Ispmanager¶
In this article
- Ispmanager. Key Features
- Ispmanager version
- Deployment Features
- Installation process
- First steps after deploying ispmanager
- Presets
- Create a new user
- Adding a Site to the Server
- CMS Installation and Database Setup
- Connection corporate mail
- Obtain a single (wildcard) certificate for domain, subdomains and email
- Fix for invalid certificate when accessing an address from the webpanel tag
- License Activation
- Ordering ispmanager using the API
Information
Ispmanager is a web hosting control panel designed to simplify work with hosting and virtual servers. It provides access to various functions of administration such as creating and configuring web servers, FTP accounts, databases, email, and managing DNS records and SSL certificates. Ispmanager has a user-friendly interface that allows administrators to manage their servers without having to use the command line quickly and easily. In addition, the service has the ability to scale, supporting work on a large number of servers. Ispmanager is one of the most popular hosting and virtual server management solutions.
Ispmanager. Key Features¶
- Domain management: It allows you to create and delete domains, and change their settings, such as DNS records, redirects, MIME types, and others. You can also view information about available domains, subdomains, and SSL certificates.
- FTP Account management: It allows you to create and delete FTP accounts, assign restrictions on the use of server resources, define access rights to files and directories, and also change passwords.
- Database management: It supports multiple database types such as MySQL, PostgreSQL, SQLite, and more. You can create and delete databases, users, and privileges, as well as backup and restore databases.
- Web server management: It allows you to configure Apache or Nginx web server settings, add and remove virtual hosts, configure PHP settings, and other customizations.
- Mailbox management: Ability to create mailboxes, configure SMTP and POP3 server`s settings, spam filters, autoresponders, and other email-related features.
Ispmanager version¶
- Lite: Suitable for personal or small projects. It includes unlimited accounts and support for up to 10 sites.
- Pro: A good solution for freelancers, web studios and internal marketing teams. It provides unlimited accounts, support for up to 50 sites and Docker integration.
- Host: Ideal for web studios and traffic managers. It allows support for an unlimited number of sites, provided by Docker.
Deployment Features¶
- Installation on:
- AlmaLinux 8;
- Rocky Linux 8;
- Debian 11;
- Ubuntu 20.04, 22.04;
Installation process¶
- Installation is performed by panel developer script.
- Depending on the distribution (as recommended by the developer), Apparmor or Selinux will be disabled and the server rebooted.
- Script is downloaded to the
root
folder viawget
. -
The previously downloaded script is then executed with the selected application parameters, depending on the distribution and its major release.
-
Installation parameters:
- release stable - indicates that the latest stable version of ispmanager will be installed. If a newer version is available, it will be installed.
- ignore-hostname - if this parameter is used, the hostname check will be skipped during the installation. Normally during installation ispmanager checks if the hostname matches the domain name of the server.
- silent - this parameter causes the installation to proceed automatically without prompting the user for any additional information. All required data must be specified on the command line or in the configuration file.
- no-letsencrypt - indicates to skip the generation of Let's Encrypt SSL certificates during installation.
- stable - indicates to install the stable version of ispmanager. The alternative option may be beta, which installs a beta version containing new features and bug fixes, but may be less stable.
- ispmanager lite/pro/host - indicates the license type for ispmanager. The value corresponds to the license type: Lite, Pro or Host.
- Web server lighttpd - this parameter specifies the web server to be used with ispmanager. In this case it is the Lighttpd server.
- After installation, the Ansible task checks the HTTP response with code 200 against the server URL and terminates if successful.
- To access the web interface, follow this link:
https://isp{Server_ID_from_Invapi}.hostkey.in:1500/ispmgr
. The web interface will be accessible via both the link and the IP address.
First steps after deploying ispmanager¶
After payment of the order, a notification that the server is ready for work will be sent to the e-mail specified during registration. It will contain the IP address of the VPS, as well as login and password for connection. Clients of our company manage the equipment in the server control panel and API - in the server control panel Invapi.
