Perfect server to automate ISPConfig 3 installation on Debian 10 and Ubuntu 20.04

Perfect server to automate ISPConfig 3 installation on Debian 10 and Ubuntu 20.04

This tutorial will guide you to install your own ISPConfig 3 single server settings using the ISPConfig automatic installation program. The installer follows the old Perfect Server guidelines, but is more modular and easy to follow. If you want to set up a multi-server setup with a dedicated server for each service, please refer to the “Perfect Multiserver” guide.

This guide applies to Debian 10 and Ubuntu 20.04. We will use the hostname If necessary, replace it.

1. Log in to the server

Log in or run as root

su -

Become the root user on the server before continuing. importantNote: You must use’su-‘ instead of’su’, otherwise Debian will set your PATH variable to an error.

2. Configure the host name and host

The hostname of the server should be a subdomain, such as “”. Do not use a domain name without a subdomain part (such as “”) as the hostname, as this will cause problems in future settings. First, you should check the hostname in /etc/hosts and change it if necessary. The line should read: “IP address-space-full hostname, including domain-space-subdomain part”. For our hostname, the file should look like this (some lines may be different, each hosting provider may be different):

nano /etc/hosts localhost.localdomain   localhost# This line should be changed to the correct servername: server1
# The following lines are desirable for IPv6 capable hosts
::1     localhost ip6-localhost ip6-loopback
ff02::1 ip6-allnodes
ff02::2 ip6-allrouters

Then edit the /etc/hostname file:

nano /etc/hostname

In our case, it should only contain the subdomain part:


Finally, reboot the server to apply the changes:

systemctl reboot

Log in again and use the following command to check if the hostname is now correct:

hostnamehostname -f

The output should look like this:

[email protected]:~$ hostnameserver1[email protected]:~$ hostname

You must also establish a DNS record pointing to your server with your DNS provider. The subdomain should have an A (and/or AAAA) record pointing to your public IP.

3. Run the automatic installer

Now, we can run the automatic installer. The basic setup includes the following packages (and of course their dependencies): Apache2, PHP (version 5.6-8.0), MariaDB, Postfix, Dovecot, Rspamd, BIND, Jailkit, Roundcube, PHPMyAdmin, Mailman, Webalizer, AWStats and GoAccess. You can easily choose not to use certain features or install other services by passing parameters to the installer. You can use the following command to view all parameters:

wget -O - | sh -s -- --help

Now you can run the script with parameters. For example, if you want to use passive FTP + unattended upgrade port range for regular installation, run:

wget -O - | sh -s -- --use-ftp-ports=40110-40210 --unattended-upgrades

After a while, you will see:

WARNING! This script will reconfigure your complete server!It should be run on a freshly installed server and all current configuration that you have done will most likely be lost!Type 'yes' if you really want to continue:

Answer “yes” and press Enter. Now, the installer will start.

After the installation program is completed, the ISPConfig administrator and MySQL root password will be displayed, as shown below:

[INFO] Your ISPConfig admin password is: 5GvfSSSYsdfdYC[INFO] Your MySQL root password is: kkAkft82d!kafMwqxdtYs

Make sure to write down this information for future use.

4. Set up the firewall

The last thing to do is to set up our firewall.

Log in to the ISPConfig UI, and then go to “System” -> “Firewall”. Then click “Add New Firewall Record”.

For general settings, it looks like this:





The necessary ports for each service are:

Network: 20, 21, 22, 80, 443 and 40110: 40210 (all TCP, no UDP)

Mail: 110, 143, 465, 587, 993 and 995 (all TCP, no UDP)

DNS: 53 (TCP and UDP)

Panel: 8080 and 8081 (all TCP, no UDP)

Your server is now set up and ready to use.You can log in

5. Advanced options

The automatic installer has various command line options to fine-tune the settings. For example, you can choose between Apache and Nginx web servers and which services to install on the system. The command line parameters are:

Usage: [] [...]

