes'
postconf -e 'smtpd_use_tls = yes'
postconf -e 'smtp_tls_note_starttls_offer = yes'
postconf -e 'smtpd_tls_key_file = /etc/postfix/ssl/smtpd.key'
postconf -e 'smtpd_tls_cert_file = /etc/postfix/ssl/smtpd.crt'
postconf -e 'smtpd_tls_CAfile = /etc/postfix/ssl/cacert.pem'
postconf -e 'smtpd_tls_loglevel = 1'
postconf -e 'smtpd_tls_received_header = yes'
postconf -e 'smtpd_tls_session_cache_timeout = 3600s'
postconf -e 'tls_random_source = dev:/dev/urandom'
The file /etc/postfix/main.cf should now look like this:
cat /etc/postfix/main.cf
# See /usr/share/postfix/main.cf.dist for a commented, more complete version
# Debian specific: Specifying a file name will cause the first
# line of that file to be used as the name. The Debian default
# is /etc/mailname.
#myorigin = /etc/mailname
smtpd_banner = $myhostname ESMTP $mail_name (Debian/GNU)
biff = no
# appending .domain is the MUA's job.
append_dot_mydomain = no
# Uncomment the next line to generate "delayed mail" warnings
#delay_warning_time = 4h
readme_directory = no
# TLS parameters
smtpd_tls_cert_file = /etc/postfix/ssl/smtpd.crt
smtpd_tls_key_file = /etc/postfix/ssl/smtpd.key
smtpd_use_tls = yes
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
# See /usr/share/doc/postfix/TLS_README.gz in the postfix-doc package for
# information on enabling SSL in the smtp client.
myhostname = server1.example.com
alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases
myorigin = /etc/mailname
mydestination = server1.example.com, localhost.example.com, localhost.localdomain, localhost
relayhost =
mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128
mailbox_command = procmail -a "$EXTENSION"
mailbox_size_limit = 0
recipient_delimiter = +
inet_interfaces = all
inet_protocols = all
smtpd_sasl_local_domain =
smtpd_sasl_auth_enable = yes
smtpd_sasl_security_options = noanonymous
broken_sasl_auth_clients = yes
smtpd_sasl_authenticated_header = yes
smtpd_recipient_restrictions = permit_sasl_authenticated,permit_mynetworks,reject_unauth_destination
smtpd_tls_auth_only = no
smtp_use_tls = yes
smtp_tls_note_starttls_offer = yes
smtpd_tls_CAfile = /etc/postfix/ssl/cacert.pem
smtpd_tls_loglevel = 1
smtpd_tls_received_header = yes
smtpd_tls_session_cache_timeout = 3600s
tls_random_source = dev:/dev/urandom
Authentication will be done by saslauthd. We have to change a few things to make it work properly. Because Postfix runs chrooted in /var/spool/postfix we have to do the following:
mkdir -p /var/spool/postfix/var/run/saslauthd
Now we have to edit /etc/default/saslauthd in order to activate saslauthd. Set START to yes and change the line OPTIONS="-c -m /var/run/saslauthd" to OPTIONS="-c -m /var/spool/postfix/var/run/saslauthd -r":
vi /etc/default/saslauthd
#
# Settings for saslauthd daemon
# Please read /usr/share/doc/sasl2-bin/README.Debian for details.
#
# Should saslauthd run automatically on startup? (default: no)
START=yes
# Description of this saslauthd instance. Recommended.
# (suggestion: SASL Authentication Daemon)
DESC="SASL Authentication Daemon"
# Short name of this saslauthd instance. Strongly recommended.
# (suggestion: saslauthd)
NAME="saslauthd"
# Which authentication mechanisms should saslauthd use? (default: pam)
#
# Available options in this Debian package:
# getpwent -- use the getpwent() library function
# kerberos5 -- use Kerberos 5
# pam -- use PAM
# rimap -- use a remote IMAP server
# shadow -- use the local shadow password file
# sasldb -- use the local sasldb database file
# ldap -- use LDAP (configuration is in /etc/saslauthd.conf)
#
# Only one option may be used at a time. See the saslauthd man page
# for more information.
#
# Example: MECHANISMS="pam"
MECHANISMS="pam"
# Additional options for this mechanism. (default: none)
# See the saslauthd man page for information about mech-specific options.
MECH_OPTIONS=""
