Linux

Securing your ISPConfig 3 managed mailserver with a valid Let’s Encrypt SSL certificate (certbot)

You can normally just name your server something nice in the beginning of the install but i recommend to proceed this route as works better once you start scaling your servers and add multiple email servers.

Under Sites, click “Add new website”. Set mail.example.com as domain. Disable Auto-Subdomain, and check the Let’s Encrypt checkbox.

After this you can add your other hostnames as alias domains, by going to the aliasdomain list and clicking

“Add new aliasdomain”. Select smtp.example.com as domain, and mail.example.com as parent website.

With this will be able to have clients login into gmail smtp using this domain or if they want to pay extra you can create one specific for their company domain like mail.domain.com

Disable Auto-Subdomain and save the new record
Verify that the certificate is in place. You can do this with a tool like https://www.sslshopper.com/ssl-checker.html

Replacing the certificate with the Let’s Encrypt certificate

All your doing here is using the ssl you created in ispconfig to now be used by postfix – you can also buy an ssl and paste the values in the ispconfig. ( From testing my email servers on multiple sites the ssl dont matter just as long as the handshake etc… matches so the free one works fine no need to spend money)

cd /etc/postfix/
mv smtpd.cert smtpd.cert-$(date +"%y%m%d%H%M%S").bak
mv smtpd.key smtpd.key-$(date +"%y%m%d%H%M%S").bak
ln -s /etc/letsencrypt/live/mail.example.com/fullchain.pem smtpd.cert
ln -s /etc/letsencrypt/live/mail.example.com/privkey.pem smtpd.key
systemctl restart postfix
systemctl restart dovecot

Set up a automatic renewal script

nano /etc/init.d/le_mailserver_restart.sh

Paste this in that file (replace mail.example.com with the hostname you used):
#!/bin/sh
### BEGIN INIT INFO
# Provides: LE MAILSERVER CERT AUTO UPDATER
# Required-Start: $local_fs $network
# Required-Stop: $local_fs
# Default-Start: 2 3 4 5
# Default-Stop: 0 1 6
# Short-Description: LE MAILSERVER CERT AUTO UPDATER
# Description: Restart mail server automatically when a new Let's Encrypt certificate is issued.
### END INIT INFO
systemctl restart postfix
systemctl restart dovecot
apt install incron
chmod +x /etc/init.d/le_mailserver_restart.sh
echo "root" >> /etc/incron.allow

incrontab -e

Add this (again, replace mail.example.com with the hostname you used) to the file:

/etc/letsencrypt/archive/mail.example.com/ IN_MODIFY /etc/init.d/le_mailserver_restart.sh
Read More!

Apache Reverse Proxy for Docker Website or App in Ispconfig

Create a domain in ispconfig how your normally would with ssl

make sure you have proxy http enabled

sudo a2enmod proxy_http
ServerName domain.com
ProxyPass /.well-known !
ProxyPass “/” “http://DockerIp:DockerPort/”
ProxyPassReverse “/” “http://DockerIp:DockerPort/”
RedirectMatch ^/$ https://domain.com
SSLEngine on
SSLCertificateFile /etc/letsencrypt/live/domain.com/cert.pem
SSLCertificateKeyFile /etc/letsencrypt/live/domain.com/privkey.pem

Replace http://DokcerIp:DockerPort/ with your info

domain.com with your domain or sub domain name

Read More!

Install LAMP (Linux Apache Mysql PHP) Web Server on Raspberry Pi

Install Apache

  • Open a terminal window by selecting Accessories > Terminal from the menu.
  • Install the apache2 package by typing the following command into the terminal and pressing Enter:
sudo apt-get install apache2 -y

Go to your host name or ip for example mine is http://quepaso and apache

if you dont know your ip do – ip a on the terminal.

Install Apache

sudo apt-get install php -y

create a php file to test

cd /var/www/clients/client2/web10/web
sudo nano index.php
<?php phpinfo(); ?>
sudo service apache2 restart

Install MariaDB

sudo apt-get install mariadb-server php-mysql -y
sudo mysql_secure_installation
sudo service apache2 restart

Read More!

Install Composer in Debian 10 Buster to Use with Ispconfig and Jailkit

You must have ispconfig installed and jailkit.

Install Composer – hash updated May 2, 2021

cd ~
php -r "copy('https://getcomposer.org/installer', 'composer-setup.php');"
php -r "if (hash_file('sha384', 'composer-setup.php') === '756890a4488ce9024fc62c56153228907f1545c228516cbf63f885e036d37e9a59d27d63f46af1d4d07ee0f76181c7d3') { echo 'Installer verified'; } else { echo 'Installer corrupt'; unlink('composer-setup.php'); } echo PHP_EOL;"

php composer-setup.php --install-dir=/usr/local/bin --filename=composer

php -r "unlink('composer-setup.php');"

Add code to jailkit to use as shell user

Add to /etc/jailkit/jk_init.ini

[php]
comment = the php interpreter and libraries
executables = /usr/bin/php, /usr/bin/php7.3
directories = /usr/lib/php, /usr/share/php, /usr/share/php, /usr/share/php-geshi, /etc/php,/usr/share/zoneinfo, /etc/snmp, /usr/share/snmp
includesections = env

[env]
comment = environment variables
executables = /usr/bin/env

[composer]
comment = Dependency Manager for PHP
executables = /usr/local/bin/composer
#directories = /usr/share/composer
includesections = php, uidbasics, netbasics

Once that is completed

Go to System – Server Config – Select Server you want jailkit on

add php and composer to Jailkit chroot app sections:

Read More!

Install Composer in Debian 10 Buster

If you need to install composer in debian this is quick an easy to use globally. Works with Digitalocean as well as ispconfig.

Hash updated May 2, 2021

cd ~
php -r "copy('https://getcomposer.org/installer', 'composer-setup.php');"
php -r "if (hash_file('sha384', 'composer-setup.php') === '756890a4488ce9024fc62c56153228907f1545c228516cbf63f885e036d37e9a59d27d63f46af1d4d07ee0f76181c7d3') { echo 'Installer verified'; } else { echo 'Installer corrupt'; unlink('composer-setup.php'); } echo PHP_EOL;"

php composer-setup.php --install-dir=/usr/local/bin --filename=composer

php -r "unlink('composer-setup.php');"
Read More!

Need Help With Code?