The Perfect Server - Fedora 14 x86_64 [ISPConfig 2]

This is a detailed description about how to set up a Fedora 14 server that offers all services needed by ISPs
and hosters: Apache web server (SSL-capable) with PHP5/Ruby/Python, Postfix mail server with SMTP-
AUTH and TLS, BIND DNS server, Proftpd FTP server, MySQL server, Dovecot POP3/IMAP, Quota,
Firewall, etc. This tutorial is written for the 64-bit version of Fedora 14, but should apply to the 32-bit version
with very little modifications as well. In the end you should have a system that works reliably, and if you like
you can install the free webhosting control panel ISPConfig (i.e., ISPConfig runs on it out of the box).
I will use the following software:

 Web Server: Apache 2.2.16

 PHP 5.3.3
 Ruby
 Python
 Database Server: MySQL 5.1.51
 Mail Server: Postfix
 DNS Server: BIND9 (chrooted)
 FTP Server: proftpd
 POP3/IMAP server: Dovecot
 Webalizer for web site statistics
Please note that this setup does not work for ISPConfig 3! It is valid for ISPConfig 2 only!
I want to say first that this is not the only way of setting up such a system. There are many ways of achieving
this goal but this is the way I take. I do not issue any guarantee that this will work for you!

1 Requirements
To install such a system you will need the following:

 Download the Fedora 14 DVD iso image from a mirror near you (the list of mirrors can be found
here: http://mirrors.fedoraproject.org/publiclist/Fedora/14/), e.g. http://ftp.tu-
chemnitz.de/pub/linux/fedora/linux/releases/14/Fedora/x86_64/iso/Fedora-14-x86_64-DVD.iso
 an Internet connection...

2 Preliminary Note
In this tutorial I use the hostname server1.example.com with the IP address 192.168.0.100 and the
gateway 192.168.0.1. These settings might differ for you, so you have to replace them where appropriate.

3 Install The Base System

Boot from your Fedora 14 DVD. Select Install a new system or upgrade an existing system:
It can take a long time to test the installation media so we skip this test here:

The welcome screen of the Fedora installer appears. Click on Next:

Choose your language next:
Select your keyboard layout:

I assume that you use a locally attached hard drive, so you should select Basic Storage Devices here:
If you see the following message (Error processing drive: [...] This device may need to be reinitialized.
REINITIALIZING WILL CAUSE ALL DATA TO BE LOST!), please click onRe-initialize:

Fill in the hostname of the server:

Choose your time zone:
Give root a password:

Next we do the partitioning. Select Replace Existing Linux System(s). This will give you a
small /boot partition and a large / partition which is fine for our purposes:
Select Write Changes to Disk:

The hard drive is being formatted:

Now we select the software we want to install. Uncheck Graphical Desktop and check Web Server instead.
Then check Customize now. Afterwards, select the additional repositoriesFedora 14 - x86_64 and Fedora 14
- x86_64 - Updates (if you are on an i386 system, the names are probably Fedora 14 - i386 and Fedora 14 -
i386 - Updates):
As the last two repositories need an Internet connection, a new window pops up where you have to configure
your network card. Select your network card and click on OK:
Go to the Wired tab, select the network interface and click on Edit...:

Go to the IPv4 Settings tab and select Manual in the Method drop-down menu. Fill in one, two, or three
nameservers (separated by comma) in the DNS servers field (e.g.145.253.2.75,8.8.8.8), then click on
the Add button next to the Addresses area:
Now give your network card a static IP address and netmask (in this tutorial I'm using the IP
address 192.168.0.100 and netmask 255.255.255.0 for demonstration purposes; if you are not sure about
the right values, http://www.subnetmask.info might help you). Also fill in your gateway (e.g. 192.168.0.1);
check the Connect automatically box and then click on theApply... button:
Next click on Close in the Network Connections window:
The details for the last two repositories should now be retrieved, and the checkboxes in front of them should
be marked. Click on Next:

