Comments on The Perfect Server CentOS 8 with Apache, PHP, Postfix, Dovecot, Pure-FTPD, BIND and ISPConfig 3.2

1 web configuration for the phpmyadmin give permission denied for non localhost
2 why not to use LE certs for FTP too?

1) To enable old style mysql login as required by phpmyadmin for the root user, use this command:

echo "update mysql.user set plugin = 'mysql_native_password' where user='root';" | mysql -u root -p

cannot access phpmyadmin,

Forbidden

Hello,

both phpmyadmin and roundcube get 403 permission error:

[Fri Sep 25 22:09:18.264819 2020] [core:error] [pid 9013:tid 140338450622208] (13)Permission denied: [client xxx.xxx.xxx.xxx:47166] AH00035: access to /roundcubemail/installer/index.php denied (filesystem path '/usr/share/roundcubemail/installer/index.php') because search permissions are missing on a component of the path [Fri Sep 25 22:24:55.423482 2020] [authz_core:error] [pid 12712:tid 140673508427520] [client xxx.xxx.xxx.xxx:48160] AH01630: client denied by server configuration: /usr/share/phpmyadmin/

@Alex: Seems as if you missed setting SELinux to permissive as described in this guide in chapter 3 or you did not reboot the server after you did that change in SELinux config.

Yes, it was the problem.

For roundcube: set SELINUX=permissive & reboot

and for phpmyadmin: edit phpmyadmin.conf, uncomment RequireAny and add "Require ip MyIp" to it, restart httpd.

Thank you!

Hello all, I got problems installing php-imap and few more, even I got all the repos installed I need. What am I missing?

 

[root@web-w-0 ~]# dnf -y install php php-devel php-gd php-imap php-ldap php-mysql php-odbc php-pear php-xml php-xmlrpc php-pecl-apc php-mbstring php-mcrypt php-snmp php-soap php-tidy curl curl-devel perl-libwww-perl ImageMagick libxml2 libxml2-devel mod_fcgid php-cli httpd-devel php-fpm php-intl php-imagick php-pspell wgetFailed to set locale, defaulting to C.UTF-8Last metadata expiration check: 0:17:34 ago on Sat Oct  3 18:33:14 2020.Package php-7.2.24-1.module_el8.2.0+313+b04d0a66.x86_64 is already installed.All matches were filtered out by modular filtering for argument: php-imapAll matches were filtered out by modular filtering for argument: php-mysqlAll matches were filtered out by modular filtering for argument: php-pecl-apcPackage php-mbstring-7.2.24-1.module_el8.2.0+313+b04d0a66.x86_64 is already installed.All matches were filtered out by modular filtering for argument: php-mcryptAll matches were filtered out by modular filtering for argument: php-tidyPackage curl-7.61.1-12.el8.x86_64 is already installed.Package libxml2-2.9.7-7.el8.x86_64 is already installed.Package php-cli-7.2.24-1.module_el8.2.0+313+b04d0a66.x86_64 is already installed.Package php-fpm-7.2.24-1.module_el8.2.0+313+b04d0a66.x86_64 is already installed.All matches were filtered out by modular filtering for argument: php-imagickAll matches were filtered out by modular filtering for argument: php-pspellPackage wget-1.19.5-8.el8_1.1.x86_64 is already installed.Error: Unable to find a match: php-imap php-mysql php-pecl-apc php-mcrypt php-tidy php-imagick php-pspell

Hi,

all the time I try to access ispconfig I get: "Internal Server Error

 

The server encountered an internal error or misconfiguration and was unable to complete your request.

 

Please contact the server administrator at webmaster@localhost to inform them of the time this error occurred, and the actions you performed just before this error.

 

More information about this error may be available in the server error log."

 

In the logs there is also not much which would help me: "[Sun Oct 04 16:44:52.048023 2020] [fcgid:warn] [pid 1643:tid 140331060287232] (104)Connection reset by peer: [client 192.168.0.20:60900] mod_fcgid: error reading data from FastCGI server

[Sun Oct 04 16:44:52.048049 2020] [core:error] [pid 1643:tid 140331060287232] [client 192.168.0.20:60900] End of script output before headers: index.php

"

 

How could I debug this better to get this finnaly running?

@Timo: Please make a post in the ispconfig support forum https://www.howtoforge.com/community/forums/installation-configuration.27/ so that we can help you to debug your server issue. 

 Is the installation of mailman required?  The tutorial seems to indicate that it is optional, however I'm getting a lot of:

"warning: hash:/var/lib/mailman/data/virtual-mailman is unavailable. open database /var/lib/mailman/data/virtual-mailman.db: No such file or directory"

messages in my maillog.. or does this mean something else?

What about nginx and switching from apache config to nginx same instructions as previous ISPconfig ?

