19 Jan

Postfix: send email using another Postfix

Some host providers block all email ports (like TCP/25 and TCP/587). Here’s  simple of example of how to setup two STMP servers, where SMTP1 is a relay server (forwarder), and SMTP2 uses SMTP1 to send email. Both are using default configuration files with slight changes.

SMTP1 (smart host) 

This config line allows SMTP2 to send email without SMTP authorization. For the sake of security it would make sense to restrict access to port 2525 using iptabes.

mynetworks = 127.0.0.1 <IP_of_SMTP2>

This goes to /etc/postfix/main.cf.

And the following

2525 inet n - n - - smtpd

goes to /etc/postfix/master.cf on SMTP1. So that Postfix opens TCP port 2525.

SMTP2

Add this to /etc/postfix/main.cf on SMTP2.

smtp_always_send_ehlo = yes<br />relayhost = 199.101.134.4:2527<br /><br />

After restart you should be able to send emails from SMTP2 via SMTP1‘s using port 2525.

10 Nov

mysql: backup from remote host using ssh

Sometimes you need to dump a mysql database, and there’s no free space on the server. Here’s you can do to back up the database:

ssh -p <ssh port> user@host "mysqldump -u dbuser -ppassword dbname | gzip -9" > database.sql.gz

At the end you will get mysq database on a local server. Although ssh is slow and it would take some time to transfer the database.

12 Feb

Linux: setting timezone to GMT

cp /etc/localtime /etc/localtime.default
ln -s /usr/share/zoneinfo/GMT-0 /etc/localtime

Here’s an example:

[root@d1 ~]# date
Sun Feb 12 10:24:25 CST 2017
[root@d ~]#

[root@d1 ~]# date
Sun Feb 12 16:24:51 GMT 2017
[root@d1 ~]#

21 Jan

Free SSL certificates set up on Ubuntu in 5 min

Install certbot:

wget https://dl.eff.org/certbot-auto ; chmod a+x certbot-auto ; ./certbot-auto

Add the required location to nginx:

vim /etc/nginx/sites-enabled/443-pydelion.com:
location ~ /.well-known { allow all; }
sudo service nginx restart

Run and follow the instruction:

root@host:~# ./certbot-auto certonly -d pydelion.com
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Failed to find apache2ctl in PATH: /usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin

How would you like to authenticate with the ACME CA?
-------------------------------------------------------------------------------
1: Place files in webroot directory (webroot)
2: Spin up a temporary webserver (standalone)
-------------------------------------------------------------------------------
Select the appropriate number [1-2] then [enter] (press 'c' to cancel):1
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for pydelion.com

Select the webroot for for pydelion.com:
-------------------------------------------------------------------------------
1: Enter a new webroot
-------------------------------------------------------------------------------
Press 1 [enter] to confirm the selection (press 'c' to cancel):
Input the webroot for pydelion.com: (Enter 'c' to cancel):/usr/share/nginx/html
Waiting for verification...
Cleaning up challenges
Generating key (2048 bits): /etc/letsencrypt/keys/0000_key-certbot.pem
Creating CSR: /etc/letsencrypt/csr/0000_csr-certbot.pem

IMPORTANT NOTES:
- Congratulations! Your certificate and chain have been saved at
/etc/letsencrypt/live/pydelion.com/fullchain.pem. Your cert will
expire on 2017-04-20. To obtain a new or tweaked version of this
certificate in the future, simply run certbot-auto again. To
non-interactively renew *all* of your certificates, run
"certbot-auto renew"
- If you like Certbot, please consider supporting our work by:

Donating to ISRG / Let's Encrypt: https://letsencrypt.org/donate
Donating to EFF: https://eff.org/donate-le

Add SSL config to nginx:

    ssl_certificate /etc/letsencrypt/live/pydelion.com/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/keys/0000_key-certbot.pem;
    ssl_protocols TLSv1  TLSv1.1 TLSv1.2;
    ssl_ciphers 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!3DES:!MD5:!PSK';