Vesta CP
(→exim/spamassassin) |
Hja (Diskussion | Beiträge) (→Notes) |
||
Zeile 85: | Zeile 85: | ||
Monitoring: | Monitoring: | ||
http://www.librenms.org | http://www.librenms.org | ||
+ | |||
+ | Global dhparam: | ||
+ | Path: /etc/ssl/certs/dhparam.pem | ||
+ | openssl dhparam -out dhparam.pem 4096 | ||
+ | |||
</pre> | </pre> | ||
Zeile 135: | Zeile 140: | ||
v-add-web-domain-ftp user2 user2.ch ftp mnag2017 | v-add-web-domain-ftp user2 user2.ch ftp mnag2017 | ||
</pre> | </pre> | ||
+ | |||
= exim/spamassassin = | = exim/spamassassin = | ||
http://lists.merlins.org/archives/sa-exim/2003-July/000511.html | http://lists.merlins.org/archives/sa-exim/2003-July/000511.html |
Version vom 11. Mai 2017, 14:33 Uhr
Inhaltsverzeichnis |
Default vhost templates
Templates can be found in the /usr/local/vesta/data/templates/ directory. Feel free to modify or copy them to create new custom templates. After modifying existing template you need to rebuild user configuration. This can be done using v-rebuild-user command or bulk operation in the web interface (drop down list on a "User" page).
Apache
- default - no additional settings, works well for most sites
- basedir - to fight against phpshells using openbasedir directive
- hosting - separate php limits for each domain (php_admin_value memory/safemode/etc)
- phpcgi - template to run php as cgi. can be useful to run php4 or php5.2
- phpfcgid - to php as fcgi (automatically installed on a server with > 1Gb of RAM)
- wsgi - template to run python projects (can be installed manually)
Apache template actually consists of three files. File with tpl extension is used to build usual virtual host. File with stpl extension is used to build SSL vhost. File with sh extension is optional. It can be used as trigger to run additional shell commands on domain creation. For details see phpfcgid.sh template
Nginx
- default - serves static content, works well for most sites
- hosting - disable_symlinks directive to protect from symlink attacks
- сaching - dynamic pages are cached for 15 min to handle spontaneous traffic aka reddit-effect
- force-https - force users to https/SSL (can be installed manually)
DNS
- default - general dns records
- gmail - predefined records to host mail on google app
- child-ns - template for vanity name servers
Default locations data customers
Hosting data:
- /home/$user/web
- /home/$user/web/$domain1.ch
- /home/$user/web/$domain2.ch
- /home/$user/web/$domain1.ch/cgi-bin
- /home/$user/web/$domain1.ch/document_errors
- /home/$user/web/$domain1.ch/logs
- /home/$user/web/$domain1.ch/private
- /home/$user/web/$domain1.ch/public_html
- /home/$user/web/$domain1.ch/public_shtml
- /home/$user/web/$domain1.ch/stats
Mail data:
- /home/$user/mail
- /home/$user/mail/$domain1.ch
- /home/$user/mail/$domain2.ch
- /home/$user/mail/$domain1.ch/$alias
- /home/$user/mail/$domain1.ch/$alias/cur
- /home/$user/mail/$domain1.ch/$alias/new
- /home/$user/mail/$domain1.ch/$alias/.Spam
Database data:
- /var/lib/mysql/$db1
Webserver conf:
- /home/$user/conf/web/apache2.conf
- /home/$user/conf/web/sapache2.conf (ssl)
- /home/$user/conf/web/nginx.conf
- /home/$user/conf/web/snginx.conf (ssl)
Mail conf:
- /home/$user/conf/mail/$domain/* (exim)
- /home/$user/conf/mail/$domain/passwd (dovecot)
Config and log locations Debian / Ubuntu
https://vestacp.com/docs/#config-log-location-debian-ubuntu
API
Notes
Monitoring: http://www.librenms.org Global dhparam: Path: /etc/ssl/certs/dhparam.pem openssl dhparam -out dhparam.pem 4096
root@lx1:/usr/local/vesta/bin# ./v-list-user-log user1 DATE TIME CMD ---- ---- --- 2017-04-25 12:35:21 changed language to en 2017-04-25 12:36:52 added web domain user1.ch 2017-04-25 12:36:52 added dns domain user1.ch 2017-04-25 12:36:53 added TXT dns record _domainkey for user1.ch 2017-04-25 12:36:53 added TXT dns record mail._domainkey for user1.ch 2017-04-25 12:36:53 added mail domain user1.ch 2017-04-25 12:36:53 enabled web log analyzer for user1.ch 2017-04-25 12:36:54 added ftp account user1_user1@user1.ch 2017-04-25 12:38:32 added mysql database user1_user1 2017-04-26 12:06:52 added web domain user1-domain2.ch 2017-04-26 12:06:52 added dns domain user1-domain2.ch 2017-04-26 12:06:53 added TXT