Bind9 DDNS Ubuntu 22.04

以下設定在DDNS的Server

apt install bind9

建立一個 ddns 帳號

tsig-keygen -a hmac-sha512 ddns >> /tmp/ddns.key
cat /tmp/ddns.key

key "ddns" {
algorithm hmac-sha512;
secret "lTeWMnY036W3A/Sb775mbAG9QHNiaK+DoQbFyT7k7BDtt12eMIb9ldd0tticGZ2PoSyWnVvB2yR+7zVyBzge2w==";
};

將上面的key貼在下面的設定檔, named.yourddnsdomain.com必須已經預先設定好

vi /etc/bind/named.conf.default-zones
key "ddns" {
algorithm hmac-sha512;
secret "lTeWMnY036W3A/Sb775mbAG9QHNiaK+DoQbFyT7k7BDtt12eMIb9ldd0tticGZ2PoSyWnVvB2yR+7zVyBzge2w==";
};

zone “yourddnsdomain.com" IN {
type master;
file “/var/cache/bind/named.yourddnsdomain.com";
also-notify { xxx.xxx.xxx.xxx; };
update-policy { grant ddns name subdomain.yourddnsdomain.com. A; };
};

以下設定在DDNS的Client

apt install bind9

Copy剛才在Server產生的ddns.key到Client /root/ddns.key

vi /root/do-nsupdate
#!/bin/bash

updateServer=ns1.masterdns.com
updateDomain=subdomain.yourddnsdomain.com
encryptKeyPath="/root/ddns.key"
checkIPWeb="http://checkip.amazonaws.com/"

CURRENT_IP=$(nslookup $updateDomain $updateServer| grep Address | grep -v “#53")
CURRENT_IP=$(echo ${CURRENT_IP:9})

EXT_IP=$(curl $checkIPWeb)

if [ $CURRENT_IP != $EXT_IP ]; then
KEY=$encryptKeyPath

cat <<EOF | nsupdate -k “$KEY"
server $updateServer
update delete $updateDomain. A
update add $updateDomain. 3600 A $EXT_IP
send
EOF
fi
chmod 755 /root/do-nsupdate
vi /etc/crontab
*/5 * * * * root /root/do-nsupdate

GNS3 + Ubuntu

sudo add-apt-repository ppa:gns3/ppa
sudo apt update
sudo apt install gns3-gui gns3-server
sudo dpkg --add-architecture i386
sudo apt update
sudo apt install gns3-iou
wget http://www.ipvanquish.com/download/CiscoIOUKeygen3f.py
python3 CiscoIOUKeygen3f.py

https://docs.gns3.com/docs/getting-started/installation/linux/

How to generate Cisco IOURC licence key on GNS3 VM with Python 3

Nginx Reverse Proxy for multiple servers

Nginx Web server

192.168.0.214

WordPress

192.168.0.211

Zimbra web email

192.168.0.213

 

apt install nginx

vi /etc/nginx/conf.d/local_domains.conf
server {
listen 80;
server_name mail.yourdomain2.com;

location / {
set $target http://192.168.0.213:80;
proxy_pass $target;
}
}

server {
listen 80;
server_name yourdomain1.com www.yourdomain1.com;

location / {
set $target http://192.168.0.211:80;
proxy_pass $target;
}
}

server {
listen 443 ssl http2;
server_name yourdomain1.com www.yourdomain1.com;

ssl_certificate /etc/nginx/certs/yourdomain1.com.crt;
ssl_certificate_key /etc/nginx/certs/yourdomain1.com.key;

location / {
set $target https://192.168.0.211:443;
proxy_pass $target;

proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $http_x_forwarded_proto;
}
}

server {
listen 443 ssl http2;
server_name mail.yourdomain2.com;

ssl_certificate /etc/nginx/certs/Cert.txt;
ssl_certificate_key /etc/nginx/certs/Private.txt;

location / {
proxy_pass https://192.168.0.213:443;
proxy_next_upstream error timeout invalid_header http_500 http_502 http_503;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forward-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto https;
proxy_redirect off;
proxy_read_timeout 5m;
}
}

