Welcome to Richard's Blog

Category: Linux Server

  • Mailcow : renew Certification with nginx proxy manager

    Make a file called “scriptmailssl.sh” and open the nano file editor. Paste these codes and save it!

    
#!/bin/bash

# This script takes the certs generated by Nginx Proxy Manager
# and copies it to the mailcow docker container.
# Before use, make sure you update the path to your docker data and locate which cert belongs to mailcow

cp /home/applegater/docker/nginx/letsencrypt/live/npm-7/fullchain.pem /home/applegater/docker/mailu/mailcow-dockerized/data/assets/ssl/my.richardapplegate.io/cert.pem
cp /home/applegater/docker/nginx/letsencrypt/live/npm-7/privkey.pem /home/applegater/docker/mailu/mailcow-dockerized/data/assets/ssl/my.richardapplegate.io/key.pem
postfix_c=$(docker ps -qaf name=postfix-mailcow)
dovecot_c=$(docker ps -qaf name=dovecot-mailcow)
nginx_c=$(docker ps -qaf name=nginx-mailcow)
docker restart ${postfix_c} ${dovecot_c} ${nginx_c}
    chmod +x /home/applegater/docker/scriptmailssl.sh

    Add a cronjob every month.

    crontab -e 
    0 1 * */2 * bash /home/applegater/docker/scriptmailssl.sh >/dev/null 2>&1

    It’s going to do the job for you every month.

  • Nextcloud 28.03 : annoy error message: 4 errors in the logs since… on Portainer

    Delete Nextcoud.log to fix the error, but it will come back again and make sure you fix the error, so it won’t pop up again. This is similar to the engine light.

    Follow this command line

    After deleting the logs, Checks have now passed.

  • SSH – Make Sure Our Server Is Secure And Create A Key For SSH.

    If you are looking to remote your server from home, you can, but you cannot simply install OpenSSH with a password, which is very insecure. I strongly recommend using type Ed25519 ssh, which is the most secure and fast access to ssh. I recommend checking out this website. Follow the instructions on the red hat website to protect your Linux Server. These answers are the most accurate. Or here is my config for server ssh I made.

    But first, we must generate the ed25519 key for our SSH or SFTP access.

    1. Download Putty
    2. open program on Windows PC putty gen (Putty Key Generator)
    3. select EdDSA then select Ed25519 then generate
    4. Please generate some random by moving the mouse over the blank area on puTTygen (Putty Key Generator).
    5. After you generate, you can modify key comment and key passphrase
    6. Go over your server, type the command to modify authorized_keys – “nano ~/.ssh/authorized_keys” then add your Public Key from your puTTygen (Putty Key Generator) on your Windows pc copy these to Your Linux Server.
    7. Save authorized_keys, then restart ssh services.

    The server can still be accessed with a password, so we must proceed with the server Linux SSH configuration and generate the file richardprofile.conf or whatevername.conf. The SSH path is /etc/ssh/sshd_config/sshd_config.d/richardprofile.conf.

    Port 22
PermitEmptyPasswords no
PermitRootLogin no
PubkeyAuthentication yes
PasswordAuthentication no
PermitEmptyPasswords no
ClientAliveInterval 60
ClientAliveCountMax 3

    Save the configuration file and then restart ssh. Currently, you are 100% safe because we will set up fail ban to block certain IP addresses so that our network doesn’t get too busy.

    These are great, and I plan to make a banner in ssh soon.

Secret Link