Nginx Reverse Proxy for multiple servers

Nginx Web server

192.168.0.214

WordPress

192.168.0.211

Zimbra web email

192.168.0.213

 

apt install nginx

vi /etc/nginx/conf.d/local_domains.conf
server {
listen 80;
server_name mail.yourdomain2.com;

location / {
set $target http://192.168.0.213:80;
proxy_pass $target;
}
}

server {
listen 80;
server_name yourdomain1.com www.yourdomain1.com;

location / {
set $target http://192.168.0.211:80;
proxy_pass $target;
}
}

server {
listen 443 ssl http2;
server_name yourdomain1.com www.yourdomain1.com;

ssl_certificate /etc/nginx/certs/yourdomain1.com.crt;
ssl_certificate_key /etc/nginx/certs/yourdomain1.com.key;

location / {
set $target https://192.168.0.211:443;
proxy_pass $target;

proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $http_x_forwarded_proto;
}
}

server {
listen 443 ssl http2;
server_name mail.yourdomain2.com;

ssl_certificate /etc/nginx/certs/Cert.txt;
ssl_certificate_key /etc/nginx/certs/Private.txt;

location / {
proxy_pass https://192.168.0.213:443;
proxy_next_upstream error timeout invalid_header http_500 http_502 http_503;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forward-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto https;
proxy_redirect off;
proxy_read_timeout 5m;
}
}

Zimbra using SocketLabs as external SMTP

由於家用ISP會Block 25 port而無發外寄郵件, 所以改用外部SMTP, 一個月2000封對於本人已經很足夠

https://cp.socketlabs.com/

 

一定要先Add sending domain, 沒有驗證的domain寄不出的

其實只需要Verify via Email已經可以運作, 但是如果有使用DKIM和SPF的話, 寄到其他大型Email server比較不會當作垃圾郵件

按SMTP Credentials取得SMTP資料

su - zimbra

# List current settings for backup
zmprov gs mail.youdomain.com zimbraMtaRelayHost
postconf smtp_sasl_password_maps
zmprov gs mail.youdomain.com zimbraMtaSmtpSaslPasswordMaps
postconf smtp_sasl_auth_enable
zmprov gs mail.youdomain.com zimbraMtaSmtpSaslAuthEnable
postconf smtp_cname_overrides_servername
zmprov gs mail.youdomain.com zimbraMtaSmtpCnameOverridesServername
postconf smtp_tls_security_level
zmprov gs mail.youdomain.com zimbraMtaSmtpTlsSecurityLevel

# Start modify settings
zmprov ms mail.youdomain.com zimbraMtaRelayHost smtp.socketlabs.com

echo smtp.socketlabs.com {username}:{password} > /opt/zimbra/conf/relay_password
postmap /opt/zimbra/conf/relay_password
postmap -q smtp.socketlabs.com /opt/zimbra/conf/relay_password

postconf -e smtp_sasl_password_maps=hash:/opt/zimbra/conf/relay_password
zmprov ms mail.youdomain.com zimbraMtaSmtpSaslPasswordMaps lmdb:/opt/zimbra/conf/relay_password

postconf -e smtp_sasl_auth_enable=yes
zmprov ms mail.youdomain.com zimbraMtaSmtpSaslAuthEnable yes

因為以下4句和預設一樣, 所以我沒有使用

#postconf -e smtp_cname_overrides_servername=no
#zmprov ms mail.youdomain.com zimbraMtaSmtpCnameOverridesServername no

#postconf -e smtp_tls_security_level=may
#zmprov ms mail.youdomain.com zimbraMtaSmtpTlsSecurityLevel may

最後還要設定port

zmcontrol restart

Ubuntu 18.04 Zimbra behind NAT

Can't receive self domain email behind NAT

status=deferred (delivery temporarily suspended: connect to mail.mydomain.com[202.xx.xx.xx]:7025: Connection timed out)

su - zimbra
zmdnscachectl stop
zmprov ms `zmhostname` -zimbraServiceEnabled dnscache
zmprov ms `zmhostname` -zimbraServiceInstalled dnscache

CTRL + D

apt install dnsmasq

vi /etc/dnsmasq.d/mydomain.com.conf
server=8.8.8.8
domain=mydomain.com
mx-host=mydomain.com,mail.mydomain.com,5
listen-address=127.0.0.1

systemctl start dnsmasq
systemctl enable dnsmasq

vi /etc/hosts
192.168.xx.xx mail.mydomain.com

dig -t MX @127.0.0.1 mydomain.com
mydomain.com. 0 IN MX 5 mail.mydomain.com.

;; ADDITIONAL SECTION:
mail.mydomain.com. 0 IN A 192.168.xx.xx

vi /etc/netplan/00-installer-config.yaml
nameservers:
addresses:
- 127.0.0.1

su - zimbra
zmcontrol restart

Ubuntu 20.04 LTS enable Routing & NAT

sysctl net.ipv4.ip_forward
sysctl -w net.ipv4.ip_forward=1

vi /lib/systemd/system/rc-local.service
[Install]
WantedBy=multi-user.target
Alias=rc-local.service

vi /etc/rc.local
#!/bin/sh -e
sysctl -w net.ipv4.ip_forward=1

chmod +x /etc/rc.local

systemctl enable rc-local
systemctl start rc-local

NAT
vi /etc/rc.local
iptables -t nat -A POSTROUTING -j MASQUERADE

Windows 10 format volume to REFS

便用Windows 2019安裝碟開機

diskpart
list disk
select disk 1
list partition
select partition 1
filesystems
format fs=refs unit=64k quick

已知問題, Windows 11會自動更新REFS版本, Windows 10不支援Windows 11的REFS的版本