-
Notifications
You must be signed in to change notification settings - Fork 1
/
Copy pathdeployment.logfile
83 lines (57 loc) · 3.12 KB
/
deployment.logfile
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
https://www.digitalocean.com/community/tutorials/how-to-install-linux-nginx-mysql-php-lemp-stack-ubuntu-18-04
Installed adminer with https://extremeshok.com/5385/ubuntu-debian-redhat-centos-nginx-adminer-lite-phpmyadmin-alternative/
chown -R www-data:adm /usr/local/nginx/adminer
TODO ----> remember to set up a crontab to update adminer
https://www.digitalocean.com/community/tutorials/how-to-secure-nginx-with-let-s-encrypt-on-ubuntu-18-04
sudo certbot --nginx -d onecorpsec.com -d www.onecorpsec.com -d a.onecorpsec.com
exposing adminer on the internet????
https://www.digitalocean.com/community/tutorials/how-to-set-up-password-authentication-with-nginx-on-ubuntu-14-04
/usr/local/nginx/adminer.htpasswd
https://www.digitalocean.com/community/tutorials/how-to-configure-a-mail-server-using-postfix-dovecot-mysql-and-spamassassin
sudo certbot certonly --nginx -d onecorpsec.com -d www.onecorpsec.com -d a.onecorpsec.com -d mail.onecorpsec.com --dry-run
https://linode.com/docs/email/postfix/configure-spf-and-dkim-in-postfix-on-debian-8/#configure-opendkim
added some extra parameters to use tls:
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
smtpd_tls_security_level = may
smtp_tls_security_level = may
smtp_tls_note_starttls_offer = yes
# smtpd_tls_CAfile = /etc/postfix/ssl/cacert.pem
smtpd_tls_loglevel = 1
smtpd_tls_received_header = yes
smtpd_tls_session_cache_timeout = 3600s
tls_random_source = dev:/dev/urandom
DKIM and SPF rotation complete
Updated /etc/crontab to run cron.monthly on 3rd day of month at 0334
sudo update-alternatives --install /usr/bin/python python /usr/bin/python3 1
sudo update-alternatives --install /usr/bin/pip pip /usr/bin/pip3 1
# https://unix.stackexchange.com/a/410851
sudo apt-get install libmysqlclient-dev
https://www.digitalocean.com/community/tutorials/how-to-create-a-new-user-and-grant-permissions-in-mysql
https://serverfault.com/questions/512219/dovecot-lmtp-does-not-exist
https://uwsgi-docs.readthedocs.io/en/latest/tutorials/Django_and_nginx.html
./bin/pip install mysql-connector-python django mysqlclient python-dateutil django-material python-magic uwsgi
https://simpleisbetterthancomplex.com/tutorial/2016/05/11/how-to-setup-ssl-certificate-on-nginx-for-django-application.html
edited the original onecorpsec.com
created onecorpsec_nginx.conf
run django on port 8123
install libssl-dev
rebuilt uwsgi = pip uninstall then install --no-cache-dir
eveyrthing is done through .ini files
install wsgi systemwide
https://uwsgi-docs.readthedocs.io/en/latest/Systemd.html
==================== CUSTOM MAIL SERVER ====================
For testing:
disabled SSL
mkdir lib at /srv/http/
created symlink to /lib/python3.7 (ln -s /lib/python3.7 python3.6)
set debug = True
generated key for test@test.com
https://stackoverflow.com/a/21759466/3211506
https://stackoverflow.com/a/19517177/3211506
bash GIT_COMMITTER_DATE="$(git show --format=%aD | head -1)" && git tag -a v0.1 -m"v0.1"
fish:
git reset "HEAD@{1}"
git checkout master
https://maslosoft.com/blog/2017/09/12/using-gpg-with-php-on-server/
https://access.redhat.com/solutions/2115511
homedir set at /home/www-data/.gnupg