New: cloud-platform.best.practice.html.
This commit is contained in:
parent
3a8190b49e
commit
73a64e3766
|
@ -0,0 +1,159 @@
|
|||
# Best Practice
|
||||
|
||||
[TOC]
|
||||
|
||||
iRedMail cloud deployment platform maintains core config files,
|
||||
it's normal that you want to override some settings in default setup, please
|
||||
follow some simple rules to store your custom settings, and do not modify the
|
||||
core config files managed by iRedMail cloud platform.
|
||||
|
||||
* If software supports loading settings from multiple config files, you can
|
||||
write your own config file under `/opt/iredmail/custom/<software-name>/`
|
||||
without touching its core config files under `/etc/`. For example, Dovecot,
|
||||
MariaDB, Roundcube, etc.
|
||||
* If software does not support loading settings from multiple config files,
|
||||
you may need to apply your own settings by running commands to modify
|
||||
config files under `/etc/` directly. For example, Postfix (use `postconf`
|
||||
command). Commands can be written in file
|
||||
`/opt/iredmail/custom/postfix/custom.sh`, it's ran by iRedMail cloud
|
||||
deployment platform each time it deploys or upgrades this software.
|
||||
* If software doesn't support overriding existing settings, you may need to
|
||||
remove existing config file first, then write your own config file with new
|
||||
setting. for example, Nginx. In this case, you need to update
|
||||
`/opt/iredmail/custom/nginx/custom.sh` to remove config file first, then
|
||||
write your own config files under `/opt/iredmail/custom/nginx/`.
|
||||
|
||||
### MariaDB
|
||||
|
||||
- `/opt/iredmail/custom/mysql/`:
|
||||
- All files end with `.cnf` will be loaded by Mariadb.
|
||||
- It will override existing settings defined in files under `/etc/mysql/`.
|
||||
|
||||
Sample config file, `/opt/iredmail/custom/mysql/custom.conf`:
|
||||
|
||||
```
|
||||
[mysqld]
|
||||
max_connections = 1024
|
||||
```
|
||||
|
||||
### Nginx
|
||||
|
||||
- `/opt/iredmail/custom/nginx/custom.sh`:
|
||||
- a bash shell script for advanced customization. This file will be executed
|
||||
every time iRedMail cloud platform deploys / upgrades the Nginx component.
|
||||
|
||||
A sample usage: Nginx doesn't support override existing settings by
|
||||
same parameter from another config file, so you can use `rm` command in
|
||||
this file (`custom.sh`) to remove the config file generated by iRedMail
|
||||
cloud platform.
|
||||
|
||||
- `/opt/iredmail/custom/nginx/conf-enabled`: additional Nginx global settings used inside `http {}` block.
|
||||
- If you want to override a parameter which is already defined in
|
||||
`/etc/nginx/conf-enabled/`, please update `/opt/iredmail/custom/nginx/custom.sh`
|
||||
to remove file under `/etc/nginx/conf-enabled/` first, then write your
|
||||
own config file under `/opt/iredmail/custom/nginx/conf-enabled/` to set
|
||||
a proper value.
|
||||
|
||||
- `/opt/iredmail/custom/nginx/sites-conf.d/default-ssl/`: additional settings for default https website (inside the `server {}` block).
|
||||
- `/opt/iredmail/custom/nginx/sites-enabled/`: additional virtual web hosts.
|
||||
|
||||
#### Directory Structure
|
||||
|
||||
iRedMail uses the directory structure recommended by Debian/Ubuntu:
|
||||
|
||||
```
|
||||
/etc/nginx/ # all config files
|
||||
|
||||
|- conf-available/ # store settings used inside Nginx `http {}` block.
|
||||
# Note: files under this directory are NOT
|
||||
# loaded by Nginx directly.
|
||||
|
||||
|- conf-enabled/ # symbol links to files under `conf-available/`.
|
||||
# Note: files under this directory are
|
||||
# loaded by Nginx directly.
|
||||
|
||||
|- sites-available/ # store virtual web host config files.
|
||||
# Note: files under this directory are NOT
|
||||
# loaded by Nginx directly.
|
||||
|
||||
|- sites-enabled/ # symbol links to files under `sites-available/`.
|
||||
# Note: files under this directory are
|
||||
# loaded by Nginx directly.
|
||||
|
||||
|- sites-conf.d/
|
||||
|- default-ssl/ # modular config files used by default
|
||||
# virtual web host.
|
||||
|
||||
/opt/iredmail/custom/nginx/ # all custom config files.
