Contact Sales Sitemap Customer Login

HOWTO: CentOS 5 setup for LAMP and ISPconfig

This guide explains provides step-by-step instructions to install and configure a Link-4 level VPS hosting plan with the CentOS 5 operating system, LAMP, and ISPconfig.



This guide is based upon the Perfect Server - CentOS 5 and Perfect Server - CentOS 5.2 guides written by Falko Timme.

The instructions are tuned based on personal experience together with the hints collected from borgo (this guide's original author), bfp, Pablasso, sleddog, abbas, and many others from the VPSlink forums and other forums.


This guide will explain how to install:

Upon completing this guide, you should have a system that works reliably and may be used with the free webhosting control panel ISPConfig. (ISPConfig should run "out of the box" on this configuration)

There are many ways to complete the task of setting up a CentOS 5.2 LAMP server with mail services. Improvements and suggestions for this guide are welcomed - simply log in or create an account to contribute.

The commands below may be copied and pasted into an SSH session. Remember to provide your own IP addresses, hostnames, and passwords where necessary.

As an alternative to copy-pasting, a bash Installation Script is included at the end of this guide to automate the installation.


These documents are provided "as is" in the hope that they will be useful, but WITHOUT ANY WARRANTY, to the extent permitted by law; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.


Step-by-step Installation Guide

Install VPSlink CentOS 5.2 OS Template

  1. Browse to and log in
  2. Click through the Manage Server > Manage OS > Install OS icons
  3. Select Centos 5 from the New Operating System drop-down and click Change OS
  4. Confirm your choice (keep in mind that any data on the VPS will be lost)
  5. Within several minutes the installation will complete and your VPS will be rebooted

Set VPS Timezone

  1. Open an SSH session to your VPS
  2. Enter rm -f /etc/localtime to remove the /etc/localtime file (if it exists)
  3. Enter ln -s /usr/share/zoneinfo/UTC /etc/localtime to set your timezone to UTC
  4. Enter date to confirm that your VPS is reporting the correct time
  5. Enter reboot to restart your VPS - this will ensure that your daemons are synchronized with the new timezone setting

Note: It is preferable to set your timezone to a "neutral" zone (UTC means Coordinated Universal Time) to prevent users from guessing when you will likely be awake to administer the system, however, you can set the timezone to your local timezone by observing the instructions in the Setting the Linux System Timezone guide.

Configure yum

VPSlink uses public mirrors for CentOS distribution. Yum will automatically pick the fastest mirror.

  1. Enter cp /etc/yum.conf /etc/yum.conf.backup to back up your yum configuration
  2. Enter mv /etc/yum.repos.d/CentOS-Base.repo /etc/yum.repos.d/CentOS-Base.repo.backup to prevent your CentOS repository from being duplicated
  3. Add the following lines to the end of the [main] section of your /etc/yum.conf file:
    exclude=kernel* udev* glibc* MAKEDEV* mkinitrd module-init-tools
    The udev restriction applies for all OpenVZ installations. The ImageMagick package lists udev as a dependency, however, ImageMagick will still install successfully without udev.

Update your Base CentOS Installation

  1. Enter yum -y update to retrieve the latest repository information before installing
  2. Enter yum -y install zip nmap fileutils gcc-c++ to install the zip, nmap, fileutils, and gcc-c++ packages

Optional: Install and Configure quota

To Be Completed

The quota package is already installed in CentOS 5 template, however, the configuration will need to be modified from the instructions presented in Falko's CentOS 5.0 Perfect Setup.

For more information, please see the quota support in a CentOS VPS thread on the VPSLink Forums.

Install Required Packages

  1. Enter yum -y install make to install make (used to compile ProFTPd)
  2. Enter yum -y install bind-chroot to download and install the chroot BIND9 package
  3. Enter yum -y install mysql mysql-devel mysql-server to download and install MySQL
  4. Enter yum -y install cyrus-sasl cyrus-sasl-devel cyrus-sasl-gssapi cyrus-sasl-md5 cyrus-sasl-plain postfix dovecot to install Postfix, Dovecot, and related packages
  5. Enter yum -y install php php-devel php-gd php-imap php-ldap php-mysql php-odbc php-pear php-xml php-xmlrpc curl curl-devel perl-libwww-perl ImageMagick libxml2 libxml2-devel to install PHP and commonly-used optional packages
  6. Enter yum -y install webalizer to install Webalizer
  7. Enter yum -y install perl-HTML-Parser perl-DBI perl-Net-DNS perl-Digest-SHA1 to install Perl libraries used by SpamAssassin
  8. Enter yum -y install which flex to install which and flex (ISPconfig dependencies)

Remove Unnecessary Packages

  1. Enter chkconfig --levels 235 sendmail off; /etc/init.d/sendmail stop; yum -y remove sendmail to remove sendmail
  2. Enter yum -y remove vsftpd to remove vsftpd (ProFTPd is recommended over vsftpd for use with ISPconfig)

Configure BIND9 (chrooted DNS Server)

BIND will run in a chroot jail under /var/named/chroot/var/named/ to allow BIND management via ISPConfig.

