How To Set Up ISPConfig-3 on an Ubuntu 18.04

ISPConfig is an open source web hosting control panel let's you configure the following services through its browser based interface:

Manage multiple servers from one control panel
Web server management (Apache2 and nginx)
Mail server management (with virtual mail users)
DNS server management (BIND and MyDNS)
Virtualization (OpenVZ)
Administrator, reseller and client login
Configuration mirroring and clusters
Open Source software (BSD license)

In this tutorial, we'll walk you through the steps to install and configure ispconfig 3.1 on an Ubuntu 18.04 server. You will need to replace some of the highlighted information while performing these steps to meet your environment needs.

Prerequisites
To follow this tutorial, you will need one Ubuntu 18.04 server installed either on a (Physical or Virtual) machine with a non-root user having sudo privileges.

Setting Timezone and Hostname

sudo timedatectl set-timezone Asia/Karachi
sudo hostnamectl set-hostname labserver.layloyar.com

Set Up Default Shell

sudo dpkg-reconfigure dash


Uninstall Apparmor

sudo service apparmor stop

sudo apt autoremove apparmor apparmor-utils

Output
Reading package lists... Done
Building dependency tree
Reading state information... Done
Package 'apparmor-utils' is not installed, so not removed
The following packages will be REMOVED:
  apparmor snapd
0 upgraded, 0 newly installed, 2 to remove and 87 not upgraded.
After this operation, 69.4 MB disk space will be freed.
Do you want to continue? [Y/n] y

(Reading database ... 66906 files and directories currently installed.)
Removing snapd (2.37.1.1+18.04) ...
Removing apparmor (2.12-4ubuntu5.1) ...
Processing triggers for mime-support (3.60ubuntu1) ...
Processing triggers for man-db (2.8.3-2ubuntu0.1) ...

Installing Postfix and Database
sudo apt -y install postfix postfix-mysql postfix-doc mariadb-client mariadb-server openssl getmail4 rkhunter binutils dovecot-imapd dovecot-pop3d dovecot-mysql dovecot-sieve dovecot-lmtpd

During installation postfix will present you following screen, choose Internet Site and press OK


Enter you FQDN on this screen and press OK


Edit master.cf file and add or replace the following contents:

sudo nano /etc/postfix/master.cf

Change this:

#submission inet n       -       y       -       -       smtpd
#  -o syslog_name=postfix/submission
#  -o smtpd_tls_security_level=encrypt
#  -o smtpd_sasl_auth_enable=yes
#  -o smtpd_tls_auth_only=yes
#  -o smtpd_reject_unlisted_recipient=no
#  -o smtpd_client_restrictions=$mua_client_restrictions
#  -o smtpd_helo_restrictions=$mua_helo_restrictions
#  -o smtpd_sender_restrictions=$mua_sender_restrictions
#  -o smtpd_recipient_restrictions=
#  -o smtpd_relay_restrictions=permit_sasl_authenticated,reject
#  -o milter_macro_daemon_name=ORIGINATING
#smtps     inet  n       -       y       -       -       smtpd
#  -o syslog_name=postfix/smtps
#  -o smtpd_tls_wrappermode=yes
#  -o smtpd_sasl_auth_enable=yes
#  -o smtpd_reject_unlisted_recipient=no
#  -o smtpd_client_restrictions=$mua_client_restrictions
#  -o smtpd_helo_restrictions=$mua_helo_restrictions
#  -o smtpd_sender_restrictions=$mua_sender_restrictions
#  -o smtpd_recipient_restrictions=
#  -o smtpd_relay_restrictions=permit_sasl_authenticated,reject
#  -o milter_macro_daemon_name=ORIGINATING

to this:

