Differences between revisions 5 and 21 (spanning 16 versions)
Revision 5 as of 2020-04-27 18:55:01
Size: 2060
Editor: BrianEMWD
Comment:
Revision 21 as of 2020-08-15 20:18:37
Size: 11640
Editor: BrianEMWD
Comment:
Deletions are marked like this. Additions are marked like this.
Line 3: Line 3:
This document is a how to install the Mailman 3 server on a Debian 10 server. The server environment will include Debian 10, NGINX, Let's Encrypt, Postfix, and PosgresDB. This document is a How-To on installing Mailman 3 on a Debian 10 server. The server environment will include Debian 10, NGINX, Let's Encrypt, Postfix, and PosgresDB.
Line 82: Line 82:
== Webserver: NGINX == == Webserver Installation: NGINX ==

1. Both Django, Postorius, and Hyperkitty requires a web server. So let's install NGINX.

{{{
apt install nginx
}}}

2. Now that Nginx is installed, we need to allow it through the UFW Firewall.

{{{
# ufw allow 'Nginx Full'
}}}

Let's verify the change.

{{{
# ufw status
}}}

{{{
Output
Status: active

To Action From
-- ------ ----
OpenSSH ALLOW Anywhere
Nginx HTTP ALLOW Anywhere
OpenSSH (v6) ALLOW Anywhere (v6)
Nginx HTTP (v6) ALLOW Anywhere (v6)
}}}

3. Let's make sure Nginx is running.

{{{
# systemctl status nginx
}}}

{{{
Output
● nginx.service - A high performance web server and a reverse proxy server
   Loaded: loaded (/lib/systemd/system/nginx.service; enabled; vendor preset: enabled)
   Active: active (running) since Wed 2019-07-03 12:52:54 UTC; 4min 23s ago
     Docs: man:nginx(8)
 Main PID: 3942 (nginx)
    Tasks: 3 (limit: 4719)
   Memory: 6.1M
   CGroup: /system.slice/nginx.service
           ├─3942 nginx: master process /usr/sbin/nginx -g daemon on; master_process on;
           ├─3943 nginx: worker process
           └─3944 nginx: worker process
}}}

If your output has Active: active (running) then you are good to go.

With Nginx confirmed to be running you should be able to access it via your server' IP address:

{{{
http://your_server_ipaddress
}}}

Learning how to manage the Nginx processes and setting up server blocks is beyond the scope of this How-To. However feel free to contact me if you would like for me to edit this document and add those instructions into this particular section.

== Securing Your Nginx Installation: Let's Encrypt ==

1. The first step in securing Nginx is to install Certbot. This means first installing the dependencies for Certbot.

{{{
# apt install python3-acme python3-certbot python3-mock python3-openssl python3-pkg-resources python3-pyparsing python3-zope.interface
}}}

Now we are ready to install Certbot:

{{{
# apt install python3-certbot-nginx
}}}

Normally you would need to allow SSL traffic through the AFW firewall but we have already done previously in this how-to so we can continue on.


2. The next step is to fetch a SSL certificate for your Mailman 3 list domain name. This how-to assumes you know how to add a server block to Nginx. I keep my server blocks in /etc/nginx/conf.d/. You will need to make sure you have a server block setup already for your domain name before proceeding.

To obtain a SSL certificate for your domain name run:

{{{
# certbot --nginx -d your_domain
}}}

Certbox will go through its motions. At the end it is going to ask you whether you want to redirect all HTTP traffic to HTTPS. Choose 2 if yes which is what I recommend doing.

That's it! We are now ready to install Postfix because after all, Mailman 3 needs to send out mail.

