ISP Mail Server Upgrade 2.x: Difference between revisions

From Alpine Linux
(remove Category:Server)
m (nowiki'd hypothetical URLs.)
Line 172: Line 172:
Run configuration and system checks:
Run configuration and system checks:


* https://host.example.com/roundcube/installer/index.php?_step=1
* <nowiki>https://host.example.com/roundcube/installer/index.php?_step=1</nowiki>
:'''NOTE:''' You may need to install php-dom, php-intl components and restart Lighttpd.
:'''NOTE:''' You may need to install php-dom, php-intl components and restart Lighttpd.


* https://host.example.com/roundcube/installer/index.php?_step=3
* <nowiki>https://host.example.com/roundcube/installer/index.php?_step=3</nowiki>


:Replace '''imap_root'' with ''imap_ns_personal'' in /etc/roundcube/main.inc.php
:Replace '''imap_root'' with ''imap_ns_personal'' in /etc/roundcube/main.inc.php

Revision as of 02:31, 25 August 2023

A Full Service Mail Server Upgrade to 2.x

It's assumed that currently your server is running under Alpine Linux 1.10.x. The goal of this document is to describe how to upgrade ISP Mail Server to run under Alpine Linux 2.x. An upgrade process involves several significant changes in application configuration and database data and schema handling. Applications that come with Alpine Linux 2.x have a lot of bug and security fixes as well as new functionality. Upgrading of some components will require changing configurations files, update database schema and export/import data.

NOTE: The ISP Mail Server can be run in RAM having directories for data such as Postfix mailboxes, PostgreSQL databases to be mounted on hard drive RAID/LVM partitions.

System preparations before upgrade

IMPORTANT NOTE: Please perform full system backup including system configuration and user data. Make sure sure that backup is valid.

We recommend you to stop all user services permanently until system fully upgraded and tested. While system tests are being perform block user access for all users.

NOTE: One of the ways to block user access is to use firewall rules.

Remove services from auto-start:

rc-update del lighttpd
rc-update del dovecot
rc-update del postfix
rc-update del freshclam
rc-update del clamd
rc-update del clamsmtpd
rc-update del slapd
rc-update del postgresql
rc-update del cron

Stop services except postfesql:

/etc/init.d/lighttpd stop
/etc/init.d/slapd stop
/etc/init.d/dovecot stop
/etc/init.d/postfix stop
/etc/init.d/clamsmtpd stop
/etc/init.d/freshclam stop
/etc/init.d/clamd stop
/etc/init.d/cron stop

Dump PostreSQL databases

Since version 9 has significant changes in compare to version 8 you must dump all PostgreSQL databases and later restore data after PostgreSQL is upgraded.

Create a directory where data will be dumped:

mkdir <Path to datadump directory>
chown postges <Path to datadump directory>

Login as postgres and dump data:

su - postgres
cd <Path to datadump directory>
pg_dumpall > postgresql.bak.8.4.2
exit

Stop PostgreSQL services:

/etc/init.d/postgresql stop

IMPORTANT NOTE: Please perform backup of dumped data and PostgeSQL data directory /var/lib/postgresql/8.4. Make sure sure that backup is valid.

Upgrading Alpine Linux

NOTE: We recommend to upgrade to Alpine Linux version not earlier than 2.2, since release 2.2 has a lot of important fixes for bugs and security issues.

Follow instructions described on page: http://wiki.alpinelinux.org/wiki/Upgrading_Alpine_-_v1.9.x.

NOTE: If your server is running in RAM make sure that you have /media/usbdisk in /etc/fstab and /etc/lbu/lbu.conf files.

After reboot you may check changes in new configuration files and proceed with adjustments as needed:

find /etc -iname "*apk-new"

Import data to PostgeSQL

Make sure that file /etc/conf.d/postgresql contains:

PGDATA="/var/lib/postgresql/9.0/data"

Check if you need any special setting in /var/lib/postgresql/9.0/data/pg_hba.conf and /var/lib/postgresql/9.0/data/postgresql.conf. In most cases these files could remain unchanged.