#submission inet n       -       y       -       -       smtpd
  -o syslog_name=postfix/submission
  -o smtpd_tls_security_level=encrypt
  -o smtpd_sasl_auth_enable=yes
  -o smtpd_client_restrictions=permit_sasl_authenticated,reject
#  -o smtpd_tls_auth_only=yes
#  -o smtpd_reject_unlisted_recipient=no
#  -o smtpd_client_restrictions=$mua_client_restrictions
#  -o smtpd_helo_restrictions=$mua_helo_restrictions
#  -o smtpd_sender_restrictions=$mua_sender_restrictions
#  -o smtpd_recipient_restrictions=
#  -o smtpd_relay_restrictions=permit_sasl_authenticated,reject
#  -o milter_macro_daemon_name=ORIGINATING
#smtps     inet  n       -       y       -       -       smtpd
  -o syslog_name=postfix/smtps
  -o smtpd_tls_wrappermode=yes
  -o smtpd_sasl_auth_enable=yes
  -o smtpd_client_restrictions=permit_sasl_authenticated,reject
#  -o smtpd_reject_unlisted_recipient=no
#  -o smtpd_client_restrictions=$mua_client_restrictions
#  -o smtpd_helo_restrictions=$mua_helo_restrictions
#  -o smtpd_sender_restrictions=$mua_sender_restrictions
#  -o smtpd_recipient_restrictions=
#  -o smtpd_relay_restrictions=permit_sasl_authenticated,reject
#  -o milter_macro_daemon_name=ORIGINATING


Save and close.

This will look smiliar to like below.


Now restart postfix service to take changes into effect 

sudo systemctl restart postfix

Output:
● postfix.service - Postfix Mail Transport Agent
   Loaded: loaded (/lib/systemd/system/postfix.service; enabled; vendor preset: enabled)
   Active: active (exited) since Mon 2019-04-29 10:11:55 PKT; 14s ago
  Process: 27934 ExecStart=/bin/true (code=exited, status=0/SUCCESS)
 Main PID: 27934 (code=exited, status=0/SUCCESS)

Apr 29 10:11:55 labserver systemd[1]: Starting Postfix Mail Transport Agent...
Apr 29 10:11:55 labserver systemd[1]: Started Postfix Mail Transport Agent.

Now edit 50-server.cnf file and replace the following

sudo nano /etc/mysql/mariadb.conf.d/50-server.cnf

Change this:

bind-address           = 127.0.0.1

to this:

#bind-address           = 127.0.0.1

Save and close.

This will look similiar to like below



Securing MySQL

sudo mysql_secure_installation

Output:
NOTE: RUNNING ALL PARTS OF THIS SCRIPT IS RECOMMENDED FOR ALL MariaDB
      SERVERS IN PRODUCTION USE!  PLEASE READ EACH STEP CAREFULLY!

In order to log into MariaDB to secure it, we'll need the current
password for the root user.  If you've just installed MariaDB, and
you haven't set the root password yet, the password will be blank,
so you should just press enter here.

Enter current password for root (enter for none):
OK, successfully used password, moving on...

Setting the root password ensures that nobody can log into the MariaDB
root user without the proper authorisation.

You already have a root password set, so you can safely answer 'n'.

Change the root password? [Y/n] y
New password:
Re-enter new password:
Password updated successfully!
Reloading privilege tables..
 ... Success!


By default, a MariaDB installation has an anonymous user, allowing anyone
to log into MariaDB without having to have a user account created for
them.  This is intended only for testing, and to make the installation
go a bit smoother.  You should remove them before moving into a
production environment.

Remove anonymous users? [Y/n] y
 ... Success!

Normally, root should only be allowed to connect from 'localhost'.  This
ensures that someone cannot guess at the root password from the network.

Disallow root login remotely? [Y/n] y
 ... Success!

By default, MariaDB comes with a database named 'test' that anyone can
access.  This is also intended only for testing, and should be removed
before moving into a production environment.

Remove test database and access to it? [Y/n] y
 - Dropping test database...
 ... Success!
 - Removing privileges on test database...
 ... Success!

