## Machine virtuelle MAIL Cette machine est destinée à accueillir le serveur d'envoi, réception et consultation de courriel de l'association. ### Matériel virtuel CPU : 2 RAM : 1000 Mio Stockage de masse : 50 Gio ### Logiciel Système d'exploitation : Debian GNU/Linux-libre 11 (Bullseye) Noyau : Linux-libre LTS (`linux-libre-lts` des dépôts https://linux-libre.fsfla.org) Sécurités de la maintenance : `etckeeper`, `mollyguard`, `git`, `tig`, `screen` Serveur IMAP (et authentification) : `courier` Mail Transfer Agent : `postfix` Webmail : `roundcube` (**upstream**) Serveur http : `nginx` ### Caractéristiques notables Domaine : mail.a-lec.org Adresse ipv4 publique : 80.67.179.96 Adresse ipv4 interne : 192.169.1.201 Adresse ipv6 publique : 2001:910:1360::148 #### Configuration réseau ##### /etc/network/interfaces
# The primary network interface allow-hotplug enp1s0 iface enp1s0 inet dhcp iface enp1s0 inet6 static address 2001:910:1360::148/128 gateway 2001:910:1360::
##### /etc/host.allow sshd: 192.169.1.0/24, [2001:910:1360::]/48 ##### /etc/host/deny sshd: ALL ### Configuration MTA *(à compléter)* ### Configuration serveur web (nginx)
server { set_real_ip_from 192.169.1.1; real_ip_header proxy_protocol; listen 443 ssl proxy_protocol; listen [::]:443 ssl; ssl_certificate /etc/letsencrypt/live/mail.a-lec.org/fullchain.pem; # managed by Certbot ssl_certificate_key /etc/letsencrypt/live/mail.a-lec.org/privkey.pem; # managed by Certbot include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot # Add index.php to the list if you are using PHP root /var/www/html/roundcube; server_name mail.a-lec.org; client_max_body_size 100M; # Add index.php to the list if you are using PHP index index.html index.htm index.php; location / { # First attempt to serve request as file, then # as directory, then fall back to displaying a 404. try_files $uri $uri/ /index.php?q=$uri&$args; } # pass PHP scripts to FastCGI server # location ~ \.php$ { include snippets/fastcgi-php.conf; # # With php-fpm (or other unix sockets): fastcgi_pass unix:/run/php/php7.4-fpm.sock; # # With php-cgi (or other tcp sockets): # fastcgi_pass 127.0.0.1:9000; fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; include fastcgi_params; } location ^~ /data { deny all; } }