elmau
/
iredmail-doc
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

New: cloud-platform.best.practice.html.

This commit is contained in:
Zhang Huangbin 2018-09-03 11:43:13 +08:00
parent 3a8190b49e
commit 73a64e3766
3 changed files with 372 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

159
en_US/cloud/cloud-platform.best.practice.md Normal file
View File

@ -0,0 +1,159 @@
# Best Practice
[TOC]
iRedMail cloud deployment platform maintains core config files,
it's normal that you want to override some settings in default setup, please
follow some simple rules to store your custom settings, and do not modify the
core config files managed by iRedMail cloud platform.
* If software supports loading settings from multiple config files, you can
write your own config file under `/opt/iredmail/custom/<software-name>/`
without touching its core config files under `/etc/`. For example, Dovecot,
MariaDB, Roundcube, etc.
* If software does not support loading settings from multiple config files,
you may need to apply your own settings by running commands to modify
config files under `/etc/` directly. For example, Postfix (use `postconf`
command). Commands can be written in file
`/opt/iredmail/custom/postfix/custom.sh`, it's ran by iRedMail cloud
deployment platform each time it deploys or upgrades this software.
* If software doesn't support overriding existing settings, you may need to
remove existing config file first, then write your own config file with new
setting. for example, Nginx. In this case, you need to update
`/opt/iredmail/custom/nginx/custom.sh` to remove config file first, then
write your own config files under `/opt/iredmail/custom/nginx/`.
### MariaDB
- `/opt/iredmail/custom/mysql/`:
- All files end with `.cnf` will be loaded by Mariadb.
- It will override existing settings defined in files under `/etc/mysql/`.
Sample config file, `/opt/iredmail/custom/mysql/custom.conf`:
```
[mysqld]
max_connections = 1024
```
### Nginx
- `/opt/iredmail/custom/nginx/custom.sh`:
- a bash shell script for advanced customization. This file will be executed
every time iRedMail cloud platform deploys / upgrades the Nginx component.
A sample usage: Nginx doesn't support override existing settings by
same parameter from another config file, so you can use `rm` command in
this file (`custom.sh`) to remove the config file generated by iRedMail
cloud platform.
- `/opt/iredmail/custom/nginx/conf-enabled`: additional Nginx global settings used inside `http {}` block.
- If you want to override a parameter which is already defined in
`/etc/nginx/conf-enabled/`, please update `/opt/iredmail/custom/nginx/custom.sh`
to remove file under `/etc/nginx/conf-enabled/` first, then write your
own config file under `/opt/iredmail/custom/nginx/conf-enabled/` to set
a proper value.
- `/opt/iredmail/custom/nginx/sites-conf.d/default-ssl/`: additional settings for default https website (inside the `server {}` block).
- `/opt/iredmail/custom/nginx/sites-enabled/`: additional virtual web hosts.
#### Directory Structure
iRedMail uses the directory structure recommended by Debian/Ubuntu:
```
/etc/nginx/ # all config files
|- conf-available/ # store settings used inside Nginx `http {}` block.
# Note: files under this directory are NOT
# loaded by Nginx directly.
|- conf-enabled/ # symbol links to files under `conf-available/`.
# Note: files under this directory are
# loaded by Nginx directly.
|- sites-available/ # store virtual web host config files.
# Note: files under this directory are NOT
# loaded by Nginx directly.
|- sites-enabled/ # symbol links to files under `sites-available/`.
# Note: files under this directory are
# loaded by Nginx directly.
|- sites-conf.d/
|- default-ssl/ # modular config files used by default
# virtual web host.
/opt/iredmail/custom/nginx/ # all custom config files.
|- conf-available/
|- conf-enabled/
|- sites-available/
|- sites-enabled/
|- custom.sh # shell script used for advanced customization
```
### Postfix
Postfix doesn't support loading settings from multiple files.
- `/opt/iredmail/custom/postfix/main.cf`: If this file exists, `/etc/postfix/main.cf` will be a symbol link to this file.
- `/opt/iredmail/custom/postfix/master.cf`: If this file exists, `/etc/postfix/master.cf` will be a symbol link to this file.
- `/opt/iredmail/custom/postfix/custom.sh`: a bash shell script for advanced customization
- `/opt/iredmail/custom/postfix/helo_access.pcre`
- `/opt/iredmail/custom/postfix/postscreen_access.cidr`
### Dovecot
Dovecot supports loading from mulitple config files, and settings will be
overrode by the last one.
- `/opt/iredmail/custom/dovecot/conf-enabled/`: store custom Dovecot settings.
- `/opt/iredmail/custom/dovecot/custom.sh`: a bash shell script used for advanced customization
### Roundcube
- `/opt/iredmail/custom/roundcube/custom.inc.php`.
All your custom settings should be placed in this file, and do __NOT__
touch main config file `/opt/www/roundcubemail/config/config.inc.php`.
- `/opt/iredmail/custom/roundcube/plugins/`: all third-party / custom
plugins should be placed under this directory. Plugins will be linked
to `/opt/www/roundcubemail/plugins/` automatically.
- `/opt/iredmail/custom/roundcube/skins/`: all third-party / custom
skins should be placed under this directory. Skins will be linked
to `/opt/www/roundcubemail/skins/` automatically.
### SOGo
- `/opt/iredmail/custom/sogo/sogo.conf`: If this file exists, `/etc/sogo/sogo.conf` will be a symbol link to this file.
- `/opt/iredmail/custom/sogo/custom.sh`: a bash shell script for advanced customization
Currently SOGo doesnt support `include` directive to load config
from multiple files, so you can either maintain your own SOGo config
file (`/opt/iredmail/custom/sogo/sogo.conf`) or use the `custom.sh`
shell script to do even more complex customization.
### iRedAPD
- `/opt/iredmail/custom/iredapd/settings.py`. It will be linked to `/opt/www/iredapd/custom_settings.py` also.
### iRedAdmin
- `/opt/iredmail/custom/iredadmin/settings.py`. it will be linked to `/opt/www/iredadmin/custom_settings.py` also.
### Amavisd
- `/opt/iredmail/custom/amavisd/amavisd.conf`
### Fail2ban
- `/opt/iredmail/custom/fail2ban/jail.local`: used to override settings in
`[DEFAULT]` section of main fail2ban config file. For example, `maxretry`, `findtime`, `bantime`,
`ignoreip`.
- `/opt/iredmail/custom/dovecot/custom.sh`: used for advanced customization.
for example, if you have some new jails, you can write jail config files under
`/opt/iredmail/custom/fail2ban/` too (you're free to create sub-folder to
store the jail config files), then use `custom.sh` to create symbol link
of jails you want to enable under `/etc/fail2ban/jail.d/`.

