Differences

This shows you the differences between two versions of the page.

--- amber_replacment [2018/07/02 10:36]
SLUUG Administration [Let's Encrypt]
+++ amber_replacment [2024/03/20 21:22]
SLUUG Administration [Critical Services]
@@ Line 21: / Line 21: @@
   * DNS
   * [[Email]]
+  * [[bock-2018-spamassassin|SpamAssassin]]
+  * [[Fail2Ban]]
   * Lists
 ====DNS====
-master DNS zone but Bud will be in public zone
-transfer service to Bind from ?
-====Email====
-==== Postfix ====
-=== Completed 180627 ===
-  * Finished mysql configuration of postfix
-  * Connected smtp & smtpd to sluug.org wildcard cert
-  * Disabled postgrey
-  * All other filters already disabled
-  * Verify postfixadmin before cutover
-  * PLAIN login method changed to TLS
-    * (requires TLS connection before sending password)
-=== Email system testing successful 180628 ===
-=== ToDo ===
-  * Configure maildir for new users in postfixadmin
-  * Setup and enable postgrey
-  * Setup and enable SpamAssassin or rspamd
-  * Setup and enable clamav
-  * Setup and enable Amavisd?
+  * master DNS zone is on Bock but NOT published as NS.
+  * Public DNS is provided via BuddyNS [.org], for which SLUUG contributes a few bucks a year.
 ====Lists====
@@ Line 132: / Line 108: @@
    </code>
+==== Setting up SSL for web sites ====
+<code>
+To force port 80 traffic to port 443, replace the <VirtualHost *:80>
+stanza, leaving "ServerName" or "ServerAlias" lines intact.
+<VirtualHost *:80>
+         ServerName a.sluug.org
+         RewriteEngine on
+         RewriteCond %{SERVER_NAME} =a.sluug.org
+         RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI}
+[END,NE,R=permanent]
+</VirtualHost>
+To use certs, edit the <VirtualHost *:443> stanza that has the desired
+ServerName or ServerAlias line in it.  At the top of the stanza, add the
+following:
+         SSLEngine on
+         SSLCertificateFile /etc/letsencrypt/live/sluug.org/fullchain.pem
+         SSLCertificateKeyFile /etc/letsencrypt/live/sluug.org/privkey.pem
+         Include /etc/letsencrypt/options-ssl-apache.conf
+The following copy of wiki.sluug.org.conf is the perfect example of the
+smallest possible config file that incorporates both of these:
+VirtualHost *:80>
+         ServerName wiki.sluug.org
+         RewriteEngine on
+         RewriteCond %{SERVER_NAME} =wiki.sluug.org
+         RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI}
+[END,NE,R=permanent]
+</VirtualHost>
+<VirtualHost *:443>
+         SSLEngine on
+         SSLCertificateFile /etc/letsencrypt/live/sluug.org/fullchain.pem
+         SSLCertificateKeyFile /etc/letsencrypt/live/sluug.org/privkey.pem
+         Include /etc/letsencrypt/options-ssl-apache.conf
+         ServerName wiki.sluug.org
+         UseCanonicalName On
+         DocumentRoot /srv/www/wiki.sluug.org/public
+         <Directory /srv/www/wiki.sluug.org/public>
+                 AllowOverride All
+                 Options FollowSymLinks MultiViews
+                 Order allow,deny
+                 Allow from all
+         </Directory>
+</VirtualHost>
+</code>
 ==== Misc packages installed ====

SLUUG Wiki

User Tools

Site Tools

Differences

Page Tools