Now we must select the package groups we want to install. Select Editors, Text-based
Internet, Development Libraries, Development Tools, DNS Name Server, FTP Server, Mail Server, MySQL
Database, Server Configuration Tools, Web Server, Administration Tools, Base, Hardware
Support, Java, System Tools (unselect all other package groups) and click onNext:
The installation begins. This will take a few minutes:
Finally, the installation is complete, and you can remove your DVD from the computer and reboot it:

After the reboot, you will see this screen. Select Firewall configuration and hit Run Tool:

I want to install ISPConfig at the end of this tutorial which comes with its own firewall. That's why I disable
the default Fedora firewall now. Of course, you are free to leave it on and configure it to your needs (but then
you shouldn't use any other firewall later on as it will most probably interfere with the Fedora firewall).
Hit OK afterwards:

Confirm your choice by selecting Yes:

Next select Network configuration:

If you did not configure your network card during the installation (because you did not select the additional
online repositories), you can do that now by going to Device configuration:

Select your network interface (usually eth0):

Then fill in your network details - disable DHCP and fill in a static IP address, a netmask, and your gateway,
then hit Ok:

Next select Save:

You can also specify additional nameservers. Select DNS configuration:

Now you can fill in additional nameservers and hit Ok:

Hit Save&Quit afterwards...

... and leave the Choose a Tool window by selecting Quit:

You should run

ifconfig

now to check if the installer got your IP address right.

Now I disable Fedora's NetworkManager and enable "normal" networking. NetworkManager is good for
desktops where network connections can change (e.g. LAN vs. WLAN), but on a server you usually don't
change network connections:

chkconfig NetworkManager off

chkconfig --levels 35 network on
/etc/init.d/network restart

Check your /etc/resolv.conf if it lists all nameservers that you've previously configured:

cat /etc/resolv.conf

If nameservers are missing, run

system-config-network

and add the missing nameservers again.

Now, on to the configuration...

4 Adjust /etc/hosts

Next we edit /etc/hosts. Make it look like this:

vi /etc/hosts

127.0.0.1 localhost.localdomain localhost localhost4

192.168.0.100 server1.example.com server1
::1 server1.example.com server1 localhost localhost.localdomain localhost6.localdomain6
localhost6

It is important that you add a line for server1.example.com and

remove server1.example.com and server1 from the 127.0.0.1 line.

5 Disable SELinux
SELinux is a security extension of Fedora that should provide extended security. In my opinion you don't
need it to configure a secure system, and it usually causes more problems than advantages (think of it after
you have done a week of trouble-shooting because some service wasn't working as expected, and then you
find out that everything was ok, only SELinux was causing the problem). Therefore I disable it (this is a must
if you want to install ISPConfig later on).

Edit /etc/selinux/config and set SELINUX=disabled:

vi /etc/selinux/config

# This file controls the state of SELinux on the system.

# SELINUX= can take one of these three values:
# enforcing - SELinux security policy is enforced.
# permissive - SELinux prints warnings instead of enforcing.
# disabled - No SELinux policy is loaded.
SELINUX=disabled
# SELINUXTYPE= can take one of these two values:
# targeted - Targeted processes are protected,
# mls - Multi Level Security protection.
SELINUXTYPE=targeted

Afterwards we must reboot the system:

reboot

6 Install Some Software

Next we update our existing packages on the system:
yum update

Now we install some software packages that are needed later on:

yum install fetchmail wget bzip2 unzip zip nmap openssl lynx fileutils ncftp gcc gcc-c++

7 Journaled Quota
(If you have chosen a different partitioning scheme than I did, you must adjust this chapter so that quota
applies to the partitions where you need it.)
To install quota, we run this command:

yum install quota

Edit /etc/fstab and add ,usrjquota=aquota.user,grpjquota=aquota.group,jqfmt=vfsv0 to the / partition

