Kita sekarang bahas masalah ISPCONFIG di ubuntu
ISPConfig adalah salah satu control panel GRATIS yang banyak dipakai. Mengapa? Setidaknya ada beberapa alasan:
- ISPConfig sampai saat ini masih dikembangkan. Banyak control panel gratis yang saat ini sudah berhenti berkembang
- ISPConfig fokus pada web hosting dibandingkan dengan
Webmin/Virtualmin yang lebih general. Sehingga ISPConfig lebih sederhana
dan memuat fitur-fitur web hosting, misal: reseller account
Kebutuhan program sebelum ISPConfig. Berikut ini adalah program yang diperlukan sebelum anda install ISPConfig:
Pertama
yang mesti anda lakukan adalah membuat password ROOT, karena ubuntu secara
default tidak membuat password ROOT dia hanya membuat password user..
Ketikan
di bawah ini :
Code
:
sudo su
passwd
root à
passwordroot
Install
The SSH Server (Optional)
Karena server biasanya tidak menggunakan GUI maka dari itu
kita buat SSH Server agar kita bisa meremote server menggukan shell lewat
putty.
aptitude
install ssh openssh-server
Install
vim-nox (Optional)
Saya menggunakan vi sebagai editor teks saya dalam tutorial ini. Program
default vi memiliki beberapa perilaku aneh pada Ubuntu dan Debian, untuk memperbaiki hal ini, kita akan
menginstal vim-nox:
aptitude install vim-nox
Setting
Network Interface
Kita
buat Ip Address server kita static maka Edit/etc/network/interfaces
vi /etc/network/interfaces
# This file describes the network interfaces available on
your system
# and how to activate them. For more information, see
interfaces(5).
# The loopback network interface
auto lo
iface lo inet loopback
# The primary network interface
auto eth0
iface eth0 inet static
address 192.168.0.100
netmask 255.255.255.0
network 192.168.0.0
broadcast 192.168.0.255
gateway 192.168.0.1
|
Lalu
restart lah Network Interface anda
/etc/init.d/networking restart
kemudian
edit /etc/hosts.
vi
/etc/hosts
127.0.0.1 localhost.localdomain localhost
192.168.0.100 server1.example.com server1
# The following lines are desirable for IPv6 capable hosts
::1 localhost ip6-localhost ip6-loopback
fe00::0 ip6-localnet
ff00::0 ip6-mcastprefix
ff02::1 ip6-allnodes
ff02::2 ip6-allrouters
|
Lalu jalankan dengan perintah
echo server1.example.com >
/etc/hostname /etc/init.d/hostname restart
untuk
melihat sudah jalan atau belum ketik perintah
hostname hostname -f
maka akan terlihat server1.example.com
Edit
/etc/apt/sources.list And Update Your Linux Installation
Edit /etc/apt/sources.list. Comment out or
remove the installation CD from the file and make sure that the universe and multiverse repositories are
enabled. It should look like this:
