Changes between Version 3 and Version 4 of configure_new_server
- Timestamp:
- Aug 23, 2007, 1:48:05 AM (17 years ago)
Legend:
- Unmodified
- Added
- Removed
- Modified
-
configure_new_server
v3 v4 3 3 == Purchase an ssl certificate == 4 4 5 Generate a private key and certificate signing request.5 * Generate a private key and certificate signing request. 6 6 7 7 {{{ … … 10 10 }}} 11 11 12 Change the domain@mayfirst.org email alias to point to your address. 13 14 Go to Dotster (which is a thawte reseller) for server.mayfirst.org (from Dotster home page click Other Products -> ssl, get the 123 certificate) 15 16 This will take a day or so to be generated. 17 18 Once generated, login to Dotster using the mayfirst username. Click on My Services. You should see the new ssl Cert listed. 19 20 Click Manage services. 21 22 Copy the CRT into a file called: 23 24 server.mayfirst.org.pem 25 26 (replace server with the name of the server being setup) 27 28 then add dh paramaters with: 12 * Change the domain@mayfirst.org email alias to point to your address. 13 14 * Go to Dotster (which is a thawte reseller) for server.mayfirst.org (from Dotster home page click Other Products -> ssl, get the 123 certificate). This will take a day or so to be generated. 15 16 * Once generated, login to Dotster using the mayfirst username. Click on My Services. You should see the new ssl Cert listed. 17 18 * Click Manage services. 19 20 * Copy the CRT into a file called: server.mayfirst.org.pem (replace server with the name of the server being setup) 21 22 * Then add dh paramaters with: 29 23 30 24 {{{ … … 32 26 }}} 33 27 34 This file will be used by courier 35 36 Now, put each one in a separate file called: 37 38 server.mayfirst.org.key 39 40 server.mayfirst.org.crt 41 42 These will be used by apache 28 This file will be used by courier 29 30 * Now, put each one in a separate file called: server.mayfirst.org.key and server.mayfirst.org.crt (these will be used by apache) 43 31 44 32 == Use volatile for SA and clamav == 45 46 33 47 34 * Edit /etc/apt/sources.list. Add the following: … … 62 49 }}} 63 50 64 65 51 == Install debian packages == 66 52 67 53 {{{ 68 $ sudo apt-get install apache2 libapache2-mod-suphp cvs amavisd-new clamav clamav-daemon spamassassin maildrop courier-imap-ssl courier-pop-ssl scponly logcheck logcheck-database cron-apt awstats razor libnet-dns-perl dcc-client phpmyadmin php5-mysql php5-imap php5-gd mysql-server-5.0 mysql-client-5.0 squirrelmail php-mail php-db fail2ban aspell aspell-en aspell-es php5-mcrypt php-auth iproute bzip2 69 }}} 70 71 Now, install php-pear and php-log. You must install these before installing imp4 or else imp4 will try to pull in un-needed php4 packages. 72 73 {{{ 74 sudo apt-get install php-pear php-log 75 }}} 76 77 And now, imp4: 78 79 {{{ 80 sudo apt-get install imp4 turba2 ingo1 81 }}} 82 83 Add the pear file package so that Turba (address book) can import address books. First try apt - but don't do it if it still tries to pull in php4 (which it is trying as of April 11, 2007) 84 85 {{{ 86 sudo apt-get install php-file 87 }}} 88 89 If it is trying to pull in php4, then install it via pear: 90 91 {{{ 92 sudo pear install -o File 54 $ sudo apt-get install apache2 libapache2-mod-suphp cvs amavisd-new clamav clamav-daemon spamassassin maildrop courier-imap-ssl courier-pop-ssl scponly logcheck logcheck-database cron-apt awstats razor libnet-dns-perl dcc-client phpmyadmin php5-mysql php5-imap php5-gd mysql-server-5.0 mysql-client-5.0 squirrelmail php-mail php-db fail2ban aspell aspell-en aspell-es php5-mcrypt php-auth iproute bzip2 imagemagick php-pear php-log imp4 turba2 ingol php-file 93 55 }}} 94 56 … … 97 59 In order to route traffic directly from computer to computer (across different subnetworks) we need to add the different routes 98 60 99 Create a file called add-he-routes with the following contents:61 * Create a file called add-he-routes with the following contents: 100 62 101 63 {{{ … … 106 68 #ip route add 209.51.163.192/28 dev eth0 107 69 ip route add 209.51.180.16/28 dev eth0 108 }}} 109 110 Comment out the line representing the network this server is on 111 112 Save the file in /etc/network/if-up.d 113 chmod it to 755 114 115 And add a corresponding file: 116 117 {{{ 118 70 ip route add 209.51.163.0/27 dev eth0 71 }}} 72 73 * Comment out the line representing the network this server is on 74 75 * Save the file in /etc/network/if-up.d and chmod it to 755 76 77 * And add a corresponding file: 78 79 {{{ 119 80 #!