212
html/cloud-platform.best.practice.html Normal file
View File

@ -0,0 +1,212 @@
<!DOCTYPE html>
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>Best Practice</title>
<link rel="stylesheet" type="text/css" href="./css/markdown.css" />
</head>
<body>
<div id="navigation">
<a href="https://www.iredmail.org" target="_blank">
<img alt="iRedMail web site"
src="./images/logo-iredmail.png"
style="vertical-align: middle; height: 30px;"
/>&nbsp;
<span>iRedMail</span>
</a>
&nbsp;&nbsp;//&nbsp;&nbsp;<a href="./index.html">Document Index</a></div><h1 id="best-practice">Best Practice</h1>
<div class="toc">
<ul>
<li><a href="#best-practice">Best Practice</a><ul>
<li><a href="#mariadb">MariaDB</a></li>
<li><a href="#nginx">Nginx</a><ul>
<li><a href="#directory-structure">Directory Structure</a></li>
</ul>
</li>
<li><a href="#postfix">Postfix</a></li>
<li><a href="#dovecot">Dovecot</a></li>
<li><a href="#roundcube">Roundcube</a></li>
<li><a href="#sogo">SOGo</a></li>
<li><a href="#iredapd">iRedAPD</a></li>
<li><a href="#iredadmin">iRedAdmin</a></li>
<li><a href="#amavisd">Amavisd</a></li>
<li><a href="#fail2ban">Fail2ban</a></li>
</ul>
</li>
</ul>
</div>
<p>iRedMail cloud deployment platform maintains core config files,
it's normal that you want to override some settings in default setup, please
follow some simple rules to store your custom settings, and do not modify the
core config files managed by iRedMail cloud platform.</p>
<ul>
<li>If software supports loading settings from multiple config files, you can
write your own config file under <code>/opt/iredmail/custom/&lt;software-name&gt;/</code>
without touching its core config files under <code>/etc/</code>. For example, Dovecot,
MariaDB, Roundcube, etc.</li>
<li>If software does not support loading settings from multiple config files,
you may need to apply your own settings by running commands to modify
config files under <code>/etc/</code> directly. For example, Postfix (use <code>postconf</code>
command). Commands can be written in file
<code>/opt/iredmail/custom/postfix/custom.sh</code>, it's ran by iRedMail cloud
deployment platform each time it deploys or upgrades this software.</li>
<li>If software doesn't support overriding existing settings, you may need to
remove existing config file first, then write your own config file with new
setting. for example, Nginx. In this case, you need to update
<code>/opt/iredmail/custom/nginx/custom.sh</code> to remove config file first, then
write your own config files under <code>/opt/iredmail/custom/nginx/</code>.</li>
</ul>
<h3 id="mariadb">MariaDB</h3>
<ul>
<li><code>/opt/iredmail/custom/mysql/</code>:<ul>
<li>All files end with <code>.cnf</code> will be loaded by Mariadb.</li>
<li>It will override existing settings defined in files under <code>/etc/mysql/</code>.</li>
</ul>
</li>
</ul>
<p>Sample config file, <code>/opt/iredmail/custom/mysql/custom.conf</code>:</p>
<pre><code>[mysqld]
max_connections = 1024
</code></pre>
<h3 id="nginx">Nginx</h3>
<ul>
<li>
<p><code>/opt/iredmail/custom/nginx/custom.sh</code>:</p>
<ul>
<li>a bash shell script for advanced customization. This file will be executed
every time iRedMail cloud platform deploys / upgrades the Nginx component.</li>
</ul>
<p>A sample usage: Nginx doesn't support override existing settings by
same parameter from another config file, so you can use <code>rm</code> command in
