tok's blog
Sáng tạo là không giới hạn
[fix] Content Encoding Error with PHP
0The output from PHP, the most popular dynamic scripting language for Apache, also can be compressed in one of three possible ways: using the built-in output handler, ob_gzhandler; using the built-in ZLIB compression; or using one of the Apache compression modules. Configuring PHP’s built-in compression is simply a matter of compiling PHP with the –with-zlib configure option and then reconfiguring the php.ini file.
Below is what the output buffer method looks like:
output_buffering = On output_handler = ob_gzhandler zlib.output_compression = Off
The ZLIB method uses:
output_buffering = Off output_handler = zlib.output_compression = On
note:
ob_start("ob_gzhandler"); sẽ cho phép để Nén dữ liệu nén đầu ra HTML của các trang, vì vậy giảm yêu cầu băng thông.
Tính năng này đòi hỏi các thư viện zlib.
Nếu bạn đã sử dụng Mod Gzip hoặc mod_deflate trên máy chủ của bạn, không cho phép tùy chọn này.
sửa lại thành ob_start("");
Parallels Plesk Panel uses patched Qmail. How do I compile Qmail with my own patches?
0APPLIES TO:
Parallels Plesk Panel 10.x for Linux
Parallels Plesk Panel 9.x for Linux/Unix
Parallels Plesk Panel 8.x for Linux/Unix
Resolution
Download Qmail sources from http://cr.yp.to/ (for example). Apply Plesk patches which are attached to this article, apply your own patches, and compile Qmail. Complete these steps:
1. Adjust value of __FD_SETSIZE system constant in typesizes.h and posix_types.h to at least 2000 as described in 260 — How to recompile Apache, PHP, and IMAP with increased value of file descriptors larger than FD_SETSIZE (1024) on a RedHat-like system?
2. Review your custom patches and Plesk patches to determine the custom patch changes and when they should be applied: before Plesk patches, after them, or in the middle before/after some specific patch.
NOTE: for Plesk 8.3 and above Qmail patches should be applied in alphabetical order. For Plesk 8.2, first apply all patch* files and then fr49-quota-patch. For example:
# cd qmail-1.03 # for patch in ../patches/patch* ; do patch -p0 < $patch ; done # patch -p0 < ../patches/fr49-quota-patch
3. Change conf-users and conf-groups files to match changes applied in patch-pe and patch-pf patches. Those files should contain records in format ‘groupname GID’ or ‘username UID’. Below are the commands that will put correct records into these files.
NOTE: these commands should be run on a system where Qmail is already installed, i.e. where Plesk is already installed.
# grep -E '^(qmail|alias)' /etc/passwd | awk 'BEGIN {FS=":"; OFS=" ";} {if ($1 == "qmaill") {print $1,$3,"\nroot 0"} else {print $1,$3}}' > conf-users
# grep -E '^(qmail|nofiles)' /etc/group | awk 'BEGIN {FS=":"; OFS=" ";} {print $1,$3}' > conf-groups
4. Configure linker flags (inside Qmail source directory after patches are applied):
# pkg-config --libs openssl > ssl.lib # echo "/var/qmail" > conf-qmail
Note: for FreeBSD server use the following command, instead of pkg-config
# echo -lssl > ssl.lib # echo "/var/qmail" > conf-qmail
5. Now you can run `make`,
Note : If you get an error while running “make” that says: “Oops. Your system’s FD_SET() has a hidden limit of 1024 descriptors. This means that the qmail daemons could crash if you set the run-time concurrency higher than 509. So I’m going to insist that the concurrency limit in conf-spawn be at most 509. Right now it’s 1000.” – edit the file conf-spawn in your qmail directory and change the concurrency limit from 1000 to 509. Save and run make again.
6. After compilation, you should NOT overwrite all existing Qmail files with new ones, i.e. do not run `make install`. Installed configuration files and init script should remain untouched. Instead, only needed Qmail binaries should be replaced with new compiled ones:
Stop Qmail and DrWeb services from Plesk panel (not from shell!).
Stop xinetd(inetd) service from shell.