(/dev/mapper/vg_server1-lv_root):

vi /etc/fstab

#
# /etc/fstab
# Created by anaconda on Thu Nov 4 01:49:41 2010
#
# Accessible filesystems, by reference, are maintained under '/dev/disk'
# See man pages fstab(5), findfs(8), mount(8) and/or blkid(8) for more info
#
/dev/mapper/vg_server1-lv_root / ext4
defaults,usrjquota=aquota.user,grpjquota=aquota.group,jqfmt=vfsv0 11
UUID=1b6ac184-dcd8-4cc9-829f-d5fca50df46f /boot ext4 defaults 12
/dev/mapper/vg_server1-lv_swap swap swap defaults 00
tmpfs /dev/shm tmpfs defaults 00
devpts /dev/pts devpts gid=5,mode=620 0 0
sysfs /sys sysfs defaults 00
proc /proc proc defaults 00

Then run

touch /aquota.user /aquota.group

chmod 600 /aquota.*
mount -o remount /
quotacheck -avugm
quotaon -avug
to enable quota.

8 Install A Chrooted DNS Server (BIND9)

To install a chrooted BIND9, we do this:

yum install bind-chroot

Next, we change a few permissions:

chmod 755 /var/named/

chmod 775 /var/named/chroot/
chmod 775 /var/named/chroot/var/
chmod 775 /var/named/chroot/var/named/
chmod 775 /var/named/chroot/var/run/
chmod 777 /var/named/chroot/var/run/named/
cd /var/named/chroot/var/named/
ln -s ../../ chroot

Then we open /etc/sysconfig/named and make sure that it has the following line to tell BIND that it's running
chrooted in /var/named/chroot:

vi /etc/sysconfig/named

[...]
ROOTDIR=/var/named/chroot

Next open /etc/rsyslog.conf...

vi /etc/rsyslog.conf

... and add the line $AddUnixListenSocket /var/named/chroot/dev/log to it:

[...]
$AddUnixListenSocket /var/named/chroot/dev/log

Restart rsyslog:

/etc/init.d/rsyslog restart

Then we create the system startup links for BIND:

chkconfig --levels 235 named on

We don't start BIND now because it will fail because of a missing /var/named/chroot/etc/named.conf. This
will be created later on by ISPConfig (if you use ISPConfig's DNS Manager, that is).

9 MySQL 5

To install MySQL, we do this:

yum install mysql mysql-devel mysql-server

Then we create the system startup links for MySQL (so that MySQL starts automatically whenever the
system boots) and start the MySQL server:

chkconfig --levels 235 mysqld on

/etc/init.d/mysqld start

Now check that networking is enabled. Run

netstat -tap | grep mysql

It should show something like this:

[root@server1 ~]# netstat -tap | grep mysql

tcp 0 0 *:mysql *:* LISTEN 1765/mysqld
[root@server1 ~]#
If it does not, edit /etc/my.cnf and comment out the option skip-networking:

vi /etc/my.cnf

[...]
#skip-networking
[...]

and restart your MySQL server:

/etc/init.d/mysqld restart

Run

mysql_secure_installation

to set a password for the user root (otherwise anybody can access your MySQL database!).
[root@server1 ~]# mysql_secure_installation

NOTE: RUNNING ALL PARTS OF THIS SCRIPT IS RECOMMENDED FOR ALL MySQL
SERVERS IN PRODUCTION USE! PLEASE READ EACH STEP CAREFULLY!

In order to log into MySQL to secure it, we'll need the current
password for the root user. If you've just installed MySQL, and
you haven't set the root password yet, the password will be blank,
so you should just press enter here.

Enter current password for root (enter for none): <-- ENTER
OK, successfully used password, moving on...

Setting the root password ensures that nobody can log into the MySQL
root user without the proper authorisation.

Set root password? [Y/n] <-- ENTER

New password: <-- yourrootsqlpassword
Re-enter new password: <-- yourrootsqlpassword
Password updated successfully!
Reloading privilege tables..
... Success!

