161 lines
7 KiB
Markdown
161 lines
7 KiB
Markdown
# Best Practice
|
||
|
||
[TOC]
|
||
|
||
iRedMail cloud deployment platform maintains core config files,
|
||
it's normal that you want to override some settings in default setup, please
|
||
follow some simple rules to store your custom settings, and do not modify the
|
||
core config files managed by iRedMail cloud platform.
|
||
|
||
* If software supports loading settings from multiple config files, you can
|
||
write your own config file under `/opt/iredmail/custom/<software-name>/`
|
||
without touching its core config files under `/etc/`. For example, Dovecot,
|
||
MariaDB, Roundcube, etc.
|
||
* If software does not support loading settings from multiple config files,
|
||
you may need to apply your own settings by running commands to modify
|
||
config files under `/etc/` directly. For example, Postfix (use `postconf`
|
||
command). Commands can be written in file
|
||
`/opt/iredmail/custom/postfix/custom.sh`, it's ran by iRedMail cloud
|
||
deployment platform each time it deploys or upgrades this software.
|
||
* If software doesn't support overriding existing settings, you may need to
|
||
remove existing config file first, then write your own config file with new
|
||
setting. for example, Nginx. In this case, you need to update
|
||
`/opt/iredmail/custom/nginx/custom.sh` to remove config file first, then
|
||
write your own config files under `/opt/iredmail/custom/nginx/`.
|
||
|
||
### MariaDB
|
||
|
||
- `/opt/iredmail/custom/mysql/`:
|
||
- All files end with `.cnf` will be loaded by Mariadb.
|
||
- It will override existing settings defined in files under `/etc/mysql/`.
|
||
|
||
Sample config file, `/opt/iredmail/custom/mysql/custom.conf`:
|
||
|
||
```
|
||
[mysqld]
|
||
max_connections = 1024
|
||
```
|
||
|
||
### Nginx
|
||
|
||
- `/opt/iredmail/custom/nginx/custom.sh`:
|
||
- a bash shell script for advanced customization. This file will be executed
|
||
every time iRedMail cloud platform deploys / upgrades the Nginx component.
|
||
|
||
For example, Nginx doesn't support override existing settings by
|
||
loading same parameter from another config file, in this case you should
|
||
run `rm` command in this file (`custom.sh`) to remove existing config
|
||
file generated by iRedMail cloud platform and store custom settings in
|
||
another file.
|
||
|
||
- `/opt/iredmail/custom/nginx/conf-enabled/`: additional Nginx global settings used inside `http {}` block.
|
||
- If you want to override a parameter which is already defined in
|
||
`/etc/nginx/conf-enabled/`, please update `/opt/iredmail/custom/nginx/custom.sh`
|
||
to remove file under `/etc/nginx/conf-enabled/` first, then write your
|
||
own config file under `/opt/iredmail/custom/nginx/conf-enabled/` to set
|
||
a proper value.
|
||
|
||
- `/opt/iredmail/custom/nginx/sites-conf.d/default-ssl/`: additional settings for default https website (inside the `server {}` block).
|
||
- `/opt/iredmail/custom/nginx/sites-enabled/`: additional virtual web hosts.
|
||
|
||
#### Directory Structure
|
||
|
||
iRedMail uses the directory structure recommended by Debian/Ubuntu:
|
||
|
||
```
|
||
/etc/nginx/ # all config files
|
||
|
||
|- conf-available/ # store settings used inside Nginx `http {}` block.
|
||
# Note: files under this directory are NOT
|
||
# loaded by Nginx directly.
|
||
|
||
|- conf-enabled/ # symbol links to files under `conf-available/`.
|
||
# Note: files under this directory are
|
||
# loaded by Nginx directly.
|
||
|
||
|- sites-available/ # store virtual web host config files.
|
||
# Note: files under this directory are NOT
|
||
# loaded by Nginx directly.
|
||
|
||
|- sites-enabled/ # symbol links to files under `sites-available/`.