vi
/etc/apt/sources.list
# deb cdrom:[Ubuntu-Server 10.04 LTS _Lucid Lynx_ -
Release amd64 (20100427)]/ lucid main restricted
#deb cdrom:[Ubuntu-Server 10.04 LTS _Lucid Lynx_ - Release
amd64 (20100427)]/ lucid main restricted
# See http://help.ubuntu.com/community/UpgradeNotes for
how to upgrade to
# newer versions of the distribution.
deb http://de.archive.ubuntu.com/ubuntu/ lucid main
restricted
deb-src http://de.archive.ubuntu.com/ubuntu/ lucid main
restricted
## Major bug fix updates produced after the final release
of the
## distribution.
deb http://de.archive.ubuntu.com/ubuntu/ lucid-updates
main restricted
deb-src http://de.archive.ubuntu.com/ubuntu/ lucid-updates
main restricted
## N.B. software from this repository is ENTIRELY
UNSUPPORTED by the Ubuntu
## team. Also, please note that software in universe WILL
NOT receive any
## review or updates from the Ubuntu security team.
deb http://de.archive.ubuntu.com/ubuntu/ lucid universe
deb-src http://de.archive.ubuntu.com/ubuntu/ lucid
universe
deb http://de.archive.ubuntu.com/ubuntu/ lucid-updates
universe
deb-src http://de.archive.ubuntu.com/ubuntu/ lucid-updates
universe
## N.B. software from this repository is ENTIRELY
UNSUPPORTED by the Ubuntu
## team, and may not be under a free licence. Please
satisfy yourself as to
## your rights to use the software. Also, please note that
software in
## multiverse WILL NOT receive any review or updates from
the Ubuntu
## security team.
deb http://de.archive.ubuntu.com/ubuntu/ lucid multiverse
deb-src http://de.archive.ubuntu.com/ubuntu/ lucid
multiverse
deb http://de.archive.ubuntu.com/ubuntu/ lucid-updates
multiverse
deb-src http://de.archive.ubuntu.com/ubuntu/ lucid-updates
multiverse
## Uncomment the following two lines to add software from
the 'backports'
## repository.
## N.B. software from this repository may not have been
tested as
## extensively as that contained in the main release,
although it includes
## newer versions of some applications which may provide
useful features.
## Also, please note that software in backports WILL NOT
receive any review
## or updates from the Ubuntu security team.
# deb http://de.archive.ubuntu.com/ubuntu/ lucid-backports
main restricted universe multiverse
# deb-src http://de.archive.ubuntu.com/ubuntu/
lucid-backports main restricted universe multiverse
## Uncomment the following two lines to add software from
Canonical's
## 'partner' repository.
## This software is not part of Ubuntu, but is offered by
Canonical and the
## respective vendors as a service to Ubuntu users.
# deb http://archive.canonical.com/ubuntu lucid partner
# deb-src http://archive.canonical.com/ubuntu lucid
partner
deb http://security.ubuntu.com/ubuntu lucid-security main
restricted
deb-src http://security.ubuntu.com/ubuntu lucid-security
main restricted
deb http://security.ubuntu.com/ubuntu lucid-security
universe
deb-src http://security.ubuntu.com/ubuntu lucid-security
universe
deb http://security.ubuntu.com/ubuntu lucid-security
multiverse
deb-src http://security.ubuntu.com/ubuntu lucid-security
multiverse
|
Lalu update lah mirror dengan perintah
aptitude
update
untuk mengupgrade nya ketikan
aptitude
safe-upgrade
setelah semua selesai make restart lah server anda.
reboot
/bin/sh
menjadi
/bin/dash, /bin/bash, bukan
/bin/dash.
dpkg-reconfigure dash
Install
dash as /bin/sh? <-- No
Apabila
anda tidak melakukan perintah ini maka instalasi ISPConfig akan gagal.
AppArmor
adalah ekstensi keamanan (mirip dengan SELinux) yang harus memberikan keamanan
diperpanjang. Menurut pendapat saya anda tidak membutuhkannya untuk
mengkonfigurasi sistem yang aman, dan biasanya menyebabkan lebih banyak masalah
dari pada keuntungan (menganggapnya setelah Anda melakukan satu minggu
pemecahan masalah karena beberapa layanan tidak bekerja seperti yang
diharapkan,dan kemudian Anda mengetahui bahwa semuanya ok, hanya AppArmor yang
menyebabkan masalah). Oleh karena itu saya menonaktifkan itu (ini adalah suatu
keharusan jika Anda ingin menginstal ISPConfig di kemudian hari). Kita dapat
menonaktifkannya seperti ini:
/etc/init.d/apparmor stop
update-rc.d -f apparmor remove aptitude remove apparmor apparmor-utils
Synchronize
System Clock
jam sistem dengan server(protokol
jaringan waktu) NTP
melalui Internet. cukup jalankan
aptitude install ntp ntpdate
saya lanjutkan menggunakan baha inggris
saja yah..
biar saya lebih mudah apabila ada
pertanyaan..
Install
Postfix, Courier, Saslauthd, MySQL, rkhunter, binutils
We can install Postfix, Courier, Saslauthd, MySQL, rkhunter,
and binutils with a single command:
aptitude
install postfix postfix-mysql postfix-doc mysql-client mysql-server
courier-authdaemon courier-authlib-mysql courier-pop courier-pop-ssl
courier-imap courier-imap-ssl libsasl2-2 libsasl2-modules libsasl2-modules-sql
sasl2-bin libpam-mysql openssl getmail4 rkhunter binutils maildrop
You will be asked the following questions:
New
password for the MySQL "root" user: <-- yourrootsqlpassword Repeat
password for the MySQL "root" user: <-- yourrootsqlpassword Create
directories for web-based administration? <-- No General
type of mail configuration: <-- Internet Site System
mail name:
<-- server1.example.com SSL
certificate required
<-- Ok
We want MySQL to listen on all
interfaces, not just localhost, therefore we edit /etc/mysql/my.cnf and comment out the
line bind-address = 127.0.0.1:
vi
/etc/mysql/my.cnf
[...]
