elmau
/
iredmail-doc
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
iredmail-doc/en_US/cloud/cloud-best.practice.md

7.1 KiB
Raw Blame History

Best Practice

[TOC]

iRedMail cloud deployment platform maintains core config files, it's normal that you want to override some settings in default setup, please follow some simple rules to store your custom settings, and do not modify the core config files managed by iRedMail cloud platform. This is the key to achieve fear-less upgrade.

  • If software supports loading settings from multiple config files, you can write your own config file under /opt/iredmail/custom/<software-name>/ without touching its core config files under /etc/. For example, Dovecot, MariaDB, Roundcube, etc.
  • If software does not support loading settings from multiple config files, you may need to apply your own settings by running commands to modify config files under /etc/ directly. For example, Postfix (use postconf command). Commands can be written in file /opt/iredmail/custom/postfix/custom.sh, it's ran by iRedMail cloud deployment platform each time it deploys or upgrades this software.
  • If software doesn't support overriding existing settings, you may need to remove existing config file first, then write your own config file with new setting. for example, Nginx. In this case, you need to update /opt/iredmail/custom/nginx/custom.sh to remove config file first, then write your own config files under /opt/iredmail/custom/nginx/.

MariaDB

  • /opt/iredmail/custom/mysql/:
    • All files end with .cnf will be loaded by Mariadb.
    • It will override existing settings defined in files under /etc/mysql/.

Sample config file, /opt/iredmail/custom/mysql/custom.conf:

[mysqld]
max_connections     = 1024

Nginx

  • /opt/iredmail/custom/nginx/custom.sh:

    • a bash shell script for advanced customization. This file will be executed every time iRedMail cloud platform deploys / upgrades the Nginx component.

      For example, Nginx doesn't support override existing settings by loading same parameter from another config file, in this case you should run rm command in this file (custom.sh) to remove existing config file generated by iRedMail cloud platform and store custom settings in another file.

  • /opt/iredmail/custom/nginx/conf-enabled/: additional Nginx global settings used inside http {} block.

    • If you want to override a parameter which is already defined in /etc/nginx/conf-enabled/, please update /opt/iredmail/custom/nginx/custom.sh to remove file under /etc/nginx/conf-enabled/ first, then write your own config file under /opt/iredmail/custom/nginx/conf-enabled/ to set a proper value.

  • /opt/iredmail/custom/nginx/sites-conf.d/default-ssl/: additional settings for default https website (inside the server {} block).

  • /opt/iredmail/custom/nginx/sites-enabled/: additional virtual web hosts.

Directory Structure

iRedMail uses the directory structure recommended by Debian/Ubuntu:

/etc/nginx/                         # all config files

        |- conf-available/          # store settings used inside Nginx `http {}` block.
                                    # Note: files under this directory are NOT
                                    #       loaded by Nginx directly.

        |- conf-enabled/            # symbol links to files under `conf-available/`.
                                    # Note: files under this directory are
                                    #       loaded by Nginx directly.

        |- sites-available/         # store virtual web host config files.
                                    # Note: files under this directory are NOT
                                    #       loaded by Nginx directly.

        |- sites-enabled/           # symbol links to files under `sites-available/`.
                                    # Note: files under this directory are
                                    #       loaded by Nginx directly.

        |- sites-conf.d/
                |- default-ssl/     # modular config files used by default
                                    # virtual web host.

/opt/iredmail/custom/nginx/         # all custom config files.
                        |- conf-available/
                        |- conf-enabled/
                        |- sites-available/
                        |- sites-enabled/
                        |- custom.sh        # shell script used for advanced customization

Postfix

Postfix doesn't support loading settings from multiple files.

  • /opt/iredmail/custom/postfix/main.cf: If this file exists, /etc/postfix/main.cf will be a symbol link to this file.
  • /opt/iredmail/custom/postfix/master.cf: If this file exists, /etc/postfix/master.cf will be a symbol link to this file.
  • /opt/iredmail/custom/postfix/custom.sh: a bash shell script for advanced customization
  • /opt/iredmail/custom/postfix/helo_access.pcre
  • /opt/iredmail/custom/postfix/postscreen_access.cidr

Dovecot

Dovecot supports loading from mulitple config files, and settings will be overrode by the last one.

  • /opt/iredmail/custom/dovecot/conf-enabled/: store custom Dovecot settings.
  • /opt/iredmail/custom/dovecot/custom.sh: a bash shell script used for advanced customization

Roundcube

  • /opt/iredmail/custom/roundcube/custom.inc.php.

    All your custom settings should be placed in this file, and do NOT touch main config file /opt/www/roundcubemail/config/config.inc.php.

  • /opt/iredmail/custom/roundcube/plugins/: all third-party / custom plugins should be placed under this directory. Plugins will be linked to /opt/www/roundcubemail/plugins/ automatically.

  • /opt/iredmail/custom/roundcube/skins/: all third-party / custom skins should be placed under this directory. Skins will be linked to /opt/www/roundcubemail/skins/ automatically.

SOGo

  • /opt/iredmail/custom/sogo/sogo.conf: If this file exists, /etc/sogo/sogo.conf will be a symbol link to this file.

  • /opt/iredmail/custom/sogo/custom.sh: a bash shell script for advanced customization

    Currently SOGo doesnt support include directive to load config from multiple files, so you can either maintain your own SOGo config file (/opt/iredmail/custom/sogo/sogo.conf) or use the custom.sh shell script to do even more complex customization.

iRedAPD

  • /opt/iredmail/custom/iredapd/settings.py. It will be linked to /opt/www/iredapd/custom_settings.py also.

iRedAdmin

  • /opt/iredmail/custom/iredadmin/settings.py. it will be linked to /opt/www/iredadmin/custom_settings.py also.

Amavisd

  • /opt/iredmail/custom/amavisd/amavisd.conf

Fail2ban

  • /opt/iredmail/custom/fail2ban/jail.local: used to override settings in [DEFAULT] section of main fail2ban config file. For example, maxretry, findtime, bantime, ignoreip.
  • /opt/iredmail/custom/dovecot/custom.sh: used for advanced customization. for example, if you have some new jails, you can write jail config files under /opt/iredmail/custom/fail2ban/ too (you're free to create sub-folder to store the jail config files), then use custom.sh to create symbol link of jails you want to enable under /etc/fail2ban/jail.d/.