FeministWiki:Server setup: Difference between revisions
Technician (talk | contribs) |
Technician (talk | contribs) No edit summary |
||
Line 79: | Line 79: | ||
The <code>openssl</code> decryption command will prompt you for a password. Enter the password stored in <code>/root/pwd/meta</code> on the old server. | The <code>openssl</code> decryption command will prompt you for a password. Enter the password stored in <code>/root/pwd/meta</code> on the old server. | ||
=== Initialize LetsEncrypt === | |||
The first run of Certbot has to be interactive. Run "certbot certonly" and follow the on-screen instructions. | |||
=== Put config files in place === | === Put config files in place === |
Revision as of 20:14, 16 August 2021
!!! WORK IN PROGRESS !!!
These are the steps required to set up a new FeministWiki Debian server.
Update & upgrade
First of all, let's make sure the system is up to date.
apt-get update apt-get upgrade apt-get dist-upgrade
Install miscellaneous tools
Some of these are needed further down, some are just good to have.
apt-get install certbot apt-get install dnsutils apt-get install git apt-get install mg apt-get install moreutils apt-get install net-tools apt-get install nmap apt-get install software-properties-common apt-get install tree
Set up firewall
For now, block everything but SSH.
apt-get install ufw ufw allow proto tcp to 0.0.0.0/0 port 22 ufw enable
Install server components
We will now install all the software used for the various FeministWiki services. But first we might want to add some additional package repositories so we can use the latest version of some of the used software.
Backports:
echo deb http://deb.debian.org/debian $(lsb_release -sc)-backports main > /etc/apt/sources.list.d/backports.list
PHP repo only if a very new version is needed:
wget -O /etc/apt/trusted.gpg.d/sury-php.gpg https://packages.sury.org/php/apt.gpg echo "deb https://packages.sury.org/php/ $(lsb_release -sc) main" > /etc/apt/sources.list.d/sury-php.list
MariaDB repo only if a very new version is needed:
wget https://mariadb.org/mariadb_release_signing_key.asc apt-key add mariadb_release_signing_key.asc rm mariadb_release_signing_key.asc echo "deb http://mirror.23media.de/mariadb/repo/10.4/debian $(lsb_release -sc) main" > /etc/apt/sources.list.d/mariadb.list
Now we can install everything:
apt-get install apache2 apt-get install dovecot-core apt-get install ejabberd # good candidate for backports apt-get install fail2ban apt-get install mariadb-server apt-get install opendkim apt-get install php7.4 # or whatever version we're on apt-get install postfix apt-get install slapd
Example for installing ejabberd from backports instead:
apt-get install ejabberd/$(lsb_release -sc)-backports
Fetch scripts & config repo
Set up GitHub ssh access by copying the .ssh/id_rsa
from the old server. After that:
cd ~ git clone git@github.com:FeministWiki/FeministWiki.git repo cp -a repo/root/* . openssl aes-256-cbc -d -md sha512 -pbkdf2 -iter 100000 -in repo/pwd.enc -out - | tar -xzf-
The openssl
decryption command will prompt you for a password. Enter the password stored in /root/pwd/meta
on the old server.
Initialize LetsEncrypt
The first run of Certbot has to be interactive. Run "certbot certonly" and follow the on-screen instructions.
Put config files in place
TODO
Create vmail user
groupadd -g 5000 vmail useradd -u 5000 -g vmail -s /usr/sbin/nologin -d /home/vmail -m vmail
Stop services on old server
At this point, all services on the old server should be stopped, because we will now begin to transfer all the actual data.
Copy over LDAP databases
TODO
Copy over SQL databases
TODO
Copy over /var/www
TODO
Open ports
We are finally ready to serve:
for port in 25 80 443 465 587 993 995 5222 5223 5269 5270 5443 6697 7777 do ufw allow proto tcp to 0.0.0.0/0 port $port done
Reboot
We could restart a lot of services manually, but it's easiest to just reboot.
reboot
Update DNS entries
TODO