Reloading the privilege tables will ensure that all changes made so far
will take effect immediately.

Reload privilege tables now? [Y/n] y
 ... Success!

Cleaning up...

All done!  If you've completed all of the above steps, your MariaDB
installation should now be secure.

Thanks for using MariaDB!

Login to mysql prompt and execute the following.

sudo mysql -u root -p

update mysql.user set plugin = 'mysql_native_password' where user='root';

Output:
Query OK, 1 row affected (0.00 sec)
Rows matched: 1  Changed: 1  Warnings: 0

exit


Edit debian.cnf file and update the following.

sudo nano /etc/mysql/debian.cnf

Change this:

# Automatically generated for Debian scripts. DO NOT TOUCH!
[client]
host     = localhost
user     = root
password =
socket   = /var/run/mysqld/mysqld.sock
[mysql_upgrade]
host     = localhost
user     = root
password =
socket   = /var/run/mysqld/mysqld.sock
basedir  = /usr

to this:

# Automatically generated for Debian scripts. DO NOT TOUCH!
[client]
host     = localhost
user     = root
password = TypePasswordHere
socket   = /var/run/mysqld/mysqld.sock
[mysql_upgrade]
host     = localhost
user     = root
password = TypePasswordHere
socket   = /var/run/mysqld/mysqld.sock
basedir  = /usr

Save and close.

This will look smiliar to like below.


Restart database service to take changes into effect.

sudo systemctl restart mysql

Installing SpamAssassin
sudo apt -y install amavisd-new spamassassin clamav clamav-daemon unzip bzip2 arj nomarch lzop cabextract apt-listchanges libnet-ldap-perl libauthen-sasl-perl clamav-docs daemon libio-string-perl libio-socket-ssl-perl libnet-ident-perl zip libnet-dns-perl postgrey

sudo freshclam

Ignore these errors

ERROR: /var/log/clamav/freshclam.log is locked by another process
ERROR: Problem with internal logger (UpdateLogFile = /var/log/clamav/freshclam.log).

sudo systemctl start clamav-daemon

sudo wget https://git.ispconfig.org/ispconfig/ispconfig3/raw/stable-3.1/helper_scripts/ubuntu-amavisd-new-2.11.patch --directory-prefix=/tmp

sudo cp -pf /usr/sbin/amavisd-new /usr/sbin/amavisd-new-orignal
sudo patch < /tmp/ubuntu-amavisd-new-2.11.patch

Output:
patching file amavisd-new
Hunk #2 succeeded at 34363 (offset 1 line).

Installing Metronome XMPP Server
sudo apt -y install git lua5.1 liblua5.1-0-dev lua-filesystem libidn11-dev libssl-dev lua-zlib lua-expat lua-event lua-bitop lua-socket lua-sec luarocks luarocks

sudo luarocks install lpc

Output:
Installing https://luarocks.org/lpc-1.0.0-2.src.rock
gcc -O2 -fPIC -I/usr/include/lua5.1 -c lpc.c -o lpc.o
gcc -shared -o lpc.so lpc.o
install -d /usr/local/lib/luarocks/rocks/lpc/1.0.0-2/lib
install lpc.so /usr/local/lib/luarocks/rocks/lpc/1.0.0-2/lib
lpc 1.0.0-2 is now installed in /usr/local (license: MIT/X11)

sudo adduser --no-create-home --disabled-login --gecos 'Metronome' metronome

Output:
Adding user `metronome' ...
Adding new group `metronome' (1001) ...
Adding new user `metronome' (1001) with group `metronome' ...
Not creating home directory `/home/metronome'.

sudo git clone https://github.com/maranda/metronome.git /opt/metronome

Output:
Cloning into '/opt/metronome'...
remote: Enumerating objects: 185, done.
remote: Counting objects: 100% (185/185), done.
remote: Compressing objects: 100% (132/132), done.
remote: Total 13177 (delta 96), reused 122 (delta 49), pack-reused 12992
Receiving objects: 100% (13177/13177), 4.08 MiB | 404.00 KiB/s, done.
Resolving deltas: 100% (7646/7646), done.

cd /opt/metronome

sudo ./configure --ostype=debian --prefix=/usr

Output:
Looking for Lua... lua5.1 found in $PATH: /usr/bin
Checking Lua includes... lua.h found in /usr/include/lua5.1/lua.h
Writing configuration...