  1. Enter chmod 755 /var/named/ to set permissions for the /var/named directory
  2. Enter chmod 775 /var/named/chroot/ to set permissions for the /var/named/chroot directory
  3. Enter chmod 775 /var/named/chroot/var/ to set permissions for the /var/named/chroot/var directory
  4. Enter chmod 775 /var/named/chroot/var/named/ to set permissions for the /var/named/chroot/var/named directory
  5. Enter chmod 775 /var/named/chroot/var/run/ to set permissions for the /var/named/chroot/var/run directory
  6. Enter chmod 777 /var/named/chroot/var/run/named/ to set permissions for the /var/named/chroot/var/run/named directory
  7. Enter cd /var/named/chroot/var/named/ to switch to the /var/named/chroot/var/named directory
  8. Enter ln -s ../../ chroot to create a symbolic link from the /var/named/chroot/var/named/chroot directory to the /var/named/chroot/ directory
  9. Enter cp /usr/share/doc/bind-9.3.4/sample/var/named/named.local /var/named/chroot/var/named/named.local to copy the sample named.local into your chroot jail
  10. Enter cp /usr/share/doc/bind-9.3.4/sample/var/named/named.root /var/named/chroot/var/named/named.root to copy the default root domain server file into your chroot jail
  11. Enter touch /var/named/chroot/etc/named.conf to create an empty named.conf file in your chroot jail
  12. Enter chkconfig --levels 235 named on to set BIND to start when your server boots

Configure MySQL

  1. Enter chkconfig --levels 235 mysqld on to set MySQL to start when your server boots

Note: Consider reviewing the MySQL Tuning guide and Low memory MySQL / Apache configurations for additional MySQL configuration suggestions.

Configure postfix with saslauthd

Enter the following postfix configuration commands:

  1. postconf -e 'smtpd_sasl_local_domain ='
  2. postconf -e 'smtpd_sasl_auth_enable = yes'
  3. postconf -e 'smtpd_sasl_security_options = noanonymous'
  4. postconf -e 'broken_sasl_auth_clients = yes'
  5. postconf -e 'smtpd_recipient_restrictions = permit_sasl_authenticated,permit_mynetworks,reject_unauth_destination'
  6. postconf -e 'inet_interfaces = all'
  7. postconf -e 'mynetworks ='

Generate an SSL Certificate for postfix

A Certificate Signing Request (CSR) file named /root/csr_data.txt will be used to simplify the certificate generation process.

Enter vi /root/csr_data.txt to begin editing the file - the contents of the file should look appear as follows with your certificate information in place of the dummy values:


Replace XX with the two-letter abbreviation of your country name and ensure that the two . characters and newline at the end of the file are entered.

Enter the following commands to generate an SSL certificate for use with postfix:

  1. mkdir /etc/postfix/ssl
  2. cd /etc/postfix/ssl/
  3. openssl genrsa -passout pass:<PASSWORD> -des3 -rand /var/log/messages -out smtpd.key 1024 (where <PASSWORD> is the password you have selected for your certificate)
  4. chmod 600 smtpd.key
  5. openssl req -new -key smtpd.key -passin pass:<PASSWORD> -batch -out smtpd.csr < /root/csr_data.txt (where <PASSWORD> is the password you have selected for your certificate)
  6. openssl x509 -req -days 730 -in smtpd.csr -signkey smtpd.key -passin pass:<PASSWORD> -out smtpd.crt (where <PASSWORD> is the password you have selected for your certificate)
  7. openssl rsa -in smtpd.key -passin pass:<PASSWORD> -out smtpd.key.unencrypted (where <PASSWORD> is the password you have selected for your certificate)
  8. mv -f smtpd.key.unencrypted smtpd.key
  9. openssl req -new -x509 -extensions v3_ca -passout pass:<CA_PASSWORD> -batch -keyout cakey.pem -out cacert.pem -days 730 < /root/cacert_csr_data.txt (where <CA_PASSWORD> is the Certificate Authority (CA) password for your certificate)
  10. chmod 600 smtpd.crt