/bin/bash 120 81 # remove routes for alternate blocks in rack … … 123 84 ip route del 209.51.163.192/28 124 85 #ip route del 209.51.180.16/28 125 }}} 126 127 Save the file in /etc/network/if-down.d 128 chmod it to 75586 ip route del 209.51.163.0/27 87 }}} 88 89 * Save the file in /etc/network/if-down.d and chmod it to 755 129 90 130 91 == Configure suPHP == … … 272 233 == Install Red == 273 234 274 275 * Edit /etc/apt/sources.list - make sure non-free is there, e.g.: 276 deb http://http.us.debian.org/debian stable main contrib non-free. If you are adding anything to this line, run sudo apt-get update afterwards. 235 * Edit /etc/apt/sources.list - make sure non-free is there, e.g.: deb !http://http.us.debian.org/debian stable main contrib non-free. If you are adding anything to this line, run sudo apt-get update afterwards. 277 236 {{{ 278 237 $ sudo apt-get install ucspi-tcp-src … … 290 249 * Download the source from cvs 291 250 292 copy and paste the following commands251 * Copy and paste the following commands 293 252 294 253 {{{ … … 307 266 }}} 308 267 309 this last one, in case you are interested, copies all the files that end in .sample in this directory to files that strip the .sample part out.310 311 268 * Edit the file called pinky. Change ip address to machine's real ip address. also edit red_server.conf, to add the database user and password. 269 312 270 * Launch pinky with: 313 271 {{{ … … 317 275 318 276 == Postfix setup == 319 320 321 277 322 278 * Create aliases in /etc/aliases … … 328 284 }}} 329 285 330 Don't forget to run newaliases! 331 332 * Create empty access, virtual_alias_maps and virtual_alias_domains files in 333 /etc/postfix 286 * Don't forget to run newaliases! 287 288 * Create empty access, virtual_alias_maps and virtual_alias_domains files in /etc/postfix 334 289 335 290 {{{ … … 375 330 * Copy the /etc/postfix/master.cf file from chavez to get the amavis settings. 376 331 377 378 332 * Postfix as secure mail relay setup 379 333 … … 383 337 }}} 384 338 385 * Configure sasl 386 {{{ 387 sudo vim /etc/default/saslauthd 388 }}} 389 339 * Configure sasl. Edit /etc/default/saslauthd 340 {{{ 390 341 Uncomment START = yes 391 342 Change MECHANISMS to read: 392 343 MECHANISMS ="shadow" 344 }}} 393 345 394 346 * Add postfix to the sasl group … … 436 388 }}} 437 389 438 439 390 == Setup Postgrey == 440 391 … … 458 409 }}} 459 410 460 461 check_policy_service inet:127.0.0.1:60000462 463 411 == Setup Courier == 464 465 412 466 413 * Create a shared/index file that is empty (to avoid getting error messages in the log) … … 476 423 477 424 == Setup amavis == 478 479 480 425 481 426 * Edit /etc/amavis/conf.d/50-user … … 494 439 495 440 * Add AllowSupplementaryGroups to /etc/clamav/clamd.conf 441 496 442 * Add a cron job to clean out viruses and spam collected by amavis in /etc/cron.d called clean-up-virus with the contents: 443 {{{ 497 444 # Find and delete all emails older than 14 days 498 445 2 4 * * * amavis find /var/lib/amavis/virusmails -mtime +14 -exec rm '{}' \; 499 500 446 }}} 501 447 502 448 == Configure Spamassassin == 503 449 504 505 450 * Install helper packages 506 451 {{{ … … 510 455 * Add a new rule for spamassassin (debian etch or above only!) 511 456 512 <ul>513 457 * Create /usr/local/share/spamassassin/plugins 514 458 {{{ … … 535 479 536 480 * Turn on subject munging (uncomment line in /etc/spamassassin/local.cf) 537 * Add temporary work around to get spamassassin to properly tag messages sent to us via tls by adding this line to /etc/spamassassin/local.cf: 481 482 * Add temporary work around to get spamassassin to properly tag messages sent to us via tls by adding this line to /etc/spamassassin/local.cf (change hostname, see http://wiki.apache.org/spamassassin/DynablockIssues): 538 483 {{{ 539 484 header LOCAL_AUTH_RCVD Received =~ /\(using TLS.