Initial Server Setup with Ubuntu

ubuntu-server-setup

Introduction
As part of the initial setup for a brand-new Ubuntu server, you should carry out a few crucial configuration tasks. These changes will improve your server’s security and usability and lay a strong foundation for further activities.

Step 1 — Logging in as root

log in now as the root user using the following command (substitute the highlighted portion of the command with your server’s public IP address

ssh root@your_server_ip

Accept the warning about host authenticity if it appears. If you are using password authentication, provide your root password to log in.

The root user is the administrative user in a Linux environment that has very broad privileges. Because of the heightened privileges of the root account, you are discouraged from using it on a regular basis. This is because the root account is able to make very destructive changes, even by accident.

The next step is setting up a new user account with reduced privileges for day-to-day use.

Step 2 — Creating a New User

Once you are logged in as root, you’ll be able to add the new user account. In the future, we’ll log in with this new account instead of root.

This example creates a new user called john, but you should replace that with a username that you like:

adduser john

You will be asked a few questions, starting with the account password.

Enter a strong password and, optionally, fill in any of the additional information if you would like. This is not required and you can just hit ENTER in any field you wish to skip.

Step 3 — Granting Administrative Privileges
Now we have a new user account with regular account privileges. However, we may sometimes need to do administrative tasks.

To avoid having to log out of our normal user and log back in as the root account, we can set up what is known as superuser or root privileges for our normal account. This will allow our normal user to run commands with administrative privileges by putting the word sudo before the command.

To add these privileges to our new user, we need to add the user to the sudo group.

usermod -aG sudo john

Step 4 — Setting Up a Basic Firewall
Ubuntu servers can use the UFW firewall to make sure only connections to certain services are allowed. We can set up a basic firewall using this application.

Applications can register their profiles with UFW upon installation. These profiles allow UFW to manage these applications by name. OpenSSH, the service allowing us to connect to our server now, has a profile registered with UFW.

You can see this by typing:

ufw app list
Output
Available applications:
  OpenSSH

We need to make sure that the firewall allows SSH connections so that we can log back in next time. We can allow these connections by typing:

ufw allow OpenSSH

Afterwards, we can enable the firewall by typing:

ufw enable

Type y and press ENTER to proceed. You can see that SSH connections are still allowed by typing:

ufw status

As the firewall is currently blocking all connections except for SSH, if you install and configure additional services, you will need to adjust the firewall settings to allow traffic in.

Step 5 — Enabling External Access for Your Regular User

Now that we have a regular user for daily use, we need to make sure we can SSH into the account directly.

If you logged in to your root account using a password, then password authentication is enabled for SSH. You can SSH to your new user account by opening up a new terminal session and using SSH with your new username:

ssh john@your_server_ip

After entering your regular user’s password, you will be logged in. Remember, if you need to run a command with administrative privileges, type sudo before it like this:

sudo command_to_run

You will be prompted for your regular user password when using sudo for the first time each session (and periodically afterwards).

How To Install and Configure the OpenLiteSpeed Web Server on Ubuntu 18.04

install openlitespeed server on ubuntu 18.04

In this article, we’ll learn how to install and configure OpenLiteSpeed on an Ubuntu 18.04 server.

install openlitespped server ubuntu 18OpenLiteSpeed is the Open Source edition of LiteSpeed Web Server Enterprise. OpenLiteSpeed contains all of the essential features found in LiteSpeed Enterprise, and represents our commitment to support the Open Source community. It features Apache-compatible rewrite rules, a built-in web-based administration interface, and customized PHP processing optimized for the server.

OpenLiteSpeed Features:

Event-Driven Architecture
Fewer processes, less overhead, and enormous scalability. Keep your existing hardware.

Understands Apache Rewrite Rules
OpenLiteSpeed is mod_rewrite compatible, with no new syntax to learn. Continue to use your existing rewrite rules.

Friendly Admin Interfaces
OLS comes with a built-in WebAdmin GUI. Control panel support is available with CyberPanel.

Built for Speed and Security
Features Anti-DDoS connection and bandwidth throttling, ModSecurity v3 integration, and more.

Intelligent Cache Acceleration
Built-in full-page cache module is highly-customizable and efficient for an exceptional user experience.

PageSpeed Optimization
Automatically implement Google’s PageSpeed optimization system with the mod_pagespeed module.

PHP LiteSpeed SAPI
Native SAPI for PHP allows external applications written in PHP to run up to 50% faster.

WordPress Acceleration
Experience a measurable performance boost with OpenLiteSpeed and LSCache for WordPress.

Step 1 – Installing OpenLiteSpeed on Ubuntu 18.04

OpenLiteSpeed provides a software repository we can use to download and install the server with Ubuntu’s standard apt command.