|
||||
|- conf-available/
|
||||
|- conf-enabled/
|
||||
|- sites-available/
|
||||
|- sites-enabled/
|
||||
|- custom.sh # shell script used for advanced customization
|
||||
```
|
||||
|
||||
### Postfix
|
||||
|
||||
Postfix doesn't support loading settings from multiple files.
|
||||
|
||||
- `/opt/iredmail/custom/postfix/main.cf`: If this file exists, `/etc/postfix/main.cf` will be a symbol link to this file.
|
||||
- `/opt/iredmail/custom/postfix/master.cf`: If this file exists, `/etc/postfix/master.cf` will be a symbol link to this file.
|
||||
- `/opt/iredmail/custom/postfix/custom.sh`: a bash shell script for advanced customization
|
||||
- `/opt/iredmail/custom/postfix/helo_access.pcre`
|
||||
- `/opt/iredmail/custom/postfix/postscreen_access.cidr`
|
||||
|
||||
### Dovecot
|
||||
|
||||
Dovecot supports loading from mulitple config files, and settings will be
|
||||
overrode by the last one.
|
||||
|
||||
- `/opt/iredmail/custom/dovecot/conf-enabled/`: store custom Dovecot settings.
|
||||
- `/opt/iredmail/custom/dovecot/custom.sh`: a bash shell script used for advanced customization
|
||||
|
||||
### Roundcube
|
||||
|
||||
- `/opt/iredmail/custom/roundcube/custom.inc.php`.
|
||||
|
||||
All your custom settings should be placed in this file, and do __NOT__
|
||||
touch main config file `/opt/www/roundcubemail/config/config.inc.php`.
|
||||
|
||||
- `/opt/iredmail/custom/roundcube/plugins/`: all third-party / custom
|
||||
plugins should be placed under this directory. Plugins will be linked
|
||||
to `/opt/www/roundcubemail/plugins/` automatically.
|
||||
|
||||
- `/opt/iredmail/custom/roundcube/skins/`: all third-party / custom
|
||||
skins should be placed under this directory. Skins will be linked
|
||||
to `/opt/www/roundcubemail/skins/` automatically.
|
||||
|
||||
### SOGo
|
||||
|
||||
- `/opt/iredmail/custom/sogo/sogo.conf`: If this file exists, `/etc/sogo/sogo.conf` will be a symbol link to this file.
|
||||
- `/opt/iredmail/custom/sogo/custom.sh`: a bash shell script for advanced customization
|
||||
|
||||
Currently SOGo doesn’t support `include` directive to load config
|
||||
from multiple files, so you can either maintain your own SOGo config
|
||||
file (`/opt/iredmail/custom/sogo/sogo.conf`) or use the `custom.sh`
|
||||
shell script to do even more complex customization.
|
||||
|
||||
### iRedAPD
|
||||
|
||||
- `/opt/iredmail/custom/iredapd/settings.py`. It will be linked to `/opt/www/iredapd/custom_settings.py` also.
|
||||
|
||||
### iRedAdmin
|
||||
|
||||
- `/opt/iredmail/custom/iredadmin/settings.py`. it will be linked to `/opt/www/iredadmin/custom_settings.py` also.
|
||||
|
||||
### Amavisd
|
||||
|
||||
- `/opt/iredmail/custom/amavisd/amavisd.conf`
|
||||
|
||||
### Fail2ban
|
||||
|
||||
- `/opt/iredmail/custom/fail2ban/jail.local`: used to override settings in
|
||||
`[DEFAULT]` section of main fail2ban config file. For example, `maxretry`, `findtime`, `bantime`,
|
||||
`ignoreip`.
|
||||
- `/opt/iredmail/custom/dovecot/custom.sh`: used for advanced customization.
|
||||
for example, if you have some new jails, you can write jail config files under
|
||||
`/opt/iredmail/custom/fail2ban/` too (you're free to create sub-folder to
|
||||
store the jail config files), then use `custom.sh` to create symbol link
|
||||
of jails you want to enable under `/etc/fail2ban/jail.d/`.
