From d04bbd05a065b2d2f5aa9510d0931d44b0a5e479 Mon Sep 17 00:00:00 2001 From: Benedikt Rollik Date: Tue, 15 Oct 2024 14:56:23 +0200 Subject: [PATCH 1/6] chore(tutorial): content review --- .../how-to/manage-dns-records.mdx | 1 + .../index.mdx | 6 +- .../create-wordpress-instances-cli/index.mdx | 2 +- tutorials/deploy-nextcloud-s3/index.mdx | 50 +- tutorials/foreman-puppet/index.mdx | 39 +- tutorials/glusterfs/index.mdx | 270 ++--- tutorials/powerdns-ubuntu-bionic/index.mdx | 255 ++-- .../index.mdx | 2 +- .../setup-lamp-stack-ubuntu2204/index.mdx | 2 +- tutorials/setup-moodle/index.mdx | 4 +- .../setup-postfix-ubuntu-bionic/index.mdx | 1079 +++++------------ tutorials/socket-io/index.mdx | 221 ++-- 12 files changed, 609 insertions(+), 1322 deletions(-) diff --git a/network/domains-and-dns/how-to/manage-dns-records.mdx b/network/domains-and-dns/how-to/manage-dns-records.mdx index 35b2518aa3..5b6facf21e 100644 --- a/network/domains-and-dns/how-to/manage-dns-records.mdx +++ b/network/domains-and-dns/how-to/manage-dns-records.mdx @@ -2,6 +2,7 @@ meta: title: How to manage DNS records description: Learn how to manage DNS records effectively with Scaleway Domains and DNS. Discover how to add, edit, and delete DNS records, along with advanced configurations like dynamic records for traffic management and Geo IP for optimizing user experience based on location. +content: h1: How to manage DNS records paragraph: Learn how to manage DNS records effectively with Scaleway Domains and DNS. Discover how to add, edit, and delete DNS records, along with advanced configurations like dynamic records for traffic management and Geo IP for optimizing user experience based on location. tags: txt-record mx-record dns-record dns domain records diff --git a/tutorials/backup-dedicated-server-s3-duplicity/index.mdx b/tutorials/backup-dedicated-server-s3-duplicity/index.mdx index 22794dfd17..b66770e1d8 100644 --- a/tutorials/backup-dedicated-server-s3-duplicity/index.mdx +++ b/tutorials/backup-dedicated-server-s3-duplicity/index.mdx @@ -1,15 +1,15 @@ --- meta: - title: Backing up your dedicated server on Object Storage with Duplicity + title: Backing up your dedicated server on Scaleway Object Storage with Duplicity description: Automatize your backups with Duplicity and Scaleway Object Storage content: - h1: Backing up your dedicated server on Object Storage with Duplicity + h1: Backing up your dedicated server on Scaleway Object Storage with Duplicity paragraph: Automatize your backups with Duplicity and Scaleway Object Storage tags: duplicity backup gpg s3 categories: - object-storage dates: - validation: 2024-04-09 + validation: 2024-10-15 posted: 2018-10-13 --- diff --git a/tutorials/create-wordpress-instances-cli/index.mdx b/tutorials/create-wordpress-instances-cli/index.mdx index b1b5736239..19917d2a35 100644 --- a/tutorials/create-wordpress-instances-cli/index.mdx +++ b/tutorials/create-wordpress-instances-cli/index.mdx @@ -9,7 +9,7 @@ categories: - instances tags: InstantApp WordPress dates: - validation: 2024-04-04 + validation: 2024-10-15 posted: 2021-10-11 --- diff --git a/tutorials/deploy-nextcloud-s3/index.mdx b/tutorials/deploy-nextcloud-s3/index.mdx index 5cd523d7f7..83c1be5d02 100644 --- a/tutorials/deploy-nextcloud-s3/index.mdx +++ b/tutorials/deploy-nextcloud-s3/index.mdx @@ -1,16 +1,16 @@ --- meta: - title: Deploying NextCloud with Object Storage - description: This page shows how to deploy and configure NextCloud with Object Storage + title: Deploying NextCloud with Scaleway Object Storage + description: This page shows how to deploy and configure NextCloud with Scaleway Object Storage content: - h1: Deploying NextCloud with Object Storage - paragraph: This page shows how to deploy and configure NextCloud with Object Storage + h1: Deploying NextCloud with Scaleway Object Storage + paragraph: This page shows how to deploy and configure NextCloud with Scaleway Object Storage categories: - object-storage - instances tags: NextCloud mariadb apache dates: - validation: 2024-04-09 + validation: 2024-10-15 posted: 2018-11-16 --- @@ -23,25 +23,27 @@ Combining NextCloud with Scaleway Object Storage gives you infinite storage spac - A Scaleway account logged into the [console](https://console.scaleway.com) - [Owner](/identity-and-access-management/iam/concepts/#owner) status or [IAM permissions](/identity-and-access-management/iam/concepts/#permission) allowing you to perform actions in the intended Organization - An [SSH key](/identity-and-access-management/organizations-and-projects/how-to/create-ssh-key/) -- An [Instance](/compute/instances/how-to/create-an-instance/) running on Ubuntu Jammy Jellyfish (22.04) +- An [Instance](/compute/instances/how-to/create-an-instance/) running on Ubuntu Jammy Jellyfish (22.04) or later - Installed and configured [MariaDB](/tutorials/mariadb-ubuntu-bionic/) on your Instance - `sudo` privileges or access to the root user ## Installing NextCloud -1. Log in to your server via SSH. +1. Log in to your Instance via SSH. + ``` + ssh root@ + ``` 2. Update the apt-sources and the already installed software on the server: ``` apt update && apt upgrade -y ``` 3. Install the required software from the apt repositories: ``` - apt install apache2 mariadb-server libapache2-mod-php - apt install php-gd php-json php-mysql php-curl php-mbstring php-intl php-imagick php-xml php-zip + apt update && apt upgrade -y && apt install apache2 mariadb-server libapache2-mod-php php-gd php-json php-mysql php-curl php-mbstring php-intl php-imagick php-xml php-zip -y ``` 4. Download the [latest version](https://nextcloud.com/changelog/) of NextCloud: ``` - wget https://download.nextcloud.com/server/releases/latest.tar.bz2 + wget https://download.nextcloud.com/server/releases/latest.tar.bz2 -O nextcloud.tar.bz2 ``` @@ -51,16 +53,23 @@ Combining NextCloud with Scaleway Object Storage gives you infinite storage spac ``` tar -xjf latest.tar.bz2 ``` -6. Copy the NextCloud directory to the document root of Apache: +6. Move the extracted folder to the Apache web directory: + ``` + mv nextcloud /var/www/ ``` - cp -r nextcloud /var/www +7. Set the correct file permissions: + ``` + chown -R www-data:www-data /var/www/nextcloud/ ``` -7. Create an Apache configuration file for NextCloud: + +## Configuring Apache + +1. Create an Apache configuration file for NextCloud: ``` nano /etc/apache2/sites-available/nextcloud.conf ``` - And put the following content into it: +2. Insert the following content: ``` Alias /nextcloud "/var/www/nextcloud/" @@ -108,14 +117,11 @@ Combining NextCloud with Scaleway Object Storage gives you infinite storage spac mysql -u root -p ``` 2. Create an empty database for NextCloud: - ``` - CREATE USER 'nextcloud'@'localhost' IDENTIFIED BY 'password'; - CREATE DATABASE IF NOT EXISTS nextcloud; - GRANT ALL PRIVILEGES ON nextcloud.* TO 'nextcloud'@'localhost' IDENTIFIED BY 'password'; - FLUSH privileges; - ``` -3. Log out from the MariaDB shell: - ``` + ```sql + CCREATE DATABASE nextcloud; + CREATE USER 'nextclouduser'@'localhost' IDENTIFIED BY 'your_secure_password'; + GRANT ALL PRIVILEGES ON nextcloud.* TO 'nextclouduser'@'localhost'; + FLUSH PRIVILEGES; EXIT; ``` diff --git a/tutorials/foreman-puppet/index.mdx b/tutorials/foreman-puppet/index.mdx index cedd0d5af1..279147459b 100644 --- a/tutorials/foreman-puppet/index.mdx +++ b/tutorials/foreman-puppet/index.mdx @@ -1,15 +1,15 @@ --- meta: - title: Installing and configuring Foreman on Ubuntu Focal - description: Discover how to install and configure Foreman on Ubuntu Focal + title: Installing and configuring Foreman on Ubuntu Jammy Jellyfish (22.04 LTS) + description: Discover how to install and configure Foreman on Ubuntu Jammy Jellyfish (22.04 LTS) content: - h1: Installing and configuring Foreman on Ubuntu Focal - paragraph: Discover how to install and configure Foreman on Ubuntu Focal -tags: Foreman puppet Ubuntu Focal + h1: Installing and configuring Foreman on Ubuntu Jammy Jellyfish (22.04 LTS) + paragraph: Discover how to install and configure Foreman on Ubuntu Jammy Jellyfish (22.04 LTS) +tags: Foreman puppet Ubuntu Jammy Jellyfish categories: - instances dates: - validation: 2024-04-04 + validation: 2024-10-15 posted: 2018-08-06 --- @@ -24,7 +24,7 @@ This tutorial assumes that Foreman is being installed on a fresh Instance, which - A Scaleway account logged into the [console](https://console.scaleway.com) - [Owner](/identity-and-access-management/iam/concepts/#owner) status or [IAM permissions](/identity-and-access-management/iam/concepts/#permission) allowing you to perform actions in the intended Organization - An [SSH key](/identity-and-access-management/organizations-and-projects/how-to/create-ssh-key/) -- An [Instance](/compute/instances/how-to/create-an-instance/) running on Ubuntu Focal Fossa (20.04) or later +- An [Instance](/compute/instances/how-to/create-an-instance/) running on Ubuntu Jammy Jellyfish (22.04 LTS) or later - Root access to all the servers you want to manage - A reachable port 8140 on the Puppet primary Instance - A working Puppet installation to perform the configuration management of hosts @@ -83,14 +83,15 @@ The fastest way to install Foreman is by using the installer, which installs and 1. Install Puppet 6.x from the Puppetlabs repository as follows: ``` apt-get -y install ca-certificates - wget https://apt.puppetlabs.com/puppet6-release-focal.deb - sudo dpkg -i puppet6-release-focal.deb + wget https://apt.puppetlabs.com/puppet7-release-focal.deb + sudo dpkg -i puppet7-release-focal.deb + apt-get update + apt-get -y install puppet-agent ``` 2. Add the Foreman repository to the [APT package manager sources list](https://en.wikipedia.org/wiki/APT_(Debian)): ``` - echo "deb http://deb.theforeman.org/ focal 3.1" | sudo tee /etc/apt/sources.list.d/foreman.list - echo "deb http://deb.theforeman.org/ plugins 3.1" | sudo tee -a /etc/apt/sources.list.d/foreman.list - sudo apt-get -y install ca-certificates + echo "deb http://deb.theforeman.org/ focal 3.7" | sudo tee /etc/apt/sources.list.d/foreman.list + echo "deb http://deb.theforeman.org/ plugins 3.7" | sudo tee -a /etc/apt/sources.list.d/foreman.list wget -q https://deb.theforeman.org/pubkey.gpg -O- | sudo apt-key add - ``` 3. Download the installer via APT: @@ -102,16 +103,12 @@ The fastest way to install Foreman is by using the installer, which installs and foreman-installer ``` - The command returns the following output: - + Upon completion, you will see: ``` - Installing Done [100%] [..] - Success! - * Foreman is running at https://foreman.example.com - Initial credentials are admin / 6fHtmSWpqNbGo7nn - * Foreman Proxy is running at https://foreman.example.com:8443 - * Puppetprimary is running at port 8140 - The full log is at /var/log/foreman-installer/foreman.log + Success! + * Foreman is running at https:// + Initial credentials: admin / + * Puppet server is running at port 8140 ``` ## Managing Puppet diff --git a/tutorials/glusterfs/index.mdx b/tutorials/glusterfs/index.mdx index b558f19822..f15f92c6bc 100644 --- a/tutorials/glusterfs/index.mdx +++ b/tutorials/glusterfs/index.mdx @@ -9,249 +9,193 @@ tags: glusterfs network filesystem Ubuntu categories: - instances dates: - validation: 2024-04-09 + validation: 2024-10-15 posted: 2018-09-28 --- -GlusterFS is an open-source, scalable network filesystem suitable for high data-intensive workloads such as media streaming, cloud storage, and CDN (Content Delivery Network). Each storage server will be a mirror of the other storage server, and files will be replicated automatically across both storage servers. +GlusterFS is an open-source, scalable network filesystem suited for high data-intensive workloads, such as media streaming, cloud storage, and content delivery networks (CDN). +In this tutorial, we will deploy a high-availability storage solution using **GlusterFS 11** and **Scaleway Block Storage** on **Ubuntu 22.04**. + +Each storage Instance will mirror the other, and files will automatically be replicated across all servers. - A Scaleway account logged into the [console](https://console.scaleway.com) - [Owner](/identity-and-access-management/iam/concepts/#owner) status or [IAM permissions](/identity-and-access-management/iam/concepts/#permission) allowing you to perform actions in the intended Organization - An [SSH key](/identity-and-access-management/organizations-and-projects/how-to/create-ssh-key/) -- 3 servers running on Ubuntu -- `sudo` privileges or access to the root user +- Three Instances running **Ubuntu 22.04 LTS** +- Attached [Scaleway Block Storage](/storage/block/how-to/attach-a-volume/) to each GlusterFS Instance ## Configuring the host file -Before installing `glusterfs` on all servers we need to configure the hosts' file and add the GlusterFS repository to each server. +Before installing GlusterFS, ensure each Instance can resolve the others via their hostname. This will simplify network communication between servers. -1. [Connect to your server](/compute/instances/how-to/connect-to-instance/) via SSH. -2. Update the apt-sources and the software already installed on the server. +1. Log in to each Instance via SSH. + ``` + ssh root@ + ``` +2. Update the system: ``` apt update && apt upgrade -y ``` -3. Log in to each server and edit the `/etc/hosts` file. + +3. Edit the `/etc/hosts` file on each Instance: ``` nano /etc/hosts ``` -4. Paste the hosts configuration below: + +4. Add entries for each Instance: ``` - ip_address gluster01 - ip_address gluster02 - ip_address client01 + gluster01 + gluster02 + client01 ``` -5. Save and exit. -6. Ping each server using the hostname as below: + +5. Verify hostname resolution: ``` ping -c 3 gluster01 ping -c 3 gluster02 ping -c 3 client01 ``` - - If the `ping` command is not installed by default, you can install it with the `apt install iputils-ping` command. - - -Each hostname will resolve to each server's IP address. - -``` ---- gluster01 ping statistics --- -3 packets transmitted, 3 received, 0% packet loss, time 2033ms -rtt min/avg/max/mdev = 0.560/0.604/0.627/0.031 ms - ---- gluster02 ping statistics --- -3 packets transmitted, 3 received, 0% packet loss, time 2050ms -rtt min/avg/max/mdev = 0.497/0.593/0.688/0.080 ms - ---- client01 ping statistics --- -3 packets transmitted, 3 received, 0% packet loss, time 2036ms -rtt min/avg/max/mdev = 0.672/0.728/0.802/0.054 ms - -``` - -## Adding the GlusterFS repository -Install the `software-properties-common` package to all systems. +## Adding the GlusterFS 11 repository -``` -apt install software-properties-common -y -``` +1. Install the `software-properties-common` package on all Instances: + ``` + apt install software-properties-common -y + ``` -Add the GlusterFS key and repository to all systems. +2. Add the GlusterFS 11 repository to all systems: + ``` + sudo add-apt-repository ppa:gluster/glusterfs-11 + apt update + ``` -``` -sudo add-apt-repository ppa:gluster/glusterfs-9 -``` +--- -## Installing a GlusterFS server +## Installing GlusterFS server -1. Install the `glusterfs-server` package on both gluster01 and gluster02 servers. +1. Install the GlusterFS server on both `gluster01` and `gluster02`: ``` - apt install glusterfs-server -y + apt install glusterfs-Instance -y ``` -2. Start the `glusterd` service, and enable it to launch at every system boot: + +2. Start the `glusterd` service and enable it at boot: ``` systemctl start glusterd.service systemctl enable glusterd.service ``` - GlusterFS server is now up and running on the `gluster01` and `gluster02` servers. -3. Check the services and the software's versions: +3. Verify the installation: ``` systemctl status glusterd.service - glusterfsd --version + glusterfs --version ``` -The command should return an `active (running)` status and `glusterfs 9.5` version. + You should see GlusterFS 11.x and an active status for the service. -## Configuring GlusterFS servers +## Setting Up a distributed GlusterFS volume with Scaleway Block Storage -The next step is configuring the servers by creating a trusted storage pool and creating a distributed GlusterFS volume. + + In a production environment, it is **strongly recommended** to use dedicated storage, such as **Scaleway Block Storage**, instead of system directories for GlusterFS volumes. + This ensures better data safety, scalability, and performance. Using system directories (like `/glusterfs`) can lead to potential issues if the root partition fills up. + -- From the gluster01 server, we need to add the gluster02 server to the GlusterFS storage pool. - ``` - gluster peer probe gluster02 - ``` +### Attaching Scaleway Block Storage - The result `peer probe: success` is displayed. We added the gluster02 server to the storage trusted pool. -- Check the storage pool status and list. - ``` - gluster peer status - gluster pool list - ``` - ``` - root@gluster01:~# gluster peer status - Number of Peers: 1 +1. Create and Attach Scaleway Block Storage to each Instance: + - From the Scaleway Console, [create a new Block Storage volume](/storage/block/how-to/create-a-volume/) for each GlusterFS server. + - Attach each volume to the respective Instance. + - Once attached, log into each Instance and check if the block storage is recognized: + ``` + lsblk + ``` + You should see a new unmounted device (e.g., `/dev/sdb`). - Hostname: gluster02 - Uuid: 17e7a76f-f616-42e5-b741-63a07fd091d6 - State: Peer in Cluster (Connected) - root@gluster01:~# gluster pool list - UUID Hostname State - 17e7a76f-f616-42e5-b741-63a07fd091d6 gluster02 Connected - ecc9cafa-b25d-477e-b6bc-403c051e752d localhost Connected - ``` +2. Partition the volume and format it with a filesystem (e.g., `ext4`): + ``` + mkfs.ext4 /dev/sdb + ``` -The gluster02 server is connected to the peer cluster, and it is on the pool list. +3. Mount the Block Storage to a directory: + - Create a mount point for GlusterFS: + ``` + mkdir -p /mnt/glusterfs + ``` + - Mount the volume to the directory: + ``` + mount /dev/sdb /mnt/glusterfs + ``` -After creating the trusted storage pool, we will create a new distributed GlusterFS volume. We will create the new GlusterFS volume based on the system directory. +4. Add the block storage to `/etc/fstab` to ensure it mounts automatically after reboot: + ``` + /dev/sdb /mnt/glusterfs ext4 defaults 0 0 + ``` -## Setting up the distributed GlusterFS volume +5. Repeat these steps and attach, format, and mount a Block Storage volume on all GlusterFS Instances (e.g., `gluster01` and `gluster02`). - - For the server production, it is recommended to create the GlusterFS volume using a different partition, not using a system directory. - +### Creating a distributed GlusterFS volume -1. Create a new directory `/glusterfs/distributed` on both the gluster01 and the gluster02 servers. - ``` - mkdir -p /glusterfs/distributed - ``` -2. Create a distributed glusterfs volume in the gluster01 server named `vol01` with two replicas: `gfs01` and `gfs02`. - ``` - gluster volume create vol01 transport tcp gluster01:/glusterfs/distributed gluster02:/glusterfs/distributed force - ``` - ``` - volume create: vol01: success: please start the volume to access data - ``` -3. Start the `vol01` volume and check its information: - ``` - gluster volume start vol01 - gluster volume info vol01 - ``` - ``` - root@gluster01:/# gluster volume start vol01 - volume start: vol01: success - root@gluster01:/# gluster volume info vol01 +Now that Block Storage is mounted on both servers, proceed with creating the distributed GlusterFS volume: - Volume Name: vol01 - Type: Replicate - Volume ID: 814b103e-522c-48d2-8d1c-3301e10f3416 - Status: Started - Snapshot Count: 0 - Number of Bricks: 1 x 2 = 2 - Transport-type: tcp - Bricks: - Brick1: gluster01:/glusterfs/distributed - Brick2: gluster02:/glusterfs/distributed - Options Reconfigured: - transport.address-family: inet - nfs.disable: on - performance.client-io-threads: off - ``` +1. Create a GlusterFS Volume using the mounted block storage directories on both servers. Run the following command on `gluster01`: + ``` + gluster volume create vol01 transport tcp gluster01:/mnt/glusterfs gluster02:/mnt/glusterfs force + ``` -At this stage, we created the `Replicate` type `vol01` volume and two bricks on the `gluster01` and `gluster02` servers. All data will be distributed automatically to each replica server. +2. Start the volume: + ``` + gluster volume start vol01 + ``` -## Configuring GlusterFS client +3. Check the volume status: + ``` + gluster volume info + ``` -In this step, we will mount the `glusterfs` volume `vol01` to the Ubuntu client, and we need to install the `glusterfs-client` to the client server. +## Configuring the GlusterFS client -1. Install the glusterfs-client on `client01`. +1. Install the GlusterFS client on `client01`: ``` apt install glusterfs-client -y ``` -2. Create a new directory: `/mnt/glusterfs`. + +2. Create a mount point: ``` mkdir -p /mnt/glusterfs ``` -3. Mount the distributed glusterfs volume (`vol01`) to the `/mnt/glusterfs` directory. + +3. Mount the GlusterFS volume: ``` mount -t glusterfs gluster01:/vol01 /mnt/glusterfs ``` -4. Check the amount of volume available in the system. + +4. Verify the mount: ``` df -h /mnt/glusterfs ``` - - To mount glusterfs permanently to the Ubuntu client system, we can add the volume to the `/etc/fstab`. - -5. Edit the `/etc/fstab` configuration file: `vim /etc/fstab`. -6. Paste the following configuration: `gluster01:/vol01 /mnt/glusterfs glusterfs defaults,_netdev 0 0`. -7. Save and exit. -8. Reboot the server. When online, the GlusterFS volume 'vol01' is mounted automatically through the fstab. +5. Add the volume to `/etc/fstab` for permanent mounting: + ``` + gluster01:/vol01 /mnt/glusterfs glusterfs defaults,_netdev 0 0 + ``` ## Testing replication and mirroring -1. Mount the glusterfs volume `vol01` to each glusterfs servers. - - On gluster01: `mount -t glusterfs gluster01:/vol01 /mnt` - - On gluster02: `mount -t glusterfs gluster02:/vol01 /mnt` -2. Back on `client01`, go to the '/mnt/glusterfs' directory. - ``` - cd /mnt/glusterfs - ``` -3. Create three files using the touch command. +1. Mount the GlusterFS volume on both `gluster01` and `gluster02`: ``` - touch file01 file02 file03 - ``` -4. Check on each `gluster01` and `gluster02` that the files that we created from the client machine are displayed. - ``` - cd /mnt/ - ls -lah + mount -t glusterfs gluster01:/vol01 /mnt + mount -t glusterfs gluster02:/vol01 /mnt ``` - The gluster01 machine returns: - +2. From `client01`, create test files in `/mnt/glusterfs`: ``` - root@gluster01:/mnt# ls -lah - total 8.0K - drwxr-xr-x 3 root root 4.0K Oct 1 15:40 . - drwxr-xr-x 24 root root 4.0K Sep 28 14:11 .. - -rw-r--r-- 1 root root 0 Oct 1 15:40 file01 - -rw-r--r-- 1 root root 0 Oct 1 15:40 file02 - -rw-r--r-- 1 root root 0 Oct 1 15:40 file03 + touch file01 file02 file03 ``` - The gluster02 machine returns: - +3. Verify that the files are replicated on both `gluster01` and `gluster02`: ``` - root@gluster02:/mnt# ls -lah - total 8.0K - drwxr-xr-x 3 root root 4.0K Oct 1 15:40 . - drwxr-xr-x 24 root root 4.0K Sep 28 14:11 .. - -rw-r--r-- 1 root root 0 Oct 1 15:40 file01 - -rw-r--r-- 1 root root 0 Oct 1 15:40 file02 - -rw-r--r-- 1 root root 0 Oct 1 15:40 file03 + ls /mnt ``` -As you can see, all the files we created from the client machine are distributed to all the GlusterFS volume node servers. \ No newline at end of file +You should see the same files on both servers, confirming the replication is working. \ No newline at end of file diff --git a/tutorials/powerdns-ubuntu-bionic/index.mdx b/tutorials/powerdns-ubuntu-bionic/index.mdx index 117b410837..d4618defb1 100644 --- a/tutorials/powerdns-ubuntu-bionic/index.mdx +++ b/tutorials/powerdns-ubuntu-bionic/index.mdx @@ -1,277 +1,202 @@ --- -meta: - title: Installing PowerDNS on Ubuntu Bionic Beaver (18.04 LTS) + title: Installing PowerDNS on Ubuntu Jammy Jellyfish (22.04 LTS) description: This page shows you how to install a PowerDNS server on Ubuntu Linux with a MariaDB backend -content: - h1: Installing PowerDNS on Ubuntu Bionic Beaver (18.04 LTS) + content: + h1: Installing PowerDNS on Ubuntu Jammy Jellyfish (22.04 LTS) paragraph: This page shows you how to install a PowerDNS server on Ubuntu Linux with a MariaDB backend -tags: dns ubuntu PowerDNS server MariaDB -categories: - - instances -dates: - validation: 2024-03-27 - posted: 2020-09-10 + tags: dns ubuntu PowerDNS server MariaDB + categories: + - Instances + dates: + validation: 2024-10-15 + posted: 2020-09-10 --- -The PowerDNS authoritative server is an open-source DNS server written in C++. An authoritative DNS server is a server that contains a database of public IP addresses and their associated domain names. Its purpose is to resolve those common names into machine-understandable IP addresses as requested. +The PowerDNS authoritative server is an open-source DNS server written in C++. An authoritative DNS server contains a database of public IP addresses and their associated domain names, serving the purpose of resolving those common names into machine-understandable IP addresses. -PowerDNS runs on most Linux distributions and other Unix derivatives. The software comes with a set of back-end and front-end applications making it flexible and customizable. - -In this tutorial, you will learn the basics about the installation of a PowerDNS authoritative server with a MySQL (MariaDB) backend and PowerDNS Admin as frontend, running on Ubuntu 18.04 LTS (Bionic Beaver). +PowerDNS runs on most Linux distributions, including Ubuntu. This tutorial demonstrates how to install PowerDNS authoritative server with a **MariaDB backend** and **PowerDNS Admin** frontend, running on **Ubuntu 22.04 LTS (Jammy Jellyfish)**. - A Scaleway account logged into the [console](https://console.scaleway.com) - [Owner](/identity-and-access-management/iam/concepts/#owner) status or [IAM permissions](/identity-and-access-management/iam/concepts/#permission) allowing you to perform actions in the intended Organization - An [SSH key](/identity-and-access-management/organizations-and-projects/how-to/create-ssh-key/) -- At least 2 [Instances](/compute/instances/how-to/create-an-instance/) running on Ubuntu Bionic Beaver +- At least 2 [Instances](/compute/instances/how-to/create-an-instance/) running on Ubuntu Jammy Jellyfish (22.04 LTS) -### Installing PowerDNS +## Installing PowerDNS - This section covers the basic installation of PowerDNS. Execute these steps on all of your Instances (primary and secondary). + This section covers the basic installation of PowerDNS. Execute these steps on both your primary and secondary Instances. 1. Log into your Instance using SSH: ``` ssh root@ ``` -2. Update the `apt` package cache and upgrade the software already installed on your machine to the latest version available in Ubuntu's repositories: +2. Update the `apt` package cache and upgrade the software to the latest version available: ``` apt update && apt upgrade -y ``` -3. Install MariaDB, an open-source alternative to MySQL, using the `apt` package manager: +3. Install MariaDB using the `apt` package manager: ``` apt install mariadb-server -y ``` + 4. Initialize the database server by running the interactive setup wizard: ``` mysql_secure_installation ``` - You are prompted with the following questions: + You will be prompted with the following questions: - - Enter current password for root: Press `Enter` for none. + - Enter current password for root: Press `Enter` if none is set. - Set root password? `Y` - - Type in the new MariaDB root password and confirm it + - Type in the new MariaDB root password and confirm it. - Remove anonymous users? `Y` - Disallow root login remotely? `Y` - Remove test database and access to it? `Y` - Reload privilege tables now? `Y` -5. Disable the `resolvd` service by running the following commands: - ``` - systemctl disable systemd-resolved.service - systemctl stop systemd-resolved.service - ``` -6. Remove the symlinked `resolv.conf` file: - ``` - ls -lh /etc/resolv.conf - lrwxrwxrwx 1 root root 24 Sep 10 08:03 /etc/resolv.conf -> /lib/systemd/resolv.conf - ``` -7. Create a new `resolv.conf` file containing your preferred DNS resolver (for example 9.9.9.9): - ``` - echo "nameserver 9.9.9.9" > /etc/resolv.conf - ``` -8. Install PowerDNS and the PowerDNS MySQL backend using the `apt` package manager: + +5. Install PowerDNS and the MySQL backend: ``` apt install pdns-server pdns-backend-mysql -y ``` -Confirm you want to use `dbconfig-common` to configure the database for PowerDNS automatically + Confirm that you want to use `dbconfig-common` to automatically configure the database. -During the installation, you will be asked to enter a password for the MySQL backend user. Press `Enter` to generate a random password automatically. + During the installation, you'll be asked to enter a password for the MySQL backend user. Press `Enter` to generate a random password automatically. -### Configuring the primary instance +## Configuring the primary Instance -On the primary Instance, three options need to be configured in the PowerDNS `pdns.conf` configuration file: `allow-axfr-ips`, `api`, and `master`. +On the primary Instance, three main options need to be configured in the `pdns.conf` configuration file: `allow-axfr-ips`, `api`, and `master`. -1. Open the PowerDNS configuration file in a text editor on the primary instance (we assume it is named `ns1.example.com`): +1. Open the PowerDNS configuration file: ``` - root@ns1:~# nano /etc/powerdns/pdns.conf + nano /etc/powerdns/pdns.conf ``` -2. Search for the `allow-axfr-ips` block, to allow zone transfers to other hosts. In this tutorial, we configure a PowerDNS with one primary (`ns1.example.com` with the IP `51.15.15.51`) and one secondary (`ns2.example.com` with the IP `51.15.52.53`) DNS server. If you have more secondary DNS servers add the IPs of all of them to this section. You can also allow transfers to the entire subnets (i.e. `192.168.42.0/24`), but for security reasons, you should set the permissions as strictly as possible. + +2. Configure **zone transfers** to other hosts by editing the `allow-axfr-ips` block. In this example, we set up one primary (`ns1.example.com` with IP `192.0.2.1`) and one secondary (`ns2.example.com` with IP `192.0.2.2`) DNS server: ``` - ################################# - # allow-axfr-ips Allow zonetransfers only to these subnets - # - # allow-axfr-ips=127.0.0.0/8,::1 - allow-axfr-ips=51.15.52.53 + allow-axfr-ips=192.0.2.2 ``` -3. Search for the `api` section of the configuration file and enable the API by setting the option's value to `yes`. Define a secret `api-key`, which will be used to authenticate against the API. + +3. Enable the **API** and set an `api-key`: ``` - ################################# - # api Enable/disable the REST API (including HTTP listener) - # - # api=no api=yes - - ################################# - # api-key Static pre-shared authentication key for access to the REST API - # - # api-key= api-key= ``` -4. Specify that our instance is the **primary** server in our setup. To do this search for the `master` option and enable it: + +4. Specify that this Instance is the **primary** server: ``` - ################################# - # master Act as a master - # - # master=no master=yes ``` - Once these settings are made, save the file and exit your text editor. -5. Restart the PowerDNS server to activate the new configuration: +5. Save the file and restart the PowerDNS server to apply the configuration: ``` - root@ns1:~# systemctl restart pdns.service + systemctl restart pdns.service ``` -### Configuring the secondary Instance +## Configuring the secondary Instance -On the secondary Instance, some configuration has to be set to make the PowerDNS server act as a secondary node. +For the secondary Instance, configure PowerDNS to act as a secondary server. - If you have more than one secondary instance, you have to repeat these steps on each of them and edit the DNS hostnames of each instance accordingly (i.e. `n2.example.com`, `ns3.example.com` etc.) + If you have more than one secondary Instance, repeat these steps and change the DNS hostnames accordingly (e.g., `ns3.example.com`). -1. Open the PowerDNS configuration file in a text editor on the secondary instance (we assume it is named `ns2.example.com`): +1. Open the PowerDNS configuration file on the secondary Instance: ``` - root@ns2:~# nano /etc/powerdns/pdns.conf + nano /etc/powerdns/pdns.conf ``` -2. Search for the `slave` section on the configuration and enable the option. To ensure the secondary Instance contains up-to-date data, set the `slave-cycle-interval` option. It refreshes data automatically after a given time, without waiting for a `NOTIFY` command from the primary Instance. + +2. Enable the **slave** mode and configure it to regularly refresh its data with the `slave-cycle-interval` option: ``` - ################################# - # slave Act as a slave - # - # slave=no slave=yes - - ################################# - # slave-cycle-interval Schedule slave freshness checks once every .. seconds - # - # slave-cycle-interval=60 slave-cycle-interval=60 ``` - Once the options are set, save the file and exit your text editor. -3. Set the `supermasters` value in the MySQL table. The following values have to be added to the MySQL backend on the secondary instance: - - The IP address of the PowerDNS primary instance (`51.15.15.51`) - - The FQDN of the secondary PowerDNS instance (`ns2.example.com`) - - The role to assign (`admin`) - - Connect to the MariaDB shell using the following command: - +3. Add the primary Instance as a **supermaster** to the MariaDB backend. Connect to MariaDB and insert the necessary values: ``` - root@ns1:~# mysql -p -u root + mysql -p -u root ``` - Add the