Arch Server Progress
-
I was able to get the email server working appropriately this weekend. So now emails will be sent through to Gmail and such. I has to change the value of what was in my spf record, I added a dmarc and I already had a dkim entry in the DNS. I didn’t have to do anything to the dkim entry. I also had to point postfix to my SSL certificate of the server rather than the self signed one. Now I will be able to work on getting spam detection setup and virus scanning.
I was pretty happy when everything started working. I was able to do all of these changes without having to reboot the server. That is very nice so there was no down time. Of course using Debian or Ubuntu there is virtualmin that would have done all the configuration for me, but it was actually pretty fun getting things up and running and seeing all the interactions that are required on the backend. It is crazy everything that takes place that you don’t even realize when using the front end like virtualmin.
@Madchatthew said in Arch Server Progress:
Of course using Debian or Ubuntu there is virtualmin that would have done all the configuration for me, but it was actually pretty fun getting things up and running and seeing all the interactions that are required on the backend. It is crazy everything that takes place that you don’t even realize when using the front end like virtualmin.
Never a more true statement made. Virtualmin, whilst very convenient and “easy” (to a degree) often masks the real effort needed to get something working, and understanding what is “under the hood” is always better. When it breaks, you know where to look to fix.
-
@Madchatthew said in Arch Server Progress:
Of course using Debian or Ubuntu there is virtualmin that would have done all the configuration for me, but it was actually pretty fun getting things up and running and seeing all the interactions that are required on the backend. It is crazy everything that takes place that you don’t even realize when using the front end like virtualmin.
Never a more true statement made. Virtualmin, whilst very convenient and “easy” (to a degree) often masks the real effort needed to get something working, and understanding what is “under the hood” is always better. When it breaks, you know where to look to fix.
@phenomlab yes, and I never realized how in depth and how many processes it takes to manually do what Virtualmin does and I have a new found respect for everything that needs to happen for Virtualmin to make a virtual host and for everything to work.
-
@phenomlab yes, and I never realized how in depth and how many processes it takes to manually do what Virtualmin does and I have a new found respect for everything that needs to happen for Virtualmin to make a virtual host and for everything to work.
@Madchatthew it really is a great product - you cannot argue that.
-
@Madchatthew it really is a great product - you cannot argue that.
@phenomlab said in Arch Server Progress:
@Madchatthew it really is a great product - you cannot argue that.
100% agree!
-
So I have been battling the email server for a long time it feels like. I believe I have finally figured it out and what I needed to change to get it to work appropriately. I ended up having to change the server name and added mail.domain.com to it. I think I could have used anything, not just mail to get this to work. I could have used server1.domain.com or whatever word I wanted. This has to do with the reverse dns that you set in the settings for the server in the hosting companies dashboard. From my understanding, it seems to have something to do with how dmarc or dkim works. I can’t remember 100% off the top of my head right now. Then in the dns of the domain name, which is hosted on another site, i added mail.domain.com as an alias. All of those things point to the same IP, so I don’t think I would have had to add that with how things were set initially with domain.com.
I hope that makes sense. I then had to go into the server and change some of the configuration files for postfix, postfixadmin and change the domain.com entries to mail.domain.com and restart those services. Then I deleted the domains and mailboxes I created for postfix and recreated them. Then all of a sudden all of my test emails were delivered to the email addresses I created and to my gmail account. Now I just have to test the other email account I made and I should be good to go.
The awesome thing about changing the server name, is that I didn’t have to restart the server for it to take effect. You edit your
/etc/hostnamefile and type the name you want your server to be. Then you typehostnamectl set-hostname <new_hostname>and then in the console you can type inhostnamectland it will show the new hostname. -
So I have been battling the email server for a long time it feels like. I believe I have finally figured it out and what I needed to change to get it to work appropriately. I ended up having to change the server name and added mail.domain.com to it. I think I could have used anything, not just mail to get this to work. I could have used server1.domain.com or whatever word I wanted. This has to do with the reverse dns that you set in the settings for the server in the hosting companies dashboard. From my understanding, it seems to have something to do with how dmarc or dkim works. I can’t remember 100% off the top of my head right now. Then in the dns of the domain name, which is hosted on another site, i added mail.domain.com as an alias. All of those things point to the same IP, so I don’t think I would have had to add that with how things were set initially with domain.com.
I hope that makes sense. I then had to go into the server and change some of the configuration files for postfix, postfixadmin and change the domain.com entries to mail.domain.com and restart those services. Then I deleted the domains and mailboxes I created for postfix and recreated them. Then all of a sudden all of my test emails were delivered to the email addresses I created and to my gmail account. Now I just have to test the other email account I made and I should be good to go.