Replace files according to your Plesk version:
For Plesk 8.2: copy compiled qmail-queue, qmail-remote, qmail-local into Qmail bin/ directory plus make their copies with .origin suffix, f.e.:
# cp qmail-queue /var/qmail/bin/qmail-queue # cp qmail-queue /var/qmail/bin/qmail-queue.origin # cp qmail-local /var/qmail/bin/qmail-local # cp qmail-local /var/qmail/bin/qmail-local.origin # cp qmail-remote /var/qmail/bin/qmail-remote # cp qmail-remote /var/qmail/bin/qmail-remote.origin
For Plesk 8.3 and above: copy compiled qmail-queue, qmail-remote, qmail-local into Qmail bin/ directory with .moved suffix (do NOT replace current files!), f.e.:
# cp qmail-queue /var/qmail/bin/qmail-queue.moved # cp qmail-local /var/qmail/bin/qmail-local.moved # cp qmail-remote /var/qmail/bin/qmail-remote.moved
Please remember to restore original owners/permissions for the files replaced. Because files owners/permissions may differ on different operating systems, we cannot provide exact commands. Before replacing the binaries remember original owners/permissions and restore them afterwards.
Start xinetd(inetd) service
Start Qmail and DrWeb services.
follow
http://kb.parallels.com/en/1161
http://kb.parallels.com/en/260
http://forum.parallels.com/showthread.php?t=100540
[fix] Zimbra error – Unable to determine enabled services from ldap
0Symptoms: Zimbra users unable to log in to webmail, admin user unable to log into web interface, error “Unable to determine enabled services from ldap” if issuing command
$ opt/zimbra/bin/zmcontrol start
Cause: Zimbra’s internal certificate has expired
Fix (as root):
# /opt/zimbra/bin/zmcertmgr createca -new # /opt/zimbra/bin/zmcertmgr createcrt -new -days 365 # /opt/zimbra/bin/zmcertmgr deploycrt self # /opt/zimbra/bin/zmcertmgr deployca # su zimbra $ /opt/zimbra/bin/zmcontrol restart
follow
ratxnotes.blogspot.com
plugged.in
Install ISPconfig 3 on Centos 5.7 [Openvz]
01. Disable SELinux & Firewall
2. Adjust /etc/hosts
Next we edit /etc/hosts. Make it look like this:
vi /etc/hosts
.
# Do not remove the following line, or various programs # that require network functionality will fail. 127.0.0.1 localhost.localdomain localhost 192.168.0.100 server1.example.com server1 ::1 localhost6.localdomain6 localhost6
Note for openvz:
on server Change hostname in file
/etc/sysconfig/vz-scripts/VZID.conf
or run command
vzctl set VZID --hostname server1.example.com --save
3. Configure Additional IP Addresses
(This section is totally optional. It just shows how to add additional IP addresses to your network interface eth0 if you need more than one IP address. If you’re fine with one IP address, you can skip this section.)
check follow if you don’t skip
4. Install Some Software
First we import the GPG keys for software packages:
rpm --import /etc/pki/rpm-gpg/RPM-GPG-KEY*
Enable the contrib and centosplus repositories:
vi /etc/yum.repos.d/CentOS-Base.repo
Edit the lines below:
[base] [...] exclude=postfix [...] [updates] [...] exclude=postfix [...] [centosplus] [...] enabled=1 includepkgs=postfix [...] [contrib] [...] enabled=1 [...]
Then we update our existing packages on the system:
yum update
Now we install some software packages that are needed later on:
yum groupinstall 'Development Tools' yum groupinstall 'Development Libraries'
5. Quota
(If you have chosen a different partitioning scheme than I did, you must adjust this chapter so that quota applies to the partitions where you need it.)
To install quota, we run this command:
yum install quota
Edit /etc/fstab and add ,usrquota,grpquota to the / partition (/dev/VolGroup00/LogVol00):
vi /etc/fstab
.
/dev/VolGroup00/LogVol00 / ext3 defaults,usrquota,grpquota 1 1 LABEL=/boot /boot ext3 defaults 1 2 tmpfs /dev/shm tmpfs defaults 0 0 devpts /dev/pts devpts gid=5,mode=620 0 0 sysfs /sys sysfs defaults 0 0 proc /proc proc defaults 0 0 /dev/VolGroup00/LogVol01 swap swap defaults 0 0
Then run
touch /aquota.user /aquota.group chmod 600 /aquota.* mount -o remount / quotacheck -avugm quotaon -avug
to enable quota.
