From 38637696d3d686884be2d018fd0c3337a8b7002e Mon Sep 17 00:00:00 2001 From: Zhang Huangbin Date: Tue, 30 Jul 2019 09:47:58 +0800 Subject: [PATCH] Update iredmail-easy.best.practice.html. --- .../2-iredmail-easy.best.practice.md | 38 ++++- .../8-migrate.to.iredmail.easy.md | 5 +- html/iredmail-easy.best.practice.html | 147 +++++++++++++++++- html/migrate.to.iredmail.easy.html | 5 +- 4 files changed, 184 insertions(+), 11 deletions(-) diff --git a/en_US/iredmail-easy/2-iredmail-easy.best.practice.md b/en_US/iredmail-easy/2-iredmail-easy.best.practice.md index 6c9fc469..ebf76881 100644 --- a/en_US/iredmail-easy/2-iredmail-easy.best.practice.md +++ b/en_US/iredmail-easy/2-iredmail-easy.best.practice.md @@ -141,15 +141,47 @@ To get rid of self-signed cert, you can either: * [Request a free cert from Let's Encrypt](./letsencrypt.html), or * [Use a bought SSL certificate](./use.a.bought.ssl.certificate.html). -## Softwares +## Passwords + +* iRedMail Easy doesn't store any SQL/LDAP passwords on its deployment servers, + instead it generates and reads from files under `/root/.iredmail/kv/` on + __YOUR__ server to get the passwords. +* Files under `/root/.iredmail/kv/` contain only one line. +* If you changed any of them, please update files under `/root/.iredmail/kv/` + also, so that iRedMail Easy can get correct password when you perform upgrade. + +Backend | File Name | Comment | Value could be found in file +---|---|---|--- +LDAP, MySQL | `sql_user_root` | MySQL root password. | `/root/.my.cnf` +PostgreSQL | `sql_user_postgres` (Linux)
`sql_user__postgresql` (OpenBSD) | PostgreSQL root password. | `/var/lib/pgsql/.pgpass` (CentOS), or `/var/lib/postgresql/.pgpass` (Debian/Ubuntu), `/var/postgresql/.pgpass` (OpenBSD) +LDAP | `ldap_root_password` | Password of LDAP root dn (cn=Manager,dc=xx,dc=xx) | +LDAP | `ldap_vmail_password` | Password of LDAP dn `cn=vmail,dc=xx,dc=xx` | `/etc/postfix/ldap/*.cf` +LDAP | `ldap_vmailadmin_password` | Password of LDAP dn `cn=vmailadmin,dc=xx,dc=xx` | `/opt/www/iredadmin/settings.py` +ALL | `sql_user_vmail` | Password of SQL user `vmail` | `/etc/postfix/mysql/*.cf` or `/etc/postfix/pgsql/*.cf` +ALL | `sql_user_vmailadmin` | Password of SQL user `vmailadmin` | `/opt/www/iredadmin/settings.py` +ALL | `sql_user_amavisd` | Password of SQL user `amavisd` | `/etc/amavisd/amavisd.conf` (Linux/OpenBSD)
`/etc/amavis/conf.d/50-user` (Debian/Ubuntu) +ALL | `sql_user_sa_bayes` | Password of SQL user `sa_bayes` | `/etc/mail/spamassassin/local.cf` +ALL | `sql_user_iredadmin` | Password of SQL user `iredadmin` | `/opt/www/iredadmin/settings.py` +ALL | `sql_user_iredapd` | Password of SQL user `iredapd` | `/opt/iredapd/settings.py` +ALL | `sql_user_roundcube` | Password of SQL user `roundcube` | `/root/.my.cnf-roundcube` or `/opt/www/roundcubemail/config/config.inc.php` +ALL | `sql_user_sogo` | Password of SQL user `sogo` | `/etc/sogo/sogo.conf` +ALL | `sql_user_netdata` | Password of SQL user `netdata` | `/root/.my.cnf-netdata` or `/opt/netdata/etc/netdata/my.cnf` +ALL | `iredapd_srs_secret` | The secret string used to sign SRS. | `/opt/iredapd/settings.py`, parameter `srs_secrets =`. +ALL | `sogo_sieve_master_password` | The Dovecot master user used by SOGo. | `/etc/sogo/sieve.cred`. +ALL | `roundcube_des_key` | The DES key used by Roundcube to encrypt the session. | `/opt/www/roundcubemail/config/config.inc.php`, parameter `$config['des_key'] =`. +ALL | `mlmmjadmin_api_token` | API token for authentication. | `/opt/mlmmjadmin/settings.py`, parameter `api_auth_tokens =`. +ALL | `first_domain_admin_password` | Password of the mail user `postmaster@`. | `your-domain.com` is the first mail domain name you (are going to) set in mail server profile page on iRedMail Easy platform, you can find it in mail server profile page, under tab `Settings`. + +## Custom settings used by softwares ### MariaDB - `/opt/iredmail/custom/mysql/`: - All files end with `.cnf` will be loaded by Mariadb. - - It will override existing settings defined in files under `/etc/mysql/`. + - It will override existing settings defined in files under `/etc/mysql/` (Linux) + or `/usr/local/etc/mysql/` (FreeBSD). -Sample config file, `/opt/iredmail/custom/mysql/custom.conf`: + Sample config file, `/opt/iredmail/custom/mysql/custom.conf`: ``` [mysqld] diff --git a/en_US/iredmail-easy/8-migrate.to.iredmail.easy.md b/en_US/iredmail-easy/8-migrate.to.iredmail.easy.md index cf684180..e2c9af0c 100644 --- a/en_US/iredmail-easy/8-migrate.to.iredmail.easy.md +++ b/en_US/iredmail-easy/8-migrate.to.iredmail.easy.md @@ -46,8 +46,9 @@ Please backup all important data before preparing the migration, including but n ## Create required files used by iRedMail Easy -iRedMail Easy doesn't store any SQL/LDAP passwords, instead it reads from files -under `/root/.iredmail/kv/` on your server to get them. +iRedMail Easy doesn't store any SQL/LDAP passwords on its deployment servers, +instead it reads from files under `/root/.iredmail/kv/` on your server to get +the passwords. Please create these files under `/root/.iredmail/kv/` with correct passwords manually, each file should contain only one line, passwords must be in plain diff --git a/html/iredmail-easy.best.practice.html b/html/iredmail-easy.best.practice.html index 8e2cb9bb..b9df5e2f 100644 --- a/html/iredmail-easy.best.practice.html +++ b/html/iredmail-easy.best.practice.html @@ -27,7 +27,8 @@
  • SSL cert
    • -
  • Softwares
      +
    • Passwords
      • +
    • Custom settings used by softwares -