Configure postfix for SSL

  1. Modify the /usr/lib/sasl2/smtpd.conf file:
    1. Enter vi /usr/lib/sasl2/smtpd.conf to open the file for editing
    2. Locate the pwcheck_method: saslauthd line and add the following line below it:
      mech_list: plain login
    3. Exit vi
  2. Enter the following commands to configure postfix to accept SSL connections:
    1. postconf -e 'smtpd_tls_auth_only = no'
    2. postconf -e 'smtp_use_tls = yes'
    3. postconf -e 'smtpd_use_tls = yes'
    4. postconf -e 'smtp_tls_note_starttls_offer = yes'
    5. postconf -e 'smtpd_tls_key_file = /etc/postfix/ssl/smtpd.key'
    6. postconf -e 'smtpd_tls_cert_file = /etc/postfix/ssl/smtpd.crt'
    7. postconf -e 'smtpd_tls_CAfile = /etc/postfix/ssl/cacert.pem'
    8. postconf -e 'smtpd_tls_loglevel = 1'
    9. postconf -e 'smtpd_tls_received_header = yes'
    10. postconf -e 'smtpd_tls_session_cache_timeout = 3600s'
    11. postconf -e 'tls_random_source = dev:/dev/urandom'

Optional: Dovecot uses Maildir format (not mbox), so if you install ISPConfig on the server, please make sure you enable Maildir under Management -> Server -> Settings -> Email. ISPConfig will then do the necessary configuration.

If you do not want to install ISPConfig, enter the following commands to configure postfix to deliver emails to a user's Maildir:

  1. postconf -e 'home_mailbox = Maildir/'
  2. postconf -e 'mailbox_command ='

Configure dovecot

Optional: By default, the dovecot daemon will provide IMAP and IMAPS services. If you wish to use POP3 and POP3S, you must configure dovecot to accept these protocols.

To enable POP3 and POP3 protocols:

  1. Enter vi /etc/dovecot.conf to begin editing the /etc/dovecot.conf file
  2. Locate and uncomment the following line:
    protocols = imap imaps pop3 pop3s
  3. Save the file and exit vi

Configure Apache

  1. Modify the DirectoryIndex directive in your httpd.conf file:
    1. Enter vi /etc/httpd/conf/httpd.conf to begin editing the file
    2. Locate the DirectoryIndex for your web root
    3. Modify the line to read as follows:
      DirectoryIndex index.html index.htm index.shtml index.cgi index.php index.php3
    4. Exit vi
  2. Enter chkconfig --levels 235 httpd on to start Apache whenever your server boots

Disable PHP by Default

Note: PHP must be disabled by default in the /etc/httpd/conf.d/php.conf file if you intend to limit PHP execution with ISPconfig.

Replace the contents of the /etc/httpd/conf.d/php.conf file with the following:

# PHP is an HTML-embedded scripting language which attempts to make it
# easy for developers to write dynamically generated webpages.

LoadModule php5_module modules/

# Cause the PHP interpreter to handle files with a .php extension.
#AddHandler php5-script .php
#AddType text/html .php

# Add index.php to the list of files that will be served as directory
# indexes.
DirectoryIndex index.php

# Uncomment the following line to allow PHP to pretty-print .phps
# files as PHP source code:
#AddType application/x-httpd-php-source .phps

Compile and Configure ProFTPd

  1. Enter cd /tmp to switch to the /tmp directory
  2. Enter wget --passive-ftp to download the latest stable version of ProFTPd
  3. Enter tar xvfz proftpd-1.3.3.tar.gz; cd proftpd-1.3.3 to unpack the ProFTPd source and switch to the unpacked directory
  4. Enter ./configure --sysconfdir=/etc; make; make install to prepare, compile, and install ProFTPd
  5. Enter cd /tmp; rm -rf ./proftpd-1.3.3* to remove ProFTPd's source archive and unpacked directory
  6. Enter ln -s /usr/local/sbin/proftpd /usr/sbin/proftpd to create a symbolic link from /usr/sbin/proftpd to /usr/local/sbin/proftpd
  7. Enter touch /etc/init.d/proftpd && chmod 755 /etc/init.d/proftpd to create an init script for ProFTPd
  8. Enter vi /etc/init.d/proftpd and copy the following script into the file:
# $Id: proftpd.init,v 1.1 2004/02/26 17:54:30 thias Exp $
# proftpd This shell script takes care of starting and stopping
# proftpd.
# chkconfig: - 80 30
# description: ProFTPD is an enhanced FTP server with a focus towards \
# simplicity, security, and ease of configuration. \
# It features a very Apache-like configuration syntax, \
# and a highly customizable server infrastructure, \
# including support for multiple 'virtual' FTP servers, \
# anonymous FTP, and permission-based directory visibility.
# processname: proftpd
# config: /etc/proftp.conf
# pidfile: /var/run/

