# Best Practice [TOC] iRedMail Easy (the deployment and support platform) maintains core config files, it's normal that you want to override some settings in default setup, please follow some simple rules to store your custom settings, and do not modify the core config files managed by iRedMail Easy. This is the key to achieve fear-less upgrade. * If software supports loading settings from multiple config files, you can write your own config file under `/opt/iredmail/custom//` without touching its core config files under `/etc/`. For example, Dovecot, MariaDB, Roundcube, etc. * If software does not support loading settings from multiple config files, you may need to apply your own settings by running commands to modify config files under `/etc/` directly. For example, Postfix (use `postconf` command). Commands can be written in file `/opt/iredmail/custom/postfix/custom.sh`, it's ran by iRedMail Easy each time it deploys or upgrades this software. * If software doesn't support overriding existing settings, you may need to remove existing config file first, then write your own config file with new setting. for example, Nginx. In this case, you need to update `/opt/iredmail/custom/nginx/custom.sh` to remove config file first, then write your own config files under `/opt/iredmail/custom/nginx/`. ### MariaDB - `/opt/iredmail/custom/mysql/`: - All files end with `.cnf` will be loaded by Mariadb. - It will override existing settings defined in files under `/etc/mysql/`. Sample config file, `/opt/iredmail/custom/mysql/custom.conf`: ``` [mysqld] max_connections = 1024 ``` ### Nginx - `/opt/iredmail/custom/nginx/custom.sh`: - a bash shell script for advanced customization. This file will be executed every time iRedMail Easy deploys / upgrades the Nginx component. For example, Nginx doesn't support override existing settings by loading same parameter from another config file, in this case you should run `rm` command in this file (`custom.sh`) to remove existing config file generated by iRedMail Easy and store custom settings in another file. - `/opt/iredmail/custom/nginx/conf-enabled/`: additional Nginx global settings used inside `http {}` block. - If you want to override a parameter which is already defined in `/etc/nginx/conf-enabled/`, please update `/opt/iredmail/custom/nginx/custom.sh` to remove file under `/etc/nginx/conf-enabled/` first, then write your own config file under `/opt/iredmail/custom/nginx/conf-enabled/` to set a proper value. - `/opt/iredmail/custom/nginx/sites-conf.d/default-ssl/`: additional settings for default https website (inside the `server {}` block). - `/opt/iredmail/custom/nginx/sites-enabled/`: additional virtual web hosts. #### Directory Structure iRedMail uses the directory structure recommended by Debian/Ubuntu: ``` /etc/nginx/ # all config files |- conf-available/ # store settings used inside Nginx `http {}` block. # Note: files under this directory are NOT # loaded by Nginx directly. |- conf-enabled/ # symbol links to files under `conf-available/`. # Note: files under this directory are # loaded by Nginx directly. |- sites-available/ # store virtual web host config files. # Note: files under this directory are NOT # loaded by Nginx directly. |- sites-enabled/ # symbol links to files under `sites-available/`. # Note: files under this directory are # loaded by Nginx directly. |- sites-conf.d/ |- default-ssl/ # modular config files used by default # virtual web host. /opt/iredmail/custom/nginx/ # all custom config files. |- conf-available/ |- conf-enabled/ |- sites-available/ |- sites-enabled/ |- custom.sh # shell script used for advanced customization ``` ### Postfix Postfix doesn't support loading settings from multiple files. - `/opt/iredmail/custom/postfix/main.cf`: If this file exists, `/etc/postfix/main.cf` will be a symbol link to this file. - `/opt/iredmail/custom/postfix/master.cf`: If this file exists, `/etc/postfix/master.cf` will be a symbol link to this file. - `/opt/iredmail/custom/postfix/custom.sh`: a bash shell script for advanced customization - `/opt/iredmail/custom/postfix/helo_access.pcre` - `/opt/iredmail/custom/postfix/postscreen_access.cidr` ### Dovecot Dovecot supports loading from mulitple config files, and settings will be overrode by the last one. - `/opt/iredmail/custom/dovecot/conf-enabled/`: store custom Dovecot settings. - `/opt/iredmail/custom/dovecot/custom.sh`: a bash shell script used for advanced customization ### Roundcube - `/opt/iredmail/custom/roundcube/custom.inc.php`. All your custom settings should be placed in this file, and do __NOT__ touch main config file `/opt/www/roundcubemail/config/config.inc.php`. - `/opt/iredmail/custom/roundcube/plugins/`: all third-party / custom plugins should be placed under this directory. Plugins will be linked to `/opt/www/roundcubemail/plugins/` automatically. - `/opt/iredmail/custom/roundcube/skins/`: all third-party / custom skins should be placed under this directory. Skins will be linked to `/opt/www/roundcubemail/skins/` automatically. ### SOGo - `/opt/iredmail/custom/sogo/sogo.conf`: If this file exists, `/etc/sogo/sogo.conf` will be a symbol link to this file. - `/opt/iredmail/custom/sogo/custom.sh`: a bash shell script for advanced customization Currently SOGo doesn’t support `include` directive to load config from multiple files, so you can either maintain your own SOGo config file (`/opt/iredmail/custom/sogo/sogo.conf`) or use the `custom.sh` shell script to do even more complex customization. ### iRedAPD - `/opt/iredmail/custom/iredapd/settings.py`. It will be linked to `/opt/www/iredapd/custom_settings.py` also. ### iRedAdmin - `/opt/iredmail/custom/iredadmin/settings.py`. it will be linked to `/opt/www/iredadmin/custom_settings.py` also. ### Amavisd - `/opt/iredmail/custom/amavisd/amavisd.conf` ### Fail2ban - `/opt/iredmail/custom/fail2ban/jail.local`: used to override settings in `[DEFAULT]` section of main fail2ban config file. For example, `maxretry`, `findtime`, `bantime`, `ignoreip`. - `/opt/iredmail/custom/dovecot/custom.sh`: used for advanced customization. for example, if you have some new jails, you can write jail config files under `/opt/iredmail/custom/fail2ban/` too (you're free to create sub-folder to store the jail config files), then use `custom.sh` to create symbol link of jails you want to enable under `/etc/fail2ban/jail.d/`.