The authorization data is also located here:
- Link to access the ispmanager dashboard with a web interface: in tag webpanel;
- Login:
root
; - Root: in a letter to your e-mail upon receipt of the server.
Presets¶
Before working with the site it is necessary to install software useful for work. You can do it by going to Settings >> Software Configuration, selecting the necessary items and clicking the Install button.
The very first thing to install
- Web server (WWW) - selection of a web server that will host users' sites. Possible options - Apache, Nginx, LiteSpeed. Required to configure performance, caching and security settings.
Note
You can change the configuration of the software you are installing. To do so, click the Change button or double-click the software name.
Once the web server software is installed (the light bulb in the Status column turns green), the rest of the software can be installed:
-
Mail Server (SMTP/POP3/IMAP) - configure mail server operation for sending and receiving email by users. Possible options - Exim (default), or Dovecot. It is used to configure anti-spam filters, backup. It is recommended to change the software composition and enable the following options at once:
- Graylisting
- OpenDKIM
- SpamAssasin
- ClamAV
- Sieve
- Roundcube
-
Name Server (DNS) - built-in or external DNS server for resolving site domain names. It is used for domain binding and record configuration.
- FTP Server - FTP daemon that allows users to access site files via the FTP protocol. Variants - ProFTPD, vsFTPD. Required for setting access rights and limits.
- MySQL Server - server for running web applications that use MySQL. Used to configure users, privileges, replication, backup.
- MySQL Web Interface (phpMyAdmin) - graphical interface for MySQL database administration.
- Disk quotas - disk space limits for users, websites, mailboxes.
You can also install:
- Fail2ban is an easy-to-use local service that monitors log files of running programs and, based on various conditions, blocks the found intruders by IP. The program can fight against various attacks on all popular services such as Apache, Nginx, ProFTPD, vsftpd, Exim, Postfix, named, SSH, etc.
- Ansible (web-script installation) - used to automate software configuration and deployment.
- PostgreSQL DBMS Server - similar to MySQL, but for PostgreSQL applications.
- PostgreSQL Web Interface (phpPgAdmin) - GUI for PostgreSQL administration.
- Node.js - framework for running web applications that are written on top of it and require it to run.
- Python - language interpreter. The default versions are 3.8 to 3.11 and you can change the software composition by clicking the
Changebutton. - Docker - interface for installing and configuring software in Docker containers.
- WireGuard - interface for VPN setup
Create a new user¶
If you need only one user with maximum rights in the hosting control panel, you don't need to create this user separately. It is enough to start a website or any other resource on the hosting - and the www-root user with unlimited rights to the file system and database will be created automatically.
Similarly, it is not necessary to create an administrator account in advance if only one user with full access is needed. Just by starting to deploy a website or application on the hosting, you will automatically get a www-root user with maximum privileges. Using a single user simplifies administration - access rights are configured once when that user is created. In addition, all sites, databases, and files are available to this user without restrictions.
However, there are drawbacks to this approach. For example, deleting this single user will delete their home directory, resulting in the loss of all hosted sites and data. There is also no separation of access rights between users.
Note
The choice between single and multiple users depends on the needs of a particular project, and one must consider both the convenience and the risks of each approach.
It is also worth mentioning that it is possible to use templates to grant permissions to multiple users, but if you have a relatively large project or team, you will need to create templates.
To create a new user, you must
-
Go to the Users section of the Control Panel and click
Create userbutton: -
Enter the login and password for the new user:
-
Select the checkboxes for the required permissions. You must give the user the right to use SSL and PHP + FastCGI if you are using Nginx:
-
Set quotas for users if you need to limit their disk space, number of databases, sites, and email addresses.
-
Specify (if necessary) the domain encoding, PHP handler type, PHP version (PHP FPM), and index page.
-
Press the
Nextbutton. -
Fill in the details to automatically create an FTP account, website, and email domain (optional, this can all be done later).
-
Press the
Finishbutton.