following line to the `supermasters` table: - ``` - MariaDB [(none)]> insert into pdns.supermasters values ('51.15.15.51', 'ns2.example.com', 'admin'); - Query OK, 1 row affected (0.02 sec) + insert into pdns.supermasters values ('192.0.2.1', 'ns2.example.com', 'admin'); + quit; ``` - Then quit the MariaDB shell: - - ``` - MariaDB [(none)]> quit; - Bye - ``` -4. After these changes are made, restart the PowerDNS server on the secondary instance to activate the new configuration: +4. Restart the PowerDNS service on the secondary Instance: ``` - root@ns2:~# systemctl restart pdns.service + systemctl restart pdns.service ``` -### Testing the replication +## Testing replication -We will now create a test DNS zone on the primary PowerDNS instance, to check if the replication of the data on the secondary instance is working. - -1. On the primary instance create the new DNS zone using the `pdnsutil` command-line tool: - ``` - root@ns1:~# pdnsutil create-zone mynewdnszone.cloud - Creating empty zone 'mynewdnszone.cloud' +1. On the primary Instance, create a test DNS zone: ``` -2. Add the primary NS entry to the newly created zone: + pdnsutil create-zone example.com ``` - root@ns1:~# pdnsutil add-record mynewdnszone.cloud @ NS ns1.example.com - New rrset: - mynewdnszone.cloud. IN NS 3600 ns1.example.com + +2. Add the primary NS entry: ``` -3. Add the secondary NS entry to the newly created zone: + pdnsutil add-record example.com @ NS ns1.example.com ``` - root@ns1:~# pdnsutil add-record mynewdnszone.cloud @ NS ns2.example.com - New rrset: - mynewdnszone.cloud. IN NS 3600 ns1.example.com - mynewdnszone.cloud. IN NS 3600 ns2.example.com + +3. Add the secondary NS entry: ``` -4. To be able to transfer the new DNS zone to our secondary PowerDNS instance, we need to increase the serial of the zone: + pdnsutil add-record example.com @ NS ns2.example.com ``` - root@ns1:~# pdnsutil increase-serial mynewdnszone.cloud - SOA serial for zone mynewdnszone.cloud set to 2 + +4. Increase the zone's serial number to prepare for the zone transfer: ``` -5. Sent a `NOTIFY` message to the secondary PowerDNS instance to launch the transfer of the DNS zone to it: + pdnsutil increase-serial example.com ``` - root@ns1:~# pdns_control notify mynewdnszone.cloud - Added to queue + +5. Send a `NOTIFY` message to the secondary Instance: ``` -6. Test if the zone transfer has been successfully completed by querying the secondary instance: + pdns_control notify example.com ``` - root@ns1:~# dig NS mynewdnszone.cloud @ns2.example.com - - ; <<>> DiG 9.11.3-1ubuntu1.13-Ubuntu <<>> NS mynewdnszone.cloud @ns2.example.com - ;; global options: +cmd - ;; Got answer: - ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 10667 - ;; flags: qr aa rd; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 1 - ;; WARNING: recursion requested but not available - - ;; OPT PSEUDOSECTION: - ; EDNS: version: 0, flags:; udp: 1680 - ;; QUESTION SECTION: - ;mynewdnszone.cloud. IN NS - ;; ANSWER SECTION: - mynewdnszone.cloud. 3600 IN NS ns2.example.com. - mynewdnszone.cloud. 3600 IN NS ns1.example.com. - - ;; Query time: 4 msec - ;; SERVER: 51.15.52.53#53(51.15.52.53) - ;; WHEN: Thu Sep 10 13:58:19 UTC 2020 - ;; MSG SIZE rcvd: 90 +6. Verify the replication by querying the secondary Instance: + ``` + dig NS example.com @ns2.example.com ``` -### Setting up a graphical interface - -Now, as both PowerDNS Instances are configured and the zone transfer between them is working, we configure a graphical interface that allows us to create and manage our DNS zones from a web browser. Therefore, we will install the tool [PowerDNS Admin](https://github.com/ngoduykhanh/PowerDNS-Admin) on one of our Instances. +## Setting up a graphical interface (PowerDNS Admin) -1. Install the prerequisites for Docker using the `apt` package manager: +1. Install Docker prerequisites: ``` apt install apt-transport-https ca-certificates curl gnupg-agent software-properties-common -y ``` + 2. Download and install Docker's official GPG key: ``` - curl -fsSL https://download.docker.com/linux/ubuntu/gpg | apt-key add - + curl -fsSL https://download.docker.com/linux/ubuntu/gpg | apt-key add - ``` -3. Add the official Docker repository to the `apt` package manager: + +3. Add Docker’s official repository: ``` add-apt-repository "deb [arch=amd64] https://download.docker.com/linux/ubuntu $(lsb_release -cs) stable" ``` -4. Update the repositories list and install Docker CE using the `apt` package manager: + +4. Update the package list and install Docker: ``` - apt update && apt install docker-ce docker-ce-cli containerd.io -y + apt update && apt install docker-ce docker-ce-cli containerd.io -y ``` + 5. Run PowerDNS Admin using Docker: ``` - docker run --net=host -d -v pda-data:/data ngoduykhanh/powerdns-admin:latest + docker run --net=host -d -v pda-data:/data ngoduykhanh/powerdns-admin:latest ``` -6. Open your instance ip in a web browser: `http://`. The PowerDNS Admin login screen displays: - -7. Create a new user account and log in to PowerDNS Admin. During the first connection, you are asked to enter the API credentials for your PowerDNS instance: - -8. The PowerDNS Admin Dashboard displays. It is your central control panel to manage your DNS zones and PowerDNS Admin settings: - -9. You can now manage your DNS zones from a powerful web interface, add new domains, and configure advanced options: - -You have successfully configured a replicated PowerDNS server with MariaDB as the backend database. The PowerDNS Admin web interface allows you to manage your domain names from a graphical interface. For advanced configuration of the interface, you may deploy the application using `docker-compose`. Refer to the [official documentation](https://github.com/ngoduykhanh/PowerDNS-Admin#option-2-using-docker-compose) for more information. Advanced PowerDNS configuration options are available to fine-tune your basic setup. The official [PowerDNS documentation](https://doc.powerdns.com/authoritative/) provides you with all the information to customize the application according to your needs. \ No newline at end of file +6. Open your Instance IP in a web browser: `http://`. Create a user account and log in. + +7. On your first login, enter the API credentials for your PowerDNS Instance. + +8. After logging in, you can manage your DNS zones through the PowerDNS Admin web interface. + +## Conclusion + +You have successfully installed a replicated PowerDNS server with a MariaDB backend on Ubuntu 22.04 LTS. Additionally, you have set up PowerDNS Admin, a web-based interface to manage your DNS zones. + +For more advanced configuration options, refer to the [PowerDNS documentation](https://doc.powerdns.com/authoritative/) and the [PowerDNS Admin project](https://github.com/PowerDNS-Admin/PowerDNS-Admin) for further customization. diff --git a/tutorials/pushing-metrics-logs-from-scw-instance/index.mdx b/tutorials/pushing-metrics-logs-from-scw-instance/index.mdx index ebb17022d3..34372c9601 100644 --- a/tutorials/pushing-metrics-logs-from-scw-instance/index.mdx +++ b/tutorials/pushing-metrics-logs-from-scw-instance/index.mdx @@ -10,7 +10,7 @@ categories: - cockpit - instances dates: - validation: 2024-04-11 + validation: 2024-10-15 posted: 2023-06-28 --- diff --git a/tutorials/setup-lamp-stack-ubuntu2204/index.mdx b/tutorials/setup-lamp-stack-ubuntu2204/index.mdx index 7ea48059cc..b41c6c1a57 100644 --- a/tutorials/setup-lamp-stack-ubuntu2204/index.mdx +++ b/tutorials/setup-lamp-stack-ubuntu2204/index.mdx @@ -9,7 +9,7 @@ tags: LAMP Ubuntu PHP Apache MySQL Linux categories: - instances dates: - validation: 2024-04-09 + validation: 2024-10-15 posted: 2022-04-28 --- diff --git a/tutorials/setup-moodle/index.mdx b/tutorials/setup-moodle/index.mdx index 38efba0049..bffb713d06 100644 --- a/tutorials/setup-moodle/index.mdx +++ b/tutorials/setup-moodle/index.mdx @@ -10,7 +10,7 @@ categories: - instances hero: assets/scaleway_moodle.webp dates: - validation: 2024-04-09 + validation: 2024-10-15 posted: 2020-06-16 --- @@ -23,7 +23,7 @@ This tutorial shows you how to create your own learning platform by installing M - A Scaleway account logged into the [console](https://console.scaleway.com) - [Owner](/identity-and-access-management/iam/concepts/#owner) status or [IAM permissions](/identity-and-access-management/iam/concepts/#permission) allowing you to perform actions in the intended Organization - An [SSH key](/identity-and-access-management/organizations-and-projects/how-to/create-ssh-key/) -- An [Instance](/compute/instances/how-to/create-an-instance/) running on Ubuntu Focal Fossa (20.04 LTS) +- An [Instance](/compute/instances/how-to/create-an-instance/) running on Ubuntu Focal Fossa (20.04 LTS) or later - A [domain or subdomain](/network/domains-and-dns/quickstart/) pointed to your Instance ## Installing and configuring the LEMP stack diff --git a/tutorials/setup-postfix-ubuntu-bionic/index.mdx b/tutorials/setup-postfix-ubuntu-bionic/index.mdx index c9efe643ff..b5f24782fd 100644 --- a/tutorials/setup-postfix-ubuntu-bionic/index.mdx +++ b/tutorials/setup-postfix-ubuntu-bionic/index.mdx @@ -1,19 +1,20 @@ --- meta: - title: Setting up a secure mail server - description: This page explains how to set up a mail server on Ubuntu Bionic Beaver. + title: Setting up a secure mail server on Ubuntu 22.04 LTS (Jammy Jellyfish) + description: This page explains how to set up a mail server on Ubuntu 22.04 LTS (Jammy Jellyfish). content: - h1: Setting up a secure mail server - paragraph: This page explains how to set up a mail server on Ubuntu Bionic Beaver. + h1: Setting up a secure mail server on Ubuntu 22.04 LTS (Jammy Jellyfish) + paragraph: This page explains how to set up a mail server on Ubuntu 22.04 LTS (Jammy Jellyfish). categories: - instances tags: security DKIM Rspamd MariaDB Roundcube dmarc dates: - validation: 2024-03-27 + validation: 2024-10-15 posted: 2020-06-04 --- -In this tutorial you will learn how to configure a mail server that uses [DKIM](https://en.wikipedia.org/wiki/DomainKeys_Identified_Mail), [Rspamd](https://rspamd.com/) and [MariaDB](https://mariadb.com/) to deliver mails securely. You will install a [Roundcube](https://roundcube.net/) webmail interface to be able to read your emails directly from your browser. +In this tutorial you will learn how to configure a mail server that uses Postfix, Dovecot, Rspamd, DKIM, and MariaDB to deliver mails securely. +You learn also how to install a Roundcube webmail interface to be able to read your emails directly from your browser. We recommend you follow this tutorial using a [Production-Optimized Instance](/compute/instances/reference-content/choosing-instance-type/). @@ -28,7 +29,7 @@ In this tutorial you will learn how to configure a mail server that uses [DKIM]( - A [domain or subdomain](/network/domains-and-dns/quickstart/) configured to point to the IP address of your Instance - Enabled the [SMTP ports](/compute/instances/how-to/send-emails-from-your-instance/) to send emails from your Instance -## Pre-work +## Pre-work and system preparation Before you continue with this tutorial, some configuration is required to make sure your mail server will be working. @@ -36,800 +37,278 @@ In this tutorial you will learn how to configure a mail server that uses [DKIM]( - The [SMTP ports](/compute/instances/how-to/send-emails-from-your-instance/) have been unlocked in the security group of the server. -1. Start by updating your system to make sure you have the latest software releases installed: - ``` - apt update && apt upgrade - ``` -2. Before starting the installation of the mail server, make sure that there is no other mail software already installed: - ``` - service sendmail stop; update-rc.d -f sendmail remove - ``` - - If you receive a message `Failed to stop sendmail.service: Unit sendmail.service not loaded.