big header

Services access information

Owncloud

Account	Password	url	Note
owadmin	1:FyMrEgYMWxQMVQ9QUS0qClE6EDNi	oc.uvt.cz	zde pobezi nase provozni - stabilni (z naseho pohledu) verze owncloudu
owadmin	1:FyMrEgYMWxQMVQ9QUS0qClE6EDNi	test8-oc.uvt.cz	testovaci verze budou mit adresovani test-verze-oc.uvt.cz, tedy ted' je dostupny test8-oc.uvt.cz
ncadmin	1:FyMrEgYMWxQMVQ9QUS0qClE6EDNi	nc.uvt.cz	nextcloud pro testy

MySQL

Account	Password	Database	Description
root	1:JgVeAxo8H18BOVFfGSNfBg4yDwpo	-all-	-all-
rc_uzzdb1	1:JQVYGwcMXTNeWThcCABq	rc_bddb1	Roundcube main
oc_uzzdb1	1:q4vWlYmC073Q17bSho7k	oc_bddb1	Owncloud stable
oc_uzzdb2	1:3N/E/fem5PPh5tekp9OkpuDd9+OQ	oc_bddb2	Owncloud testing
spamassassin	1:Lx5wLREuJXVxESkuL3EcNyUKdDNG	sa_bayes	Spamassassin Bayes for all domains

Architecture overview (mail)

TODO

Services list with short description

Dovecot ; as MDA (local storage delivery, pop3 and imap) and auth provider for postfix
Dovecot-pigeonhole ; implements managesieve protocol for sorting and filtering mail during delivery
Postfix ; as MTA
Amavis ; as the interface between Postfix and mail content checkers - Spamassassin , Clamd , ESETs (only on some installations)
Spamassassin ; content filter - spam-checker, applies serveral types of checks to the mail headers and it's content to determine whether to mark mail as spam. Scores are overridden by amavis rules
Clamd ; content filter - antivirus, checks mail content for virus signatures
ESET ; content filter - antivirus, checks mail content for virus signatures
OpenDKIM ; implementation of DKIM (Domain Keys Identified Mail) sender authentication system - milter-based filter application that can plug in to any milter-aware MTA
fail2ban ; scans log files and bans IP addresses that makes too many password attempts by applying iptables rules

MySQL ; hosts databaes for roundcubemail and spamassasin bayes checker (with signatures held per-domain basis)

nginx ; webserver
php-fpm ; alternative php FastCGI inplementation

Roundcubemail ; webmail php application, run inside php-fpm pool and provided by nginx web server
owncloud ; file, calendar and contact synchronization and share php application, run inside php-fpm pool and provided by nginx web server

Rsyslog ; syslog daemon, configuration was slightly modified from default to log different services to different files

Scripts list with short description

TODO

Important file locations for services

Dovecot

/etc/dovecot - main configuration directory for the dovecot
dovecot.conf - main config file that sets up general server settings and paths for other config files to be loaded
dovecot-ldap.conf.ext - referenced from the conf.d/auth-ldap.conf.ext contains ldap connection configuration
conf.d - directory containing all relevant configuration files
sieve - referenced from conf.d/90-sieve.conf contains default global sieve scripts

Postfix

/etc/postfix - main configuration directory for the postfix, most notable config files are:
master.cf
main.cf

all other files are either placed by upstream package and not used, or referenced from the aforementioned main configs, mostly main.cf

Amavis

/etc/amavisd/amavisd.conf - main configuration file
/var/spool/amavisd/quarantine - refenced in the main config file ; directory containing quarantined files of their respective quarantine type for later inspection
/var/spool/amavisd/.spamassassin - directory containing bayes database for spamassassin ; should be deprecated with the usage of sql storage provider

Spamassassin

/etc/mail/spamassassin/local.cf - main configuration file

Clamav

/etc/clamd.conf - main config file
/etc/clam.d/amavisd.conf - additional config file for connecting with amavis

/etc/cron.daily/freshclam - cron script updating clamav databases

Eset

/etc/opt/eset/esets/esets.cfg - main config file ; it's contents are also modified by changing the server options in the web gui

