ISPConfig | a1.11pro.ca

Submitted by entreprise7pro on Sun, 10/06/2019 - 13:05
**openvz**
After installing ISPConfig, I discovered that to use OpenVZ with ISPConfig you must install OpenVZ first!  I have not tried this but maybe in the future.  After having done a full ISPConfig install I was debating starting over the process, cloning my drives from my warm spare that has not had ISPConfig installed yet however I decided to just go with what I have because I'm not hosting a hosting platform for hosting hosting platforms, I'm simply hosting a hosting platform.  Note, review openvz instructions for ispconfig before starting if you want to use openvz with ispconfig.

**preamble**
Why ISPConfig ?
 - because it gives us easy mail server support out of the box, spamassassin and clamav out of the box , 
 - what else?  ways to sell hosting, OpenVZ for selling VPS space, or just to use it for private /corporate use
 - what else? statistics on usage, GUI, web interface
 - why OpenVZ ?  - Because it is a way to maximize your hardware resources in a low risk kinda way, its also the most efficient type of virtualization because it's made for virtualizing Linux, therefore is able to save memory making use of one kernel for all VMs yet to the user it appears as if everyone has their own kernel.  Inside the OpenVZ containers, they can be rebooted as often as you like without rebooting anyone elses container and without rebooting the host server.
 - certs, free certs, ISPConfig 3.1 provides a way to create free signed certificates 

What about KVM?  KVM is full virtualization, but for our use cases, we don't need that big of a sledge hammer, our VM usage for this server is going to be limited to Linux type x86-64 bit hosts, no need to support other CPU architectures or virtualize unfriendly OSes like Windoze.  Windoze? if you need Windoze virtualization, by all means, KVM could be the right thing for you.  If at some point we need KVM down the road, we can always install it later.

OpenVZ is supported by ISPConfig 3.1.

**Pre-installation**

BIOS settings (this differs from motherboard manufacturers, however ...)  some general guidelines.

RAID options in your BIOS - Forget this, this raid support is not much better (if at all)  than software raid done in Linux.  The bios software raid I have tried only works on Windows, and I've set it up on Windows before and found Linux software raid EASIER to set up than windows software raids even if they have bios support, this is because on Windows it requires installing drivers and dealing with the UEFI and secure boot, and its windows, we aren't installing that.

Example derived from the ASUS AM4 motherboard model - Prime 350m , bios update from February 27 2017 - 
- This motherboard configuration is not unique to this motherboard, so I'll make it generalized for all.  Using experience from other ASUS and Biostar motherboards as they were similar.

- OK, Pre-installation settings
1) This might not be the case anymore for newer versions of UBUNTU however, 
  a) I recommend DISABLING UEFI (however probably less important to do this since Ubuntu 18.04LTS) , this isn't always straight forward, in the Asus A4 prime 350m motherboard your SATA setting should be set to LEGACY ONLY support instead of UEFI with Legacy or UEFI always.  Nearly all motherboards since year 2011 have options for UEFI encrypted boot (secure boot).  To use software RAID in Linux disable UEFI.  This is to avoid problems booting your RAID after going through the trouble to install it.
  b) The BIOS raid support is not going to help us so DO NOT ENABLE bios RAID.  Because if it is enabled, you won't see your devices when searching for a device to install on in Ubuntu, so DISABLE this.
  c) There is a hot swap option available in the Asus 350m bios options, I recommend you enable it just in case, I don't know if it works, but it sounds good.

The first thing ubuntu will ask about your formatting options (if my memory serves) is whether or not to use manual, Entire disk guided, LVM guided, or LVM manual.

Choose manual.

Now to the RAID 1 settings in Ubuntu

- You'll now get another menu that has the option to create a RAID.

Before you do anything, create a RAID by selecting that option, it will ask you to choose the type of raid and the drives you want in that raid.  You'll want RAID 1 (mirroring) .  Once you've created the RAID , you'll have a 3rd device above your other sata devices, the 3rd device is SCSI RAID 1 blah blah.  