The new user will appear in the list under Users. You can authorize on behalf of the created user by selecting it and clicking Log in as user:
Adding a Site to the Server¶
Attention
Before adding a site, we recommend that you specify DNS A records for the domain you are adding:
Field | Value |
---|---|
Name | @ |
Data | <Server IP> |
and
Field | Value |
---|---|
Name | www |
Data | <Server IP> |
This can be done either at your domain name registrar or by using HOSTKEY DNS Server.
Without this, your site won't be accessible by domain name and you'll get an error when obtaining a Let's Encrypt SSL Certificate.
Keep in mind that changing DNS servers can take up to 24 hours to update, and adding resource records can take up to two hours.
Attention
If you added a site or domain when you created a user, all changes and additions to the site, subdomains, or mail should be done by switching to that user.
We do not recommend adding sites from root!
To create a new website, follow the steps below:
-
Select the Sites or Web Server tab, depending on the version of ispmanager.
-
Fill in the information about the site. The main thing is to specify the domain name, the site directory will be created automatically:
-
At the same time, the necessary settings for the web server are made: PHP version and mode, CMS selection and other parameters according to the requirements of your project.
-
Click the
Createbutton. -
Next, the user will be prompted to issue an SSL certificate for the site. If the certificate is not required, it is better to click the
Cancelbutton. If you click theicon, the certificate will be issued. When issuing a Let's Encrypt certificate, you will most likely get an error until DNS is configured for the site and all records are spelled out. Once the domain record is available, the SSL certificate will either be issued or you can do it manually. -
Configure the DNS records for the domain to point to the IP address of the server (Domain name (DNS) >> Domain Name >> Change). By default, the IP of your server is specified, but you can change it.
-
Specify NS servers for the domain by selecting Domain name (DNS) >> domain name >> Manage DNS Records.
Attention
The ns server name should end with a period, e.g.
ns1.hostkey.com.
. -
If the SSL certificate has not yet been obtained (or an error has occurred in obtaining it), you must issue it. Detailed step-by-step instructions for setting up and installing SSL certificates can be found in the developers official documentation.
-
After the DNS records are set up and the domain is assigned to the server, the site should be accessible at the specified domain name.
Note
If the Nginx page opens instead of the default page of your website, you need to change the configuration of the web server software. To do this, select it in Settings >> Software Configuration and click on Edit button.
- If you want to use Nginx (which is enabled by default), you can try disabling Apache by checking the don't use checkbox and checking the PHP FPM FastCGI checkbox.
- If you don't want to use Nginx, uncheck the box next to its name and enable Apache-MPM-ITK.
CMS Installation and Database Setup¶
If a CMS was not selected when the site was created, it can be added later. To do so, select the desired one in the Sites menu and click CMS button:
You will be taken to the CMS selection page:
After selecting the CMS, all you need to do is click on the Quick Install button. Then, read the license agreement and accept it:
After installing the CMS, you need to specify the user who will manage it, as well as set the login and password of the administrator and specify the e-mail address:
Click on the Finish button:
Connection corporate mail¶
Opening SMTP ports for organizing corporate mail service¶
For security reasons, outgoing TCP ports (25,24,2525, 387, 465, and 587) and UDP port (5060) are blocked by default on all VPS servers. This is to prevent the sending of spam.
To remove the block, follow the steps below:
-
Spell out the domain zone.The A record of the domain must necessarily refer to the IP address of your server in HOSTKEY.
-
Send a request to technical support stating that you need to open outgoing SMTP ports for sending mail and the address of the domain from which (or a subdomain of which) it is being sent.
Attention
We reserve the right to ask you additional questions about the domain name and your options for using it.
-
After analyzing the domain name we will make a decision about opening ports for SMTP operation and inform you.
