banner ad

Debian Sarge (3.1) with Ruby on Rails and Apache 2 with FastCGI Page 3

By admin on May 13, 2010 with Comments 0

This HowTo will step you through installing Debian (Sarge) with Ruby on Rails and Apache 2 with FastCGImanaged with ISPConfig.

Install MySQL

apt-get install mysql-server mysql-client libmysqlclient12-dev

Set your mysql root password

mysqladmin -u root password yourrootsqlpassword
mysqladmin -h server1.example.com -u root password yourrootsqlpassword

When you run netstat -tap you should now see a line like this:

tcp00 localhost.localdo:mysql *:*

which means that MySQL is accessible on 127.0.0.1 on port 3306. You can go to the next section (Postfix).If you do not see this line, edit /etc/mysql/my.cnf and comment out skip-networking:

# skip-networking

If you want MySQL to listen on all available IP addresses, edit /etc/mysql/my.cnf and comment outbind-address = 127.0.0.1:

# bind-address = 127.0.0.1

If you had to edit /etc/mysql/my.cnf you have to restart MySQL:

/etc/init.d/mysql restart

Install Postfix/POP3/IMAP

In order to install Postfix with SMTP-AUTH and TLS as well as a POP3 server that also does POP3s (port 995)and an IMAP server that is also capable of IMAPs (port 993) do the following steps:

apt-get install postfix postfix-tls libsasl2 sasl2-bin libsasl2-modules ipopd-ssl uw-imapd-ssl

To the prompts answer:

Continue installing libc-client without Maildir support? answer No
Which ports should the server listen on? answer pop3 and pop3s
Enforce port selection?answer No
Which ports should the server listen on? answer imap2 and ipmaps
Enforce port selection?answer No
General type of configuration? answer Internet Site
Where should mail for root goanswer NONE
Mail name? answer server1.example.com
Other destinations to accept mail for? (blank for none)answer server1.example.com, localhost.example.com, localhost
Force synchronous updates on mail queue? answer No

Now configure postfix:

postconf -e ‘smtpd_sasl_local_domain =’
postconf -e ‘smtpd_sasl_auth_enable = yes’
postconf -e ‘smtpd_sasl_security_options = noanonymous’
postconf -e ‘broken_sasl_auth_clients = yes’
postconf -e ‘smtpd_recipient_restrictions = permit_sasl_authenticated,permit_mynetworks,reject_unauth_destination’
postconf -e ‘inet_interfaces = all’
echo ‘pwcheck_method: saslauthd’ >> /etc/postfix/sasl/smtpd.conf
echo ‘mech_list: plain login’ >> /etc/postfix/sasl/smtpd.conf

Set up SSL

mkdir /etc/postfix/ssl
cd /etc/postfix/ssl/
openssl genrsa -des3 -rand /etc/hosts -out smtpd.key 1024

You must enter a pass phrase for the smtpd.key4 to 8191 characers

chmod 600 smtpd.key
openssl req -new -key smtpd.key -out smtpd.csr

Fill in the certificate request or take the defaults

openssl x509 -req -days 3650 -in smtpd.csr -signkey smtpd.key -out smtpd.crt

You must enter the pass phrase you entered earlier for the smtpd.key

openssl rsa -in smtpd.key -out smtpd.key.unencrypted

You must enter the pass phrase you entered earlier for the smtpd.key

mv -f smtpd.key.unencrypted smtpd.key

openssl req -new -x509 -extensions v3_ca -keyout cakey.pem -out cacert.pem -days 3650

Fill in the certificate request or take the defaults

Do some more postfix config

postconf -e ‘smtpd_tls_auth_only = no’
postconf -e ‘smtp_use_tls = yes’
postconf -e ‘smtpd_use_tls = yes’
postconf -e ‘smtp_tls_note_starttls_offer = yes’
postconf -e ‘smtpd_tls_key_file = /etc/postfix/ssl/smtpd.key’
postconf -e ‘smtpd_tls_cert_file = /etc/postfix/ssl/smtpd.crt’
postconf -e ‘smtpd_tls_CAfile = /etc/postfix/ssl/cacert.pem’
postconf -e ‘smtpd_tls_loglevel = 1′
postconf -e ‘smtpd_tls_received_header = yes’
postconf -e ‘smtpd_tls_session_cache_timeout = 3600s’
postconf -e ‘tls_random_source = dev:/dev/urandom’

