Dovecot and postfix letsencrypt on ubuntu

Let's Encrypt / Dovecot / Postfix / UFW firewall / Certbot

This tutorial describes how to install TLS to a mail server consisting of Postfix and/or Dovecot by using Let's Encrypt certificates with automatic renewing and firewall management.

This tutorial assumes the following prerequisites:

Debian as a mail server with virtual users

Setting up a Linux system as a mail server with virtual users

Introduction

Mail Transfer Agent

A Mail Transfer Agent (MTA) is the program which receives and sends out the email from your server, and is therefore the key part. In this guide is used Postfix.

Mail filtering

You can add filtering in your mail chain, mainly in order to detect spam and viruses. This how-to only covers spam filter: SpamassAssin.

Monitor website failure with curl

curl -sSf --max-time 120 'https://websitetomonitor.url' --compressed || echo "do something with alarm on failure"

-s means silent -S show error -f Fail silently (no output at all) on server errors --max-time maximum time allowed for request

Using cron to run script

*/2 * * * * /usr/local/bin/check_website.sh

Every 2 minutes

Tags 
curl monitor

Manually adding swap and activating on linux

Create swapfile

sudo install -o root -g root -m 0600 /dev/null /swapfile

Write out a 4GB file named ‘swapfile’

dd if=/dev/zero of=/swapfile bs=1k count=4096k

Let linux know about swap file

mkswap /swapfile

Activate

swapon /swapfile

activate swap also after boot. Add to the file system table

echo "/swapfile       swap    swap    auto      0       0" | sudo tee -a /etc/fstab
Tags 
swap linux

Invision forum lighttpd rewrite rules

$HTTP["host"] =~ "exampledomain.tld" {
server.document-root = "/var/www/replacedomain/public_html/"
server.error-handler-404 = "/index.php"
dir-listing.activate = "disable"
url.rewrite-final = (
"^/(sitemap.xml)" => "$0",
  "^/(.*).(.*)" => "$0",
  "^/(.*).(css|js|gif|jpg|png)$" => "$0",
   "^/(images|javascript|style)(.*)$" => "$0",
    "^/(.+)/?$" => "/index.php/$1"
)

}

Be sure to keep handler-404 when you have apps installed like classifieds

Nginx tuning for best perfomance

NGINX Tuning For Best Performance

For this configuration you can use web server you like, i decided, because i work mostly with it to use nginx.

Generally, properly configured nginx can handle up to 400K to 500K requests per second (clustered), most what i saw is 50K to 80K (non-clustered) requests per second and 30% CPU load, course, this was 2 x Intel Xeon with HyperThreading enabled, but it can work without problem on slower machines.

Tags 
nginx

Reverse proxy in haproxy

We will try something roughly equivalent to the following ProxyPass directives in Apache2:

ServerName www.example.com
...
ProxyPass        /foo/  http://foo.local
ProxyPassReverse /foo/  http://foo.local

In haproxy.cfg define a backend named foo, to reverse-proxy to foo.local backend server.

Tags 
haproxy

Proftpd sftp setup on centos

Setting up

yum install proftpd
cd ~/
wget https://gist.github.com/raw/4296200/proftpd.conf.patch
cd /etc/
patch < ~/proftpd.conf.patch 
touch /etc/proftpd.sftp.passwd
chown nobody:nobody /etc/proftpd.sftp.passwd
chmod 600 /etc/proftpd.sftp.passwd
cd ~/
wget http://www.castaglia.org/proftpd/contrib/ftpasswd