Installazione VHCS2 su Debian 4 Etch - PHP5 & MYSQL5

July 25, 2007

VHCS2 è nativa Debian 3.1, tuttavia, utilizzando vari accorgimenti è possibile installare e configurare perfettamente VHCS2 su Debian 4 Etch.

Questa installazione è consigliata su un sistema “pulito” e minimale. Per Minimale viene intesa l’immagina d’installazione del S.O. versione net-install.

Adesso veniamo alla fase d’installazione :)

apt-get update

Installiamo tutti i pacchetti necessari al Funzionamento di VHCS2. Utilizzeremo Apache in versione 2.2, Php5 e MySQL5:

apt-get install ssh postfix postfix-tls proftpd-mysql courier-authdaemon courier-base courier-imap courier-maildrop courier-pop libberkeleydb-perl libcrypt-blowfish-perl libcrypt-cbc-perl libcrypt-passwdmd5-perl libdate-calc-perl libdate-manip-perl libdbd-mysql-perl libdbi-perl libio-stringy-perl libmail-sendmail-perl libmailtools-perl libmd5-perl libmime-base64-perl libmime-perl libnet-dns-perl libnet-netmask-perl libnet-perl libnet-smtp-server-perl libperl5.8 libsnmp-session-perl libterm-readkey-perl libtimedate-perl perl perl-base perl-modules bind9 diff gzip iptables libmcrypt4 mysql-client mysql-common mysql-server patch php5 php5-mcrypt php5-mysql php-pear procmail tar original-awk libterm-readpassword-perl libsasl2-modules libsasl2 sasl2-bin apache2 apache2.2-common apache2-utils apache2-mpm-prefork libapache2-mod-php5 bzip2 gcc make libc6-dev fam libtool libsocket6-perl libio-socket-inet6-perl dbishell libmcrypt-dev mcrypt libcompress-zlib-perl libsasl2-modules-otp libsasl2-modules-ldap libsasl2-modules-sql libsasl2-modules-gssapi-mit tinyca postfix-mysql postfix-ldap postfix-pcre resolvconf postfix-cdb

Una volta eseguita l’installazione dei pacchetti di base, sarà necessario installare VHCS2 da sorgenti (vedere installare vhcs da sorgenti).

VHCS adesso è installato correttamente, tuttavia presenterà un problema d’incompatibilità causato dalla nuova versione di proftpd presente nei sistemi Debian 4 Etch. Sarà quindi necessario modificare alcuni files per garantire un corretto funzionamento di proftpd.

Eseguiamo il backup del file di conf di proftpd:

mv /etc/proftpd/proftpd.conf /etc/proftpd/proftpd.bak

Rimuoviamo il file di conf creato da vhcs:

rm /etc/proftpd.conf

Editiamo il file /etc/proftpd/modules.conf e commentiamo LoadModule mod_sql_postgres.c :

nano /etc/proftpd/proftpd.conf

Il file di conf dovrà apparire in questo modo:

#
# This file is used to manage DSO modules and features.
#

# This is the directory where DSO modules reside

ModulePath /usr/lib/proftpd

# Allow only user root to load and unload modules, but allow everyone
# to see which modules have been loaded

ModuleControlsACLs insmod,rmmod allow user root
ModuleControlsACLs lsmod allow user *

LoadModule mod_ctrls_admin.c
LoadModule mod_tls.c
LoadModule mod_sql.c
LoadModule mod_ldap.c
LoadModule mod_sql_mysql.c
#LoadModule mod_sql_postgres.c
LoadModule mod_quotatab.c
LoadModule mod_quotatab_file.c
LoadModule mod_quotatab_ldap.c
LoadModule mod_quotatab_sql.c
LoadModule mod_radius.c
LoadModule mod_wrap.c
LoadModule mod_rewrite.c

# keep this module the last one
LoadModule mod_ifsession.c

Adesso inseriamo la versione modificata del file proftpd.conf in /etc/proftpd/proftpd.conf con la seguente (file corretto scaricabile da qui):

#
# /etc/proftpd/proftpd.conf — This is a basic ProFTPD configuration file.
# To really apply changes reload proftpd after modifications.
#

# Includes DSO modules
Include /etc/proftpd/modules.conf

# Set off to disable IPv6 support which is annoying on IPv4 only boxes.
UseIPv6                off

ServerName            “Debian”
ServerType            standalone
DeferWelcome            off

MultilineRFC2228        on
DefaultServer            on
ShowSymlinks            on

TimeoutNoTransfer        600
TimeoutStalled            600
TimeoutIdle            1200

DisplayLogin                    welcome.msg
DisplayFirstChdir               .message
ListOptions                    “-l”

DenyFilter            *.*/

# Port 21 is the standard FTP port.
Port                21

# In some cases you have to specify passive ports range to by-pass
# firewall limitations. Ephemeral ports can be used for that, but
# feel free to use a more narrow range.
# PassivePorts                    49152 65534

# To prevent DoS attacks, set the maximum number of child processes
# to 30.  If you need to allow more than 30 concurrent connections
# at once, simply increase this value.  Note that this ONLY works
# in standalone mode, in inetd mode you should use an inetd server
# that allows you to limit maximum number of processes per service
# (such as xinetd)
MaxInstances            30

