Add seafile

source/notes/mailserver.gmi

@@ -0,0 +1,70 @@
+## Mail Server
+
+DNS
+
+```
+@ 86400 IN SOA ns1.gandi.net. hostmaster.gandi.net. 1600703899 10800 3600 604800 10800
+@ 300 IN A 188.68.36.124
+@ 300 IN MX 10 mail
+@ 300 IN TXT "v=spf1 ip4:188.68.36.124 a -all"
+_dmarc 300 IN TXT "v=DMARC1; p=reject; adkim=s; aspf=s; sp=none; rua=mailto:dmarc@correolibre.org; ruf=mailto:dmarc@correolibre.org"
+dkim._domainkey 300 IN TXT "v=DKIM1; p="
+mail 300 IN A 188.68.36.124
+mail 300 IN AAAA 2a03:4000:13:a72:d8b7:60ff:fec0:ff2
+```
+
+apt update
+
+apt upgrade
+
+timedatectl set-timezone America/Mexico_City
+
+vim /var/lib/locales/supported.d/en
+
+dpkg-reconfigure locales
+
+localectl set-locale LANG=en_US.UTF-8 LANGUAGE="en_US:en"
+
+vim /etc/environment
+
+    LANG=en_US.UTF-8
+    LC_ALL=en_US.UTF-8
+
+apt install python-is-python3 mlocate
+
+vim .bashrc
+
+    `PS1="┌─[\e[0;32m\H\e[m][\e[1;31m\u\e[m]->{\[\e[34;1m\]\w\[\e[0;1m\]}\n└──> \[\e[0m\]"`
+
+source .bashrc
+
+hostnamectl set-hostname mail.correolibre.org
+
+vim /etc/hostname
+
+    mail.cuates.net
+
+vim /etc/hosts
+
+    127.0.0.1 mail.cuates.net mail localhost
+
+reboot
+
+cd /root
+
+wget https://github.com/iredmail/iRedMail/archive/1.4.2.tar.gz
+
+tar zxf 1.4.2.tar.gz
+
+cd iRedMail-1.4.2/
+
+bash iRedMail.sh
+
+
+***************************** WARNING ***********************************
+* Below file contains sensitive infomation (username/password), please  *
+* do remember to *MOVE* it to a safe place after installation.          *
+
+/root/iRedMail-1.4.2/config
+
+

