kevin/server-configs
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity
No description
97 commits 1 branch 0 tags 184 KiB
Find a file
Exact
Kevin MacMartin 6c300c194a Update the ssl stuff from mozilla
2025-03-17 11:38:32 -04:00
amavisd Add spam management to the email configs 2021-05-30 15:19:42 -04:00
dovecot Add the newly required ssl_dh stuff to dovecot 2018-03-23 15:02:51 -04:00
nginx Update the ssl stuff from mozilla 2025-03-17 11:38:32 -04:00
opendkim Update the mail server config to include the missing pieces to avoid getting detected as spam 2017-01-23 00:14:19 -05:00
pam.d Update the pam.d dovecot file to meet the requirements of the latest pambase 2019-02-10 14:35:50 -05:00
php Sync php.ini with the latest upstream 2025-02-17 11:43:36 -05:00
postfix Filter private sender information out of sent emails 2024-09-26 22:44:39 -04:00
root Use --nginx instead of specifying the webroot since we're expecting nginx to be running either way 2018-10-01 23:42:12 -04:00
skel Include the .procmail directory in the Mail archive 2018-10-09 22:45:10 -04:00
systemd/system Add spam management to the email configs 2021-05-30 15:19:42 -04:00
procmailrc Update procmailrc so it redirects spam to a spam folder 2021-06-02 21:39:16 -04:00
README.md Fix spelling mistakes in the readme 2023-04-21 14:13:37 -04:00

README.md

Base Config

Notes:

  1. The Mail Server requires SSL certificates
  2. Occurrences of REPLACEME.TLD without comments stating otherwise should have the FQDN substituted for it
  3. Occurrences of REPLACEME without comments stating otherwise should have the FQDN without the TLD substituted for it

Swap File

  1. Run dd if=/dev/zero of=/swapfile bs=1M count=2048 then chmod 600 /swapfile followed by mkswap /swapfile and swapon /swapfile
  2. Set the system up to mount the swap file at boot by adding /swapfile none swap defaults 0 0 to the bottom of /etc/fstab

Web Server

Package Requirements for Web Server

nginx php php-apcu-bc php-fpm php-composer php-gd php-imap php-intl php-memcached php-geoip geoip-database geoip-database-extra memcached mariadb npm certbot certbot-nginx

Folders for Web Server

nginx php systemd

Setup Instructions for Web Server

  1. Install the packages in the Package Requirements above
  2. Copy the folders above that aren't already configured to their equivalent location in /etc
  3. In /etc/nginx/sites-available/REPLACEME.TLD.conf and /root/letsencrypt.sh
  4. Rename /etc/nginx/sites-available/REPLACEME.TLD.conf
  5. Add your site files to /srv/http/REPLACEME.TLD where public assets are located in /srv/http/REPLACEME.TLD/public
  6. Create a symlink from /etc/nginx/sites-available/REPLACEME.tld.conf to /etc/nginx/sites-enabled/REPLACEME.tld.conf
  7. Run openssl dhparam -out /etc/nginx/dhparam.pem 4096 to generate the diffie-hellman parameter
  8. Run systemctl start php-fpm nginx to start the web services and systemctl status php-fpm and systemctl status nginx to check for errors
  9. If there were no errors in the previous command, run systemctl enable php-fpm nginx to enable the web services at boot
  10. Ensure the public web directory exists, update the list of domains in /root/letsencrypt.sh and then run it to generate the SSL certificates
  11. Run systemctl start certbot-renewal.timer and systemctl enable certbot-renewal.timer to start and enable the auto-renewal process

MySQL Config

  1. Run mysql_install_db --user=mysql --basedir=/usr --datadir=/var/lib/mysql
  2. Run systemctl start mysqld and systemctl enable mysqld to start mysqld and enable it at boot
  3. Run mysql_secure_installation.
  4. Create a new password.
  5. Say yes to everything (e.g. "Remove anonymous users? Disallow root logging remotely? Remove test database and access to it? Reload privilege tables now?")

Mail Server

Package Requirements for Mail Server

dovecot postfix procmail opendkim amavisd-new spamassassin unrar p7zip

Folders for Mail Server

amavisd dovecot pam.d postfix procmailrc skel systemd opendkim

Setup Instructions for Mail Server

  1. Install the packages in the Package Requirements above
  2. Copy the folders above that aren't already configured to their equivalent location in /etc
  3. Add an A DNS record for the FQDN and a hostname for the server
  4. Set the hostname of the server with hostnamectl set-hostname SOMETHING.REPLACEME.TLD where SOMETHING is a unique name for the server and REPLACEME.TLD is the domain. This will be the server's new hostname.
  5. Add the hostname of the server to the end of the line starting with 127.0.0.1 in /etc/hosts
  6. In /etc/amavisd/amavisd.conf, /etc/dovecot/dovecot.conf and /etc/opendkim/opendkim.conf replace occurrences of REPLACEME.TLD with the domain, and occurrences of REPLACEME with the first part of the domain
  7. In /etc/postfix/main.cf replace SOMETHING.REPLACEME.TLD with the hostname of the server and REPLACEME.TLD with the domain
  8. Run opendkim-genkey -r -s REPLACEME -d REPLACEME.TLD where REPLACEME.TLD is the domain, and REPLACEME is the first part of the domain
  9. In /etc/postfix/aliases, replace the instance of REPLACEME with the user that should receive domain-level emails
  10. Run openssl dhparam -out /etc/dovecot/dh.pem 4096
  11. Run newaliases to update the aliases database with the contents of /etc/postfix/aliases
  12. Run sa-update to update spamassassin
  13. Run systemctl start amavisd postfix dovecot opendkim to start the mail services and systemctl status amavisd postfix dovecot opendkim to check for errors
  14. If there were no errors in the previous command, run systemctl enable amavisd postfix dovecot opendkim to enable the mail services at boot
  15. Create an MX DNS record for REPLACEME.TLD containing the hostname (REPLACEME.TLD can usually be left out of the input field)
  16. Create a TXT DNS record for the host REPLACEME._domainkey.REPLACEME.TLD containing v=DKIM1; k=rsa; s=email; p=PASSWORD, replacing the occurrence of REPLACEME with the first part of the domain, REPLACEME.TLD with the full domain, and PASSWORD with the string following p= in /etc/opendkim/REPLACEME.txt (REPLACEME.TLD can usually be left out of the input field)
  17. Create a TXT DNS record for the host REPLACEME.TLD containing v=spf1 mx -all (REPLACEME.TLD can usually be left out of the input field)
  18. Create a TXT DNS record for the host _dmarc.REPLACEME.TLD containing v=DMARC1; p=none (REPLACEME.TLD can usually be left out of the input field)
  19. Set the reverse DNS record for the VPS to the hostname
  20. Add postfix.service and dovecot.service to the ExecStartPost service reload in /etc/systemd/system/certbot-renewal.service and run systemctl daemon-reload

Add Accounts

  1. Create an account by running useradd -m -d /home/REPLACEME -s /bin/bash REPLACEME (replacing REPLACEME with the username associated with the mail account)
  2. Set the password by running passwd REPLACEME (replacing REPLACEME with the username associated with the mail account)