Postgrey need to be configured as it is using by default sockets and not ports. In my case I had to change within the file "/etc/sysconfig/postgrey" the line 'POSTGREY_TYPE="--unix=/var/spool/postfix/postgrey/socket"' into 'POSTGREY_TYPE="--inet=127.0.0.1:10023"'

I was not able to get quota working, I have to set selinux in disabled mode, no permissive, andin /etc/fstab I have to put ,usrquota,grpquota instead of ,uquota,gquotalike here:UUID=d28ca73e-6da2-43f9-ba72-2031422d706a /var/www   ext4    defaults,usrquota,grpquota                         1 2

Hello Till, Can I directly install Rspamd to replace Amavisd? Do you add the tutorial of the Rspamd for ISPconfig 3.2 (CentOS 8)?

Thanks very much!

Awstats woudn't show the icons.  So the solution was to edit the 000-ispconfig.conf file using:nano /etc/httpd/conf/sites-enabled/000-ispconfig.conf

 

<Directory /usr/share/awstats/wwwroot/icon>

                                Require all granted

                </Directory>

 

Alias /awstats-icons "/usr/share/awstats/wwwroot/icon"

 

 

 

 

 

 

 

I had to change the path to include the wwwroot folder in both entries to:  "/usr/share/awstats/wwwroot/icon" and change /awstats-icons to /awstats-icons after "Alias"

 

 

<Directory /usr/share/awstats/wwwroot/icon>

                                Require all granted

                </Directory>

 

Alias /awstatsicons "/usr/share/awstats/wwwroot/icon"

Other then that,  this tutorial work pretty flawelessly.  It's running on a Hyper-V virtual Machine

Two quick ones. I am installing on Centos 8.3.2011. Centos changed the names of their repositories, so:

dnf config-manager --set-enabled PowerTools

becomes

dnf config-manager --set-enabled powertools

and hashing out the "Require" configuration for PHPMyAdmin does not work. You still get a "Forbidden" page whan accessing it. Instead, set the phpmyadmin.conf file to look like

# phpMyAdmin - Web based MySQL browser written in php## Allows only localhost by default## But allowing phpMyAdmin to anyone other than localhost should be considered# dangerous unless properly secured by SSLAlias /phpMyAdmin /usr/share/phpmyadminAlias /phpmyadmin /usr/share/phpmyadmin<Directory /usr/share/phpmyadmin/><IfModule mod_authz_core.c> # Apache 2.4 <RequireAny> Require all granted </RequireAny> </IfModule> <IfModule !mod_authz_core.c> # Apache 2.2 Order Deny,Allow Deny from All Allow from 127.0.0.1 Allow from ::1 </IfModule></Directory>

Except with 8.2 it still requires the older repo name, so if you have not updated in the earlier step it will fail for the same reason.

why do 99% of the guides not deal with SELinux?

One thing to add: I've installed on CentOS 8.3.2011 and it seems that certbot-auto is not supporting this OS anymore. I had to install snapd and then install certbot using it.

Question: After the installation the main ispconfig console is not accessible - error 403: access log:{code}

"GET / HTTP/1.1" 403 4288 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_6) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.0.2 Safari/605.1.15"

{code}Checked all config files - everything seems to be OK. phpmyadmin works ok. selinux disabled. When access https://myserver:8080 get default Apache webpage. Please help!

Question is resolved - missed one step with modeule installation :(

 

Hi Sergey, 

I came across the same issue with I think 8.2 with certbot being depreciated, I posted and it may show up after moderation.

How did you get SSL as you mentioned snapd having to be installed and then you installed certbot using snapd? I am not familiar with that.

Just an FYI, certbot-auto may not work anymore....

 

# ./certbot-auto

Skipping bootstrap because certbot-auto is deprecated on this system.

Your system is not supported by certbot-auto anymore.

Certbot cannot be installed.

Please visit https://certbot.eff.org/ to check for other alternatives.

 

 

For cerbot: dnf install certbot python3-certbot-apache

Hello,

How to install PHP 5.6 as aditional PHP version to ISPConfig 3 and Centos 8?For websites phpinfo show correct version when I switch it for website, but phpmyadmin returns 503 error "Service unavailable".

Thanks!

Yes, the certbot was installed using snapd. But the updated variant which is in this version of the article is much better solution

https://fossies.org/linux/www/apache_httpd_modules/mod_python-3.5.0.tgz if you're looking for it.

there's actually a typo in the roundcube part 

CREATE USER 'roundcubeuser'@'localhost' IDENTIFIED BY 'roundcubepassword';

without the ' for some reason it fails.. anyhow minor input but hopefully saves all of you the time I lost figuring it out.

 

When doing the roundcube install part 

I had to redo the database in mariadb for some reason it didn't take.

Aside from that and the bits I pasted above 

disabling the installer in roundcube by adding $config ['enable_installer'] = 'false'; to the /usr/share/roundcubemail/config/config.inc.php file

... seems to fail but it's actually that your browser has a session cookie so.. 

