Ubuntu 20.04 + UFW + iRedMail 安裝流程
安裝好 Ubuntu 20.04, 請先不要進行更新動作
* 安裝Ubuntu 20.04的輸入法一定要先選擇Englih(US)
依下列流程一步一步的進行
產生 Ubuntu root 密碼
> sudo passwd root
開啟 Ubuntu ufw 防火牆
( MariaDB 對外連線, 就需要打開這個)
> sudo ufw enable
> sudo systemctl start ufw
> sudo systemctl enable ufw
> sudo reboot
* 有時Ubuntu重新開機後, ufw自動啟動會失效, 請重新上面四行指令
> sudo ufw status
> sudo ufw allow ssh
> sudo ufw allow in 22
> sudo ufw allow out 22
> sudo ufw allow in 25
> sudo ufw allow out 25
> sudo ufw allow in 80
> sudo ufw allow out 80
> sudo ufw allow in 443
> sudo ufw allow out 443
> sudo ufw allow in 3306
> sudo ufw allow out 3306
> sudo ufw status verbose
> sudo reboot
> sudo ufw status
* 通成開機桌面出現完成幾分鐘後 ufw 才會被啟動 *
> sudo apt update
> sudo apt upgrade
> sudo reboot 重新開機
最好再做一次 apt update/upgrade
> sudo apt update
> sudo apt upgrade
> sudo hostnamectl set-hostname mail.mydomain.com
> sudo nano /etc/hosts
127.0.0.1 www.mydomain.com localhost
127.0.1.1 mydomain-ubuntu
# The following lines are desirable for IPv6 capable hosts
::1 ip6-localhost ip6-loopback
fe00::0 ip6-localnet
ff00::0 ip6-mcastprefix
ff02::1 ip6-allnodes
ff02::2 ip6-allrouters
> hostname -f
> Download teamviewer
> Install teamviewer
> Start teamviewer with system
teamviewer->其他->選項->一般-> 勾選 Start teamviewer with system
> reboot
* 這版本的teamviewer 在暖開機時常會開機啟動失敗, 只能關電源後再重開機才會啟動成功.
解決辦法
> nano /etc/gdm3/custom.conf
原來的設定是
#WaylandEnable=false
將# 註釋取消
WaylandEnable=false
參考來源:
https://community.teamviewer.com/English/discussion/35342/teamviewer-13-not-connecting-in-ubuntu-18-04-login-screen
> reboot
開始安裝 git
> apt install git
開始安裝 iRedMail
> git clone https://github.com/iredmail/iRedMail.git
> cd iRedMail
> chmod +x iRedMail.sh
> bash iRedMail.sh
Path 選擇 /var/vmail
Web Server 選擇 Nginx
Database 選擇 MariaDB
MariaDB Root Password: myrootpassword
mail domain name: mydomain.com
postmaster@mydomain.com Password: myrootpassword
Optional Components:
防火牆的選項都選擇 Y
> apt install software-properties-common
> apt-add-repository -r ppa:certbot/certbot
> apt-get install certbot
> sudo certbot certonly --webroot --agree-tos --email mymail@mydomain.com -d www.mydomain.com -w /var/www/html/
- 防火牆的port 80,443 要打開, 不然會失敗
- 這個 ssl_certificate 每隔三個月就要重作一次
- 因為未來有用到 www 的web server 網頁
web server 是用來跨網存取 MariaDB
所以使用 www.mydomain.com 而不是 mail.mydomain.com
> sudo nano /etc/nginx/templates/ssl.tmpl
檔案內新增下面兩行
ssl_certificate /etc/letsencrypt/live/www.mydomain.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/www.mydomain.com/privkey.pem;
> nginx -t
> systemctl reload nginx
> nano /etc/postfix/main.cf
檔案內修改下面三行
smtpd_tls_key_file = /etc/letsencrypt/live/www.mydomain.com/privkey.pem
smtpd_tls_cert_file = /etc/letsencrypt/live/www.mydomain.com/cert.pem
smtpd_tls_CAfile = /etc/letsencrypt/live/www.mydomain.com/chain.pem
> systemctl reload postfix
> nano /etc/dovecot/dovecot.conf
檔案內修改下面兩行
ssl_cert = </etc/letsencrypt/live/www.mydomain.com/fullchain.pem
ssl_key = </etc/letsencrypt/live/www.mydomain.com/privkey.pem
> systemctl reload dovecot
> reboot
使用telnet測試 mail server
> telnet mydomain.com 25
產生 DKIM, 這很重要, 關係到GMail 收發信能力
> amavisd-new genrsa /var/lib/dkim/mydomain.com.pem 2048
> amavisd-new genrsa /var/lib/dkim/mydomain.com.pem 2048
> systemctl restart amavis
dkim._domainkey.mydomain.com. 3600 TXT (
"v=DKIM1; p="
"MIGfMA________________________________BiQKBgQDFK4u2gM/v1YoNryROAV0D1x0M"
"DM1P2zI________________________________ToNlkqUV7IfL1LqqzFg/BxzMS780bK"
"46CBLra________________________________AonftdqZJE5YuGUMXXiJ8cWK/KsS"
"w2M/T__________________QAB")
開始修改 DNS domain 資料
登入 已購買之domain的廠商, 例如 https://www.123cheapdomains.com/
. 設定 IP Pointing
. 設定 MX Record
. 增加一筆 TXT Record