The awesome thing about changing the server name, is that I didn’t have to restart the server for it to take effect. You edit your
/etc/hostnamefile and type the name you want your server to be. Then you typehostnamectl set-hostname <new_hostname>and then in the console you can type inhostnamectland it will show the new hostname.@Madchatthew Impressive stuff. Postfix can be quite the beast to tame, but it sounds like you’ve managed really well here.
-
@Madchatthew Impressive stuff. Postfix can be quite the beast to tame, but it sounds like you’ve managed really well here.
@phenomlab Thank you! I appreciate that!! I have been struggling with it. Now I need to go through and do some research and tests to make sure that it is secure and that no one else can use it as a passthrough, or route through it to send their own emails. During the setup it touches on those things, but I am sure there is more things I should be doing.
-
So today is 201 days that my Arch Server has been up and running without a reboot. Updates average one to 1 1/2 weeks. One of the updates this week was Mariadb. That went without a hitch and the websites kept on a runnin. I am pretty happy with this setup and so far Arch has not let me down. I would probably be comfortable going two weeks between updates, but I don’t want to push it. I am sure there will be a time where I will miss a couple of weeks for whatever reason.
You will see that there are some resources being used there and that was during one of the Wordpress sites for my brother in law updating. Once Wordpress was done updating, they basically went back down to zero, well almost zero.
-
So today is 201 days that my Arch Server has been up and running without a reboot. Updates average one to 1 1/2 weeks. One of the updates this week was Mariadb. That went without a hitch and the websites kept on a runnin. I am pretty happy with this setup and so far Arch has not let me down. I would probably be comfortable going two weeks between updates, but I don’t want to push it. I am sure there will be a time where I will miss a couple of weeks for whatever reason.
You will see that there are some resources being used there and that was during one of the Wordpress sites for my brother in law updating. Once Wordpress was done updating, they basically went back down to zero, well almost zero.
@Madchatthew Pretty amazing. has it really been 201 days already? Only seems like yesterday you set this up. Where does the time go?
-
@Madchatthew Pretty amazing. has it really been 201 days already? Only seems like yesterday you set this up. Where does the time go?
@phenomlab I know right. It feels like it was just yesterday I set this up to me as well. I saw that and was like, wait, what? To be honest, this has so far been the most stable setup I have used. Even when using Debian, and Ubuntu before that, I would have to restart the server after some of their updates due to them requiring it. It is also nice to know that when new versions of Arch are released I don’t have to rebuild the server from scratch.
I remember every time a new release of Ubuntu or Debian came out, I would have to install and setup a new server to ensure that things would work appropriately. Every time I would attempt an upgrade, things wouldn’t work correctly or the server would be super slow. I am not knocking either of these operating systems, I like them as well. I am just excited that I won’t need to rebuild the Arch server, unless of course some something happens to the server, but then that is why I do a daily backup so hopefully can just restore and hold off on a update.
-
@phenomlab I know right. It feels like it was just yesterday I set this up to me as well. I saw that and was like, wait, what? To be honest, this has so far been the most stable setup I have used. Even when using Debian, and Ubuntu before that, I would have to restart the server after some of their updates due to them requiring it. It is also nice to know that when new versions of Arch are released I don’t have to rebuild the server from scratch.
I remember every time a new release of Ubuntu or Debian came out, I would have to install and setup a new server to ensure that things would work appropriately. Every time I would attempt an upgrade, things wouldn’t work correctly or the server would be super slow. I am not knocking either of these operating systems, I like them as well. I am just excited that I won’t need to rebuild the Arch server, unless of course some something happens to the server, but then that is why I do a daily backup so hopefully can just restore and hold off on a update.
@Madchatthew You have a good point about the server needing to be rebooted - specifically after a kernel update, and this is something I’ve noticed on increasing occasions with Ubuntu.
Author of OGProxy, Swatch, Threaded, Card, and most of Sudonix's bugs…
-
One of the things I like about tech/IT/OSs is that there is always something new to learn and that most likely someone else already knows what you need to learn. So I am going to try and make this not confusing and lay this out in steps. I found that Arch Linux does need to be rebooted every once in awhile. There is debate on the interwebs that it should be rebooted as soon as a new kernel version is installed vs it can wait for when you have time or when the server can be down with less impact vs restarting it once a year or so. My Arch Web Server hasn’t been rebooted for over 250 days. So when I was working on making sure I would be able to use my current Virtualbox Installs in Arch Linux Desktop (KDE Plasma) I found how to check what version is installed vs what version is currently running.
