Differences

This shows you the differences between two versions of the page.

--- amber_replacment [2018/07/11 15:32]
SLUUG Administration [DNS]
+++ amber_replacment [2024/03/20 21:27] (current)
SLUUG Administration [Lists]
@@ Line 21: / Line 21: @@
   * DNS
   * [[Email]]
+  * [[bock-2018-spamassassin|SpamAssassin]]
+  * [[Fail2Ban]]
   * Lists
 ====DNS====
   * master DNS zone is on Bock but NOT published as NS.
+  * Public DNS is provided via BuddyNS [.org], for which SLUUG contributes a few bucks a year.
-  * Public DNS is provided via BuddyNS [.org], for which SLUUG
-contributes a few bucks a year.
-====Email====
-==== Postfix ====
-=== Completed 2018-06-27 ===
-  * Finished mysql configuration of postfix
-  * Connected smtp & smtpd to sluug.org wildcard cert
-  * Disabled postgrey
-  * All other filters already disabled
-  * Verify postfixadmin before cutover
-  * PLAIN login method changed to TLS
-    * (requires TLS connection before sending password)
-=== Email system testing successful 2018-06-28 ===
-=== ToDo ===
-  * Configure maildir for new users in postfixadmin
-  * Setup and enable postgrey
-  * Setup and enable SpamAssassin or rspamd
-  * Setup and enable clamav
-  * Setup and enable Amavisd?
-  * Setup and configure Webalizer
 ====Lists====
@@ Line 61: / Line 34: @@
 [[Security Notes]]
+[[bock-2018-mailman|Mailman Migration]]
 ==== Apache configuration ====
@@ Line 135: / Line 109: @@
    </code>
+==== Setting up SSL for web sites ====
+<code>
+To force port 80 traffic to port 443, replace the <VirtualHost *:80>
+stanza, leaving "ServerName" or "ServerAlias" lines intact.
+<VirtualHost *:80>
+         ServerName a.sluug.org
+         RewriteEngine on
+         RewriteCond %{SERVER_NAME} =a.sluug.org
+         RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI}
+[END,NE,R=permanent]
+</VirtualHost>
+To use certs, edit the <VirtualHost *:443> stanza that has the desired
+ServerName or ServerAlias line in it.  At the top of the stanza, add the
+following:
+         SSLEngine on
+         SSLCertificateFile /etc/letsencrypt/live/sluug.org/fullchain.pem
+         SSLCertificateKeyFile /etc/letsencrypt/live/sluug.org/privkey.pem
+         Include /etc/letsencrypt/options-ssl-apache.conf
+The following copy of wiki.sluug.org.conf is the perfect example of the
+smallest possible config file that incorporates both of these:
+VirtualHost *:80>
+         ServerName wiki.sluug.org
+         RewriteEngine on
+         RewriteCond %{SERVER_NAME} =wiki.sluug.org
+         RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI}
+[END,NE,R=permanent]
+</VirtualHost>
+<VirtualHost *:443>
+         SSLEngine on
+         SSLCertificateFile /etc/letsencrypt/live/sluug.org/fullchain.pem
+         SSLCertificateKeyFile /etc/letsencrypt/live/sluug.org/privkey.pem
+         Include /etc/letsencrypt/options-ssl-apache.conf
+         ServerName wiki.sluug.org
+         UseCanonicalName On
+         DocumentRoot /srv/www/wiki.sluug.org/public
+         <Directory /srv/www/wiki.sluug.org/public>
+                 AllowOverride All
+                 Options FollowSymLinks MultiViews
+                 Order allow,deny
+                 Allow from all
+         </Directory>
+</VirtualHost>
+</code>
 ==== Misc packages installed ====

SLUUG Wiki

User Tools

Site Tools

Differences

Page Tools