Installation prefix: /usr
Metronome configuration directory: /etc/metronome
Using Lua from: /usr

Done. You can now run 'make' to build.

sudo make
sudo make install

Installing Apache, PHP, phpMyAdmin
sudo apt -y install apache2 apache2-doc apache2-utils libapache2-mod-php php7.2 php7.2-common php7.2-gd php7.2-mysql php7.2-imap phpmyadmin php7.2-cli php7.2-cgi libapache2-mod-fcgid apache2-suexec-pristine php-pear mcrypt  imagemagick libruby libapache2-mod-python php7.2-curl php7.2-intl php7.2-pspell php7.2-recode php7.2-sqlite3 php7.2-tidy php7.2-xmlrpc php7.2-xsl memcached php-memcache php-imagick php-gettext php7.2-zip php7.2-mbstring php-soap php7.2-soap

Select apache2 and press Ok


Press Yes


Type your desired password here and press Ok.


Type confirm password and press Ok.


sudo a2enmod suexec rewrite ssl actions include cgi

Output:
Enabling module suexec.
Enabling module rewrite.
Considering dependency setenvif for ssl:
Module setenvif already enabled
Considering dependency mime for ssl:
Module mime already enabled
Considering dependency socache_shmcb for ssl:
Enabling module socache_shmcb.
Enabling module ssl.
See /usr/share/doc/apache2/README.Debian.gz on how to configure SSL and create self-signed certificates.
Enabling module actions.
Considering dependency mime for include:
Module mime already enabled
Enabling module include.
Enabling module cgi.
To activate the new configuration, you need to run:
  systemctl restart apache2

sudo a2enmod dav_fs dav auth_digest headers

Output:
Considering dependency dav for dav_fs:
Enabling module dav.
Enabling module dav_fs.
Module dav already enabled
Considering dependency authn_core for auth_digest:
Module authn_core already enabled
Enabling module auth_digest.
Enabling module headers.
To activate the new configuration, you need to run:
  systemctl restart apache2

Keeping security into consideration we need to disable HTTP_PROXY header.

sudo nano /etc/apache2/conf-available/httpoxy.conf

<IfModule mod_headers.c>
    RequestHeader unset Proxy early
</IfModule>

Save adn close.


Enable the config file by running:

sudo a2enconf httpoxy

Output:
Enabling conf httpoxy.
To activate the new configuration, you need to run:
  systemctl reload apache2

Installing PHP Opcode cache
sudo apt -y install php7.2-opcache php-apcu

sudo systemctl restart apache2

Installing PHP-FPM
sudo apt -y install php7.2-fpm

sudo a2enmod actions proxy_fcgi alias

Output:
Module actions already enabled
Considering dependency proxy for proxy_fcgi:
Enabling module proxy.
Enabling module proxy_fcgi.
Module alias already enabled
To activate the new configuration, you need to run:
  systemctl restart apache2

Installing HHVM
sudo apt -y install hhvm

Installing Let's Encrypt
sudo apt -y install certbot

Installing Mailman

sudo apt -y install mailman

Select your desired language and press Ok.


Press Ok.


