bunny-lab/docs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Update Servers/Linux/iRedMail.md

Browse Source
This commit is contained in:
Nicole Rappe
2024-01-06 20:37:17 -07:00
parent b82ea691c8
commit 6d94dbf94a
1 changed files with 17 additions and 9 deletions
Download Patch File Download Diff File Expand all files Collapse all files

26
Servers/Linux/iRedMail.md
View File

@ -15,12 +15,10 @@ sudo su
# Define some deployment variables. # Define some deployment variables.
VERSION="1.6.8" # (1) VERSION="1.6.8" # (1)
MAIL_DOMAIN="bunny-lab.io" # (2) MAIL_DOMAIN="bunny-lab.io" # (2)
POSTMASTER_PASSWORD="VerySecurePassword101" # (3)
``` ```
1. This is the version of iRedMail you are deploying. You can find the newest version on the [iRedMail Download Page](https://www.iredmail.org/download.html). 1. This is the version of iRedMail you are deploying. You can find the newest version on the [iRedMail Download Page](https://www.iredmail.org/download.html).
2. This is the domain suffix that appears after mailbox names. e.g. `first.last@bunny-lab.io` would use a domain value of `bunny-lab.io`. 2. This is the domain suffix that appears after mailbox names. e.g. `first.last@bunny-lab.io` would use a domain value of `bunny-lab.io`.
3. For the purposes of the installation, you cannot use symbols in your password here. Keep it to letters and numbers.
You will then proceed to bootstrap a silent unattended installation of iRedMail. (I've automated as much as I can to make this as turn-key as possible). You will then proceed to bootstrap a silent unattended installation of iRedMail. (I've automated as much as I can to make this as turn-key as possible).
``` sh ``` sh
@ -36,26 +34,36 @@ curl https://codeload.github.com/iredmail/iRedMail/tar.gz/refs/tags/$VERSION -o
tar zxf iRedMail-$VERSION.tar.gz tar zxf iRedMail-$VERSION.tar.gz
# Create the unattend config file for silent deployment. This will automatically generate random 32-character passwords for all of the databases. # Create the unattend config file for silent deployment. This will automatically generate random 32-character passwords for all of the databases.
(echo "export STORAGE_BASE_DIR='/var/vmail'"; echo "export WEB_SERVER='NGINX'"; echo "export BACKEND_ORIG='PGSQL'"; echo "export BACKEND='PGSQL'"; for var in VMAIL_DB_BIND_PASSWD VMAIL_DB_ADMIN_PASSWD MLMMJADMIN_API_AUTH_TOKEN NETDATA_DB_PASSWD AMAVISD_DB_PASSWD IREDADMIN_DB_PASSWD RCM_DB_PASSWD SOGO_DB_PASSWD SOGO_SIEVE_MASTER_PASSWD IREDAPD_DB_PASSWD FAIL2BAN_DB_PASSWD PGSQL_ROOT_PASSWD; do echo "export $var='$(openssl rand -base64 48 | tr -d '+/=' | head -c 32)'"; done; echo "export DOMAIN_ADMIN_PASSWD_PLAIN='$POSTMASTER_PASSWORD'"; echo "export FIRST_DOMAIN='$MAIL_DOMAIN'"; echo "export USE_IREDADMIN='YES'"; echo "export USE_SOGO='YES'"; echo "export USE_NETDATA='YES'"; echo "export USE_FAIL2BAN='YES'") > /root/iRedMail-$VERSION/config (echo "export STORAGE_BASE_DIR='/var/vmail'"; echo "export WEB_SERVER='NGINX'"; echo "export BACKEND_ORIG='PGSQL'"; echo "export BACKEND='PGSQL'"; for var in VMAIL_DB_BIND_PASSWD VMAIL_DB_ADMIN_PASSWD MLMMJADMIN_API_AUTH_TOKEN NETDATA_DB_PASSWD AMAVISD_DB_PASSWD IREDADMIN_DB_PASSWD RCM_DB_PASSWD SOGO_DB_PASSWD SOGO_SIEVE_MASTER_PASSWD IREDAPD_DB_PASSWD FAIL2BAN_DB_PASSWD PGSQL_ROOT_PASSWD DOMAIN_ADMIN_PASSWD_PLAIN; do echo "export $var='$(openssl rand -base64 48 | tr -d '+/=' | head -c 32)'"; done; echo "export FIRST_DOMAIN='$MAIL_DOMAIN'"; echo "export USE_IREDADMIN='YES'"; echo "export USE_SOGO='YES'"; echo "export USE_NETDATA='YES'"; echo "export USE_FAIL2BAN='YES'") > /root/iRedMail-$VERSION/config
# Set Environment Variables for Silent Deployment # Set Environment Variables for Silent Deployment
AUTO_USE_EXISTING_CONFIG_FILE=y AUTO_USE_EXISTING_CONFIG_FILE=y # (1)
AUTO_INSTALL_WITHOUT_CONFIRM=y AUTO_INSTALL_WITHOUT_CONFIRM=y # (2)
AUTO_CLEANUP_REMOVE_SENDMAIL=y AUTO_CLEANUP_REMOVE_SENDMAIL=y # (3)
AUTO_CLEANUP_REPLACE_FIREWALL_RULES=y AUTO_CLEANUP_REPLACE_FIREWALL_RULES=y # (4)
AUTO_CLEANUP_RESTART_FIREWALL=n AUTO_CLEANUP_RESTART_FIREWALL=n # (5)
AUTO_CLEANUP_REPLACE_MYSQL_CONFIG=y AUTO_CLEANUP_REPLACE_MYSQL_CONFIG=y # (6)
# Deploy iRedMail via the Install Script # Deploy iRedMail via the Install Script
cd /root/iRedMail-1.6.8 cd /root/iRedMail-1.6.8
bash iRedMail.sh bash iRedMail.sh
``` ```
1. Use existing `config` file without asking for confirmation.
2. Start the installation without asking for confirmation.
3. Remove `sendmail` package without asking for confirmation.
4. Copy and use the firewall rules shipped in iRedMail installer.
5. Restart firewall service without asking for confirmation.
6. Copy and use the MySQL (server) config file shipped in iRedMail installer.
When the installation is completed, take note of any output it gives you for future reference. Then reboot the server to finalize the server installation. When the installation is completed, take note of any output it gives you for future reference. Then reboot the server to finalize the server installation.
``` ```
reboot reboot
``` ```
!!! warning "Automatically-Generated Postmaster Password"
When you deploy iRedMail, it will give you a username and password for the postmaster account. If you accidentally forget to document this, you can log back into the server via SSH and see the credentials at `/root/iRedMail-$VERSION/iRedMail.tips`. This file is critical and contains passwords and DKIM information as well.
## Nested Reverse Proxy Configuration ## Nested Reverse Proxy Configuration
In my homelab environment, I run Traefik reverse proxy in front of everything, which includes the NGINX reverse proxy that iRedMail creates. In my scenario, I have to make some custom adjustments to the reverse proxy dynamic configuration data to ensure it will allow self-signed certificates from iRedMail to communicate with the Traefik reverse proxy successfully. You will see an example Traefik configuration file below. In my homelab environment, I run Traefik reverse proxy in front of everything, which includes the NGINX reverse proxy that iRedMail creates. In my scenario, I have to make some custom adjustments to the reverse proxy dynamic configuration data to ensure it will allow self-signed certificates from iRedMail to communicate with the Traefik reverse proxy successfully. You will see an example Traefik configuration file below.
``` ```