Update all your system packages:

sudo apt-get update
sudo apt-get upgrade

Download and add the developer’s software signing key:

$ wget -qO - https://rpms.litespeedtech.com/debian/lst_repo.gpg | sudo apt-key add -

Now we will add the repository information to our system:

$ sudo add-apt-repository 'deb http://rpms.litespeedtech.com/debian/ bionic main'

Install the OpenLiteSpeed server and its PHP processor using apt install:

$ sudo apt install openlitespeed lsphp73

Finally, create a soft link to the PHP processor we just installed. This directs the OpenLiteSpeed server to use the correct version:

$ sudo ln -sf /usr/local/lsws/lsphp73/bin/lsphp /usr/local/lsws/fcgi-bin/lsphp5

 

OpenLiteSpeed server is installed, we’ll secure it by updating the default admin account.

Step 2 – Configure OpenLiteSpeed & Setting the Admin Password

Configure the administrative password for OpenLiteSpeed web server. By default, the password is set to 123456, so we should change this immediately. We can do this by running a script provided by OpenLiteSpeed:

sudo /usr/local/lsws/admin/misc/admpass.sh

Provide a username for the administrative user as below:

Please specify the user name of administrator.
This is the user name required to login the administration Web interface.
 
User name [admin]: wpcademyadmin
 
Please specify the administrator's password. This is the password required to login the administration Web interface.
 
Password:
Retype password:

Administrator's username/password is updated successfully!

Step 3 – Accessing the OpenLiteSpeed Web Server

OpenLiteSpeed should have started automatically. We can verify this with the following command:

$ sudo /usr/local/lsws/bin/lswsctrl status

Output:

litespeed is running with PID 990.
sudo /usr/local/lsws/bin/lswsctrl start

Output:

[OK] litespeed: pid=5137.

We need to open up some ports on our firewall. Configure Firewall for Port Access. Add the firewall rules:

$ sudo ufw allow http
$ sudo ufw allow https
$ sudo ufw allow 8088
$ sudo ufw allow 7080

ReloAd ufw to effect the changes:

sudo ufw reload

In your web browser, navigate to your server’s domain name or IP address, followed by :8088 to specify the port:

http://server_domain_or_IP:8088

Browser should load the default OpenLiteSpeed web page as seen below:
install openlitespeed ubuntu 18.04

To configure the administrative interface. Got to your web browser, using HTTPS, navigate to your server’s domain name or IP address followed by :7080 to specify the port:

https://server_domain_or_IP:7080

install openlitespeed ubuntu 18.04 and configure admin interface

Enter the admin logins you had created during the OpenLiteSpeed configuration. Once you correctly authenticate, you will be presented with the OpenLiteSpeed administration interface:

openlitespeed-admin-dashboard

Step 4 – Configuring the Port

In the list of listeners, click the “View/Edit” button for the Default listener:

litesped listeners summary port config

Click the edit button in the top-right corner of the “Address Settings” table to modify its values:
modify listener value port

On the next page, then click the floppy disk icon, Save.

change port 8088 to port 80

You’ll need to now open up port 80 on your firewall:

$ sudo ufw allow 80

The default web page should now be accessible in your browser on port 80 instead of port 8088.

Congratulations! You should have OpenLiteSpeed and PHP installed and running on an Ubuntu 18.04 server.

You are running Ubuntu 16.04 : Install OpenLiteSpeed on Ubuntu 16.04

Visit OpenLiteSpeed Official Website fore more details.

How To Install SquirrelMail on CentOS 7

SquirrelMail on CentOS 7

Squirrelmail is one of the most popular Web-based email clients written in PHP. It has built-in pure PHP support for IMAP and SMTP, and it is designed to render all pages in pure HTML 4.0 with no JavaScript required, for maximum compatibility across browsers.

Prerequisites

This article assumes you have at least basic knowledge of Linux, know how to use the shell, and most importantly, you host your site on your own VPS. The installation is quite simple and assumes you are running in the root account, if not you may need to add ‘sudo’ to the commands to get root privileges. I will show you through the step by step installation SquirrelMail email clients on a CentOS 7 server.
Install SquirrelMail on CentOS 7

Step 1. First, let’s start by ensuring your system is up-to-date.

yum clean all
yum install epel-release
yum -y update

Step 2. Installing SquirrelMail on CentOS 7.

Install SquirrelMail using the yum default package manager:

yum install squirrelmail

Step 3. Configure SquirrelMail.