6. Install Apache, MySQL, phpMyAdmin
First we enable the RPMforge repository on our CentOS system as lots of the packages that we are going to install in the course of this tutorial are not available in the official CentOS 5.7 repositories:
wget http://dag.wieers.com/rpm/packages/RPM-GPG-KEY.dag.txt rpm --import RPM-GPG-KEY.dag.txt cd /tmp wget http://packages.sw.be/rpmforge-release/rpmforge-release-0.5.2-2.el5.rf.x86_64.rpm rpm -ivh rpmforge-release-0.5.2-2.el5.rf.x86_64.rpm
(If the above link doesn’t work anymore, you can find the current version of rpmforge-release here: http://packages.sw.be/rpmforge-release/)
Afterwards we can install the needed packages with one single command:
yum install ntp httpd mysql-server php php-mysql php-mbstring php-mcrypt phpmyadmin
7. Install Dovecot
There’s a Dovecot package in the CentOS repository, but unfortunately it doesn’t support MySQL. Therefore we must remove the existing Dovecot and install another Dovecot package (from ATrpms) which comes with MySQL support.
yum remove dovecot
Create a new file /etc/yum.repos.d/atrpms.repo…
vi /etc/yum.repos.d/atrpms.repo
… and insert the following lines into the the file:
[atrpms] name=Red Hat Enterprise Linux 5 - $basearch - ATrpms baseurl=http://dl.atrpms.net/el5-$basearch/atrpms/stable failovermethod=priority exclude=dovecot-2* includepkgs=dovecot dovecot-sieve # # requires stable # [atrpms-testing] name=Red Hat Enterprise Linux 5 - $basearch - ATrpms testing baseurl=http://dl.atrpms.net/el5-$basearch/atrpms/testing failovermethod=priority enabled=1 exclude=dovecot-2* includepkgs=dovecot dovecot-sieve # # requires stable and testing # [atrpms-bleeding] name=Red Hat Enterprise Linux 5 - $basearch - ATrpms bleeding baseurl=http://dl.atrpms.net/el5-$basearch/atrpms/bleeding failovermethod=priority enabled=0
Then import tge gpg key of the atrpm repository…
wget http://ATrpms.net/RPM-GPG-KEY.atrpms rpm --import RPM-GPG-KEY.atrpms
…and install Dovecot:
yum install dovecot dovecot-sieve
On a 64-bit system, also do this (don’t do this on a 32-bit system!):
ln -s /usr/lib64/dovecot/ /usr/lib/dovecot
Now we create the system startup links for Dovecot:
chkconfig --levels 235 dovecot on /etc/init.d/dovecot start
8. Install Postfix With MySQL Support
The “normal” Postfix package from the CentOS repository doesn’t have MySQL, but the Postfix package from the CentOS Plus repository does. Therefore we remove Postfix…
yum remove postfix
… and install it again, this time from the CentOS Plus repository:
yum install postfix
Then turn off Sendmail and start Postfix and MySQL:
chkconfig --levels 235 mysqld on /etc/init.d/mysqld start chkconfig --levels 235 sendmail off chkconfig --levels 235 postfix on /etc/init.d/sendmail stop /etc/init.d/postfix start
9. Install Getmail
Getmail can be installed as follows:
yum install getmail
10. Set MySQL Passwords And Configure phpMyAdmin
Set passwords for the MySQL root account:
mysql_secure_installation
[root@server1 tmp]# mysql_secure_installation
NOTE: RUNNING ALL PARTS OF THIS SCRIPT IS RECOMMENDED FOR ALL MySQL
SERVERS IN PRODUCTION USE! PLEASE READ EACH STEP CAREFULLY!
In order to log into MySQL to secure it, we’ll need the current
password for the root user. If you’ve just installed MySQL, and
you haven’t set the root password yet, the password will be blank,
so you should just press enter here.
Enter current password for root (enter for none):
OK, successfully used password, moving on…
Setting the root password ensures that nobody can log into the MySQL
root user without the proper authorisation.
Set root password? [Y/n] New password: Re-enter new password: Password updated successfully!
Reloading privilege tables..
… Success!
By default, a MySQL installation has an anonymous user, allowing anyone
to log into MySQL without having to have a user account created for
them. This is intended only for testing, and to make the installation
go a bit smoother. You should remove them before moving into a
production environment.
Remove anonymous users? [Y/n]… Success!
Normally, root should only be allowed to connect from ‘localhost’. This
ensures that someone cannot guess at the root password from the network.
Disallow root login remotely? [Y/n]… Success!
By default, MySQL comes with a database named ‘test’ that anyone can
access. This is also intended only for testing, and should be removed
before moving into a production environment.
Remove test database and access to it? [Y/n] – Dropping test database…
… Success!
- Removing privileges on test database…
… Success!
Reloading the privilege tables will ensure that all changes made so far
will take effect immediately.
