Ubuntu 20.04 + UFW + iRedMail 安裝流程
安裝好 Ubuntu 20.04, 請先不要進行更新動作
* 安裝Ubuntu 20.04的輸入法一定要先選擇Englih(US)
依下列流程一步一步的進行
產生 Ubuntu root 密碼
> sudo passwd root
開啟 Ubuntu ufw 防火牆
( MariaDB 對外連線, 就需要打開這個)
> sudo ufw enable
> sudo systemctl start ufw
> sudo systemctl enable ufw
> sudo reboot
* 有時Ubuntu重新開機後, ufw自動啟動會失效, 請重新上面四行指令
> sudo ufw status
> sudo ufw allow ssh
> sudo ufw allow in 22
> sudo ufw allow out 22
> sudo ufw allow in 25
> sudo ufw allow out 25
> sudo ufw allow in 80
> sudo ufw allow out 80
> sudo ufw allow in 443
> sudo ufw allow out 443
> sudo ufw allow in 3306
> sudo ufw allow out 3306
> sudo ufw status verbose
> sudo reboot
> sudo ufw status
* 通成開機桌面出現完成幾分鐘後 ufw 才會被啟動 *
> sudo apt update
> sudo apt upgrade
> sudo reboot 重新開機
最好再做一次 apt update/upgrade
> sudo apt update
> sudo apt upgrade
> sudo hostnamectl set-hostname mail.mydomain.com
> sudo nano /etc/hosts
127.0.0.1 www.mydomain.com localhost
127.0.1.1 mydomain-ubuntu
# The following lines are desirable for IPv6 capable hosts
::1 ip6-localhost ip6-loopback
fe00::0 ip6-localnet
ff00::0 ip6-mcastprefix
ff02::1 ip6-allnodes
ff02::2 ip6-allrouters
> hostname -f
> Download teamviewer
> Install teamviewer
> Start teamviewer with system
teamviewer->其他->選項->一般-> 勾選 Start teamviewer with system
> reboot
* 這版本的teamviewer 在暖開機時常會開機啟動失敗, 只能關電源後再重開機才會啟動成功.
解決辦法
> nano /etc/gdm3/custom.conf
原來的設定是
#WaylandEnable=false
將# 註釋取消
WaylandEnable=false
參考來源:
https://community.teamviewer.com/English/discussion/35342/teamviewer-13-not-connecting-in-ubuntu-18-04-login-screen
> reboot
開始安裝 git
> apt install git
開始安裝 iRedMail
> git clone https://github.com/iredmail/iRedMail.git
> cd iRedMail
> chmod +x iRedMail.sh
> bash iRedMail.sh
Path 選擇 /var/vmail
Web Server 選擇 Nginx
Database 選擇 MariaDB
MariaDB Root Password: myrootpassword
mail domain name: mydomain.com
postmaster@mydomain.com Password: myrootpassword
Optional Components:
防火牆的選項都選擇 Y
> apt install software-properties-common
> apt-add-repository -r ppa:certbot/certbot
> apt-get install certbot
> sudo certbot certonly --webroot --agree-tos --email mymail@mydomain.com -d www.mydomain.com -w /var/www/html/
- 防火牆的port 80,443 要打開, 不然會失敗
- 這個 ssl_certificate 每隔三個月就要重作一次
- 因為未來有用到 www 的web server 網頁
web server 是用來跨網存取 MariaDB
所以使用 www.mydomain.com 而不是 mail.mydomain.com
> sudo nano /etc/nginx/templates/ssl.tmpl
檔案內新增下面兩行
ssl_certificate /etc/letsencrypt/live/www.mydomain.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/www.mydomain.com/privkey.pem;
> nginx -t
> systemctl reload nginx
> nano /etc/postfix/main.cf
檔案內修改下面三行
smtpd_tls_key_file = /etc/letsencrypt/live/www.mydomain.com/privkey.pem
smtpd_tls_cert_file = /etc/letsencrypt/live/www.mydomain.com/cert.pem
smtpd_tls_CAfile = /etc/letsencrypt/live/www.mydomain.com/chain.pem
> systemctl reload postfix
> nano /etc/dovecot/dovecot.conf
檔案內修改下面兩行
ssl_cert = </etc/letsencrypt/live/www.mydomain.com/fullchain.pem
ssl_key = </etc/letsencrypt/live/www.mydomain.com/privkey.pem
> systemctl reload dovecot
