Draft: upgrade.iredmail.1.4.2-1.4.3.html.
This commit is contained in:
parent
abf7c6834d
commit
7dd5f32038
|
@ -0,0 +1,81 @@
|
|||
# Upgrade iRedMail from 1.4.2 to 1.4.3
|
||||
|
||||
[TOC]
|
||||
|
||||
!!! warning
|
||||
|
||||
This IS A DRAFT DOCUMENT, DO NOT APPLY IT.
|
||||
|
||||
!!! note "Paid Remote Upgrade Support"
|
||||
|
||||
We offer remote upgrade support if you don't want to get your hands dirty,
|
||||
check [the details](https://www.iredmail.org/support.html) and
|
||||
[contact us](https://www.iredmail.org/contact.html).
|
||||
|
||||
## ChangeLog
|
||||
|
||||
## General (All backends should apply these changes)
|
||||
|
||||
### Update `/etc/iredmail-release` with new iRedMail version number
|
||||
|
||||
iRedMail stores the release version in `/etc/iredmail-release` after
|
||||
installation, it's recommended to update this file after you upgraded iRedMail,
|
||||
so that you can know which version of iRedMail you're running. For example:
|
||||
|
||||
```
|
||||
1.4.3
|
||||
```
|
||||
|
||||
### Nginx: several improvements
|
||||
|
||||
!!! attention
|
||||
|
||||
All credit goes to GitHub user
|
||||
[@ludovicandrieux](https://github.com/ludovicandrieux), thanks for the
|
||||
contributions. See also:
|
||||
[#136](https://github.com/iredmail/iRedMail/issues/136),
|
||||
[#137](https://github.com/iredmail/iRedMail/issues/137),
|
||||
[#138](https://github.com/iredmail/iRedMail/issues/138).
|
||||
|
||||
- Enable TLSv1.3. WARNING: It requires Nginx 1.13 or later releases, which is
|
||||
available on:
|
||||
- CentOS 7 and later
|
||||
- Debian 10 and later
|
||||
- FreeBSD
|
||||
- OpenBSD
|
||||
- Greatly improve the performance of http keep-alive connections over SSL by
|
||||
enabling `ssl_session_cache` parameter.
|
||||
- Add new ssl cipher: `EECDH+CHACHA20`. It requires openssl 1.1.0, which is
|
||||
available on:
|
||||
- CentOS 7 and later
|
||||
- Debian 9 and later
|
||||
- FreeBSD
|
||||
- OpenBSD
|
||||
- Remove weak ssl cipher: `AES256+EDH`.
|
||||
|
||||
To apply these changes, please open file `/etc/nginx/templates/ssl.tmpl` with
|
||||
your favourite text editor, then:
|
||||
|
||||
- Append `TLSv1.3` in parameter `ssl_protocols`. For example:
|
||||
|
||||
```
|
||||
ssl_protocols TLSv1.2 TLSv1.3;
|
||||
```
|
||||
|
||||
- Prepend `EECDH+CHACHA20` in parameter `ssl_ciphers`, also remove `AES256+EDH`.
|
||||
For example:
|
||||
|
||||
```
|
||||
ssl_ciphers EECDH+CHACHA20:EECDH+AESGCM:EDH+AESGCM:AES256+EECDH;
|
||||
```
|
||||
|
||||
- Add new parameter `ssl_session_cache` and optional comment lines:
|
||||
|
||||
```
|
||||
# Greatly improve the performance of keep-alive connections over SSL.
|
||||
# With this enabled, client is not necessary to do a full SSL-handshake for
|
||||
# every request, thus saving time and cpu-resources.
|
||||
ssl_session_cache shared:SSL:10m;
|
||||
```
|
||||
|
||||
Restarting Nginx service is required.