# Instead of skip-networking the default is now to listen
only on
# localhost which is more compatible and is not less
secure.
#bind-address = 127.0.0.1
[...]
|
Then we restart MySQL:
/etc/init.d/mysql
restart
Now check that networking is enabled. Run
netstat
-tap | grep mysql
The output should look like this:
root@server1:~#
netstat -tap | grep mysql tcp 0 0 *:mysql *:* LISTEN 9732/mysqld
root@server1:~#
During the installation, the SSL
certificates for IMAP-SSL and POP3-SSL are created with the hostname localhost. To change this to
the correct hostname (server1.example.com in this tutorial),
delete the certificates...
cd
/etc/courier rm -f /etc/courier/imapd.pem rm -f /etc/courier/pop3d.pem
... and modify the following two files;
replace CN=localhost with CN=server1.example.com (you can also modify
the other values, if necessary):
vi
/etc/courier/imapd.cnf
[...]
CN=server1.example.com
[...]
|
vi
/etc/courier/pop3d.cnf
[...]
CN=server1.example.com
[...]
|
Then recreate the certificates...
mkimapdcert
mkpop3dcert
... and restart Courier-IMAP-SSL and Courier-POP3-SSL:
/etc/init.d/courier-imap-ssl
restart /etc/init.d/courier-pop-ssl restart
13
Install Amavisd-new, SpamAssassin, And Clamav
To install amavisd-new, SpamAssassin, and ClamAV, we run
aptitude
install amavisd-new spamassassin clamav clamav-daemon zoo unzip bzip2 arj
nomarch lzop cabextract apt-listchanges libnet-ldap-perl libauthen-sasl-perl
clamav-docs daemon libio-string-perl libio-socket-ssl-perl libnet-ident-perl
zip libnet-dns-perl
14
Install Apache2, PHP5, phpMyAdmin, FCGI, suExec, Pear, And mcrypt
Apache2, PHP5, phpMyAdmin, FCGI, suExec, Pear, and mcrypt
can be installed as follows:
aptitude
install apache2 apache2.2-common apache2-doc apache2-mpm-prefork apache2-utils
libexpat1 ssl-cert libapache2-mod-php5 php5 php5-common php5-gd php5-mysql
php5-imap phpmyadmin php5-cli php5-cgi libapache2-mod-fcgid apache2-suexec php-pear
php-auth php5-mcrypt mcrypt php5-imagick imagemagick libapache2-mod-suphp
libopenssl-ruby libapache2-mod-ruby
You will see the following question:
Web server
to reconfigure automatically: <-- apache2 Configure
database for phpmyadmin with dbconfig-common? <-- No
Then run the following command to
enable the Apache modules suexec, rewrite, ssl, actions, and include (plus dav, dav_fs, and auth_digest if you want to use
WebDAV):
a2enmod
suexec rewrite ssl actions include
a2enmod
dav_fs dav auth_digest
Restart Apache afterwards:
/etc/init.d/apache2
restart
15
Install PureFTPd And Quota
PureFTPd and quota can be installed with the following
command:
aptitude
install pure-ftpd-common pure-ftpd-mysql quota quotatool
Edit the file /etc/default/pure-ftpd-common...
vi
/etc/default/pure-ftpd-common
... and make sure that the start mode
is set to standalone and set VIRTUALCHROOT=true:
[...]
STANDALONE_OR_INETD=standalone
[...]
VIRTUALCHROOT=true
[...]
|
Then restart PureFTPd:
/etc/init.d/pure-ftpd-mysql
restart
Edit /etc/fstab. Mine looks like
this (I added ,usrjquota=aquota.user,grpjquota=aquota.group,jqfmt=vfsv0 to the partition
with the mount point /):
vi
/etc/fstab
# /etc/fstab: static file system information.
#
# Use 'blkid -o value -s UUID' to print the universally
unique identifier
# for a device; this may be used with UUID= as a more
robust way to name
# devices that works even if disks are added and removed.
See fstab(5).
