Documentation/Configuration

From ISP admin

Jump to: navigation, search

Contents

Installation Configuration ENGLISH

After completion of the installation it is necessary to choose a symbolic DNS addresses to access the admin web interface and the user web interface. The selected names must be domains at least of the third order.
You can inspire yourself by the following examples:

  • Admin interfaces:
ispadmin.yourcompany.cz, admin.yourcompany.cz, management.yourcompany.cz…
  • Client Interfaces:
client.yourcompany.cz, customer.yourcompany.cz, portal.yourcompany.cz, support.yourcompany.cz…

Two DNS records pointing to the IP address of the installed ISPadmin server must be set up for the chosen symbolic addresses. These records usually have to be, at your request, set by your connection provider or you can set it yourself through an account of yours at your provider (but the process is very individual, because each provider has it otherwise).


Setting up of domain names

If the created DNS records correctly point out to your server, test them via the ping command. Then you can again continue in the system configuration.

ping admin.yourcompany.cz 
Command PING to yourcompany.cz [81.0.237.137] - 32 bytes of data:
... 
The ping statistics for 81.0.237.137:
Packets: Sent = 4, Received = 4, Lost = 0 (loss 0%)

For our purposes we assume that IP address of the server is 10.0.0.1 translated by NAT (Network Address Translation) to the public IP 81.0.237.137. DNS records then point to IP 81.0.237.137 and the server has a set IP addresss 10.0.0.1


To file /etc/hostname enter the server name: admin.yourcompany.cz

pico -w /etc/hostname 


To file /etc/hosts enter IP address and hostname in the shape of: 10.0.0.1 admin.yourcompany.cz client.yourcompany.cz

pico -w /etc/hosts


In file /etc/httpd/conf/httpd.conf allow directives NameVirtualHost and modify selected addresses so that the file will look like this:

pico -w /etc/httpd/conf/httpd.conf
#Listen 81                                      ### commenting at the beginning the port 81
#Listen 82
#Listen 84 
options FollowSymLinks
NameVirtualHost 10.0.0.1:80 ### modify the address for virtual guests and for the relevant ports NameVirtualHost 10.0.0.1:443
### ISP Admin <VirtualHost admin.vasefirma.cz:80> ### modify the domain name for an unsecured access DocumentRoot "/data/support_nossl/" </VirtualHost>
## ISP Admin SSL <VirtualHost admin.vasefirma.cz:443> ### modify the domain name for a secure access DocumentRoot "/data/support/ispadmin/" AddDefaultCharset UTF-8 <Directory /data/support/ispadmin/> Options ExecCGI AllowOverride All </Directory> CustomLog /var/log/apache2/access_support_ispadmin.log combined AddType application/x-httpd-php .php .php3 .php4 php_admin_value open_basedir "/data/support/:/tmp/:/data/" php_admin_value include_path ".:/usr/local/lib/php/:/tmp/" php_admin_value disable_functions "openlog, exec, passthru, proc_open, proc_close, shell_exec" php_admin_value display_errors "On" php_admin_value safe_mode "Off" php_admin_value register_globals "On" php_admin_value sendmail_path "/usr/sbin/sendmail -t -i -f webmaster@ispadmin.cz"
### We will delete # symbols at the beginings of the lines in the whole following section, and so activate the HTPPS
for higher security.
SSLEngine on SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL SSLCertificateFile /etc/httpd/conf/cert/server.crt SSLCertificateKeyFile /etc/httpd/conf/cert/server.key SSLCertificateChainFile /etc/httpd/conf/cert/ca.crt SetEnvIf User-Agent ".*MSIE.*" \ nokeepalive ssl-unclean-shutdown \ downgrade-1.0 force-response-1.0 </VirtualHost>
#### ISP Admin support #<VirtualHost 192.168.1.100:80> # DocumentRoot "/data/support_nossl/" #</VirtualHost>
## ISP Admin support SSL <VirtualHost klient.vasefirma.cz:80> ### Modify the domain name of the user interface of clients. The interfaces will here run
on http and not on https, because in case that a certificate for https is not exposed by
a certificate authority, then IE will display, trying to access this page, an error
message about its certificate validity "that it is not recommended to visit this page",
and the users are then confused of it."
DocumentRoot "/data/support/ispadmin_support/" AddDefaultCharset UTF-8 CustomLog /var/log/apache2/access_support_ispadmin_support.log combined AddType application/x-httpd-php .php .php3 .php4 php_admin_value open_basedir "/data/support/ispadmin_support/" php_admin_value include_path ".:/usr/local/lib/php/" php_admin_value disable_functions "openlog, exec, passthru, proc_open, proc_close, shell_exec" php_admin_value display_errors "On" php_admin_value safe_mode "Off" php_admin_value register_globals "On"
# SSLEngine on # SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL # SSLCertificateFile /etc/httpd/conf/cert/server.crt # SSLCertificateKeyFile /etc/httpd/conf/cert/server.key # SSLCertificateChainFile /etc/httpd/conf/cert/ca.crt # SetEnvIf User-Agent ".*MSIE.*" \ # nokeepalive ssl-unclean-shutdown \ # downgrade-1.0 force-response-1.0 </VirtualHost>
<Directory /data/support/> Options ExecCGI FollowSymLinks AllowOverride None </Directory>
<Directory /data/support/ispadmin_support/> Options ExecCGI AllowOverride All </Directory>
include /usr/local/script/ispadmin/apache_ispadmin_vhost.conf