The file /etc/postfix/main.cf should now look like this:

joe /etc/postfix/main.cf 

# See /usr/share/postfix/main.cf.dist for a commented, more complete version

smtpd_banner = $myhostname ESMTP $mail_name (Debian/GNU)biff = no

# appending .domain is the MUA's job.append_dot_mydomain = no

# Uncomment the next line to generate "delayed mail" warnings#delay_warning_time = 4h

myhostname = server1.example.comalias_maps = hash:/etc/aliasesalias_database = hash:/etc/aliasesmyorigin = /etc/mailnamemydestination = server1.example.com, localhost.example.com, localhostrelayhost =mynetworks = 127.0.0.0/8mailbox_command = procmail -a "$EXTENSION"mailbox_size_limit = 0recipient_delimiter = +inet_interfaces = allsmtpd_sasl_local_domain = smtpd_sasl_auth_enable = yessmtpd_sasl_security_options = noanonymousbroken_sasl_auth_clients = yessmtpd_recipient_restrictions = permit_sasl_authenticated,permit_mynetworks,reject_unauth_destinationsmtpd_tls_auth_only = nosmtp_use_tls = yessmtpd_use_tls = yessmtp_tls_note_starttls_offer = yessmtpd_tls_key_file = /etc/postfix/ssl/smtpd.keysmtpd_tls_cert_file = /etc/postfix/ssl/smtpd.crtsmtpd_tls_CAfile = /etc/postfix/ssl/cacert.pemsmtpd_tls_loglevel = 1smtpd_tls_received_header = yessmtpd_tls_session_cache_timeout = 3600stls_random_source = dev:/dev/urandom

Restart postfix

/etc/init.d/postfix restart

Authentication will be done by saslauthd. We have to change a few things to make it work properly.Because Postfix runs chrooted in /var/spool/postfix we have to do the following:

mkdir -p /var/spool/postfix/var/run/saslauthd

Now we have to edit /etc/default/saslauthd in order to activate saslauthd.Remove # in front of START=yes and add the line PARAMS=”-m /var/spool/postfix/var/run/saslauthd -r”:

joe /etc/default/saslauthd 

# This needs to be uncommented before saslauthd will be run automaticallySTART=yes

PARAMS="-m /var/spool/postfix/var/run/saslauthd -r"

# You must specify the authentication mechanisms you wish to use.# This defaults to "pam" for PAM support, but may also include# "shadow" or "sasldb", like this:# MECHANISMS="pam shadow"

MECHANISMS="pam"

Now start saslauthd:

/etc/init.d/saslauthd start

Next we create the file /etc/c-client.cf:

echo “I accept the risk” > /etc/c-client.cf
echo “set disable-plaintext 0″ >> /etc/c-client.cf

Now restart inetd:

/etc/init.d/inetd restart

If we don’t do this, then our POP3/IMAP logins will fail.

To see if SMTP-AUTH and TLS work properly now run the following command:

telnet localhost 25

After you have established the connection to your postfix mail server type

ehlo localhost

If you see the lines:

250-STARTTLS

and

250-AUTH

everything is fine.

Type

quit

to return to the system’s shell.

Install Courier-IMAP/Courier-POP3 with Maildir support

apt-get install courier-imap courier-imap-ssl courier-pop courier-pop-ssl

To the prompts:

Create directories for web-based administration ?answer No
SSL certificate required answer OK

Then configure Postfix to deliver emails to a user’s Maildir*:

postconf -e ‘home_mailbox = Maildir/’
postconf -e ‘mailbox_command =’
/etc/init.d/postfix restart

up

Copyright © 2006 Tom Willett
All Rights Reserved.
Digg This
Reddit This
Stumble Now!
Buzz This
Vote on DZone
Share on Facebook
Bookmark this on Delicious
Kick It on DotNetKicks.com
Shout it
Share on LinkedIn
Bookmark this on Technorati
Post on Twitter
Google Buzz (aka. Google Reader)

Filed Under: Debian

Tags:

RSSComments (0)

Trackback URL

Leave a Reply




If you want a picture to show with your comment, go get a Gravatar.