# How many saslauthd processes should we run? (default: 5)
# A value of 0 will fork a new process for each connection.
THREADS=5
# Other options (default: -c -m /var/run/saslauthd)
# Note: You MUST specify the -m option or saslauthd won't run!
#
# WARNING: DO NOT SPECIFY THE -d OPTION.
# The -d option will cause saslauthd to run in the foreground instead of as
# a daemon. This will PREVENT YOUR SYSTEM FROM BOOTING PROPERLY. If you wish
# to run saslauthd in debug mode, please run it by hand to be safe.
#
# See /usr/share/doc/sasl2-bin/README.Debian for Debian-specific information.
# See the saslauthd man page and the output of 'saslauthd -h' for general
# information about these options.
#
# Example for postfix users: "-c -m /var/spool/postfix/var/run/saslauthd"
#OPTIONS="-c -m /var/run/saslauthd"
OPTIONS="-c -m /var/spool/postfix/var/run/saslauthd -r"
Next add the postfix user to the sasl group (this makes sure that Postfix has the permission to access saslauthd):
adduser postfix sasl
Now restart Postfix and start saslauthd:
/etc/init.d/postfix restart
/etc/init.d/saslauthd start
To see if SMTP-AUTH and TLS work properly now run the following command:
telnet localhost 25
After you have established the connection to your Postfix mail server type
ehlo localhost
If you see the lines
250-STARTTLS
and
250-AUTH LOGIN PLAIN
everything is fine.
The output on my system looks like this:
server1:/etc/postfix/ssl# telnet localhost 25
Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.
220 server1.example.com ESMTP Postfix (Debian/GNU)
ehlo localhost
250-server1.example.com
250-PIPELINING
250-SIZE 10240000
250-VRFY
250-ETRN
250-STARTTLS
250-AUTH LOGIN PLAIN
250-AUTH=LOGIN PLAIN
250-ENHANCEDSTATUSCODES
250-8BITMIME
250 DSN
quit
221 2.0.0 Bye
Connection closed by foreign host.
server1:/etc/postfix/ssl#
Type
quit
to return to the system's shell.
13 Courier-IMAP/Courier-POP3
Run this to install Courier-IMAP/Courier-IMAP-SSL (for IMAPs on port 993) and Courier-POP3/Courier-POP3-SSL (for POP3s on port 995):
apt-get install courier-authdaemon courier-base courier-imap courier-imap-ssl courier-pop courier-pop-ssl courier-ssl gamin libgamin0 libglib2.0-0
You will be asked two questions:
Create directories for web-based administration? <-- No SSL certificate required <-- Ok During the installation, the SSL certificates for IMAP-SSL and POP3-SSL are created with the hostname localhost. To change this to the correct hostname (server1.example.com in this tutorial), delete the certificates... cd /etc/courier rm -f /etc/courier/imapd.pem rm -f /etc/courier/pop3d.pem ... and modify the following two files; replace CN=localhost with CN=server1.example.com (you can also modify the other values, if necessary): vi /etc/courier/imapd.cnf [...] CN=server1.example.com [...] vi /etc/courier/pop3d.cnf [...] CN=server1.example.com [...] Then recreate the certificates... mkimapdcert mkpop3dcert ... and restart Courier-IMAP-SSL and Courier-POP3-SSL: /etc/init.d/courier-imap-ssl restart /etc/init.d/courier-pop-ssl restart If you do not want to use ISPConfig, configure Postfix to deliver emails to a user's Maildir*: postconf -e 'home_mailbox = Maildir/' postconf -e 'mailbox_command =' /etc/init.d/postfix restart *Please note: You do not have to do this if you intend to use ISPConfig on your system as ISPConfig does the necessary configuration using procmail recipes. But please go sure to enable Maildir under Management -> Server -> Settings -> EMail in the ISPConfig web interface.
14 Apache/PHP5/Ruby/Python
Now we install Apache:
apt-get install apache2 apache2-doc apache2-mpm-prefork apache2-utils apache2-suexec libexpat1 ssl-cert
Next we install PHP5, Ruby, and Python (all three as Apache modules):
apt-get install libapache2-mod-php5 libapache2-mod-ruby libapache2-mod-python php5 php5-common php5-curl php5-dev php5-gd php5-idn php-pear php5-imagick php5-imap php5-mcrypt php5-memcache php5-mhash php5-ming php5-mysql php5-pspell php5-recode php5-snmp php5-sqlite php5-suhosin php5-tidy php5-xcache php5-xmlrpc php5-xsl
Next we edit /etc/apache2/mods-available/dir.conf...