By default, a MySQL installation has an anonymous user, allowing anyone

to log into MySQL without having to have a user account created for
them. This is intended only for testing, and to make the installation
go a bit smoother. You should remove them before moving into a
production environment.

Remove anonymous users? [Y/n] <-- ENTER

... Success!

Normally, root should only be allowed to connect from 'localhost'. This

ensures that someone cannot guess at the root password from the network.

Disallow root login remotely? [Y/n] <-- ENTER

... Success!

By default, MySQL comes with a database named 'test' that anyone can
access. This is also intended only for testing, and should be removed
before moving into a production environment.

Remove test database and access to it? [Y/n] <-- ENTER

- Dropping test database...
... Success!
- Removing privileges on test database...
... Success!

Reloading the privilege tables will ensure that all changes made so far
will take effect immediately.

Reload privilege tables now? [Y/n] <-- ENTER

... Success!

Cleaning up...

All done! If you've completed all of the above steps, your MySQL
installation should now be secure.

Thanks for using MySQL!

[root@server1 ~]#

10 Postfix With SMTP-AUTH And TLS

Now we install Postfix and Dovecot (Dovecot will be our POP3/IMAP server):

yum install cyrus-sasl cyrus-sasl-devel cyrus-sasl-gssapi cyrus-sasl-md5 cyrus-sasl-plain postfix dovecot

Now we configure SMTP-AUTH and TLS:

postconf -e 'smtpd_sasl_local_domain ='

postconf -e 'smtpd_sasl_auth_enable = yes'
postconf -e 'smtpd_sasl_security_options = noanonymous'
postconf -e 'broken_sasl_auth_clients = yes'
postconf -e 'smtpd_sasl_authenticated_header = yes'
postconf -e 'smtpd_recipient_restrictions =
permit_sasl_authenticated,permit_mynetworks,reject_unauth_destination'
postconf -e 'inet_interfaces = all'
postconf -e 'mynetworks = 127.0.0.0/8 [::1]/128'

We must edit /usr/lib64/sasl2/smtpd.conf so that Postfix allows PLAIN and LOGIN logins (on 32bit systems,
this file is in /usr/lib/sasl2/smtpd.conf). It should look like this:

vi /usr/lib64/sasl2/smtpd.conf
 pwcheck_method: saslauthd
mech_list: plain login

Afterwards we create the certificates for TLS:

mkdir /etc/postfix/ssl
cd /etc/postfix/ssl/
openssl genrsa -des3 -rand /etc/hosts -out smtpd.key 1024
chmod 600 smtpd.key
openssl req -new -key smtpd.key -out smtpd.csr
openssl x509 -req -days 3650 -in smtpd.csr -signkey smtpd.key -out smtpd.crt

openssl rsa -in smtpd.key -out smtpd.key.unencrypted

mv -f smtpd.key.unencrypted smtpd.key
openssl req -new -x509 -extensions v3_ca -keyout cakey.pem -out cacert.pem -days 3650

Next we configure Postfix for TLS:

postconf -e 'smtpd_tls_auth_only = no'

postconf -e 'smtp_use_tls = yes'
postconf -e 'smtpd_use_tls = yes'
postconf -e 'smtp_tls_note_starttls_offer = yes'
postconf -e 'smtpd_tls_key_file = /etc/postfix/ssl/smtpd.key'
postconf -e 'smtpd_tls_cert_file = /etc/postfix/ssl/smtpd.crt'
postconf -e 'smtpd_tls_CAfile = /etc/postfix/ssl/cacert.pem'
postconf -e 'smtpd_tls_loglevel = 1'
postconf -e 'smtpd_tls_received_header = yes'
postconf -e 'smtpd_tls_session_cache_timeout = 3600s'
postconf -e 'tls_random_source = dev:/dev/urandom'

Then we set the hostname in our Postfix installation (make sure you replace server1.example.com with your
own hostname):

postconf -e 'myhostname = server1.example.com'