|
|
@ -0,0 +1,108 @@
|
|||
<!DOCTYPE html>
|
||||
<html>
|
||||
<head>
|
||||
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
|
||||
<title>Upgrade iRedMail from 1.4.2 to 1.4.3</title>
|
||||
<link rel="stylesheet" type="text/css" href="./css/markdown.css" />
|
||||
</head>
|
||||
<body>
|
||||
|
||||
<div id="navigation">
|
||||
<a href="https://www.iredmail.org" target="_blank">
|
||||
<img alt="iRedMail web site"
|
||||
src="./images/logo-iredmail.png"
|
||||
style="vertical-align: middle; height: 30px;"
|
||||
/>
|
||||
<span>iRedMail</span>
|
||||
</a>
|
||||
// <a href="./index.html">Document Index</a></div><h1 id="upgrade-iredmail-from-142-to-143">Upgrade iRedMail from 1.4.2 to 1.4.3</h1>
|
||||
<div class="toc">
|
||||
<ul>
|
||||
<li><a href="#upgrade-iredmail-from-142-to-143">Upgrade iRedMail from 1.4.2 to 1.4.3</a><ul>
|
||||
<li><a href="#changelog">ChangeLog</a></li>
|
||||
<li><a href="#general-all-backends-should-apply-these-changes">General (All backends should apply these changes)</a><ul>
|
||||
<li><a href="#update-etciredmail-release-with-new-iredmail-version-number">Update /etc/iredmail-release with new iRedMail version number</a></li>
|
||||
<li><a href="#nginx-several-improvements">Nginx: several improvements</a></li>
|
||||
</ul>
|
||||
</li>
|
||||
</ul>
|
||||
</li>
|
||||
</ul>
|
||||
</div>
|
||||
<div class="admonition warning">
|
||||
<p class="admonition-title">Warning</p>
|
||||
<p>This IS A DRAFT DOCUMENT, DO NOT APPLY IT.</p>
|
||||
</div>
|
||||
<div class="admonition note">
|
||||
<p class="admonition-title">Paid Remote Upgrade Support</p>
|
||||
<p>We offer remote upgrade support if you don't want to get your hands dirty,
|
||||
check <a href="https://www.iredmail.org/support.html">the details</a> and
|
||||
<a href="https://www.iredmail.org/contact.html">contact us</a>.</p>
|
||||
</div>
|
||||
<h2 id="changelog">ChangeLog</h2>
|
||||
<h2 id="general-all-backends-should-apply-these-changes">General (All backends should apply these changes)</h2>
|
||||
<h3 id="update-etciredmail-release-with-new-iredmail-version-number">Update <code>/etc/iredmail-release</code> with new iRedMail version number</h3>
|
||||
<p>iRedMail stores the release version in <code>/etc/iredmail-release</code> after
|
||||
installation, it's recommended to update this file after you upgraded iRedMail,
|
||||
so that you can know which version of iRedMail you're running. For example:</p>
|
||||
<pre><code>1.4.3
|
||||
</code></pre>
|
||||
|
||||
<h3 id="nginx-several-improvements">Nginx: several improvements</h3>
|
||||
<div class="admonition attention">
|
||||
<p class="admonition-title">Attention</p>
|
||||
<p>All credit goes to GitHub user
|
||||
<a href="https://github.com/ludovicandrieux">@ludovicandrieux</a>, thanks for the
|
||||
contributions. See also:
|
||||
<a href="https://github.com/iredmail/iRedMail/issues/136">#136</a>,
|
||||
<a href="https://github.com/iredmail/iRedMail/issues/137">#137</a>,
|
||||
<a href="https://github.com/iredmail/iRedMail/issues/138">#138</a>.</p>
|
||||
</div>
|
||||
<ul>
|
||||
<li>Enable TLSv1.3. WARNING: It requires Nginx 1.13 or later releases, which is
|
||||
available on:<ul>
|
||||
<li>CentOS 7 and later</li>
|
||||
<li>Debian 10 and later</li>
|
||||
<li>FreeBSD</li>
|
||||
<li>OpenBSD</li>
|
||||
</ul>
|
||||
</li>
|
||||
<li>Greatly improve the performance of http keep-alive connections over SSL by
|
||||
enabling <code>ssl_session_cache</code> parameter.</li>
|
||||
<li>Add new ssl cipher: <code>EECDH+CHACHA20</code>. It requires openssl 1.1.0, which is
|
||||
available on:<ul>
|
||||
<li>CentOS 7 and later</li>
|
||||
<li>Debian 9 and later</li>
|
||||
<li>FreeBSD</li>
|
||||
<li>OpenBSD</li>
|
||||
</ul>
|
||||
</li>
|
||||
<li>Remove weak ssl cipher: <code>AES256+EDH</code>.</li>
|
||||
</ul>
|
||||
<p>To apply these changes, please open file <code>/etc/nginx/templates/ssl.tmpl</code> with
|
||||
your favourite text editor, then:</p>
|
||||
<ul>
|
||||
<li>Append <code>TLSv1.3</code> in parameter <code>ssl_protocols</code>. For example:</li>
|
||||
</ul>
|
||||
<pre><code>ssl_protocols TLSv1.2 TLSv1.3;
|
||||
</code></pre>
|
||||
|
||||
<ul>
|
||||
<li>Prepend <code>EECDH+CHACHA20</code> in parameter <code>ssl_ciphers</code>, also remove <code>AES256+EDH</code>.
|
||||
For example:</li>
|
||||
</ul>
|
||||
<pre><code>ssl_ciphers EECDH+CHACHA20:EECDH+AESGCM:EDH+AESGCM:AES256+EECDH;
|
||||
</code></pre>
|
||||
|
||||
<ul>
|
||||
<li>Add new parameter <code>ssl_session_cache</code> and optional comment lines:</li>
|
||||
</ul>
|
||||
<pre><code># Greatly improve the performance of keep-alive connections over SSL.
|
||||
# With this enabled, client is not necessary to do a full SSL-handshake for
|
||||
# every request, thus saving time and cpu-resources.
|
||||
ssl_session_cache shared:SSL:10m;
|
||||
</code></pre>
|
||||
|
||||
<p>Restarting Nginx service is required.</p><div class="footer">
|
||||
<p style="text-align: center; color: grey;">All documents are available in <a href="https://github.com/iredmail/docs/">GitHub repository</a>, and published under <a href="http://creativecommons.org/licenses/by-nd/3.0/us/" target="_blank">Creative Commons</a> license. You can <a href="https://github.com/iredmail/docs/archive/master.zip">download the latest version</a> for offline reading. If you found something wrong, please do <a href="https://www.iredmail.org/contact.html">contact us</a> to fix it.</p>
|
||||
</div></body></html>
|
Loading…
Reference in New Issue