|
|
@ -0,0 +1,212 @@
|
|||
<!DOCTYPE html>
|
||||
<html>
|
||||
<head>
|
||||
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
|
||||
<title>Best Practice</title>
|
||||
<link rel="stylesheet" type="text/css" href="./css/markdown.css" />
|
||||
</head>
|
||||
<body>
|
||||
|
||||
<div id="navigation">
|
||||
<a href="https://www.iredmail.org" target="_blank">
|
||||
<img alt="iRedMail web site"
|
||||
src="./images/logo-iredmail.png"
|
||||
style="vertical-align: middle; height: 30px;"
|
||||
/>
|
||||
<span>iRedMail</span>
|
||||
</a>
|
||||
// <a href="./index.html">Document Index</a></div><h1 id="best-practice">Best Practice</h1>
|
||||
<div class="toc">
|
||||
<ul>
|
||||
<li><a href="#best-practice">Best Practice</a><ul>
|
||||
<li><a href="#mariadb">MariaDB</a></li>
|
||||
<li><a href="#nginx">Nginx</a><ul>
|
||||
<li><a href="#directory-structure">Directory Structure</a></li>
|
||||
</ul>
|
||||
</li>
|
||||
<li><a href="#postfix">Postfix</a></li>
|
||||
<li><a href="#dovecot">Dovecot</a></li>
|
||||
<li><a href="#roundcube">Roundcube</a></li>
|
||||
<li><a href="#sogo">SOGo</a></li>
|
||||
<li><a href="#iredapd">iRedAPD</a></li>
|
||||
<li><a href="#iredadmin">iRedAdmin</a></li>
|
||||
<li><a href="#amavisd">Amavisd</a></li>
|
||||
<li><a href="#fail2ban">Fail2ban</a></li>
|
||||
</ul>
|
||||
</li>
|
||||
</ul>
|
||||
</div>
|
||||
<p>iRedMail cloud deployment platform maintains core config files,
|
||||
it's normal that you want to override some settings in default setup, please
|
||||
follow some simple rules to store your custom settings, and do not modify the
|
||||
core config files managed by iRedMail cloud platform.</p>
|
||||
<ul>
|
||||
<li>If software supports loading settings from multiple config files, you can
|
||||
write your own config file under <code>/opt/iredmail/custom/<software-name>/</code>
|
||||
without touching its core config files under <code>/etc/</code>. For example, Dovecot,
|
||||
MariaDB, Roundcube, etc.</li>
|
||||
<li>If software does not support loading settings from multiple config files,
|
||||
you may need to apply your own settings by running commands to modify
|
||||
config files under <code>/etc/</code> directly. For example, Postfix (use <code>postconf</code>
|
||||
command). Commands can be written in file
|
||||
<code>/opt/iredmail/custom/postfix/custom.sh</code>, it's ran by iRedMail cloud
|
||||
deployment platform each time it deploys or upgrades this software.</li>
|
||||
<li>If software doesn't support overriding existing settings, you may need to
|
||||
remove existing config file first, then write your own config file with new
|
||||
setting. for example, Nginx. In this case, you need to update
|
||||
<code>/opt/iredmail/custom/nginx/custom.sh</code> to remove config file first, then
|
||||
write your own config files under <code>/opt/iredmail/custom/nginx/</code>.</li>
|
||||
</ul>
|
||||
<h3 id="mariadb">MariaDB</h3>
|
||||
<ul>
|
||||
<li><code>/opt/iredmail/custom/mysql/</code>:<ul>
|
||||
<li>All files end with <code>.cnf</code> will be loaded by Mariadb.</li>
|
||||
<li>It will override existing settings defined in files under <code>/etc/mysql/</code>.</li>
|
||||
</ul>
|
||||
</li>
|
||||
</ul>
|
||||
<p>Sample config file, <code>/opt/iredmail/custom/mysql/custom.conf</code>:</p>
|
||||
<pre><code>[mysqld]
|
||||
max_connections = 1024
|
||||
</code></pre>
|
||||
|
||||
<h3 id="nginx">Nginx</h3>
|
||||
<ul>
|
||||
<li>
|
||||
<p><code>/opt/iredmail/custom/nginx/custom.sh</code>:</p>
|
||||
<ul>
|
||||
<li>a bash shell script for advanced customization. This file will be executed
|
||||
every time iRedMail cloud platform deploys / upgrades the Nginx component.</li>
|
||||
</ul>
|
||||
<p>A sample usage: Nginx doesn't support override existing settings by
|
||||
same parameter from another config file, so you can use <code>rm</code> command in
|
||||
this file (<code>custom.sh</code>) to remove the config file generated by iRedMail
|
||||
cloud platform.</p>
|
||||
</li>
|
||||
<li>
|
||||
<p><code>/opt/iredmail/custom/nginx/conf-enabled</code>: additional Nginx global settings used inside <code>http {}</code> block.</p>
|
||||
<ul>
|
||||
<li>If you want to override a parameter which is already defined in
|
||||
<code>/etc/nginx/conf-enabled/</code>, please update <code>/opt/iredmail/custom/nginx/custom.sh</code>
|
||||
to remove file under <code>/etc/nginx/conf-enabled/</code> first, then write your
|
||||
own config file under <code>/opt/iredmail/custom/nginx/conf-enabled/</code> to set
|
||||
a proper value.</li>
|
||||
</ul>
|
||||
</li>
|
||||
<li>
|
||||
<p><code>/opt/iredmail/custom/nginx/sites-conf.d/default-ssl/</code>: additional settings for default https website (inside the <code>server {}</code> block).</p>
|
||||
</li>
|
||||
<li><code>/opt/iredmail/custom/nginx/sites-enabled/</code>: additional virtual web hosts.</li>
|
||||
</ul>
|
||||
<h4 id="directory-structure">Directory Structure</h4>
|
||||
<p>iRedMail uses the directory structure recommended by Debian/Ubuntu:</p>
|
||||
<pre><code>/etc/nginx/ # all config files
|
||||
|
||||
|- conf-available/ # store settings used inside Nginx `http {}` block.