After these configuration steps you should now have a /etc/postfix/main.cf that looks like this (I have
removed all comments from it):

cat /etc/postfix/main.cf

queue_directory = /var/spool/postfix
command_directory = /usr/sbin
daemon_directory = /usr/libexec/postfix
data_directory = /var/lib/postfix
mail_owner = postfix
 inet_interfaces = all
inet_protocols = all
mydestination = $myhostname, localhost.$mydomain, localhost
unknown_local_recipient_reject_code = 550
alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases
debug_peer_level = 2
debugger_command =
PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin
ddd $daemon_directory/$process_name $process_id & sleep 5

sendmail_path = /usr/sbin/sendmail.postfix
newaliases_path = /usr/bin/newaliases.postfix
mailq_path = /usr/bin/mailq.postfix
setgid_group = postdrop
html_directory = no
manpage_directory = /usr/share/man
sample_directory = /usr/share/doc/postfix-2.7.1/samples
readme_directory = /usr/share/doc/postfix-2.7.1/README_FILES
smtpd_sasl_local_domain =
smtpd_sasl_auth_enable = yes
smtpd_sasl_security_options = noanonymous
broken_sasl_auth_clients = yes
smtpd_sasl_authenticated_header = yes
smtpd_recipient_restrictions =
permit_sasl_authenticated,permit_mynetworks,reject_unauth_destination
mynetworks = 127.0.0.0/8 [::1]/128
smtpd_tls_auth_only = no
smtp_use_tls = yes
smtpd_use_tls = yes
smtp_tls_note_starttls_offer = yes
smtpd_tls_key_file = /etc/postfix/ssl/smtpd.key
smtpd_tls_cert_file = /etc/postfix/ssl/smtpd.crt
smtpd_tls_CAfile = /etc/postfix/ssl/cacert.pem
smtpd_tls_loglevel = 1
smtpd_tls_received_header = yes
smtpd_tls_session_cache_timeout = 3600s
tls_random_source = dev:/dev/urandom
myhostname = server1.example.com

Now start Postfix and saslauthd:

chkconfig --levels 235 sendmail off

chkconfig --levels 235 postfix on
chkconfig --levels 235 saslauthd on
chkconfig --levels 235 dovecot on
/etc/init.d/sendmail stop
/etc/init.d/postfix start
/etc/init.d/saslauthd start

Before we start Dovecot, we must enable plaintext authentication. Open /etc/dovecot/conf.d/10-auth.conf...

vi /etc/dovecot/conf.d/10-auth.conf
... and add the line disable_plaintext_auth = no:

[...]
# Disable LOGIN command and all other plaintext authentications unless
# SSL/TLS is used (LOGINDISABLED capability). Note that if the remote IP
# matches the local IP (ie. you're connecting from the same computer), the
# connection is considered secure and plaintext authentication is allowed.
#disable_plaintext_auth = yes
disable_plaintext_auth = no
[...]

Then start Dovecot:

/etc/init.d/dovecot start

To see if SMTP-AUTH and TLS work properly now run the following command:

telnet localhost 25

After you have established the connection to your Postfix mail server type

ehlo localhost

If you see the lines

250-STARTTLS

and

250-AUTH LOGIN PLAIN

everything is fine.

[root@server1 ssl]# telnet localhost 25

Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.
220 server1.example.com ESMTP Postfix
ehlo localhost
250-server1.example.com
250-PIPELINING
250-SIZE 10240000
250-VRFY
250-ETRN
250-STARTTLS
250-AUTH LOGIN PLAIN
250-AUTH=LOGIN PLAIN
250-ENHANCEDSTATUSCODES
250-8BITMIME
250 DSN
quit
221 2.0.0 Bye
Connection closed by foreign host.
[root@server1 ssl]#
Type

quit

to return to the system's shell.