This script automatically installs all needed packages for an ISPConfig 3 setup using the guidelines from the "Perfect Server Setup" howtos on

Possible arguments are:
    --help          Show this help page
    --debug         Enable verbose logging (logs each command with the exit code)
    --channel       Choose the channel to use for ISPConfig. --channel=<stable|dev>
                    "stable" is the latest ISPConfig release available on
                    "dev" is the latest stable-branch from the ISPConfig git repository:
                    -> The dev channel might contain bugs and less-tested features and should only be used in production by very experienced users.
    --lang          Use language for ISPConfig installation. Specify with --lang=en|de (only en (English) and de (German) supported currently).
    --interactive   Don't install ISPConfig in non-interactive mode. This is needed if you want to use expert mode, e. g. to install a slave server that shall be integrated into an existing
                    multiserver setup.
    --use-nginx     Use nginx webserver instead of apache2
    --use-amavis    Use amavis instead of rspamd for mail filtering
    --use-unbound   Use unbound instead of bind9 for local resolving. Only allowed if --no-dns is set.
    --use-php       Use specific PHP versions, comma separated, instead of installing multiple PHP, e.g. --use-php=7.4,8.0 (5.6, 7.0, 7.1, 7.2, 7.3, 7.4 and 8.0 available).
                    --use-php=system disables the sury repository and just installs the system's default PHP version.
                    ommiting the argument (use all versions)
    --use-ftp-ports This option sets the passive port range for pure-ftpd. You have to specify the port range separated by hyphen, e. g. --use-ftp-ports=40110-40210.
                    If not provided the passive port range will not be configured.
    --use-certbot   Use Certbot instead of for issuing Let's Encrypt certificates. Not adviced unless you are migrating from a old server that uses Certbot.
    --no-web        Do not use ISPConfig on this server to manage webserver setting and don't install nginx/apache or pureftpd. This will also prevent installing an ISPConfig UI and implies
                    --no-roundcube as well as --no-pma
    --no-mail       Do not use ISPConfig on this server to manage mailserver settings. This will install postfix for sending system mails, but not dovecot and not configure any settings for
                    ISPConfig mail. It implies --no-mailman.
    --no-dns        Do not use ISPConfig on this server to manage DNS entries. Bind will be installed for local DNS caching / resolving only.
    --no-local-dns  Do not install local DNS caching / resolving via bind.
    --no-firewall   Do not install ufw and tell ISPConfig to not manage firewall settings on this server.
    --no-roundcube  Do not install roundcube webmail.
    --roundcube     Install Roundcube even when --no-mail is used. Manual configuration of Roundcube config is needed.
    --no-pma        Do not install PHPMyAdmin on this server.
    --no-mailman    Do not install Mailman mailing list manager.
    --no-quota      Disable file system quota
    --no-ntp        Disable NTP setup
                    Install UnattendedUpgrades. You can add extra arguments for automatic cleanup and automatic reboots when necessary with --unattended-upgrades=autoclean,reboot (or only
                    one of them).
                    Prevent the autoinstaller to ask for confirmation before continuing to reconfigure the server.

For example, to install an installer such as “Perfect Server” using Nginx instead of Apache, use the following command:

wget -O - | sh -s -- --use-nginx --use-ftp-ports=40110-40210 --unattended-upgrades

Or install Nginx web server without email and DNS services:

wget -O - | sh -s -- --use-nginx --no-dns --no-mail --use-ftp-ports=40110-40210 --unattended-upgrades

6. Done

Your setup is now complete!

You can support ISPConfig by purchasing our manual:

The following links are some useful tutorials/pointers for further setup:

  • Setup mail (rDNS, SPF, DKIM):
  • Adjust Roundcube:
  • Set up automatic configuration (automatic configuration of your email client):
  • Improve the security of PHPMyAdmin and rspamd interface:
  • Code repository and issue tracker for ISPConfig automatic installer:

If you have any questions, please ask on the forum.