From 4d73cb65a2779adc69f7966d92dcb42b3aca9b25 Mon Sep 17 00:00:00 2001 From: broedli Date: Thu, 2 Mar 2017 21:26:38 +0100 Subject: [PATCH] Fixed formatting --- docs/first_steps.md | 77 +++++++++++++++++++++++---------------------- 1 file changed, 40 insertions(+), 37 deletions(-) diff --git a/docs/first_steps.md b/docs/first_steps.md index fd187dd53..3a87b761d 100644 --- a/docs/first_steps.md +++ b/docs/first_steps.md @@ -13,55 +13,58 @@ mailcow uses 3 domain names that should be covered by your new certificate: This is just an example of how to obtain certificates with certbot. There are several methods! 1. Get the certbot client: -``` -wget https://dl.eff.org/certbot-auto -O /usr/local/sbin/certbot && chmod +x /usr/local/sbin/certbot -``` + ``` + wget https://dl.eff.org/certbot-auto -O /usr/local/sbin/certbot && chmod +x /usr/local/sbin/certbot + ``` + 2. Make sure you set `HTTP_BIND=0.0.0.0` in `mailcow.conf` or setup a reverse proxy to enable connections to port 80. If you changed HTTP_BIND, then restart Nginx: `docker-compose restart nginx-mailcow`. 3. Request the certificate with the webroot method: + ``` + cd /path/to/git/clone/mailcow-dockerized + source mailcow.conf + certbot certonly \ + --webroot \ + -w ${PWD}/data/web \ + -d ${MAILCOW_HOSTNAME} \ + -d autodiscover.example.org \ + -d autoconfig.example.org \ + --email you@example.org \ + --agree-tos + ``` -``` -cd /path/to/git/clone/mailcow-dockerized -source mailcow.conf -certbot certonly \ - --webroot \ - -w ${PWD}/data/web \ - -d ${MAILCOW_HOSTNAME} \ - -d autodiscover.example.org \ - -d autoconfig.example.org \ - --email you@example.org \ - --agree-tos -``` - -3. Create hard links to the full path of the new certificates. Assuming you are still in the mailcow root folder: -``` -mv data/assets/ssl/cert.{pem,pem.backup} -mv data/assets/ssl/key.{pem,pem.backup} -ln $(readlink -f /etc/letsencrypt/live/${MAILCOW_HOSTNAME}/fullchain.pem) data/assets/ssl/cert.pem -ln $(readlink -f /etc/letsencrypt/live/${MAILCOW_HOSTNAME}/privkey.pem) data/assets/ssl/key.pem -``` -4. Restart containers which use the certificate: -``` -docker-compose restart postfix-mailcow dovecot-mailcow nginx-mailcow -``` +4. Create hard links to the full path of the new certificates. Assuming you are still in the mailcow root folder: + ``` + mv data/assets/ssl/cert.{pem,pem.backup} + mv data/assets/ssl/key.{pem,pem.backup} + ln $(readlink -f /etc/letsencrypt/live/${MAILCOW_HOSTNAME}/fullchain.pem) data/assets/ssl/cert.pem + ln $(readlink -f /etc/letsencrypt/live/${MAILCOW_HOSTNAME}/privkey.pem) data/assets/ssl/key.pem + ``` + +5. Restart containers which use the certificate: + ``` + docker-compose restart postfix-mailcow dovecot-mailcow nginx-mailcow + ``` + When renewing certificates, run the last two steps (link + restart) as post-hook in a script. # Rspamd UI access At first you may want to setup Rspamds web interface which provides some useful features and information. 1. Generate a Rspamd controller password hash: -``` -docker-compose exec rspamd-mailcow rspamadm pw -``` + ``` + docker-compose exec rspamd-mailcow rspamadm pw + ``` + 2. Replace the default hash in `data/conf/rspamd/override.d/worker-controller.inc` by your newly generated: -``` -enable_password = "myhash"; -``` + ``` + enable_password = "myhash"; + ``` + 3. Restart rspamd: - -``` -docker-compose restart rspamd-mailcow -``` + ``` + docker-compose restart rspamd-mailcow + ``` Open https://${MAILCOW_HOSTNAME}/rspamd in a browser and login!