ISPConfig is an open source hosting control panel for Linux, it allows multiple server management from one control panel includes web server management, mail server management, and DNS server management.
Create users- it is required to set permanent customer no., create resources for him with the feature “login as client”.
Change the server configuration use the path
/usr/local/ispconfig/server/conf-custom/ and for the inteface configuration
Activate SSL for a website- first enable the SSL and then the Let’s Encrypt SSL, you may use the Rewrite HTTP to HTTPS and SEO Redirect (domain.tld => www.domain.tld, after creating automatic www subdomain) options. Clean old SSL certificates- use the command (newer certificates will have higher suffix number):
Run WordPress / WooCommerce website with SSL in reverse proxy- add the directive to
$_SERVER['HTTPS'] = 'on';
Use ISPConfig behind NAT– enable the Skip Lets Encrypt Check option (System => Server Config => Web => SSL Settings), use the WAN IP in DNS Settings and Website Settings, and the LAN IP in Server Config and Server IP Addresses.
Config a reverse proxy in Apache web server, which keeps the original reciever address and don’t pass the SSL certificates requests use those directives:
ProxyPreserveHost On ProxyPass /.well-known/acme-challenge ! ProxyPass /$PATH http://$LAN-IP:$PORT/$PATH ProxyPassReverse /$PATH http://$LAN-IP:$PORT/$PATH ProxyPass / http://$LAN-IP:$PORT/ ProxyPassReverse / http://$LAN-IP:$PORT/
Recover better- enable rescue option (Server Config tab).
Restore a website from a server backup- it is possible to export and import the website files & database backup and the relevant backup record from the ISPConfig database.
Enhance the email policy- edit the directives in
smtpd_helo_required = yes smtpd_helo_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_non_fqdn_helo_hostname, reject_invalid_helo_hostname smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_invalid_hostname, reject_non_fqdn_hostname, reject_unknown_recipient_domain, reject_non_fqdn_recipient, reject_unauth_destination, reject_non_fqdn_sender, reject_unknown_sender_domain, reject_unknown_recipient_domain, reject_rbl_client cbl.abuseat.org,reject_rbl_client dul.dnsbl.sorbs.net,reject_rbl_client ix.dnsbl.manitu.net, check_recipient_access mysql:/etc/postfix/mysql-virtual_recipient.cf, reject_unauth_destination smtpd_client_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unknown_client_hostname, check_client_access mysql:/etc/postfix/mysql-virtual_client.cf
Improve the successfull mail delivery rate from the server:
- set up for the domain names: SPF, DKIM, DMARC
- Make sure the server hostname appear at the A record, rDNS, server control panel, MTA (includes mailname), and content filter configuration values
Use PureFTP in passive mode (allows using behind firewall)- use the commands (and open the same ports at the firewall):
echo "30510 30610" > /etc/pure-ftpd/conf/PassivePortRange service pure-ftpd-mysql restart