` you can ignore it. It will only tell you that sendmail has not been installed, so it cannot be removed. - - -## Installing PostfixAdmin - -All mailboxes will belong to virtual users. To manage mailboxes, we need one system user which will be the owner of all mailboxes and will be used by all virtual users to access their emails on the server. The home directory of the user will be `/var/mail/vmail` and all mailboxes will be stored in that directory: -``` -groupadd -g 5000 vmail -useradd -u 5000 -g vmail -s /usr/sbin/nologin -d /var/mail/vmail -m vmail -``` - -As PostfixAdmin is a PHP application, a web server is required. We will use Nginx with PHP7.2 and MariaDB: -``` -apt install nginx mariadb-server php-fpm php-cli php-imap php-json php-mysql php-opcache php-mbstring php-readline -``` - -1. Set a root password for MariaDB: - ``` - mysql_secure_installation - ``` - - The setup tool will ask you the following questions: - - `Enter current password for root (enter for none):` - Press Enter - - `Set root password? [Y/n]` - Type Y - - `New password:` - Enter the password for the root user - - `Re-enter new password:` - Repeat the password - - `Remove anonymous users? [Y/n]` - Type `Y` - - `Disallow root login remotely? [Y/n]` - Type `Y` - - `Remove test database and access to it? [Y/n]` - Type `Y` - - `Reload privilege tables now? [Y/n]` - Type `Y` - -2. Download and unpack PostfixAdmin. **The latest version at the time of writing of this tutorial is version 3.3.8**: - ``` - wget https://downloads.sourceforge.net/project/postfixadmin/postfixadmin-3.3.8/PostfixAdmin%203.3.8.tar.gz - tar xzf postfixadmin*.tar.gz - ``` -3. Move PostfixAdmin into the directory `/var/www/postfixadmin`: - ``` - mv postfixadmin-*/ /var/www/postfixadmin - rm -f PostfixAdmin*.tar.gz - mkdir /var/www/postfixadmin/templates_c - ``` -4. Change the ownership of the directory to the `www-data` user, as Nginx and PHP are using it: - ``` - chown -R www-data: /var/www/postfixadmin - ``` -5. PostfixAdmin will use a MySQL database to store information. Connect to your MariaDB Server to create a new database and user: - ``` - mysql -u root -p - ``` -6. Create the database, remember to replace `your_secret_password` with a password for the `postfixadmin` user: - ``` - CREATE DATABASE postfixadmin; - GRANT ALL ON postfixadmin.* TO 'postfixadmin'@'localhost' IDENTIFIED BY 'your_secret_password'; - FLUSH PRIVILEGES; - EXIT; - ``` -7. Create a configuration file `/var/www/postfixadmin/config.local.php` and open it in a text editor. Copy the following content into it: - ``` - 'abuse@example.com', - 'hostmaster' => 'hostmaster@example.com', - 'postmaster' => 'postmaster@example.com', - 'webmaster' => 'webmaster@example.com' - ); - - $CONF['fetchmail'] = 'NO'; - $CONF['show_footer_text'] = 'NO'; - - $CONF['quota'] = 'YES'; - $CONF['domain_quota'] = 'YES'; - $CONF['quota_multiplier'] = '1024000'; - $CONF['used_quotas'] = 'YES'; - $CONF['new_quota_table'] = 'YES'; - - $CONF['aliases'] = '0'; - $CONF['mailboxes'] = '0'; - $CONF['maxquota'] = '0'; - $CONF['domain_quota_default'] = '0'; - ?> - ``` - - - Remember to replace `your_secret_password` with the password for the database user. - - - The configuration defines the database type, login credentials, default aliases, disabled fetchmail, and enabled quota. -8. Now run the following script to install the database schema: - ``` - sudo -u www-data php /var/www/postfixadmin/public/upgrade.php - ``` - - As the database is ready now, it is possible to create the first superadmin from the CLI tools: - - ``` - bash /var/www/postfixadmin/scripts/postfixadmin-cli admin add - ``` - Enter the email address of the admin, and answer the questions of the CLI. -9. Create a Nginx configuration file for your domain. Open the file `/etc/nginx/sites-enabled/mail.example.com.conf` and paste the following configuration. Do not forget to edit the `server_name` to your domain name: - - ``` - server { - listen 80; - server_name mail.example.com; - root /var/www; - - location / { - try_files $uri $uri/ /index.php; - } - - location /postfixadmin { - index index.php; - try_files $uri $uri/ /postfixadmin/public/login.php; - } - - location ~* \.php$ { - fastcgi_split_path_info ^(.+?\.php)(/.*)$; - if (!-f $document_root$fastcgi_script_name) {return 404;} - fastcgi_pass unix:/run/php/php7.4-fpm.sock; - fastcgi_index index.php; - include fastcgi_params; - fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; - } - } - ``` -10. Restart Nginx to activate the configuration: - ``` - service nginx restart - ``` -11. To secure the communication with the web server, we use Let's Encrypt to get a free SSL certificate: - ``` - apt install python3-certbot-nginx - certbot --nginx - ``` - -## Installation of Postfix and Dovecot - -1. Install the required software. You can install all required packages with one command with **apt**: - ``` - apt install postfix postfix-mysql dovecot-imapd dovecot-lmtpd dovecot-pop3d dovecot-mysql - ``` - - You will be asked some questions during the installation: - - For server type choose `Internet Site` - - For mail name, enter the [FQDN](https://en.wikipedia.org/wiki/Fully_qualified_domain_name) of the server (for example: `mail.example.com`) - - We use virtual users in our configuration. Therefore, we have to create the configuration files for Postfix to use the database we have created previously. -2. Start by creating a directory to store the files: - ``` - mkdir -p /etc/postfix/sql - ``` -3. Create and open the file `/etc/postfix/sql/mysql_virtual_domains_maps.cf` in a text editor and put the following content in it: - ``` - user = postfixadmin - password = your_secret_password - hosts = 127.0.0.1 - dbname = postfixadmin - query = SELECT domain FROM domain WHERE domain='%s' AND active = '1' - ``` -4. Create and open the file `/etc/postfix/sql/mysql_virtual_alias_maps.cf` in a text editor and put the following content in it: - ``` - user = postfixadmin - password = your_secret_password - hosts = 127.0.0.1 - dbname = postfixadmin - query = SELECT goto FROM alias WHERE address='%s' AND active = '1' - ``` -5. Create and open the file `/etc/postfix/sql/mysql_virtual_alias_domain_catchall_maps.cf` in a text editor and put the following content in it: - ``` - user = postfixadmin - password = your_secret_password - hosts = 127.0.0.1 - dbname = postfixadmin - query = SELECT goto FROM alias,alias_domain WHERE alias_domain.alias_domain = '%d' and alias.address = CONCAT('@', alias_domain.target_domain) AND alias.active = 1 AND alias_domain.active='1' - ``` -6. Create and open the file `/etc/postfix/sql/mysql_virtual_alias_domain_maps.cf` in a text editor and put the following content in it: - ``` - user = postfixadmin - password = your_secret_password - hosts = 127.0.0.1 - dbname = postfixadmin - query = SELECT goto FROM alias,alias_domain WHERE alias_domain.alias_domain = '%d' and alias.address = CONCAT('%u', '@', alias_domain.target_domain) AND alias.active = 1 AND alias_domain.active='1' - ``` -7. Create and open the file `/etc/postfix/sql/mysql_virtual_mailbox_maps.cf` in a text editor and put the following content in it: - ``` - user = postfixadmin - password = your_secret_password - hosts = 127.0.0.1 - dbname = postfixadmin - query = SELECT maildir FROM mailbox WHERE username='%s' AND active = '1' - ``` -8. Create and open the file `/etc/postfix/sql/mysql_virtual_alias_domain_mailbox_maps.cf` in a text editor and put the following content in it: - ``` - user = postfixadmin - password = your_secret_password - hosts = 127.0.0.1 - dbname = postfixadmin - query = SELECT maildir FROM mailbox,alias_domain WHERE alias_domain.alias_domain = '%d' and mailbox.username = CONCAT('%u', '@', alias_domain.target_domain) AND mailbox.active = 1 AND alias_domain.active='1' - ``` -9. Once the MySQL configuration files are created, update the configuration of Postfix: - ``` - postconf -e "virtual_mailbox_domains = mysql:/etc/postfix/sql/mysql_virtual_domains_maps.cf" - postconf -e "virtual_alias_maps = mysql:/etc/postfix/sql/mysql_virtual_alias_maps.cf, mysql:/etc/postfix/sql/mysql_virtual_alias_domain_maps.cf, mysql:/etc/postfix/sql/mysql_virtual_alias_domain_catchall_maps.cf" - postconf -e "virtual_mailbox_maps = mysql:/etc/postfix/sql/mysql_virtual_mailbox_maps.cf, mysql:/etc/postfix/sql/mysql_virtual_alias_domain_mailbox_maps.cf" - ``` - - The `postconf` command can be used to display the actual configuration, change configuration values, or display other configuration information about the Postfix mail system. - - - Local delivery will be handled by Dovecot's local delivery agent. It will take mail from an MTA (Postfix) and deliver it to a local user's mailbox. - ``` - postconf -e "virtual_transport = lmtp:unix:private/dovecot-lmtp" - ``` -10. Configure TLS parameters by using the Let's encrypt SSL certificate: - ``` - postconf -e 'smtp_tls_security_level = may' - postconf -e 'smtpd_tls_security_level = may' - postconf -e 'smtp_tls_note_starttls_offer = yes' - postconf -e 'smtpd_tls_loglevel = 1' - postconf -e 'smtpd_tls_received_header = yes' - postconf -e 'smtpd_tls_cert_file = /etc/letsencrypt/live/mail.example.com/fullchain.pem' - postconf -e 'smtpd_tls_key_file = /etc/letsencrypt/live/mail.example.com/privkey.pem' - ``` -11. Configure the authenticated SMTP settings: - ``` - postconf -e 'smtpd_sasl_type = dovecot' - postconf -e 'smtpd_sasl_path = private/auth' - postconf -e 'smtpd_sasl_local_domain =' - postconf -e 'smtpd_sasl_security_options = noanonymous' - postconf -e 'broken_sasl_auth_clients = yes' - postconf -e 'smtpd_sasl_auth_enable = yes' - postconf -e 'smtpd_recipient_restrictions = permit_sasl_authenticated,permit_mynetworks,reject_unauth_destination' - ``` -12. Enable the TLS/SSL and submission ports in the Postfix configuration file. Open the file `/etc/postfix/master.cf` with a text editor, and uncomment the submission and smtps sections as follows. Make sure that there is a whitespace in front of the `-o` as it is required: - ``` - submission inet n - y - - smtpd - -o syslog_name=postfix/submission - -o smtpd_tls_security_level=encrypt - -o smtpd_sasl_auth_enable=yes - # -o smtpd_reject_unlisted_recipient=no - -o smtpd_client_restrictions=permit_sasl_authenticated,reject - # -o smtpd_helo_restrictions=$mua_helo_restrictions - # -o smtpd_sender_restrictions=$mua_sender_restrictions - # -o smtpd_recipient_restrictions= - # -o smtpd_relay_restrictions=permit_sasl_authenticated,reject - -o milter_macro_daemon_name=ORIGINATING - smtps inet n - y - - smtpd - -o syslog_name=postfix/smtps - -o smtpd_tls_wrappermode=yes - -o smtpd_sasl_auth_enable=yes - # -o smtpd_reject_unlisted_recipient=no - -o smtpd_client_restrictions=permit_sasl_authenticated,reject - # -o smtpd_helo_restrictions=$mua_helo_restrictions - # -o smtpd_sender_restrictions=$mua_sender_restrictions - # -o smtpd_recipient_restrictions= - # -o smtpd_relay_restrictions=permit_sasl_authenticated,reject - -o milter_macro_daemon_name=ORIGINATING - ``` -13. Restart postfix to take the modifications into effect: - ``` - service postfix restart - ``` -14. Edit the file `/etc/dovecot/dovecot-sql.conf.ext` as follows: - ``` - driver = mysql - connect = host=127.0.0.1 dbname=postfixadmin user=postfixadmin password=your_secret_password - default_pass_scheme = MD5-CRYPT - iterate_query = SELECT username AS user FROM mailbox - user_query = SELECT CONCAT('/var/mail/vmail/',maildir) AS home, \ - CONCAT('maildir:/var/mail/vmail/',maildir) AS mail, \ - 5000 AS uid, 5000 AS gid, CONCAT('*:bytes=',quota) AS quota_rule \ - FROM mailbox WHERE username = '%u' AND active = 1 - password_query = SELECT username AS user,password FROM mailbox \ - WHERE username = '%u' AND active='1' - ``` -15. Edit the file `/etc/dovecot/conf.d/10-mail.conf` with the required information as shown below: - ``` - ... - mail_location = maildir:/var/mail/vmail/%d/%n - ... - mail_uid = vmail - mail_gid = vmail - ... - first_valid_uid = 5000 - last_valid_uid = 5000 - ... - mail_privileged_group = mail - ... - mail_plugins = quota - ... - ``` -16. Modify the information in the file `/etc/dovecot/conf.d/10-auth.conf` as follows: - ``` - ... - disable_plaintext_auth = yes - ... - auth_mechanisms = plain login - ... - #!include auth-system.conf.ext - !include auth-sql.conf.ext - ... - ``` -17. Edit the file `/etc/dovecot/conf.d/10-master.conf` as follows: - ``` - ... - service lmtp { - unix_listener /var/spool/postfix/private/dovecot-lmtp { - mode = 0600 - user = postfix - group = postfix - } - ... - } - ... - service auth { - ... - unix_listener auth-userdb { - mode = 0600 - user = vmail - group = vmail - } - ... - unix_listener /var/spool/postfix/private/auth { - mode = 0666 - user = postfix - group = postfix - } - ... - } - ... - service auth-worker { - user = vmail - } - ... - service dict { - unix_listener dict { - mode = 0660 - user = vmail - group = vmail - } - } - ... - ``` -18. Edit the file `/etc/dovecot/conf.d/10-ssl.conf` as follows: - ``` - ... - ssl = yes - ... - ssl_cert = - Remember to replace `your_secret_password` with your own password + If the message `Failed to stop sendmail.service` appears, it can be safely ignored. - You will see an output like the following: - - ``` - rspamadm pw --encrypt -p your_secret_password - $2$93qin9nkifzjpr7taqhs9guua888tnny$dnys6um6xm1gb1amgnz9hocuz7grxuk5z9yjw87psrk6yu641oiy - ``` -4. Edit the file `/etc/rspamd/local.d/worker-controller.inc` and put the encrypted password into it: - ``` - password = "$2$93qin9nkifzjpr7taqhs9guua888tnny$dnys6um6xm1gb1amgnz9hocuz7grxuk5z9yjw87psrk6yu641oiy"; - ``` - - Configure redis to be used with rspamd by editing the file `/etc/rspamd/local.d/classifier-bayes.conf`: - - ``` - servers = "127.0.0.1"; - backend = "redis"; - ``` -5. Set the [milter headers](https://rspamd.com/doc/modules/milter_headers.html) in the file `/etc/rspamd/local.d/milter_headers.conf`: - ``` - use = ["x-spamd-bar", "x-spam-level", "authentication-results"]; - ``` -6. Restart Rspamd: - ``` - service rspamd restart - ``` -7. Add a proxy in the Nginx configuration file (for example: `/etc/nginx/sites-enabled/mail.example.com.conf`): - ``` - ... - location /rspamd { - proxy_pass http://127.0.0.1:11334/; - proxy_set_header Host $host; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - } - ... - ``` -8. Restart Nginx: - ``` - service nginx restart - ``` - -You can access the web interface of Rspamd now at http://your_servers_ip/rspamd. Use the password you have set with the `rspamadm pw` command to authenticate. - -### Configuring Postfix - -To use Rspamd with Postfix, the configuration has to be updated with `postconf`: - - ``` - postconf -e "milter_protocol = 6" - postconf -e "milter_mail_macros = i {mail_addr} {client_addr} {client_name} {auth_authen}" - postconf -e "milter_default_action = accept" - postconf -e "smtpd_milters = inet:127.0.0.1:11332" - postconf -e "non_smtpd_milters = inet:127.0.0.1:11332" - ``` - - Restart postfix to take the changes into effect: - - ``` - service postfix restart - ``` - -### Configuring Dovecot - -Dovecot is already installed on the server, add the `sieve` filtering module and integrate it with Rspamd. - -1. Install sieve via apt: - ``` - apt install dovecot-sieve dovecot-managesieved - ``` -2. Open the file `/etc/dovecot/conf.d/20-lmtp.conf` and edit it as follows: - ``` - ... - protocol lmtp { - postmaster_address = postmaster@example.com - mail_plugins = $mail_plugins sieve - } - ... - ``` -3. Open the file `/etc/dovecot/conf.d/20-imap.conf` and edit it as follows: - ``` - ... - protocol imap { - ... - mail_plugins = $mail_plugins imap_quota imap_sieve - ... - } - ... - ``` -4. Edit the file `/etc/dovecot/conf.d/20-managesieve.conf` as follows: - ``` - ... - service managesieve-login { - inet_listener sieve { - port = 4190 - } - } - ... - service managesieve { - process_limit = 1024 - } - ... - ``` -5. Open and edit the file `/etc/dovecot/conf.d/90-sieve.conf` as follows: - ``` - plugin { - ... - # sieve = file:~/sieve;active=~/.dovecot.sieve - sieve_plugins = sieve_imapsieve sieve_extprograms - sieve_before = /var/vmail/mail/sieve/global/spam-global.sieve - sieve = file:/var/vmail/mail/sieve/%d/%n/scripts;active=/var/vmail/mail/sieve/%d/%n/active-script.sieve - - imapsieve_mailbox1_name = Spam - imapsieve_mailbox1_causes = COPY - imapsieve_mailbox1_before = file:/var/vmail/mail/sieve/global/report-spam.sieve - - imapsieve_mailbox2_name = * - imapsieve_mailbox2_from = Spam - imapsieve_mailbox2_causes = COPY - imapsieve_mailbox2_before = file:/var/vmail/mail/sieve/global/report-ham.sieve - - sieve_pipe_bin_dir = /usr/bin - sieve_global_extensions = +vnd.dovecot.pipe - .... - } - ``` -6. Restart the `dovecot` service and create a directory for the sieve scripts: - ``` - service dovecot restart - mkdir -p /var/vmail/mail/sieve/global - ``` -7. Create a global sieve filter in the file `/var/vmail/mail/sieve/global/spam-global.sieve`. It will move emails marked as spam directly to the spam folder: - ``` - require ["fileinto","mailbox"]; - - if anyof( - header :contains ["X-Spam-Flag"] "YES", - header :contains ["X-Spam"] "Yes", - header :contains ["Subject"] "*** SPAM ***" - ) - { - fileinto :create "Spam"; - stop; - } - ``` -8. Create a script, named `/var/vmail/mail/sieve/global/report-spam.sieve`, that will be triggered each time you manually move an email into the spam folder: - ``` - require ["vnd.dovecot.pipe", "copy", "imapsieve"]; - pipe :copy "rspamc" ["learn_spam"]; - ``` -9. Create a script, named `/var/vmail/mail/sieve/global/report-ham.sieve`, that will be triggered each time when you move an email out of the spam folder: - ``` - require ["vnd.dovecot.pipe", "copy", "imapsieve"]; - pipe :copy "rspamc" ["learn_ham"]; - ``` -10. Compile the sieve scripts and set permissions: - ``` - sievec /var/vmail/mail/sieve/global/spam-global.sieve - sievec /var/vmail/mail/sieve/global/report-spam.sieve - sievec /var/vmail/mail/sieve/global/report-ham.sieve - chown -R vmail: /var/vmail/mail/sieve/ - ``` - -## Creating DKIM keys - -DomainKeys Identified Mail ([DKIM](https://en.wikipedia.org/wiki/DomainKeys_Identified_Mail)) is an email authentication method designed to detect email spoofing. It allows the receiving server to verify the origin of an email by affixing a digital signature to it. Verification of the signature is carried out using the signer's public key published in the DNS. It can be used to detect fraudulent emails. - - -1. Create a new directory to store the DKIM key and generate a new DKIM key pair by using the `rspamadm` utility. In the following example, we use `mail` as a DKIM selector. It will generate a key pair that can be used for all domains handled by the mail server. - ``` - mkdir /var/lib/rspamd/dkim/ - rspamadm dkim_keygen -b 2048 -s mail -k /var/lib/rspamd/dkim/mail.key > /var/lib/rspamd/dkim/mail.pub - ``` - - You will find two files in the directory: - - `mail.key` - The private key file - - `mail.pub` - The public key file -2. Create a new file `/etc/rspamd/local.d/dkim_signing.conf` to tell Rspamd where to look for the DKIM key and the selector name. The last line will enable DKIM signing for alias sender addresses: - ``` - selector = "mail"; - path = "/var/lib/rspamd/dkim/$selector.key"; - allow_username_mismatch = true; - ``` -3. Rspamd supports also ARC signatures, use the same configuration file and copy it. - ``` - cp /etc/rspamd/local.d/dkim_signing.conf /etc/rspamd/local.d/arc.conf - ``` -4. Restart Rspamd: - ``` - service rspamd restart - ``` - -### DNS settings - -To sign your emails with DKIM, you have to add the public key to your DNS zone. - -1. Retrieve the key: - ``` - cat /var/lib/rspamd/dkim/mail.pub - ``` - - An output like the following one will display: - ``` - mail._domainkey IN TXT ( "v=DKIM1; k=rsa; " - "p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxzllrHkbUwSR24B6iG+TgNTOU43lZhTPJemo8PKXkgaVppGJ57tlWOe9U321Qk+Ksk9qoukR4f39TCMQdAgtEPFpWSBWJJE9C2SmNz38SmhTC0AkvIzBxCdatitK2aWjHq4s9bsoQ1gIQlXKM+V7GbN2LFCBfvAU7ElBQk+QG2DuxGD/XNDLQWloYEWcqkUfxlHr0znoY86jkglVZ" - "nhi/cAoE0SbzjphCtibT9T1w6AztxV1yK2VTJPpBFdtAsP1Sa3GDbTn0HATHUJI8eOIXtFcIBbYisiOIWjisE3TXFpvkS69Q0gvxVFYDnftLvsf5AticeygdMOVbK1o3T4Z7QIDAQAB" - ) ; - ``` - -You can add the information as a `TXT` record in the DNS zone of your domain. - -## Installing Roundcube Webmail - -To comfortably read your emails directly within your web browser, we will install a Roundcube webmail interface. - -1. Start by installing all PHP dependencies: - ``` - apt install php-intl php-mail-mime php-net-smtp php-net-socket php-pear php-xml php-intl php-xml php-gd php-gd php-imagick - ``` -2. Log into your MariaDB server and create a MySQL database for Roundcube: - ``` - mysql -u root -p - ``` - - ``` - CREATE DATABASE roundcubemail; - GRANT ALL ON roundcubemail.* TO 'roundcube'@'localhost' IDENTIFIED BY 'your_secret_password'; - FLUSH PRIVILEGES; - \q - ``` -3. Download Roundcube, unpack it, and move it into the web directory: - ``` - wget https://github.com/roundcube/roundcubemail/releases/download/1.6.1/roundcubemail-1.6.1-complete.tar.gz - tar xzf roundcubemail-1.6.