Type in console -
Kernel Version Running:uname -roruname -afor more details
Current Kernel Version Installed:pacman -Qi linuxIf those two versions are different, then you aren’t running the latest version and would need to reboot to run the latest version that is installed. It is argued that security is important, which yes I believe it is, however with how secure Linux is to begin with maybe restarting immediately isn’t necessary unless there is something very major happening.
I would be interested in what everyone’s thoughts are (especially @phenomlab) in regard to this. Restart ASAP, when convenient or once a year or so?
What led me to find this out, was getting qemu and Virtual Machine Manager to work in Linux for converting and importing the VirtualBox image. It was successful.
Those steps:
- Appliance Export on the virtual machine you want to move over
- Copy new image to Linux machine - I used scp in a windows terminal to copy the file to the Linux machine
- Go into Linux system and using the command console extract the file
- Console to convert file to once qemu can read
- Use the Virtual Machine Manager to import the converted image and run virtual machine
After following these steps, it was successful. I had a virtual machine running in a virtual machine running on windows 10. It was fun to figure that out.
-
One of the things I like about tech/IT/OSs is that there is always something new to learn and that most likely someone else already knows what you need to learn. So I am going to try and make this not confusing and lay this out in steps. I found that Arch Linux does need to be rebooted every once in awhile. There is debate on the interwebs that it should be rebooted as soon as a new kernel version is installed vs it can wait for when you have time or when the server can be down with less impact vs restarting it once a year or so. My Arch Web Server hasn’t been rebooted for over 250 days. So when I was working on making sure I would be able to use my current Virtualbox Installs in Arch Linux Desktop (KDE Plasma) I found how to check what version is installed vs what version is currently running.
Type in console -
Kernel Version Running:uname -roruname -afor more details
Current Kernel Version Installed:pacman -Qi linuxIf those two versions are different, then you aren’t running the latest version and would need to reboot to run the latest version that is installed. It is argued that security is important, which yes I believe it is, however with how secure Linux is to begin with maybe restarting immediately isn’t necessary unless there is something very major happening.
I would be interested in what everyone’s thoughts are (especially @phenomlab) in regard to this. Restart ASAP, when convenient or once a year or so?
What led me to find this out, was getting qemu and Virtual Machine Manager to work in Linux for converting and importing the VirtualBox image. It was successful.
Those steps:
- Appliance Export on the virtual machine you want to move over
- Copy new image to Linux machine - I used scp in a windows terminal to copy the file to the Linux machine
- Go into Linux system and using the command console extract the file
- Console to convert file to once qemu can read
- Use the Virtual Machine Manager to import the converted image and run virtual machine
After following these steps, it was successful. I had a virtual machine running in a virtual machine running on windows 10. It was fun to figure that out.
@Madchatthew The general rule of thumb with Linux is that every kernel update attracts a reboot. The reason for this is that these updates cannot be affected with the kernel in use, so a reboot is the only way to ensure you have the best protection.
You cannot upgrade the Linux kernel without rebooting. At least not in a way you would think.
There are technologies like systemtap, dtrace, kpatch or kgraft which allow for small modifications of kernel code. These are meant as short “workarounds” to prevent security threats, and to typically to give you more time until you plan a maintenance window for reboot.
You will have to reboot at some point and should design your infrastructure for that (in the commercial sense).
-
@Madchatthew The general rule of thumb with Linux is that every kernel update attracts a reboot. The reason for this is that these updates cannot be affected with the kernel in use, so a reboot is the only way to ensure you have the best protection.
You cannot upgrade the Linux kernel without rebooting. At least not in a way you would think.
There are technologies like systemtap, dtrace, kpatch or kgraft which allow for small modifications of kernel code. These are meant as short “workarounds” to prevent security threats, and to typically to give you more time until you plan a maintenance window for reboot.
You will have to reboot at some point and should design your infrastructure for that (in the commercial sense).
@phenomlab this makes a lot of sense. I don’t mind rebooting the server then. I am just glad that I won’t have to reinstall the operating system at some point like I do with Debian and the others. I don’t think you have to reinstall the operating system with Fedora either. It would be interesting to run a web server off of Fedora.
I will have to start implementing reboots into my upgrading schedule to make sure the latest security patches are in place. I am still happy with Arch though. I am having a great experience so far with it and I hope that it stays that way.
Hello! It looks like you're interested in this conversation, but you don't have an account yet.
Getting fed up of having to scroll through the same posts each visit? When you register for an account, you'll always come back to exactly where you were before, and choose to be notified of new replies (ether email, or push notification). You'll also be able to save bookmarks, use reactions, and upvote to show your appreciation to other community members.
With your input, this post could be even better 💗
RegisterLog in
Related Topics
-
-
-
-
-
-
-
nginx can't start again
Moved Solved Configure 22 Jan 2022, 14:23 -