#
#
proc /proc proc nodev,noexec,nosuid 0 0
/dev/mapper/server1-root / ext4 errors=remount-ro,usrjquota=aquota.user,grpjquota=aquota.group,jqfmt=vfsv0
0 1
# /boot was on /dev/sda1 during installation
UUID=9eef7b6b-5688-456c-8fe2-05ae739e3635 /boot ext2
defaults 0 2
/dev/mapper/server1-swap_1 none swap sw 0 0
/dev/fd0 /media/floppy0 auto rw,user,noauto,exec,utf8 0 0
|
To enable quota, run these commands:
touch
/aquota.user /aquota.group chmod 600 /aquota.* mount -o remount /
quotacheck
-avugm quotaon -avug
16
Install BIND DNS Server
BIND can be installed as follows:
aptitude
install bind9 dnsutils
17 Install Vlogger, Webalizer, And AWstats
Vlogger, webalizer, and AWstats can be installed as follows:
aptitude
install vlogger webalizer awstats geoip-database
cp -prf
/usr/share/doc/awstats/examples/awstats_buildstaticpages.pl
/usr/share/awstats/tools/awstats_buildstaticpages.pl
Jailkit is needed only if you want to
chroot SSH users. It can be installed as follows (important:
Jailkit must be installed before ISPConfig - it cannot be installed afterwards!):
aptitude
install build-essential autoconf automake1.9 libtool flex bison debhelper
cd /tmp
wget http://olivier.sessink.nl/jailkit/jailkit-2.11.tar.gz tar xvfz
jailkit-2.11.tar.gz cd jailkit-2.11 ./debian/rules binary cd .. dpkg -i
jailkit_2.11-1_*.deb rm -rf jailkit-2.11*
This is optional but recommended, because the ISPConfig
monitor tries to show the fail2ban log:
aptitude
install fail2ban
To install the SquirrelMail webmail client, run
aptitude
install squirrelmail
Then create the following symlink...
ln -s
/usr/share/squirrelmail/ /var/www/webmail
... and configure SquirrelMail:
squirrelmail-configure
We must tell SquirrelMail that we are using
Courier-IMAP/-POP3:
SquirrelMail
Configuration : Read: config.php (1.4.0)
--------------------------------------------------------- Main Menu -- 1.
Organization Preferences 2. Server Settings 3. Folder Defaults 4. General
Options 5. Themes 6. Address Books 7. Message of the Day (MOTD) 8. Plugins 9.
Database 10. Languages D. Set pre-defined settings for specific IMAP servers C
Turn color on S Save data Q Quit Command >> <-- D SquirrelMail
Configuration : Read: config.php
--------------------------------------------------------- While we have been building
SquirrelMail, we have discovered some preferences that work better with some
servers that don't work so well with others. If you select your IMAP server,
this option will set some pre-defined settings for that server. Please note
that you will still need to go through and make sure everything is correct.
This does not change everything. There are only a few settings that this will
change. Please select your IMAP server: bincimap = Binc IMAP server courier =
Courier IMAP server cyrus = Cyrus IMAP server dovecot = Dovecot Secure IMAP
server exchange = Microsoft Exchange IMAP server hmailserver = hMailServer
macosx = Mac OS X Mailserver mercury32 = Mercury/32 uw = University of
Washington's IMAP server gmail = IMAP access to Google mail (Gmail) accounts quit
= Do not change anything Command >> <-- courier SquirrelMail
Configuration : Read: config.php
--------------------------------------------------------- While we have been
building SquirrelMail, we have discovered some preferences that work better
with some servers that don't work so well with others. If you select your IMAP
server, this option will set some pre-defined settings for that server. Please
note that you will still need to go through and make sure everything is
correct. This does not change everything. There are only a few settings that
this will change. Please select your IMAP server: bincimap = Binc IMAP server
courier = Courier IMAP server cyrus = Cyrus IMAP server dovecot = Dovecot
Secure IMAP server exchange = Microsoft Exchange IMAP server hmailserver =
hMailServer macosx = Mac OS X Mailserver mercury32 = Mercury/32 uw = University
of Washington's IMAP server quit = Do not change anything Command >>
courier imap_server_type = courier default_folder_prefix = INBOX. trash_folder
= Trash sent_folder = Sent draft_folder = Drafts show_prefix_option = false
default_sub_of_inbox = false show_contain_subfolders_option = false
optional_delimiter = . delete_folder = true Press any key to continue... <--
ENTER
SquirrelMail Configuration : Read: config.php (1.4.0)
--------------------------------------------------------- Main Menu -- 1.