v=spf1 a mx ptr ~all
. 增加一筆 TXT Record
DKIM records
> https://www.mydomain.com/iredadmin/
管理賬號 postmaster@mydomain.com
密碼: myrootpassword
> iredadmin 網頁放在 /opt/www/iredadmin/ 目錄下
備份 /opt/www/iredadmin-1.2/libs/iredpwd.py 為 iredpwd_org.py
開啟 /opt/www/iredadmin-1.2/libs/iredpwd.py
刪除使用者密碼要大寫及特殊字元的檢查
刪除程式 148-151行
刪除程式 140-142行
刪除程式 123行
刪除程式 121行
刪除程式 94-96行
刪除程式 86-88行
刪除程式 62行
刪除程式 60行
> https://www.mydomain.com/
網頁放在 /var/www/html/ 目錄下
> https://www.mydomain.com/mail/
Roundcube Webmail
建立 Web Link到使用者的目錄下
> ln -s /var/www/html /home/USERACCOUNT/html
Ubuntu 安裝 網路工具
> sudo apt install net-tools
> ifconfig
Ubuntu MariaDB Server
> mysql_secure_installation
> nano /etc/mysql/mariadb.conf.d/50-server.cnf
移除 bind-address = 127.0.0.1
> mysql -u root -p
輸資料庫mysql 的密碼
mysql> GRANT ALL PRIVILEGES ON *.* TO 'root'@'%' IDENTIFIED BY 'fdgfdgfdg' WITH GRANT OPTION;
mysql> FLUSH PRIVILEGES;
mysql> exit
重新啟動資料庫
> sudo service mysql restart
Nginx 與 PHP-FPM 環境
> nano /etc/nginx/nginx.conf
內容如下
user www-data;
worker_processes 1;
pid /var/run/nginx.pid;
events {
worker_connections 1024;
}
http {
include /etc/nginx/conf-enabled/*.conf;
include /etc/nginx/sites-enabled/*.conf;
fastcgi_buffers 8 16k;
fastcgi_buffer_size 32k;
fastcgi_connect_timeout 90;
fastcgi_send_timeout 90;
fastcgi_read_timeout 90;
}
> cd /etc/nginx/sites-available/
> nano /etc/nginx/sites-available/00-default.conf
填入下列資料
server {
listen 80 default_server;
listen [::]:80 default_server;
root /var/www/html;
index index.html index.htm index.php index.nginx-debian.html;
server_name _;
location / {
root /var/www/html;
index index.html index.htm;
autoindex on;
try_files $uri $uri/ =404;
}
location ~ \.php$ {
root /var/www/html;
fastcgi_pass 127.0.0.1:9000;
fastcgi_split_path_info ^(.+\.php)(.*)$;
fastcgi_param PATH_INFO $fastcgi_path_info;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_index index.php;
include fastcgi_params;
fastcgi_intercept_errors on;
error_page 404 /error/404.php;
}
location ~ /\.ht {
deny all;
}
}
> nano /etc/nginx/sites-available/00-default.conf
upstream php_workers {
server 127.0.0.1:9000;
}
> php -ini
> nano /etc/php/7.4/cli/php.ini
檢查 312行 disable_functions 後面不要加其他文字
disable_functions =
增加 第 151行
short_open_tag = On
> nano /etc/php/7.4/fpm/php.ini
刪除 312行 disable_functions 後面中參數的 phpinfo 這個字串
disable_functions = posix_uname,eval,pcntl_wexitstatus,posix_getpwuid,
xmlrpc_entity_decode,pcntl_wifstopped,pcntl_wifexited,pcntl_wifsignaled,
phpAds_XmlRpc,pcntl_strerror,ftp_exec,pcntl_wtermsig,mysql_pconnect
,proc_nice,pcntl_sigtimedwait,posix_kill,pcntl_sigprocmask,fput,phpinfo,
system,phpAds_remoteInfo,ftp_login,inject_code,posix_mkfifo,highlight_file,
escapeshellcmd,show_source,pcntl_wifcontinued,fp,pcntl_alarm,pcntl_wait,
ini_alter,posix_setpgid,parse_ini_file,ftp_raw,pcntl_waitpid,pcntl_getpriority,
ftp_connect,pcntl_signal_dispatch,pcntl_wstopsig,ini_restore,ftp_put,
passthru,proc_terminate,posix_setsid,pcntl_signal,pcntl_setpriority,
phpAds_xmlrpcEncode,pcntl_exec,ftp_nb_fput,ftp_get,phpAds_xmlrpcDecode,
pcntl_sigwaitinfo,shell_exec,pcntl_get_last_error,ftp_rawlist,pcntl_fork,
posix_setuid
檢查 nginx相關設定是否有錯誤
> nginx -t
> systemctl reload nginx
重新啟動 nginx
> systemctl restart nginx
重新啟動 php7.4-fpm
> systemctl restart php7.4-fpm
> cd /var/www/html
> nano info.php
填入下面資料,並存檔
<?php
echo phpinfo();
?>
- 開啟網頁
http://www.my.com/info.php
顯示如下
Configuration File (php.ini) Path /etc/php/7.4/fpm
Loaded Configuration File /etc/php/7.4/fpm/php.ini
Scan this dir for additional .ini files /etc/php/7.4/fpm/conf.d
將 Unbutu 電腦重新開機, 不重新開機, Windows 端會連線不到,
> reboot
在Windows設定
在網路上的芳鄰圖示下按右鍵,選 "連線網路磁碟機"
沒有留言:
張貼留言