Zimbra using SocketLabs as external SMTP

由於家用ISP會Block 25 port而無發外寄郵件, 所以改用外部SMTP, 一個月2000封對於本人已經很足夠

https://cp.socketlabs.com/

 

一定要先Add sending domain, 沒有驗證的domain寄不出的

其實只需要Verify via Email已經可以運作, 但是如果有使用DKIM和SPF的話, 寄到其他大型Email server比較不會當作垃圾郵件

按SMTP Credentials取得SMTP資料

su - zimbra

# List current settings for backup
zmprov gs mail.youdomain.com zimbraMtaRelayHost
postconf smtp_sasl_password_maps
zmprov gs mail.youdomain.com zimbraMtaSmtpSaslPasswordMaps
postconf smtp_sasl_auth_enable
zmprov gs mail.youdomain.com zimbraMtaSmtpSaslAuthEnable
postconf smtp_cname_overrides_servername
zmprov gs mail.youdomain.com zimbraMtaSmtpCnameOverridesServername
postconf smtp_tls_security_level
zmprov gs mail.youdomain.com zimbraMtaSmtpTlsSecurityLevel

# Start modify settings
zmprov ms mail.youdomain.com zimbraMtaRelayHost smtp.socketlabs.com

echo smtp.socketlabs.com {username}:{password} > /opt/zimbra/conf/relay_password
postmap /opt/zimbra/conf/relay_password
postmap -q smtp.socketlabs.com /opt/zimbra/conf/relay_password

postconf -e smtp_sasl_password_maps=hash:/opt/zimbra/conf/relay_password
zmprov ms mail.youdomain.com zimbraMtaSmtpSaslPasswordMaps lmdb:/opt/zimbra/conf/relay_password

postconf -e smtp_sasl_auth_enable=yes
zmprov ms mail.youdomain.com zimbraMtaSmtpSaslAuthEnable yes

因為以下4句和預設一樣, 所以我沒有使用

#postconf -e smtp_cname_overrides_servername=no
#zmprov ms mail.youdomain.com zimbraMtaSmtpCnameOverridesServername no

#postconf -e smtp_tls_security_level=may
#zmprov ms mail.youdomain.com zimbraMtaSmtpTlsSecurityLevel may

最後還要設定port

zmcontrol restart

Ubuntu 18.04 Zimbra behind NAT

Can't receive self domain email behind NAT

status=deferred (delivery temporarily suspended: connect to mail.mydomain.com[202.xx.xx.xx]:7025: Connection timed out)

su - zimbra
zmdnscachectl stop
zmprov ms `zmhostname` -zimbraServiceEnabled dnscache
zmprov ms `zmhostname` -zimbraServiceInstalled dnscache

CTRL + D

apt install dnsmasq

vi /etc/dnsmasq.d/mydomain.com.conf
server=8.8.8.8
domain=mydomain.com
mx-host=mydomain.com,mail.mydomain.com,5
listen-address=127.0.0.1

systemctl start dnsmasq
systemctl enable dnsmasq

vi /etc/hosts
192.168.xx.xx mail.mydomain.com

dig -t MX @127.0.0.1 mydomain.com
mydomain.com. 0 IN MX 5 mail.mydomain.com.

;; ADDITIONAL SECTION:
mail.mydomain.com. 0 IN A 192.168.xx.xx

vi /etc/netplan/00-installer-config.yaml
nameservers:
addresses:
- 127.0.0.1

su - zimbra
zmcontrol restart

Ubuntu 20.04 LTS enable Routing & NAT

sysctl net.ipv4.ip_forward
sysctl -w net.ipv4.ip_forward=1

vi /lib/systemd/system/rc-local.service
[Install]
WantedBy=multi-user.target
Alias=rc-local.service

vi /etc/rc.local
#!/bin/sh -e
sysctl -w net.ipv4.ip_forward=1

chmod +x /etc/rc.local

systemctl enable rc-local
systemctl start rc-local

NAT
vi /etc/rc.local
iptables -t nat -A POSTROUTING -j MASQUERADE