source/notes/seafile.gmi

@@ -0,0 +1,363 @@
+## SeaFile
+
+SeaFile es un servidor de archivos.
+=> https://www.seafile.com/en/home/ SeaFile
+
+Debes de tener ya apuntando un registro DNS tipo A a tu dominio o subdominio que vayas a usar con SeaFile, para este ejemplo he usado: seafile.cuates.net
+
+Asumo que es un servidor limpio recien instalado.
+
+* Como root
+
+Agregar el usuario seafile
+
+```
+adduser seafile
+
+usermod -aG sudo seafile
+```
+
+* Como seafile
+
+Instalar los requerimientos.
+
+```
+sudo apt install python-is-python3 python3-pip libmemcached-dev memcached python3-dev default-libmysqlclient-dev build-essential
+
+sudo pip3 install --upgrade pip wheel
+
+pip install --user pillow pylibmc captcha jinja2 sqlalchemy django-pylibmc django-simple-captcha python3-ldap mysqlclient
+```
+
+Instalar y configurar MariaDB
+
+```
+sudo apt install mariadb-server
+
+sudo mysql_secure_installation
+
+sudo mysql -u root -p
+
+    use mysql;
+    update user set plugin='mysql_native_password' where user='root';
+    flush privileges;
+    quit;
+```
+
+sudo mkdir /opt/seafile
+
+sudo chown -R seafile:seafile /opt/seafile
+
+cd /opt/seafile
+
+wget https://s3.eu-central-1.amazonaws.com/download.seadrive.org/seafile-server_8.0.7_x86-64.tar.gz
+
+
+tar -xzf seafile-server_8.0.7_x86-64.tar.gz
+
+mkdir installed
+
+mv seafile-server_8.0.7_x86-64.tar.gz installed/
+
+cd seafile-server-8.0.7
+
+./setup-seafile-mysql.sh
+
+    ---------------------------------
+    This is your configuration
+    ---------------------------------
+
+        server name:            seafilecuates
+        server ip/domain:       seafile.cuates.net
+
+        seafile data dir:       /opt/seafile/seafile-data
+        fileserver port:        8082
+
+        database:               create new
+        ccnet database:         ccnet-db
+        seafile database:       seafile-db
+        seahub database:        seahub-db
+        database user:          seafile
+
+    ---------------------------------
+    Press ENTER to continue, or Ctrl-C to abort
+    ---------------------------------
+    ...
+    -----------------------------------------------------------------
+    Your seafile server configuration has been finished successfully.
+    -----------------------------------------------------------------
+
+
+./seafile.sh start
+
+    Seafile server started
+
+./seahub.sh start
+
+    What is the email for the admin account?
+    [ admin email ]
+
+    What is the password for the admin account?
+    [ admin password ]
+
+    ----------------------------------------
+    Successfully created seafile admin
+    ----------------------------------------
+    ...
+    Seahub is started
+
+
+./seahub.sh stop
+
+./seafile.sh stop
+
+
+sudo apt install certbot
+
+sudo certbot register --agree-tos -m YOUR_EMAIL
+
+sudo certbot certonly --standalone --preferred-challenges http-01 -d DOMAIN
+
+    /etc/letsencrypt/live/DOMAIN/fullchain.pem
+    /etc/letsencrypt/live/DOMAIN/privkey.pem
+
+sudo openssl dhparam -dsaparam -out /etc/letsencrypt/ssl-dhparams.pem 4096
+
+sudo vim /etc/letsencrypt/options-ssl-nginx.conf
+
+    ssl_session_cache shared:le_nginx_SSL:10m;
+    ssl_session_timeout 1440m;
+
+    ssl_protocols TLSv1.2 TLSv1.3;
+    ssl_prefer_server_ciphers on;
+
+    ssl_ciphers "ECDHE-RSA-AES256-GCM-SHA512:DHE-RSA-AES256-GCM-SHA512:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA38";
+
+    add_header Strict-Transport-Security "max-age=63072000; preload";
+    add_header X-Frame-Options "SAMEORIGIN";
+    add_header X-Content-Type-Options nosniff;
+    add_header X-XSS-Protection "1; mode=block";
+    add_header Permissions-Policy interest-cohort=();
+
+sudo vim /etc/letsencrypt/certbot.conf
+
+    ssl_certificate /etc/letsencrypt/live/DOMAIN/fullchain.pem;
+    ssl_certificate_key /etc/letsencrypt/live/DOMAIN/privkey.pem;
+    include /etc/letsencrypt/options-ssl-nginx.conf;
+    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;
+
+
+sudo apt install nginx
+
+sudo vim /etc/nginx/nginx.conf
+
+    user  www-data;
+    worker_processes  auto;
+    worker_rlimit_nofile 20480;
+    pid /run/nginx.pid;
+
+    error_log  /var/log/nginx/error.log warn;
+
+    events {
+        worker_connections  5120;
+    }
+
+    http {
+        include       /etc/nginx/mime.types;
+        default_type  application/octet-stream;
+
+        server_tokens off;
+        log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
+                          '$status $body_bytes_sent "$http_referer" '
+                          '"$http_user_agent" "$http_x_forwarded_for"';
+
+        access_log  /var/log/nginx/access.log  main;
+
+        sendfile        on;
+
+        keepalive_timeout  65;
+
+        include /etc/nginx/sites-enabled/*.conf;
+
+        disable_symlinks off;
+
+        client_max_body_size 50m;
+
+        include /etc/nginx/badagent.rules;
+        include /etc/nginx/badreferer.rules;
+    }
+
+sudo vim /etc/nginx/sites-available/seafile.cuates.net.conf
+
+    server {
+        listen 443 ssl http2;
+        listen [::]:443 ssl http2;
+        server_name seafile.cuates.net;
+        charset     utf-8;
+
+        include /etc/letsencrypt/custom/elmau.net/certbot.conf;
+        proxy_set_header X-Forwarded-For $remote_addr;
+        server_tokens off;
+
+        access_log      /var/log/nginx/access.log;
+        error_log       /var/log/nginx/error.log;
+
+        client_max_body_size 0;
+
+        location / {
+            proxy_pass         http://127.0.0.1:8000;
+            proxy_set_header   Host $host;
+            proxy_set_header   X-Real-IP $remote_addr;
+            proxy_set_header   X-Forwarded-For $proxy_add_x_forwarded_for;
+            proxy_set_header   X-Forwarded-Host $server_name;
+            proxy_set_header   X-Forwarded-Proto https;
+            proxy_read_timeout  1200s;
+        }
+
+        location /seafhttp {
+            rewrite ^/seafhttp(.*)$ $1 break;
+            proxy_pass http://127.0.0.1:8082;
+            proxy_set_header   X-Forwarded-For $proxy_add_x_forwarded_for;
+            proxy_connect_timeout  36000s;
+            proxy_read_timeout  36000s;
+            proxy_send_timeout  36000s;
+            send_timeout  36000s;
+        }
+
+        location /media {
+            root /opt/seafile/seafile-server-latest/seahub;
+        }
+
+    }
+
+
+sudo ln -s /etc/nginx/sites-available/seafile.cuates.net.conf /etc/nginx/sites-enabled/
+
+sudo nginx -t
+
+    nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
+    nginx: configuration file /etc/nginx/nginx.conf test is successful
+
+
+cd /opt/seafile/conf
+
+vim ccnet.conf
+
+    [General]
+    SERVICE_URL = https://seafile.cuates.net
+
+vim seahub_settings.py
+
+    FILE_SERVER_ROOT = 'https://seafile.elmau.net/seafhttp'
+
+    EMAIL_USE_SSL = True
+    EMAIL_HOST = 'mail.gandi.net'
+    EMAIL_HOST_USER = 'no-responder@empresalibre.mx'
+    EMAIL_PORT = 465
+    EMAIL_USE_LOCALTIME = True
+    EMAIL_HOST_PASSWORD = 'PASSWORD'
+    DEFAULT_FROM_EMAIL = EMAIL_HOST_USER
+    SERVER_EMAIL = EMAIL_HOST_USER
+
+    ENABLE_SETTINGS_VIA_WEB = False
+
+    ALLOWED_HOSTS = ['seafile.elmau.net']
+
+    ENABLE_SIGNUP = True
+
+    ACTIVATE_AFTER_REGISTRATION = False
+
+    NOTIFY_ADMIN_AFTER_REGISTRATION = True
+
+    LOGIN_ATTEMPT_LIMIT = 3
+
+    FREEZE_USER_ON_LOGIN_FAILED = True
+
+    USER_PASSWORD_MIN_LENGTH = 10
+
+    SESSION_EXPIRE_AT_BROWSER_CLOSE = True
+
+    TIME_ZONE = 'America/Mexico_City'
+
+    LANGUAGE_CODE = 'en'
+
+    LANGUAGES = (
+        ('en', 'English'),
+        ('es', 'Español'),
+    )
+
+    SITE_NAME = 'Seafile Cuates'
+
+    SITE_TITLE = SITE_NAME
+
+    SHARE_LINK_EMAIL_LANGUAGE = 'es-ES'
+
+    REST_FRAMEWORK = {
+        'DEFAULT_THROTTLE_RATES': {
+            'ping': '600/minute',
+            'anon': '5/minute',
+            'user': '300/minute',
+        },
+        'UNICODE_JSON': False,
+    }
+
+    CACHES = {
+        'default': {
+            'BACKEND': 'django_pylibmc.memcached.PyLibMCCache',
+            'LOCATION': '127.0.0.1:11211',
+        },
+    }
+
+
+sudo vim /etc/systemd/system/seafile.service
+
+    [Unit]
+    Description=Seafile
+    After=network.target mysql.service
+
+    [Service]
+    Type=forking
+    ExecStart=/opt/seafile/seafile-server-latest/seafile.sh start
+    ExecStop=/opt/seafile/seafile-server-latest/seafile.sh stop
+    LimitNOFILE=infinity
+    User=seafile
+    Group=www-data
+
+    [Install]
+    WantedBy=multi-user.target
+
+sudo vim /etc/systemd/system/seahub.service
+
+    [Unit]
+    Description=Seahub
+    After=network.target seafile.service
+
+    [Service]
+    Environment="LC_ALL=en_US.UTF-8"
+    Type=forking
+    ExecStart=/opt/seafile/seafile-server-latest/seahub.sh start
+    ExecStop=/opt/seafile/seafile-server-latest/seahub.sh stop
+    User=seafile
+    Group=www-data
+
+    [Install]
+    WantedBy=multi-user.target
+
+sudo systemctl enable seafile
+sudo systemctl start seafile
+
+sudo systemctl enable seahub
+sudo systemctl start seahub
+
+sudo systemctl restart nginx
+
+
+sudo apt install ufw
+
+sudo ufw allow 2274/tcp
+
+sudo ufw allow 443/tcp
+
+sudo ufw enable
+
+