this file (<code>custom.sh</code>) to remove the config file generated by iRedMail
cloud platform.</p>
</li>
<li>
<p><code>/opt/iredmail/custom/nginx/conf-enabled</code>: additional Nginx global settings used inside <code>http {}</code> block.</p>
<ul>
<li>If you want to override a parameter which is already defined in
<code>/etc/nginx/conf-enabled/</code>, please update <code>/opt/iredmail/custom/nginx/custom.sh</code>
to remove file under <code>/etc/nginx/conf-enabled/</code> first, then write your
own config file under <code>/opt/iredmail/custom/nginx/conf-enabled/</code> to set
a proper value.</li>
</ul>
</li>
<li>
<p><code>/opt/iredmail/custom/nginx/sites-conf.d/default-ssl/</code>: additional settings for default https website (inside the <code>server {}</code> block).</p>
</li>
<li><code>/opt/iredmail/custom/nginx/sites-enabled/</code>: additional virtual web hosts.</li>
</ul>
<h4 id="directory-structure">Directory Structure</h4>
<p>iRedMail uses the directory structure recommended by Debian/Ubuntu:</p>
<pre><code>/etc/nginx/ # all config files
|- conf-available/ # store settings used inside Nginx `http {}` block.
# Note: files under this directory are NOT
# loaded by Nginx directly.
|- conf-enabled/ # symbol links to files under `conf-available/`.
# Note: files under this directory are
# loaded by Nginx directly.
|- sites-available/ # store virtual web host config files.
# Note: files under this directory are NOT
# loaded by Nginx directly.
|- sites-enabled/ # symbol links to files under `sites-available/`.
# Note: files under this directory are
# loaded by Nginx directly.
|- sites-conf.d/
|- default-ssl/ # modular config files used by default
# virtual web host.
/opt/iredmail/custom/nginx/ # all custom config files.
|- conf-available/
|- conf-enabled/
|- sites-available/
|- sites-enabled/
|- custom.sh # shell script used for advanced customization
</code></pre>
<h3 id="postfix">Postfix</h3>
<p>Postfix doesn't support loading settings from multiple files.</p>
<ul>
<li><code>/opt/iredmail/custom/postfix/main.cf</code>: If this file exists, <code>/etc/postfix/main.cf</code> will be a symbol link to this file.</li>
<li><code>/opt/iredmail/custom/postfix/master.cf</code>: If this file exists, <code>/etc/postfix/master.cf</code> will be a symbol link to this file.</li>
<li><code>/opt/iredmail/custom/postfix/custom.sh</code>: a bash shell script for advanced customization</li>
<li><code>/opt/iredmail/custom/postfix/helo_access.pcre</code></li>
<li><code>/opt/iredmail/custom/postfix/postscreen_access.cidr</code></li>
</ul>
<h3 id="dovecot">Dovecot</h3>
<p>Dovecot supports loading from mulitple config files, and settings will be
overrode by the last one.</p>
<ul>
<li><code>/opt/iredmail/custom/dovecot/conf-enabled/</code>: store custom Dovecot settings.</li>
<li><code>/opt/iredmail/custom/dovecot/custom.sh</code>: a bash shell script used for advanced customization</li>
</ul>
<h3 id="roundcube">Roundcube</h3>
<ul>
<li><code>/opt/iredmail/custom/roundcube/custom.inc.php</code>.</li>
</ul>
<p>All your custom settings should be placed in this file, and do <strong>NOT</strong>
touch main config file <code>/opt/www/roundcubemail/config/config.inc.php</code>.</p>
<ul>
<li>
<p><code>/opt/iredmail/custom/roundcube/plugins/</code>: all third-party / custom
plugins should be placed under this directory. Plugins will be linked
to <code>/opt/www/roundcubemail/plugins/</code> automatically.</p>