> reboot
使用telnet測試 mail server
> telnet mydomain.com 25
產生 DKIM, 這很重要, 關係到GMail 收發信能力
> amavisd-new genrsa /var/lib/dkim/mydomain.com.pem 2048
> amavisd-new genrsa /var/lib/dkim/mydomain.com.pem 2048
> systemctl restart amavis
dkim._domainkey.mydomain.com. 3600 TXT (
"v=DKIM1; p="
"MIGfMA________________________________BiQKBgQDFK4u2gM/v1YoNryROAV0D1x0M"
"DM1P2zI________________________________ToNlkqUV7IfL1LqqzFg/BxzMS780bK"
"46CBLra________________________________AonftdqZJE5YuGUMXXiJ8cWK/KsS"
"w2M/T__________________QAB")
開始修改 DNS domain 資料
登入 已購買之domain的廠商, 例如 https://www.123cheapdomains.com/
. 設定 IP Pointing
. 設定 MX Record
. 增加一筆 TXT Record
v=spf1 a mx ptr ~all
. 增加一筆 TXT Record
DKIM records
> https://www.mydomain.com/iredadmin/
管理賬號 postmaster@mydomain.com
密碼: myrootpassword
> iredadmin 網頁放在 /opt/www/iredadmin/ 目錄下
備份 /opt/www/iredadmin-1.2/libs/iredpwd.py 為 iredpwd_org.py
開啟 /opt/www/iredadmin-1.2/libs/iredpwd.py
刪除使用者密碼要大寫及特殊字元的檢查
刪除程式 148-151行
刪除程式 140-142行
刪除程式 123行
刪除程式 121行
刪除程式 94-96行
刪除程式 86-88行
刪除程式 62行
刪除程式 60行
> https://www.mydomain.com/
網頁放在 /var/www/html/ 目錄下
> https://www.mydomain.com/mail/
Roundcube Webmail
建立 Web Link到使用者的目錄下
> ln -s /var/www/html /home/USERACCOUNT/html
Ubuntu 安裝 網路工具
> sudo apt install net-tools
> ifconfig
Ubuntu MariaDB Server
> mysql_secure_installation
> nano /etc/mysql/mariadb.conf.d/50-server.cnf
移除 bind-address = 127.0.0.1
> mysql -u root -p
輸資料庫mysql 的密碼
mysql> GRANT ALL PRIVILEGES ON *.* TO 'root'@'%' IDENTIFIED BY 'fdgfdgfdg' WITH GRANT OPTION;
mysql> FLUSH PRIVILEGES;
mysql> exit
重新啟動資料庫
> sudo service mysql restart
Nginx 與 PHP-FPM 環境
> nano /etc/nginx/nginx.conf
內容如下
user www-data;
worker_processes 1;
pid /var/run/nginx.pid;
events {
worker_connections 1024;
}
http {
include /etc/nginx/conf-enabled/*.conf;
include /etc/nginx/sites-enabled/*.conf;
fastcgi_buffers 8 16k;
fastcgi_buffer_size 32k;
fastcgi_connect_timeout 90;
fastcgi_send_timeout 90;
fastcgi_read_timeout 90;
}
> cd /etc/nginx/sites-available/
> nano /etc/nginx/sites-available/00-default.conf
填入下列資料
server {
listen 80 default_server;
listen [::]:80 default_server;
root /var/www/html;
index index.html index.htm index.php index.nginx-debian.html;
server_name _;
location / {
root /var/www/html;
index index.html index.htm;
autoindex on;
try_files $uri $uri/ =404;
}
location ~ \.php$ {
root /var/www/html;
fastcgi_pass 127.0.0.1:9000;
fastcgi_split_path_info ^(.+\.php)(.*)$;
fastcgi_param PATH_INFO $fastcgi_path_info;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_index index.php;
include fastcgi_params;
fastcgi_intercept_errors on;
error_page 404 /error/404.php;
}
location ~ /\.ht {
deny all;
}
}
> nano /etc/nginx/sites-available/00-default.conf
upstream php_workers {
server 127.0.0.1:9000;
}
> nano /etc/php/7.4/fpm/www.conf
[inet]
user = www-data
group = www-data
listen = 127.0.0.1:9000
listen.owner = www-data
listen.group = www-data
listen.mode = 0660
; IP addresses must be separated by comma, and no space between comma and ip.