10.1 Maildir
Dovecot uses Maildir format (not mbox), so if you install ISPConfig on the server, please make sure you
enable Maildir under Management -> Server -> Settings -> Email. ISPConfig will then do the necessary
configuration.
If you do not want to install ISPConfig, then you must configure Postfix to deliver emails to a user's Maildir
(you can also do this if you use ISPConfig - it doesn't hurt ;-)):

postconf -e 'home_mailbox = Maildir/'

postconf -e 'mailbox_command ='
/etc/init.d/postfix restart

11 Apache2 With PHP, Ruby, Python, WebDAV

Now we install Apache with PHP5 (this is PHP 5.3.3):

yum install php php-devel php-gd php-imap php-ldap php-mysql php-odbc php-pear php-xml php-xmlrpc
php-eaccelerator php-magickwand php-magpierss php-mapserver php-mbstring php-mcrypt php-mssql php-
shout php-snmp php-soap php-tidy curl curl-devel perl-libwww-perl ImageMagick libxml2 libxml2-devel

Then edit /etc/httpd/conf/httpd.conf:

vi /etc/httpd/conf/httpd.conf

and change DirectoryIndex to

[...]
DirectoryIndex index.html index.htm index.shtml index.cgi index.php index.php3 index.pl
 [...]

Now configure your system to start Apache at boot time:

chkconfig --levels 235 httpd on

Start Apache:

/etc/init.d/httpd start

11.1 Disable PHP Globally

(If you do not plan to install ISPConfig on this server, please skip this section!)

In ISPConfig you will configure PHP on a per-website basis, i.e. you can specify which website can run PHP
scripts and which one cannot. This can only work if PHP is disabled globally because otherwise all websites
would be able to run PHP scripts, no matter what you specify in ISPConfig.

To disable PHP globally, we edit /etc/httpd/conf.d/php.conf and comment out

the AddHandler and AddType lines:

vi /etc/httpd/conf.d/php.conf

#
# PHP is an HTML-embedded scripting language which attempts to make it
# easy for developers to write dynamically generated webpages.
#
<IfModule prefork.c>
LoadModule php5_module modules/libphp5.so
</IfModule>
<IfModule worker.c>
LoadModule php5_module modules/libphp5-zts.so
</IfModule>

#
# Cause the PHP interpreter to handle files with a .php extension.
#
#AddHandler php5-script .php
#AddType text/html .php

#
# Add index.php to the list of files that will be served as directory
# indexes.
#
DirectoryIndex index.php
 #
# Uncomment the following line to allow PHP to pretty-print .phps
# files as PHP source code:
#
#AddType application/x-httpd-php-source .phps

Afterwards we restart Apache:

/etc/init.d/httpd restart

11.2 Ruby
Starting with version 2.2.20, ISPConfig has built-in support for Ruby. Instead of using CGI/FastCGI,
ISPConfig depends on mod_ruby being available in the server's Apache.
For Fedora 14, there's no mod_ruby package available, so we must compile it ourselves. First we install
some prerequisites:

yum install httpd-devel ruby ruby-devel

Next we download and install mod_ruby as follows:

cd /tmp
wget http://www.modruby.net/archive/mod_ruby-1.3.0.tar.gz
tar zxvf mod_ruby-1.3.0.tar.gz
cd mod_ruby-1.3.0/
./configure.rb --with-apr-includes=/usr/include/apr-1
make
make install

Finally we must add the mod_ruby module to the Apache configuration, so we create the
file /etc/httpd/conf.d/ruby.conf...

vi /etc/httpd/conf.d/ruby.conf

LoadModule ruby_module modules/mod_ruby.so

... and restart Apache:

/etc/init.d/httpd restart
You can find more details about mod_ruby in this article.