Reload privilege tables now? [Y/n]… Success!
Cleaning up…
All done! If you’ve completed all of the above steps, your MySQL
installation should now be secure.
Thanks for using MySQL!
[root@server1 tmp]#
Now we configure phpMyAdmin. We change the Apache configuration so that phpMyAdmin allows connections not just from localhost (by commenting out thestanza):
vi /etc/httpd/conf.d/phpmyadmin.conf
.
# # Web application to manage MySQL # # # Order Deny,Allow # Deny from all # Allow from 127.0.0.1 # Alias /phpmyadmin /usr/share/phpmyadmin Alias /phpMyAdmin /usr/share/phpmyadmin Alias /mysqladmin /usr/share/phpmyadmin
Next we change the authentication in phpMyAdmin from cookie to http:
vi /usr/share/phpmyadmin/config.inc.php
.
[...] /* Authentication type */ $cfg['Servers'][$i]['auth_type'] = 'http'; [...]
Then we create the system startup links for Apache and start it:
chkconfig --levels 235 httpd on /etc/init.d/httpd start
Now you can direct your browser to http://server1.example.com/phpmyadmin/ or http://192.168.0.100/phpmyadmin/ and log in with the user name root and your new root MySQL password.
11. Install Amavisd-new, SpamAssassin And ClamAV
To install amavisd-new, spamassassin and clamav, run the following command:
yum install amavisd-new spamassassin clamav clamd unzip bzip2 unrar perl-DBD-mysql
Open /etc/sysconfig/amavisd…
vi /etc/sysconfig/amavisd
… and uncomment the line CONFIG_FILE=”/etc/amavisd.conf”:
### Uncomment this if you want to use amavis with sendmail milter interface. ### See README.milter for details. # #MILTER_SOCKET="local:/var/amavis/amavis-milter.sock" #MILTER_SOCKET="10024@127.0.0.1" ### These are other defaults. #AMAVIS_ACCOUNT="amavis" CONFIG_FILE="/etc/amavisd.conf" #MILTER_FLAGS=""
Then we start freshclam, amavisd, and clamd…
sa-update chkconfig --levels 235 amavisd on chkconfig --levels 235 clamd on /usr/bin/freshclam /etc/init.d/amavisd start /etc/init.d/clamd start
… and create some necessary directories:
mkdir /var/run/amavisd /var/spool/amavisd /var/spool/amavisd/tmp /var/spool/amavisd/db chown amavis /var/run/amavisd /var/spool/amavisd /var/spool/amavisd/tmp /var/spool/amavisd/db ln -s /var/run/clamav/clamd.sock /var/spool/amavisd/clamd.sock
12. Installing Apache2 With mod_php, mod_fcgi/PHP5, And suPHP
ISPConfig 3 allows you to use mod_php, mod_fcgi/PHP5, cgi/PHP5, and suPHP on a per website basis.
mod_fcgid is not available in the official CentOS repositories, but there’s a package for CentOS 5.x in the centos.karan.org testing repository. We enable the repository as follows:
cd /etc/yum.repos.d/ wget http://centos.karan.org/kbsingh-CentOS-Extras.repo
Next we open /etc/yum.repos.d/kbsingh-CentOS-Extras.repo…
vi /etc/yum.repos.d/kbsingh-CentOS-Extras.repo
… and set gpgcheck to 0 and enabled to 1 in the [kbs-CentOS-Testing] section:
[...] # pkgs in the -Testing repo are not gpg signed [kbs-CentOS-Testing] name=CentOS.Karan.Org-EL$releasever - Testing gpgcheck=0 gpgkey=http://centos.karan.org/RPM-GPG-KEY-karan.org.txt enabled=1 baseurl=http://centos.karan.org/el$releasever/extras/testing/$basearch/RPMS/
Afterwards we can install Apache2 with mod_php5, mod_fcgid, and PHP5:
yum install php php-devel php-gd php-imap php-ldap php-mysql php-odbc php-pear php-xml php-xmlrpc php-eaccelerator php-mbstring php-mcrypt php-mhash php-mssql php-snmp php-soap php-tidy curl curl-devel perl-libwww-perl ImageMagick libxml2 libxml2-devel mod_fcgid php-cli httpd-devel
Next we open /etc/php.ini…
vi /etc/php.ini
… and change the error reporting (so that notices aren’t shown any longer) and add cgi.fix_pathinfo = 1 at the end of the file:
[...] ;error_reporting = E_ALL error_reporting = E_ALL & ~E_NOTICE [...] cgi.fix_pathinfo = 1
Next we install suPHP:
cd /tmp wget http://suphp.org/download/suphp-0.7.1.tar.gz tar xvfz suphp-0.7.1.tar.gz cd suphp-0.7.1/ ./configure --prefix=/usr --sysconfdir=/etc --with-apr=/usr/bin/apr-1-config --with-apxs=/usr/sbin/apxs --with-apache-user=apache --with-setid-mode=owner --with-php=/usr/bin/php-cgi --with-logfile=/var/log/httpd/suphp_log --enable-SUPHP_USE_USERGROUP=yes make make install
Then we add the suPHP module to our Apache configuration…
vi /etc/httpd/conf.d/suphp.conf
.