Opendkim

/etc/opendkim.conf - main config file

fail2ban

/etc/fail2ban/fail2ban.conf - main config file
/etc/fail2ban/jail.local - main file for any changes on top of default behaviour, do not modify jail.conf, use this file instead

MySQL

/etc/my.cnf - main configuration file
/etc/my.cnf.d - directory for specific configuration files loaded via directive in my.cnf
/var/log/mysqld.log - main log file

Nginx

/etc/nginx:
conf.d - virtual hosts configurations
include.d - files for global includes within vhosts, like certificate paths or used cipher suites
upstream.d - list of upstreams for nginx, be it apache internal hosts, or cgi / fast-cgi providers which are then used in vhost configurations

/var/log/nginx - general nginx logs
/var/log/nginx/virtuals - subfolders for vhost specific logs

php-fpm

/etc/php-fpm.conf
/etc/php-fpm.d - contains fpm pools configuration files, pool can be used to process arbitrary number of services

/var/log/php-fpm/ - logs for specific cgi pools

web application sources

/var/www/virtuals - either subfolders for specific web-app, or symlink to it's location, had it been installed somewhere else by the rpm package

Rsyslog

/etc/rsyslog.conf

Important file locations for web applications

Roundcubemail (see web application sources)

/etc/roundcubemail/config.inc.php - main configuration file for roundcube
/var/log/roundcubemail - roundcube own log files are located in

Many roundcube plugins have their own additional config file, found as:
/usr/share/roundcubemail/plugins/plugin_name/confing.inc.php

Owncloud (see web application sources)

<owncloud_install_dir>/config/config.php - main owncloud configuration file
<owncloud_install_dir>/apps - directory for owncloud plugins, alias applications, which are then enabled/disabled via oc gui
<owncloud_install_dir>/data (or any other directory set within config file) - directory for user data, owncloud logs and caches

When using the ldap user and group backed, owncloud SUCKS , despite many "happy changes" in their changelog.
Setting it up might not be trivial, even if one does know what to do:
first, during setup, the cahce TTL parameter (found in the "advanced" tab, "connection settings pane" should be set to 1 second, to avoid lengthy frustration,
it is generally a good idea to change the UUID attribute (long description available within owncloud in the "expert" tab) to CN or UID, as it does also affect the URL to the users caldav and carddav, and you do not want the long-cryptic uuid of the user there.

it may be necessary to disable ldap backend connection encryption, owncloud does not have (as of this writing) an option to do it from gui, therefore direct change in the database is required:

use oc_bddb1;
UPDATE oc_appconfig SET configvalue=0 WHERE configkey="ldap_tls";

Important file locations in general

PKI (public key infrastructure)

/etc/pki - main directory that contains all relevant informaction on certs, keys and bundles
/etc/pki/tls - general directory for k/c/b storage, notable directories
certs - contains certificate files
private - contains private key files for aforementioned certificates
requests - optional directory, contains csr files that were generated by tools like openssl

/etc/pki/_application_name_ - directory specific to some application, be it nginx, dovecot etc. Notable directories are same.

General rule set by RH - certs and cert keys go into app directory, unless they are used by several applications at once. If the certfile is to be used by several applications, it is placed in the general directory (/etc/pki/tls), and the application directories contain symlimnks of the same name, pointing to these files.
Example:

[root@mail.hosting.cldn.cz ~]# ll /etc/pki/nginx/certs/
total 8
-rw-r--r-- 1 root root 4586 Jan 28 15:35 mail.brummer.cz.pem
lrwxrwxrwx 1 root root   43 Dec 14 18:54 mail.hosting.cldn.cz.pem -> /etc/pki/tls/certs/mail.hosting.cldn.cz.pem
lrwxrwxrwx 1 root root   45 Jan 13 11:55 wildcard.tady-a-ted.cz.pem -> /etc/pki/tls/certs/wildcard.tady-a-ted.cz.pem
lrwxrwxrwx 1 root root   42 Feb  3 11:14 wildcard.uvtmail.cz.pem -> /etc/pki/tls/certs/wildcard.uvtmail.cz.pem