== Mail Server Installation: Postfix ==

1. Ok, we are now ready to install Postfix. The first thing we do here is install mailtuils:

{{{
# apt install mailutils
}}}

Now we install Postfix:

{{{
# apt install postfix
}}}

2. Now you will be presented with an interactive dialogue:

General type of mail configuration: Internet Site

System Mail Name: server hostname

3. Let's configure Postfix now. Open the main Postfix configuration file:

{{{
# nano /etc/postfix/main.cf
}}}

4. Make sure inet_interfaces is set to all:

{{{
inet_interfaces = all
}}}

5. Now let's set myhostname and mydestination:

{{{
myhostname = server_hostname
mydestination = $myhostname, localhost.$myhostname, localhost
}}}

Save and close the file.

6. Time to apply the changes:

{{{
# systemctl restart postfix
}}}

7. You can test your postfix installation by doing the following:

{{{
# echo "This is the body of the email" | mail -s "This is the subject line" your_email_address
}}}

8. The final step is to allow postfix through the firewall:

{{{
# ufw allow postfix
}}}

Now you have a working SMTP server and it's time to install and set up a database server for Mailman 3.

== Database Server Installation: Postgres ==

1. So, the first step is to install several packages, some of these are needed for later steps:

{{{
# apt install python3-pip python3-dev libpq-dev postgresql postgresql-contrib curl
}}}

2. Now that PostgreSQL is installed, let's create the Mailman database and user. First let's open up a Postgres session by typing the following:

{{{
# sudo -u postgres psql
}}}

Now let's create the Mailman database:

{{{
postgres=# CREATE DATABASE mailman;
}}}

Now let's create the Mailman user:

{{{
postgres=# CREATE USER mailman WITH PASSWORD 'secure-password';
}}}

The following is recommended for setting up a Django project which is what is needed for the installation of Postorius and Hyperkitty:

{{{
postgres=# ALTER ROLE mailman SET client_encoding TO 'utf8';
postgres=# ALTER ROLE mailman SET default_transaction_isolation TO 'read committed';
postgres=# ALTER ROLE mailman SET timezone TO 'UTC';
}}}

The timezone part can be customized to reflect your geographical setting.

The last step is to give access to the mailman user to administer the mailman database:

{{{
postgres=# GRANT ALL PRIVILEGES ON DATABASE mailman TO mailman;
}}}

To finish this section out, exit the PostgreSQL prompt:

{{{
postgres=# \q
}}}


== Setup of a Python Virtual Environment ==

Let's make sure we have Python 3 installed.

{{{
# apt install python3 python3-venv
}}}

Now we are going to be using a virtual environment to install Mailman 3. So let's install that too:

{{{
# apt install virtualenv python3-virtualenv
}}}


== Installation of Potentially Needed Applications ==

Now that we have a working web, email and database server it’s time to install a number of potentially needed applications. Install the following applications as root:

{{{
# apt install ruby-sass
# apt install memcached
# apt install fail2ban
# apt install gettext
}}}

== Setup Directories and Files for Mailman 3 ==

Ok, now we need to create some directories and files.

Directories:

{{{
# mkdir -p /opt/mailman/mm/bin/
# mkdir /opt/mailman/mm/var/
}}}

Files:

# touch /opt/mailman/mm/init.py (empty)

# touch /opt/mailman/mm/mailman.cfg [[https://wiki.list.org/DOC/Mailman%203%20installation%20experience?action=AttachFile&do=view&target=mailman.cfg|sample]]

# touch /opt/mailman/mm/mailman-hyperkitty.cfg [[https://wiki.list.org/DOC/Mailman%203%20installation%20experience?action=AttachFile&do=view&target=mailman-hyperkitty.cfg|sample]]

# touch /opt/mailman/mm/settings_local.py [[https://wiki.list.org/DOC/Mailman%203%20installation%20experience?action=AttachFile&do=view&target=settings_local.py|sample]]

# touch /opt/mailman/mm/settings.py (copy of the [[https://gitlab.com/mailman/mailman-suite/blob/master/mailman-suite_project/settings.py|mailman-suite settings.py]] file but with DEBUG = False)

