214 lines
10 KiB
HTML
214 lines
10 KiB
HTML
<!DOCTYPE html>
|
||
<html>
|
||
<head>
|
||
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
|
||
<title>Best Practice</title>
|
||
<link rel="stylesheet" type="text/css" href="./css/markdown.css" />
|
||
</head>
|
||
<body>
|
||
|
||
<div id="navigation">
|
||
<a href="https://www.iredmail.org" target="_blank">
|
||
<img alt="iRedMail web site"
|
||
src="./images/logo-iredmail.png"
|
||
style="vertical-align: middle; height: 30px;"
|
||
/>
|
||
<span>iRedMail</span>
|
||
</a>
|
||
// <a href="./index.html">Document Index</a></div><h1 id="best-practice">Best Practice</h1>
|
||
<div class="toc">
|
||
<ul>
|
||
<li><a href="#best-practice">Best Practice</a><ul>
|
||
<li><a href="#mariadb">MariaDB</a></li>
|
||
<li><a href="#nginx">Nginx</a><ul>
|
||
<li><a href="#directory-structure">Directory Structure</a></li>
|
||
</ul>
|
||
</li>
|
||
<li><a href="#postfix">Postfix</a></li>
|
||
<li><a href="#dovecot">Dovecot</a></li>
|
||
<li><a href="#roundcube">Roundcube</a></li>
|
||
<li><a href="#sogo">SOGo</a></li>
|
||
<li><a href="#iredapd">iRedAPD</a></li>
|
||
<li><a href="#iredadmin">iRedAdmin</a></li>
|
||
<li><a href="#amavisd">Amavisd</a></li>
|
||
<li><a href="#fail2ban">Fail2ban</a></li>
|
||
</ul>
|
||
</li>
|
||
</ul>
|
||
</div>
|
||
<p>iRedMail cloud deployment platform maintains core config files,
|
||
it's normal that you want to override some settings in default setup, please
|
||
follow some simple rules to store your custom settings, and do not modify the
|
||
core config files managed by iRedMail cloud platform. This is the key to
|
||
achieve fear-less upgrade.</p>
|
||
<ul>
|
||
<li>If software supports loading settings from multiple config files, you can
|
||
write your own config file under <code>/opt/iredmail/custom/<software-name>/</code>
|
||
without touching its core config files under <code>/etc/</code>. For example, Dovecot,
|
||
MariaDB, Roundcube, etc.</li>
|
||
<li>If software does not support loading settings from multiple config files,
|
||
you may need to apply your own settings by running commands to modify
|
||
config files under <code>/etc/</code> directly. For example, Postfix (use <code>postconf</code>
|
||
command). Commands can be written in file
|
||
<code>/opt/iredmail/custom/postfix/custom.sh</code>, it's ran by iRedMail cloud
|
||
deployment platform each time it deploys or upgrades this software.</li>
|
||
<li>If software doesn't support overriding existing settings, you may need to
|
||
remove existing config file first, then write your own config file with new
|
||
setting. for example, Nginx. In this case, you need to update
|
||
<code>/opt/iredmail/custom/nginx/custom.sh</code> to remove config file first, then
|
||
write your own config files under <code>/opt/iredmail/custom/nginx/</code>.</li>
|
||
</ul>
|
||
<h3 id="mariadb">MariaDB</h3>
|
||
<ul>
|
||
<li><code>/opt/iredmail/custom/mysql/</code>:<ul>
|
||
<li>All files end with <code>.cnf</code> will be loaded by Mariadb.</li>
|
||
<li>It will override existing settings defined in files under <code>/etc/mysql/</code>.</li>
|
||
</ul>
|
||
</li>
|
||
</ul>
|
||
<p>Sample config file, <code>/opt/iredmail/custom/mysql/custom.conf</code>:</p>
|
||
<pre><code>[mysqld]
|
||
max_connections = 1024
|
||
</code></pre>
|
||
|
||
<h3 id="nginx">Nginx</h3>
|
||
<ul>
|
||
<li>
|
||
<p><code>/opt/iredmail/custom/nginx/custom.sh</code>:</p>
|
||
<ul>
|
||
<li>a bash shell script for advanced customization. This file will be executed
|
||
every time iRedMail cloud platform deploys / upgrades the Nginx component.</li>
|
