From 5d8e07c0c710976d5c5143de312b75ab705c202e Mon Sep 17 00:00:00 2001 From: Mauricio Baeza Date: Fri, 24 Sep 2021 23:30:22 -0500 Subject: [PATCH] Add seafile --- source/notes/mailserver.gmi | 70 +++++++ source/notes/seafile.gmi | 363 +++++++++++++++++++++++++++++++++++ source/notes/simplelogin.gmi | 65 +++++++ 3 files changed, 498 insertions(+) create mode 100644 source/notes/mailserver.gmi create mode 100644 source/notes/seafile.gmi create mode 100644 source/notes/simplelogin.gmi diff --git a/source/notes/mailserver.gmi b/source/notes/mailserver.gmi new file mode 100644 index 0000000..6246b1f --- /dev/null +++ b/source/notes/mailserver.gmi @@ -0,0 +1,70 @@ +## Mail Server + +DNS + +``` +@ 86400 IN SOA ns1.gandi.net. hostmaster.gandi.net. 1600703899 10800 3600 604800 10800 +@ 300 IN A 188.68.36.124 +@ 300 IN MX 10 mail +@ 300 IN TXT "v=spf1 ip4:188.68.36.124 a -all" +_dmarc 300 IN TXT "v=DMARC1; p=reject; adkim=s; aspf=s; sp=none; rua=mailto:dmarc@correolibre.org; ruf=mailto:dmarc@correolibre.org" +dkim._domainkey 300 IN TXT "v=DKIM1; p=" +mail 300 IN A 188.68.36.124 +mail 300 IN AAAA 2a03:4000:13:a72:d8b7:60ff:fec0:ff2 +``` + +apt update + +apt upgrade + +timedatectl set-timezone America/Mexico_City + +vim /var/lib/locales/supported.d/en + +dpkg-reconfigure locales + +localectl set-locale LANG=en_US.UTF-8 LANGUAGE="en_US:en" + +vim /etc/environment + + LANG=en_US.UTF-8 + LC_ALL=en_US.UTF-8 + +apt install python-is-python3 mlocate + +vim .bashrc + + `PS1="┌─[\e[0;32m\H\e[m][\e[1;31m\u\e[m]->{\[\e[34;1m\]\w\[\e[0;1m\]}\n└──> \[\e[0m\]"` + +source .bashrc + +hostnamectl set-hostname mail.correolibre.org + +vim /etc/hostname + + mail.cuates.net + +vim /etc/hosts + + 127.0.0.1 mail.cuates.net mail localhost + +reboot + +cd /root + +wget https://github.com/iredmail/iRedMail/archive/1.4.2.tar.gz + +tar zxf 1.4.2.tar.gz + +cd iRedMail-1.4.2/ + +bash iRedMail.sh + + +***************************** WARNING *********************************** +* Below file contains sensitive infomation (username/password), please * +* do remember to *MOVE* it to a safe place after installation. * + +/root/iRedMail-1.4.2/config + + diff --git a/source/notes/seafile.gmi b/source/notes/seafile.gmi new file mode 100644 index 0000000..4840c31 --- /dev/null +++ b/source/notes/seafile.gmi @@ -0,0 +1,363 @@ +## SeaFile + +SeaFile es un servidor de archivos. +=> https://www.seafile.com/en/home/ SeaFile + +Debes de tener ya apuntando un registro DNS tipo A a tu dominio o subdominio que vayas a usar con SeaFile, para este ejemplo he usado: seafile.cuates.net + +Asumo que es un servidor limpio recien instalado. + +* Como root + +Agregar el usuario seafile + +``` +adduser seafile + +usermod -aG sudo seafile +``` + +* Como seafile + +Instalar los requerimientos. + +``` +sudo apt install python-is-python3 python3-pip libmemcached-dev memcached python3-dev default-libmysqlclient-dev build-essential + +sudo pip3 install --upgrade pip wheel + +pip install --user pillow pylibmc captcha jinja2 sqlalchemy django-pylibmc django-simple-captcha python3-ldap mysqlclient +``` + +Instalar y configurar MariaDB + +``` +sudo apt install mariadb-server + +sudo mysql_secure_installation + +sudo mysql -u root -p + + use mysql; + update user set plugin='mysql_native_password' where user='root'; + flush privileges; + quit; +``` + +sudo mkdir /opt/seafile + +sudo chown -R seafile:seafile /opt/seafile + +cd /opt/seafile + +wget https://s3.eu-central-1.amazonaws.com/download.seadrive.org/seafile-server_8.0.7_x86-64.tar.gz + + +tar -xzf seafile-server_8.0.7_x86-64.tar.gz + +mkdir installed + +mv seafile-server_8.0.7_x86-64.tar.gz installed/ + +cd seafile-server-8.0.7 + +./setup-seafile-mysql.sh + + --------------------------------- + This is your configuration + --------------------------------- + + server name: seafilecuates + server ip/domain: seafile.cuates.net + + seafile data dir: /opt/seafile/seafile-data + fileserver port: 8082 + + database: create new + ccnet database: ccnet-db + seafile database: seafile-db + seahub database: seahub-db + database user: seafile + + --------------------------------- + Press ENTER to continue, or Ctrl-C to abort + --------------------------------- + ... + ----------------------------------------------------------------- + Your seafile server configuration has been finished successfully. + ----------------------------------------------------------------- + + +./seafile.sh start + + Seafile server started + +./seahub.sh start + + What is the email for the admin account? + [ admin email ] + + What is the password for the admin account? + [ admin password ] + + ---------------------------------------- + Successfully created seafile admin + ---------------------------------------- + ... + Seahub is started + + +./seahub.sh stop + +./seafile.sh stop + + +sudo apt install certbot + +sudo certbot register --agree-tos -m YOUR_EMAIL + +sudo certbot certonly --standalone --preferred-challenges http-01 -d DOMAIN + + /etc/letsencrypt/live/DOMAIN/fullchain.pem + /etc/letsencrypt/live/DOMAIN/privkey.pem + +sudo openssl dhparam -dsaparam -out /etc/letsencrypt/ssl-dhparams.pem 4096 + +sudo vim /etc/letsencrypt/options-ssl-nginx.conf + + ssl_session_cache shared:le_nginx_SSL:10m; + ssl_session_timeout 1440m; + + ssl_protocols TLSv1.2 TLSv1.3; + ssl_prefer_server_ciphers on; + + ssl_ciphers "ECDHE-RSA-AES256-GCM-SHA512:DHE-RSA-AES256-GCM-SHA512:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA38"; + + add_header Strict-Transport-Security "max-age=63072000; preload"; + add_header X-Frame-Options "SAMEORIGIN"; + add_header X-Content-Type-Options nosniff; + add_header X-XSS-Protection "1; mode=block"; + add_header Permissions-Policy interest-cohort=(); + +sudo vim /etc/letsencrypt/certbot.conf + + ssl_certificate /etc/letsencrypt/live/DOMAIN/fullchain.pem; + ssl_certificate_key /etc/letsencrypt/live/DOMAIN/privkey.pem; + include /etc/letsencrypt/options-ssl-nginx.conf; + ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; + + +sudo apt install nginx + +sudo vim /etc/nginx/nginx.conf + + user www-data; + worker_processes auto; + worker_rlimit_nofile 20480; + pid /run/nginx.pid; + + error_log /var/log/nginx/error.log warn; + + events { + worker_connections 5120; + } + + http { + include /etc/nginx/mime.types; + default_type application/octet-stream; + + server_tokens off; + log_format main '$remote_addr - $remote_user [$time_local] "$request" ' + '$status $body_bytes_sent "$http_referer" ' + '"$http_user_agent" "$http_x_forwarded_for"'; + + access_log /var/log/nginx/access.log main; + + sendfile on; + + keepalive_timeout 65; + + include /etc/nginx/sites-enabled/*.conf; + + disable_symlinks off; + + client_max_body_size 50m; + + include /etc/nginx/badagent.rules; + include /etc/nginx/badreferer.rules; + } + +sudo vim /etc/nginx/sites-available/seafile.cuates.net.conf + + server { + listen 443 ssl http2; + listen [::]:443 ssl http2; + server_name seafile.cuates.net; + charset utf-8; + + include /etc/letsencrypt/custom/elmau.net/certbot.conf; + proxy_set_header X-Forwarded-For $remote_addr; + server_tokens off; + + access_log /var/log/nginx/access.log; + error_log /var/log/nginx/error.log; + + client_max_body_size 0; + + location / { + proxy_pass http://127.0.0.1:8000; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Host $server_name; + proxy_set_header X-Forwarded-Proto https; + proxy_read_timeout 1200s; + } + + location /seafhttp { + rewrite ^/seafhttp(.