Sunday, April 05, 2026

move dovecot, opensmtpd, nginx from Archlinux to Ubuntu

 i plan to move Archlinux at vultr to Ubuntu at Tencent.

  • firewall at Tencent, 
    • no need to convert iptables to ufw since Tencent cloud has firewall
    • "在轻量数据库中,支持配置防火墙规则来控制访问权限,进行网络隔离以增强安全性。如果不配置防火墙规则,则表示不限制访问数据库的来源,未经授权的访问也可连接数据库。如果配置防火墙规则,限制了来源、协议以及端口,例如:配置来源为172.1.4.12、协议为TCP、端口为45,访问策略为允许,则表示仅允许来源为172.1.4.12,来自 TCP 协议且端口号为45的应用访问轻量数据库。"
    • open Tencent firewall port: 80, 443; 25,465,587; 993
    • Tencent cloud not allow to use port 25 for outcoming email but port 465 is OK,
  • letsencrypt;
    • sudo tar -cpzvf letsencrypt_archive.tar.gz -C /etc letsencrypt
      • -C /etc: Change directory to /etc first (so the archive contains letsencrypt/ instead of full /etc/letsencrypt/ path)
    • sudo tar -xzvpf letsencrypt_archive.tar.gz -C /etc
    • sudo apt install certbot python3-certbot-nginx
    • dpkg -L certbot
    • sudo vim /usr/lib/systemd/system/certbot.service
    • add "ExecStartPost=/bin/systemctl reload nginx.service ; /bin/systemctl restart smtpd ; /bin/systemctl restart dovecot" and sudo systemctl daemon-reload
  • nginx
    • sudo apt install nginx
    • sudo scp  vultr:/etc/nginx/nginx.conf .
    • sudo scp  vultr:/etc/nginx/httpasswd .
    • sudo scp  vultr:/etc/nginx/mime.types .
    • sudo scp  vultr:/etc/nginx/ssl/RSA2048.pem .
    • on vultr
      • cd /srv/http
      • sudo rm -rf .local/
      • in pyblog and pymoney: sudo rm -rf __pycache__/ .venv/
      • sudo tar -cpzvf http.tar.gz -C /srv http
    • sudo scp  vultr:/srv/http.tar.gz .
    • sudo tar -xzvpf http.tar.gz -C /sr
  • update DNS record with new IP
  • opensmtpd
    • sudo apt install opensmtpd opensmtpd-extras opensmtpd-filter-dkimsign
    • on vultr
      • sudo chmod o+r myselector.*
    • mkdir /etc/smtpd
    • sudo scp  vultr:/etc/smtpd/smtpd.conf /etc/smtpd
    • sudo ln -s /etc/smtpd/smtpd.conf /etc/smtpd.conf
    • sudo scp  vultr:/etc/smtpd/myselector.* .
    • sudo chown opensmtpd:opensmtpd myselector.*
    • sudo scp  vultr:/etc/smtpd/aliases /etc/smtpd
    • sudo scp  vultr:/etc/smtpd/users /etc/smtpd
    • update smtpd.conf from "enp1s0" to "eth0"
    • sudo scp vultr:/var/mail/hongy19 . ; cd /var/mail/; sudo chown hong19:hongy19 hongy19
    • sudo apt isntall mutt; sudo scp vultr:/home/hongy19/.mutt/* .

  • dovecot
    • sudo apt install dovecot-pop3d dovecot-imapd
    • sudo scp  vultr:/etc/dovecot/dovecot.conf .
    • sudo scp  vultr:/etc/dovecot/dh.pem .
    • cd /etc/dovecot/conf.d
    • sudo mv 10-auth.conf 10-auth.conf.orig; sudo scp  vultr:/etc/dovecot/conf.d/10-auth.conf .
    • sudo scp  vultr:/etc/dovecot/conf.d/20-mailbox.conf .; sudo mv 20-mailbox.conf 10-mail.conf
    • sudo scp  vultr:/etc/dovecot/conf.d/30-ssl.conf .;sudo mv 30-ssl.conf 10-ssl.conf
    • sudo scp  vultr:/etc/dovecot/conf.d/40-service.conf .
    • ubuntu dovecot still 2.3.2, not use new configuraiton file
      • dovecot_config_version = 2.4.2
      • auth_allow_cleartext = no
      • passdb_driver=pam
      • mail_driver = mbox
      • mail_path = ~/mail
      • mail_inbox_path = /var/mail/%{user}
      • service_restart_request_count = 1
      • ssl_server_cert_file = /etc/letsencrypt/live/hongy19.net/fullchain.pem
      • ssl_server_key_file = /etc/letsencrypt/live/hongy19.net/privkey.pem
      • ssl_server_dh_file = /etc/dovecot/dh.pem
      • service_restart_request_count = 1
      • driver = passwd

  • fail2ban
  • sshguard
  • uwsgi
  • vnstat.service
  • others
    • cd /home/hongy19
    • scp vultr:/home/hongy19/.rtorrent.rc .
    • scp vultr:/home/hongy19/.vimrc .
    • scp  vultr:/home/hongy19/.mailrc .
    • mkdir bin; scp vultr:/home/hongy19/bin/* .

Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)