Skip to content

Deployment Overview of ISPConfig on Server

Prerequisites and Basic Requirements

The deployment requires a server running Ubuntu (specifically Ubuntu 22.04 "Jammy" is referenced in package downgrades) with root privileges. The system must have internet access to download packages and Docker images.

  • Operating System: Ubuntu Linux.

  • Privileges: Root access is required for installation, configuration, and service management.

  • Domain: A valid Fully Qualified Domain Name (FQDN) is required. The system configures the hostname to match the FQDN.

  • Ports: The following TCP ports must be open and accessible:

    • 22: SSH

    • 80: HTTP (used for Let's Encrypt validation)

    • 443: HTTPS (external access to the panel)

    • 8080: Internal ISPConfig interface port

FQDN of the Final Panel

The ISPConfig panel is accessible via the following FQDN format, where <Server ID> is replaced by the actual server identifier:

ispconfig<Server ID>.hostkey.in:443

The internal hostname is set to ispconfig<Server ID>.hostkey.in. The /etc/hosts file is updated to map the server's default IPv4 address to this FQDN.

File and Directory Structure

The application and its components are installed in specific directories as follows:

  • ISPConfig Interface: /usr/local/ispconfig/interface/

  • ISPConfig Configuration: /usr/local/ispconfig/interface/lib/config.inc.php

  • ISPConfig Temporary Files: /usr/local/ispconfig/interface/temp/

  • PHPIDS Temporary Files: /usr/local/ispconfig/interface/lib/classes/IDS/tmp/

  • Nginx Proxy Configuration: /data/nginx/user_conf.d/

  • Docker Compose File: /root/nginx/compose.yml

  • Nginx Secrets Volume: Mounted from an external volume named nginx_secrets to /etc/letsencrypt inside the container.

Application Installation Process

ISPConfig is installed using the official autoinstaller script (ispconfig.ai.php). The process involves the following steps:

  1. Prerequisites Installation: Essential packages such as wget, curl, nginx, bind9, php-cli, and php-mbstring are installed via APT.

  2. Docker Setup: Docker is installed, and the corporate MariaDB image (docker-srv.hostkey.com/docker-anonymous/bitnami/mariadb:latest) is pulled.

  3. ISPConfig Download: The latest ISPConfig autoinstaller archive is downloaded from https://www.ispconfig.org/downloads/ispconfig-ai.tar.gz to /tmp/ispconfig-ai/.

  4. Autoinstaller Execution: The PHP autoinstaller is executed with the following flags:

    • --use-nginx: Configures Nginx as the web server.

    • --no-roundcube: Disables Roundcube webmail installation.

    • --no-mail: Disables mail server configuration.

    • --no-dns: Disables DNS server configuration.

    • --no-ftp: Disables FTP server configuration.

    • --unattended-upgrades: Enables automatic security updates.

    • --i-know-what-i-am-doing: Suppresses confirmation prompts.

  5. Post-Installation Configuration:

    • The Nginx vhost for ISPConfig is configured to listen on port 8080 without SSL.

    • Default Nginx sites (default and 999-acme.vhost) are removed.

    • The Nginx configuration is reloaded.

Access Rights and Security

Security is enforced through UFW (Uncomplicated Firewall) and file permissions.

  • Firewall: UFW is enabled and configured to allow traffic on ports 22, 80, 443, and 8080 (TCP). All other incoming connections are denied by default.

  • SSH Access: Port 22 is explicitly allowed before enabling UFW to prevent lockout.

  • Container Management: Any existing Docker containers binding to ports 80 or 443 are stopped and disabled from restarting to prevent conflicts with the Nginx proxy.

Databases

ISPConfig uses MariaDB as its database backend.

  • Database Name: dbispconfig

  • Database User: ispconfig

  • Database Password: admin123

  • Root Password: admin123

  • Connection: The database is accessed via localhost on port 3306.

  • Image: The database runs in a Docker container using the image docker-srv.hostkey.com/docker-anonymous/bitnami/mariadb:latest.

Docker Containers and Their Deployment

The deployment utilizes Docker for the Nginx reverse proxy and SSL management.

  • Compose File Location: /root/nginx/compose.yml

  • Service: nginx

  • Image: jonasal/nginx-certbot:latest

  • Network Mode: host

  • Volumes:

    • nginx_secrets (external volume) mounted to /etc/letsencrypt.

    • /data/nginx/user_conf.d mounted to /etc/nginx/user_conf.d.

  • Environment:

  • Deployment Command: The container is started using docker compose up -d in the /root/nginx directory.

Proxy Servers

Nginx acts as a reverse proxy for the ISPConfig panel.

  • Internal Service: ISPConfig runs internally on port 8080 via HTTP.

  • External Access: The Nginx proxy listens on port 443 (HTTPS) and forwards requests to http://127.0.0.1:8080.

  • Configuration File: /data/nginx/user_conf.d/ispconfig<Server ID>.hostkey.in.conf

  • Proxy Pass Directive: The location block / contains proxy_pass http://127.0.0.1:8080;.

  • SSL: SSL termination is handled by the jonasal/nginx-certbot container, which manages Let's Encrypt certificates.

Permission Settings

File and directory permissions are strictly defined to ensure security and functionality.

Path Owner Group Mode Description
/usr/local/ispconfig root root 0755 ISPConfig base directory
/usr/local/ispconfig/interface root root 0755 Interface directory
/usr/local/ispconfig/interface/lib root root 0755 Library directory
/usr/local/ispconfig/interface/lib/config.inc.php root www-data 0640 Main configuration file
/usr/local/ispconfig/interface/temp www-data www-data 0770 Temporary files directory
/usr/local/ispconfig/interface/lib/classes/IDS/tmp www-data www-data 0770 PHPIDS temporary directory
/root/nginx root root 0644 Nginx compose directory
/root/nginx/compose.yml root root 0644 Docker Compose file

Location of Configuration Files and Data

  • ISPConfig Main Config: /usr/local/ispconfig/interface/lib/config.inc.php

  • Nginx ISPConfig Vhost: /etc/nginx/sites-available/ispconfig.vhost (symlinked to /etc/nginx/sites-enabled/000-ispconfig.vhost)

  • Nginx Proxy Config: /data/nginx/user_conf.d/ispconfig<Server ID>.hostkey.in.conf

  • Docker Compose: /root/nginx/compose.yml

  • Installation Log: /root/ispconfig-ai-run.log

Available Ports for Connection

The following ports are open and configured for use:

  • 22 (TCP): SSH access.

  • 80 (TCP): HTTP access, used for Let's Encrypt certificate validation.

  • 443 (TCP): HTTPS access to the ISPConfig panel via the Nginx proxy.

  • 8080 (TCP): Internal ISPConfig web interface port (not directly exposed to external users, proxied via 443).

Starting, Stopping, and Updating

Service management is handled via systemd for system services and Docker Compose for containers.

  • Nginx Service:

    • Reload configuration: systemctl reload nginx

    • Restart service: systemctl restart nginx

  • Docker Containers:

    • Start/Update containers: docker compose up -d (executed in /root/nginx)

    • Stop containers: docker compose down (executed in /root/nginx)

  • ISPConfig Updates:

    • ISPConfig can be updated by re-running the autoinstaller script located in /tmp/ispconfig-ai/ or by downloading the latest version and executing php -q /tmp/ispconfig-ai/ispconfig.ai.php with appropriate flags. The system is configured to allow unattended upgrades for system packages.
question_mark
Is there anything I can help you with?
question_mark
AI Assistant ×