|
||||
# Note: files under this directory are NOT
|
||||
# loaded by Nginx directly.
|
||||
|
||||
|- conf-enabled/ # symbol links to files under `conf-available/`.
|
||||
# Note: files under this directory are
|
||||
# loaded by Nginx directly.
|
||||
|
||||
|- sites-available/ # store virtual web host config files.
|
||||
# Note: files under this directory are NOT
|
||||
# loaded by Nginx directly.
|
||||
|
||||
|- sites-enabled/ # symbol links to files under `sites-available/`.
|
||||
# Note: files under this directory are
|
||||
# loaded by Nginx directly.
|
||||
|
||||
|- sites-conf.d/
|
||||
|- default-ssl/ # modular config files used by default
|
||||
# virtual web host.
|
||||
|
||||
/opt/iredmail/custom/nginx/ # all custom config files.
|
||||
|- conf-available/
|
||||
|- conf-enabled/
|
||||
|- sites-available/
|
||||
|- sites-enabled/
|
||||
|- custom.sh # shell script used for advanced customization
|
||||
</code></pre>
|
||||
|
||||
<h3 id="postfix">Postfix</h3>
|
||||
<p>Postfix doesn't support loading settings from multiple files.</p>
|
||||
<ul>
|
||||
<li><code>/opt/iredmail/custom/postfix/main.cf</code>: If this file exists, <code>/etc/postfix/main.cf</code> will be a symbol link to this file.</li>
|
||||
<li><code>/opt/iredmail/custom/postfix/master.cf</code>: If this file exists, <code>/etc/postfix/master.cf</code> will be a symbol link to this file.</li>
|
||||
<li><code>/opt/iredmail/custom/postfix/custom.sh</code>: a bash shell script for advanced customization</li>
|
||||
<li><code>/opt/iredmail/custom/postfix/helo_access.pcre</code></li>
|
||||
<li><code>/opt/iredmail/custom/postfix/postscreen_access.cidr</code></li>
|
||||
</ul>
|
||||
<h3 id="dovecot">Dovecot</h3>
|
||||
<p>Dovecot supports loading from mulitple config files, and settings will be
|
||||
overrode by the last one.</p>
|
||||
<ul>
|
||||
<li><code>/opt/iredmail/custom/dovecot/conf-enabled/</code>: store custom Dovecot settings.</li>
|
||||
<li><code>/opt/iredmail/custom/dovecot/custom.sh</code>: a bash shell script used for advanced customization</li>
|
||||
</ul>
|
||||
<h3 id="roundcube">Roundcube</h3>
|
||||
<ul>
|
||||
<li><code>/opt/iredmail/custom/roundcube/custom.inc.php</code>.</li>
|
||||
</ul>
|
||||
<p>All your custom settings should be placed in this file, and do <strong>NOT</strong>
|
||||
touch main config file <code>/opt/www/roundcubemail/config/config.inc.php</code>.</p>
|
||||
<ul>
|
||||
<li>
|
||||
<p><code>/opt/iredmail/custom/roundcube/plugins/</code>: all third-party / custom
|
||||
plugins should be placed under this directory. Plugins will be linked
|
||||
to <code>/opt/www/roundcubemail/plugins/</code> automatically.</p>
|
||||
</li>
|
||||
<li>
|
||||
<p><code>/opt/iredmail/custom/roundcube/skins/</code>: all third-party / custom
|
||||
skins should be placed under this directory. Skins will be linked
|
||||
to <code>/opt/www/roundcubemail/skins/</code> automatically.</p>
|
||||
</li>
|
||||
</ul>
|
||||
<h3 id="sogo">SOGo</h3>
|
||||
<ul>
|
||||
<li><code>/opt/iredmail/custom/sogo/sogo.conf</code>: If this file exists, <code>/etc/sogo/sogo.conf</code> will be a symbol link to this file.</li>
|
||||
<li>
|
||||
<p><code>/opt/iredmail/custom/sogo/custom.sh</code>: a bash shell script for advanced customization</p>