Start PostgeSQL (It will setup itself since by default AUTO_SETUP=yes)

/etc/init.d/postgresql start
rc-update add postgresql

Import previously dumped data:

su - postgres
cd <Path to datadump directory>
psql -f postgresql.bak.8.4.2 postgres
exit

Start other services

Other services do not require any changes of their current configurations, you may just start them:

/etc/init.d/clamd start
/etc/init.d/freshclam start
/etc/init.d/clamsmtp start
/etc/init.d/postfix start
/etc/init.d/lighttpd start
/etc/init.d/slapd start
/etc/init.d/cron start

Add these service to boot sequence:

rc-update add lighttpd
rc-update add freshclam
rc-update add clamd
rc-update add clamsmtpd
rc-update add postfix
rc-update add slapd
rc-update add cron

Update Dovecot configuration

Since Dovecot has many configuration settings changed since 1.x version, the best way is to parse old configuration with doveconf tool:

cd /etc/dovecot
doveconf -n > dovecot.conf-new
mv dovecot.conf dovecot.conf-old
mv dovecot.conf-new dovecot.conf
/etc/init.d/dovecot start

If you receive a warning such as "Warning: service anvil { client_limit=NNNN } is lower than required under max. load (MMMM)" the update anvil service configuration:

vi /etc/dovecot/dovecot.conf
service anvil {
 client_limit = <MMMM>
}
/etc/init.d/dovecot restart

Update Quota Configuration

If you setup Quota support you need to make the following modifications:

vi /etc/dovecot/dovecot.conf
service dict {
 unix_listener dict {
  group =
  mode = 0600
  user = vmail
  } 
 }

Change permission of dovecot-dict-quota.conf file:

chown dovecot /etc/docecot/dovecot-dict-quota.conf

Restart Dovecot:

/etc/init.d/dovecot restart

Update Roundcube Webmail configuration

Move Roundcube configuration files to /etc/roundcube:

mv /usr/share/webapps/roundcube/config/main.inc.php /etc/roundcube
mv /usr/share/webapps/roundcube/config/db.inc.php /etc/roundcube
mv /usr/share/webapps/roundcube/config/mimetypes.php /etc/roundcube

Enable installer mode in /etc/roundcube/main.inc.php file:

$rcmail_config['enable_installer'] = true;

Install roundcubemail-install package:

apk add roundcubemail-installer

Run configuration and system checks:

  • https://host.example.com/roundcube/installer/index.php?_step=1
NOTE: You may need to install php-dom, php-intl components and restart Lighttpd.
  • https://host.example.com/roundcube/installer/index.php?_step=3
Replace 'imap_root with imap_ns_personal in /etc/roundcube/main.inc.php
$rcmail_config['imap_ns_personal'] = null;
Run only commands that are superscribed with the previously installed version number from /usr/share/webapps/roundcube/SQL/postgres.update.sql:
cp /usr/share/webapps/roundcube/SQL/postgres.update.sql /usr/share/webapps/roundcube/SQL/postgres.update-3.1.sql
Edit /usr/share/webapps/roundcube/SQL/postgres.update-3.1.sql, remove not needed commands and run script:
su - postgres
psql -f /usr/share/webapps/roundcube/SQL/postgres.update-3.1.sql roundcubemail
exit
Change ownership of two new tables:
psql -U postgres roundcubemail
 roundcubemail=# ALTER TABLE contactgroups OWNER TO roundcube;
 roundcubemail=# ALTER TABLE contactgroupmembers OWNER TO roundcube;

Due to security reason disable installer mode in /etc/roundcube/main.inc.php file:

$rcmail_config['enable_installer'] = false;

Due to security reason remove roundcubemail-install package:

apk del roundcubemail-installer

Makes sure you have restored all customizations such watermark.gif, roundcube_logo.gif, favicon.ico or custom roundcube skin. If you would like to disable displaying of standard logos update template files accordingly.

Comment all entries like <div ... img src="/images/roundcube_logo.png"... in files:

includes/header.html
templates/error.html
templates/messageprint.html
templates/login.html
templates/printmessage.html

Comment all entries like <img src="/images/watermark.gif"... in files:

templates/identities.html
templates/messageerror.html
watermark.html

Restart Lighttpd:

/etc/init.d/lighttpd restart

Test Roundcube Webmail site including functionality of activated plug-ins.

Optionally enable compression in Lighttpd

Uncomment mod_compress and mod_setenv and modify website section as follows:

mkdir -p /var/lib/lighttpd/cache
chown lighttpd:lighttpd  /var/lib/lighttpd/cache
vi /etc/lighttpd/lighttpd.conf
...
"mod_setenv",
"mod_compress",
...
static-file.etags = "enable"
etag.use-mtime = "enable"
$HTTP["url"] =~ "^/(plugins|skins|program)" { setenv.add-response-header  = ( "Cache-Control" => "public, max-age=2592000") }
compress.cache-dir   = var.statedir + "/cache/compress"
compress.filetype = ("text/plain", "text/html", "text/javascript", "text/css", "text/xml", "image/gif", "image/png")