Passwords Settings

We strongly recommend to respect the principles of so called strong passwords. This way you will greatly reduce the possibility of compromising (hacking) of the system, database even the application itself. In any case do not operate the ISPadmin with default passwords, which were contained in the pure installation!

One example: Suppose you want an easy to remember password, but which meets the requirements for a strong password: it contains both uppercase and lowercase letters, numbers and special characters and is at least 8 characters long.

Weak password: frantavomacka

The transformation of a weak password into a strong one:

  • 1)You put uppercase letters instead of some lowercase ones - this way you will meet the condition of uppercase and lowercase letters.
  • 2)Instead of the letter "o" you will put "0", instead of the letter "i" or "l" you will put "1" or you will write a few numbers at the end of the password - this way you will meet the condition of numbers presence in a password.
  • 3)Instead of letter "a" you will put a special at sign "@" or between words frantavomacka you will use the underscore sign "_" - this way you will meet the condition of special chracters in a password.

Strong password: Fr@nta_V0macka957


Reset the default passwords to the SQL database to your own passwords, you can display a hint by the command:

/usr/local/script/ispadmin/ispadmin_change_pass.pl


Change of the default password of a user of SQL DB "ispadmin":

/usr/local/script/ispadmin/ispadmin_change_pass.pl ispadmin ispadmin new_password

Change of the default password of an administrator of SQL DB "root":

/usr/local/script/ispadmin/ispadmin_change_pass.pl mysql_root ispadmin new_password


Also change the password of a user of root for the access to the Linux system through SSH:

passwd root

You do not have to be afraid of changing the password. In case of changing the password and consequently forgeting which one you have set, contact our technical assistance. It is not necessary to reinstall the whole system because of it.

Now again restart the server with a reboot command, so that all the changes will be reflected:

reboot

After restarting the system, log into the web interface, still using the default data ( user: admin pass: ispadmin ) and change the password of an administrator of the system, “admin” in a tab “Settings / Administrators” ,to your own, more secure one.

License activation

For full use of the system ISPadmin you need to purchase and then revive the license for a certain number of users. The file licence.php, which you will receive by an email, you need to copy into the directory /data/support/ispadmin/config/. To copy the file into the server it is possible to use a scp program or from Windows winscp, which is possible to download from http://www.winscp.org.

A the end it is necessary to enter a valid license key to the file /data/support/ispadmin/config/config.php. For example: KEY = 22-A8C2-12D3.

The next time you log into the web ISPadmin interface, your license will be activated.

Update to the last stable version

If you already have your installation correctly configured, run, the command line, the update to the latest version of ISPadmin. A connection to the main server, downloads of the update files and their installation will be carried out. Update usually takes a few minutes, but in some exceptional cases it might be even more than 30 minutes. In any case, wait until the message Update completed appears on the screen.

Now you will have the full version of the current ISPadmin at your disposal, with all its repairs and new features.

ispadmin_update stable

System Security

To prevent attacks on the server and its subsequent abuse, it is necessary to set firewall directly in ispadmin. If you wish to access the server remotely, you will need to define the appropriate firewall rules to permit traffic through SSH and other protocols only from strictly necessary IP addresses (networks). Do this through a web interface of the system administration in the tab Settings / Syst. settings / Security, where you will allow the SSH access only for the administrator stations or just directly for your entire network.