# touch /opt/mailman/mm/urls.py [[https://wiki.list.org/DOC/Mailman%203%20installation%20experience?action=AttachFile&do=view&target=urls.py|sample]]

# touch /opt/mailman/mm/wsgi.py [[https://wiki.list.org/DOC/Mailman%203%20installation%20experience?action=AttachFile&do=view&target=wsgi.py|sample]]

# touch /opt/mailman/mm/gunicorn.conf [[https://wiki.list.org/DOC/Mailman%203%20installation%20experience?action=AttachFile&do=view&target=gunicorn.conf|sample]]

Now let's create a symlink for Mailman 3 logs:

{{{
# cd /opt/mailman/mm
# ln -s /opt/mailman/mm/var/logs logs
}}}

This symlink will be broken. Don't freak out! The /opt/mailman/mm/var/logs directory will be created when we install Mailman 3.

Now we need to create some executables for Mailman 3.

/opt/mailman/mm/bin/django-admin [[https://wiki.list.org/DOC/Mailman%203%20installation%20experience?action=AttachFile&do=view&target=django-admin.txt|sample]] '''''Script to run Django management commands.'''''

/opt/mailman/mm/bin/mailman [[https://wiki.list.org/DOC/Mailman%203%20installation%20experience?action=AttachFile&do=view&target=mailman.txt|sample]] '''''Script to run mailman commands.'''''

/opt/mailman/mm/bin/mailman-post-update [[https://wiki.list.org/DOC/Mailman%203%20installation%20experience?action=AttachFile&do=view&target=mailman-post-update.txt|sample]] '''''Script to update static web and run migrations following a software update.'''''

/opt/mailman/mm/bin/gunicorn [[https://wiki.list.org/DOC/Mailman%203%20installation%20experience?action=AttachFile&do=view&target=gunicorn.txt|sample]] '''''Script to start Gunicorn.'''''

Make sure /opt/mailman and everything below is owned by mailman.mailman.

{{{
# chown -R mailman.mailman /opt/mailman
}}}

Modify the mailman.cfg, mailman-hyperkitty.cfg, and settings_local.py files to match your particular server setup. Make sure you add the Postgresql password for the mailman db user in mailman.cfg as that is hard to miss.


== Create and Enter Virtual Environment ==

== Installation of Additional Applications via PIP ==

== Setup Startup Scripts ==

== Post Installation Tasks ==

== Start Mailman 3 Core, Django, and Gunicorn ==

== Create Django Superuser ==

== Setup Cron Jobs ==

== Setup Xapian for Indexing Archives ==

== How to keep Mailman 3 Updated ==

How to Install Mailman 3 on a Debian 10 Server.

This document is a How-To on installing Mailman 3 on a Debian 10 server. The server environment will include Debian 10, NGINX, Let's Encrypt, Postfix, and PosgresDB.

Prepare Server Environment

1. Create a VPS running Debian 10. I recommend something from Digital Ocean or Linode. The server should be a minimum of 1 CPU and 2 Gigabyte of Memory. 25-50 Gb of storage should be sufficient.

2. Log into the server as root.

$ ssh root@your_server_ip

3. Create a New User: mailman

# adduser mailman

You will be asked some questions about this new user when running the above command. Please make sure you use a strong password for mailman as it will be typically known that any server running Mailman 3 will have a mailman user setup on it.

4. Let's go ahead and grant the 'mailman' user SUDO privileges while logged in as root:

# usermod -aG sudo mailman

5. I recommend setting up a basic firewall to tighten up security on this Mailman 3 server. UFW is one that can be installed on a Debian 10 server:

# apt update
# apt install ufw

Once UFW is installed, you need to make sure you allow the various applications that Mailman 3 will be using through UFW. Some of these applications are the following: OpenSSH, Nginx Full, and Postfix.

So here is an example of what to do immediately after you install UFW:

# ufw app list

Output
Available applications:
 . . .
 OpenSSH
 . . .