-complete.tar.gz - mv roundcubemail-1.6.1 /var/www/webmail - rm roundcubemail-1.6.1-complete.tar.gz - ``` -4. Change the ownership of the folder and all files in it to the www-data user: - ``` - chown -R www-data: /var/www/webmail - ``` -5. Edit the Nginx configuration (`/etc/nginx/sites-enabled/mail.example.com`) of your server and add the information for the Roundcube directory: - ``` - ... - location /webmail { - index index.php; - try_files $uri $uri/ /webmail/index.php; - } - location ~ ^/webmail/(README|INSTALL|LICENSE|CHANGELOG|UPGRADING)$ { - deny all; - } - location ~ ^/webmail/(bin|SQL|config|temp|logs)/ { - deny all; - } - ... - ``` -6. Restart Nginx: - ``` - service nginx restart - ``` -7. Launch installation from `https://your_server_ip/webmail/installer/` and enter all the required information. -8. Remove the installer for security reasons: - ``` - rm -rf /var/www/roundcubemail/installer - ``` \ No newline at end of file +## Install Nginx, PHP, and MariaDB + +1. Install the required packages: + ```bash + apt install nginx mariadb-server php8.1-fpm php8.1-cli php8.1-imap php8.1-json php8.1-mysql php8.1-opcache php8.1-mbstring php8.1-readline php8.1-intl -y + ``` + +2. Secure the MariaDB installation: + ```bash + mysql_secure_installation + ``` + + During the setup, provide answers to secure your MariaDB installation (set the root password, remove anonymous users, disallow remote root login, etc.). + Refer to [Installing and Securing MariaDB](/tutorials/mariadb-ubuntu-bionic/) for furher details regarding the configuration of MariaDB. + + +## Install and configure PostfixAdmin + +1. Download and extract PostfixAdmin: + ```bash + wget https://github.com/postfixadmin/postfixadmin/archive/refs/tags/postfixadmin-3.3.13.tar.gz + tar xzf PostfixAdmin*.tar.gz + mv postfixadmin-*/ /var/www/postfixadmin + ``` + +2. Set the correct file permissions: + ```bash + chown -R www-data: /var/www/postfixadmin + ``` + +3. Log into MariaDB using the `root` user: + ```bash + mysql -u root -p + ``` + + Run the following SQL commands to create a MariaDB database for PostfixAdmin: + ```sql + CREATE DATABASE postfixadmin; + GRANT ALL ON postfixadmin.* TO 'postfixadmin'@'localhost' IDENTIFIED BY 'your_secret_password'; + FLUSH PRIVILEGES; + EXIT; + ``` + +4. Create the PostfixAdmin configuration file: + ```bash + nano /var/www/postfixadmin/config.local.php + ``` + + Add the following content: + ```php + + ``` + +5. Initialize the PostfixAdmin database schema: + ```bash + sudo -u www-data php /var/www/postfixadmin/public/upgrade.php + ``` + +6. Create an `admin` user for PostfixAdmin: + ```bash + bash /var/www/postfixadmin/scripts/postfixadmin-cli admin add + ``` + + Follow the prompts to add your email address and create the admin user. + +7. Create an Nginx configuration file for PostfixAdmin:: + ```bash + nano /etc/nginx/sites-available/mail.example.com.conf + ``` + + Add the following configuration: + ```nginx + server { + listen 80; + server_name mail.example.com; + root /var/www; + + location / { + try_files $uri $uri/ /index.php; + } + + location /postfixadmin { + index index.php; + try_files $uri $uri/ /postfixadmin/public/login.php; + } + + location ~ \.php$ { + fastcgi_pass unix:/run/php/php8.1-fpm.sock; + fastcgi_index index.php; + include fastcgi_params; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + } + } + ``` + +8. Activate the Nginx configuration and reload: + ```bash + ln -s /etc/nginx/sites-available/mail.example.com.conf /etc/nginx/sites-enabled/ + systemctl reload nginx + ``` + +## Generate and apply a Let's Encrypt TLS/SSL certificate + +1. Install Certbot for Nginx: + ```bash + apt install certbot python3-certbot-nginx -y + ``` + +2. Run the following command to generate a Let's Encrypt TLS/SSL certificate for your mail domain: + ```bash + certbot --nginx -d mail.example.com + ``` + + Follow the prompts to enter your email, agree to terms, and choose HTTPS options. Certbot will automatically configure SSL for Nginx and restart the service. + +3. Visit `https://mail.example.com` to ensure your website is now accessible via HTTPS with the TLS/SSL certificate applied. + +## Install and configure Postfix and Dovecot + +1. Install Postfix, Dovecot, and necessary packages: + ```bash + apt install postfix postfix-mysql dovecot-imapd dovecot-lmtpd dovecot-pop3d dovecot-mysql -y + ``` + +2. After installing Postfix, update its configuration to use the Let's Encrypt certificate: + ```bash + postconf -e 'smtpd_tls_cert_file=/etc/letsencrypt/live/mail.example.com/fullchain.pem' + postconf -e 'smtpd_tls_key_file=/etc/letsencrypt/live/mail.example.com/privkey.pem' + postconf -e 'smtpd_use_tls=yes' + postconf -e 'smtpd_tls_security_level=may' + postconf -e 'smtp_tls_security_level=may' + ``` + +3. Configure Dovecot to use the SSL certificate: + Edit the file `/etc/dovecot/conf.d/10-ssl.conf`: + ```bash + nano /etc/dovecot/conf.d/10-ssl.conf + ``` + + Update the SSL settings: + ```bash + ssl = yes + ssl_cert = /var/lib/rspamd/dkim/mail.pub + ``` + +3. Add DKIM signing configuration by opening the file `/etc/rspamd/local.d/dkim_signing.conf` in a text editor: + ```bash + nano /etc/rspamd/local.d/dkim_signing.conf + ``` + + Then add the following content: + ```bash + selector = "mail"; + path = "/var/lib/rspamd/dkim/$selector.key"; + allow_username_mismatch = true; + ``` + +4. Restart Rspamd to apply the configuration: + ```bash + systemctl restart rspamd + ``` + +5. Retrieve the DKIM public key for your domain: + ```bash + cat /var/lib/rspamd/dkim/mail.pub + ``` + + Add the output as a `TXT` record to your domain's DNS zone to publish your DKIM public key in DNS. + Refer to [How to manage DNS records](/network/domains-and-dns/how-to/manage-dns-records/) for furher information. + + +## Install Roundcube Webmail + +1. Install the PHP dependencies for Roundcube: + ```bash + apt install php-intl php-mail-mime php-net-smtp php-net-socket php-pear php-xml php-intl php-gd php-imagick -y + ``` + +2. Log into MariaDB using the `root` user: + ```bash + mysql -u root -p + ``` + + Execute the following SQL commands to create a MariaDB database for Roundcube: + ```sql + CREATE DATABASE roundcubemail; + GRANT ALL ON roundcubemail.* TO 'roundcube'@'localhost' IDENTIFIED BY 'your_secret_password'; + FLUSH PRIVILEGES; + EXIT; + ``` + +3. Download and install Roundcube: + ```bash + wget + + https://github.com/roundcube/roundcubemail/releases/download/1.6.1/roundcubemail-1.6.1-complete.tar.gz + tar xzf roundcubemail-1.6.1-complete.tar.gz + mv roundcubemail-1.6.1 /var/www/webmail + chown -R www-data: /var/www/webmail + ``` + +4. Edit the Nginx configuration file (`/etc/nginx/sites-enabled/mail.example.com.conf`): + ```bash + nano /etc/nginx/sites-enabled/mail.example.com.conf + ``` + + And add the following section for Roundcube: + ```nginx + location /webmail { + index index.php; + try_files $uri $uri/ /webmail/index.php; + } + ``` + +5. Restart Nginx to apply changes: + ```bash + systemctl restart nginx + ``` + +6. Complete the Roundcube setup by visiting `https://mail.example.com/webmail/installer/` and following the web-based setup. + +7. Remove the installer directory for security: + ```bash + rm -rf /var/www/webmail/installer + ``` + +## Automate SSL renewal with Certbot + +Let's Encrypt certificates have a limited validity. Ensure the SSL certificates renew automatically: +```bash +certbot renew --dry-run +``` \ No newline at end of file diff --git a/tutorials/socket-io/index.mdx b/tutorials/socket-io/index.mdx index 9469e4dfdc..f7004efc6c 100644 --- a/tutorials/socket-io/index.mdx +++ b/tutorials/socket-io/index.mdx @@ -9,7 +9,7 @@ tags: Socket-io npm socket javascript node-js categories: - instances dates: - validation: 2024-04-09 + validation: 2024-10-15 posted: 2018-07-05 --- @@ -22,206 +22,141 @@ Learn how to install and use Socket.io with Express using the `npm` package mana - A Scaleway account logged into the [console](https://console.scaleway.com) - [Owner](/identity-and-access-management/iam/concepts/#owner) status or [IAM permissions](/identity-and-access-management/iam/concepts/#permission) allowing you to perform actions in the intended Organization - An [SSH key](/identity-and-access-management/organizations-and-projects/how-to/create-ssh-key/) -- An [Instance](/compute/instances/how-to/create-an-instance/) running Ubuntu Xenial or a later version -- Root access to the Instances you want to manage -- Installed [Node.js](https://nodejs.org/en/) and [NPM (Node Package Manager)](https://www.npmjs.com/) on your Instance +- An [Instance](/compute/instances/how-to/create-an-instance/) running Ubuntu 20.04 LTS or later +- Root access to the instances you want to manage +- Installed [Node.js](https://nodejs.org/en/) (version 18.x or later) and [NPM](https://www.npmjs.com/) on your instance ## Installing Express.js and Socket.io -Express is a minimal and flexible Node.js web application framework. +Express is a minimal, flexible Node.js web application framework. Install it alongside Socket.io to create a real-time server. -1. Create a folder and change the directory. In this tutorial, we call the folder `myapp`. +1. Create a project folder and navigate into it: ``` mkdir myapp cd myapp ``` -2. Use `npm init` to create a package.json. + +2. Initialize your project with `npm`: ``` - npm init + npm init -y ``` - The `npm init` command creates an empty project with a `package.json` file. You can answer all the questions or press enter through all of them if you do not want to. -3. Install Express and Socket.io using the `npm` package manager, and save them to our `package.json` file for later. + This creates a `package.json` file with default settings. + +3. Install Express and Socket.io: ``` - npm install socket.io express --save + npm install express@4 socket.io@4 --save ``` -4. Install jQuery using `npm`. + +4. (Optional) Install jQuery if you want to use it in the front-end: ``` npm install jquery --save ``` ## Creating an Express server -1. Create a new file in the `myapp` folder. +1. Create a file called `app.js` file in the `myapp` folder.: ``` nano app.js ``` -2. Paste the following code in the file, save, and exit. + This file will contain the application code for the Socket.io application. + +2. Paste the following code into the application file `app.js`: ```js - // app.js - var express = require('express'); - var app = express(); - var server = require('http').createServer(app); - var io = require('socket.io')(server); + const express = require('express'); + const http = require('http'); + const app = express(); + const server = http.createServer(app); + const { Server } = require('socket.io'); + const io = new Server(server); app.use(express.static(__dirname + '/node_modules')); - app.get('/', function(req, res,next) { + app.get('/', (req, res) => { res.sendFile(__dirname + '/index.html'); }); - server.listen(4200); - ``` - - We use this file to require Express, to create a new server, and require Socket.io as well. + io.on('connection', (socket) => { + console.log('a user connected'); + socket.on('disconnect', () => { + console.log('user disconnected'); + }); + }); - We also use it to set the static folder to `/node_modules` since we use npm to serve up jQuery and we want to be able to reference it in our HTML code. + server.listen(4200, () => { + console.log('listening on *:4200'); + }); + ``` + Save the file and exit `nano`. - `App.get` routes HTTP requests to the specified path with a specific call-back function. The `res` object represents the HTTP response that an Express app sends when it gets a request. The `sendFile` sends the file to the specified path. The `server.listen` opens a port and listens for requests coming in. -3. Create an `index.html` file in the `myapp` folder to display a `Hello World` message in the socket. +3. Create another file called `index.html` in the `myapp` folder: ``` nano index.html ``` -4. Paste the following content in the file: + This file contains the frontend for the application. + +4. Paste the following content into `index.html`: ```html - + + Socket.io Demo Chat

Hello World!

