summaryrefslogtreecommitdiffstats
path: root/server/setup/05-service-settings/02-SERVICES.txt
blob: 4438c5520d7dbcd13addcd6b3a2998100a2aef77 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
All template files are .. underneath in ./etc

Debian 7.00 (Wheezy)

01 stop all running services ..
    /etc/init.d/apache2 stop
    /etc/init.d/sendmail stop
    /etc/init.d/dovecot stop
    /etc/init.d/mysql stop
    /etc/init.d/saslauthd stop

01 logging
    - firewall logging:
      /etc/rsyslog.conf: firewall rules, kern.debug / kern.=!debug
      /etc/init.d/rsyslog restart

    - logrotate
      /etc/logrotate.conf: compress, 48 weeks
      /etc/logrotate.d/rsyslog: Add /var/log/firewall and /var/log/dovecot.log
      
03 move all users
    - mv /data/backup/home/* /home/
    - for all groups: groupadd -g GID groupname
    - for all users:  useradd -M -N -u UID -g GID username
    - for all users:  usermod -a -G GID1,GID2,.. username
    - cd /data/backup/var/spool/mail ; (check names, remove unused ..) ; mv * /var/spool/mail/

04 move other stuff
    - Old Logs
        - mv /data/backup/var/log /var/log/old_logs

    - MySQL
        - old server: backup DB
          - run backup-mysql.sh on old server, result is e.g. backup-mysqldb-20130605162509.sql
          - !!! strip all system-DB's (schema's) from the backup,
            i.e. all which are not created for applications, e.g.: 
            - mysql
            - users
            - test
            - t_*

        - new server: import DB
          - get backup backup-mysqldb-20130605162509.sql
          - /etc/init.d/mysql start
          - backup-1: backup-mysql.sh
          - mysql --user=root --password  < backup-mysqldb-20130605162509.sql
          - backup-2: backup-mysql.sh
          - mysqlcheck --user=root --password --all-databases

        - if things go wrong: re-install mysql
          dpkg -P mysql-server mysql-server-5.5 mysql-server-core-5.5
          rm -rf /var/lib/mysql/*
          apt-get install mysql-server mysql-server-5.5 mysql-server-core-5.5

    - Services
        - mv /data/backup/srv/* /srv/

05 config procmail
    copy /etc/procmailrc

06 bogofilter
    copy /etc/bogofilter.cf
    Init empty wordlist.db:
        touch nope
        cat nope  | bogoutil -l /var/spool/bogofilter/wordlist.db
        rm nope

07 sasl2
    /etc/sasl2/Sendmail.conf
    /etc/default/saslauthd: start=yes
    /etc/init.d/saslauthd start

08 dovecot 2.1.7-7
    - features:
      - requires ssl
      - ipv4 / ipv6
      - smtps
      - pop3s
      - sieve (tls)

    - Sync config files in /etc/dovecot/
      with etc/dovecot/dovecot.conf.diff and etc/dovecot/conf.d.diff

    - mkdir -p /var/lib/dovecot/sieve/global/
    - chmod ugo+rx /var/lib/dovecot
    - copy /var/lib/dovecot/sieve/global/default.sieve
        - cd /var/lib/dovecot/sieve/global ; sievec default.sieve
    - copy /var/lib/dovecot/sieve/prologue.sieve
        - cd /var/lib/dovecot/sieve ; sievec prologue.sieve

    - migrate old INBOX:
        for each user:
          dsync mirror mbox:~/mail:INBOX=/var/mail/USERNAME
          su dstrohlein -c "dsync mirror mbox:~/mail:INBOX=/var/mail/dstrohlein ; echo OK"

    - /etc/init.d/dovecot start


09 sendmail 8.14.4-4
    - features:
      - requires ssl for auth
      - ipv4 / ipv6

    - /etc/mail
    - Sync config files in /etc/mail with: etc/mail/mail.diff
        - sendmail.mc
        - submit.mc
        - access
        - local-host-names
        - virtusertable

    - /etc
        - aliases

    - cd /etc/mail
        - make

    - SPF
      - add TXT dns entry jogamp.org IN TXT "v=spf1 mx a ptr:jogamp.org ip6:2a01:4f8:192:1164::2 -all"

    - DKIM
        https://dev.kafol.net/2013/01/dkim-spf-sendmail-for-multiple-domains.html
            apt-get install opendkim
            apt-get install opendkim-tools
            vi /etc/opendkim.conf
            mkdir /etc/opendkim/
            mkdir /etc/opendkim/keys
            mkdir /etc/opendkim/keys/jogamp.org
            vi /etc/opendkim/TrustedHosts
            vi /etc/opendkim/SigningTable
            vi /etc/opendkim/KeyTable
            opendkim-genkey -D /etc/opendkim/keys/jogamp.org -d jogamp.org -s default
            chown -R opendkim:opendkim /etc/opendkim
            chmod -R go-rwx /etc/opendkim

        - add TXT dns entry default._domainkey.jogamp.org IN TXT "v=DKIM1; k=rsa; p=PUB-KEY"

    - DMARC
        - add TXT dns entry _dmarc.jogamp.org IN TXT "v=DMARC1; p=none; rua=mailto:postmaster@jogamp.org; adkim=r; aspf=r; pct=100; rf=afrf; sp=none"