This tells us what available applications we can configure UFW to allow. So let's add OpenSSH to UFW:

# ufw allow OpenSSH

Now we can enable UFW:

# ufw enable

You can see what is allowed through the UFW firewall by running the following command:

# ufw status

Output
Status: active

To             Action   From
--             ------   ----
OpenSSH          ALLOW    Anywhere
OpenSSH (v6)     ALLOW    Anywhere (v6)

Webserver Installation: NGINX

1. Both Django, Postorius, and Hyperkitty requires a web server. So let's install NGINX.

apt install nginx

2. Now that Nginx is installed, we need to allow it through the UFW Firewall.

# ufw allow 'Nginx Full'

Let's verify the change.

# ufw status

Output
Status: active

To                         Action      From
--                         ------      ----
OpenSSH                    ALLOW       Anywhere                  
Nginx HTTP                 ALLOW       Anywhere                  
OpenSSH (v6)               ALLOW       Anywhere (v6)             
Nginx HTTP (v6)            ALLOW       Anywhere (v6)

3. Let's make sure Nginx is running.

# systemctl status nginx

Output
● nginx.service - A high performance web server and a reverse proxy server
   Loaded: loaded (/lib/systemd/system/nginx.service; enabled; vendor preset: enabled)
   Active: active (running) since Wed 2019-07-03 12:52:54 UTC; 4min 23s ago
     Docs: man:nginx(8)
 Main PID: 3942 (nginx)
    Tasks: 3 (limit: 4719)
   Memory: 6.1M
   CGroup: /system.slice/nginx.service
           ├─3942 nginx: master process /usr/sbin/nginx -g daemon on; master_process on;
           ├─3943 nginx: worker process
           └─3944 nginx: worker process

If your output has Active: active (running) then you are good to go.

With Nginx confirmed to be running you should be able to access it via your server' IP address:

http://your_server_ipaddress

Learning how to manage the Nginx processes and setting up server blocks is beyond the scope of this How-To. However feel free to contact me if you would like for me to edit this document and add those instructions into this particular section.

Securing Your Nginx Installation: Let's Encrypt

1. The first step in securing Nginx is to install Certbot. This means first installing the dependencies for Certbot.

# apt install python3-acme python3-certbot python3-mock python3-openssl python3-pkg-resources python3-pyparsing python3-zope.interface

Now we are ready to install Certbot:

# apt install python3-certbot-nginx

Normally you would need to allow SSL traffic through the AFW firewall but we have already done previously in this how-to so we can continue on.

2. The next step is to fetch a SSL certificate for your Mailman 3 list domain name. This how-to assumes you know how to add a server block to Nginx. I keep my server blocks in /etc/nginx/conf.d/. You will need to make sure you have a server block setup already for your domain name before proceeding.

To obtain a SSL certificate for your domain name run:

# certbot --nginx -d your_domain

Certbox will go through its motions. At the end it is going to ask you whether you want to redirect all HTTP traffic to HTTPS. Choose 2 if yes which is what I recommend doing.

That's it! We are now ready to install Postfix because after all, Mailman 3 needs to send out mail.

Mail Server Installation: Postfix

1. Ok, we are now ready to install Postfix. The first thing we do here is install mailtuils:

# apt install mailutils

Now we install Postfix:

# apt install postfix

2. Now you will be presented with an interactive dialogue:

General type of mail configuration: Internet Site

System Mail Name: server hostname

3. Let's configure Postfix now. Open the main Postfix configuration file:

# nano /etc/postfix/main.cf

4. Make sure inet_interfaces is set to all:

inet_interfaces = all

5. Now let's set myhostname and mydestination:

myhostname = server_hostname
mydestination = $myhostname, localhost.$myhostname, localhost

Save and close the file.

6. Time to apply the changes:

# systemctl restart postfix

7. You can test your postfix installation by doing the following:

# echo "This is the body of the email" | mail -s "This is the subject line" your_email_address

8. The final step is to allow postfix through the firewall:

# ufw allow postfix

Now you have a working SMTP server and it's time to install and set up a database server for Mailman 3.