Till, once again thankyou for another excellent tutorial and brilliant application good sir!

hope the info provided helps !

X.

Hi, I just followed your tutorial validading every single step to install ISPConfig on Oracle Linux 8 which is a RHEL version just like CentOS 8 and everything seems to work fine, I also bought your Documentation but can't find any that helps me with my issue, the thing is with Roundcube and I setted up the SMTP server with Oracle's SMTP to outgoing mails from my email accounts created from ISPConfig, but I can't get any email to any INBOX, but I see the SENT mesagges in RoundCube, anyone that can help me tih this issue, I really appreciate it, thanks!

Well actually I had to setup a SMTP outgoing server in order to getting working, but now I can't receive mails to my local mail server but before the SMTP configuration the server only has the ability to receive mails just well, I reinstalled the postfix server following this tutorial documentation again and now I'm getting an error of ExecStartPre=/usr/sbin/restorecon -Rv /var/spool/postfix/pid/master.pid (code=exited, status=255)

Any suggestions? Thanks

Please post in the ISPConfig support forum to get help with your installation issue: https://www.howtoforge.com/community/forums/installation-configuration.27/

@Till Brehm: Why do we disable IPTables and then install Fail2ban? Fail2ban doens't work if iptables are disabled!

In the Fail2ban section we disable DFirewalld and not IPtables. Firewalld gets disabled because iptables is used by Fail2ban instead. Firewalld is not IPTables.

Hi, greetings to you all. Does anyone knows how to setup Nameservers with ISPConfig in Oracle Linux 8, I registered ns1.mydomain.com and ns2.mydomain.com in my domain registrant (Dynadot) about 15 days ago, and also followed the documentation from Configuring the Name Service and some DNS from different countries (max 5 contries) are propagated, but most of them aren't. So I would like and expert advice to fix this issue to start using my ISPConfig as a webserver for my projects and also as a Billing Replacement for my current WHMCS service and with your Module @Till Brehm, any suggestions? Thanks!

Hi, are you be able to tell me why, sometimes, fail2ban bans me postfix?

found an error/typo/ommision in the instructions for enabling quotas:

     says:  If you have a separate /var partition, then edit /etc/fstab and add ,uquota,gquota to the / partition (/dev/mapper/centos-var):

should say:  If you have a separate /var partition, then edit /etc/fstab and add ,uquota,gquota to the /var partition (/dev/mapper/centos-var):

(it should reference the /var partition as the one we're adding u/gquotas to)

maybe I'm missing it, but in section 8 (Postfix), there a reference to turning off Sendmail and turning on MariaDB and Postfix, but there are no commands that address Sendmail specifically. 

it would appeat that the following commands should be added here, in the case where sendmail is actually installed

systemctl stop sendmailsystemctl disable sendmail

 

The mod_python download location has changed - it's now on Github:

https://github.com/grisha/mod_python/archive/refs/heads/3.5.x.zip

the format of download has changed as well, unpacking instructions will need to be updated

there is a newer version of roundcubeemail from Github, and it's also in a different format (.zip).  instructions should be updated

https://github.com/roundcube/roundcubemail/archive/refs/heads/release-1.6.zip

the prompts for installing ISPConfig 3.2.9 have changed, specifically regarding the certificate generation and linking them to Postfix and PureFTP - that should probably be updated

clamav takes too much of space, so in case we dont want to add at all, what changes are needed? also can you add rspamd insted of amavisd?

Since there's no CentOS/Rocks v9 install guide, there are a couple things I'll point out.

First, Rocky 9.5 is the smoothest and most similar installation to v8 that I've seen yet.  Really very similar.

1)  phpmyadmin has a newer version - 5.2.2

2) after changes to the amavisd-new configs, it usually won't restart.  the fix is to uninstall, reinstall, reenable, and restart, and it'll work

    [code]dnf -y --setopt=clean_requirements_on_remove=0 remove amavisd-new    dnf -y install amavisd-new    systemctl enable amavisd.service    (reboot)    systemctl status amavisd.service (should show its active now)[/code]

3)  mod_python can be gotten from here now:  https://github.com/grisha/mod_python/archive/refs/heads/master.zip

4)  jailkit has a newer version - 2.23

5) roundcube has a newer version - 1.6.10

6) I did find that at the end of all this, a reboot would cause a dracut/kernel issue, so running these commands after your last DNF UPDATE may help prevent that problem:

    [code]cp /boot/initramfs-$(uname -r).img /boot/initramfs-$(uname -r).backup.img    dracut -f -v[/code]

7)  mailman isn't developed for v9

8)  quotas on the XFS file system seem impossible to get working, so i installed it but could not get it configured (didn't work in any v9 version so far)

those are the major issues I found, though there are more subtle differences