|
||||
<p>Currently SOGo doesn’t support <code>include</code> directive to load config
|
||||
from multiple files, so you can either maintain your own SOGo config
|
||||
file (<code>/opt/iredmail/custom/sogo/sogo.conf</code>) or use the <code>custom.sh</code>
|
||||
shell script to do even more complex customization.</p>
|
||||
</li>
|
||||
</ul>
|
||||
<h3 id="iredapd">iRedAPD</h3>
|
||||
<ul>
|
||||
<li><code>/opt/iredmail/custom/iredapd/settings.py</code>. It will be linked to <code>/opt/www/iredapd/custom_settings.py</code> also.</li>
|
||||
</ul>
|
||||
<h3 id="iredadmin">iRedAdmin</h3>
|
||||
<ul>
|
||||
<li><code>/opt/iredmail/custom/iredadmin/settings.py</code>. it will be linked to <code>/opt/www/iredadmin/custom_settings.py</code> also.</li>
|
||||
</ul>
|
||||
<h3 id="amavisd">Amavisd</h3>
|
||||
<ul>
|
||||
<li><code>/opt/iredmail/custom/amavisd/amavisd.conf</code></li>
|
||||
</ul>
|
||||
<h3 id="fail2ban">Fail2ban</h3>
|
||||
<ul>
|
||||
<li><code>/opt/iredmail/custom/fail2ban/jail.local</code>: used to override settings in
|
||||
<code>[DEFAULT]</code> section of main fail2ban config file. For example, <code>maxretry</code>, <code>findtime</code>, <code>bantime</code>,
|
||||
<code>ignoreip</code>.</li>
|
||||
<li><code>/opt/iredmail/custom/dovecot/custom.sh</code>: used for advanced customization.
|
||||
for example, if you have some new jails, you can write jail config files under
|
||||
<code>/opt/iredmail/custom/fail2ban/</code> too (you're free to create sub-folder to
|
||||
store the jail config files), then use <code>custom.sh</code> to create symbol link
|
||||
of jails you want to enable under <code>/etc/fail2ban/jail.d/</code>.</li>
|
||||
</ul><div class="footer">
|
||||
<p style="text-align: center; color: grey;">All documents are available in <a href="https://bitbucket.org/zhb/iredmail-docs/src">BitBucket repository</a>, and published under <a href="http://creativecommons.org/licenses/by-nd/3.0/us/" target="_blank">Creative Commons</a> license. You can <a href="https://bitbucket.org/zhb/iredmail-docs/get/tip.tar.bz2">download the latest version</a> for offline reading. If you found something wrong, please do <a href="https://www.iredmail.org/contact.html">contact us</a> to fix it.</p>
|
||||
</div>
|
||||
<!-- Global site tag (gtag.js) - Google Analytics -->
|
||||
<script async src="https://www.googletagmanager.com/gtag/js?id=UA-3293801-21"></script>
|
||||
<script>
|
||||
window.dataLayer = window.dataLayer || [];
|
||||
function gtag(){dataLayer.push(arguments);}
|
||||
gtag('js', new Date());
|
||||
|
||||
gtag('config', 'UA-3293801-21');
|
||||
</script>
|
||||
</body></html>
|
|
@ -83,6 +83,7 @@
|
|||
</ul>
|
||||
<h3 id="iredmail-cloud-deployment-platform">iRedMail Cloud Deployment Platform</h3>
|
||||
<ul>
|
||||
<li><a href="cloud-platform.best.practice.html">Best Practice</a></li>
|
||||
<li><a href="cloud-platform.setup.sudo.html">Setup sudo for cloud deployment</a></li>
|
||||
<li><a href="cloud-platform.what.is.ssh.jump.server.html">What is SSH jump server</a></li>
|
||||
<li><a href="cloud.platform.changelog.html">Release Notes of iRedMail Cloud Platform</a></li>
|
||||
|
|
Loading…
Reference in New Issue