Once the webmail client is installed, you can configure it according to your needs by running the configuration script:

cd /usr/share/squirrelmail/config/
./conf.pl

SquirrelMail Configuration : Read: config.php (1.4.0)
---------------------------------------------------------
Main Menu --
1. Organization Preferences
2. Server Settings
3. Folder Defaults
4. General Options
5. Themes
6. Address Books
7. Message of the Day (MOTD)
8. Plugins
9. Database
10. Languages

D. Set pre-defined settings for specific IMAP servers
C Turn color off
S Save data
Q Quit

Command >>

There are different settings in the configuration file, but the main things that should be checked and configured are:

Set your default domain name (2. Server settings > 1. Domain)
Addresses of IMAP and SMTP servers.
Type of IMAP server.

Step 4. Accessing SquirrelMail.

SquirrelMail will be available on HTTP port 80 by default. Open your favorite browser and navigate to http://yourdomain.com/squirrelmail or http://server-ip/squirrelmail and complete the required the steps to finish the installation.

Congratulations! You have successfully installed SquirrelMail. Thanks for using this tutorial for installing SquirrelMail email clients in CentOS 7 systems. For additional help or useful information, we recommend you to check the official SquirrelMail web site.

How To Install Mantis Bug Tracker on CentOS 7

Mantis Bug Tracker on CentOS 7

Mantis is a free and popular open source bug tracking system. It is written in PHP and supports all types of database server. It provides a professional dashboard to manage bugs assigned to the user. It supports powerful access control which provides per project base user access. It is very flexible, you can customize the issue fields, notifications, and workflow.

Prerequisites

This article assumes you have at least basic knowledge of linux, know how to use the shell, and most importantly, you host your site on your own VPS. The installation is quite simple and assumes you are running in the root account, if not you may need to add ‘sudo’ to the commands to get root privileges. I will show you through the step by step installation Mantis Bug Tracker on a CentOS 7 server.
Install Mantis Bug Tracker on CentOS 7

Step 1. First let’s start by ensuring your system is up-to-date.

yum clean all
yum -y update

Step 2. Install LAMP server.

A CentOS 7 LAMP stack server is required. If you do not have LAMP installed, you can follow our guide here. Also install required PHP modules:

yum -y install php-gd php-imap php-xml php-xmlrpc php-mbstring php-mcrypt php-mssql php-snmp curl curl-devel

Step 3. Installing Mantis Bug Tracker.

First thing to do is to go to Mantis Bug Tracker’s download page and download the latest stable version of Mantis, At the moment of writing this article it is version 2.5.0:

wget https://ncu.dl.sourceforge.net/project/mantisbt/mantis-stable/2.5.0/mantisbt-2.5.0.zip

Unpack the Nextcloud archive to the document root directory on your server:

tar -xpf mantisbt-2.5.0.tar.gz
mv mantisbt-2.4.1 /var/www/html/mantis

We will need to change some folders permissions:

chown apache:apache -R /var/www/html/mantis/

Step 4. Configuring MariaDB for Mantis Bug Tracker.

By default, MariaDB is not hardened. You can secure MariaDB using the mysql_secure_installation script. You should read and below each steps carefully which will set root password, remove anonymous users, disallow remote root login, and remove the test database and access to secure MariaDB.

mysql_secure_installation

Configure it like this:

- Set root password? [Y/n] y
- Remove anonymous users? [Y/n] y
- Disallow root login remotely? [Y/n] y
- Remove test database and access to it? [Y/n] y
- Reload privilege tables now? [Y/n] y

Next we will need to log in to the MariaDB console and create a database for the Mantis Bug Tracker. Run the following command:

mysql -u root -p

This will prompt you for a password, so enter your MariaDB root password and hit Enter. Once you are logged in to your database server you need to create a database for Mantis Bug Tracker installation:

MariaDB [(none)]> CREATE DATABASE mantisdb;
MariaDB [(none)]> GRANT ALL PRIVILEGES ON mantisdb.* TO 'mantis'@'localhost' IDENTIFIED BY 'mantispassword';
MariaDB [(none)]> FLUSH PRIVILEGES;
MariaDB [(none)]> \q

Step 5. Configuring Apache web server for Mantis Bug Tracker.

We will create Apache virtual host for your Nextcloud website. First create ‘/etc/httpd/conf.d/vhosts.conf’ file with using a text editor of your choice:

nano /etc/httpd/conf.d/vhosts.conf
IncludeOptional vhosts.d/*.conf

Next, create the virtual host:

mkdir /etc/httpd/vhosts.d/
nano /etc/httpd/vhosts.d/yourdomain.com.conf

Add the following lines:

ServerAdmin [email protected]
DocumentRoot "/var/www/html/mantis/"
ServerName yourdomain.com
ServerAlias www.yourdomain.com
ErrorLog "/var/log/httpd/yourdomain.com-error_log"
CustomLog "/var/log/httpd/yourdomain.com-access_log" combined

<Directory "/var/www/html/mantis/">
DirectoryIndex index.html index.php
Options FollowSymLinks
AllowOverride All
Require all granted

Save and close the file. Restart the apache service for the changes to take effects:

systemctl restart httpd.service
systemctl enable httpd.service

Step 6. Accessing Mantis Bug Tracker.

