# Base Config Note: The Mail Server requires SSL certificates ## Swap File 1. Run `dd if=/dev/zero of=/swapfile bs=1M count=2048` then `chmod 600 /swapfile` followed by `mkswap /swapfile` and `swapon /swapfile` 2. Set the system up to mount the swap file at boot by adding `/swapfile none swap defaults 0 0` to the bottom of `/etc/fstab` ## Web Server ### Package Requirements for Web Server nginx, php, php-apcu-bc, php-fpm, php-composer, php-gd, php-imap, php-intl, php-mcrypt, php-memcached, memcached, mariadb, bower, gulp, npm, certbot ### Folders for Web Server nginx, php, systemd ### Setup Instructions for Web Server 1. Install the packages in the `Package Requirements` above 2. Copy the folders above that aren't already configured to their equivalent location in `/etc` 3. In `/etc/nginx/sites-available/REPLACEME.TLD.conf` and `/etc/systemd/system/letsencrypt.service`, replace instances of `REPLACEME.TLD` with the FQDN 4. Rename `/etc/nginx/sites-available/REPLACEME.TLD.conf` so that `REPLACEME.TLD` is replaced with the FQDN 5. Add your site files to `/srv/http/REPLACEME.TLD` where public assets are located in `/srv/http/REPLACEME.TLD/public` (replacing `REPLACEME.TLD` with the FQDN) 6. Create a symlink from `/etc/nginx/sites-available/REPLACEME.tld.conf` to `/etc/nginx/sites-enabled/REPLACEME.tld.conf` (replacing `REPLACEME.TLD` with the FQDN) 7. Run `openssl dhparam -out /etc/nginx/dhparam.pem 4096` to generate the diffie-hellman parameter 8. Run `systemctl start php-fpm nginx` to start the web services and `systemctl status php-fpm` and `systemctl status nginx` to check for errors 9. If there were no errors in the previous command, run `systemctl enable php-fpm nginx` to enable the web services at boot 10. Ensure the public web directory exists and run `systemctl start letsencrypt` to generate the SSL certificates 11. Run `systemctl start certbot-renewal.timer` and `systemctl enable certbot-renewal.timer` to start and enable the auto-renewal process ### MySQL Config 1. Add `bind-address = 127.0.0.1` to `/etc/mysql/my.cnf` 1. Run `mysql_install_db --user=mysql --basedir=/usr --datadir=/var/lib/mysql` 2. Run `systemctl start mysqld` and `systemctl enable mysqld` to start mysqld and enable it at boot 3. Run `mysql_secure_installation`. 4. Create a new password. 5. Say `yes` to everything (e.g. "Remove anonymous users? Disallow root logging remotely? Remove test database and access to it? Reload privilege tables now?") ## Mail Server ### Package Requirements for Mail Server dovecot, postfix, procmail ### Folders for Mail Server dovecot, pam.d, postfix, procmailrc, skel, systemd ### Setup Instructions for Mail Server 1. Install the packages in the `Package Requirements` above 2. Copy the folders above that aren't already configured to their equivalent location in `/etc` 3. In `/etc/dovecot/dovecot.conf` and `/etc/postfix/main.cf`, replace instances of `REPLACEME.TLD` with the FQDN 4. In `/etc/postfix/aliases`, replace the instance of `REPLACEME` with the user that should receive domain-level emails 5. Run `newaliases` to update the aliases database with the contents of `/etc/postfix/aliases` 6. Run `systemctl start postfix dovecot` to start the mail services and `systemctl status postfix` and `systemctl status dovecot` to check for errors 7. If there were no errors in the previous command, run `systemctl enable postfix dovecot` to enable the mail services at boot ### Add Accounts 1. Create an account by running `useradd -m -d /home/REPLACEME -s /bin/bash REPLACEME` (replacing `REPLACEME` with the username associated with the mail account) 2. Set the password by running `passwd REPLACEME` (replacing `REPLACEME` with the username associated with the mail account)