- Using the previously created RAID , choose guided format option, you'll get / and /swap , this is good enough for me.

Software Selection:

* [ ] Manual Package Selection
* [ ] DNS server
* [ ] LAMP server
* [ ] Mail server
* [ ] PostgreSQL database
* [ ] Samba file server
* [x] standard system utilities
* [ ] Virtual machine host
* [x] OpenSSH server

Choose just two options for now, standard system utilities and OpenSSH server

This is because we'll follow this guide afterwards.

https://www.howtoforge.com/tutorial/perfect-server-ubuntu-18.04-with-apache-php-myqsl-pureftpd-bind-postfix-doveot-and-ispconfig/

POST ISPConfig installation customizations:

Using cheap residential ISP service plans and you want to send email over SMTP, you'll need a third party service like sendgrid to do this. 
Sendgrid at one time did offer free service for up to 400 emails (sending) per day.  Of course, you can recieve unlimited e-mails on POP, or IMAP, those are not restricted by the ISP.

I've used sendgrid for a couple years have never exceeded 400 emails outbound per day.  This includes myself and my family members sending emails from the same server and the same sendgrid account.  All config happens on the postfix side.

However in 2018 I switched to a business plan with 5 static IPs, the business plan allows sending email over port 25 and also they provide a reverse dns , call them and have them set it up.
TO BE CONTINUED.


After installing, you should be able to see the status of your RAID array
```
joseph@ryzen:~$ cat /proc/mdstat 
Personalities : [raid1] [linear] [multipath] [raid0] [raid6] [raid5] [raid4] [raid10] 
md0 : active raid1 sdb1[1] sda1[0]
      488253440 blocks super 1.2 [2/2] [UU]
      bitmap: 0/4 pages [0KB], 65536KB chunk

unused devices: <none>
```

**ryzen 1700 processor info**

```
cat /proc/cpuinfo 
processor	: 0
vendor_id	: AuthenticAMD
cpu family	: 23
model		: 1
model name	: AMD Ryzen 7 1700 Eight-Core Processor
```

0 through 16 processors available !!! (well, actually, only physical cores, but the 16 logical cores each have their own portion of the L3 cache.

phpmyadmin: p `dp`

Next step : 9. Install Let's Encrypt

cert:
```
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [AU]:CA
State or Province Name (full name) [Some-State]:Quebec
Locality Name (eg, city) []:Gatineau
Organization Name (eg, company) [Internet Widgits Pty Ltd]:Entreprise 7pro.ca Inc.
Organizational Unit Name (eg, section) []:web          
Common Name (e.g. server FQDN or YOUR name) []:ryzen.w3usine.com
Email Address []:joseph@7pro.ca
```

**review:**
**15. Install fail2ban and UFW**
 - Potential problems: regex in ispconfig install instructions call for regex of english
 - OS is in français alors les messages serai peut-être français, dont peut-être il faudra ajuster le regex 

<br>
roundcube: p: `nmy`

mysql: p: `nmy`


```
Generating RSA private key, 4096 bit long modulus
...............................................................++
...........................................................................................................................................++
e is 65537 (0x10001)
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [AU]:CA
State or Province Name (full name) [Some-State]:Quebec
Locality Name (eg, city) []:Gatineau
Organization Name (eg, company) [Internet Widgits Pty Ltd]:Entreprise 7pro.ca Inc.
Organizational Unit Name (eg, section) []:web
Common Name (e.g. server FQDN or YOUR name) []:ryzen.w3usine.com
Email Address []:email@7pro.ca

Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:password
An optional company name []:Entreprise 7pro.ca Inc
writing RSA key
			

Configuring DBServer
Installing ISPConfig crontab
Installing ISPConfig crontab
no crontab for root
no crontab for getmail
Detect IP addresses
Restarting services ...
Installation completed.
```


jailkit ssh , works well.