vi /etc/apache2/mods-available/dir.conf
... and change the DirectoryIndex line:
#DirectoryIndex index.html index.cgi index.pl index.php index.xhtml index.htm
DirectoryIndex index.html index.htm index.shtml index.cgi index.php index.php3 index.pl index.xhtml
Now we have to enable some Apache modules (SSL, rewrite, suexec, and include):
a2enmod ssl
a2enmod rewrite
a2enmod suexec
a2enmod include
Restart Apache:
/etc/init.d/apache2 restart
We have to fix a small problem with Ruby. If you install ISPConfig and enable Ruby for a web site, .rbx files will be executed fine and displayed in the browser, but this does not work for .rb files - you will be prompted to download the .rb file - the same happens if you configure Ruby manually for a vhost (i.e., it has nothing to do with ISPConfig). To fix this, we open /etc/mime.types...
vi /etc/mime.types
... and comment out the application/x-ruby line:
[...]
#application/x-ruby rb
[...]
Restart Apache:
/etc/init.d/apache2 restart
Now .rb files will be executed and displayed in the browser, just like .rbx files.
In the next chapter (14.1) we are going to disable PHP (this is necessary only if you want to install ISPConfig on this server). Unlike PHP, Ruby and Python are disabled by default, therefore we don't have to do it.
14.1 Disable PHP Globally
(If you do not plan to install ISPConfig on this server, please skip this section!)
In ISPConfig you will configure PHP on a per-website basis, i.e. you can specify which website can run PHP scripts and which one cannot. This can only work if PHP is disabled globally because otherwise all websites would be able to run PHP scripts, no matter what you specify in ISPConfig.
To disable PHP globally, we edit /etc/mime.types and comment out the application/x-httpd-php lines:
vi /etc/mime.types
[...]
#application/x-httpd-php phtml pht php
#application/x-httpd-php-source phps
#application/x-httpd-php3 php3
#application/x-httpd-php3-preprocessed php3p
#application/x-httpd-php4 php4
[...]
Edit /etc/apache2/mods-enabled/php5.conf and comment out the following lines:
vi /etc/apache2/mods-enabled/php5.conf
#AddType application/x-httpd-php .php .phtml .php3
#AddType application/x-httpd-php-source .phps
Then restart Apache:
/etc/init.d/apache2 restart
15 Proftpd
In order to install Proftpd, run
apt-get install proftpd ucf
You will be asked a question:
Run proftpd: <-- standalone For security reasons add the following lines to /etc/proftpd/proftpd.conf (thanks to Reinaldo Carvalho; more information can be found here: http://proftpd.org/localsite/Userguide/linked/userguide.html): vi /etc/proftpd/proftpd.conf [...] DefaultRoot ~ IdentLookups off ServerIdent on "FTP Server ready." [...] ISPConfig expects the configuration to be in /etc/proftpd.conf instead of /etc/proftpd/proftpd.conf, therefore we create a symlink (you can skip this command if you don't want to install ISPConfig): ln -s /etc/proftpd/proftpd.conf /etc/proftpd.conf Then restart Proftpd: /etc/init.d/proftpd restart 16 Webalizer To install webalizer, just run apt-get install webalizer 17 Synchronize the System Clock It is a good idea to synchronize the system clock with an NTP (network time protocol) server over the internet. Simply run apt-get install ntp ntpdate and your system time will always be in sync. 18 Install Some Perl Modules Needed By SpamAssassin (Comes With ISPConfig) Run apt-get install libhtml-parser-perl libdb-file-lock-perl libnet-dns-perl 19 ISPConfig The configuration of the server is now finished, and if you wish you can now install ISPConfig on it. Please check out the ISPConfig installation manual: http://www.ispconfig.org/manual_installation.htm 19.1 A Note On SuExec If you want to run CGI scripts under suExec, you should specify /var/www as the home directory for websites created by ISPConfig as Debian's suExec is compiled with /var/www as Doc_Root. Run /usr/lib/apache2/suexec -V and the output should look like this: server1:~# /usr/lib/apache2/suexec -V -D AP_DOC_ROOT="/var/www" -D AP_GID_MIN=100 -D AP_HTTPD_USER="www-data" -D AP_LOG_EXEC="/var/log/apache2/suexec.log" -D AP_SAFE_PATH="/usr/local/bin:/usr/bin:/bin" -D AP_UID_MIN=100 -D AP_USERDIR_SUFFIX="public_html" server1:~# So if you want to use suExec with ISPconfig, don't change the default web root (which is /var/www) if you use expert mode during the ISPConfig installation (in standard mode you can't change the web root anyway so you'll be able to use suExec in any case).
