This manual is deprecated. Please visit https://groupoffice.readthedocs.io for the latest documentation. |
Difference between revisions of "Group-Office on separate mail- and webserver howto"
(Created page with "I'm going to show an ideal setup of a separate mailserver and Group-Office server. On both servers we'll install a minimal Debian 6. ==Secure access== First we'll secure the re...") |
(→Install the webserver) |
||
Line 48: | Line 48: | ||
==Install the webserver== | ==Install the webserver== | ||
+ | |||
+ | |||
+ | ==Enabling SSL== | ||
+ | |||
+ | This is for a self-signed certificate. You probably want to purchase a real one. | ||
+ | |||
+ | mkdir /etc/apache2/ssl && /usr/sbin/make-ssl-cert /usr/share/ssl-cert/ssleay.cnf /etc/apache2/ssl/apache.pem | ||
+ | |||
+ | Edit /etc/apache2/sites-enabled/000-default: | ||
+ | |||
+ | <pre> | ||
+ | SSLEngine On | ||
+ | SSLCertificateFile /etc/apache2/ssl/apache.pem | ||
+ | </pre> | ||
+ | |||
+ | Change the VirtualHost port from *:80 to *:443. |
Revision as of 17:56, 30 November 2010
I'm going to show an ideal setup of a separate mailserver and Group-Office server.
On both servers we'll install a minimal Debian 6.
Secure access
First we'll secure the remote access on both servers:
Install fail2ban. This is a program that will monitor various log files and blocks users who make more then 3 failed login attempts.
apt-get install fail2ban
Install sudo to allow normal users to execute root commands:
apt-get install sudo
Then add a personal user:
adduser <username> adduser <username> sudo
Generate an ssh keypair for your username on your own machine. We don't cover this here.
Add the public key to:
/home/<username>/.ssh/authorized_keys
Set the right permissions:
chmod 700 /home/<username>/.ssh/ chmod 600 /home/<username>/.ssh/authorized_keys
Now test the SSH login with your keypair and make sure it works because we're going to disable any other login method. Make sure this user can use sudo too.
When this works disable root login through SSH and disable login with normal passwords:
Change /etc/ssh/sshd_config:
PermitRootLogin no PasswordAuthentication no ChallengeResponseAuthentication no
Install the mailserver
Install the webserver
Enabling SSL
This is for a self-signed certificate. You probably want to purchase a real one.
mkdir /etc/apache2/ssl && /usr/sbin/make-ssl-cert /usr/share/ssl-cert/ssleay.cnf /etc/apache2/ssl/apache.pem
Edit /etc/apache2/sites-enabled/000-default:
SSLEngine On SSLCertificateFile /etc/apache2/ssl/apache.pem
Change the VirtualHost port from *:80 to *:443.