beenull/mail-hosting-mirror
1
0
Fork 0
mirror of https://github.com/DanWin/mail-hosting.git synced 2024-09-19 15:41:11 +00:00
Code Issues Packages Projects Releases Wiki Activity

Connect servers with WireGuard

Browse source
This commit is contained in:
Daniel Winzen 2024-06-06 14:57:36 +02:00
parent ce1cefe511
commit 7b21a62ac1
No known key found for this signature in database
GPG key ID: 222FCC3F35C41077
2 changed files with 30 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

29
README.md
View file

@ -82,12 +82,27 @@ Install [acme.sh](https://github.com/acmesh-official/acme.sh) or [certbot](https
nano /etc/prosody/prosody.cfg.lua /etc/dovecot/dovecot.conf /etc/postfix/main.cf /etc/nginx/nginx.conf /etc/nginx/sites-enabled/mail /etc/nginx/sites-enabled/openpgpkey nano /etc/prosody/prosody.cfg.lua /etc/dovecot/dovecot.conf /etc/postfix/main.cf /etc/nginx/nginx.conf /etc/nginx/sites-enabled/mail /etc/nginx/sites-enabled/openpgpkey
``` ```
Add your other servers IP under `unrestricted access to these IPs` in `/etc/rc.local`
Create database tables, activate firewall and enable cron: Create database tables, activate firewall and enable cron:
``` ```
postmap /etc/postfix/header_checks postmap /etc/postfix/header_checks
cd /var/www/mail && php setup.php && chmod +x /etc/rc.local && /etc/rc.local && systemctl enable mail-cron.timer cd /var/www/mail && php setup.php && chmod +x /etc/rc.local && /etc/rc.local && systemctl enable mail-cron.timer
``` ```
Generate a wireguard keypair and add the public key generated here to the primary mail server wireguard config:
```
export PRIV=$(wg genkey)
sed -i "s~YOUR_PRIVATE_KEY~$PRIV~g" /etc/wireguard/wg0.conf
echo $PRIV | wg pubkey
```
Replace `YOUR_IP` with the IP of your other server, then enable and start wireguard:
```
nano /etc/wireguard/wg0.conf
systemctl enable wg-quick@wg0 && systemctl start wg-quick@wg0
```
Final step is to reboot the server and check that everything is working. Final step is to reboot the server and check that everything is working.
### Proxy server: ### Proxy server:
@ -124,6 +139,20 @@ Install [acme.sh](https://github.com/acmesh-official/acme.sh) or [certbot](https
nano /etc/postfix/main.cf /etc/nginx/nginx.conf /etc/turnserver.conf nano /etc/postfix/main.cf /etc/nginx/nginx.conf /etc/turnserver.conf
``` ```
Generate a wireguard keypair and add the public key generated here to the primary mail server wireguard config:
```
export PRIV=$(wg genkey)
sed -i "s~YOUR_PRIVATE_KEY~$PRIV~g" /etc/wireguard/wg0.conf
echo $PRIV | wg pubkey
```
Replace `YOUR_IP` with the IP of your other server and `ens3` with your network interface name, then enable and start wireguard:
```
nano /etc/wireguard/wg0.conf
systemctl enable wg-quick@wg0 && systemctl start wg-quick@wg0
```
Final step is to reboot the server and check that everything is working.
### General Domain settings ### General Domain settings

2
etc/nginx/sites-enabled/mail
View file

@ -49,7 +49,7 @@ server {
add_header Cross-Origin-Embedder-Policy require-corp always; add_header Cross-Origin-Embedder-Policy require-corp always;
add_header Cross-Origin-Opener-Policy same-origin always; add_header Cross-Origin-Opener-Policy same-origin always;
add_header Cross-Origin-Resource-Policy same-origin always; add_header Cross-Origin-Resource-Policy same-origin always;
listen [::]:443 ssl http2; listen [::]:443 ssl http2 fastopen=100 backlog=2048 ipv6only=off default_server;
ssl_certificate /etc/ssl/certs/ssl-cert-snakeoil.pem; ssl_certificate /etc/ssl/certs/ssl-cert-snakeoil.pem;
ssl_certificate_key /etc/ssl/private/ssl-cert-snakeoil.key; ssl_certificate_key /etc/ssl/private/ssl-cert-snakeoil.key;
root /var/www/html; root /var/www/html;