kevin/server-configs
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity
No description
100 commits 1 branch 0 tags 188 KiB
  • Shell 100%
Find a file
Exact
Kevin MacMartin 5791414b28 Update the mariadb instructions, and simplify service start + enabling
2026-03-17 18:14:13 -04:00
amavisd Add spam management to the email configs 2021-05-30 15:19:42 -04:00
dovecot Add the newly required ssl_dh stuff to dovecot 2018-03-23 15:02:51 -04:00
nginx Update the ssl stuff from mozilla 2025-03-17 11:38:32 -04:00
opendkim Update the mail server config to include the missing pieces to avoid getting detected as spam 2017-01-23 00:14:19 -05:00
pam.d Update the pam.d dovecot file to meet the requirements of the latest pambase 2019-02-10 14:35:50 -05:00
php Update php.ini with the latest 2025-12-08 13:20:17 -05:00
postfix Filter private sender information out of sent emails 2024-09-26 22:44:39 -04:00
root Use --nginx instead of specifying the webroot since we're expecting nginx to be running either way 2018-10-01 23:42:12 -04:00
skel Include the .procmail directory in the Mail archive 2018-10-09 22:45:10 -04:00
systemd/system Add spam management to the email configs 2021-05-30 15:19:42 -04:00
procmailrc Update procmailrc so it redirects spam to a spam folder 2021-06-02 21:39:16 -04:00
README.md Update the mariadb instructions, and simplify service start + enabling 2026-03-17 18:14:13 -04:00

README.md

Base Config

Notes:

  1. The Mail Server requires SSL certificates
  2. Occurrences of REPLACEME.TLD without comments stating otherwise should have the FQDN substituted for it
  3. Occurrences of REPLACEME without comments stating otherwise should have the FQDN without the TLD substituted for it

Swap File

  1. Run dd if=/dev/zero of=/swapfile bs=1M count=2048 then chmod 600 /swapfile followed by mkswap /swapfile and swapon /swapfile
  2. Set the system up to mount the swap file at boot by adding /swapfile none swap defaults 0 0 to the bottom of /etc/fstab

Web Server

Package Requirements for Web Server

composer nginx php php-fpm php-gd php-intl php-memcached php-geoip geoip-database geoip-database-extra memcached mariadb npm certbot certbot-nginx

Folders for Web Server

nginx php systemd

Setup Instructions for Web Server

  1. Install the packages in the Package Requirements above
  2. Copy the folders above that aren't already configured to their equivalent location in /etc
  3. In /etc/nginx/sites-available/REPLACEME.TLD.conf and /root/letsencrypt.sh
  4. Rename /etc/nginx/sites-available/REPLACEME.TLD.conf
  5. Add your site files to /srv/http/REPLACEME.TLD where public assets are located in /srv/http/REPLACEME.TLD/public
  6. Create a symlink from /etc/nginx/sites-available/REPLACEME.tld.conf to /etc/nginx/sites-enabled/REPLACEME.tld.conf
  7. Run openssl dhparam -out /etc/nginx/dhparam.pem 4096 to generate the diffie-hellman parameter
  8. Run systemctl enable --now php-fpm nginx to start the web services and systemctl status php-fpm and systemctl status nginx to check for errors
  9. Ensure the public web directory exists, update the list of domains in /root/letsencrypt.sh and then run it to generate the SSL certificates
  10. Run systemctl enable --now certbot-renewal.timer to start and enable the auto-renewal process

MySQL Config

  1. Run mariadb-install-db --user=mysql --basedir=/usr --datadir=/var/lib/mysql
  2. Run systemctl enable --now mysqld to start mysqld and enable it at boot
  3. Run mariadb-secure-installation.
  4. Create a new password.
  5. Say yes to everything except "Switch to unix_socket authentication"
  6. In /etc/my.cnf.d/server.conf add bind-address = localhost under [mariadb]

Mail Server

Package Requirements for Mail Server

dovecot postfix procmail opendkim amavisd-new spamassassin unrar p7zip

Folders for Mail Server

amavisd dovecot pam.d postfix procmailrc skel systemd opendkim

Setup Instructions for Mail Server

  1. Install the packages in the Package Requirements above
  2. Copy the folders above that aren't already configured to their equivalent location in /etc
  3. Add an A DNS record for the FQDN and a hostname for the server
  4. Set the hostname of the server with hostnamectl set-hostname SOMETHING.REPLACEME.TLD where SOMETHING is a unique name for the server and REPLACEME.TLD is the domain. This will be the server's new hostname.
  5. Add the hostname of the server to the end of the line starting with 127.0.0.1 in /etc/hosts
  6. In /etc/amavisd/amavisd.conf, /etc/dovecot/dovecot.conf and /etc/opendkim/opendkim.conf replace occurrences of REPLACEME.TLD with the domain, and occurrences of REPLACEME with the first part of the domain
  7. In /etc/postfix/main.cf replace SOMETHING.REPLACEME.TLD with the hostname of the server and REPLACEME.TLD with the domain
  8. Run opendkim-genkey -r -s REPLACEME -d REPLACEME.TLD where REPLACEME.TLD is the domain, and REPLACEME is the first part of the domain
  9. In /etc/postfix/aliases, replace the instance of REPLACEME with the user that should receive domain-level emails
  10. Run openssl dhparam -out /etc/dovecot/dh.pem 4096
  11. Run newaliases to update the aliases database with the contents of /etc/postfix/aliases
  12. Run sa-update to update spamassassin
  13. Run systemctl enable --now amavisd postfix dovecot opendkim to start and enable the mail services and systemctl status amavisd postfix dovecot opendkim to check for errors
  14. Create an MX DNS record for REPLACEME.TLD containing the hostname (REPLACEME.TLD can usually be left out of the input field)
  15. Create a TXT DNS record for the host REPLACEME._domainkey.REPLACEME.TLD containing v=DKIM1; k=rsa; s=email; p=PASSWORD, replacing the occurrence of REPLACEME with the first part of the domain, REPLACEME.TLD with the full domain, and PASSWORD with the string following p= in /etc/opendkim/REPLACEME.txt (REPLACEME.TLD can usually be left out of the input field)
  16. Create a TXT DNS record for the host REPLACEME.TLD containing v=spf1 mx -all (REPLACEME.TLD can usually be left out of the input field)
  17. Create a TXT DNS record for the host _dmarc.REPLACEME.TLD containing v=DMARC1; p=none (REPLACEME.TLD can usually be left out of the input field)
  18. Set the reverse DNS record for the VPS to the hostname
  19. Add postfix.service and dovecot.service to the ExecStartPost service reload in /etc/systemd/system/certbot-renewal.service and run systemctl daemon-reload

Add Accounts

  1. Create an account by running useradd -m -d /home/REPLACEME -s /bin/bash REPLACEME (replacing REPLACEME with the username associated with the mail account)
  2. Set the password by running passwd REPLACEME (replacing REPLACEME with the username associated with the mail account)