Type following command and respond to the following highlited

sudo newlist mailman

Enter the email of the person running the list: support@layloyar.com
Initial mailman password:TypePasswordHere
To finish creating your mailing list, you must edit your /etc/aliases (or
equivalent) file by adding the following lines, and possibly running the
`newaliases' program:

## mailman mailing list
mailman:              "|/var/lib/mailman/mail/mailman post mailman"
mailman-admin:        "|/var/lib/mailman/mail/mailman admin mailman"
mailman-bounces:      "|/var/lib/mailman/mail/mailman bounces mailman"
mailman-confirm:      "|/var/lib/mailman/mail/mailman confirm mailman"
mailman-join:         "|/var/lib/mailman/mail/mailman join mailman"
mailman-leave:        "|/var/lib/mailman/mail/mailman leave mailman"
mailman-owner:        "|/var/lib/mailman/mail/mailman owner mailman"
mailman-request:      "|/var/lib/mailman/mail/mailman request mailman"
mailman-subscribe:    "|/var/lib/mailman/mail/mailman subscribe mailman"
mailman-unsubscribe:  "|/var/lib/mailman/mail/mailman unsubscribe mailman"

Hit enter to notify mailman owner...

sudo nano /etc/aliases

Add the following contents into the file:

mailman:              "|/var/lib/mailman/mail/mailman post mailman"
mailman-admin:        "|/var/lib/mailman/mail/mailman admin mailman"
mailman-bounces:      "|/var/lib/mailman/mail/mailman bounces mailman"
mailman-confirm:      "|/var/lib/mailman/mail/mailman confirm mailman"
mailman-join:         "|/var/lib/mailman/mail/mailman join mailman"
mailman-leave:        "|/var/lib/mailman/mail/mailman leave mailman"
mailman-owner:        "|/var/lib/mailman/mail/mailman owner mailman"
mailman-request:      "|/var/lib/mailman/mail/mailman request mailman"
mailman-subscribe:    "|/var/lib/mailman/mail/mailman subscribe mailman"
mailman-unsubscribe:  "|/var/lib/mailman/mail/mailman unsubscribe mailman"

Save and close.



sudo newaliases

sudo systemctl restart postfix

sudo ln -s /etc/mailman/apache.conf /etc/apache2/conf-available/mailman.conf

sudo a2enconf mailman

Output:
Enabling conf mailman.
To activate the new configuration, you need to run:
  systemctl reload apache2

Restart Apache services to take changes into effect

sudo systemctl restart apache2

sudo systemctl start mailman

Installing PureFTPd

sudo apt -y install pure-ftpd-common pure-ftpd-mysql quota quotatool

sudo nano /etc/default/pure-ftpd-common

Change following from false to true:

VIRTUALCHROOT=true

Save and close.


Now generate an ssl certificate to secure PureFTPD communication

sudo openssl req -x509 -nodes -days 3650 -newkey rsa:2048 -keyout /etc/ssl/private/pure-ftpd.pem -out /etc/ssl/private/pure-ftpd.pem

Output:
Generating a 2048 bit RSA private key
..................................................................................................+++
......+++
writing new private key to '/etc/ssl/private/pure-ftpd.pem'
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [AU]:PK
State or Province Name (full name) [Some-State]:Sindh
Locality Name (eg, city) []:Karachi
Organization Name (eg, company) [Internet Widgits Pty Ltd]:Laying
Organizational Unit Name (eg, section) []:Services
Common Name (e.g. server FQDN or YOUR name) []:labserver.layloyar.com
Email Address []:support@layloyar.com

sudo chmod 600 /etc/ssl/private/pure-ftpd.pem

sudo systemctl restart pure-ftpd-mysql

Set Up PureFTPd Qouta

sudo nano /etc/fstab

apend the following line:

UUID=cf9de5a1-9a14-4ce4-bae6-1fa672a45f2b / ext4 errors=remount-ro,usrjquota=quota.user,grpjquota=quota.group,jq
fmt=vfsv0 0 1

Save and close.

