HOWTO_Confixx3

What is Confixx 3.0?

Confixx is a frontend for maintainers of mass-hosting solutions. It manages apache vhosts, postfix virtual hosts, ftp-accounts, mysql databases and lots more. Confixx is NOT open source – you need a valid licence to use it. Many web-hosters offer a Confixx licence with their root-servers. In my opinion Confixx is a good solution for you if you already have a running system, because Confixx will not replace your config files. It just inserts an „include line“ or modifies the important lines itself. Here on our server the running postfix / spamassassin / courier-imap setup just works like nothing happened after installing Confixx!

Confixx exists in two versions – one using postgresql and one using mysql for management. This guide uses the mysql version.

Base setup

This howto has been created with gentoo 2005.0 and Confixx 3.0.8

ACCEPT_KEYWORDS=“~x86“

Whats so special with Confixx on a gentoo box? Confixx tries to install many perl modules. Portage won't recognize them when installed through Confixx. There are a few other things I will mention when relevant. Also its shabby that there are no howtos for installing Confixx on gentoo ;)

Lets start!

First, we need to install some prerequisites. Modify your make.conf to include these USE-flags:

 USE=“apache2 mysql vhosts“
 

Then install the base hosting software:

emerge -C ssmtp; emerge apache mysql mod_php postfix proftpd quota courier-imap unzip webapp-config

After emerging the software we need to put it into the default runlevel:

rc-update add apache2 default; rc-update add mysql default; rc-update add postfix default; rc-update add proftpd default; rc-update add courier-pop3d default;

We will start them later. No we need to configure the services.

Apache2

If you are a maintainer of a mass-hosting solution you might already know how to configure apache. Here we'll only describe the nessessary steps to make the software work. First of all you should set your hostname.

 127.0.0.1       localhost
 192.193.194.195  myhost.domain.org myhost
 

Now edit /etc/conf.d/apache2 to enable php and ssl support:

 APACHE2_OPTS=“-D SSL -D PHP4“ (remove the #)
 

Start apache with

/etc/init.d/apache2 start

If you've already used apache on your system with vhosts you have to remove your current vhost configs as Confixx will replace them.

mysql

To run mysql you need to initialize the base databases and root's password:

ebuild /var/db/pkg/dev-db/mysql-4.0.xx/mysql-4.0.xx.ebuild config

Start mysql and create root passwords:

/etc/init.d/mysql start

PHP4

PHP works out of the box but we need to enable safe mode for security reasons. Edit /etc/apache2/conf/php.ini or /etc/apache2/php.ini and enable php's safe mode:

 safe_mode = On
 

Restart apache:

/etc/init.d/apache2 restart

ProFTPd

Copy the example config and start the service:

cp /etc/proftpd/proftpd.conf.distrib /etc/proftpd/proftpd.conf; /etc/init.d/proftpd start

Quota

IMPORTANT: Don't use quota with reiserfs! We discovered several hard lockups with reiserfs and quota. You may want to use ext3 although it might be slower.

For Confixx we only need user-quota. You need to do the following steps for every partition you want to use quota on. Here I've only one partition (on a production system its wise to put your webpages on a seperate partition!)

touch /aquota.user; chmod 600 /aquota.user

Edit fstab and enable user-quota for your partitions:

 ...
 /dev/sda2	/	ext3		rw,usrquota	1 0
 ...
 

Add the following two lines to /etc/services:

 rquotad	4003/tcp	#quota
 rquotad	4003/udp	#quota
 

Remount your partitions to enable quota.

Start the quota service

/etc/init.d/quota start

To show your current quota setting type

repquota -a

Postfix

Hmm.. start it ;) Spamassassin will be covered in this guide soon.

/etc/init.d/postfix start

Confixx

Before installing Confixx we need to install some perl-modules:

emerge DBD-mysql; emerge Test-Harness; emerge XML-DOM; emerge XML-Parser; emerge Curses-UI; emerge IO-Socket-SSL; emerge IO-Tty; emerge Net-SSLeay; emerge Proc-ProcessTable; emerge TermReadKey; emerge Unicode-Map8;

Download Confixx from http://www.sw-soft.com/en/products/confixx/ . Don't forget to download the mysql version. Unpack it and enter the confixx-install dir. Now we configure it with

./configure.pl

• select your language and install the base system
• accept the licence
• choose mysql

The next step shows the missing perl modules. Test-Harness IS installed so you should deselect it. The only module you need to install is Test-More as it doesn't exist in portage.

