ISPConfig is an open source hosting control panel for Linux, it allows multiple server management from one control panel includes web server management, mail server management, and DNS server management.

Comply with strict privacy policy websites- disable the web statistics program.

Create users- it is required to set permanent customer no., create resources for him with the feature “login as client”.

Change the server configuration use the path /usr/local/ispconfig/server/conf-custom/ and for the inteface configuration /usr/local/ispconfig/interface/lib/

Activate SSL for a website- first enable the SSL and then the Let’s Encrypt SSL, you can use the rewrite HTTP to HTTPS and SEO Redirect (domain.tld => www.domain.tld, after creating automatic www subdomain) options. Clean old SSL certificates- use the command (newer certificates will have higher suffix number):

certbot delete

Run WordPress / WooCommerce website with SSL in reverse proxy- add the directive to wp-config.php:

$_SERVER['HTTPS'] = 'on';

Use ISPConfig behind NAT– enable the Skip Lets Encrypt Check option (System => Server Config => Web => SSL Settings), use the WAN IP in DNS Settings and Website Settings, and the LAN IP in Server Config and Server IP Addresses.

Config a reverse proxy in Apache web server, which keeps the original reciever address and don’t pass the SSL certificates requests use those directives:

ProxyPreserveHost On
ProxyPass /.well-known/acme-challenge !
ProxyPass /$PATH http://$LAN-IP:$PORT/$PATH
ProxyPassReverse /$PATH http://$LAN-IP:$PORT/$PATH
ProxyPass / http://$LAN-IP:$PORT/
ProxyPassReverse / http://$LAN-IP:$PORT/ 

Recover better- enable rescue option (Server Config tab).

Restore a website from a server backup- it is possible to export and import the website files & database backup and the relevant backup record from the ISPConfig database.

Enhance the email policy- edit the directives in /etc/postfix/

smtpd_helo_required = yes
smtpd_helo_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_non_fqdn_helo_hostname, reject_invalid_helo_hostname
smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_invalid_hostname, reject_non_fqdn_hostname, reject_unknown_recipient_domain, reject_non_fqdn_recipient, reject_unauth_destination, reject_non_fqdn_sender, reject_unknown_sender_domain, reject_unknown_recipient_domain, reject_rbl_client,reject_rbl_client,reject_rbl_client, check_recipient_access mysql:/etc/postfix/, reject_unauth_destination
smtpd_client_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unknown_client_hostname, check_client_access mysql:/etc/postfix/

Improve the successfull mail delivery rate from the server:

  • Set up for the domain names: SPF, DKIM, DMARC
  • Make sure the server hostname appear at the A record, rDNS, server control panel, MTA (includes mailname), and content filter configuration values

Use PureFTP in passive mode (allows using behind firewall)- use the commands (and open the same ports at the firewall):

echo "30510 30610" > /etc/pure-ftpd/conf/PassivePortRange
service pure-ftpd-mysql restart

Leave a comment

Your email address will not be published. Required fields are marked *