No description
Find a file
2017-01-23 00:14:19 -05:00
dovecot Add initial configuration and instructions 2016-02-23 22:05:00 -05:00
nginx Update default the nginx sites-available config to include XSS and clickjacking protection and to 301 to https on port 80, and add configs for piwik and rouncube 2016-12-18 23:54:13 -05:00
opendkim Update the mail server config to include the missing pieces to avoid getting detected as spam 2017-01-23 00:14:19 -05:00
pam.d Add initial configuration and instructions 2016-02-23 22:05:00 -05:00
php Update php.ini to reflect upstream changes 2017-01-22 18:43:29 -05:00
postfix Up mailbox size limit to 1 gigabyte and message size limit to 50 megs 2016-10-26 12:03:55 -04:00
skel Add .procmail to the skel mail config 2016-12-12 14:10:54 -05:00
systemd/system Increase the maximum upload size to 30 megs in php and nginx, and update the let's encrypt renewal service 2016-09-12 18:41:03 -04:00
procmailrc Add initial configuration and instructions 2016-02-23 22:05:00 -05:00
README.md Update the mail server config to include the missing pieces to avoid getting detected as spam 2017-01-23 00:14:19 -05:00

Base Config

Notes:

  1. The Mail Server requires SSL certificates
  2. Occurances of REPLACEME.TLD without comments stating otherwise should have the FQDN substituted for it
  3. Occurances of REPLACEME without comments stating otherwise should have the FQDN without the TLD substituted for it

Swap File

  1. Run dd if=/dev/zero of=/swapfile bs=1M count=2048 then chmod 600 /swapfile followed by mkswap /swapfile and swapon /swapfile
  2. Set the system up to mount the swap file at boot by adding /swapfile none swap defaults 0 0 to the bottom of /etc/fstab

Web Server

Package Requirements for Web Server

nginx, php, php-apcu-bc, php-fpm, php-composer, php-gd, php-imap, php-intl, php-mcrypt, php-memcached, php-geoip, geoip-database geoip-database-extra, memcached, mariadb, bower, gulp, npm, certbot

Folders for Web Server

nginx, php, systemd

Setup Instructions for Web Server

  1. Install the packages in the Package Requirements above
  2. Copy the folders above that aren't already configured to their equivalent location in /etc
  3. In /etc/nginx/sites-available/REPLACEME.TLD.conf and /etc/systemd/system/letsencrypt.service
  4. Rename /etc/nginx/sites-available/REPLACEME.TLD.conf
  5. Add your site files to /srv/http/REPLACEME.TLD where public assets are located in /srv/http/REPLACEME.TLD/public
  6. Create a symlink from /etc/nginx/sites-available/REPLACEME.tld.conf to /etc/nginx/sites-enabled/REPLACEME.tld.conf
  7. Run openssl dhparam -out /etc/nginx/dhparam.pem 4096 to generate the diffie-hellman parameter
  8. Run systemctl start php-fpm nginx to start the web services and systemctl status php-fpm and systemctl status nginx to check for errors
  9. If there were no errors in the previous command, run systemctl enable php-fpm nginx to enable the web services at boot
  10. Ensure the public web directory exists and run systemctl start letsencrypt to generate the SSL certificates
  11. Run systemctl start certbot-renewal.timer and systemctl enable certbot-renewal.timer to start and enable the auto-renewal process

MySQL Config

  1. Add bind-address = 127.0.0.1 to /etc/mysql/my.cnf
  2. Run mysql_install_db --user=mysql --basedir=/usr --datadir=/var/lib/mysql
  3. Run systemctl start mysqld and systemctl enable mysqld to start mysqld and enable it at boot
  4. Run mysql_secure_installation.
  5. Create a new password.
  6. Say yes to everything (e.g. "Remove anonymous users? Disallow root logging remotely? Remove test database and access to it? Reload privilege tables now?")

Mail Server

Package Requirements for Mail Server

dovecot, postfix, procmail, opendkim

Folders for Mail Server

dovecot, pam.d, postfix, procmailrc, skel, systemd, opendkim

Setup Instructions for Mail Server

  1. Install the packages in the Package Requirements above
  2. Copy the folders above that aren't already configured to their equivalent location in /etc
  3. Add a DNS entry with a hostname for the server that isn't the FQDN mail will be sent to and the FQDN
  4. Set the hostname of the server with hostnamectl set-hostname SOMETHING.REPLACEME.TLD where SOMETHING.REPLACEME.TLD is the server hostname
  5. Add the hostname of the server to the end of the line starting with 127.0.0.1 in /etc/hosts
  6. In /etc/dovecot/dovecot.conf and /etc/opendkim/opendkim.conf replace occurances of REPLACEME and REPLACEME.TLD
  7. In /etc/postfix/main.cf replace occurances of REPLACEME.TLD with the hostname (not the name)
  8. Run opendkim-genkey -r -s REPLACEME -d REPLACEME.TLD
  9. In /etc/postfix/aliases, replace the instance of REPLACEME with the user that should receive domain-level emails
  10. Run newaliases to update the aliases database with the contents of /etc/postfix/aliases
  11. Run systemctl start postfix dovecot opendkim to start the mail services and systemctl status postfix dovecot opendkim to check for errors
  12. If there were no errors in the previous command, run systemctl enable postfix dovecot opendkim to enable the mail services at boot
  13. Create an MX DNS record for REPLACEME.TLD containing the hostname
  14. Create a TXT DNS record for the host REPLACEME._domainkey.REPLACEME.TLD containing v=DKIM1; k=rsa; s=email; p=PASSWORD, replacing the occurance of PASSWORD with the string following p= in /etc/opendkim/REPLACEME.txt
  15. Create a TXT DNS record for the host REPLACEME.TLD containing v=spf1 mx -all
  16. Create a TXT DNS record for the host _dmarc.REPLACEME.TLD containing v=DMARC1; p=none
  17. Set the reverse DNS record for the VPS to the hostname

Add Accounts

  1. Create an account by running useradd -m -d /home/REPLACEME -s /bin/bash REPLACEME (replacing REPLACEME with the username associated with the mail account)
  2. Set the password by running passwd REPLACEME (replacing REPLACEME with the username associated with the mail account)