*)$ $1 break; + proxy_pass http://127.0.0.1:8082; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_connect_timeout 36000s; + proxy_read_timeout 36000s; + proxy_send_timeout 36000s; + send_timeout 36000s; + } + + location /media { + root /opt/seafile/seafile-server-latest/seahub; + } + + } + + +sudo ln -s /etc/nginx/sites-available/seafile.cuates.net.conf /etc/nginx/sites-enabled/ + +sudo nginx -t + + nginx: the configuration file /etc/nginx/nginx.conf syntax is ok + nginx: configuration file /etc/nginx/nginx.conf test is successful + + +cd /opt/seafile/conf + +vim ccnet.conf + + [General] + SERVICE_URL = https://seafile.cuates.net + +vim seahub_settings.py + + FILE_SERVER_ROOT = 'https://seafile.elmau.net/seafhttp' + + EMAIL_USE_SSL = True + EMAIL_HOST = 'mail.gandi.net' + EMAIL_HOST_USER = 'no-responder@empresalibre.mx' + EMAIL_PORT = 465 + EMAIL_USE_LOCALTIME = True + EMAIL_HOST_PASSWORD = 'PASSWORD' + DEFAULT_FROM_EMAIL = EMAIL_HOST_USER + SERVER_EMAIL = EMAIL_HOST_USER + + ENABLE_SETTINGS_VIA_WEB = False + + ALLOWED_HOSTS = ['seafile.elmau.net'] + + ENABLE_SIGNUP = True + + ACTIVATE_AFTER_REGISTRATION = False + + NOTIFY_ADMIN_AFTER_REGISTRATION = True + + LOGIN_ATTEMPT_LIMIT = 3 + + FREEZE_USER_ON_LOGIN_FAILED = True + + USER_PASSWORD_MIN_LENGTH = 10 + + SESSION_EXPIRE_AT_BROWSER_CLOSE = True + + TIME_ZONE = 'America/Mexico_City' + + LANGUAGE_CODE = 'en' + + LANGUAGES = ( + ('en', 'English'), + ('es', 'Español'), + ) + + SITE_NAME = 'Seafile Cuates' + + SITE_TITLE = SITE_NAME + + SHARE_LINK_EMAIL_LANGUAGE = 'es-ES' + + REST_FRAMEWORK = { + 'DEFAULT_THROTTLE_RATES': { + 'ping': '600/minute', + 'anon': '5/minute', + 'user': '300/minute', + }, + 'UNICODE_JSON': False, + } + + CACHES = { + 'default': { + 'BACKEND': 'django_pylibmc.memcached.PyLibMCCache', + 'LOCATION': '127.0.0.1:11211', + }, + } + + +sudo vim /etc/systemd/system/seafile.service + + [Unit] + Description=Seafile + After=network.target mysql.service + + [Service] + Type=forking + ExecStart=/opt/seafile/seafile-server-latest/seafile.sh start + ExecStop=/opt/seafile/seafile-server-latest/seafile.sh stop + LimitNOFILE=infinity + User=seafile + Group=www-data + + [Install] + WantedBy=multi-user.target + +sudo vim /etc/systemd/system/seahub.service + + [Unit] + Description=Seahub + After=network.target seafile.service + + [Service] + Environment="LC_ALL=en_US.UTF-8" + Type=forking + ExecStart=/opt/seafile/seafile-server-latest/seahub.sh start + ExecStop=/opt/seafile/seafile-server-latest/seahub.sh stop + User=seafile + Group=www-data + + [Install] + WantedBy=multi-user.target + +sudo systemctl enable seafile +sudo systemctl start seafile + +sudo systemctl enable seahub +sudo systemctl start seahub + +sudo systemctl restart nginx + + +sudo apt install ufw + +sudo ufw allow 2274/tcp + +sudo ufw allow 443/tcp + +sudo ufw enable + + diff --git a/source/notes/simplelogin.gmi b/source/notes/simplelogin.gmi new file mode 100644 index 0000000..92bb68d --- /dev/null +++ b/source/notes/simplelogin.gmi @@ -0,0 +1,65 @@ +SimpleLogin + +Servidor para alias de correo. + + +sudo apt install dnsutils apt-transport-https + +cd /opt + +sudo mkdir simplelogin +sudo mkdir simplelogin/pgp # to store PGP key +sudo mkdir simplelogin/db # to store database +sudo mkdir simplelogin/upload # to store quarantine emails + +cd simplelogin + +sudo openssl genrsa -out dkim.key 2048 +sudo openssl rsa -in dkim.key -pubout -out dkim.pub.key + + +curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo gpg --dearmor -o /usr/share/keyrings/docker-archive-keyring.gpg + +echo "deb [arch=amd64 signed-by=/usr/share/keyrings/docker-archive-keyring.gpg] https://download.docker.com/linux/ubuntu $(lsb_release -cs) stable" | sudo tee /etc/apt/sources.list.d/docker.list > /dev/null + +sudo apt update + +sudo apt install docker-ce docker-ce-cli containerd.io + +sudo usermod -aG docker $USER + + +sudo docker network create -d bridge \ + --subnet=240.0.0.0/24 \ + --gateway=240.0.0.1 \ + sl-network + + +docker run -d \ + --name sl-db \ + -e POSTGRES_PASSWORD=PASSWORD \ + -e POSTGRES_USER=simplelogisudo aptn \ + -e POSTGRES_DB=simplelogin \ + -p 5432:5432 \ + -v /opt/simplelogin/db:/var/lib/postgresql/data \ + --restart always \ + --network="sl-network" \ + postgres:12.1 + + +docker exec -it sl-db psql -U simplelogin simplelogin + + + +sudo apt install postfix postfix-pgsql + + + + + + + + + + +