Differences

This shows you the differences between two versions of the page.

--- amber_replacment [2018/06/27 22:07]
SLUUG Administration [Postfix]
+++ amber_replacment [2024/03/20 21:27] (current)
SLUUG Administration [Lists]
@@ Line 9: / Line 9: @@
 ==== Source media or media image ====
+  * Standard Debian 9
 ==== Installation method ====
@@ Line 19: / Line 21: @@
   * DNS
   * [[Email]]
+  * [[bock-2018-spamassassin|SpamAssassin]]
+  * [[Fail2Ban]]
   * Lists
 ====DNS====
-master DNS zone but Bud will be in public zone
-transfer service to Bind from ?
-====Email====
+  * master DNS zone is on Bock but NOT published as NS.
+  * Public DNS is provided via BuddyNS [.org], for which SLUUG contributes a few bucks a year.
-==== Postfix ====
-=== Completed 180627 ===
-  * Finished mysql configuration of postfix
-  * Connected smtp & smtpd to sluug.org wildcard cert
-  * Disabled postgrey
-  * All other filters already disabled
-=== ToDo ===
-  * Setup and enable postgrey
-  * Setup and enable SpamAssassin or rspamd
-  * Setup and enable clamav
-  * Setup and enable Amavisd?
-  * Change PLAIN login method to TLS??
-    (require TLS connection before sending password)
 ====Lists====
@@ Line 51: / Line 34: @@
 [[Security Notes]]
+[[bock-2018-mailman|Mailman Migration]]
 ==== Apache configuration ====
@@ Line 57: / Line 41: @@
 ==== Let's Encrypt ====
+<code>
   * certbot from github is curreent, required for wildcard certs
   * Install requires dev libraries for headers:
@@ Line 71: / Line 55: @@
 _acme-challenge.sluug.org with the following value:
 EGAoTq2e_Cf8TwYV4EN7zBLNfdgHodgoy9yX_WaLrGY
 IMPORTANT NOTES:
@@ Line 121: / Line 107: @@
    Donating to ISRG / Let's Encrypt:   https://letsencrypt.org/donate
    Donating to EFF:                    https://eff.org/donate-le''
+   </code>
+==== Setting up SSL for web sites ====
+<code>
+To force port 80 traffic to port 443, replace the <VirtualHost *:80>
+stanza, leaving "ServerName" or "ServerAlias" lines intact.
+<VirtualHost *:80>
+         ServerName a.sluug.org
+         RewriteEngine on
+         RewriteCond %{SERVER_NAME} =a.sluug.org
+         RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI}
+[END,NE,R=permanent]
+</VirtualHost>
+To use certs, edit the <VirtualHost *:443> stanza that has the desired
+ServerName or ServerAlias line in it.  At the top of the stanza, add the
+following:
+         SSLEngine on
+         SSLCertificateFile /etc/letsencrypt/live/sluug.org/fullchain.pem
+         SSLCertificateKeyFile /etc/letsencrypt/live/sluug.org/privkey.pem
+         Include /etc/letsencrypt/options-ssl-apache.conf
+The following copy of wiki.sluug.org.conf is the perfect example of the
+smallest possible config file that incorporates both of these:
+VirtualHost *:80>
+         ServerName wiki.sluug.org
+         RewriteEngine on
+         RewriteCond %{SERVER_NAME} =wiki.sluug.org
+         RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI}
+[END,NE,R=permanent]
+</VirtualHost>
+<VirtualHost *:443>
+         SSLEngine on
+         SSLCertificateFile /etc/letsencrypt/live/sluug.org/fullchain.pem
+         SSLCertificateKeyFile /etc/letsencrypt/live/sluug.org/privkey.pem
+         Include /etc/letsencrypt/options-ssl-apache.conf
+         ServerName wiki.sluug.org
+         UseCanonicalName On
+         DocumentRoot /srv/www/wiki.sluug.org/public
+         <Directory /srv/www/wiki.sluug.org/public>
+                 AllowOverride All
+                 Options FollowSymLinks MultiViews
+                 Order allow,deny
+                 Allow from all
+         </Directory>
+</VirtualHost>
+</code>
 ==== Misc packages installed ====

SLUUG Wiki

User Tools

Site Tools

Differences

Page Tools