listen.allowed_clients = 127.0.0.1
pm = dynamic
pm.max_children = 100
pm.start_servers = 5
pm.min_spare_servers = 5
pm.max_spare_servers = 10
pm.max_requests = 100
pm.status_path = /status
ping.path = /ping
request_terminate_timeout = 60s
request_slowlog_timeout = 10s
; Log files
access.log = /var/log/php-fpm/php-fpm.log
slowlog = /var/log/php-fpm/slow.log
> php -ini
> nano /etc/php/7.4/cli/php.ini
檢查 312行 disable_functions 後面不要加其他文字
disable_functions =
增加 第 151行
short_open_tag = On
> nano /etc/php/7.4/fpm/php.ini
刪除 312行 disable_functions 後面中參數的 phpinfo 這個字串
disable_functions = posix_uname,eval,pcntl_wexitstatus,posix_getpwuid,
xmlrpc_entity_decode,pcntl_wifstopped,pcntl_wifexited,pcntl_wifsignaled,
phpAds_XmlRpc,pcntl_strerror,ftp_exec,pcntl_wtermsig,mysql_pconnect
,proc_nice,pcntl_sigtimedwait,posix_kill,pcntl_sigprocmask,fput,phpinfo,
system,phpAds_remoteInfo,ftp_login,inject_code,posix_mkfifo,highlight_file,
escapeshellcmd,show_source,pcntl_wifcontinued,fp,pcntl_alarm,pcntl_wait,
ini_alter,posix_setpgid,parse_ini_file,ftp_raw,pcntl_waitpid,pcntl_getpriority,
ftp_connect,pcntl_signal_dispatch,pcntl_wstopsig,ini_restore,ftp_put,
passthru,proc_terminate,posix_setsid,pcntl_signal,pcntl_setpriority,
phpAds_xmlrpcEncode,pcntl_exec,ftp_nb_fput,ftp_get,phpAds_xmlrpcDecode,
pcntl_sigwaitinfo,shell_exec,pcntl_get_last_error,ftp_rawlist,pcntl_fork,
posix_setuid
檢查 nginx相關設定是否有錯誤
> nginx -t
> systemctl reload nginx
重新啟動 nginx
> systemctl restart nginx
重新啟動 php7.4-fpm
> systemctl restart php7.4-fpm
> cd /var/www/html
> nano info.php
填入下面資料,並存檔
<?php
echo phpinfo();
?>
- 開啟網頁
http://www.my.com/info.php
顯示如下
Configuration File (php.ini) Path /etc/php/7.4/fpm
Loaded Configuration File /etc/php/7.4/fpm/php.ini
Scan this dir for additional .ini files /etc/php/7.4/fpm/conf.d
- 安裝 MarairDB 工具
PremiumSoft Navicat Premium 12.1.22 Linux64
> Install app
> copy RegPrivateKey.pem to \home\myuser\Software\navicat121_premium_en_x64\Navicat
> cd \home\myuser\Software\navicat121_premium_en_x64\
> chmod +x start_navicat
> bash start_navicat
> use keygen: NAVJ-xxxx-xxxx-xxxx
Add Connect "MarairDB"
Host Name: MyHost-localhost
Host: localhost
Port: 3306
user name: root
password: 123456789
Add Connect "MarairDB"
Host Name: MyHost-192.168.1.99
Host: 192.168.1.99
Port: 3306
user name: root
password: 123456789
Add Connect "MarairDB"
Host Name: MyHost-122.222.333.555
Host: 122.222.333.555
Port: 3306
user name: root
password: 123456789
- 安裝 phpmyadmin
> apt-get install phpmyadmin
* 因為 web server 部份是nginx, 所以2個都不要選
> ln -s /usr/share/phpmyadmin /var/www/html/phpmyadmin
開啟網頁
https://www.MyHost.com/phpmyadmin/
使用 root 帳號及密碼登入
點選下面紅字 "尚未設定 phpMyAdmin 設定儲存空間,部份延伸功能將無法使用"
點選 "建立" 這個黃字連結, "於目前資料庫建立 phpMyAdmin 設定儲存空間",
左邊就會產生一個 phpmyadmin的資料庫
> cd /usr/share/phpmyadmin
> copy config.sample.inc.php config.inc.php
> nano config.inc.php
檔案修改如下
/* User used to manipulate with storage */
$cfg['Servers'][$i]['controluser'] = 'root';
$cfg['Servers'][$i]['controlpass'] = '123456789';
/* Storage database and tables */
$cfg['Servers'][$i]['pmadb'] = 'phpmyadmin';
$cfg['Servers'][$i]['bookmarktable'] = 'pma__bookmark';
