amber_build
Differences
This shows you the differences between two versions of the page.
| Both sides previous revision Previous revision Next revision | Previous revision Last revision Both sides next revision | ||
|
amber_build [2011/05/31 16:30] SLUUG Administration [Apache] |
amber_build [2018/07/12 15:14] SLUUG Administration [Base OS Config] |
||
|---|---|---|---|
| Line 12: | Line 12: | ||
| selinux is disabled by 'echo 0 > /selinux/enforce' | selinux is disabled by 'echo 0 > /selinux/enforce' | ||
| - | FIXME There is an admin panel to access the VM. We need to document it. | + | Admin control is not publically available; contact the BatCave crew for questions (Lee, Chuck, Steve, Don). |
| ===== Apache ===== | ===== Apache ===== | ||
| Line 24: | Line 24: | ||
| # cd /etc/pki/tls/certs | # cd /etc/pki/tls/certs | ||
| - | # make sluug.pem - notice we specified *.sluug.org to give ourselves a wildcard cert for the entire domain! | + | # make apache.pem |
| Country Name (2 letter code) [GB]:US | Country Name (2 letter code) [GB]:US | ||
| Line 36: | Line 36: | ||
| Organizational Unit Name (eg, section) []:Admin Team | Organizational Unit Name (eg, section) []:Admin Team | ||
| - | Common Name (eg, your name or your server's hostname) []:*.sluug.org | + | Common Name (eg, your name or your server's hostname) []:amber.sluug.org |
| Email Address []:sysadmin@sluug.org | Email Address []:sysadmin@sluug.org | ||
| Line 57: | Line 57: | ||
| to | to | ||
| - | ''<VirtualHost *>'' | + | ''<VirtualHost amber.sluug.org:443>'' |
| Then we restarted apache. | Then we restarted apache. | ||
| - | We now have https available for anything in the sluug.org domain. | + | |
| ===== PHP ===== | ===== PHP ===== | ||
| PHP didn't require much configuration. We just did: | PHP didn't require much configuration. We just did: | ||
| Line 72: | Line 72: | ||
| ''# yum install mysql mysql-server'' | ''# yum install mysql mysql-server'' | ||
| + | |||
| ''# mysql_secure_installation'' | ''# mysql_secure_installation'' | ||
| Line 269: | Line 270: | ||
| virtual_transport = virtual | virtual_transport = virtual | ||
| </code> | </code> | ||
| + | |||
| + | Also in /etc/postfix/main.cf, add or uncomment line "recipient_delimiter = +". This specifies the separator between user names and address extensions (user+foo). | ||
| + | |||
| + | Also in /etc/postfix/main.cf, add "disable_vrfy_command=yes". Disable VRFY....From Jeff's presentation. | ||
| Now, edit the mapping files. **IMPORTANT: These files contain database passwords! They need to be root:postfix 640!** | Now, edit the mapping files. **IMPORTANT: These files contain database passwords! They need to be root:postfix 640!** | ||
| Line 341: | Line 346: | ||
| * Uncomment $MYHOME,$helpers_home,$lock_file,$pid_file | * Uncomment $MYHOME,$helpers_home,$lock_file,$pid_file | ||
| * Uncomment the clamav block in amavisd.conf. Make sure the path to the socket is /var/run/clamav/clamd.sock (must match the LocalSocket setting in clamd.conf) | * Uncomment the clamav block in amavisd.conf. Make sure the path to the socket is /var/run/clamav/clamd.sock (must match the LocalSocket setting in clamd.conf) | ||
| + | * Change setting $sa_tag_level_deflt to -9999 instead of 2.0. This means the SpamAssassin score headers are added to all mail. | ||
| + | * Uncomment the sample $final_spam_destiny line and change the value from D_PASS to D_DISCARD. Due to the default changing from bounce to pass. | ||
| + | * Try to be a little more lenient on mail relayed by our users. Add "spam_kill_level_maps => [10.0]," to the "$policy_bank{'ORIGINATING'}" section. | ||
| Append the following to /etc/postfix/master.cf: | Append the following to /etc/postfix/master.cf: | ||
| Line 398: | Line 405: | ||
| * courier-authlib-devel | * courier-authlib-devel | ||
| - | As an unprivilged user, do: | + | As an unprivileged user, do: |
| <code> | <code> | ||
| mkdir $HOME/rpm | mkdir $HOME/rpm | ||
| Line 470: | Line 477: | ||
| Mailman wouldn't start because the mailman list was missing. | Mailman wouldn't start because the mailman list was missing. | ||
| - | FIXME Did someone rsync over lists from bud? What happened in this step? | + | FIXME Did someone rsync over lists from bud? What happened in this step? It should have been lists/, data/, archives/, followed by /usr/local/mailman/bin/genaliases. |
| + | See [[build:lists|MailMan]] for configuration files and options, | ||
| + | including Apache. | ||
| ===== Webmail===== | ===== Webmail===== | ||
| + | We have installed roundcube as our [[build:webmail|Webmail]] tool. | ||
amber_build.txt · Last modified: 2018/07/12 15:16 by SLUUG Administration
Page Tools
Except where otherwise noted, content on this wiki is licensed under the following license: CC Attribution-Share Alike 4.0 International