Organization Preferences 2. Server Settings 3. Folder Defaults 4. General
Options 5. Themes 6. Address Books 7. Message of the Day (MOTD) 8. Plugins 9.
Database 10. Languages D. Set pre-defined settings for specific IMAP servers C
Turn color on S Save data Q Quit Command >> <-- S SquirrelMail
Configuration : Read: config.php (1.4.0)
--------------------------------------------------------- Main Menu -- 1.
Organization Preferences 2. Server Settings 3. Folder Defaults 4. General
Options 5. Themes 6. Address Books 7. Message of the Day (MOTD) 8. Plugins 9.
Database 10. Languages D. Set pre-defined settings for specific IMAP servers C
Turn color on S Save data Q Quit Command >> S Data saved in config.php
Press enter to continue... <-- ENTER SquirrelMail Configuration : Read:
config.php (1.4.0) ---------------------------------------------------------
Main Menu -- 1. Organization Preferences 2. Server Settings 3. Folder Defaults
4. General Options 5. Themes 6. Address Books 7. Message of the Day (MOTD) 8.
Plugins 9. Database 10. Languages D. Set pre-defined settings for specific IMAP
servers C Turn color on S Save data Q Quit Command >> <-- Q
Afterwards you can access SquirrelMail
under http://server1.example.com/webmail or http://192.168.0.100/webmail:
To install ISPConfig 3 from the latest released version, do
this:
cd /tmp
wget
http://downloads.sourceforge.net/ispconfig/ISPConfig-3.0.2.1.tar.gz?use_mirror=
tar xvfz ISPConfig-3.0.2.1.tar.gz cd ispconfig3_install/install/
(Replace ISPConfig-3.0.2.1.tar.gz with the latest
version.)
The next step is to run
php -q
install.php
This
will start the ISPConfig 3 installer. The installer will configure all services
like postfix, sasl, courier, etc. for you. A manual setup as required for
ISPConfig 2 (perfect setup guides) is not nescessary.
root@server1:/tmp/ispconfig3_install/install#
php -q install.php PHP Deprecated: Comments starting
with '#' are deprecated in /etc/php5/cli/conf.d/imagick.ini on line 1 in
Unknown on line 0 PHP Deprecated: Comments starting
with '#' are deprecated in /etc/php5/cli/conf.d/imap.ini on line 1 in Unknown
on line 0 PHP Deprecated: Comments starting
with '#' are deprecated in /etc/php5/cli/conf.d/mcrypt.ini on line 1 in Unknown
on line 0 --------------------------------------------------------------------------------
_____
___________ _____ __ _ |_ _/ ___| ___ \ / __ \ / _(_)
| | \
`--.| |_/ / | / \/ ___ _ __ | |_ _ __ _ | | `--. \ __/ | | / _ \| '_ \| _|
|/ _` | _| |_/\__/ / | | \__/\ (_) | | | | |
| | (_| | \___/\____/\_| \____/\___/|_| |_|_|
|_|\__, | __/ |
|___/
--------------------------------------------------------------------------------
>>
Initial configuration Operating System: Debian Squeeze/Sid
or compatible Following will be a few questions
for primary configuration so be careful. Default values are in [brackets] and
can be accepted with . Tap in "quit" (without the
quotes) to stop the installer. Select language (en,de) [en]: <-- ENTER
Installation mode
(standard,expert) [standard]: <--
ENTER
Full qualified
hostname (FQDN) of the server, eg server1.domain.tld [server1.example.com]: <-- ENTER
MySQL server hostname
[localhost]:
<-- ENTER
MySQL root username
[root]:
<-- ENTER
MySQL root password
[]:
<-- yourrootsqlpassword MySQL database to create [dbispconfig]: <-- ENTER
MySQL charset [utf8]: <-- ENTER
Generating a 2048 bit
RSA private key ...............+++
............................+++
writing
new private key to 'smtpd.key' -----
You are
about to be asked to enter information that will be incorporated
into your
certificate request. What you are about to enter is what
is called a Distinguished Name or a DN. There are quite a few fields but you
can leave some blank For some fields there will be a
default value, If you enter '.', the field will be
left blank. -----
Country
Name (2 letter code) [AU]: <-- ENTER State or Province Name (full name)
[Some-State]:
<-- ENTER
Locality Name (eg,
city) []:
<-- ENTER
Organization Name (eg,
company) [Internet Widgits Pty Ltd]: <--
ENTER
Organizational Unit
Name (eg, section) []:
<-- ENTER
Common Name (eg, YOUR
name) []:
<-- ENTER
Email Address []: <-- ENTER
Configuring Jailkit
Configuring
SASL Configuring PAM
Configuring
Courier Configuring Spamassassin
Configuring
Amavisd Configuring Getmail
Configuring
Pureftpd Configuring BIND
Configuring
Apache Configuring vlogger
Configuring
Apps vhost Configuring Firewall
Installing
ISPConfig ISPConfig Port [8080]: <-- ENTER
Configuring DBServer
Installing
Crontab no crontab for root
no crontab
for getmail Restarting services ...
