Changes between Version 17 and Version 18 of configure_new_server


Ignore:
Timestamp:
Nov 16, 2007, 3:32:07 PM (18 years ago)
Author:
Jamie McClelland
Comment:

--

Legend:

Unmodified
Added
Removed
Modified

  • configure_new_server

    v17 v18  
    1313 * Change the domain@mayfirst.org email alias to point to your address.
    1414
    15  * Go to Godaddy (which is a thawte reseller) for server.mayfirst.org. This will take a day or so to be generated.
     15 * Go to RapidSSL to purchase a certificate for server.mayfirst.org. This will take a day or so to be generated.
    1616
    1717 * Concat the CRT and KEY file into a file called: server.mayfirst.org.pem (replace server with the name of the server being setup)
     
    2323}}}
    2424
    25  This file will be used by courier. Copy into /etc/courier/imapd.pem and /etc/courier/pop3d.pem
    26 
    27  * Now, put each one in a separate file called: server.mayfirst.org.key and server.mayfirst.org.crt (these will be used by apache)
     25 * Copy into /etc/ssl/private/
     26
     27 * Copy the .crt file to /etc/ssl/
    2828
    2929== Use volatile for SA and clamav ==
     
    349349# otherwise. This is important because passwords are sent in the clear
    350350smtpd_tls_auth_only = yes
    351 smtpd_tls_key_file = /etc/postfix/ssl/SERVER.mayfirst.org.pem
    352 smtpd_tls_cert_file = /etc/postfix/ssl/SERVER.mayfirst.org.pem
     351smtpd_tls_key_file = /etc/ssl/private/SERVER.mayfirst.org.pem
     352smtpd_tls_cert_file = /etc/ssl/SERVER.mayfirst.org.crt
    353353smtpd_tls_received_header = yes
    354354smtpd_tls_session_cache_timeout = 3600s
     
    457457touch /etc/courier/index
    458458}}}
    459  * Setup ssl - copy the server pem file (which you got from dotster) to the /etc/courier directories:
    460 {{{
    461 cp server.mayfirst.org.pem /etc/courier/imapd.pem
    462 cp server.mayfirst.org.pem /etc/courier/pop3d.pem
    463 }}}
    464 
    465 If you are using Godaddy Certificates, copy the godaddy bundle to /etc/courier/ (you can download it here: http://mayfirst.org/node/452).
    466 
    467 Then add this line to both imapd-ssl and pop3d-ssl:
    468 
    469 {{{
    470 TLS_TRUSTCERTS=/etc/courier/gd_intermediate_bundle.crt
     459 * Edit both imapd-ssl and pop3d-ssl:
     460{{{
     461TLS_CERTFILE=/etc/ssl/private/SERVER.mayfirst.org.pem
    471462}}}
    472463
     
    582573 * Change:
    583574{{{
    584 <VirtualHost *> to: <VirtualHost *:80>
     575<VirtualHost *:80>
    585576ServerAdmin apache@mayfirst.org
    586577DocumentRoot /srv/apache/web (create this directory and index.html file)
     578}}}
     579 * Add:
     580{{{
     581<VirtualHost *:443>
     582        ServerName SERVER.mayfirst.org
     583        ServerAlias www.SERVER.mayfirst.org
     584        DocumentRoot /srv/apache/web
     585        CustomLog /var/log/apache2/access.ssl.log combined
     586        SSLEngine On
     587        SSLCertificateFile /etc/apache2/ssl/SERVER.mayfirst.org.crt
     588        SSLCertificateKeyFile /etc/apache2/ssl/SERVER.mayfirst.org.key
     589        ErrorLog /var/log/apache2/error.log
     590</VirtualHost>
    587591}}}
    588592