||
</ul>
|
||
<p>For example, Nginx doesn't support override existing settings by
|
||
loading same parameter from another config file, in this case you should
|
||
run <code>rm</code> command in this file (<code>custom.sh</code>) to remove existing config
|
||
file generated by iRedMail cloud platform and store custom settings in
|
||
another file.</p>
|
||
</li>
|
||
<li>
|
||
<p><code>/opt/iredmail/custom/nginx/conf-enabled/</code>: additional Nginx global settings used inside <code>http {}</code> block.</p>
|
||
<ul>
|
||
<li>If you want to override a parameter which is already defined in
|
||
<code>/etc/nginx/conf-enabled/</code>, please update <code>/opt/iredmail/custom/nginx/custom.sh</code>
|
||
to remove file under <code>/etc/nginx/conf-enabled/</code> first, then write your
|
||
own config file under <code>/opt/iredmail/custom/nginx/conf-enabled/</code> to set
|
||
a proper value.</li>
|
||
</ul>
|
||
</li>
|
||
<li>
|
||
<p><code>/opt/iredmail/custom/nginx/sites-conf.d/default-ssl/</code>: additional settings for default https website (inside the <code>server {}</code> block).</p>
|
||
</li>
|
||
<li><code>/opt/iredmail/custom/nginx/sites-enabled/</code>: additional virtual web hosts.</li>
|
||
</ul>
|
||
<h4 id="directory-structure">Directory Structure</h4>
|
||
<p>iRedMail uses the directory structure recommended by Debian/Ubuntu:</p>
|
||
<pre><code>/etc/nginx/ # all config files
|
||
|
||
|- conf-available/ # store settings used inside Nginx `http {}` block.
|
||
# Note: files under this directory are NOT
|
||
# loaded by Nginx directly.
|
||
|
||
|- conf-enabled/ # symbol links to files under `conf-available/`.
|
||
# Note: files under this directory are
|
||
# loaded by Nginx directly.
|
||
|
||
|- sites-available/ # store virtual web host config files.
|
||
# Note: files under this directory are NOT
|
||
# loaded by Nginx directly.
|
||
|
||
|- sites-enabled/ # symbol links to files under `sites-available/`.
|
||
# Note: files under this directory are
|
||
# loaded by Nginx directly.
|
||
|
||
|- sites-conf.d/
|
||
|- default-ssl/ # modular config files used by default
|
||
# virtual web host.
|
||
|
||
/opt/iredmail/custom/nginx/ # all custom config files.
|
||
|- conf-available/
|
||
|- conf-enabled/
|
||
|- sites-available/
|
||
|- sites-enabled/
|
||
|- custom.sh # shell script used for advanced customization
|
||
</code></pre>
|
||
|
||
<h3 id="postfix">Postfix</h3>
|
||
<p>Postfix doesn't support loading settings from multiple files.</p>
|
||
<ul>
|
||
<li><code>/opt/iredmail/custom/postfix/main.cf</code>: If this file exists, <code>/etc/postfix/main.cf</code> will be a symbol link to this file.</li>
|
||
<li><code>/opt/iredmail/custom/postfix/master.cf</code>: If this file exists, <code>/etc/postfix/master.cf</code> will be a symbol link to this file.</li>
|
||
<li><code>/opt/iredmail/custom/postfix/custom.sh</code>: a bash shell script for advanced customization</li>
|
||
<li><code>/opt/iredmail/custom/postfix/helo_access.pcre</code></li>
|
||
<li><code>/opt/iredmail/custom/postfix/postscreen_access.cidr</code></li>
|
||
</ul>
|
||
<h3 id="dovecot">Dovecot</h3>
|
||
<p>Dovecot supports loading from mulitple config files, and settings will be
|
||
overrode by the last one.</p>
|
||
<ul>
|
||
<li><code>/opt/iredmail/custom/dovecot/conf-enabled/</code>: store custom Dovecot settings.</li>
|
||
<li><code>/opt/iredmail/custom/dovecot/custom.sh</code>: a bash shell script used for advanced customization</li>
|
||
</ul>
|
||
<h3 id="roundcube">Roundcube</h3>
|
||
<ul>
|
||
<li><code>/opt/iredmail/custom/roundcube/custom.inc.php</code>.</li>