-
-
- - + + +
- +
    + + ``` - The src scripts point to files in our `node_modules` folder. -5. Launch the server. - ``` - node app.js - ``` -6. Open a browser and enter `http://:4200`. It should display the following: - - -## Connecting a client to a server using Socket.io - -In the next steps, we connect the client to the server with Socket.io and have it respond in the console. +## Running the server -1. In the `app.js` file, edit the `index.html` to add the script to the bottom of the file. - ```html - - ... - - ``` - - The `socket.on('connect')` is an event fired upon a successful connection from the web browser. We then have a function callback that sends the `hello world` message to the server. -2. Edit the `app.js` file to add the following configuration. Add the configuration before `server.listen`. - ```js - // app.js - io.on('connection', function(client) { - console.log('Client connected...'); - client.on('join', function(data) { - console.log(data); - }); - }); - - server.listen(4200); - ``` - - - `io.on` - is listening for connections. When it receives one it will report to the console `client connected...`. - - `'client.on('join')` - waits for a message from the client to `join`. It will then log in to the console. -3. Launch `node` again. +1. Launch the server using Node.js: ``` node app.js ``` - +2. Open a browser and go to `http://:4200`. You should see the chat interface. -## Setting up the Socket server + - - You must set up your server locally before following the next steps. - +## Enhancing the chat server with client-server interaction -1. Add the `emit` line after console.log. +1. Edit `app.js` to handle chat messages: ```js - // app.js - io.on('connection', function(client) { - console.log('Client connected...'); - client.on('join', function(data) { - console.log(data); - client.emit('messages', 'Hello from server'); + io.on('connection', (socket) => { + console.log('a user connected'); + socket.on('chat message', (msg) => { + io.emit('chat message', msg); }); - }); - - server.listen(4200); - ``` - - - `client.emit` will send a message back to the client that just connected with a message using 'messages'. -2. Add a new `socket.on` message event in the `index.html`. - ```js - // index.html - socket.on('messages', function(data) { - alert(data); - }); - ``` - - When a client connects now, it will send a message to the server and it will trigger a pop-up. - -## Excluding the Socket server - -In the previous examples, we learned that we can send a message to the server and also send one back to the client. You can also send a message to all the clients excluding the socket that started it. - -1. Update the `index.html` file as follows. - ```html - - ``` - - We added a new `JQuery .submit` event handler which prevents the form from submitting and instead sends a message to the server with the values of the input field in messages. - - Also, we added a new socket event listener for 'broad' which updates our div with the message returned. -2. Update the `app.js` file. - ```js - // app.js - ... - io.on('connection', function(client) { - console.log('Client connected...'); - client.on('join', function(data) { - console.log(data); - client.on('messages', function(data) { - client.emit('broad', data); - client.broadcast.emit('broad',data); + socket.on('disconnect', () => { + console.log('user disconnected'); }); - }); }); - server.listen(4200); ``` - You can see we are listening to messages. After receiving data we inform all other clients, including the socket that sent the message. +2. Reload the server and try sending chat messages. Any message sent will be broadcast to all connected clients. + - If we restart the `app.js` file using `node`, we will be able to send messages to all other clients when we type anything into our input box and press submit. The div under the hello world message updates. \ No newline at end of file +You have successfully installed and configured **Socket.io** and **Express** on **Node.js 18.x**. The basic chat server demonstrates real-time bidirectional communication between clients and the server. +You can now build more advanced applications using [Socket.io's robust API](https://socket.io/docs/v4/server-api/). From c78b8511ddff37d9aad3b67563e8a0815c1db8da Mon Sep 17 00:00:00 2001 From: Benedikt Rollik Date: Tue, 15 Oct 2024 14:59:44 +0200 Subject: [PATCH 2/6] docs(tuto): content review --- tutorials/glusterfs/index.mdx | 2 +- tutorials/strapi/index.mdx | 6 +++--- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/tutorials/glusterfs/index.mdx b/tutorials/glusterfs/index.mdx index f15f92c6bc..3052b1a307 100644 --- a/tutorials/glusterfs/index.mdx +++ b/tutorials/glusterfs/index.mdx @@ -23,7 +23,7 @@ Each storage Instance will mirror the other, and files will automatically be rep - A Scaleway account logged into the [console](https://console.scaleway.com) - [Owner](/identity-and-access-management/iam/concepts/#owner) status or [IAM permissions](/identity-and-access-management/iam/concepts/#permission) allowing you to perform actions in the intended Organization - An [SSH key](/identity-and-access-management/organizations-and-projects/how-to/create-ssh-key/) -- Three Instances running **Ubuntu 22.04 LTS** +- Three Instances running Ubuntu 22.04 LTS - Attached [Scaleway Block Storage](/storage/block/how-to/attach-a-volume/) to each GlusterFS Instance ## Configuring the host file diff --git a/tutorials/strapi/index.mdx b/tutorials/strapi/index.mdx index 7575bd91df..42f465d1d6 100644 --- a/tutorials/strapi/index.mdx +++ b/tutorials/strapi/index.mdx @@ -3,14 +3,14 @@ hero: assets/scaleway_strapi.webp categories: - instances meta: - title: Deploying Strapi on an Instance + title: Deploying Strapi on a Scaleway Instance description: Strapi is an open-source, Node.js-based, headless CMS to manage content and make it available through a fully customizable API. In this tutorial, you will learn how to deploy Strapi on a Scaleway Instance, to create and access a simple Hello World blog post. content: - h1: Deploying Strapi on an Instance + h1: Deploying Strapi on a Scaleway Instance paragraph: Strapi is an open-source, Node.js-based, headless CMS to manage content and make it available through a fully customizable API. In this tutorial you will learn how to deploy Strapi on a Scaleway Instance, to create and access a simple Hello World blog post. tags: Strapi CMS Ubuntu dates: - validation: 2024-04-09 + validation: 2024-10-15 posted: 2020-11-30 --- From c6b4c80306fce63b7464ea22f66a8c2350abb449 Mon Sep 17 00:00:00 2001 From: Benedikt Rollik Date: Tue, 15 Oct 2024 16:40:22 +0200 Subject: [PATCH 3/6] docs(tuto): fix content --- tutorials/strapi/index.mdx | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/tutorials/strapi/index.mdx b/tutorials/strapi/index.mdx index 42f465d1d6..b2f770f7e8 100644 --- a/tutorials/strapi/index.mdx +++ b/tutorials/strapi/index.mdx @@ -76,12 +76,13 @@ In this tutorial, you will learn how to deploy Strapi on a [Scaleway Instance](/ 2. Install Strapi in this directory and create a new project: ``` cd strapi-projects - npx create-strapi-app@4.22.1 my-strapi-project --quickstart + npx create-strapi-app@latest --quickstart ``` - Strapi version 4.22.1 was the latest release available at the time this tutorial was written. Check out their [GitHub repository](https://github.com/strapi/strapi/releases) to find information about the latest Strapi release. + The command above uses the latest version of Strapi. Check out their [GitHub repository](https://github.com/strapi/strapi/releases) to find details and additional information about the Strapi release. + Using the `--quickstart` flag installs Strapi using an SQLite database. You can omit this flag, but you need to [follow some other steps](https://strapi.io/documentation/3.0.0-beta.x/guides/databases.html#sqlite-installation) to configure an alternative database (Strapi supports [PostgreSQL](/tutorials/install-postgresql/), [MongoDB](/tutorials/mongodb-ubuntu-1604/), SQLite, [MySQL](/tutorials/setup-mysql/), and [MariaDB](/tutorials/mariadb-ubuntu-bionic/)). Your database of choice must be installed and running locally before you create your Strapi project. From e46942ab1383bb6d40347885394594545b146e5d Mon Sep 17 00:00:00 2001 From: Benedikt Rollik Date: Tue, 15 Oct 2024 16:55:55 +0200 Subject: [PATCH 4/6] docs(tuto): fix typo --- tutorials/glusterfs/index.mdx | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tutorials/glusterfs/index.mdx b/tutorials/glusterfs/index.mdx index 3052b1a307..659b36fc11 100644 --- a/tutorials/glusterfs/index.mdx +++ b/tutorials/glusterfs/index.mdx @@ -77,7 +77,7 @@ Before installing GlusterFS, ensure each Instance can resolve the others via the 1. Install the GlusterFS server on both `gluster01` and `gluster02`: ``` - apt install glusterfs-Instance -y + apt install glusterfs-server -y ``` 2. Start the `glusterd` service and enable it at boot: From 85fcb88a0c82351f5c48a3698fa1899632af66e7 Mon Sep 17 00:00:00 2001 From: Benedikt Rollik Date: Tue, 15 Oct 2024 17:28:50 +0200 Subject: [PATCH 5/6] docs(tuto): fix typo --- tutorials/socket-io/index.mdx | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/tutorials/socket-io/index.mdx b/tutorials/socket-io/index.mdx index f7004efc6c..3bf317a151 100644 --- a/tutorials/socket-io/index.mdx +++ b/tutorials/socket-io/index.mdx @@ -23,8 +23,8 @@ Learn how to install and use Socket.io with Express using the `npm` package mana - [Owner](/identity-and-access-management/iam/concepts/#owner) status or [IAM permissions](/identity-and-access-management/iam/concepts/#permission) allowing you to perform actions in the intended Organization - An [SSH key](/identity-and-access-management/organizations-and-projects/how-to/create-ssh-key/) - An [Instance](/compute/instances/how-to/create-an-instance/) running Ubuntu 20.04 LTS or later -- Root access to the instances you want to manage -- Installed [Node.js](https://nodejs.org/en/) (version 18.x or later) and [NPM](https://www.npmjs.com/) on your instance +- Root access to the Instances you want to manage +- Installed [Node.js](https://nodejs.org/en/) (version 18.x or later) and [NPM](https://www.npmjs.com/) on your Instance ## Installing Express.js and Socket.io From 3b77ea6b537511f210bbcefeabdedd87482aba4e Mon Sep 17 00:00:00 2001 From: Benedikt Rollik Date: Wed, 16 Oct 2024 09:31:25 +0200 Subject: [PATCH 6/6] Apply suggestions from code review Co-authored-by: Rowena Jones <36301604+RoRoJ@users.noreply.github.com> --- tutorials/glusterfs/index.mdx | 4 ++-- tutorials/setup-postfix-ubuntu-bionic/index.mdx | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/tutorials/glusterfs/index.mdx b/tutorials/glusterfs/index.mdx index 659b36fc11..bb7bb85689 100644 --- a/tutorials/glusterfs/index.mdx +++ b/tutorials/glusterfs/index.mdx @@ -103,7 +103,7 @@ Before installing GlusterFS, ensure each Instance can resolve the others via the ### Attaching Scaleway Block Storage -1. Create and Attach Scaleway Block Storage to each Instance: +1. Create and attach Scaleway Block Storage to each Instance: - From the Scaleway Console, [create a new Block Storage volume](/storage/block/how-to/create-a-volume/) for each GlusterFS server. - Attach each volume to the respective Instance. - Once attached, log into each Instance and check if the block storage is recognized: @@ -127,7 +127,7 @@ Before installing GlusterFS, ensure each Instance can resolve the others via the mount /dev/sdb /mnt/glusterfs ``` -4. Add the block storage to `/etc/fstab` to ensure it mounts automatically after reboot: +4. Add the Block Storage to `/etc/fstab` to ensure it mounts automatically after reboot: ``` /dev/sdb /mnt/glusterfs ext4 defaults 0 0 ``` diff --git a/tutorials/setup-postfix-ubuntu-bionic/index.mdx b/tutorials/setup-postfix-ubuntu-bionic/index.mdx index b5f24782fd..21b954ef42 100644 --- a/tutorials/setup-postfix-ubuntu-bionic/index.mdx +++ b/tutorials/setup-postfix-ubuntu-bionic/index.mdx @@ -64,7 +64,7 @@ You learn also how to install a Roundcube webmail interface to be able to read y ``` During the setup, provide answers to secure your MariaDB installation (set the root password, remove anonymous users, disallow remote root login, etc.). - Refer to [Installing and Securing MariaDB](/tutorials/mariadb-ubuntu-bionic/) for furher details regarding the configuration of MariaDB. + Refer to [Installing and Securing MariaDB](/tutorials/mariadb-ubuntu-bionic/) for further details regarding the configuration of MariaDB. ## Install and configure PostfixAdmin