source/notes/simplelogin.gmi

@@ -0,0 +1,65 @@
+SimpleLogin
+
+Servidor para alias de correo.
+
+
+sudo apt install dnsutils apt-transport-https
+
+cd /opt
+
+sudo mkdir simplelogin
+sudo mkdir simplelogin/pgp # to store PGP key
+sudo mkdir simplelogin/db # to store database
+sudo mkdir simplelogin/upload # to store quarantine emails
+
+cd simplelogin
+
+sudo openssl genrsa -out dkim.key 2048
+sudo openssl rsa -in dkim.key -pubout -out dkim.pub.key
+
+
+curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo gpg --dearmor -o /usr/share/keyrings/docker-archive-keyring.gpg
+
+echo "deb [arch=amd64 signed-by=/usr/share/keyrings/docker-archive-keyring.gpg] https://download.docker.com/linux/ubuntu $(lsb_release -cs) stable" | sudo tee /etc/apt/sources.list.d/docker.list > /dev/null
+
+sudo apt update
+
+sudo apt install docker-ce docker-ce-cli containerd.io
+
+sudo usermod -aG docker $USER
+
+
+sudo docker network create -d bridge \
+    --subnet=240.0.0.0/24 \
+    --gateway=240.0.0.1 \
+    sl-network
+
+
+docker run -d \
+    --name sl-db \
+    -e POSTGRES_PASSWORD=PASSWORD \
+    -e POSTGRES_USER=simplelogisudo aptn \
+    -e POSTGRES_DB=simplelogin \
+    -p 5432:5432 \
+    -v /opt/simplelogin/db:/var/lib/postgresql/data \
+    --restart always \
+    --network="sl-network" \
+    postgres:12.1
+
+
+docker exec -it sl-db psql -U simplelogin simplelogin
+
+
+
+sudo apt install postfix postfix-pgsql
+
+
+
+
+
+
+
+
+
+
+