Database Server Installation: Postgres

1. So, the first step is to install several packages, some of these are needed for later steps:

# apt install python3-pip python3-dev libpq-dev postgresql postgresql-contrib curl

2. Now that PostgreSQL is installed, let's create the Mailman database and user. First let's open up a Postgres session by typing the following:

# sudo -u postgres psql

Now let's create the Mailman database:

postgres=# CREATE DATABASE mailman;

Now let's create the Mailman user:

postgres=# CREATE USER mailman WITH PASSWORD 'secure-password';

The following is recommended for setting up a Django project which is what is needed for the installation of Postorius and Hyperkitty:

postgres=# ALTER ROLE mailman SET client_encoding TO 'utf8';
postgres=# ALTER ROLE mailman SET default_transaction_isolation TO 'read committed';
postgres=# ALTER ROLE mailman SET timezone TO 'UTC';

The timezone part can be customized to reflect your geographical setting.

The last step is to give access to the mailman user to administer the mailman database:

postgres=# GRANT ALL PRIVILEGES ON DATABASE mailman TO mailman;

To finish this section out, exit the PostgreSQL prompt:

postgres=# \q

Setup of a Python Virtual Environment

Let's make sure we have Python 3 installed.

# apt install python3 python3-venv

Now we are going to be using a virtual environment to install Mailman 3. So let's install that too:

# apt install virtualenv python3-virtualenv

Installation of Potentially Needed Applications

Now that we have a working web, email and database server it’s time to install a number of potentially needed applications. Install the following applications as root:

# apt install ruby-sass
# apt install memcached
# apt install fail2ban
# apt install gettext

Setup Directories and Files for Mailman 3

Ok, now we need to create some directories and files.

Directories:

# mkdir -p /opt/mailman/mm/bin/ 
# mkdir /opt/mailman/mm/var/

Files:

# touch /opt/mailman/mm/init.py (empty)

# touch /opt/mailman/mm/mailman.cfg sample

# touch /opt/mailman/mm/mailman-hyperkitty.cfg sample

# touch /opt/mailman/mm/settings_local.py sample

# touch /opt/mailman/mm/settings.py (copy of the mailman-suite settings.py file but with DEBUG = False)

# touch /opt/mailman/mm/urls.py sample

# touch /opt/mailman/mm/wsgi.py sample

# touch /opt/mailman/mm/gunicorn.conf sample

Now let's create a symlink for Mailman 3 logs:

# cd /opt/mailman/mm
# ln -s /opt/mailman/mm/var/logs logs 

This symlink will be broken. Don't freak out! The /opt/mailman/mm/var/logs directory will be created when we install Mailman 3.

Now we need to create some executables for Mailman 3.

/opt/mailman/mm/bin/django-admin sample Script to run Django management commands.

/opt/mailman/mm/bin/mailman sample Script to run mailman commands.

/opt/mailman/mm/bin/mailman-post-update sample Script to update static web and run migrations following a software update.

/opt/mailman/mm/bin/gunicorn sample Script to start Gunicorn.

Make sure /opt/mailman and everything below is owned by mailman.mailman.

# chown -R mailman.mailman /opt/mailman

Modify the mailman.cfg, mailman-hyperkitty.cfg, and settings_local.py files to match your particular server setup. Make sure you add the Postgresql password for the mailman db user in mailman.cfg as that is hard to miss.

Create and Enter Virtual Environment

Installation of Additional Applications via PIP

Setup Startup Scripts

Post Installation Tasks

Start Mailman 3 Core, Django, and Gunicorn

Create Django Superuser

Setup Cron Jobs

Setup Xapian for Indexing Archives

How to keep Mailman 3 Updated

MailmanWiki: DOC/Howto_Install_Mailman3_On_Debian10 (last edited 2023-11-24 16:09:02 by msapiro)