Mantis Bug Tracker will be available on HTTP port 80 by default. Open your favorite browser and navigate to http://yourdomain.com/mantis/admin/install.php or http://server-ip/mantis/admin/install.php and complete the required the steps to finish the installation. If you are using a firewall, please open port 80 to enable access to the control panel.

Congratulation’s! You have successfully installed Mantis. Thanks for using this tutorial for installing Mantis free open source bug tracking system on your CentOS 7 system. For additional help or useful information, we recommend you to check the official Mantis Bug Tracker web site.

How To Install Let’s Encrypt SSL With Nginx on CentOS 7

Let’s Encrypt SSL With Nginx on CentOS 7

LetsEncrypt is a free open certificate authority (CA) that provides free certificates for websites and other services. The service, which is backed by the Electronic Frontier Foundation, Mozilla, Cisco Systems, and Akamai. Unfortunately, LetsEncrypt.org certificates currently have a 3 month lifetime. This means you’ll need to renew your certificate quarterly for now.

Prerequisites

This article assumes you have at least basic knowledge of linux, know how to use the shell, and most importantly, you host your site on your own VPS. The installation is quite simple and assumes you are running in the root account, if not you may need to add ‘sudo’ to the commands to get root privileges. I will show you through the step by step installation Let’s Encrypt SSL with Nginx on a CentOS 7 server.
Install Let’s Encrypt SSL With Nginx on CentOS 7

Step 1. First let’s start by ensuring your system is up-to-date.

yum clean all
yum -y update
Step 2. Installing Let’s Encrypt SSL on CentOS 7.

In CentOS 7, you can find Certbot on the EPEL repository; if you enable it, just install what you need:
yum install epel-release
yum install certbot

You will also need to have nginx installed and running. Of course, if you are adding certificates onto a previously configured web host this would already be installed:

yum install nginx
systemctl start nginx

The first step to install let’s encrypt ssl on CentOS Linux is to add a simple configuration inside your nginx virtual host configuration. Add this line to your vhost configuration:

location ~ /.well-known {
allow all;
}

Save and exit to apply changes:

nginx -t
systemctl restart nginx

Obtaining a certificate with Certbot:

Run the command as you see below, replace “wpcademy.com” with your real domain name and /var/www/wpcademy.com with your real webroot path:

certbot certonly -a webroot --webroot-path=/var/www/wpcademy.com -d wpcademy.com -d www.wpcademy.com

Result:

[[email protected]:~]certbot certonly -a webroot --webroot-path=/var/www/wpcademy.com -d wpcademy.com -d www.wpcademy.com
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for wpcademy.com
Using the webroot path /var/www/html for all unmatched domains.
Waiting for verification...
Cleaning up challenges
Generating key (2048 bits): /etc/letsencrypt/keys/0001_key-certbot.pem
Creating CSR: /etc/letsencrypt/csr/0001_csr-certbot.pem
IMPORTANT NOTES:
- Congratulations! Your certificate and chain have been saved at
/etc/letsencrypt/live/idroot.us/fullchain.pem. Your cert
will expire on 2017-07-16. To obtain a new or tweaked version of
this certificate in the future, simply run certbot again. To
non-interactively renew *all* of your certificates, run "certbot
renew"
- If you like Certbot, please consider supporting our work by:

Donating to ISRG / Let's Encrypt: https://letsencrypt.org/donate
Donating to EFF: https://eff.org/donate-le
[[email protected]:~]

Step 3. Configure Let’s Encrypt TLS/SSL on Nginx Web Server.

First, edit the Virtual Host file you specified during configuration through Certbot and add this three directives:

listen 443 ssl http2;
ssl_certificate /etc/letsencrypt/live/idroot.us/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/idroot.us/privkey.pem;

The full nginx vhost configuration may look like this:

server {
listen 80;
server_name wpcademy.com www.wpcademy.com;
rewrite ^(.*) https://wpcademy.com$1 permanent;
}

server {
access_log off;
log_not_found off;
error_log logs/idroot.us-error_log warn;

server_name wpcademy.com;
root /var/www/wpcademy.com;
index index.php index.html index.htm;

listen 443 ssl http2;
ssl_certificate /etc/letsencrypt/live/wpcademy.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/wpcademy.com/privkey.pem;

