Installation configuration

You will need to choose symbolic DNS addresses for web administration interface and client portal to complete the basic installation. Third level domains must be selected at least.
Take these as inspirations:

 

  • Admin interface: ispadmin.yourcompany.cz, admin.yourcompany.cz, administration.yourcompany.cz…
  • Client portal: klient.yourcompany.cz, client.yourcompany.cz, portal.yourcompany.cz, support.yourcompany.cz…

 

DNS records pointing to IP address of installed ISPadmin server must be created for selected symbolic addresses. These should usually be configured by your Internet provider, or you should be able to configure them yourself through your administration account (each provider has a different solution).

Set up domain names

If DNS records point correctly to your server, test them by ping. Then continue with system configuration.

 

ping admin.yourcompany.cz

 

PING to yourcompany.cz [81.0.237.137] - 32 bytes of data:
...
Ping statistics for 81.0.237.137:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss)

 

Let´s assume that IP address of your server is 10.0.0.1, translated to public IP 81.0.237.137. DNS records point to IP 81.0.237.137, and server IP address is 10.0.0.1

 

Enter server name into /etc/hostname: admin

 

pico -w /etc/hostname

 

Enter IP address and hostname into /etc/hosts like this: 10.0.0.1 admin.yourcompany.cz klient.yourcompany.cz admin klient

 

pico -w /etc/hosts

 

Modified marked address in /etc/apache2/httpd.conf so that the file looks like this:

 

pico -w /etc/apache2/httpd.conf

 

#Listen 81 ### comment port 81 at the beginning
#Listen 82
#Listen 84

options FollowSymLinks

#NameVirtualHost 10.0.0.1:80 ### modify address for virtual hosts for relevant ports
#NameVirtualHost 10.0.0.1:443

### ISP Admin
### modify domain name for unsecured access
ServerName admin.vasefirma.cz
DocumentRoot "/data/support_nossl/"


## ISP Admin SSL

ServerName admin.yourcompany.cz
DocumentRoot "/data/support/ispadmin/"
AddDefaultCharset UTF-8

Options ExecCGI
AllowOverride All

CustomLog /var/log/apache2/access_support_ispadmin.log combined
AddType application/x-httpd-php .php .php3 .php4
php_admin_value open_basedir "/data/support/:/tmp/:/data/:/usr/local/script/ispadmin/:/data/backup/"
php_admin_value include_path ".:/usr/local/lib/php/:/tmp/:/data/support/:/usr/local/script/ispadmin/"
php_admin_value disable_functions "openlog, exec, passthru, proc_open, proc_close, shell_exec"
php_admin_value display_errors "On"
php_admin_value safe_mode "Off"
php_admin_value safe_mode_exec_dir "/usr/local/script/ispadmin/"
php_admin_value safe_mode_allowed_env_vars none
php_admin_value safe_mode_include_dir ".:/usr/local/lib/php/:/tmp/:/data/support/:/usr/local/script/ispadmin/" php_admin_value register_globals "On"
php_admin_value sendmail_path "/usr/sbin/sendmail -t -i -f This email address is being protected from spambots. You need JavaScript enabled to view it."

SSLEngine on
SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
SSLCertificateFile /etc/httpd/conf/cert/server.crt
SSLCertificateKeyFile /etc/httpd/conf/cert/server.key
SSLCertificateChainFile /etc/httpd/conf/cert/ca.crt
SetEnvIf User-Agent ".*MSIE.*" \
nokeepalive ssl-unclean-shutdown \
downgrade-1.0 force-response-1.0


#### ISP Admin support
#
# DocumentRoot "/data/support_nossl/"
#

## ISP Admin support SSL

ServerName klient.yourcompany.cz
DocumentRoot "/data/support/ispadmin/new/www/clientinterface/"
AddDefaultCharset UTF-8