# Set the user and group that the server normally runs at.
User                proftpd
Group                nogroup

# Umask 022 is a good standard umask to prevent new files and dirs
# (second parm) from being group and world writable.
Umask                022  022
# Normally, we want files to be overwriteable.
AllowOverwrite            on

# Uncomment this if you are using NIS or LDAP to retrieve passwords:
# PersistentPasswd        off

# Be warned: use of this directive impacts CPU average load!
#
# Uncomment this if you like to see progress and transfer rate with ftpwho
# in downloads. That is not needed for uploads rates.
# UseSendFile            off

TransferLog /var/log/proftpd/xferlog
SystemLog   /var/log/proftpd/proftpd.log

<IfModule mod_tls.c>
TLSEngine off
</IfModule>

<IfModule mod_quota.c>
QuotaEngine on
</IfModule>

<IfModule mod_ratio.c>
Ratios on
</IfModule>

# Delay engine reduces impact of the so-called Timing Attack described in
# http://security.lss.hr/index.php?page=details&ID=LSS-2004-10-02
# It is on by default.
<IfModule mod_delay.c>
DelayEngine on
</IfModule>

<IfModule mod_ctrls.c>
ControlsEngine        on
ControlsMaxClients    2
ControlsLog           /var/log/proftpd/controls.log
ControlsInterval      5
ControlsSocket        /var/run/proftpd/proftpd.sock
</IfModule>

<IfModule mod_ctrls_admin.c>
AdminControlsEngine on
</IfModule>

# A basic anonymous configuration, no upload directories.

# <Anonymous ~ftp>
#   User                ftp
#   Group                nogroup
#   # We want clients to be able to login with “anonymous” as well as “ftp”
#   UserAlias            anonymous ftp
#   # Cosmetic changes, all files belongs to ftp user
#   DirFakeUser    on ftp
#   DirFakeGroup on ftp
#
#   RequireValidShell        off
#
#   # Limit the maximum number of anonymous logins
#   MaxClients            10
#
#   # We want ‘welcome.msg’ displayed at login, and ‘.message’ displayed
#   # in each newly chdired directory.
#   DisplayLogin            welcome.msg
#   DisplayFirstChdir        .message
#
#   # Limit WRITE everywhere in the anonymous chroot
#   <Directory *>
#     <Limit WRITE>
#       DenyAll
#     </Limit>
#   </Directory>
#
#   # Uncomment this if you’re brave.
#   # <Directory incoming>
#   #   # Umask 022 is a good standard umask to prevent new files and dirs
#   #   # (second parm) from being group and world writable.
#   #   Umask                022  022
#   #            <Limit READ WRITE>
#   #            DenyAll
#   #            </Limit>
#   #            <Limit STOR>
#   #            AllowAll
#   #            </Limit>
#   # </Directory>
#
# </Anonymous>

#
# VHCS2 Managment;
#

SQLAuthTypes         Crypt
SQLAuthenticate        on
SQLConnectInfo        vhcs2@localhost vftp desperados
SQLUserInfo            ftp_users userid passwd uid gid homedir shell
SQLGroupInfo        ftp_group groupname gid members
SQLMinID            2000       

#
# VHCS2 Quota management;
#

QuotaEngine on
QuotaShowQuotas on
QuotaDisplayUnits Mb

SQLNamedQuery get-quota-limit SELECT “name, quota_type, per_session, limit_type, bytes_in_avail, bytes_out_avail, bytes_xfer_avail, files_in_avail, files_out_avail, files_xfer_avail FROM quotalimits WHERE name = ‘%{0}’ AND quota_type = ‘%{1}’”
SQLNamedQuery get-quota-tally SELECT “name, quota_type, bytes_in_used, bytes_out_used, bytes_xfer_used, files_in_used, files_out_used, files_xfer_used FROM quotatallies WHERE name = ‘%{0}’ AND quota_type = ‘%{1}’”
SQLNamedQuery update-quota-tally UPDATE “bytes_in_used = bytes_in_used + %{0}, bytes_out_used = bytes_out_used + %{1}, bytes_xfer_used = bytes_xfer_used + %{2}, files_in_used = files_in_used + %{3}, files_out_used = files_out_used + %{4}, files_xfer_used = files_xfer_used + %{5} WHERE name = ‘%{6}’ AND quota_type = ‘%{7}’” quotatallies
SQLNamedQuery insert-quota-tally INSERT “%{0}, %{1}, %{2}, %{3}, %{4}, %{5}, %{6}, %{7}” quotatallies

QuotaLock /var/run/proftpd/tally.lock
QuotaLimitTable sql:/get-quota-limit
QuotaTallyTable sql:/get-quota-tally/update-quota-tally/insert-quota-tally
Correggere il problema d’incompatibilità della webmail con la versione 5 di php:

nano /var/www/vhcs2/gui/tools/webmail/inc/inc.php

Cercare all’interno del file:

Header(”Expires: Wed, 11 Nov 1998 11:11:11 GMTrn”.
“Cache-Control: no-cachern”.
“Cache-Control: must-revalidate”);

Sostituire il codice con:

Header(”Expires: Wed, 11 Nov 1998 11:11:11 GMT”);
Header(”Cache-Control: no-cache”);
Header(”Cache-Control: must-revalidate”);

Related Post

  • No Related Post

Filed under: VHCS - vhost control system by admin

This blog contains certain posts and reviews which have been endorsed by third party advertisers.

Add to Technorati Favorites

View blog authority

Subscribe My Feeds