LoadModule suphp_module modules/mod_suphp.so
… and create the file /etc/suphp.conf as follows:
vi /etc/suphp.conf
.
[global] ;Path to logfile logfile=/var/log/httpd/suphp.log ;Loglevel loglevel=info ;User Apache is running as webserver_user=apache ;Path all scripts have to be in docroot=/ ;Path to chroot() to before executing script ;chroot=/mychroot ; Security options allow_file_group_writeable=true allow_file_others_writeable=false allow_directory_group_writeable=true allow_directory_others_writeable=false ;Check wheter script is within DOCUMENT_ROOT check_vhost_docroot=true ;Send minor error messages to browser errors_to_browser=false ;PATH environment variable env_path=/bin:/usr/bin ;Umask to set, specify in octal notation umask=0077 ; Minimum UID min_uid=100 ; Minimum GID min_gid=100 [handlers] ;Handler for php-scripts x-httpd-suphp="php:/usr/bin/php-cgi" ;Handler for CGI-scripts x-suphp-cgi="execute:!self"
Finally we restart Apache:
/etc/init.d/httpd restart
13. Ruby
Starting with version 3.0.3, ISPConfig 3 has built-in support for Ruby. Instead of using CGI/FastCGI, ISPConfig depends on mod_ruby being available in the server’s Apache.
For CentOS 5.7, there’s no mod_ruby package available, so we must compile it ourselves. First we install some prerequisites:
yum install httpd-devel ruby ruby-devel
Next we download and install mod_ruby as follows:
cd /tmp wget http://modruby.net/archive/mod_ruby-1.3.0.tar.gz tar zxvf mod_ruby-1.3.0.tar.gz cd mod_ruby-1.3.0/ ./configure.rb --with-apr-includes=/usr/include/apr-1 make make install
Finally we must add the mod_ruby module to the Apache configuration, so we create the file /etc/httpd/conf.d/ruby.conf…
vi /etc/httpd/conf.d/ruby.conf LoadModule ruby_module modules/mod_ruby.so
… and restart Apache:
/etc/init.d/httpd restart
14. WebDAV
WebDAV should already be enabled, but to check this, open /etc/httpd/conf/httpd.conf and make sure that the following three modules are active:
vi /etc/httpd/conf/httpd.conf [...] LoadModule auth_digest_module modules/mod_auth_digest.so [...] LoadModule dav_module modules/mod_dav.so [...] LoadModule dav_fs_module modules/mod_dav_fs.so [...]
If you have to modify /etc/httpd/conf/httpd.conf, don’t forget to restart Apache afterwards:
/etc/init.d/httpd restart
15. Install PureFTPd
PureFTPd can be installed with the following command:
yum install pure-ftpd
Then create the system startup links and start PureFTPd:
chkconfig --levels 235 pure-ftpd on /etc/init.d/pure-ftpd start
Now we configure PureFTPd to allow FTP and TLS sessions. FTP is a very insecure protocol because all passwords and all data are transferred in clear text. By using TLS, the whole communication can be encrypted, thus making FTP much more secure.
OpenSSL is needed by TLS; to install OpenSSL, we simply run:
yum install openssl
Open /etc/pure-ftpd/pure-ftpd.conf…
vi /etc/pure-ftpd/pure-ftpd.conf
If you want to allow FTP and TLS sessions, set TLS to 1:
[...] # This option can accept three values : # 0 : disable SSL/TLS encryption layer (default). # 1 : accept both traditional and encrypted sessions. # 2 : refuse connections that don't use SSL/TLS security mechanisms, # including anonymous sessions. # Do _not_ uncomment this blindly. Be sure that : # 1) Your server has been compiled with SSL/TLS support (--with-tls), # 2) A valid certificate is in place, # 3) Only compatible clients will log in. TLS 1 [...]