Rather
than invoking init scripts through /etc/init.d, use the service(8)
utility,
e.g. service mysql restart Since the script you are attempting
to invoke has been converted to an Upstart job, you may also use the
restart(8) utility, e.g. restart mysql mysql start/running, process 24840
* Stopping
Postfix Mail Transport Agent postfix ...done.
* Starting
Postfix Mail Transport Agent postfix ...done.
* Stopping
SASL Authentication Daemon saslauthd ...done.
* Starting
SASL Authentication Daemon saslauthd ...done.
Stopping
amavisd: amavisd-new. Starting amavisd: amavisd-new.
* Stopping
ClamAV daemon clamd ...done.
* Starting
ClamAV daemon clamd ...done.
* Stopping
Courier authentication services authdaemond
...done.
* Starting
Courier authentication services authdaemond
...done.
* Stopping
Courier IMAP server... ...done.
* Starting
Courier IMAP server... ...done.
* Stopping
Courier IMAP-SSL server... ...done.
* Starting
Courier IMAP-SSL server... ...done.
* Stopping
Courier POP3 server... ...done.
* Starting
Courier POP3 server... ...done.
* Stopping
Courier POP3-SSL server... ...done.
* Starting
Courier POP3-SSL server... ...done.
*
Restarting web server apache2 ... waiting .. ...done.
Restarting
ftp server: Running: /usr/sbin/pure-ftpd-mysql-virtualchroot -l
mysql:/etc/pure-ftpd/db/mysql.conf -l pam -H -E -b -O clf:/var/log/pure-ftpd/transfer.log
-8 UTF-8 -u 1000 -A -B Installation completed.
root@server1:/tmp/ispconfig3_install/install#
The
installer automatically configures all underlying services, so no manual
configuration is needed.
Afterwards
you can access ISPConfig 3 under http://server1.example.com:8080/
or
http://192.168.0.100:8080/. Log in with the
username admin and the password
admin(you should change
the default password after your first login):
The
system is now ready to be used.
On
nearly 300 pages, it covers the concept behind ISPConfig (admin, resellers,
clients), explains how to install and update ISPConfig 3, includes a reference
for all forms and form fields in ISPConfig together with examples of valid
inputs, and provides tutorials for the most common tasks in ISPConfig 3. It
also lines out how to make your server more secure and comes with a
troubleshooting section at the end.
If
the Ubuntu server that you've just set up in this tutorial is an OpenVZ
container (virtual machine), you should do this on the
host system (I'm assuming that the ID of the OpenVZ
container is 101 - replace it with the correct
VPSID
on
your system):
VPSID=101 for CAP in CHOWN
DAC_READ_SEARCH SETGID SETUID NET_BIND_SERVICE NET_ADMIN SYS_CHROOT SYS_NICE
CHOWN DAC_READ_SEARCH SETGID SETUID NET_BIND_SERVICE NET_ADMIN SYS_CHROOT
SYS_NICE do vzctl set $VPSID --capability ${CAP}:on --save done
download program manual di http://www.ispconfig.org
ref: http://anjas-nugraha.blogspot.com/2012/04/setup-ispconfig-on-ubuntu-1004.html