11.3 Installing mod_python

To install mod_python, we simply run...

yum install mod_python

... and restart Apache afterwards:

/etc/init.d/httpd restart

11.4 WebDAV
WebDAV should already be enabled, but to check this, open /etc/httpd/conf/httpd.conf and make sure that
the following three modules are active:

vi /etc/httpd/conf/httpd.conf

[...]
LoadModule auth_digest_module modules/mod_auth_digest.so
[...]
LoadModule dav_module modules/mod_dav.so
[...]
LoadModule dav_fs_module modules/mod_dav_fs.so
[...]

If you have to modify /etc/httpd/conf/httpd.conf, don't forget to restart Apache afterwards:

/etc/init.d/httpd restart

12 ProFTPd
ISPConfig has better support for proftpd than vsftpd, so let's remove vsftpd and install proftpd:

yum remove vsftpd

yum install proftpd

Now we can create the system startup links for Proftpd and start it:
chkconfig --levels 235 proftpd on
/etc/init.d/proftpd start

13 Webalizer
To install webalizer, just run

yum install webalizer

14 Synchronize The System Clock

If you want to have the system clock synchronized with an NTP server do the following:

yum install ntp

chkconfig --levels 235 ntpd on

ntpdate 0.pool.ntp.org
/etc/init.d/ntpd start

15 Install Some Perl Modules

ISPConfig comes with SpamAssassin which needs a few Perl modules to work. We install the required Perl
modules with a single command:

yum install perl-HTML-Parser perl-DBI perl-Net-DNS perl-Digest-SHA1 perl-ExtUtils-AutoInstall perl-

NetAddr-IP perl-Archive-Tar

16 ISPConfig
The configuration of the server is now finished. You can now install ISPConfig on it, following these
instructions: http://www.ispconfig.org/manual_installation.htm
Before you install ISPConfig, there's one important thing you must do. Open /usr/include/stdio.h and
replace getline with parseline in line 673:

vim /usr/include/stdio.h
 [...]
/* Like `getdelim', but reads up to a newline.

This function is not part of POSIX and therefore no official

cancellation point. But due to similarity with an POSIX interface
or due to the implementation it is a cancellation point and
therefore not marked with __THROW. */
extern _IO_ssize_t parseline (char **__restrict __lineptr,
size_t *__restrict __n,
FILE *__restrict __stream) __wur;
#endif
[...]

If you don't do this, the installation will fail because of the following error:

htpasswd.c:101: error: conflicting types for âgetlineâ

/usr/include/stdio.h:653: note: previous declaration of âgetlineâ was here
make[2]: *** [htpasswd.o] Error 1
make[2]: Leaving directory `/home/install_ispconfig/compile_aps/apache_1.3.41/src/support'
make[1]: *** [build-support] Error 1
make[1]: Leaving directory `/home/install_ispconfig/compile_aps/apache_1.3.41'
make: *** [build] Error 2
ERROR: Could not make Apache
You can undo the change to /usr/include/stdio.h after the successful ISPConfig installation (but don't forget to
change it back whenever you want to update ISPConfig!).

16.1 A Note On SuExec

If you want to run CGI scripts under suExec, you should specify /var/www as the web root for websites
created by ISPConfig as Fedora's suExec is compiled with /var/www as Doc_Root. Run

/usr/sbin/suexec -V

and the output should look like this:

[root@server1 ~]# /usr/sbin/suexec -V

-D AP_DOC_ROOT="/var/www"
-D AP_GID_MIN=100
-D AP_HTTPD_USER="apache"
-D AP_LOG_EXEC="/var/log/httpd/suexec.log"
-D AP_SAFE_PATH="/usr/local/bin:/usr/bin:/bin"
-D AP_UID_MIN=500
-D AP_USERDIR_SUFFIX="public_html"
[root@server1 ~]#
So if you want to use suExec with ISPconfig, don't change the default web root (which is /var/www) if you
use expert mode during the ISPConfig installation (in standard mode you can't change the web root anyway
so you'll be able to use suExec in any case).
 17 Links
 Fedora: http://fedoraproject.org/
 ISPConfig: http://www.ispconfig.org/