## Stuff required by certbot
location ~ /.well-known {
allow all;
}

## SSL
ssl_session_cache shared:SSL:20m;
ssl_session_timeout 10m;

ssl_prefer_server_ciphers On;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AESGCM:RSA+AES:RSA+3DES:!aNULL:!MD5:!DSS;

ssl_stapling on;
ssl_stapling_verify on;
resolver 8.8.8.8 8.8.4.4 valid=300s;
resolver_timeout 10s;

access_log /var/www/wpcademy.com/logs/access.log;
error_log /var/www/wpcademy.com/logs/error.log;

# php-script handler
location ~ \.php$ {
fastcgi_index index.php;
fastcgi_pass 127.0.0.1:9000; fastcgi_read_timeout 150;
root /var/www/wpcademy.com/public_html;
fastcgi_param SCRIPT_FILENAME /var/www/idroot.us$fastcgi_script_name;
include /etc/nginx/fastcgi_params;
}
location ~ /\.ht {
deny all;
}
}

Step 5. Set Up Let’s Encrypt SSL Auto Renewal.

We will add a cronjob to run the renewal command every week, run this command:

export VISUAL=nano; crontab -e

Paste the following lines:

01 1 * * 0 /usr/bin/certbot renew >> /var/log/ssl-renew.log
06 1 * * 0 /usr/bin/systemctl nginx reload

Save and Exit from the crontab table.

This will create a new cronjob that will be executed every Sunday at 01 AM, and then it will reload Nginx web server to apply the changes. The output will be logged into /var/log/ssl-renew.log file for further analysis if needed.

Congratulation’s! You have successfully installed Let’s Encrypt. Thanks for using this tutorial for installing Let’s Encrypt SSL on CentOS 7 system. For additional help or useful information, we recommend you to check the official Let’s Encrypt web site.

How To Install Cerb on CentOS 7

Cerb on CentOS 7

Cerb is an open-source application for web-based collaboration and automation. Cerb can also be used for sending a high volume of emails. Cerb is written in PHP and uses MySQL/MariaDB to store its data

Prerequisites

This article assumes you have at least basic knowledge of linux, know how to use the shell, and most importantly, you host your site on your own VPS. The installation is quite simple and assumes you are running in the root account, if not you may need to add ‘sudo’ to the commands to get root privileges. I will show you through the step by step installation Cerb on a CentOS 7 server.
Install Cerb on CentOS 7

Step 1. First let’s start by ensuring your system is up-to-date.

yum clean all
yum -y install epel-release
yum -y update

Step 2. Install LAMP server.

A CentOS 7 LAMP stack server is required. If you do not have a LAMP installed, you can follow our guide here. Also install required PHP modules:

yum install install php70w-cli php70w-pear php70w-gd php70w-xml php70w-curl php70w-gmp php70w-pdo php70w-mysql php70w-zip php70w-mbstring php70w-mcrypt

Once the installation is finished, you will need to modify the php.ini configuration file:

nano /etc/php.ini

Change the following line:

memory_limit = 128M # 128M or Higher according to the memory available
upload_max_filesize = 2M # 32M or Higher
post_max_size = 8M # 32M or Higher
;upload_tmp_dir = # Uncomment and change it to upload_tmp_dir = /tmp

Step 3. Configuring MariaDB for Cerb.

By default, MariaDB is not hardened. You can secure MariaDB using the mysql_secure_installation script. you should read and below each steps carefully which will set root password, remove anonymous users, disallow remote root login, and remove the test database and access to secure MariaDB:

mysql_secure_installation

Configure it like this:

- Set root password? [Y/n] y
- Remove anonymous users? [Y/n] y
- Disallow root login remotely? [Y/n] y
- Remove test database and access to it? [Y/n] y
- Reload privilege tables now? [Y/n] y

Next we will need to log in to the MariaDB console and create a database for the Cerb. Run the following command:

mysql -u root -p

This will prompt you for a password, so enter your MariaDB root password and hit Enter. Once you are logged in to your database server you need to create a database for Cerb installation:

CREATE DATABASE cerb_data;
CREATE USER 'cerb_user'@'localhost' IDENTIFIED BY 'StrongPassword';
GRANT ALL PRIVILEGES ON cerb_data.* TO 'cerb_user'@'localhost';
FLUSH PRIVILEGES;
EXIT;

Step 4. Installing Cerb.

Once Database is configured, you will need to install Cerb. You can download the latest version of Cerb from GitHub repository with the following command:

yum -y install git
cd /var/www/html
git clone git://github.com/wgm/cerb.git cerb

Next, you’ll have to change proper ownership and provide file permissions, you can do so using following command:

cd /var/www/html/cerb
chown -R apache:apache .
chmod -R u+w framework.config.php storage

Step 5. Configure Firewall for Cerb.

