From b82ea691c839ec6cb22b1e963449830ae31e1ebb Mon Sep 17 00:00:00 2001 From: Nicole Rappe Date: Sat, 6 Jan 2024 20:24:57 -0700 Subject: [PATCH] Update Servers/Linux/iRedMail.md --- Servers/Linux/iRedMail.md | 44 +++++++++++++++++++++++++-------------- 1 file changed, 28 insertions(+), 16 deletions(-) diff --git a/Servers/Linux/iRedMail.md b/Servers/Linux/iRedMail.md index a9a46c9..49beef8 100644 --- a/Servers/Linux/iRedMail.md +++ b/Servers/Linux/iRedMail.md @@ -5,9 +5,9 @@ Self-Hosted Open-Source email server that can be setup in minutes, and is enterp It is assumed you are running at least Rocky Linux 9.3. While you can use CentOS Stream, Alma, Debian, Ubuntu, FreeBSD, and OpenBSD, the more enterprise-level sections of my homelab are built on Rocky Linux. ## Deployment -The instructions below are specific to my homelab environment, but can be easily ported depending on your needs. You can follow along with the official documentation on [Installation](https://docs.iredmail.org/install.iredmail.on.rhel.html) as well as [DNS Record Configuration](https://docs.iredmail.org/setup.dns.html) if you want more detailed explanations throughout the installation process. +The instructions below are specific to my homelab environment, but can be easily ported depending on your needs. This guide also assumes you want to operate a PostgreSQL-based iRedMail installation. You can follow along with the official documentation on [Installation](https://docs.iredmail.org/install.iredmail.on.rhel.html) as well as [DNS Record Configuration](https://docs.iredmail.org/setup.dns.html) if you want more detailed explanations throughout the installation process. -Start by connecting to the server / VM via SSH, then issue the commands below: +Start by connecting to the server / VM via SSH, then set silent deployment variables below. ``` sh # Elevate to Root User sudo su @@ -15,8 +15,15 @@ sudo su # Define some deployment variables. VERSION="1.6.8" # (1) MAIL_DOMAIN="bunny-lab.io" # (2) -POSTMASTER_PASSWORD="SecurePassword101" # (3) +POSTMASTER_PASSWORD="VerySecurePassword101" # (3) +``` +1. This is the version of iRedMail you are deploying. You can find the newest version on the [iRedMail Download Page](https://www.iredmail.org/download.html). +2. This is the domain suffix that appears after mailbox names. e.g. `first.last@bunny-lab.io` would use a domain value of `bunny-lab.io`. +3. For the purposes of the installation, you cannot use symbols in your password here. Keep it to letters and numbers. + +You will then proceed to bootstrap a silent unattended installation of iRedMail. (I've automated as much as I can to make this as turn-key as possible). +``` sh # Check for Updates in the Package Manager yum update -y @@ -27,25 +34,30 @@ dnf -y install https://dl.fedoraproject.org/pub/epel/epel-release-latest-9.noarc cd /root curl https://codeload.github.com/iredmail/iRedMail/tar.gz/refs/tags/$VERSION -o iRedMail-$VERSION.tar.gz tar zxf iRedMail-$VERSION.tar.gz -``` -1. This is the version of iRedMail you are deploying. You can find the newest version on the [iRedMail Download Page](https://www.iredmail.org/download.html). -2. This is the domain suffix that appears after mailbox names. e.g. `first.last@domain.com` -3. For the purposes of the installation, you cannot use symbols in your password here. Keep it to letters and numbers. - -Create the unattend config file for silent deployment (Copy/Paste the one-liner into the SSH terminal). This will automatically generate random 32-character passwords for all of the internal databases. You will set the postmaster password and mail domain in the next step. -``` sh +# Create the unattend config file for silent deployment. This will automatically generate random 32-character passwords for all of the databases. (echo "export STORAGE_BASE_DIR='/var/vmail'"; echo "export WEB_SERVER='NGINX'"; echo "export BACKEND_ORIG='PGSQL'"; echo "export BACKEND='PGSQL'"; for var in VMAIL_DB_BIND_PASSWD VMAIL_DB_ADMIN_PASSWD MLMMJADMIN_API_AUTH_TOKEN NETDATA_DB_PASSWD AMAVISD_DB_PASSWD IREDADMIN_DB_PASSWD RCM_DB_PASSWD SOGO_DB_PASSWD SOGO_SIEVE_MASTER_PASSWD IREDAPD_DB_PASSWD FAIL2BAN_DB_PASSWD PGSQL_ROOT_PASSWD; do echo "export $var='$(openssl rand -base64 48 | tr -d '+/=' | head -c 32)'"; done; echo "export DOMAIN_ADMIN_PASSWD_PLAIN='$POSTMASTER_PASSWORD'"; echo "export FIRST_DOMAIN='$MAIL_DOMAIN'"; echo "export USE_IREDADMIN='YES'"; echo "export USE_SOGO='YES'"; echo "export USE_NETDATA='YES'"; echo "export USE_FAIL2BAN='YES'") > /root/iRedMail-$VERSION/config -``` -```jsx title="/root/iRedMail-1.6.8/config" - -``` +# Set Environment Variables for Silent Deployment +AUTO_USE_EXISTING_CONFIG_FILE=y +AUTO_INSTALL_WITHOUT_CONFIRM=y +AUTO_CLEANUP_REMOVE_SENDMAIL=y +AUTO_CLEANUP_REPLACE_FIREWALL_RULES=y +AUTO_CLEANUP_RESTART_FIREWALL=n +AUTO_CLEANUP_REPLACE_MYSQL_CONFIG=y # Deploy iRedMail via the Install Script cd /root/iRedMail-1.6.8 bash iRedMail.sh ``` -!!! note - Please substitute the `1.6.8` version number if a newer version of iRedMail is available. You can check for the most recent version number on the [Official Download Page](https://www.iredmail.org/download.html). \ No newline at end of file +When the installation is completed, take note of any output it gives you for future reference. Then reboot the server to finalize the server installation. +``` +reboot +``` + +## Nested Reverse Proxy Configuration +In my homelab environment, I run Traefik reverse proxy in front of everything, which includes the NGINX reverse proxy that iRedMail creates. In my scenario, I have to make some custom adjustments to the reverse proxy dynamic configuration data to ensure it will allow self-signed certificates from iRedMail to communicate with the Traefik reverse proxy successfully. You will see an example Traefik configuration file below. +``` +PLACEHOLDER +``` \ No newline at end of file