dns record _domainkey for user1-domain2.ch 2017-04-26 12:06:53 added TXT dns record mail._domainkey for user1-domain2.ch 2017-04-26 12:06:53 added mail domain user1-domain2.ch 2017-04-26 12:25:48 added mail account user1@user1.ch root@lx1:/usr/local/vesta/bin# ./v-list-user-log user2 DATE TIME CMD ---- ---- --- 2017-04-27 12:57:02 changed language to en 2017-04-27 12:57:49 added web domain downtown-bern.ch 2017-04-27 12:57:49 added dns domain downtown-bern.ch 2017-04-27 12:57:49 added TXT dns record _domainkey for downtown-bern.ch 2017-04-27 12:57:49 added TXT dns record mail._domainkey for downtown-bern.ch 2017-04-27 12:57:49 added mail domain downtown-bern.ch 2017-04-27 12:57:50 enabled web log analyzer for downtown-bern.ch 2017-04-27 12:57:55 added ftp account user2_user2@downtown-bern.ch
v-add-user USER PASSWORD EMAIL [PACKAGE] [FNAME] [LNAME] v-add-user user2 mnag2017 abuse@hoststar.ch STARENTRY fname lname v-add-domain USER DOMAIN [IP] [RESTART] v-add-domain user1 user1.ch v-list-web-templates v-change-user-template v-add-database USER DATABASE DBUSER DBPASS [TYPE] [HOST] [CHARSET] v-add-database user1 user1db user1db mnag2017 v-add-web-domain-ftp USER DOMAIN FTP_USER FTP_PASSWORD [FTP_PATH] v-add-web-domain-ftp user2 user2.ch ftp mnag2017
exim/spamassassin
http://lists.merlins.org/archives/sa-exim/2003-July/000511.html
http://svn.apache.org/repos/asf/spamassassin/tags/spamassassin_current_release_3.4.x/sql/README
https://www.rosehosting.com/blog/how-to-setup-a-mailserver-with-exim4-and-dbmail-on-a-debian-7-vps/
https://spamassassin.apache.org/full/3.4.x/doc/spamd.html
https://wiki.apache.org/spamassassin/UsingSQL
apt install libclass-dbi-mysql-perl /etc/default/spamassassin OPTIONS="--max-children 5 -x -q -u nobody" /etc/exim4/exim4.conf.localmacros log_selector = +subject /etc/exim4/exim4.conf # example read from db #SCORE_QUERY = select value from userpref #SPAM_SCORE = ${lookup mysql{servers=127.0.0.1/sa/root/mnag2017; SCORE_QUERY}} acl_check_rcpt: # get recipient into acl_m3 warn set acl_m3 = ${local_part}@${domain} #pass user to spamd from acl_m3 #spam = nobody:true/defer_ok spam = $acl_m3:true/defer_ok /etc/spamassassin/mysql.cf allow_user_rules 1 #user_scores_dsn DBI:mysql:sa:localhost;mysql_socket=/var/run/mysqld/mysqld.sock user_scores_dsn DBI:mysql:sa:127.0.0.1;mysql_socket=/var/run/mysqld/mysqld.sock user_scores_sql_username root user_scores_sql_password mnag2017 #user_scores_sql_custom_query SELECT preference, value FROM _TABLE_ WHERE username = _USERNAME_ OR username = '$GLOBAL' OR username = CONCAT('%',_DOMAIN_) ORDER BY username ASC
FTP
- Mainuser / FTP account? restrict permission main user.
Partitioning
/ ext4 60G /var xfs 55G /tmp xfs 25G swap 10G /home xfs rest
https://www.beegfs.com/wiki/StorageServerTuning#hn_59ca4f8bbb_9
proftp.conf
ServerName "FTP" ServerIdent on "FTP Server ready." ServerAdmin root@localhost DefaultServer on DefaultRoot ~ !adm #<IfModule mod_vroot.c> # VRootEngine on # VRootAlias /etc/security/pam_env.conf etc/security/pam_env.conf #</IfModule> AuthPAMConfig proftpd AuthOrder mod_auth_pam.c* mod_auth_unix.c UseReverseDNS off User proftpd Group nogroup MaxInstances 20 UseSendfile off LogFormat default "%h %l %u %t \"%r\" %s %b" LogFormat auth "%v [%P] %h %t \"%r\" %s" ListOptions -a RequireValidShell off PassivePorts 12000 12100 TransferLog /var/log/proftpd/xferlog SystemLog /var/log/proftpd/proftpd.log LoadModule mod_sftp.c LoadModule mod_sftp_pam.c <IfModule mod_sftp.c> <VirtualHost 85.10.232.92> SFTPEngine on Port 5544 SFTPLog /var/log/proftpd/sftp.log SFTPHostKey /etc/ssh/ssh_host_rsa_key SFTPHostKey /etc/ssh/ssh_host_dsa_key SFTPCompression delayed DefaultRoot ~ AllowOverwrite on AllowRetrieveRestart on AllowStoreRestart on # SFTPAuthMethods password RequireValidShell no </VirtualHost> </IfModule> <Global> Umask 002 IdentLookups off AllowOverwrite yes <Limit ALL SITE_CHMOD> AllowAll </Limit> </Global> #<IfModule mod_quotatab.c> #QuotaEngine off #</IfModule> LoadModule mod_quotatab.c LoadModule mod_quotatab_file.c <IfModule mod_ctrls.c> ControlsEngine on ControlsMaxClients 10 ControlsLog /var/log/proftpd/controls.log ControlsInterval 5 ControlsSocket /var/run/proftpd/proftpd.sock </IfModule>