You may also need to allow HTTP traffic on port 80 through the system firewall:

firewall-cmd --zone=public --permanent --add-service=http
firewall-cmd --reload

Step 6. Accessing Cerb.

Cerb will be available on HTTP port 80 by default. Open your favorite browser and navigate to http://yourdomain.com/cerb or http://server-ip/cerb and complete the required the steps to finish the installation.

Congratulation’s! You have successfully installed Cerb. Thanks for using this tutorial for installing Cerb on CentOS 7 system. For additional help or useful information, we recommend you to check the official Cerb web site.

How To Install Mail Server With PostfixAdmin on CentOS 7

Mail Server With PostfixAdmin on CentOS 7

Postfixadmin is a web frontend to the mysql or mariaDB database used by Postfix. With Postfixadmin we can easily manage from a web browser our Postfix service, adding and removing mail users and domains, mail aliases, disk quotas, etc.

Prerequisites

This article assumes you have at least basic knowledge of linux, know how to use the shell, and most importantly, you host your site on your own VPS. The installation is quite simple and assumes you are running in the root account, if not you may need to add ‘sudo’ to the commands to get root privileges. I will show you through the step by step installation Seafile Secure Cloud Storage on a CentOS 7 server.
Install Mail Server With PostfixAdmin on CentOS 7

Step 1. First, let’s start by ensuring your system is up-to-date.

yum clean all
yum -y update

Step 2. Install LAMP server.

A CentOS 7 LAMP stack server is required. If you do not have a LAMP installed, you can follow our guide here. Also install required PHP modules:

yum install php70w-cli php70w-gd php70w-xml php70w-curl php70w-mysql php70w-zip php70w-mbstring php70w-mcrypt

Step 3. Configuring MariaDB for PostfixAdmin.

By default, MariaDB is not hardened. You can secure MariaDB using the mysql_secure_installation script. You should read and below each step carefully which will set the root password, remove anonymous users, disallow remote root login, and remove the test database and access to secure MariaDB:

mysql_secure_installation

Configure it like this:

- Set root password? [Y/n] y
- Remove anonymous users? [Y/n] y
- Disallow root login remotely? [Y/n] y
- Remove test database and access to it? [Y/n] y
- Reload privilege tables now? [Y/n] y

Next we will need to log in to the MariaDB console and create a database for the PostfixAdmin. Run the following command:

mysql -u root -p

This will prompt you for a password, so enter your MariaDB root password and hit Enter. Once you are logged in to your database server you need to create a database for PostfixAdmin installation:

CMariaDB [(none)]> CREATE DATABASE postfixadmin;
MariaDB [(none)]> GRANT ALL PRIVILEGES ON postfixadmin.* TO 'postfixadmin'@'localhost' IDENTIFIED BY 'strong_password';
MariaDB [(none)]> FLUSH PRIVILEGES;
MariaDB [(none)]> \q

Step 4. Installing PostfixAdmin.

The first thing to do is to go to PostfixAdmin’s download page and download the latest stable version of PostfixAdmin:

wget -q -O - "https://downloads.sourceforge.net/project/postfixadmin/postfixadmin/postfixadmin-3.0.2/postfixadmin-3.0.2.tar.gz" | tar -xzf - -C /var/www/html

Open the mail configuration file:

nano /var/www/html/postfixadmin-3.0.2/config.inc.php

Edit the following values:

$CONF['configured'] = true;
$CONF['database_type'] = 'mysqli';
$CONF['database_host'] = 'localhost';
$CONF['database_user'] = 'postfixadmin';
$CONF['database_password'] = 'strong_password';
$CONF['database_name'] = 'postfixadmin';
$CONF['domain_path'] = 'NO';
$CONF['domain_in_mailbox'] = 'YES';

Now you need to assign the ownership of the files and folders to Apache’s user and group. To do so, the command is:

chown -R apache: /var/www/html/postfixadmin-3.0.2

To populate the database go to https://Your_IP_Address/postfixadmin-3.0.2/setup.php and you should see something like below:

Testing database connection - OK - mysqli://postfixadmin:xxxxx@localhost/postfixadmin
Everything seems fine... attempting to create/update database structure

Create a new admin user:

bash /var/www/html/postfixadmin-3.0.2/scripts/postfixadmin-cli admin add admin@your_domain_wpcademy.com --password strong_password22 --password2 strong_password22 --superadmin 1 --active 1
<.pre>

Step 5. Installing and configure Postfix.