In order to use TLS, we must create an SSL certificate. I create it in /etc/ssl/private/, therefore I create that directory first:
mkdir -p /etc/ssl/private/
Afterwards, we can generate the SSL certificate as follows:
openssl req -x509 -nodes -days 7300 -newkey rsa:2048 -keyout /etc/ssl/private/pure-ftpd.pem -out /etc/ssl/private/pure-ftpd.pem
Country Name (2 letter code) [GB]:
State or Province Name (full name) [Berkshire]:
Locality Name (eg, city) [Newbury]:
Organization Name (eg, company) [My Company Ltd]:
Organizational Unit Name (eg, section) []:
Common Name (eg, your name or your server’s hostname) []:
Email Address []:
Change the permissions of the SSL certificate:
chmod 600 /etc/ssl/private/pure-ftpd.pem
Finally restart PureFTPd:
/etc/init.d/pure-ftpd restart
That’s it. You can now try to connect using your FTP client; however, you should configure your FTP client to use TLS.
note – Fix : pure-ftpd: (?@?) [ERROR] Unable to switch capabilities : Operation not permitted [on openvz]
follow http://tok142.com/?p=1295
16. Install A Chrooted DNS Server (BIND9)
To install a chrooted BIND9, we do this:
yum install bind-chroot
Then do this:
chmod 755 /var/named/ chmod 775 /var/named/chroot/ chmod 775 /var/named/chroot/var/ chmod 775 /var/named/chroot/var/named/ chmod 775 /var/named/chroot/var/run/ chmod 777 /var/named/chroot/var/run/named/ cd /var/named/chroot/var/named/ ln -s ../../ chroot touch /var/named/chroot/var/named/named.local cp /usr/share/doc/bind-9.3.6/sample/var/named/named.root /var/named/chroot/var/named/named.root touch /var/named/chroot/etc/named.conf.local vi /var/named/chroot/etc/named.conf
.
//
// named.conf
//
// Provided by Red Hat bind package to configure the ISC BIND named(8) DNS
// server as a caching only nameserver (as a localhost DNS resolver only).
//
// See /usr/share/doc/bind*/sample/ for example named configuration files.
//
options {
listen-on port 53 { any; };
listen-on-v6 port 53 { any; };
directory "/var/named/chroot/var/named";
dump-file "/var/named/chroot/var/named/data/cache_dump.db";
statistics-file "/var/named/chroot/var/named/data/named_stats.txt";
memstatistics-file "/var/named/chroot/var/named/data/named_mem_stats.txt";
allow-query { any; };
recursion yes;
};
logging {
channel default_debug {
file "data/named.run";
severity dynamic;
};
};
zone "." IN {
type hint;
file "named.root";
};
zone "localhost" {
type master;
file "/var/named/chroot/var/named/named.local";
};
.
chkconfig --levels 235 named on /etc/init.d/named start
BIND will run in a chroot jail under /var/named/chroot/var/named/. I will use ISPConfig to configure BIND (zones, etc.).
17. Install Vlogger, Webalizer, And AWStats
Vlogger, webalizer, and AWStats can be installed as follows:
yum install webalizer awstats perl-DateTime-Format-HTTP perl-DateTime-Format-Builder cd /tmp wget http://n0rp.chemlab.org/vlogger/vlogger-1.3.tar.gz tar xvfz vlogger-1.3.tar.gz mv vlogger-1.3/vlogger /usr/sbin/ rm -rf vlogger*
18. Install Jailkit
Jailkit is needed only if you want to chroot SSH users. It can be installed as follows (important: Jailkit must be installed before ISPConfig – it cannot be installed afterwards!):
cd /tmp wget http://olivier.sessink.nl/jailkit/jailkit-2.14.tar.gz tar xvfz jailkit-2.14.tar.gz cd jailkit-2.14 ./configure make make install cd .. rm -rf jailkit-2.14*
19 Install fail2ban
This is optional but recommended, because the ISPConfig monitor tries to show the log:
yum install fail2ban chkconfig --levels 235 fail2ban on /etc/init.d/fail2ban start
20 Install rkhunter
rkhunter can be installed as follows:
yum install rkhunter
21. Install SquirrelMail
To install the SquirrelMail webmail client, run…
yum install squirrelmail
… and restart Apache:
/etc/init.d/httpd restart
Then configure SquirrelMail:
/usr/share/squirrelmail/config/conf.pl
We must tell SquirrelMail that we are using Courier-IMAP/-POP3:
SquirrelMail Configuration : Read: config.php (1.4.0)
———————————————————
Main Menu –
1. Organization Preferences
2. Server Settings
3. Folder Defaults
4. General Options
5. Themes
6. Address Books
7. Message of the Day (MOTD)
8. Plugins
9. Database
10. Languages
D. Set pre-defined settings for specific IMAP servers
C Turn color off
S Save data
Q Quit
Command >>>> dovecot
imap_server_type = dovecot
default_folder_prefix =
trash_folder = Trash
sent_folder = Sent
draft_folder = Drafts
show_prefix_option = false
default_sub_of_inbox = false
show_contain_subfolders_option = false
optional_delimiter = detect
delete_folder = false
Press any key to continue…>>
One last thing we need to do is modify the file /etc/squirrelmail/config_local.php and comment out the $default_folder_prefix variable – if you don’t do this, you will see the following error message in SquirrelMail after you’ve logged in: Query: CREATE “Sent” Reason Given: Invalid mailbox name.
