Perfect multi-server setup with ISPConfig on Ubuntu 20.04 and Debian 10

Perfect multi-server setup with ISPConfig on Ubuntu 20.04 and Debian 10

This tutorial will guide you to install ISPConfig 3 multi-server setup with dedicated servers for panel, Web, DNS, mail and Webmail. Both DNS and mail servers will have mirror servers for redundancy. After that, you can easily add more specific types of servers.

The official automatic installation program of ISPConfig will be used to set up the server. Debian 10 will be used as the operating system. The guide has also been tested on Ubuntu 20.04.2.

You can read more about the automated installer here.

1. Preliminary description

These will be the hosts we are installing:

host       FQDN                   IPpanel      panel.example.com      10.0.64.12web01      web01.example.com      10.0.64.13mx1        mx1.example.com        10.0.64.14mx2        mx2.example.com        10.0.64.15ns1        ns1.example.com        10.0.64.16ns2        ns2.example.com        10.0.64.17webmail    webmail.example.com    10.0.64.18

We will use example hostnames, IP addresses, and IP ranges. Make sure to change them accordingly in your command/configuration.

All servers are on the same private network, but have their own public IP. If your server does not have a shared local network, please use its public IPv4 address.

Before starting to install the server, please set up an A and finally point to the AAAA record of the AAAA. Listed The IP address of the server. For example, if the host name is panel.example.com and the public IP is 11.22.33.44, then an A record pointing to 11.22.33.44 should be set for panel.example.com. Each server should have its own public IP and host name.

2. Install the main server

Log in or run as root

su -

Become the root user on the server before continuing. importantNote: You must use’su-‘ instead of’su’, otherwise Debian will set your PATH variable to an error.

2.1 Configure the host name and host

The hostname of your server should be a subdomain like “panel.example.com”. Do not use a domain name without a subdomain name (such as “example.com”) as the hostname, as this will cause problems in future mail settings. First, you should check the hostname in /etc/hosts and change it if necessary. The line should read: “IP address-space-full hostname, including domain-space-subdomain part”. For our hostname panel.example.com, the file should look like this (some lines may be different, each hosting provider may be different):

nano /etc/hosts
127.0.0.1 localhost.localdomain   localhost# This line should be changed on every node to the correct servername:127.0.1.1 panel.example.com panel# These lines are the same on every node:
10.0.64.12 panel.example.com panel10.0.64.13 web01.example.com web0110.0.64.14 mx1.example.com mx110.0.64.15 mx2.example.com mx210.0.64.16 ns1.example.com ns110.0.64.17 ns2.example.com ns210.0.64.18 webmail.example.com webmail

# The following lines are desirable for IPv6 capable hosts
::1     localhost ip6-localhost ip6-loopback
ff02::1 ip6-allnodes
ff02::2 ip6-allrouters

As you can see, we also added the hostnames of other servers so that they can communicate over the internal network in the future.

Then edit the /etc/hostname file:

nano /etc/hostname

In our case, it should only contain the subdomain part:

panel

Finally, reboot the server to apply the changes:

systemctl reboot

Log in again and use the following command to check if the hostname is now correct:

hostnamehostname -f

The output should look like this:

[email protected]:~$ hostnamepanel[email protected]:~$ hostname -fpanel.example.com

Now, we can run the automatic installer to install all the necessary packages and ISPConfig:

wget -O - https://get.ispconfig.org | sh -s -- --no-mail --no-dns --use-php=system

After a while, you will see:

WARNING! This script will reconfigure your complete server!It should be run on a freshly installed server and all current configuration that you have done will most likely be lost!Type 'yes' if you really want to continue:

Answer “yes” and press Enter. Now, the installer will start.

After the installation program is completed, it will show you the ISPConfig administrator and MySQL root password as shown below:

[INFO] Your ISPConfig admin password is: 5GvfSSSYsdfdYC[INFO] Your MySQL root password is: kkAkft82d!kafMwqxdtYs

Make sure to write down this information and the server it is used on for future use.

2.2 Set up a remote MySQL user for our slave server

By adding a MySQL root user record for the host name and IP address of each slave server in the master database, we will log in to MySQL to allow other servers to connect to the ISPConfig database on that node during the installation process.

On the terminal, run

mysql -u root -p

Enter your MySQL password, and then run the following command:

