1 Topic by netrin (edited by netrin 2014-08-08 07:10:43)

  • netrin
  • Member
  • Offline
  • Registered: 2014-08-07
  • Posts: 11

Topic: Add iRedMail to existing web server?

iRedMail version: 0.8.7
OS: Raspbian on Raspberry Pi
"Webserver URL": https://example.com
"My e-mail": me@example.com
(not my real webserver or e-mail, you get the idea)
======================================================

I'd like to add e-mail capabilities to my current server that hosts a website featuring ownCloud services via Apache2. The website is accessible by SSL on port 443, and my certificates are self-signed through my own CA.

Is it possible to provide e-mail on this same server that hosts my website? I imagine this would be possible... but I run into trouble when iRedMail starts overwriting my configuration, such as changing my website's SSLCertificateFile path to its own, making my website no longer accessible using my own SSL certificates. Etc.

Can anyone help point me in the right direction? I've searched all over and attempted installing iRedMail a few times, but I just can't get the configuration right so that the webserver and e-mail function can co-exist on the same machine. There seems to be something about the Apache2 configuration for iRedMail that conflicts with the current webserver, but I'm not sure what that is.

======================================================


/etc/apache2/sites-available/example-ssl.conf
My webserver's configuration file -- again "example" is just an example smile

<VirtualHost *:443>
# Main configuration statements       
    ServerName example.com
        DocumentRoot /var/www/
        CustomLog /var/log/owncloud/ssl-access_log combined
        ErrorLog /var/log/owncloud/ssl-error_log
        ServerSignature Off
        TraceEnable off

        Options -Indexes -Includes -MultiViews

# SSL configuration
        SSLEngine on
        SSLCertificateFile /etc/ssl/crt/exampleServer-cert.pem
        SSLCertificateKeyFile /etc/ssl/key/exampleServer-key.pem
        SSLCACertificateFile /etc/ssl/crt/exampleCAcert.pem
        SSLVerifyDepth 2
        SSLCompression Off

# Force all traffic to remain on HTTPS:
            Header set Strict-Transport-Security "max-age=16070400;

includeSubDomains"

# Directory permissions
    <Directory />
            Options None
            AllowOverride None
                Deny from All
    </Directory>

    <Directory /var/www/logs/>
            Order Deny,Allow
            Deny from all
            AllowOverride None
            Options None
    </Directory>

# GeoIP settings: block all countries except US and France
        <Directory /var/www/>
        <IfModule mod_geoip.c>
                Options FollowSymLinks
                Order Deny,Allow
                Deny from all
                GeoIPEnable On
                # RewriteCond %{ENV:GEOIP_COUNTRY_CODE} !^(US)$
                # RewriteRule ^(.*)$ http://www.google.com$1 [R,L]
                SetEnvIf GEOIP_COUNTRY_CODE US AllowCountry
                SetEnvIf GEOIP_COUNTRY_CODE FR AllowCountry
                Allow from env=AllowCountry
                AllowOverride None
        </IfModule>
        </Directory>

</VirtualHost>


Other information
* Server is "hardened" and set up to be as secure as a beginner-intermediate Linux dude can make it smile
* Fail2ban set up and working
* Mod_security is enabled
* Ports 443, 80, and 21 are forwarded on the router
* UFW firewall is keeping those ports open
* Dynamic DNS is set up
* Added a mail.example.com hostname on the DNS server website just in case it would be necessary, and added that for the MX server on the Dynamic DNS site (hopefully correctly, but I don't know if it makes a difference).
* Logwatch is installed
* Please ask if anything is missing

----

Spider Email Archiver: On-Premises, lightweight email archiving software developed by iRedMail team. Supports Amazon S3 compatible storage and custom branding.

2 Reply by ZhangHuangbin

  • ZhangHuangbin
  • ZhangHuangbin
  • iRedMail Developers
  • Online
  • Registered: 2009-05-06
  • Posts: 31,094

Re: Add iRedMail to existing web server?

iRedMail is designed to be deployed on a FRESH server system, which means your server does NOT have mail related components installed, e.g. MySQL, OpenLDAP, Postfix, Dovecot, Amavisd, etc (iRedMail will install and configure them for you automatically). Otherwise it may override your existing files/configurations althought it will backup files before modifing, and it may be not working as expected.

I don't think it's a good idea to install iRedMail on this existing web server.

3 Reply by netrin

  • netrin
  • Member
  • Offline
  • Registered: 2014-08-07
  • Posts: 11

Re: Add iRedMail to existing web server?

Thank you for the response. So do you think it would be possible to back up my existing config; do a fresh install with iRedMail before anything else; and then configure the webserver after iRedMail is fully installed?

Still not sure if it's possible to have a webserver and iRedMail's services running on the same machine... for example, how would the webserver use it's existing SSL certificates, and then the mail system could use the iRedMail SSL certificates separately? It's not clear to me how to configure that on Apache2.

4 Reply by ZhangHuangbin

  • ZhangHuangbin
  • ZhangHuangbin
  • iRedMail Developers
  • Online
  • Registered: 2009-05-06
  • Posts: 31,094

Re: Add iRedMail to existing web server?

netrin wrote:

Thank you for the response. So do you think it would be possible to back up my existing config; do a fresh install with iRedMail before anything else; and then configure the webserver after iRedMail is fully installed?

This is the best way if you want to run iRedMail.

netrin wrote:

Still not sure if it's possible to have a webserver and iRedMail's services running on the same machine... for example, how would the webserver use it's existing SSL certificates, and then the mail system could use the iRedMail SSL certificates separately? It's not clear to me how to configure that on Apache2.

*) iRedMail will install Apache as web server for you automatically.
*) If you have a paid SSL certificate, it's ok to use them after iRedMail installation. And you can enable SSL on most services like SMTP (Postfix), POP3/IMAP (Dovecot), HTTP (Apache).

The easiest way is, replace the SSL certificate generated by iRedMail with yours, set correct permission. then, done.

5 Reply by netrin (edited by netrin 2014-08-11 06:43:43)

  • netrin
  • Member
  • Offline
  • Registered: 2014-08-07
  • Posts: 11

Re: Add iRedMail to existing web server?

Are there any guides written about having iRedMail and a Webserver on the same machine, or is it really just that simple?

Also, is it necessary to configure another <VirtualHost> for iRedMail specifically, in addition to the settings for the ownCloud server, or does it all fall under the same <VirtualHost> in Apache2? Thanks again for your help!

6 Reply by ZhangHuangbin

  • ZhangHuangbin
  • ZhangHuangbin
  • iRedMail Developers
  • Online
  • Registered: 2009-05-06
  • Posts: 31,094

Re: Add iRedMail to existing web server?

netrin wrote:

Are there any guides written about having iRedMail and a Webserver on the same machine, or is it really just that simple?

Just that simple.

netrin wrote:

Also, is it necessary to configure another <VirtualHost> for iRedMail specifically, in addition to the settings for the ownCloud server, or does it all fall under the same <VirtualHost> in Apache2? Thanks again for your help!

It depends on your need. iRedMail will configure a default virtual web host in Apache, so if this default virtual host is ok for you, there's no need to configure another <VirtualHost>.