add deploy session example
This commit is contained in:
parent
e1a78d560d
commit
5e5870935c
118
deploy_configs/README.md
Normal file
118
deploy_configs/README.md
Normal file
@ -0,0 +1,118 @@
|
|||||||
|
# Deployment command line
|
||||||
|
|
||||||
|
Example terminal session for deploying. ssh to your VPS and follow along. Minor differences may be required. e.g. if you are already root, skip `sudo`. If curl is missing, use wget.
|
||||||
|
|
||||||
|
## Check python version
|
||||||
|
|
||||||
|
Python version should be a supported (as of now 3.9 and above)
|
||||||
|
|
||||||
|
```sh
|
||||||
|
python3 -V
|
||||||
|
```
|
||||||
|
|
||||||
|
## Choose release
|
||||||
|
```sh
|
||||||
|
RELEASE=v1.0-rc5
|
||||||
|
```
|
||||||
|
|
||||||
|
## Download App
|
||||||
|
```sh
|
||||||
|
curl -OL "https://gitea.balki.me/balki/mail4one/releases/download/$RELEASE/mail4one.pyz"
|
||||||
|
rm mail4one.pyz
|
||||||
|
```
|
||||||
|
|
||||||
|
## Set executable permission
|
||||||
|
```sh
|
||||||
|
chmod 555 mail4one.pyz
|
||||||
|
```
|
||||||
|
|
||||||
|
## Download sample configurations
|
||||||
|
```sh
|
||||||
|
curl -OL "https://gitea.balki.me/balki/mail4one/raw/tag/$RELEASE/deploy_configs/mail4one.service"
|
||||||
|
curl -OL "https://gitea.balki.me/balki/mail4one/raw/tag/$RELEASE/deploy_configs/mail4one.conf"
|
||||||
|
curl -OL "https://gitea.balki.me/balki/mail4one/raw/tag/$RELEASE/deploy_configs/mail4one_cert_copy.sh"
|
||||||
|
```
|
||||||
|
|
||||||
|
## Generate Password hash
|
||||||
|
|
||||||
|
This can be done in any machine. Do this once for each user. Every time a new hash is generated as a random salt is used. Even if you are using the same password for multiple clients, it is recommended to generate different hashes for each.
|
||||||
|
|
||||||
|
```sh
|
||||||
|
./mail4one.pyz -g
|
||||||
|
./mail4one.pyz -g <password> # also works but the password is saved in the shell commandline history
|
||||||
|
```
|
||||||
|
|
||||||
|
## Generate config.json
|
||||||
|
|
||||||
|
Edit [config.sample](config.sample) in your local machine and convert to config.json (See [here](./config.sample#L5) for some tools).
|
||||||
|
|
||||||
|
Then copy the config.json to your vps
|
||||||
|
```sh
|
||||||
|
scp config.json user@vps:~/
|
||||||
|
# or run below in vps terminal
|
||||||
|
cat > config.json
|
||||||
|
<paste json config from clibboard
|
||||||
|
<Ctrl + D>
|
||||||
|
|
||||||
|
# move to /etc
|
||||||
|
|
||||||
|
# This should show number of lines in your config
|
||||||
|
wc -l config.json
|
||||||
|
sudo mv config.json /etc/mail4one/config.json
|
||||||
|
```
|
||||||
|
|
||||||
|
## Create mail4one user
|
||||||
|
|
||||||
|
```sh
|
||||||
|
sudo mkdir -p /etc/sysusers.d/
|
||||||
|
sudo cp mail4one.conf /etc/sysusers.d/
|
||||||
|
sudo systemctl restart systemd-sysusers
|
||||||
|
# This should show the new user created
|
||||||
|
id mail4one
|
||||||
|
```
|
||||||
|
## Copy app
|
||||||
|
```sh
|
||||||
|
sudo cp mail4one.pyz /usr/local/bin/mail4one
|
||||||
|
# This should show executable permissions and should be owned by root
|
||||||
|
ls -l /usr/local/bin/mail4one
|
||||||
|
```
|
||||||
|
|
||||||
|
## Setup mail4one.service
|
||||||
|
```sh
|
||||||
|
sudo cp mail4one.service /etc/systemd/system/mail4one.service
|
||||||
|
sudo systemctl daemon-reload
|
||||||
|
sudo systemctl enable --now mail4one.service
|
||||||
|
```
|
||||||
|
Above command should fail as the tls certificates don't exist yet. Lets fix that next
|
||||||
|
|
||||||
|
## Setup tls certificates
|
||||||
|
Install [certbot](https://certbot.eff.org/) and run below command. Follow instructions to create tls certificates. Usually you want certificate for domain name like `mail.example.com`
|
||||||
|
```sh
|
||||||
|
sudo certbot certonly
|
||||||
|
sudo cp /etc/letsencrypt/live/mail.example.com/{fullchain,privkey}.pem /var/lib/mail4one/certs/
|
||||||
|
sudo chwon mail4one:mail4one /var/lib/mail4one/certs/{fullchain,privkey}.pem
|
||||||
|
|
||||||
|
# Edit mail4one_cert_copy.sh to update your domain name
|
||||||
|
sudo cp mail4one_cert_copy.sh /etc/letsencrypt/renewal-hooks/deploy/
|
||||||
|
sudo chmod +x /etc/letsencrypt/renewal-hooks/deploy/mail4one_cert_copy.sh
|
||||||
|
```
|
||||||
|
## Restart service and check logs
|
||||||
|
```sh
|
||||||
|
sudo systemctl restart mail4one.service
|
||||||
|
systemctl status mail4one.service
|
||||||
|
cat /var/log/mail4one/mail4one.log
|
||||||
|
```
|
||||||
|
|
||||||
|
## Testing dns and firewall
|
||||||
|
In vps
|
||||||
|
```sh
|
||||||
|
mkdir test_dir
|
||||||
|
touch test_dir/{a,b,c}
|
||||||
|
cd test_dir
|
||||||
|
python3 -m http.server 25
|
||||||
|
```
|
||||||
|
In local machine or a browser
|
||||||
|
You should see file listing a, b, c. Repeat for port 465, 995 to make sure firewall rules and dns is working
|
||||||
|
```sh
|
||||||
|
curl http://mail.example.com:25
|
||||||
|
```
|
Loading…
Reference in New Issue
Block a user