919
modifications
m (→Reboot) |
mAucun résumé des modifications |
||
Ligne 7 : | Ligne 7 : | ||
First of all, let's make sure the system is up to date. | First of all, let's make sure the system is up to date. | ||
apt-get update | |||
apt-get upgrade | |||
apt-get dist-upgrade | |||
=== Install miscellaneous tools === | === Install miscellaneous tools === | ||
Ligne 15 : | Ligne 15 : | ||
Some of these are needed further down, some are just good to have. | Some of these are needed further down, some are just good to have. | ||
apt-get install certbot | |||
apt-get install dnsutils | |||
apt-get install git | |||
apt-get install mg | |||
apt-get install moreutils | |||
apt-get install net-tools | |||
apt-get install nmap | |||
apt-get install software-properties-common | |||
apt-get install tree | |||
=== Set up firewall === | === Set up firewall === | ||
Ligne 29 : | Ligne 29 : | ||
For now, block everything but SSH. | For now, block everything but SSH. | ||
apt-get install ufw | |||
ufw allow proto tcp to 0.0.0.0/0 port 22 | |||
ufw enable | |||
=== Install server components === | === Install server components === | ||
Ligne 39 : | Ligne 39 : | ||
Backports: | Backports: | ||
echo deb http://deb.debian.org/debian $(lsb_release -sc)-backports main > /etc/apt/sources.list.d/backports.list | |||
PHP repo '''only''' if a very new version is needed: | PHP repo '''only''' if a very new version is needed: | ||
wget -O /etc/apt/trusted.gpg.d/sury-php.gpg https://packages.sury.org/php/apt.gpg | |||
echo "deb https://packages.sury.org/php/ $(lsb_release -sc) main" > /etc/apt/sources.list.d/sury-php.list | |||
MariaDB repo '''only''' if a very new version is needed: | MariaDB repo '''only''' if a very new version is needed: | ||
wget https://mariadb.org/mariadb_release_signing_key.asc | |||
apt-key add mariadb_release_signing_key.asc | |||
rm mariadb_release_signing_key.asc | |||
echo "deb http://mirror.23media.de/mariadb/repo/10.4/debian $(lsb_release -sc) main" > /etc/apt/sources.list.d/mariadb.list | |||
Now we can install everything: | Now we can install everything: | ||
apt-get install apache2 | |||
apt-get install dovecot-core | |||
apt-get install ejabberd # good candidate for backports | |||
apt-get install fail2ban | |||
apt-get install mariadb-server | |||
apt-get install opendkim | |||
apt-get install php7.4 # or whatever version we're on | |||
apt-get install postfix | |||
apt-get install slapd | |||
Example for installing ejabberd from backports instead: | Example for installing ejabberd from backports instead: | ||
apt-get install ejabberd/$(lsb_release -sc)-backports | |||
=== Fetch scripts & config repo === | === Fetch scripts & config repo === | ||
Ligne 73 : | Ligne 73 : | ||
Set up GitHub ssh access by copying the <code>.ssh/id_rsa</code> from the old server. After that: | Set up GitHub ssh access by copying the <code>.ssh/id_rsa</code> from the old server. After that: | ||
cd ~ | |||
git clone git@github.com:FeministWiki/FeministWiki.git repo | |||
cp -a repo/root/* . | |||
openssl aes-256-cbc -d -md sha512 -pbkdf2 -iter 100000 -in repo/pwd.enc -out - | tar -xzf- | |||
The <code>openssl</code> decryption command will prompt you for a password. Enter the password stored in <code>/root/pwd/meta</code> on the old server. | The <code>openssl</code> decryption command will prompt you for a password. Enter the password stored in <code>/root/pwd/meta</code> on the old server. | ||
Ligne 86 : | Ligne 86 : | ||
=== Create vmail user === | === Create vmail user === | ||
groupadd -g 5000 vmail | |||
useradd -u 5000 -g vmail -s /usr/sbin/nologin -d /home/vmail -m vmail | |||
=== Initialize LetsEncrypt === | === Initialize LetsEncrypt === |