2006-11-14 Brand Ron ron.brand@syscp.org Aders Florian florian.aders@syscp.org 2006 SysCP This work is licensed under the Creative Commons Attribution-Noncommercial-Share Alike 2.0 Germany License. To view a copy of this license, visit http://creativecommons.org/licenses/by-nc-sa/2.0/de/ or send a letter to Creative Commons, 543 Howard Street, 5th Floor, San Francisco, California, 94105, USA. 1 2006-10-06 Original version 1.1 2006-10-27 LaTeX - formatted and first commit to SysCP-documentation - SVN 1.2 2006-11-09 Converted to Docbook 1.3 2006-11-14 Added hint about ini_restore, updated the cronscript and added licensing-information

Welcome to the installation - process for the SysCP server-management-tool. You have chosen a powerful tool with a very small need of resources. Just execute the commands we show you in this HowTo and you should be happy. If problems occur, ask in our IRC channel or visit our forum. Do yourself a favour and use the powerful search function before asking any question. The results you get might be more efficient than a single question about a particular problem.

In this HowTo, we used the following basic naming conventions: Commands executed as root: syscp ~ # /execute/this/command Commands executed as a specific user: vmail@syscp $ /execute/this/command/as/user/vmail Output of various programs: I am the echo of a normal command, executed in a shell Content of a file:# The following sets the variable PATH to a useless value PATH=/dev/nullFilenames: /etc/apache2/httpd.conf Variable names: $iamavariable

It is essential to be familiar with your Linux-Environment. You might encounter situations, where you definitely need a shell. If you wish to install your server according to this HowTo it is advisable to consult and understand the basics of networking, DNS and - of course - Linux itself. You don't need to know every detail of your mail system already, this will be discussed here in this HowTo. Should you, however, have no experience at all how to operate a server which is connected to the Internet, we strongly recommend the usage of a test-environment. A wrongly configured server is a target for all kind of attack and misuse. This HowTo requires also basic-knowledge about the MySQL database server. Installation and configuration will not be discussed here. Last but not least you need to know basics about your apache webserver, without this basic knowledge you wont be able to configure your SysCP setup, and the software might not function properly. Every admin should be aware what kind of software is running on his/her system. Please keep in mind one basic thing: The best admintool can never replace a good administrator

To perform a successful installation of SysCP it is assumed to have a SUSE 10.0 up and running. A discussion about how to install Linux itself will not take place here. Certainly there are enough good HowTos available elsewhere and are misplaced here. In addition a MySQL database is needed too. Likewise there are good HowTos for helping you to install MySQL.

Although SUSE Linux 10.0 is more a Desktop System than a server, its still possible to set up a system with fully functional SysCP-support. However, it is necessary to add some lately published installation-sources. Fortunately these sources include the modules that we need to built up SysCP. They were not shipped with the original SUSE CD/DVD. This sources are: http://software.opensuse.org/download/server:/ftp/SUSE_Linux_10.0/ http://repos.opensuse.org/home:/cboltz/SUSE_Linux_10.0/ Add the above sources to your installation of SUSE

apache2 Webserver apache2-prefork Multi-Processing Module(mpm)similar to the process-model in Apache 1.3 apache2-mod_php5 PHP5 Module for Apache2.0 mysql Database server mysql-client Standard-MySQL-CLients php5 PHP5 Core-Files php5-mysql PHP5 Extension-Module for access to MySQL database servers. Note: You might want to have PHP4 installed for compatibility reasons. In this case use the respective php4 - modules. This HowTo however is based and tested with PHP5. postfix a powerful Mail-MTA postfix-mysql MySQL-Plugin for Postfix courier-imap lightweight server to provide IMAP and POP3 functionality courier-authlib provides authentication services courier-authlib-mysql MySQL support for the courier authentication library proftpd FTP-server proftpd-sql-mysql MySQL module for proftpd bind Domain Name Server (DNS) cyrus-sasl-sqlauxprop MySQL auxprop plugin openssl for crypted connections phpMyAdmin (optional) to manage your MySQL account over the web webalizer to manage your statistics Note: Keep in mind that above mentioned packages/modules will require further packages to resolve dependencies. YAST will automatically inform you upon installation which additional software is needed.

