Categories
Linux

ISPConfig

And the Pied Piper.

ISPConfig is an open source hosting control panel for Linux (preferably Debian). It allows multiple server management from one control panel includes web server management, mail server management, and DNS server management.

For strict privacy policy websites disable the web statistics program.

To create resources for some client use the feature “login as client”.

To change the code configuration use the path /usr/local/ispconfig/server/conf-custom/.

To activate SSL for a website, first enable the SSL and than the Let’s Encrypt SSL, you may use the Rewrite HTTP to HTTPS and SEO Redirect (domain.tld => www.domain.tld, after creating automatic www subdomain) options. To clean old SSL certificates use the command (newer certificates will have higher suffix number):

certbot delete

To use ISPConfig behind NAT, enable the Skip Lets Encrypt Check option (System => Server Config => Web => SSL Settings), use the WAN IP in DNS Settings and Website Settings, and the LAN IP in Server Config and Server IP Addresses.

For better recovering process enable rescue option (Server Config tab).

To restore a website from a server backup, it is possible to export and import the website files & database backup and the relevant backup record from the ISPConfig database, to manual run all the configured backups use the command:

php /usr/local/ispconfig/server/cron_debug.php --cronjob=500-backup.inc.php

To enhance the email policy edit the directives in /etc/postfix/main.cf:

smtpd_helo_required = yes
smtpd_helo_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_non_fqdn_helo_hostname, reject_invalid_helo_hostname
smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_invalid_hostname, reject_non_fqdn_hostname, reject_unknown_recipient_domain, reject_non_fqdn_recipient, reject_unauth_destination, reject_non_fqdn_sender, reject_unknown_sender_domain, reject_unknown_recipient_domain, reject_rbl_client cbl.abuseat.org,reject_rbl_client dul.dnsbl.sorbs.net,reject_rbl_client ix.dnsbl.manitu.net, check_recipient_access mysql:/etc/postfix/mysql-virtual_recipient.cf, reject_unauth_destination
smtpd_client_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unknown_client_hostname, check_client_access mysql:/etc/postfix/mysql-virtual_client.cf

To workaround the CSRF block while deleting resources, delete it directly inside the Database.

As you probably have noticed- the oldest written accounts of the Pied Piper of Hamelin was created in L√ľneburg, the same town the ISPConfig software is developed.

Leave a Reply

Your email address will not be published. Required fields are marked *