This shows you the differences between two versions of the page.
Both sides previous revision Previous revision Next revision | Previous revision | ||
amber_replacment [2018/07/02 10:48] SLUUG Administration [Postfix] |
amber_replacment [2024/03/20 21:27] (current) SLUUG Administration [Lists] |
||
---|---|---|---|
Line 21: | Line 21: | ||
* DNS | * DNS | ||
* [[Email]] | * [[Email]] | ||
+ | * [[bock-2018-spamassassin|SpamAssassin]] | ||
+ | * [[Fail2Ban]] | ||
* Lists | * Lists | ||
- | |||
====DNS==== | ====DNS==== | ||
- | master DNS zone but Bud will be in public zone | ||
- | transfer service to Bind from ? | ||
- | |||
- | ====Email==== | ||
- | |||
- | ==== Postfix ==== | ||
- | |||
- | === Completed 2018-06-27 === | ||
- | |||
- | * Finished mysql configuration of postfix | ||
- | * Connected smtp & smtpd to sluug.org wildcard cert | ||
- | * Disabled postgrey | ||
- | * All other filters already disabled | ||
- | * Verify postfixadmin before cutover | ||
- | * PLAIN login method changed to TLS | ||
- | * (requires TLS connection before sending password) | ||
- | | ||
- | === Email system testing successful 2018-06-28 === | ||
- | |||
- | === ToDo === | ||
- | |||
- | * Configure maildir for new users in postfixadmin | ||
- | * Setup and enable postgrey | ||
- | * Setup and enable SpamAssassin or rspamd | ||
- | * Setup and enable clamav | ||
- | * Setup and enable Amavisd? | ||
- | * Setup and configure Webalizer | ||
+ | * master DNS zone is on Bock but NOT published as NS. | ||
+ | * Public DNS is provided via BuddyNS [.org], for which SLUUG contributes a few bucks a year. | ||
- | |||
====Lists==== | ====Lists==== | ||
Line 59: | Line 34: | ||
[[Security Notes]] | [[Security Notes]] | ||
+ | [[bock-2018-mailman|Mailman Migration]] | ||
==== Apache configuration ==== | ==== Apache configuration ==== | ||
Line 133: | Line 109: | ||
</code> | </code> | ||
+ | |||
+ | ==== Setting up SSL for web sites ==== | ||
+ | |||
+ | <code> | ||
+ | |||
+ | To force port 80 traffic to port 443, replace the <VirtualHost *:80> | ||
+ | stanza, leaving "ServerName" or "ServerAlias" lines intact. | ||
+ | |||
+ | <VirtualHost *:80> | ||
+ | ServerName a.sluug.org | ||
+ | |||
+ | RewriteEngine on | ||
+ | RewriteCond %{SERVER_NAME} =a.sluug.org | ||
+ | RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} | ||
+ | [END,NE,R=permanent] | ||
+ | |||
+ | </VirtualHost> | ||
+ | |||
+ | |||
+ | To use certs, edit the <VirtualHost *:443> stanza that has the desired | ||
+ | ServerName or ServerAlias line in it. At the top of the stanza, add the | ||
+ | following: | ||
+ | |||
+ | SSLEngine on | ||
+ | SSLCertificateFile /etc/letsencrypt/live/sluug.org/fullchain.pem | ||
+ | SSLCertificateKeyFile /etc/letsencrypt/live/sluug.org/privkey.pem | ||
+ | Include /etc/letsencrypt/options-ssl-apache.conf | ||
+ | |||
+ | |||
+ | The following copy of wiki.sluug.org.conf is the perfect example of the | ||
+ | smallest possible config file that incorporates both of these: | ||
+ | |||
+ | VirtualHost *:80> | ||
+ | ServerName wiki.sluug.org | ||
+ | RewriteEngine on | ||
+ | RewriteCond %{SERVER_NAME} =wiki.sluug.org | ||
+ | RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} | ||
+ | [END,NE,R=permanent] | ||
+ | </VirtualHost> | ||
+ | |||
+ | <VirtualHost *:443> | ||
+ | SSLEngine on | ||
+ | SSLCertificateFile /etc/letsencrypt/live/sluug.org/fullchain.pem | ||
+ | SSLCertificateKeyFile /etc/letsencrypt/live/sluug.org/privkey.pem | ||
+ | Include /etc/letsencrypt/options-ssl-apache.conf | ||
+ | |||
+ | ServerName wiki.sluug.org | ||
+ | UseCanonicalName On | ||
+ | DocumentRoot /srv/www/wiki.sluug.org/public | ||
+ | <Directory /srv/www/wiki.sluug.org/public> | ||
+ | AllowOverride All | ||
+ | Options FollowSymLinks MultiViews | ||
+ | Order allow,deny | ||
+ | Allow from all | ||
+ | </Directory> | ||
+ | </VirtualHost> | ||
+ | |||
+ | </code> | ||
==== Misc packages installed ==== | ==== Misc packages installed ==== |