Type the following commands in a Shell, to create the directory for SysCP: syscp ~ # mkdir /srv/www/htdocs/syscp Currently there is no SUSE rpm of SysCP. Therefore we will get and install the *.tar.gz: syscp ~ # cd /root syscp ~ # wget http://files.syscp.org/releases/tgz/syscp-current.tar.gz In this HowTo we will install SysCP into the directory /srv/www/htdocs/syscp: syscp ~ # tar xzvf /root/syscp-current.tar.gz -C /srv/www/htdocs/ syscp ~ # chown -R wwwrun:www /srv/www/htdocs/syscp/* In order to provide maximum user-flexibility and let SysCP find its Include-files we need to change the default entry in /etc/php5/apache2/php.ini as follows: replace include_path = "/usr/share/php5" with include_path = ".:/usr/share/php5". Please note: Due to some security-issues inside PHP, a customer can disable open_basedir and / or safe_mode, if it's disabled in your php.ini. The function used for this is called ini_restore. To prevent these attacks, you can disable this function in your php.ini:disable_functions = ini_restoreTo continue with your SysCP installation restart the needed services: syscp ~ # /etc/init.d/apache2 restart syscp ~ # /etc/init.d/mysql restart Call the installer of SysCP: http://<your ip>/syscp/ and hopefully you will get the message: "You have to configure SysCP first!" click on "configure" to continue the installers script. The SysCP-installer Important: Should you have a MySQL root password set already, you need to give it to the installer, if you don't have set a MySQL root password already (e.g. if this is your first run of MySQL), just type in your desired root password, SysCP will set it for you. Successful installation of the frontend After installing SysCP just log in with your admin account and click on Settings in the left-handed menu. Here we need to change some things: Apache configuration directory: /etc/apache2 Apache reload command: /etc/init.d/apache2 reload Bind config directory: /etc/named.d Bind reload command: /etc/init.d/named reload

See the section Configuration (in the menu) -> SUSE 10.0 -> Apache Webserver and follow the instructions there (execute the following commands in a shell.) syscp ~ # echo -e \"\nInclude /etc/apache2/vhosts.conf\" >> /etc/apache2/httpd.conf syscp ~ # touch /etc/apache2/vhosts.conf syscp ~ # mkdir -p /var/kunden/webs/ syscp ~ # mkdir -p /var/kunden/logs/ syscp ~ # /etc/init.d/apache2 restart Don't forget to change this section in the httpd.conf (the default is shown below) according to your needs, otherwise you will get 403 error.# forbid access to the entire filesystem by default <Directory /> Options None AllowOverride None Order deny,allow Deny from all </Directory> The easiest way to allow access to the customer - webs is to add the following directly after the default:# Allow access to the SysCP - customer - webs <Directory /var/kunden/webs> Options None AllowOverride None Order allow,deny Allow from all </Directory>

As mentioned earlier, the ProFTPD of SUSE 10.0 comes with MySQL support. This will make things quite easy. Just use the config files suggested by SysCP: Configuration -> SUSE 10.0 -> ProFTPD To enable TLS-mode of ProFTPD we need some modifications. Lets create a certificate, which is needed to establish a crypted connection. It can be created easily using this command: syscp ~ # openssl req -new -x509 -days 365 -nodes -out /etc/ssl/certs/proftpd.cert.pem -keyout /etc/ssl/certs/proftpd.key.pem After creating the certificate we must adjust the configuration of Proftpd. Add these lines to /etc/proftpd/proftpd.conf:# Uncomment this if you would use TLS module: TLSEngine on TLSLog /var/log/ftp_tls.log TLSProtocol SSLv23 TLSOptions NoCertRequest TLSRSACertificateFile /etc/ssl/certs/proftpd.cert.pem TLSRSACertificateKeyFile /etc/ssl/certs/proftpd.key.pem TLSVerifyClient off # Uncomment the following line to force tls-login #TLSRequired on Save your proftpd.conf and restart ProFTPD syscp ~ # /etc/init.d/proftpd restart