• database server is localhost
• choose root
• enter your mysql password (see above) and check settings
• leave „confixx“ as db and username
• enter your complete domainname if its not auto detected
• a good install path can be /usr/local/confixx
• set /var/www as homedir

It is possible to set another homedir here but you have to change your apache2 ebuild file to match suexec's docroot to the new directory which makes maintaining your gentoo setup a bit uncomfortable. If you decide to use another path, edit apache2 ebuild and webapp-config config file; see tips section.

• leave ftpgroup name and prefix
• choose apache2.0
• set /etc/apache2/conf/apache2.conf as config file
• your start script is /etc/init.d/apache2
• set /var/log/apache2/confixx as logdir
• enter your default domain
• you only can offer SSL if you own more than one real ip adress – in most cases select NO
• currently, webalizer is not supported by this guide, say no
• say yes to zip
• damn, say NO to FrontPage ;)
• DNS and IDN is not covered here, say no
• enter the domain you want to access confixx with
• enter your ip
• you can use „confixx“ as the first user and the groupname
• set /var/www/confixx as homedir
• I suggest not to use the default admin name.. enter another name
• enter password – caution: its not covered
• we don't want to support scp
• yes, mailserver is on this mashine
• select postfix
• set /etc/postfix/main.cf
• alias file is /etc/mail/aliases
• take defaults for virtual users, local domains, UID, GID, POP3 group
• say no to majordomo
• select ProFTPd
• set /etc/proftpd/proftpd.conf
• enter a valid email adress
• take defaults for start script, script location and logfile location
• use quota
• say no to coldfusion, modpython, spamassassin (watch out for a new version of this guide) and cron jobs
• say yes to allow mysql dbs for users
• take defaults for mysql server and database path
• say no to phpmyadmin – we'll do this later

That's it – we can now install it.

./install.pl

you only need to install Expect, IO::Pty, IO::Stty, Logfile::Rotate,Quota deselect the other modules.

• Enter an email adress for proftpd.

Well, that's it. We still need to put the counterscript in our crontab file. The counterscript is Confixx's backend – it creates all users, directories etc. Its called every minute by your cron service and does only work with a valid licence. So if no users are created with your setup check your licence. Put the following line to your crontab file:

 */1 * * * *	root	/usr/local/confixx/confixx_counterscript.pl
 

Check your setup by going to your configured domain with your browser.

Installation is now done and you might want to look at the tips section.

Tips

Using webapp-config with Confixx

webapp-config is gentoo's great tool to install web-applications. To use it with Confixx you have to know that Confixx uses an other document root directory than gentoo. Gentoo stores webpages in /var/www/www.mydomain.tld/htdocs/ and Confixx uses /var/www/webx/html/ . So we need to configure webapp-config to use these directories.

Open /etc/vhost/webapp-config and change the following values

 VHOST_HTDOCS_INSECURE=“html“
 VHOST_HTDOCS_SECURE=“html“
 

If you've configured Confixx to not use /var/www as homedir you might want to edit the VHOST_ROOT entry to match your chosen path.

IMPORTANT: You have to enter the username (eg. web5) with the -h option instead of the hostname!

Enable SSL

You can enable secure POP3 by starting courier-pop3s.

/etc/init.d/courier-pop3d-ssl start; rc-update add courier-pop3d-ssl default

If you don't want to use the self-signed ssl certificates for your services you can get real ones at www.cacert.org for free.

IMAP4

You can also use IMAP4 instead of POP3 but Confixx doesn't allow you to create subdirectories or other IMAP4 specials. Simply start

/etc/init.d/courier-imapd start

and use imap with your pop3 users created in Confixx.

--Amigafan 17:12, 16 May 2005 (GMT)

Installing non-portage perl modules

You can also install perl modules that aren't part of portage by using app-portage/g-cpan to generate ebuilds in your $PORTDIR_OVERLAY (g-cpan will also check to see if we have an ebuild existing that you didn't know about).

g-cpan -i Some::Module

or to just generate the ebuilds:

g-cpan -g Some::Module

--mcummings 16:58, 03 June 2005