Install postfix with the following command:
yum -y install postfix

Once the installation is completed, we need to create configuration files:

mkdir -p /etc/postfix/sql/
nano /etc/postfix/sql/mysql_virtual_alias_domain_catchall_maps.cf

Edit the following values:

user = postfixadmin
password = strong_password
hosts = localhost
dbname = postfixadmin
query = SELECT goto FROM alias,alias_domain WHERE alias_domain.alias_domain = '%d' and alias.address = CONCAT('@', alias_domain.target_domain) AND alias.active = 1 AND alias_domain.active='1'
nano /etc/postfix/sql/mysql_virtual_alias_domain_mailbox_maps.cf

Edit the following values:

user = postfixadmin
password = strong_password
hosts = localhost
dbname = postfixadmin
query = SELECT maildir FROM mailbox,alias_domain WHERE alias_domain.alias_domain = '%d' and mailbox.username = CONCAT('%u', '@', alias_domain.target_domain) AND mailbox.active = 1 AND alias_domain.active='1'
nano /etc/postfix/sql/mysql_virtual_alias_domain_maps.cf

Edit the following values:

user = postfixadmin
password = strong_password
hosts = localhost
dbname = postfixadmin
query = SELECT goto FROM alias,alias_domain WHERE alias_domain.alias_domain = '%d' and alias.address = CONCAT('%u', '@', alias_domain.target_domain) AND alias.active = 1 AND alias_domain.active='1'
nano /etc/postfix/sql/mysql_virtual_alias_maps.cf

Edit the following values:

user = postfixadmin
password = strong_password
hosts = localhost
dbname = postfixadmin
query = SELECT goto FROM alias WHERE address='%s' AND active = '1'
#expansion_limit = 100
nano /etc/postfix/sql/mysql_virtual_domains_maps.cf

Edit the following values:

user = postfixadmin
password = strong_password
hosts = localhost
dbname = postfixadmin
query = SELECT domain FROM domain WHERE domain='%s' AND active = '1'
#query = SELECT domain FROM domain WHERE domain='%s'
#optional query to use when relaying for backup MX
#query = SELECT domain FROM domain WHERE domain='%s' AND backupmx = '0' AND active = '1'
#expansion_limit = 100
nano /etc/postfix/sql/mysql_virtual_mailbox_limit_maps.cf

Edit the following values:

user = postfixadmin
password = strong_password
hosts = localhost
dbname = postfixadmin
query = SELECT quota FROM mailbox WHERE username='%s' AND active = '1'
nano /etc/postfix/sql/mysql_virtual_mailbox_maps.cf

Edit the following values:

user = postfixadmin
password = strong_password
hosts = localhost
dbname = postfixadmin
query = SELECT maildir FROM mailbox WHERE username='%s' AND active = '1'
#expansion_limit = 100

Next, edit the main.cf file:

postconf -e "myhostname = $(hostname -f)"

postconf -e "virtual_mailbox_domains = proxy:mysql:/etc/postfix/sql/mysql_virtual_domains_maps.cf"
postconf -e "virtual_alias_maps = proxy:mysql:/etc/postfix/sql/mysql_virtual_alias_maps.cf, proxy:mysql:/etc/postfix/sql/mysql_virtual_alias_domain_maps.cf, proxy:mysql:/etc/postfix/sql/mysql_virtual_alias_domain_catchall_maps.cf"
postconf -e "virtual_mailbox_maps = proxy:mysql:/etc/postfix/sql/mysql_virtual_mailbox_maps.cf, proxy:mysql:/etc/postfix/sql/mysql_virtual_alias_domain_mailbox_maps.cf"
postconf -e "smtpd_tls_cert_file = /etc/pki/tls/certs/localhost.crt"
postconf -e "smtpd_tls_key_file = /etc/pki/tls/private/localhost.key"
postconf -e "smtpd_use_tls = yes"
postconf -e "smtpd_tls_auth_only = yes"
postconf -e "smtpd_sasl_type = dovecot"
postconf -e "smtpd_sasl_path = private/auth"
postconf -e "smtpd_sasl_auth_enable = yes"
postconf -e "smtpd_recipient_restrictions = permit_sasl_authenticated, permit_mynetworks, reject_unauth_destination"
postconf -e "mydestination = localhost"
postconf -e "mynetworks = 127.0.0.0/8"
postconf -e "inet_protocols = ipv4"
postconf -e "inet_interfaces = all"
postconf -e "virtual_transport = lmtp:unix:private/dovecot-lmtp"