</li>
<li>
<p><code>/opt/iredmail/custom/roundcube/skins/</code>: all third-party / custom
skins should be placed under this directory. Skins will be linked
to <code>/opt/www/roundcubemail/skins/</code> automatically.</p>
</li>
</ul>
<h3 id="sogo">SOGo</h3>
<ul>
<li><code>/opt/iredmail/custom/sogo/sogo.conf</code>: If this file exists, <code>/etc/sogo/sogo.conf</code> will be a symbol link to this file.</li>
<li>
<p><code>/opt/iredmail/custom/sogo/custom.sh</code>: a bash shell script for advanced customization</p>
<p>Currently SOGo doesnt support <code>include</code> directive to load config
from multiple files, so you can either maintain your own SOGo config
file (<code>/opt/iredmail/custom/sogo/sogo.conf</code>) or use the <code>custom.sh</code>
shell script to do even more complex customization.</p>
</li>
</ul>
<h3 id="iredapd">iRedAPD</h3>
<ul>
<li><code>/opt/iredmail/custom/iredapd/settings.py</code>. It will be linked to <code>/opt/www/iredapd/custom_settings.py</code> also.</li>
</ul>
<h3 id="iredadmin">iRedAdmin</h3>
<ul>
<li><code>/opt/iredmail/custom/iredadmin/settings.py</code>. it will be linked to <code>/opt/www/iredadmin/custom_settings.py</code> also.</li>
</ul>
<h3 id="amavisd">Amavisd</h3>
<ul>
<li><code>/opt/iredmail/custom/amavisd/amavisd.conf</code></li>
</ul>
<h3 id="fail2ban">Fail2ban</h3>
<ul>
<li><code>/opt/iredmail/custom/fail2ban/jail.local</code>: used to override settings in
<code>[DEFAULT]</code> section of main fail2ban config file. For example, <code>maxretry</code>, <code>findtime</code>, <code>bantime</code>,
<code>ignoreip</code>.</li>
<li><code>/opt/iredmail/custom/dovecot/custom.sh</code>: used for advanced customization.
for example, if you have some new jails, you can write jail config files under
<code>/opt/iredmail/custom/fail2ban/</code> too (you're free to create sub-folder to
store the jail config files), then use <code>custom.sh</code> to create symbol link
of jails you want to enable under <code>/etc/fail2ban/jail.d/</code>.</li>
</ul><div class="footer">
<p style="text-align: center; color: grey;">All documents are available in <a href="https://bitbucket.org/zhb/iredmail-docs/src">BitBucket repository</a>, and published under <a href="http://creativecommons.org/licenses/by-nd/3.0/us/" target="_blank">Creative Commons</a> license. You can <a href="https://bitbucket.org/zhb/iredmail-docs/get/tip.tar.bz2">download the latest version</a> for offline reading. If you found something wrong, please do <a href="https://www.iredmail.org/contact.html">contact us</a> to fix it.</p>
</div>
<!-- Global site tag (gtag.js) - Google Analytics -->
<script async src="https://www.googletagmanager.com/gtag/js?id=UA-3293801-21"></script>
<script>
window.dataLayer = window.dataLayer || [];
function gtag(){dataLayer.push(arguments);}
gtag('js', new Date());
gtag('config', 'UA-3293801-21');
</script>
</body></html>

1
html/index.html
View File

@ -83,6 +83,7 @@
</ul>
<h3 id="iredmail-cloud-deployment-platform">iRedMail Cloud Deployment Platform</h3>
<ul>
<li><a href="cloud-platform.best.practice.html">Best Practice</a></li>
<li><a href="cloud-platform.setup.sudo.html">Setup sudo for cloud deployment</a></li>
<li><a href="cloud-platform.what.is.ssh.jump.server.html">What is SSH jump server</a></li>
<li><a href="cloud.platform.changelog.html">Release Notes of iRedMail Cloud Platform</a></li>