vi /etc/squirrelmail/config_local.php
.
/** * Local config overrides. * * You can override the config.php settings here. * Don't do it unless you know what you're doing. * Use standard PHP syntax, see config.php for examples. * * @copyright © 2002-2006 The SquirrelMail Project Team * @license http://opensource.org/licenses/gpl-license.php GNU Public License * @version $Id: config_local.php,v 1.2 2006/07/11 03:33:47 wtogami Exp $ * @package squirrelmail * @subpackage config */ //$default_folder_prefix = ''; ?>
Now you can type in http://server1.example.com/webmail or http://192.168.0.100/webmail in your browser to access SquirrelMail.
22. Install mod_ssl
Install the mod_ssl module using yum
yum install mod_ssl
Once it is installed, make sure to restart the Apache service
service httpd restart
Note – Fix : “Invalid command “SSLEngine”, perhaps misspelled or defined by a module not included in the server configuration”
23. Install ISPConfig 3
To install ISPConfig 3 from the latest released version, do this:
cd /tmp wget http://www.ispconfig.org/downloads/ISPConfig-3-stable.tar.gz tar xfz ISPConfig-3-stable.tar.gz cd ispconfig3_install/install/
The next step is to run
php -q install.php
This will start the ISPConfig 3 installer:
[root@server1 install]# php -q install.php
——————————————————————————–
_____ ___________ _____ __ _ ____
|_ _/ ___| ___ \ / __ \ / _(_) /__ \
| | \ `–.| |_/ / | / \/ ___ _ __ | |_ _ __ _ _/ /
| | `–. \ __/ | | / _ \| ‘_ \| _| |/ _` | |_ |
_| |_/\__/ / | | \__/\ (_) | | | | | | | (_| | ___\ \
\___/\____/\_| \____/\___/|_| |_|_| |_|\__, | \____/
__/ |
|___/
——————————————————————————–
>> Initial configuration
Operating System: CentOS 5 or compatible
Following will be a few questions for primary configuration so be careful.
Default values are in [brackets] and can be accepted with .
Tap in “quit” (without the quotes) to stop the installer.
Select language (en,de) [en]:
Installation mode (standard,expert) [standard]:
Full qualified hostname (FQDN) of the server, eg server1.domain.tld [server1.example.com]:
MySQL server hostname [localhost]:
MySQL root username [root]:
MySQL root password []:
MySQL database to create [dbispconfig]:
MySQL charset [utf8]:
Generating a 2048 bit RSA private key
……………+++
…+++
writing new private key to ‘smtpd.key’
—–
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter ‘.’, the field will be left blank.
—–
Country Name (2 letter code) [GB]: State or Province Name (full name) [Berkshire]: Locality Name (eg, city) [Newbury]: Organization Name (eg, company) [My Company Ltd]: Organizational Unit Name (eg, section) []: Common Name (eg, your name or your server’s hostname) []: Email Address []: Configuring Jailkit
Configuring Dovecot
Configuring Spamassassin
Configuring Amavisd
Configuring Getmail
Configuring Pureftpd
Configuring BIND
Configuring Apache
Configuring Vlogger
Configuring Apps vhost
Configuring Firewall
Installing ISPConfig
ISPConfig Port [8080]:
Configuring DBServer
Installing ISPConfig crontab
no crontab for root
no crontab for getmail
Restarting services …
Stopping MySQL: [ OK ]
Starting MySQL: [ OK ]
Shutting down postfix: [ OK ]
Starting postfix: [ OK ]
Stopping saslauthd: [FAILED]
Starting saslauthd: [ OK ]
Shutting down Mail Virus Scanner (amavisd): [ OK ]
Starting Mail Virus Scanner (amavisd): [ OK ]
Stopping Clam AntiVirus Daemon: [ OK ]
Starting Clam AntiVirus Daemon: Bytecode: Security mode set to “TrustSigned”.
