Differences

This shows you the differences between two versions of the page.

--- amber_replacment [2018/06/28 23:03]
SLUUG Administration [Source media or media image]
+++ amber_replacment [2024/03/20 21:22]
SLUUG Administration [Critical Services]
@@ Line 21: / Line 21: @@
   * DNS
   * [[Email]]
+  * [[bock-2018-spamassassin|SpamAssassin]]
+  * [[Fail2Ban]]
   * Lists
 ====DNS====
-master DNS zone but Bud will be in public zone
-transfer service to Bind from ?
-====Email====
-==== Postfix ====
-=== Completed 180627 ===
-  * Finished mysql configuration of postfix
-  * Connected smtp & smtpd to sluug.org wildcard cert
-  * Disabled postgrey
-  * All other filters already disabled
-=== ToDo ===
-  * Verify postfixadmin before cutover
+  * master DNS zone is on Bock but NOT published as NS.
-  * Setup and enable postgrey
+  * Public DNS is provided via BuddyNS [.org], for which SLUUG contributes a few bucks a year.
-  * Setup and enable SpamAssassin or rspamd
-  * Setup and enable clamav
-  * Setup and enable Amavisd?
-  * Change PLAIN login method to TLS??
-    (require TLS connection before sending password)
 ====Lists====
@@ Line 60: / Line 40: @@
 ==== Let's Encrypt ====
+<code>
   * certbot from github is curreent, required for wildcard certs
   * Install requires dev libraries for headers:
@@ Line 74: / Line 54: @@
 _acme-challenge.sluug.org with the following value:
 EGAoTq2e_Cf8TwYV4EN7zBLNfdgHodgoy9yX_WaLrGY
 IMPORTANT NOTES:
@@ Line 124: / Line 106: @@
    Donating to ISRG / Let's Encrypt:   https://letsencrypt.org/donate
    Donating to EFF:                    https://eff.org/donate-le''
+   </code>
+==== Setting up SSL for web sites ====
+<code>
+To force port 80 traffic to port 443, replace the <VirtualHost *:80>
+stanza, leaving "ServerName" or "ServerAlias" lines intact.
+<VirtualHost *:80>
+         ServerName a.sluug.org
+         RewriteEngine on
+         RewriteCond %{SERVER_NAME} =a.sluug.org
+         RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI}
+[END,NE,R=permanent]
+</VirtualHost>
+To use certs, edit the <VirtualHost *:443> stanza that has the desired
+ServerName or ServerAlias line in it.  At the top of the stanza, add the
+following:
+         SSLEngine on
+         SSLCertificateFile /etc/letsencrypt/live/sluug.org/fullchain.pem
+         SSLCertificateKeyFile /etc/letsencrypt/live/sluug.org/privkey.pem
+         Include /etc/letsencrypt/options-ssl-apache.conf
+The following copy of wiki.sluug.org.conf is the perfect example of the
+smallest possible config file that incorporates both of these:
+VirtualHost *:80>
+         ServerName wiki.sluug.org
+         RewriteEngine on
+         RewriteCond %{SERVER_NAME} =wiki.sluug.org
+         RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI}
+[END,NE,R=permanent]
+</VirtualHost>
+<VirtualHost *:443>
+         SSLEngine on
+         SSLCertificateFile /etc/letsencrypt/live/sluug.org/fullchain.pem
+         SSLCertificateKeyFile /etc/letsencrypt/live/sluug.org/privkey.pem
+         Include /etc/letsencrypt/options-ssl-apache.conf
+         ServerName wiki.sluug.org
+         UseCanonicalName On
+         DocumentRoot /srv/www/wiki.sluug.org/public
+         <Directory /srv/www/wiki.sluug.org/public>
+                 AllowOverride All
+                 Options FollowSymLinks MultiViews
+                 Order allow,deny
+                 Allow from all
+         </Directory>
+</VirtualHost>
+</code>
 ==== Misc packages installed ====

SLUUG Wiki

User Tools

Site Tools

Differences

Page Tools