Creating a mail domain and mailboxes¶
Attention
Before adding mail, we recommend that you specify DNS records for the mail domain data, which you can view under Domain name (DNS) >> domain name >> Manage DNS Records. You will need to specify (if they do not exist)
-
A-record:
Field Value Name mail Data <Server IP> for outgoing mail
Field Value Name smtp Data <Server IP> for incoming mail
Field Value Name pop Data <Server IP> -
MX-record
Field Value Name @ ot empty Priority 10 or 20 TTL 3600 Data the name of the mail domain specified earlier in the A record, usually mail.{your domain}
(e.g.mail.example.com
) -
TXT (SPF) record
Field Value name the name of the mail domain specified earlier in the A record, usually mail
TTL 3600 Data v=spf1 ip4: a mx ~all
This can be done either on the domain name registrar side or by using the HOSTKEY DNS Server.
Keep in mind that adding resource records can take anywhere from 15 minutes to two hours.
Attention
If you added a domain, site or email when you created a user, or on behalf of a user, then all changes and additions of subdomains or email should be done by switching to that user.
We do not recommend adding mail from root!
Before setting up the e-mail server, you need to create a mail domain. This is done in the Mail section - just click on the Mail Domains button and then Create mail domain:
Then set the desired domain name, specify the owner and server IP address. Here you can also configure actions regarding e-mails to non-existent mailboxes - either send an error notification or delete such e-mails:
You should also enable the following components for your email domain, without which most email services will not accept mail from your addresses, and spam and viruses will get to you:
- Activation of Graylisting
- SpamAssists activation
- Enable virus scanning
- Enable DKIM for domain
- Enable DMARK for domain
DKIM and DMARC technologies can increase email trust and deliverability, protect a domain from phishing and spoofing, and protect the sender's reputation. These technologies add a digital signature to emails and verify that they were actually sent from a specific domain, confirming the authenticity of the sender.
Attention
In order for DKIM and DMARK to work correctly, it is necessary to write the appropriate DNS records for your domain. These can be either generic TXT records or individual DKIM/DMARK parameters, the value of which can be found in Domain name (DNS) >> Domain Name >> Manage DNS Records.
-
TXT (DKIM) record
Field Value name dkim._domainkey or empty TTL 3600 Data v=DKIM1; p=[Public key] -
TXT (DMARK)
Field Value name _dmarc TTL 3600 Data v=DMARC1; p=none; aspf=r; sp=none
Attention
If the DKIM and DMARK options are not available, you must switch to the root
user and install the OpenDKIM module via Settings >> Software Configuration >> Mail Server (SMTP/POP3/IMAP) and click on the Install button.
We also recommend that you issue an SSL certificate for email. To do this, tick the Secure SSL connection checkbox and set the following parameters:
- Alias for the certificate:
mail.<you domain\>
- SSL certificate:
New Let's Encrypt certificate
- E-mail: your admin e-mail address.
After filling out each section, you should click on the Create button. Now you can start creating a mailbox.
In the Mail section you should press Create a mailbox. Then you need to set the name of the box; you can add aliases or alternative addresses for this box:
Useful options include forwarding copies of e-mails to another address and limiting the maximum mailbox size. These actions will help to avoid overloading your disk with mail data.
Note
ISPmanager also allows you to import existing corporate mail. To learn how to do this, please refer to the developer's documentation.
We recommend that you enable spam protection immediately by ticking the following options:
- Greylisting. When this service receives a message from an unknown sender, it does not accept it immediately, but returns a temporary denial of service (error code 4xx). A legitimate mail server will retry delivery after some time (usually 5-10 minutes) when it receives such an error. Spam servers usually do not retry to send messages when errors occur so as not to waste resources. This is how spam is weeded out.
- Spamassists. It is an effective spam filtering tool based on the interaction of key components - an evaluation service, a transport agent and a database of email templates.
Attention
If these options are not available, they must be enabled in the mail domain settings by clicking Mail Domains >> Edit for a dedicated mail address.
Attention
You will also need to set the rDNS PTR record for your mail domain. To do this, open the appropriate server settings item in the Invapi control panel as described here and set the DNS PTR record(s), one per line: value mail.<your domain\>
. Save by clicking the Update PTR button.