[ OK ]
Stopping Dovecot Imap: [ OK ]
If you have trouble with authentication failures,
enable auth_debug setting. See http://wiki.dovecot.org/WhyDoesItNotWork
This message goes away after the first successful login.
Fatal: listen(::, 143) failed: Address already in use
Starting Dovecot Imap: [FAILED]
Stopping httpd: [ OK ]
[Mon Sep 26 13:29:58 2011] [warn] NameVirtualHost *:80 has no VirtualHosts
Starting httpd: [ OK ]
Stopping pure-ftpd: [ OK ]
Starting pure-ftpd: [ OK ]
Installation completed.
[root@server1 install]#
Afterwards you can access ISPConfig 3 under https://server1.example.com:8080/ or https://192.168.0.100:8080/. Log in with the username admin and the password admin (you should change the default password after your first login):
The system is now ready to be used.
follow
howtoforge.com
linuxforums.org
[fix] pure-ftpd: (?@?) [ERROR] Unable to switch capabilities : Operation not permitted [on openvz]
1when start pure-ftpd
/etc/init.d/pure-ftpd stop Stopping pure-ftpd: [FAILED]
check log /var/log/messages
pure-ftpd: (?@?) [ERROR] Unable to switch capabilities : Operation not permitted
Your problem are the settings of your openvz / virtuozzo VM which dont allow capability switching. So it’s not a general issue from pure-ftpd with Ubuntu Linux. There are two solutions:
If you have access to the host system, then enable capabilities for this VM by running this shell
VPSID=100
vzctl stop $VPSID
for CAP in CHOWN DAC_READ_SEARCH SETGID SETUID NET_BIND_SERVICE NET_ADMIN SYS_CHROOT SYS_NICE CHOWN DAC_READ_SEARCH SETGID SETUID NET_BIND_SERVICE NET_ADMIN SYS_CHROOT SYS_NICE
do
vzctl set $VPSID --capability ${CAP}:on --save
done
vzctl start $VPSID
or add follow lines in /etc/vz/conf/VZID.conf
CAPABILITY="CHOWN:on DAC_READ_SEARCH:on SETGID:on SETUID:on NET_BIND_SERVICE:on NET_ADMIN:on SYS_CHROOT:on SYS_NICE:on "
follow howtoforge
Thiên Đường Mong Manh – MTV
0
Một giấc chiêm bao tha thiết chi tình đời … hỡi người
Còn bao nhớ thương trao hết cho người rồi …hỡi em
Dòng đời cuốn xoay, thế gian bao thăng trầm
Cũng đành vỡ tan giấc mộng…vỡ tan
Chuyện vui đã qua, nghe nỗi đau liệm dần … hỡi người
Một chút hương yêu, em xót xa kỷ niệm … hỡi em
Từ trong gió mưa, mơ bóng ai quay về …Giá lạnh,
giấc mơ thiên đường mong manh
Còn trông mong chi cơn mơ phù du
Theo gió bay bay xa thật xa
Hãy thôi đam mê vấn vương buồn thương
Từng nỗi đau trong đời sẽ qua
Rồi mang bao nhiêu yêu thương gởi theo
Câu hát cho những mối tình si
Đã yêu xin yêu từ nỗi đau chân tình của trái tim
tok
phần comment của mục này có thể kéo ra được, còn đoạn hiển thị thì chỉ nê […]
3 days ago
hoamn
lau lam t moi vao, lai doc thoai r a cao 
, cai khung nay expand cho no to to ra chu nhi
3 days ago
![tok's blog » Install ISPconfig 3 on Centos 5.7 [Openvz]](http://0.gravatar.com/avatar/ad516503a11cd5ca435acc9bb6523536?s=48){kind=avatar}
tok's blog » Install ISPconfig 3 on Centos 5.7 [Openvz]
[...] RSS Feeds « [fix] pure-ftpd: (?@?) [ERROR] Unable to switch capabilities : Operation not permitted [on openvz] […]
2 weeks ago
( hơn có 1 view so với kỉ lục trước đấy