Today, I am going to create a simple web panel dashboard. Which its main task is to handle web server and databases. Here is step to install ISPConfig in Centos 7.
Why ISPConfig
Some reason use ISPCOnfig is:
- Free and Open Source, build and develop by community.
- Clean dashboard, white background.
- Easy operate.
- Tons of features. Very complete, include DNS, mail, web, SSL, database, ftp, ssh chroot, and others.
Prequitions
My requirement before install ispconfig is:
- OS Centos 7.
- Web server with PHP 7.x
- Php-fpm.
- Mysql Database version 5.6 (I use
Percona db 5.6
) - SSL Lets Encrypt.
- Jailkit JK.
In this case I use ISPconfig. Which has a simple dashboard and is easy to operate. Based on the official documentation from ispconfig for centos 7, so I chose some custom install options. Let’s just install it.
Install Centos 7 Operating System.
I assuming that OS 7 is installed correctly and connect to the internet.
Setting Time Zone
To change the system’s timezone you’ll need to be login in as root or user with sudo privileges.
#timedatectl list-timezones | grep Jakarta //*Adjust to the region of your country*//
#timedatectl set-timezone Asia/Jakarta
#date
Set SELinux to permissive
#vim /etc/selinux/config
SELINUX=permissive
Disable Firewall
#systemctl stop firewalld.service
#systemctl disable firewalld.service
#systemctl status firewalld.service
The result of firewalld is now ‘dead’. use the firewall-cmd command:
[root@server1 ~]# firewall-cmd --state
not running
Now I will install the network configuration editor and the shell based editor “vim” that I will use in the next steps to edit the config files and Enable Additional Repositories and Install Some Software.
yum -y install wget yum-utils epel-release net-tools vim
Enable Additional Repositories and Install Some Software
yum -y groupinstall 'Development Tools'
Installing Database Percona Server for MySQL from Percona Repository
yum install https://repo.percona.com/yum/percona-release-latest.noarch.rpm
yum update
yum list | grep percona
yum install Percona-Server-server-56
Install Apache, PHP, MySQL and phpMyAdmin
For this project, i chose php version 7.1. Because the website application developed at least is running under php version 7.1.
yum install http://rpms.remirepo.net/enterprise/remi-release-7.rpm
yum-config-manager --enable remi-php71
yum -y install ntp httpd mod_ssl php php-mysql php-mbstring phpMyAdmin
To ensure that the server cannot be attacked through the HTTPOXY vulnerability, we will disable the HTTP_PROXY header in apache globally.
Add the apache header rule at the end of the httpd.conf file:
echo "RequestHeader unset Proxy early" >> /etc/httpd/conf/httpd.conf
And restart httpd to apply the configuration change.
service httpd restart
Install Postfix
Before install postfix, please check apps with netstat
that runnin on Port 25
. If there is an application that uses port 25, you have to stop or kill process the application.
netstat -tulpn | grep 25
If nothing apps that use port 25
, next Postfix can be installed as follows:
yum -y install postfix
Set MySQL Passwords and Configure phpMyAdmin
Set passwords for the MySQL root account:
mysql_secure_installation
[root@server1 tmp]# mysql_secure_installation
And then, You can follow the wizard.
Now we configure phpMyAdmin. We change the Apache configuration so that phpMyAdmin allows connections not just from localhost (by commenting out the lines marked in red bold):
nano /etc/httpd/conf.d/phpMyAdmin.conf
# phpMyAdmin - Web based MySQL browser written in php
#
# Allows only localhost by default
#
# But allowing phpMyAdmin to anyone other than localhost should be considered
# dangerous unless properly secured by SSL
Alias /phpMyAdmin /usr/share/phpMyAdmin
Alias /phpmyadmin /usr/share/phpMyAdmin
<Directory /usr/share/phpMyAdmin/>
<IfModule mod_authz_core.c>
# Apache 2.4
# <RequireAny>
# Require ip 127.0.0.1
# Require ip ::1
# </RequireAny>
</IfModule>
<IfModule !mod_authz_core.c>
# Apache 2.2
Order Deny,Allow
Deny from All
Allow from 127.0.0.1
Allow from ::1
</IfModule>
</Directory>
Next, we change the authentication in phpMyAdmin from cookie to http:
nano /etc/phpMyAdmin/config.inc.php
[...]