    /etc/init.d/sendmail start
    
10 GIT
    xinetd for git
        apt-get install xinetd
        cp /etc/xinetd.d/git
        /etc/init.d/xinetd restart

    gitweb
        We use deployed gitweb now, and simply deploy gitweb.conf
        - ln -s /usr/share/gitweb DocumentRoot/git
        - cp srv/scm/gitweb.conf

11 Apache2 / Webservices

11.1 generic
    - apache2 and build ..
        apt-get install apache2 mysql-server build-essential 

    - php
        apt-get install php5-pgsql php5-ldap php5-imap php5-odbc php5-dev php5-common php5 php5-mysql php5-gd php5-xmlrpc \
                        php5-xsl php5-cli php5-intl php5-pspell php5-snmp php5-sasl


11.2 bugzilla
    - Debian 7

      Install
        apt-get install libapache2-mod-perl2-dev libapache2-mod-perl2
        apt-get install libgd-dev libgd3
        apt install libgdbm-dev libgdbm6
        apt-get install libdbd-mysql-perl
        libcgi-pm-perl libcgi-fast-perl libcgi-session-perl libfcgi-perl
        libemail-mime-perl libemail-sender-perl
        libtemplate-perl libhtml-template-perl
        libjson-perl libjson-xs-perl
        libmath-bigint-perl libmath-random-isaac-perl libmath-random-isaac-xs-perl

    - As User: misc for perl/bugzilla
        - Perl: redo init (find closest mirror ..)
            - perl -MCPAN -e shell
                - o conf init

      a2enmod rewrite
      a2enmod expires

      As User:
      See https://bugzilla.readthedocs.org/en/5.0/installing/linux.html#perl-modules
      ./checksetup.pl --check-modules
      /usr/bin/perl install-module.pl --all
      /usr/bin/perl install-module.pl --upgrade-all
      ./checksetup.pl --check-modules
      ./checksetup.pl

      # bugzilla folder must be owned by webrunner (suexec)
      chown -R webrunner:webrunner .

      systemctl restart apache2
      /etc/init.d/apache2 restart

    - https://www.bugzilla.org/download/#stable

11.3 mediawiki
    - https://www.mediawiki.org/wiki/Download

    - Vector skin (default):
        vi wiki/skins/Vector/variables.less
            // @html-font-size: 100%;
            @html-font-size: 95%;

    Extension mediawiki-bugzillareports
        - https://www.mediawiki.org/wiki/Extension:Bugzilla_Reports
        - https://www.mediawiki.org/wiki/Extension_talk:Bugzilla_Reports#Google_Code_Shutting_Down
        - https://github.com/nakal/mediawiki-bugzillareports

11.X Apache ..
    - Sync config files in /etc/apache2/ with: etc/apache2/apache2.diff
        - see also etc/apache2/mods-enabled.lst, etc ..

    /etc/init.d/apache2 start

12 jogamp_web daemons ..
    # m h  dom mon dow   command
    51  *    *   *   *   /bin/bash /home/jogamp_web/jogamp.org/planet2/update-planet.sh >& /dev/null
    52  *    *   *   *   /bin/bash /home/jogamp_web/jogamp.org/planet2/update-stream.sh >& /dev/null
    10 23    *   *   *   /bin/bash /home/jogamp_web/awstats/awstats-start.sh >& /dev/null

    awstats:
        user: jogamp_web
        script home:  /home/jogamp_web/awstats
        install home: /home/jogamp_web/awstats/installation
            root@server:
                apt-get install libgeoip-dev libgeo-ip-perl php5-geoip python-geoip geoip-database libnet-whois-raw-perl
                mkdir /var/lib/awstats/
                chown -R jogamp_web:jogamp_web /var/lib/awstats/
                chown -R jogamp_web:jogamp_web /etc/GeoIP

            jogamp_web@server:
                cd /home/jogamp_web/awstats
                wget http://prdownloads.sourceforge.net/awstats/awstats-7.1.1.tar.gz
                tar xzf awstats-7.1.1.tar.gz
                ln -s awstats-7.1.1 installation
                mkdir config
                mkdir log

                cp -a BACKUP/awstats/awstats.jogamp.org.conf /home/jogamp_web/awstats/config
                cp -a BACKUP/awstats/awstats-start.sh /home/jogamp_web/awstats/

                cp -a BACKUP etc/logrotate.d/httpd-prerotate /etc/logrotate.d/
                    this kicks off /home/jogamp_web/awstats/awstats-start.sh before the logrotate

            Populate /etc/GeoIP .. 

13 jabot
    As user jabot:
        cd /srv/jabot ; git clone file:///srv/scm/users/sgothel/jabot.git
        cd jabot ; ant

    As user root:
        cp -a /srv/jabot/jabot/scripts/jabot-init-debian /etc/init.d/jabot
        update-rc.d jabot defaults

13 jenkins
    root@jogamp.org:
        apt-get install graphviz-dev graphviz
        cp ../../../jenkins-server-slave-setup/scripts/jenkins-initd-debian /etc/init.d/jenkins
        cp ../../../jenkins-server-slave-setup/scripts/jenkins.logrotate /etc/logrotate.d/
        update-rc.d jenkins defaults
        /etc/init.d/jenkins start