|
||
# Note: files under this directory are
|
||
# loaded by Nginx directly.
|
||
|
||
|- sites-conf.d/
|
||
|- default-ssl/ # modular config files used by default
|
||
# virtual web host.
|
||
|
||
/opt/iredmail/custom/nginx/ # all custom config files.
|
||
|- conf-available/
|
||
|- conf-enabled/
|
||
|- sites-available/
|
||
|- sites-enabled/
|
||
|- custom.sh # shell script used for advanced customization
|
||
```
|
||
|
||
### Postfix
|
||
|
||
Postfix doesn't support loading settings from multiple files.
|
||
|
||
- `/opt/iredmail/custom/postfix/main.cf`: If this file exists, `/etc/postfix/main.cf` will be a symbol link to this file.
|
||
- `/opt/iredmail/custom/postfix/master.cf`: If this file exists, `/etc/postfix/master.cf` will be a symbol link to this file.
|
||
- `/opt/iredmail/custom/postfix/custom.sh`: a bash shell script for advanced customization
|
||
- `/opt/iredmail/custom/postfix/helo_access.pcre`
|
||
- `/opt/iredmail/custom/postfix/postscreen_access.cidr`
|
||
|
||
### Dovecot
|
||
|
||
Dovecot supports loading from mulitple config files, and settings will be
|
||
overrode by the last one.
|
||
|
||
- `/opt/iredmail/custom/dovecot/conf-enabled/`: store custom Dovecot settings.
|
||
- `/opt/iredmail/custom/dovecot/custom.sh`: a bash shell script used for advanced customization
|
||
|
||
### Roundcube
|
||
|
||
- `/opt/iredmail/custom/roundcube/custom.inc.php`.
|
||
|
||
All your custom settings should be placed in this file, and do __NOT__
|
||
touch main config file `/opt/www/roundcubemail/config/config.inc.php`.
|
||
|
||
- `/opt/iredmail/custom/roundcube/plugins/`: all third-party / custom
|
||
plugins should be placed under this directory. Plugins will be linked
|
||
to `/opt/www/roundcubemail/plugins/` automatically.
|
||
|
||
- `/opt/iredmail/custom/roundcube/skins/`: all third-party / custom
|
||
skins should be placed under this directory. Skins will be linked
|
||
to `/opt/www/roundcubemail/skins/` automatically.
|
||
|
||
### SOGo
|
||
|
||
- `/opt/iredmail/custom/sogo/sogo.conf`: If this file exists, `/etc/sogo/sogo.conf` will be a symbol link to this file.
|
||
- `/opt/iredmail/custom/sogo/custom.sh`: a bash shell script for advanced customization
|
||
|
||
Currently SOGo doesn’t support `include` directive to load config
|
||
from multiple files, so you can either maintain your own SOGo config
|
||
file (`/opt/iredmail/custom/sogo/sogo.conf`) or use the `custom.sh`
|
||
shell script to do even more complex customization.
|
||
|
||
### iRedAPD
|
||
|
||
- `/opt/iredmail/custom/iredapd/settings.py`. It will be linked to `/opt/www/iredapd/custom_settings.py` also.
|
||
|
||
### iRedAdmin
|
||
|
||
- `/opt/iredmail/custom/iredadmin/settings.py`. it will be linked to `/opt/www/iredadmin/custom_settings.py` also.
|
||
|
||
### Amavisd
|
||
|
||
- `/opt/iredmail/custom/amavisd/amavisd.conf`
|
||
|
||
### Fail2ban
|
||
|
||
- `/opt/iredmail/custom/fail2ban/jail.local`: used to override settings in
|
||
`[DEFAULT]` section of main fail2ban config file. For example, `maxretry`, `findtime`, `bantime`,
|
||
`ignoreip`.
|
||
- `/opt/iredmail/custom/dovecot/custom.sh`: used for advanced customization.
|
||
for example, if you have some new jails, you can write jail config files under
|
||
`/opt/iredmail/custom/fail2ban/` too (you're free to create sub-folder to
|
||
store the jail config files), then use `custom.sh` to create symbol link
|
||
of jails you want to enable under `/etc/fail2ban/jail.d/`.
|