/* Authentication type */
$cfg['Servers'][$i]['auth_type'] = 'http';
[...]
Now you can direct your browser to http://server1.example.com/phpmyadmin/ or http://192.168.0.100/phpmyadmin/ and log in with the user name root and your new root MySQL password.
Installing Apache with mod_php, mod_fcgi/PHP, PHP-FPM
ISPConfig 3 allows you to use mod_php, mod_fcgi/PHP, cgi/PHP, and PHP-FPM on a per website basis.
We can install Apache2 with mod_php, mod_fcgid, and PHP as follows:
yum -y install php php-devel php-gd php-imap php-ldap php-mysql php-odbc php-pear php-xml php-xmlrpc php-pecl-apc php-mbstring php-mcrypt php-mssql php-snmp php-soap php-tidy curl curl-devel perl-libwww-perl ImageMagick libxml2 libxml2-devel mod_fcgid php-cli httpd-devel php-fpm php-intl php-imagick php-pspell wget
Next we open /etc/php.ini…
nano /etc/php.ini
… and change the error reporting (so that notices aren’t shown any longer), set the timezone and uncomment cgi.fix_pathinfo=1:
[...]
;error_reporting = E_ALL & ~E_DEPRECATED
error_reporting = E_ALL & ~E_NOTICE & ~E_DEPRECATED & ~E_STRICT
[...]
; cgi.fix_pathinfo provides *real* PATH_INFO/PATH_TRANSLATED support for CGI. PHP's
; previous behaviour was to set PATH_TRANSLATED to SCRIPT_FILENAME, and to not grok
; what PATH_INFO is. For more information on PAppp.tldTH_INFO, see the cgi specs. Setting
; this to 1 will cause PHP CGI to fix its paths to conform to the spec. A setting
; of zero causes PHP to behave as before. Default is 1. You should fix your scripts
; to use SCRIPT_FILENAME rather than PATH_TRANSLATED.
; http://www.php.net/manual/en/ini.core.php#ini.cgi.fix-pathinfo
cgi.fix_pathinfo=1
[...]
date.timezone = 'Asia/Jakarta'
[...]
Enable httpd and PHP-FPM to get started at boot time and start the PHP-FPM service.
systemctl start php-fpm.service
systemctl enable php-fpm.service
systemctl enable httpd.service
Finally, we restart Apache:
systemctl restart httpd.service
Install SSL Let’s encrypt
Now we will add support for Let’s encrypt.
yum install python2-certbot-apache
#certbot-auto
The command will then tell you that “no names were found in your configuration files” and asks if it shall continue, please chose “c” to cancel here as the certs will be created by ispconfig.
Install ISPConfig 3.1
You now also have the possibility to let the installer create an SSL vhost for the ISPConfig control panel so that ISPConfig can be accessed using https:// instead of http://. To achieve this, just press ENTER when you see this question: Do you want a secure (SSL) connection to the ISPConfig web interface (y,n) [y]:.
To install ISPConfig 3.1 from GIT stable branch, do this:
cd /tmp
wget -O ispconfig.tar.gz https://www.ispconfig.org/downloads/ISPConfig-3-stable.tar.gz
tar xfz ispconfig.tar.gz
cd ispconfig3*/install/
The next step is to run:
php -q install.php
This will start the ISPConfig 3 installer. The installer will configure all services like Postfix, Dovecot, etc.
[root@server1 install]# php install.php
Just follow the wizard until finish and done. Access dashboad admin use browser.
https://ip-ispconfig:8080
That is short article about install ispconfig in centos 7. May be it’s helpful, please feel free to leave a comment if you have any questions and I’ll appreciate it.
No need to use a old OS …..
Hi Peter,
In this case, i am use Centos 7.