Open the master.cf file, find submission inet n and smtps inet n sections and edit as follows:

nano /etc/postfix/master.cf

Edit the following values:

submission inet n - n - - smtpd
-o syslog_name=postfix/submission
-o smtpd_tls_security_level=encrypt
-o smtpd_sasl_auth_enable=yes
# -o smtpd_reject_unlisted_recipient=no
# -o smtpd_client_restrictions=$mua_client_restrictions
# -o smtpd_helo_restrictions=$mua_helo_restrictions
# -o smtpd_sender_restrictions=$mua_sender_restrictions
# -o smtpd_recipient_restrictions=
-o smtpd_relay_restrictions=permit_sasl_authenticated,reject
-o milter_macro_daemon_name=ORIGINATING
smtps inet n - n - - smtpd
-o syslog_name=postfix/smtps
# -o smtpd_tls_wrappermode=yes
-o smtpd_sasl_auth_enable=yes
# -o smtpd_reject_unlisted_recipient=no
# -o smtpd_client_restrictions=$mua_client_restrictions
# -o smtpd_helo_restrictions=$mua_helo_restrictions
# -o smtpd_sender_restrictions=$mua_sender_restrictions
# -o smtpd_recipient_restrictions=
-o smtpd_relay_restrictions=permit_sasl_authenticated,reject
-o milter_macro_daemon_name=ORIGINATING

Finally, enable the postfix service:

systemctl enable postfix
systemctl restart postfix

Step 6. Installing and Configure Dovecot.

Install dovecot using the command bellow:

yum install dovecot dovecot-mysql

Open the /etc/dovecot/conf.d/10-mail.conf file:

nano /etc/dovecot/conf.d/10-mail.conf

Change the following values:

mail_location = maildir:/var/vmail/%d/%n
mail_privileged_group = mail
mail_uid = vmail
mail_gid = mail
first_valid_uid = 150
last_valid_uid = 150

Open the /etc/dovecot/conf.d/10-auth.conf file:

nano /etc/dovecot/conf.d/10-auth.conf

Change the following values:

auth_mechanisms = plain login
#!include auth-system.conf.ext
!include auth-sql.conf.ext

Create a new dovecot-sql.conf.ext file:

nano /etc/dovecot/dovecot-sql.conf.ext

Edit the following values:

driver = mysql
connect = host=localhost dbname=postfixadmin user=postfixadmin password=strong_password
default_pass_scheme = MD5-CRYPT
password_query = SELECT username as user, password, '/var/vmail/%d/%n' as userdb_home, 'maildir:/var/vmail/%d/%n' as userdb_mail, 150 as userdb_uid, 8 as userdb_gid FROM mailbox WHERE username = '%u' AND active = '1'
user_query = SELECT '/var/vmail/%d/%u' as home, 'maildir:/var/vmail/%d/%u' as mail, 150 AS uid, 8 AS gid, concat('dirsize:storage=', quota) AS quota FROM mailbox WHERE username = '%u' AND active = '1'

In the /etc/dovecot/conf.d/10-ssl.conf file enable SSL support:

ssl = yes

Open the /etc/dovecot/conf.d/15-lda.conf file and set the postmaster_address email address:

postmaster_address = postmaster@your_domain_name.com

Open the /etc/dovecot/conf.d/10-master.conf file, find the service lmtp section and change it to:

service lmtp {
unix_listener /var/spool/postfix/private/dovecot-lmtp {
mode = 0600
user = postfix
group = postfix
}
}

Find the service auth section and change it to:

service auth {
unix_listener /var/spool/postfix/private/auth {
mode = 0666
user = postfix
group = postfix
}
unix_listener auth-userdb {
mode = 0600
user = vmail
#group = vmail
}
user = dovecot
}

Change the service auth-worker section to the following:

service auth-worker {
user = vmail
}

Now you need to assign the ownership of the files and folders. To do so, the command is:

chown -R vmail:dovecot /etc/dovecot
chmod -R o-rwx /etc/dovecot

Finally, enable and restart the dovecot service:

systemctl enable dovecot
systemctl restart dovecot

Step 7. Installing and configure Spamassassin.

Install spamassassin using the command bellow:

yum -y install spamassassin

Create a spamassassin system user:

groupadd spamd
useradd -g spamd -s /bin/false -d /var/log/spamassassin spamd
chown spamd:spamd /var/log/spamassassin

Next, configure Postfix to use SpamAssassin:

nano /etc/postfix/master.cf

Change values:

smtp inet n - n - - smtpd

With:

smtp inet n - n - - smtpd -o content_filter=spamassassin

Add the following line at the end of the file:

systemctl enable spamassassin
systemctl restart spamassassin

Finally, restart the postfix service:

systemctl restart postfix

Step 8. Accessing PostfixAdmin.

If everything is set up correctly now you should be able to log in to your PostfixAdmin backend by going to http://Your_IP_Address/postfixadmin-3.0.2.2 and create your first virtual domain and mailbox.

Congratulation’s! You have successfully installed PostfixAdmin. Thanks for using this tutorial for installing Mail Server With PostfixAdmin on CentOS 7 system. For additional help or useful information, we recommend you to check the official PostfixAdmin web site.