# Source function library.
. /etc/rc.d/init.d/functions

# Source networking configuration.
. /etc/sysconfig/network

# Check that networking is up.
[ ${NETWORKING} = "no" ] && exit 0

[ -x /usr/sbin/proftpd ] || exit 0



start() {
echo -n $"Starting $prog: "
daemon proftpd
[ $RETVAL -eq 0 ] && touch /var/lock/subsys/proftpd

stop() {
echo -n $"Shutting down $prog: "
killproc proftpd
[ $RETVAL -eq 0 ] && rm -f /var/lock/subsys/proftpd

# See how we were called.
case "$1" in
status proftpd
if [ -f /var/lock/subsys/proftpd ]; then
echo -n $"Re-reading $prog configuration: "
killproc proftpd -HUP
echo "Usage: $prog {start|stop|restart|reload|condrestart|status}"
exit 1

exit $RETVAL
  1. Update your ProFTPd configuration:
    1. Enter vi /etc/proftpd.conf to begin editing the /etc/proftpd.conf file
    2. Add the following lines:
      Group nobody
      DefaultRoot ~
      IdentLookups off
      ServerIdent on "FTP Server ready."
    3. Exit vi
  2. Enter chkconfig --levels 235 proftpd on to automatically start ProFTPd when your server boots

Optional: Configure SuExec with ISPconfig

If you would like to run CGI scripts under SuExec, you should specify /var/www as the home directory for websites created by ISPConfig because SuExec for CentOS is compiled with /var/www as the default document root.

To ensure that SuExec will work with ISPconfig, your Apache configuration's document root should specify the same DOC_ROOT setting which is being used by SuExec.

Check the present DOC_ROOT setting for SuExec by running /usr/sbin/suexec -V and specify the same value (/var/www by default) in your /etc/httpd/httpd.conf file.

Test Your Configuration


  1. Enter /etc/init.d/named restart to restart BIND


  1. Enter /etc/init.d/mysqld start to start the MySQL daemon
  2. Enter netstat -tap | grep mysql - if a line with the word LISTEN displays, MySQL was configured successfully and is now running
  3. Enter mysqladmin -u root password <YOUR_MYSQL_PASSWORD> (where <YOUR_MYSQL_PASSWORD> is the unique password for your MySQL root account)

postfix, saslauthd, and dovecot

  1. Enter the following commands to automatically start the postfix, saslauthd, and dovecot daemons when your server boots:
    • chkconfig --levels 235 postfix on
    • chkconfig --levels 235 saslauthd on
    • chkconfig --levels 235 dovecot on
  2. Enter the following commands to start the postfix, saslauthd, and dovecot daemons for testing:
    • /etc/init.d/postfix start
    • /etc/init.d/saslauthd start
    • /etc/init.d/dovecot start
  3. Test SMTP authentication:
    1. Enter telnet localhost 25 to open a local connection to your mail server
    2. Upon establishing a connection, enter ehlo localhost to test your mail server's response
    3. If your mail server's response contains the following lines, the installation was successful:
    4. Enter quit to return to the bash prompt


  1. Enter /etc/init.d/httpd start to start Apache
  2. Enter wget to test Apache


  1. Enter /etc/init.d/proftpd start to start the ProFTP daemon

Scripted Installation Guide

Important: This script will overwrite existing files without asking. The installation script should not be run on a VPS which has already been configured. Review your logs to correct errors and proceed with the instructions listed above if the installation script fails

To run the CentOS 5 setup for LAMP and ISPconfig configuration script:

  1. Go to the Addon files for Centos 5 LAMP and ISPConfig setup article to retrieve the script and related files.
  2. Upload copies of the script and related files to the /root/ directory on your VPS.
    • - The script
    • yum.conf - yum configuration file
    • proftpd - ProFTPd script
  3. SSH to your VPS and log in as the root user.
  4. Enter cd ~ to switch to the /root/ directory on your VPS.
  5. Edit the to include your configuration parameters and passwords for use throughout the installation process.
  6. Enter chmod 700 to set the executable bit for the script.
  7. Enter ./centos5_vps4_install_v1.2 to execute the installation script.
  8. Follow the instructions presented during script execution.
  9. Upon successful completion, the script it will erase itself for security reasons - before erasing itself, the script will write any configuration variables which were specified (excepting your passwords) to the /root/my_install_environment.txt file for future reference.

Installing ISPconfig

Your VPS is now ready to complete the installation of ISPconfig. Proceed to the ISPconfig installation manual for further instructions.

Retrieved from ""
Recent Changes | RSS RSS Feed