*\) by chavez\.mayfirst\.org / 540 485 score LOCAL_AUTH_RCVD -20 541 486 }}} 542 (edit the host name) 543 See: http://wiki.apache.org/spamassassin/DynablockIssues 544 * Turn off report safe (in /etc/spamassassin/local.cf set: report_safe 0 487 488 * Turn off report safe (in /etc/spamassassin/local.cf set: report_safe 0) 489 545 490 * Edit /etc/default/spamassassin - enable spamassassin 491 546 492 * Setup sa-update 547 493 {{{ … … 558 504 }}} 559 505 560 561 562 506 == Maildrop == 563 507 … … 572 516 == Webmail setup == 573 517 574 575 576 518 * Symlink the squirrelmail apache conf file: 577 519 … … 584 526 Redirect /webmail https://servername.mayfirst.org/horde3 585 527 }}} 528 586 529 * Copy the various /etc/horde/*/conf.conf files from chavez 530 587 531 * Edit /etc/horde/imp4/servers.php (see chavez for details) 532 588 533 * Run sudo /etc/squirrelmail/conf.pl 589 534 590 535 * Change 1: organizational preferences (org name, provider link, provider name) 536 591 537 * Change 2: server settings: A IMAP Settings (port: 993, secure imap: true, 592 538 server software: courier 593 * Plugins: install: delete_move_next,squirrelspell, 594 filters,abook_take,listcommands,mail_fetch,gpg (you will need to download539 540 * Plugins: install: delete_move_next,squirrelspell, filters,abook_take,listcommands,mail_fetch,gpg (you will need to download 595 541 this one from www.squirrelmail.org into the /usr/share/squirrelmail/plugins 596 542 597 543 * Gunzip/usr/share/doc/horde3/examples/scripts/sql/create.mysql.sql.gz into your home directory 544 598 545 * Edit - change the password to a good password 599 * Import into mysql 600 * Directly import /usr/share/doc/turba2/examples/scripts/sql/turba_objects.mysql.sql with: 546 547 * Import into mysql: Directly import /usr/share/doc/turba2/examples/scripts/sql/turba_objects.mysql.sql with: 548 601 549 {{{ 602 550 mysql -u root -p horde < /usr/share/doc/turba2/examples/scripts/sql/turba_objects.mysql.sql 603 551 }}} 604 552 605 606 553 == Install Drupal == 607 554 608 609 555 * Download from drupal.org into: /usr/local/share/ 610 556 … … 613 559 * Create a soft link to the version (i.e. sudo ln -s drupal-4.7.3 drupal-4.7) 614 560 615 * Tar up and copy all the files from wiwa /usr/local/share/drupal-modules-4.7 616 and place into the /usr/local/share/drupal-modules-4.7 on the target server. 617 618 561 * Tar up and copy all the files from wiwa /usr/local/share/drupal-modules-4.7 and place into the /usr/local/share/drupal-modules-4.7 on the target server. 619 562 620 563 == Configure Apache == 621 564 622 623 624 565 * In /etc/apache2/site-available/default change NameVirtualHost * to: NameVirtualHost *:80 625 566 626 567 * Change: 568 {{{ 627 569 <VirtualHost *> to: <VirtualHost *:80> 628 570 ServerAdmin apache@mayfirst.org 629 571 DocumentRoot /srv/apache/web (create this directory and index.html file) 630 572 }}} 631 573 632 574 == Configure logrotate == … … 655 597 656 598 Copy from Wiwa to the server: 599 {{{ 657 600 /etc/logcheck/logcheck.conf 658 601 /etc/logcheck/ignore.d.server/local-* 602 }}} 659 603 660 604 == Configure cron-apt == 661 605 662 606 Edit /etc/cron-apt 607 {{{ 663 608 Change line MAILON to MAILON ="upgrade" 609 }}} 664 610 665 611 == Configure Awstats == 666 667 612 668 613 * Copy /etc/awstats/awstats.conf.local from chavez to the target server's /etc/awstats directory … … 672 617 * Copy /usr/share/doc/awstats/examples/apache.conf to /etc/apache2/conf.d/awstats 673 618 674 675 619 == Configure Mutt == 676 620