Posts From Category: server

Install Haraka SMTP Server On Ubuntu 20.04

sudo -i

Install NVM (Node Version Manager)

curl -o- | bash

export NVM_DIR="$([ -z "${XDG_CONFIG_HOME-}" ] && printf %s "${HOME}/.nvm" || printf %s "${XDG_CONFIG_HOME}/nvm")"

[ -s "$NVM_DIR/" ] && \. "$NVM_DIR/"

Install Node (LTS)

nvm install --lts

Install Haraka

apt install build-essential

npm -g config set user root

npm install -g Haraka

cd /var/mail && haraka -i .

vim /var/mail/config/smtp.ini

; Server public IP

; Daemonize

; Spooling
; Save memory by spooling large messages to disk

haraka -c /var/mail

Allows incoming SMTP request on port 25 for server IP address x.x.x.x

iptables -A INPUT -p tcp -s 0/0 --sport 1024:65535 -d x.x.x.x --dport 25 -m state --state NEW,ESTABLISHED -j ACCEPT

iptables -A OUTPUT -p tcp -s x.x.x.x --sport 25 -d 0/0 --dport 1024:65535 -m state --state ESTABLISHED -j ACCEPT

Allow outgoing SMTP requst for server IP address x.x.x.

iptables -A OUTPUT -p tcp -s x.x.x.x --sport 1024:65535 -d 0/0 --dport 25 -m state --state NEW,ESTABLISHED -j ACCEPT

iptables -A INPUT -p tcp -s 0/0 --sport 25 -d x.x.x.x --dport 1024:65535 -m state --state ESTABLISHED -j ACCEPT

Read More

Install Nginx and Let's Encrypt on Ubuntu 20.04


  • You have domain name pointing to your server public IP.

Installation process

  • sudo apt update

  • sudo apt install nginx

  • sudo systemctl enable nginx

  • sudo apt install certbot

  • sudo openssl dhparam -out /etc/ssl/certs/dhparam.pem 2048

  • sudo mkdir -p /var/lib/letsencrypt/.well-known

  • sudo chgrp www-data /var/lib/letsencrypt

  • sudo chmod g+s /var/lib/letsencrypt

  • sudo vim /etc/nginx/snippets/letsencrypt.conf

location ^~ /.well-known/acme-challenge/ {
  allow all;
  root /var/lib/letsencrypt/;
  default_type "text/plain";
  try_files $uri =404;
  • sudo vim /etc/nginx/snippets/ssl.conf
ssl_dhparam /etc/ssl/certs/dhparam.pem;

ssl_session_timeout 1d;
ssl_session_cache shared:SSL:50m;
ssl_session_tickets off;

ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;

ssl_stapling on;
ssl_stapling_verify on;
resolver valid=300s;
resolver_timeout 30s;

add_header Strict-Transport-Security "max-age=15768000; includeSubdomains; preload";
add_header X-Frame-Options SAMEORIGIN;
add_header X-Content-Type-Options nosniff;
  • sudo vim /etc/nginx/sites-available/
server {
  listen 80;
  listen [::]:80;
  root /var/www/html
  include snippets/letsencrypt.conf;
  • sudo ln -s /etc/nginx/sites-available/ /etc/nginx/sites-enabled/

  • sudo systemctl restart nginx

  • sudo certbot certonly --agree-tos --email [email protected] --webroot -w /var/lib/letsencrypt/ -d

  • sudo vim /etc/nginx/sites-available/

server {
    listen 80;
    listen [::]:80;
    root /var/www/html
    include snippets/letsencrypt.conf;
    return 301$request_uri; # redirect http to https

server {
    listen 443 ssl http2;

    ssl_certificate /etc/letsencrypt/live/;
    ssl_certificate_key /etc/letsencrypt/live/;
    ssl_trusted_certificate /etc/letsencrypt/live/;
    include snippets/ssl.conf;
    include snippets/letsencrypt.conf;

  • sudo vim /etc/cron.d/certbot
    0 */12 * * * root test -x /usr/bin/certbot -a \! -d /run/systemd/system && perl -e 'sleep int(rand(3600))' && certbot -q renew --renew-hook "systemctl reload nginx"
  • sudo certbot renew --dry-run

Read More