sudo mount -o remount /

sudo quotacheck -avugm

Output:
quotacheck: Scanning /dev/sda2 [/] done
quotacheck: Cannot stat old user quota file //quota.user: No such file or directory. Usage will not be subtracted.
quotacheck: Cannot stat old group quota file //quota.group: No such file or directory. Usage will not be subtracted.
quotacheck: Cannot stat old user quota file //quota.user: No such file or directory. Usage will not be subtracted.
quotacheck: Cannot stat old group quota file //quota.group: No such file or directory. Usage will not be subtracted.
quotacheck: Checked 13608 directories and 95629 files
quotacheck: Old file not found.
quotacheck: Old file not found.

sudo quotaon -avug

Output:
/dev/sda2 [/]: group quotas turned on
/dev/sda2 [/]: user quotas turned on


Installing BIND DNS Server

sudo apt -y install bind9 dnsutils haveged

sudo systemctl enable haveged

Output:
Synchronizing state of haveged.service with SysV service script with /lib/systemd/systemd-sysv-install.
Executing: /lib/systemd/systemd-sysv-install enable haveged

sudo systemctl start haveged

Installing Vlogger, Webalizer, and AWStats

sudo apt -y install vlogger webalizer awstats geoip-database libclass-dbi-mysql-perl

sudo nano /etc/cron.d/awstats

Change this:

MAILTO=root

*/10 * * * * www-data [ -x /usr/share/awstats/tools/update.sh ] && /usr/share/awstats/tools/update.sh

# Generate static reports:
10 03 * * * www-data [ -x /usr/share/awstats/tools/buildstatic.sh ] && /usr/share/awstats/tools/buildstatic.sh

to this:

#MAILTO=root

#*/10 * * * * www-data [ -x /usr/share/awstats/tools/update.sh ] && /usr/share/awstats/tools/update.sh

# Generate static reports:
#10 03 * * * www-data [ -x /usr/share/awstats/tools/buildstatic.sh ] && /usr/share/awstats/tools/buildstatic.sh

Save and close.



Installing Jailkit

sudo apt -y install build-essential autoconf automake1.11 libtool flex bison debhelper binutils

wget http://olivier.sessink.nl/jailkit/jailkit-2.19.tar.gz --directory-prefix=/tmp

cd /tmp

sudo tar xvfz /tmp/jailkit-2.19.tar.gz

sudo echo 5 > /tmp/jailkit-2.19/debian/compat

cd /tmp/jailkit-2.19

sudo ./debian/rules binary

sudo dpkg -i /tmp/jailkit*.deb

Output:
Selecting previously unselected package jailkit.
(Reading database ... 99559 files and directories currently installed.)
Preparing to unpack /tmp/jailkit_2.19-1_amd64.deb ...
Unpacking jailkit (2.19-1) ...
Setting up jailkit (2.19-1) ...
Processing triggers for ureadahead (0.100.0-20) ...
Processing triggers for systemd (237-3ubuntu10.12) ...
Processing triggers for man-db (2.8.3-2ubuntu0.1) ...

Installing fail2ban

sudo apt -y install fail2ban

sudo nano /etc/fail2ban/fail.local

Add following contents into file:

[pure-ftpd]
enabled  = true
port     = ftp
filter   = pure-ftpd
logpath  = /var/log/syslog
maxretry = 3

[dovecot]
enabled = true
filter = dovecot
action = iptables-multiport[name=dovecot-pop3imap, port="pop3,pop3s,imap,imaps", protocol=tcp]
logpath = /var/log/mail.log
maxretry = 5

[postfix]
enabled  = true
port     = smtp
filter   = postfix
logpath  = /var/log/mail.log
maxretry = 3

Save and close.



Installing Roundcube Webmail

sudo apt -y install roundcube roundcube-core roundcube-mysql roundcube-plugins javascript-common libjs-jquery-mousewheel php-net-sieve tinymce

Press Yes.




