make new local branch:
git checkout -b [name]
make changes, then add all:
git add .
git commit -m "comment"
push changes and create new branch:
TO GET THE LATEST VERSION
git checkout master git pull git checkout [USER] git rebase master
Step 1. Fetch and check out the branch for this merge request
git fetch origin git checkout -b [USER] origin/[USER]
Step 2. Review the changes locally
Step 3. Merge the branch and fix any conflicts that come up
git fetch origin git checkout origin/master git merge --no-ff [USER]
Step 4. Push the result of the merge to GitLab
git push origin master
(In this case [USER] is foxsan. And you are not him.)
Virtualmin is a rock solid control panel for your VPS, it’s simple as that. It’s sometimes not so simple to set it up correctly due to its many options.
I’ve tried my best to make a decent manual that explains how to set up a domain and email in a quick and dirty way. I’m not talking about security and stuff yet. It’s just about setting things up.
I am also assuming your freshly (re)built VPS has a root password set and that you are now ssh-ing into it. If not, do it now.
- First thing you need to do is find the name of your network interface
It’s probably venet0 (that’s venetzero)
apt-get install wget nano curl ca-certificates -y
sudo /bin/sh install.sh
- READ THE TEXT BEFORE PRESSING Y
- Press Y and enter to continue. It will now do the thing. Patience, young one. Phase 1, 2 and 3 should all install without a hitch. [ OK! ]
- While you are waiting, go set up the DNS at your registrar.
@ 1000 MX 10 mail.domainname.tld * 1000 A 0 VPS_IP_ADDRESS @ 1000 A 0 VPS_IP_ADDRESS ftp 1000 A 0 VPS_IP_ADDRESS localhost 1000 A 0 127.0.0.1 mail 1000 A 0 VPS_IP_ADDRESS pop 1000 A 0 VPS_IP_ADDRESS www 1000 A 0 VPS_IP_ADDRESS
Don’t worry about the SPF, domainkey, the acme-challenge and the dmarc yet.
- If you get “Device “link” does not exist.”, type in the name of the network interface you found at step 1
All should be ready now and you should see a few success messages. If not, go fix.
Time for a little maintenance.
apt-get upgrade -y
apt-get dist-upgrade -y
- RESTART THE VPS
To the control panel mobile!
- Log in with your root password
- You will now have to go through the post-installation wizard, press Next
- Set everything up to according to your wishes. For me, that’s:
Preload Virtualmin libraries? yes
Run email domain lookup server? yes
Run ClamAV server scanner? yes
Run SpamAssassin server filter? yes
Run MariaDB/MySQL database server? yes
Run PostgreSQL database server? no
Set a MySQL password. Make it strong!
MariaDB/MySQL configuration size:
Primary nameserver : YOUR_HOSTNAME and tick the checkbox “Skip check for resolvability”
Password storage mode: Only store hashed passwords
Virtualmin post-installation configuration is now complete!
Are we done yet? D: No.
- Click “Re-check and refresh configuration”If you get
Virtualmin is configured to setup DNS zones, but this system is not setup to use itself as a DNS server. Either add 127.0.0.1 to the list of DNS servers, or turn off the BIND feature on the module config page.
Click list of DNS servers and add 127.0.0.1 in the DNS Servers field and press Save. Next, click Apply Configuration. Then, click the Virtualmin on top, click System Settings and then Re-check Configuration.
- No errors? Click Return To Virtual Servers List
Your Virtualmin installation is now ready to had domain names etc added.
Set up your first virtual server
- Click Add New Virtual Server, Owned By: <new user>
- Enter the following data:
Domain name: YOUR_DOMAINNAME.TLD
Description: Optional, but make a short desc.
Administration Password: STRONG_PASSWORD!Under Enabled Features tick the options you would like to have. I basically tick everything except for “Setup IP-based virtual FTP” since I don’t need it.
- Click Create Server
- If all went well, click Return To Virtual Server Details where you can check things again
Time to install a SSL certificate for your domain
- Is your domain available already under simple http://? If you have moved your domain and changed your DNS, ping your domain as well to see if everything is set correctly and has been propagated completely. Your frontpage of your domain should say “Apache2 Debian Default Page”
- Time to make some DNS additions! Click Server Configuration and then click DNS Records.
- Move the following data over to your DNS settings at your registrar:
SPF, _acme-challenge.mail and _acme-challengeSo, here’s an example:For SPF:
DOMAINNAME 1000 TXT 0 v=spf1 a mx a:DOMAINNAME.TLD ip4:IPADDRESS1 ip4:IPADDRESS2 ?all
For the acme challenges:
_acme-challenge.mail 1000 TXT 0 RANDOMSTRING_OFCHARACTERS _acme-challenge 1000 TXT 0 RANDOMSTRING_OFCHARACTERS
- When everything is set up, go to the Virtualmin tab, click Server Configuration and then click SSL Certificate
- Click Let’s Encrypt
- Did you set up your DNS according to the pre-filled list you see in the field named “Domains associated with this server”? Then you’re good to go and click Request Certificate. If not, manually enter the domain and subdomains.At this point, the request either succeeds or fails. In the latter case, click SSL Certificate again, then Let’s Encrypt and correct the wrong entry.TIP: If you have errors and try to get a certificate too many times, you get an error about that as well. If you get the following message, go play outside for a little bit or proceed with setting up email as described in the next part.