Options ExecCGI
AllowOverride All

CustomLog /var/log/apache2/access_support_ispadmin_support.log combined
AddType application/x-httpd-php .php .php3 .php4
php_admin_value open_basedir "/data/support/ispadmin/:/tmp/:/usr/local/script/ispadmin/"
php_admin_value include_path ".:/usr/local/lib/php/"
php_admin_value disable_functions "openlog, exec, passthru, proc_open, proc_close, shell_exec"
php_admin_value display_errors "On"
php_admin_value safe_mode "Off"
php_admin_value register_globals "On"

# SSLEngine on
# SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
# SSLCertificateFile /etc/httpd/conf/cert/server.crt
# SSLCertificateKeyFile /etc/httpd/conf/cert/server.key
# SSLCertificateChainFile /etc/httpd/conf/cert/ca.crt
# SetEnvIf User-Agent ".*MSIE.*" \
# nokeepalive ssl-unclean-shutdown \
# downgrade-1.0 force-response-1.0



Options ExecCGI FollowSymLinks
AllowOverride None



Options ExecCGI
AllowOverride All


include /usr/local/script/ispadmin/apache_ispadmin_vhost.conf

Further steps to be made:

Password setup

We strongly recommend to follow the principles of so called strong passwords. This way you will greatly reduce the possibility of compromising the system, database, even the application itself.

alert icon Do not use ISPadmin with default passwords included in the installation!

An example: Suppose you want an easy to remember password, which meets the requirements for a strong password: it contains both uppercase and lowercase letters, numbers and special characters, and is at least 8 characters long.

 

Weak password: frantavomacka

 

The transformation of a weak password into a strong one:

 

1)You put uppercase letters instead of some lowercase ones - this way you will meet the condition of uppercase and lowercase letters.
2)Replace "o" with "0", "i" or "l” with "1" or use a few numbers at the end of the password - this way you will meet the condition of numbers presence in a password.
3)Replace "a" with "@" or between words frantavomacka you will use the underscore sign "_" - this way you will meet the condition of special character in a password.

 

Strong password: Fr@nta_V0macka957

 

Change default SQL database passwords; you can use help:

 

/usr/local/script/ispadmin/ispadmin_change_pass.pl

 

Change of default password for user SQL DB "ispadmin":

 

/usr/local/script/ispadmin/ispadmin_change_pass.pl ispadmin ispadmin new_password

 

Change of default password for user SQL DB "root":

 

/usr/local/script/ispadmin/ispadmin_change_pass.pl mysql_root ispadmin new_password

 

Also, change root password for access to Linux via SSH:

 

passwd root

 

You don´t have to be afraid about it. If you accidentally change the password and forget it, contact our technical support. There is no need to reinstall the system.

Now restart the server again with reboot to apply all changes in the system.

 

reboot

 

When the system is restarted, log into web interface using default data (user: admin, password: ispadmin) and change system administrator password - admin - in Settings Administrators Administrators to a new, more secure one following rules for strong passwords.

Licence activation

For full use of ISPadmin you need to purchase and activate licence for certain amount of clients.

Update to latest stable version

If you have configured your installation correctly, run a command to update to the latest stable version of ISPadmin.

System security

To prevent server attacks, you have to configure firewall for ISPadmin. If you wish to access the server remotely, you will need to define the appropriate firewall rules to allow traffic via SSH and other protocols only from strictly necessary IP addresses (networks). To do so, go to Settings System Settings Security where you enable SSH access for administrator devices only, or directly for your network only.

Backups

A must; no doubt it belongs among first steps during implementation. It is important to realize that the entire business of your ISP company will now be dependent on the availability of ISPadmin. System recovery from a backup can be performed in tens of minutes, which is absolutely crucial for a company providing connectivity to hundreds of homes and dozens of companies in case of a sudden system failure.
Please do not underestimate the importance of backups.

CONTACT

NET service solution, s.r.o.
Žerotínova 3056/81a
787 01 Šumperk
Czech Republic
  +420 588 887 777
  support@ispadmin.eu
  wiki@ispadmin.eu
  sales@ispadmin.eu