Type confirm password and press Ok.


sudo nano /etc/apache2/conf-enabled/roundcube.conf

Change this:

# Those aliases do not work properly with several hosts on your apache server
# Uncomment them to use it or adapt them to your configuration
#    Alias /roundcube /var/lib/roundcube

<Directory /var/lib/roundcube/>
  Options +FollowSymLinks
  # This is needed to parse /var/lib/roundcube/.htaccess. See its
  # content before setting AllowOverride to None.
  AllowOverride All
  <IfVersion >= 2.3>
    Require all granted
  </IfVersion>
  <IfVersion < 2.3>
    Order allow,deny
    Allow from all
  </IfVersion>
</Directory>

# Protecting basic directories:
<Directory /var/lib/roundcube/config>
        Options -FollowSymLinks
        AllowOverride None
</Directory>

<Directory /var/lib/roundcube/temp>
        Options -FollowSymLinks
        AllowOverride None
        <IfVersion >= 2.3>
          Require all denied
        </IfVersion>
        <IfVersion < 2.3>
          Order allow,deny
          Deny from all
        </IfVersion>
</Directory>

<Directory /var/lib/roundcube/logs>
        Options -FollowSymLinks
        AllowOverride None
        <IfVersion >= 2.3>
          Require all denied
        </IfVersion>
        <IfVersion < 2.3>
          Order allow,deny
          Deny from all
        </IfVersion>
</Directory>

to this:

# Those aliases do not work properly with several hosts on your apache server
# Uncomment them to use it or adapt them to your configuration
    Alias /roundcube /var/lib/roundcube
    Alias /webmail /var/lib/roundcube

<Directory /var/lib/roundcube/>
  AddType application/x-httpd-php .php
  Options +FollowSymLinks
  # This is needed to parse /var/lib/roundcube/.htaccess. See its
  # content before setting AllowOverride to None.
  AllowOverride All
  <IfVersion >= 2.3>
    Require all granted
  </IfVersion>
  <IfVersion < 2.3>
    Order allow,deny
    Allow from all
  </IfVersion>
</Directory>

# Protecting basic directories:
<Directory /var/lib/roundcube/config>
        Options -FollowSymLinks
        AllowOverride None
</Directory>

<Directory /var/lib/roundcube/temp>
        Options -FollowSymLinks
        AllowOverride None
        <IfVersion >= 2.3>
          Require all denied
        </IfVersion>
        <IfVersion < 2.3>
          Order allow,deny
          Deny from all
        </IfVersion>
</Directory>

<Directory /var/lib/roundcube/logs>
        Options -FollowSymLinks
        AllowOverride None
        <IfVersion >= 2.3>
          Require all denied
        </IfVersion>
        <IfVersion < 2.3>
          Order allow,deny
          Deny from all
        </IfVersion>
</Directory>

Save and close.



Restart apache service to take changes into effect.

sudo systemctl restart apache2

sudo nano /etc/roundcube/config.inc.php

change this:

$config['default_host'] = '';

to this:

$config['default_host'] = 'localhost';

Save and close.

Installing ISPConfig 3.1

sudo git clone https://git.ispconfig.org/ispconfig/ispconfig3.git /opt/ispconfig3

Output:
Cloning into '/opt/ispconfig3'...
remote: Enumerating objects: 114299, done.
remote: Counting objects: 100% (114299/114299), done.
remote: Compressing objects: 100% (24666/24666), done.
remote: Total 114299 (delta 89363), reused 113481 (delta 88785)
Receiving objects: 100% (114299/114299), 28.88 MiB | 691.00 KiB/s, done.
Resolving deltas: 100% (89363/89363), done.


sudo php -q /opt/ispconfig3/install/install.php


--------------------------------------------------------------------------------

 _____ ___________   _____              __ _         ____
|_   _/  ___| ___ \ /  __ \            / _(_)       /__  \
  | | \ `--.| |_/ / | /  \/ ___  _ __ | |_ _  __ _    _/ /
  | |  `--. \  __/  | |    / _ \| '_ \|  _| |/ _` |  |_ |
 _| |_/\__/ / |     | \__/\ (_) | | | | | | | (_| | ___\ \
 \___/\____/\_|      \____/\___/|_| |_|_| |_|\__, | \____/
                                              __/ |
                                             |___/
--------------------------------------------------------------------------------