|
||
</ul>
|
||
<p>All your custom settings should be placed in this file, and do <strong>NOT</strong>
|
||
touch main config file <code>/opt/www/roundcubemail/config/config.inc.php</code>.</p>
|
||
<ul>
|
||
<li>
|
||
<p><code>/opt/iredmail/custom/roundcube/plugins/</code>: all third-party / custom
|
||
plugins should be placed under this directory. Plugins will be linked
|
||
to <code>/opt/www/roundcubemail/plugins/</code> automatically.</p>
|
||
</li>
|
||
<li>
|
||
<p><code>/opt/iredmail/custom/roundcube/skins/</code>: all third-party / custom
|
||
skins should be placed under this directory. Skins will be linked
|
||
to <code>/opt/www/roundcubemail/skins/</code> automatically.</p>
|
||
</li>
|
||
</ul>
|
||
<h3 id="sogo">SOGo</h3>
|
||
<ul>
|
||
<li><code>/opt/iredmail/custom/sogo/sogo.conf</code>: If this file exists, <code>/etc/sogo/sogo.conf</code> will be a symbol link to this file.</li>
|
||
<li>
|
||
<p><code>/opt/iredmail/custom/sogo/custom.sh</code>: a bash shell script for advanced customization</p>
|
||
<p>Currently SOGo doesn’t support <code>include</code> directive to load config
|
||
from multiple files, so you can either maintain your own SOGo config
|
||
file (<code>/opt/iredmail/custom/sogo/sogo.conf</code>) or use the <code>custom.sh</code>
|
||
shell script to do even more complex customization.</p>
|
||
</li>
|
||
</ul>
|
||
<h3 id="iredapd">iRedAPD</h3>
|
||
<ul>
|
||
<li><code>/opt/iredmail/custom/iredapd/settings.py</code>. It will be linked to <code>/opt/www/iredapd/custom_settings.py</code> also.</li>
|
||
</ul>
|
||
<h3 id="iredadmin">iRedAdmin</h3>
|
||
<ul>
|
||
<li><code>/opt/iredmail/custom/iredadmin/settings.py</code>. it will be linked to <code>/opt/www/iredadmin/custom_settings.py</code> also.</li>
|
||
</ul>
|
||
<h3 id="amavisd">Amavisd</h3>
|
||
<ul>
|
||
<li><code>/opt/iredmail/custom/amavisd/amavisd.conf</code></li>
|
||
</ul>
|
||
<h3 id="fail2ban">Fail2ban</h3>
|
||
<ul>
|
||
<li><code>/opt/iredmail/custom/fail2ban/jail.local</code>: used to override settings in
|
||
<code>[DEFAULT]</code> section of main fail2ban config file. For example, <code>maxretry</code>, <code>findtime</code>, <code>bantime</code>,
|
||
<code>ignoreip</code>.</li>
|
||
<li><code>/opt/iredmail/custom/dovecot/custom.sh</code>: used for advanced customization.
|
||
for example, if you have some new jails, you can write jail config files under
|
||
<code>/opt/iredmail/custom/fail2ban/</code> too (you're free to create sub-folder to
|
||
store the jail config files), then use <code>custom.sh</code> to create symbol link
|
||
of jails you want to enable under <code>/etc/fail2ban/jail.d/</code>.</li>
|
||
</ul><div class="footer">
|
||
<p style="text-align: center; color: grey;">All documents are available in <a href="https://bitbucket.org/zhb/iredmail-docs/src">BitBucket repository</a>, and published under <a href="http://creativecommons.org/licenses/by-nd/3.0/us/" target="_blank">Creative Commons</a> license. You can <a href="https://bitbucket.org/zhb/iredmail-docs/get/tip.tar.bz2">download the latest version</a> for offline reading. If you found something wrong, please do <a href="https://www.iredmail.org/contact.html">contact us</a> to fix it.</p>
|
||
</div>
|
||
<!-- Global site tag (gtag.js) - Google Analytics -->
|
||
<script async src="https://www.googletagmanager.com/gtag/js?id=UA-3293801-21"></script>
|
||
<script>
|
||
window.dataLayer = window.dataLayer || [];
|
||
function gtag(){dataLayer.push(arguments);}
|
||
gtag('js', new Date());
|
||
|
||
gtag('config', 'UA-3293801-21');
|
||
</script>
|
||
</body></html> |