Nothing much to say here: Install the suggested files from Configuration -> SUSE 10.0 -> Courier (POP3/IMAP) into the given directories and restart the services: syscp ~ # /etc/init.d/courier-authdaemon restart syscp ~ # /etc/init.d/courier-pop restart Simple, isn't it? ;)

We appreciate the newly added MySQL support for Postfix in SUSE 10.0. Let us start the configuration: Refer again to the Mainpage of SysCP and call Configuration -> SUSE 10.0 ->Postfix(MTA) you need to run the following commands in your shell: syscp ~ # mkdir -p /var/spool/postfix/etc/pam.d syscp ~ # groupadd -g 2000 vmail syscp ~ # useradd -u 2000 -g vmail vmail syscp ~ # mkdir -p /var/kunden/mail/ syscp ~ # chown -R vmail:vmail /var/kunden/mail/ Now change the following files or create them - if they do not exist - with the content shown on the "Configuration" - site. /etc/postfix/main.cf /etc/postfix/mysql-virtual_alias_maps.cf /etc/postfix/mysql-virtual_mailbox_domains.cf /etc/postfix/mysql-virtual_mailbox_maps.cf /usr/lib/sasl2/smtpd.conf Please Note: The MySQL-password has not been replaced for security reasons. Please replace "MYSQL_PASSWORD" on your own. If you forgot your MySQL-password you'll find it in "lib/userdata.inc.php". Then restart the Postfix MTA: syscp ~ # /etc/init.d/postfix restart

In Configuration -> SUSE 10.0 ->Bind Nameserver (DNS) you will find a short description how to configure bind, the Domain Name Server shipped with SUSE: syscp ~ # echo "include \"/etc/named.d/syscp_bind.conf\";" >> /etc/named.conf syscp ~ # touch /etc/named.d/syscp_bind.conf After a restart, bind is ready to use: syscp ~ # /etc/init.d/named restart

Configuration -> SUSE 10.0 ->Crond will guide you through the Configuration of the SysCP cronscript. First create the needed directory including the php.ini file for the CLI: syscp ~ # mkdir -p /etc/php5/syscpcron syscp ~ # touch /etc/php5/syscpcron/php.ini Copy the suggested content into the newly created file /etc/php5/syscpcron/php.ini. Create the file /etc/cron.d/syscp with the content:# # Set PATH, otherwise restart-scripts won't find start-stop-daemon # PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin # # Regular cron jobs for the syscp package # */5 * * * * root /usr/bin/php5 -q -C /etc/php5/syscpcron /srv/www/htdocs/syscp/scripts/cron_tasks.php 0 0 * * * root /usr/bin/php5 -q -C /etc/php5/syscpcron /srv/www/htdocs/syscp/scripts/cron_traffic.php 10 0 * * * root /usr/bin/php5 -q -C /etc/php5/syscpcron /srv/www/htdocs/syscp/scripts/cron_traffic_report.php Make sure there is an empty line at the end, otherwise cron will not read the command. After a restart you should be able to have a running system. syscp ~ # /etc/init.d/cron restart Make sure, that your runlevel - editor is set to restart all needed services upon reboot. Reminder: do NOT use any Microsoft Windows editor (e.g. Notepad), some of your files might become corrupt due to wrong line breaks.

Finally! SysCP is installed and fully functional. At this point we wish you much fun with your server and SysCP. If you encounter any problems with this HowTo, just ask, either in our IRC channel (#syscp on irc.freenode.net) or in the forum (http://forum.syscp.org), but please use the search-function first. Many question were answered in the past, your might be solved, too.

This HowTo was originally written by Ron Brand and formatted by Florian Aders.

This HowTo was written to the best of our knowledge. Although it will be maintained carefully, the authors cannot guarantee a 100% error free work. Use it at your own risc. The authors can not be held responsible for damage on hard/software due to the usage of this document. Feel free to distribute this HowTo as long as the Credits and Disclaimer will remain untouched.