>> Initial configuration

Operating System: Ubuntu 18.04.2 LTS (Bionic Beaver)

    Following will be a few questions for primary configuration so be careful.
    Default values are in [brackets] and can be accepted with <ENTER>.
    Tap in "quit" (without the quotes) to stop the installer.


Select language (en,de) [en]:ENTER

Installation mode (standard,expert) [standard]:ENTER

Full qualified hostname (FQDN) of the server, eg server1.domain.tld  [labserver.layloyar.com]:ENTER

MySQL server hostname [localhost]:ENTER

MySQL server port [3306]:ENTER

MySQL root username [root]:ENTER

MySQL root password []: TypePasswordHere

MySQL database to create [dbispconfig]:ENTER

MySQL charset [utf8]:ENTER

Configuring Postgrey
Configuring Postfix
Generating a 4096 bit RSA private key
.......................++
............................................................................++
writing new private key to 'smtpd.key'
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [AU]:PK
State or Province Name (full name) [Some-State]:Sindh
Locality Name (eg, city) []:Karachi
Organization Name (eg, company) [Internet Widgits Pty Ltd]:Laying
Organizational Unit Name (eg, section) []:Services
Common Name (e.g. server FQDN or YOUR name) []:labserver.layloyar.com
Email Address []:support@layloyar.com

postconf: warning: unmatched request: "maildrop.unix"
Configuring Dovecot
Configuring Spamassassin
Configuring Amavisd
[INFO] service Rspamd not detected
Configuring Getmail
Configuring Jailkit
Configuring Pureftpd
Configuring BIND
Configuring Apache
Configuring vlogger
Configuring Ubuntu Firewall
Configuring Fail2ban
Configuring Apps vhost
Installing ISPConfig
ISPConfig Port [8080]:ENTER

Admin password [a2f2180d]: TypePasswordHere

Re-enter admin password []: TypePasswordHere

Do you want a secure (SSL) connection to the ISPConfig web interface (y,n) [y]:ENTER

Generating RSA private key, 4096 bit long modulus
..........++
................................++
e is 65537 (0x010001)
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [AU]:PK
State or Province Name (full name) [Some-State]:Sindh
Locality Name (eg, city) []:Karachi
Organization Name (eg, company) [Internet Widgits Pty Ltd]:Laying
Organizational Unit Name (eg, section) []:Services
Common Name (e.g. server FQDN or YOUR name) []:labserver.layloyar.com
Email Address []:support@techsupportpk.com

Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:ENTER
An optional company name []:ENTER
writing RSA key
Symlink ISPConfig LE SSL certs to postfix? (y,n) [y]:ENTER

Symlink ISPConfig LE SSL certs to pureftpd? Creating dhparam file takes some times. (y,n) [y]:ENTER

Generating DH parameters, 4096 bit long safe prime, generator 2
This is going to take a long time
............................................................................

Configuring DBServer
Installing ISPConfig crontab
no crontab for root
no crontab for getmail
Detect IP addresses
Restarting services ...
Testing 2 seconds throughput of /dev/random ... 1081519 bytes OK
Installation completed.

When you are finished with the above, you can access ISPConfig 3 web control panel by accessing https://labserver.layloyar.com:8080 or https://ip_address:8080 and you will be presented following login screen.

Since we are using self signed certificate therefore we have to ignore this warnning by clicking Advanced


Click proceed to (unsafe)


Enter usernmae admin and password you have created earlier


This is your ispcong dashboard.



Wrapping up
You have successfully deployed your first ispconfig 3 on your Ubuntu 18.04 server.