$cfg['Servers'][$i]['relation'] = 'pma__relation';
$cfg['Servers'][$i]['table_info'] = 'pma__table_info';
$cfg['Servers'][$i]['table_coords'] = 'pma__table_coords';
$cfg['Servers'][$i]['pdf_pages'] = 'pma__pdf_pages';
$cfg['Servers'][$i]['column_info'] = 'pma__column_info';
$cfg['Servers'][$i]['history'] = 'pma__history';
$cfg['Servers'][$i]['table_uiprefs'] = 'pma__table_uiprefs';
$cfg['Servers'][$i]['tracking'] = 'pma__tracking';
$cfg['Servers'][$i]['userconfig'] = 'pma__userconfig';
$cfg['Servers'][$i]['recent'] = 'pma__recent';
$cfg['Servers'][$i]['favorite'] = 'pma__favorite';
$cfg['Servers'][$i]['users'] = 'pma__users';
$cfg['Servers'][$i]['usergroups'] = 'pma__usergroups';
$cfg['Servers'][$i]['navigationhiding'] = 'pma__navigationhiding';
$cfg['Servers'][$i]['savedsearches'] = 'pma__savedsearches';
$cfg['Servers'][$i]['central_columns'] = 'pma__central_columns';
在 MaraiaDB中建立一個 phpmyadmin帳號
> mysql -u root -p
mysql> GRANT ALL PRIVILEGES ON *.* TO 'phpmyadmin'@'localhost' IDENTIFIED BY '123456789' WITH GRANT OPTION;
mysql> FLUSH PRIVILEGES;
mysql> exit
> service mysql restart
重新開啟網頁
> https://www.MyHost.com/phpmyadmin/
- 安裝 Samba Server
> apt-get install samba
開放Samba防火牆
> sudo ufw allow 'Samba'
新增Samba Server的使用者 root
> smbpasswd -a root
password: 123456789
新增Samba Server的使用者 ABCDE
> smbpasswd -a ABCDE
password: 123456789
設定Samba 編輯檔案內容
> nano /etc/samba/smb.conf
第29行
workgroup = WORKGROUP
第170行增加下列
netbios name = MySambaServer
server string = This is samba server
unix charset = utf8
dos charset = cp950
log file = /var/log/samba/%m.log
max log size = 50
security = user
socket options = TCP_NODELAY
SO_RCVBUF=8192
SO_SNDBUF=8192
dns proxy = no
template shell = /bin/false
winbind use default domain = no
尾部加入
[public]
path = /home/MyUserDirectory
browseable = yes
guest ok = yes
guest only = yes
read only = no
force user = nobody
force create mode = 0777
force directory mode = 0777
[Root]
path = /
writable = yes
guest account = root
force user = root
public = yes
force group = root
read only = no
[Home]
path = /home/MyUserDirectory
writable = yes
guest account = root
force user = root
public = yes
force group = root
read only = no
檢查Samba的設定檔
> testparm
重新啟動 Samba Server
> systemctl restart smbd
將 Unbutu 電腦重新開機, 不重新開機, Windows 端會連線不到,
> reboot
在Windows設定
在網路上的芳鄰圖示下按右鍵,選 "連線網路磁碟機"
- 備份硬碟 Ubuntu 20.04
1: 下載 再生龍(Clonezilla)
https://clonezilla.nchc.org.tw/clonezilla-live/
Clonezilla live version: 20201102-groovy
CPU 架構: amd64
檔案類別: iso
檔案儲藏庫: 可用於備份硬碟
2: 下載 rufus
https://rufus.ie/
rufus-3.13.exe
使用 rufus 將 Clonezilla的ISO 變成 USB Boot Disk
3: 準備一個存放Ubuntu Disk image的 USB Disk 或 HDD Disk
必須先已格式化好 FAT的Disk
4: Ubuntu 20.04的主硬碟最好放在 電腦 BISO SATA 的排列之前
例如 進入 BIOS畫面後 會看到HDD 列表
P1: HDD-> Ubuntu 20.04 System Disk
P3: HDD-> Disk image
USB: Clonezilla USB Disk
5: 設定 Clonezilla USB Disk為開機Disk
使用 Clonezilla 把 Ubuntu 20.04 System Disk 製做成 Disk Image File
並儲存到 P3 HDD Disk image
6: 將 P1: HDD 更換為另一顆新的硬碟
使用 Clonezilla USB Disk將 Disk Image File還原到新的硬碟
註: Clonezilla直接硬碟對拷, 並不會對新的硬碟修改UUID
(需要手動自給修改UUID, 而且不一定會成功)
只有使用 ImageFile還原才會自動修改UUID
7: 使用新的硬碟重新開機