Setting up a mailbox¶
After creating mailboxes, you can set up access to them via mail clients on your devices. All you need to connect is in the control panel in the Mail section. It is enough to select the required domain, click Edit and get the parameters from the Settings for mail clients section.
Web-based mail interface¶
To work with mail, you can use Roundcube's web interface, which is already built into the Panel (if Mail Server (SMTP/POP3/IMAP) was selected during software configuration). It can be accessed via the link https://<IP address>/roundcube
or https://<your domain>/roundcube
or via the button Mail client in the Mail section.
Note
If for some reason the interface is not available, it can be set manually. In the Software Configuration section, you should select Mail Server, press Edit and tick Roundcube.
Obtain a single (wildcard) certificate for domain, subdomains and email¶
You can purchase a single certificate for your domain and use it when adding subdomains and email. To do this, when you select a Let's Encrypt certificate, you'll need to tick the Enable SSL certificate checkbox as well as the Wildcard certificate checkbox. Next, enter the domain username, the domain name itself, the name of the certificate (we recommend making it {domain}_wildcard
), the domain name ({domain} www.{domain}
). Leave the key length at 2048.
You will then be asked to add the TXT validation record to the DNS record (at your host or in the HOSTKEY server settings, depending on which DNS servers are required for the domain). Once you have done this, wait 15 minutes to 2 hours for the certificate to be issued.
- TXT
Field | Value |
---|---|
name | _acme-challenge |
TTL | 3600 |
Data | <validation key> |
Note
Once you have closed the key popup, you can find information about the check record by clicking on in the top right-hand corner, or by searching for the record at Domain name (DNS) >> Domain Name >> Manage DNS Records.
Once the certificate has been successfully created in the SSL Certificates section, it will be set to the Existing
type. You will also need to specify this certificate when creating mail or subdomains. To do this, click Cancel when the SSL Certificate Issue window appears. Then, after selecting a domain in the Sites section, click Edit >> Edit and select your wildcard certificate in the SSL Certificate field.
For mail, the certificate is connected for the mail domain (Mail >> Mail address >> Mail domains >> domain name >> Edit) in the SSL Certificate field.
Note
An issued self-signed unused certificate for your subdomain (usually {subdomain}{domain}_le{N}
) can be removed under SSL Certificates.
Fix for invalid certificate when accessing an address from the webpanel tag¶
When you add a site and bind a domain with a Let's Encrypt SSL certificate (or bind your own certificate) to the same IP address as the control panel address, such as https://isp{Server_ID_from_Invapi}.hostkey.in
, the browser may display a No Certificate
error. To solve this problem, you need to add your domain to the Panel settings. To do this:
- In Settings >> System Settings, change the server name to
<your domain name>
. - In Settings >> Panel Settings >> SSL Certificates, click the
Addbutton. - In the window that opens, select
- The type of certificate (select Let's Encrypt or enter your own);
- The domain name of the certificate (enter the name of your domain/site);
- Click the
Createbutton.
Note
If you are using your own certificate, first copy and paste the data from the SSL Certificate, SSL Certificate Key, SSL Certificate Chain fields into the appropriate fields. These can be found by selecting SSL Certificate >> >> Wildcard Domain Certificate >> Certificate data.
The Panel will then be available at both the address from the webpanel tag and the address <your domain>:1500/ispmrg
. Launching the mail client and database management clients will also work correctly.
Note
You can still access the panel at https://isp{Server_ID_from_Invapi}.hostkey.in:1500/ispmrg
.
License Activation¶
To activate the paid version, you need to go to the account management menu >> section Licenses:
Press the button Order a new service:
Specify the period:
Specify the name and IP address for the license:
Pay for the order. After payment is received, the license will be activated automatically.
To activate an existing license, go to the account management menu >> Licenses >> Use a certificate:
Enter the certificate code:
Ordering ispmanager using the API¶
To install this software using the API, follow these instructions.