Update Servers & Workflows/Linux/iRedMail.md
This commit is contained in:
@ -26,7 +26,9 @@ setenforce 0
|
||||
|
||||
1. If you prefer to let SELinux prints warnings instead of enforcing, you can set this value instead: `SELINUX=permissive`
|
||||
|
||||
## Set Domain and iRedMail Version
|
||||
## iRedMail Installation
|
||||
|
||||
### Set Domain and iRedMail Version
|
||||
Start by connecting to the server / VM via SSH, then set silent deployment variables below.
|
||||
``` sh
|
||||
# Define some deployment variables.
|
||||
@ -42,7 +44,7 @@ You will then proceed to bootstrap a silent unattended installation of iRedMail.
|
||||
!!! danger "Storage Space Requirements"
|
||||
You absolutely need to ensure that `/var/vmail` has a lot of space. At least 16GB. This is where all of your emails / mailboxes / a lot of settings will be. If possible, create a second physical/virtual disk specifically for the `/var` partition, or specifically for `/var/vmail` at minimum, so you can expand it over time if necessary. LVM-based provisioning is recommended but not required.
|
||||
|
||||
## Install iRedMail
|
||||
### Install iRedMail
|
||||
``` sh
|
||||
# Automatically configure the /etc/hosts file to point to the server listed in "/etc/hostname".
|
||||
sudo sed -i "1i 127.0.0.1 $(cat /etc/hostname) $(cut -d '.' -f 1 /etc/hostname) localhost localhost.localdomain localhost4 localhost4.localdomain4" /etc/hosts
|
||||
@ -85,7 +87,9 @@ reboot
|
||||
!!! warning "Automatically-Generated Postmaster Password"
|
||||
When you deploy iRedMail, it will give you a username and password for the postmaster account. If you accidentally forget to document this, you can log back into the server via SSH and see the credentials at `/root/iRedMail-$VERSION/iRedMail.tips`. This file is critical and contains passwords and DNS information such as DKIM record information as well.
|
||||
|
||||
## Nested Reverse Proxy Configuration
|
||||
## Networking Configuration
|
||||
|
||||
### Nested Reverse Proxy Configuration
|
||||
In my homelab environment, I run Traefik reverse proxy in front of everything, which includes the NGINX reverse proxy that iRedMail creates. In my scenario, I have to make some custom adjustments to the reverse proxy dynamic configuration data to ensure it will step aside and let the NGINX reverse proxy inside of iRedMail handle everything, including handling its own SSL termination with Let's Encrypt.
|
||||
|
||||
``` sh
|
||||
@ -105,10 +109,10 @@ tcp:
|
||||
- address: "192.168.3.13:443"
|
||||
```
|
||||
|
||||
## Let's Encrypt ACME Certbot
|
||||
### Let's Encrypt ACME Certbot
|
||||
At this point, we want to set up automatic Let's Encrypt SSL termination inside of iRedMail so we don't have to manually touch this in the future.
|
||||
|
||||
### Generate SSL Certificate
|
||||
#### Generate SSL Certificate
|
||||
=== "Debian/Ubuntu"
|
||||
|
||||
``` sh
|
||||
@ -145,7 +149,7 @@ At this point, we want to set up automatic Let's Encrypt SSL termination inside
|
||||
sudo systemctl restart postfix dovecot nginx
|
||||
```
|
||||
|
||||
### Configure Automatic Renewal
|
||||
#### Configure Automatic Renewal
|
||||
To automate the renewal process, set up a cron job that runs the certbot renew command regularly. This command will renew certificates that are due to expire within 30 days.
|
||||
|
||||
Open the crontab editor with the following command:
|
||||
@ -158,7 +162,7 @@ Add the following line to run the renewal process daily at 3:01 AM:
|
||||
1 3 * * * certbot renew --post-hook 'systemctl restart postfix dovecot nginx'
|
||||
```
|
||||
|
||||
## DNS Records
|
||||
### DNS Records
|
||||
Now you need to set up DNS records in Cloudflare (or the DNS Registrar you have configured) so that the mail server can be found and validated.
|
||||
|
||||
| **Type** | **Name** | **Content** | **Proxy Status** | **TTL** |
|
||||
@ -168,7 +172,7 @@ Now you need to set up DNS records in Cloudflare (or the DNS Registrar you have
|
||||
| TXT | dkim._domainkey | v=DKIM1; p=`IREDMAIL-DKIM-VALUE` | DNS Only | 1 Hour |
|
||||
| TXT | _dmarc | "v=DMARC1; p=none; rua=mailto:postmaster@bunny-lab.io" | DNS Only | Auto |
|
||||
|
||||
## Port Forwarding
|
||||
### Port Forwarding
|
||||
Lastly, we need to set up port forwarding to open the ports necessary for the server to send and receive email.
|
||||
|
||||
| **Protocol** | **Port** | **Destination Server** | **Description** |
|
||||
@ -197,7 +201,7 @@ sudo chown iredadmin:iredadmin -R /opt/www/iRedAdmin-2.5
|
||||
sudo reboot
|
||||
```
|
||||
|
||||
## Activate iRedAdmin-Pro
|
||||
### Activate iRedAdmin-Pro
|
||||
At this point, if you want to use iRedAdmin-Pro, you either have a valid license key, or you adjust the python function responsible for checking license keys to bypass the check, effectively forcing iRedAdmin to be activated. In this instance, we will be forcing activation by adjusting this function, seen below.
|
||||
|
||||
There is someone else who outlined all of these changes, and additional (aesthetic) ones, like removing the renew license button from the license page, but the core functionality is seen below. If you want to see the original repository this was inspired from, it can be found [Here](https://github.com/marcus-alicia/iRedAdmin-Pro-SQL)
|
||||
|
||||
Reference in New Issue
Block a user