CREATE USER 'root'@'10.0.64.13' IDENTIFIED BY 'myrootpassword';GRANT ALL PRIVILEGES ON * . * TO 'root'@'10.0.64.13' IDENTIFIED BY 'myrootpassword' WITH GRANT OPTION MAX_QUERIES_PER_HOUR 0 MAX_CONNECTIONS_PER_HOUR 0 MAX_UPDATES_PER_HOUR 0 MAX_USER_CONNECTIONS 0 ;
CREATE USER 'root'@'10.0.64.14' IDENTIFIED BY 'myrootpassword';GRANT ALL PRIVILEGES ON * . * TO 'root'@'10.0.64.14' IDENTIFIED BY 'myrootpassword' WITH GRANT OPTION MAX_QUERIES_PER_HOUR 0 MAX_CONNECTIONS_PER_HOUR 0 MAX_UPDATES_PER_HOUR 0 MAX_USER_CONNECTIONS 0 ;
CREATE USER 'root'@'10.0.64.15' IDENTIFIED BY 'myrootpassword';GRANT ALL PRIVILEGES ON * . * TO 'root'@'10.0.64.15' IDENTIFIED BY 'myrootpassword' WITH GRANT OPTION MAX_QUERIES_PER_HOUR 0 MAX_CONNECTIONS_PER_HOUR 0 MAX_UPDATES_PER_HOUR 0 MAX_USER_CONNECTIONS 0 ;
CREATE USER 'root'@'10.0.64.16' IDENTIFIED BY 'myrootpassword';GRANT ALL PRIVILEGES ON * . * TO 'root'@'10.0.64.16' IDENTIFIED BY 'myrootpassword' WITH GRANT OPTION MAX_QUERIES_PER_HOUR 0 MAX_CONNECTIONS_PER_HOUR 0 MAX_UPDATES_PER_HOUR 0 MAX_USER_CONNECTIONS 0 ;
CREATE USER 'root'@'10.0.64.17' IDENTIFIED BY 'myrootpassword';GRANT ALL PRIVILEGES ON * . * TO 'root'@'10.0.64.17' IDENTIFIED BY 'myrootpassword' WITH GRANT OPTION MAX_QUERIES_PER_HOUR 0 MAX_CONNECTIONS_PER_HOUR 0 MAX_UPDATES_PER_HOUR 0 MAX_USER_CONNECTIONS 0 ;
CREATE USER 'root'@'10.0.64.18' IDENTIFIED BY 'myrootpassword';GRANT ALL PRIVILEGES ON * . * TO 'root'@'10.0.64.18' IDENTIFIED BY 'myrootpassword' WITH GRANT OPTION MAX_QUERIES_PER_HOUR 0 MAX_CONNECTIONS_PER_HOUR 0 MAX_UPDATES_PER_HOUR 0 MAX_USER_CONNECTIONS 0 ;
CREATE USER 'root'@'web01.example.com' IDENTIFIED BY 'myrootpassword';GRANT ALL PRIVILEGES ON * . * TO 'root'@'web01.example.com' IDENTIFIED BY 'myrootpassword' WITH GRANT OPTION MAX_QUERIES_PER_HOUR 0 MAX_CONNECTIONS_PER_HOUR 0 MAX_UPDATES_PER_HOUR 0 MAX_USER_CONNECTIONS 0 ;
CREATE USER 'root'@'mx1.example.com' IDENTIFIED BY 'myrootpassword';GRANT ALL PRIVILEGES ON * . * TO 'root'@'mx1.example.com' IDENTIFIED BY 'myrootpassword' WITH GRANT OPTION MAX_QUERIES_PER_HOUR 0 MAX_CONNECTIONS_PER_HOUR 0 MAX_UPDATES_PER_HOUR 0 MAX_USER_CONNECTIONS 0 ;
CREATE USER 'root'@'mx2.example.com' IDENTIFIED BY 'myrootpassword';GRANT ALL PRIVILEGES ON * . * TO 'root'@'mx2.example.com' IDENTIFIED BY 'myrootpassword' WITH GRANT OPTION MAX_QUERIES_PER_HOUR 0 MAX_CONNECTIONS_PER_HOUR 0 MAX_UPDATES_PER_HOUR 0 MAX_USER_CONNECTIONS 0 ;
CREATE USER 'root'@'ns1.example.com' IDENTIFIED BY 'myrootpassword';GRANT ALL PRIVILEGES ON * . * TO 'root'@'ns1.example.com' IDENTIFIED BY 'myrootpassword' WITH GRANT OPTION MAX_QUERIES_PER_HOUR 0 MAX_CONNECTIONS_PER_HOUR 0 MAX_UPDATES_PER_HOUR 0 MAX_USER_CONNECTIONS 0 ;
CREATE USER 'root'@'ns2.example.com' IDENTIFIED BY 'myrootpassword';GRANT ALL PRIVILEGES ON * . * TO 'root'@'ns2.example.com' IDENTIFIED BY 'myrootpassword' WITH GRANT OPTION MAX_QUERIES_PER_HOUR 0 MAX_CONNECTIONS_PER_HOUR 0 MAX_UPDATES_PER_HOUR 0 MAX_USER_CONNECTIONS 0 ;
CREATE USER 'root'@'webmail.example.com' IDENTIFIED BY 'myrootpassword';GRANT ALL PRIVILEGES ON * . * TO 'root'@'webmail.example.com' IDENTIFIED BY 'myrootpassword' WITH GRANT OPTION MAX_QUERIES_PER_HOUR 0 MAX_CONNECTIONS_PER_HOUR 0 MAX_UPDATES_PER_HOUR 0 MAX_USER_CONNECTIONS 0 ;

In the above SQL command, replace the IP address (10.0.64.12-10.0.64.18) with the IP address of the server, namely web01.example.com, mx1.example.com, mx2.example.com, ns1.example.com, ns2.example.com and webmail.example.com, as well as the server’s host name and myrootpassword, and have the required root password (for each host, it is best to use a different password. Please write them down, because you will need them later in When installing or updating your slave server).

After completing this operation, you can exit MySQL in the following ways:

EXIT;

Now you can log in to ISPConfig https://panel.example.com:8080 Use the username admin and the password shown to you by the installer.

2.3 Set up firewall

The last thing to do is to set up our firewall.

Log in to the ISPConfig UI, and then go to “System” -> “Firewall”. Then click “Add New Firewall Record”.

For the panel server, we must open the following ports:

TCP:

22,80,443,8080,8081

No need to open the UDP port through the UI.

We will also open port 3306, which is used for MySQL, but only from the local network for security reasons. To do this, after propagating the changes in the ISPConfig panel (when the red dot disappears), run the following command from the CLI:

ufw allow from 10.0.64.0/24 to any port 3306 proto tcp

Your panel is now set up and ready to use.

In the next step, we will install the web server.

Source

Related Posts