Error requesting challenges: Error creating new authz :: too many failed authorizations recently: see https://letsencrypt.org/docs/rate-limits/
Setting up e-mail
- Click the Virtualmin tab, then Edit Users
- Click + Add a user to this server
- Enter a mailbox name, like “info”
- Enter a password
- Click the Create button
Now this has been set up, you can poke your DNS settings again! Woo!
- Click the Virtualmin tab, then Email Settings, then DomainKeys Identified Mail
- Click Install Now and wait
- At the bottom of the page, it should read
installation completed successfully
- Click Return To DKIM Form
- Set the DKIM up as follows:Signing of outgoing mail enabled? yes
Selector for DKIM record name: 2018
Reject incoming email with invalid DKIM signature? yes
Size of new DKIM key: 2048Press Save when done
- All should be well, so click Return To DKIM Form
- Click Return To Virtual Servers List
- Click the Virtualmin tab, then Server Configuration, then DNS Options
- Set this form up as follows:SPF record enabled? yes
Allowed sender hostnames: DOMAINNAME.TLD
DMARC record enabled? yesPress Save when done
- Click the Virtualmin tab, then Server Configuration, then DNS Records
- Copy the _dmarc entry over to your DNS settings at your registrar
- Click the Virtualmin tab, then Email Settings, then DomainKeys Identified Mail
- Set “Signing of outgoing mail enabled?” to yes
- Click the Save button
- Click Return to DKIM form
- Copy part of the content of the field “DNS records for additional domains” over to your DNSExample:
2018._domainkey IN TXT ( “v=DKIM1; k=rsa; t=s; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAq8/I4PwduFS/q”
“5L+Bec7hQIDAQAB” )This will end in a train wreck, so remove the first part, namely:2018._domainkey IN TXT ( …. )
Now, clean up the rest in Notepad++:
“v=DKIM1; k=rsa; t=s; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAq8/I4PwduFS/q” “U4y6pDFNFYf868Z2p+BNw+QRMphZ6YnVt1MWeVtNIXnYvhUtf6jhAX2BZ5gl8R2ILyL9NCkFe8W5cAVR” “/cZkZl6OIc7fdTiLePYNCS3HcVcTiE0Szb3zwDRAZE2XyAqFvNQJuVe/H5tJxlOAu1vhqv3FuZM1viv9” “VfiPQ77oQ9eOmQMZH59+QL/Vw4fnUnui4QhqRaH+iLb1bQdcJqIu1y3M+bgSCmrSu7v40V1G+wmUY13J” “fg41SIvYbuEe+CGjwMjVW0KFC15x3m5ChwM3q68b5gBv0L+JeMG27+DDQ5CSUIZSAJU0XifyeAfTIfRe” “5L+Bec7hQIDAQAB”
- Really, clean up the text before entering it into your DNS.
VALIDATE and install FAIL2BAN
(sorry, i can’t remember how to proceed this installation since the last edit was two years ago.)
apt-install git libjson-webtoken-perl libauthen-ntlm-perl libcgi-pm-perl libcrypt-openssl-rsa-perl libdata-uniqid-perl libfile-copy-recursive-perl libio-socket-inet6-perl libio-socket-ssl-perl libio-tee-perl libhtml-parser-perl libjson-webtoken-perl libmail-imapclient-perl libparse-recdescent-perl libmodule-scandeps-perl libreadonly-perl libregexp-common-perl libsys-meminfo-perl libterm-readkey-perl libtest-mockobject-perl libtest-pod-perl libunicode-string-perl liburi-perl libwww-perl libtest-nowarnings-perl libtest-deep-perl libtest-warn-perl make cpanminus
git clone https://github.com/imapsync/imapsync.git
chmod +x imapsync
- Test it by typing
- You may need to install some extras by entering
cp imapsync /usr/bin/
Item 10 is to make sure you can use this command anywhere on the server. Have fun!
Backports are recompiled packages from testing (mostly) and unstable (in a few cases only, e.g. security updates) in a stable environment so that they will run without new libraries (whenever it is possible) on a Debian stable distribution
Backports cannot be tested as extensively as Debian stable, and backports are provided on an as-is basis, with risk of incompatibilities with other components in Debian stable. Use with care!
It is therefore recommended to select single backported packages that fit your needs, and not use all available backports.
- Add the following line and then save it:
deb http://deb.debian.org/debian buster-backports main
apt-get -t buster-backports install "package"
sudo usermod -aG sudo <username>
git clone https://github.com/twolfson/sexy-bash-prompt.git
cd sexy-bash-prompt && make install && source ~/.bashrc
enter root password
curl -sL https://deb.nodesource.com/setup_12.x | bash -
apt-get install -y nodejs
Add user: adduser [username]
Change password: passwd [username]
For Debian 9 (and MacOS)
- Check for old keys
- Backup old keys
cp id_* keys_backup
- Generate a new key
ssh-keygen -t rsa -C "email@example.com"
- don’t use a passphrase
- Go to the key directory
- Download the public key
- Open the key in Notepad++ (or similar)
- Log in at github.com
- Click on the right side on your profile picture
- Click on Settings
- Click on SSH and GPG Keys
- Click on New SSH Key
- Create a new name for the key
- Paste the contents of the public key into the Key field
- Click on Add SSH Key