      Softwares

      +

      Passwords

      +
        +
      • iRedMail Easy doesn't store any SQL/LDAP passwords on its deployment servers, + instead it generates and reads from files under /root/.iredmail/kv/ on + YOUR server to get the passwords.
        • +
      • Files under /root/.iredmail/kv/ contain only one line.
        • +
      • If you changed any of them, please update files under /root/.iredmail/kv/ + also, so that iRedMail Easy can get correct password when you perform upgrade.
        • +
      + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
      BackendFile NameCommentValue could be found in file
      LDAP, MySQLsql_user_rootMySQL root password./root/.my.cnf
      PostgreSQLsql_user_postgres (Linux)
      sql_user__postgresql (OpenBSD)      		PostgreSQL root password./var/lib/pgsql/.pgpass (CentOS), or /var/lib/postgresql/.pgpass (Debian/Ubuntu), /var/postgresql/.pgpass (OpenBSD)
      LDAPldap_root_passwordPassword of LDAP root dn (cn=Manager,dc=xx,dc=xx)
      LDAPldap_vmail_passwordPassword of LDAP dn cn=vmail,dc=xx,dc=xx/etc/postfix/ldap/*.cf
      LDAPldap_vmailadmin_passwordPassword of LDAP dn cn=vmailadmin,dc=xx,dc=xx/opt/www/iredadmin/settings.py
      ALLsql_user_vmailPassword of SQL user vmail/etc/postfix/mysql/*.cf or /etc/postfix/pgsql/*.cf
      ALLsql_user_vmailadminPassword of SQL user vmailadmin/opt/www/iredadmin/settings.py
      ALLsql_user_amavisdPassword of SQL user amavisd/etc/amavisd/amavisd.conf (Linux/OpenBSD)
      /etc/amavis/conf.d/50-user (Debian/Ubuntu)
      ALLsql_user_sa_bayesPassword of SQL user sa_bayes/etc/mail/spamassassin/local.cf
      ALLsql_user_iredadminPassword of SQL user iredadmin/opt/www/iredadmin/settings.py
      ALLsql_user_iredapdPassword of SQL user iredapd/opt/iredapd/settings.py
      ALLsql_user_roundcubePassword of SQL user roundcube/root/.my.cnf-roundcube or /opt/www/roundcubemail/config/config.inc.php
      ALLsql_user_sogoPassword of SQL user sogo/etc/sogo/sogo.conf
      ALLsql_user_netdataPassword of SQL user netdata/root/.my.cnf-netdata or /opt/netdata/etc/netdata/my.cnf
      ALLiredapd_srs_secretThe secret string used to sign SRS./opt/iredapd/settings.py, parameter srs_secrets =.
      ALLsogo_sieve_master_passwordThe Dovecot master user used by SOGo./etc/sogo/sieve.cred.
      ALLroundcube_des_keyThe DES key used by Roundcube to encrypt the session./opt/www/roundcubemail/config/config.inc.php, parameter $config['des_key'] =.
      ALLmlmmjadmin_api_tokenAPI token for authentication./opt/mlmmjadmin/settings.py, parameter api_auth_tokens =.
      ALLfirst_domain_admin_passwordPassword of the mail user postmaster@<your-domain.com>.your-domain.com is the first mail domain name you (are going to) set in mail server profile page on iRedMail Easy platform, you can find it in mail server profile page, under tab Settings.
      +

      Custom settings used by softwares

      MariaDB

      • /opt/iredmail/custom/mysql/:
        • All files end with .cnf will be loaded by Mariadb.
          • -
        • It will override existing settings defined in files under /etc/mysql/.
          • +
        • +

          It will override existing settings defined in files under /etc/mysql/ (Linux) + or /usr/local/etc/mysql/ (FreeBSD).

          +

          Sample config file, /opt/iredmail/custom/mysql/custom.conf:

          +
      -

      Sample config file, /opt/iredmail/custom/mysql/custom.conf:

      [mysqld]
 max_connections     = 1024
      diff --git a/html/migrate.to.iredmail.easy.html b/html/migrate.to.iredmail.easy.html index 26eb3ee3..2f07212f 100644 --- a/html/migrate.to.iredmail.easy.html +++ b/html/migrate.to.iredmail.easy.html @@ -81,8 +81,9 @@ under /opt/iredmail/custom/<software>/.

    Create required files used by iRedMail Easy

    -

    iRedMail Easy doesn't store any SQL/LDAP passwords, instead it reads from files -under /root/.iredmail/kv/ on your server to get them.

    +

    iRedMail Easy doesn't store any SQL/LDAP passwords on its deployment servers, +instead it reads from files under /root/.iredmail/kv/ on your server to get +the passwords.

    Please create these files under /root/.iredmail/kv/ with correct passwords manually, each file should contain only one line, passwords must be in plain text, not the hashed one.