Latest revision as of 09:39, 2 October 2025

The production mail server is a Debian 10 LXD container administered by SAC, hosted on osgeo9.

See SAC#Communication in case of troubles or quick questions

Services hosted on the mail container

Postfix SMTP server

Handles outgoing and incoming email

Mailman

SAC:Mailing Lists - mailman configuration for lists.osgeo.org.

Websites

All websites are served by Apache

site	path	contact	backup	comments
www.tilecache.org	/var/www/tilecache/docs	SAC !?	BackupOg6 bacula job
lists.osgeo.org		admin		Web interface for managing Mailman

MySQL server

TODO: review/cleanup

backed up via bacula in BackupOg6 job (see /osgeo/backup)
admin user credentials found in ~root/.my.cnf

SSL certificates

LetsEncrypt is configured using certbot-auto
- careful: check the conf files in /etc/apache2/sites-enabled/ to make sure that the VirtualHost settings do not include something like <VirtualHost _default_:443> and instead should point to the IP such as <VirtualHost 140.211.15.14:443> or else the certificate loaded will always default to mapserver.org
- certbot-auto lives in /usr/local/sbin.
- to add more sites, run the command:
  certbot-auto --apache -d mapserver.org -d www.mapserver.org
- a cronjob (certbot-auto renew) was created to check for renewal twice a day
- also enabled for geos.osgeo.org on by Jeff McKenna on 2018-10-01

Backup strategy

See SAC:Backups for general info about backup strategies for containers.

A dump of each mysql database is also stored as a separate file under /osgeo (created during the backup phase).

@@ Line 1: / Line 1: @@
-'''Osgeo6''' is a Debian machine minimally administered by [[SAC]], hosted on [[SAC_Service_Status#osgeo6]] (see also [[Infrastructure Transition Plan 2014#Hardware|Hardware plan 2014]]) at OSU OSL and used for hosting project web sites and some related services.
+The production mail server is a Debian 10 LXD container administered by [[SAC]], hosted on [[osgeo9]].
-The host is reachable by ssh at osgeo6.osgeo.osuosl.org. Anyone in the https://www.osgeo.org/cgi-bin/auth/ldap_shell.py has ssh access, and anyone in this group can add new people via the link. Sudo access can be provided by existing sudoer's by adding folks to the sudoers group in /etc/group, though it is normal practice to try and only extend sudo access to one user per project.
+See [[SAC#Communication]] in case of troubles or quick questions
-This hardware hosts several '''project critical resources''' (projects web sites primarily; it is the successor of the [[ProjectsVM]] put into service in 2015). It is a shared environment and it is important that folks making changes on the system be aware of the impact they might have on other hosted services. Apache changes should be made carefully and needfully. Think about '''security'''!
+= Services hosted on the mail container =
-Place to reach SAC members in case of troubles or quick questions:
+== Postfix SMTP server ==
-*irc://irc.freenode.org#osgeo
+Handles [[SAC:Message Submission Agent|outgoing]] and [[SAC:Message Transport Agent|incoming]] email
-*irc://irc.freenode.org#telascience
-*If you don't have an IRC client, you can use the [http://irc.telascience.org/cgi-bin/telascience-irc.cgi IRC Web browser interface] or [http://webchat.freenode.net/ Freenode's Webchat] (if you are behind a restrictive firewall)
-;Existing services hosted on osgeo6:
+== Mailman ==
+* [[SAC:Mailing Lists]] - mailman configuration for lists.osgeo.org.
+== Websites ==
+All websites are served by Apache
 {| border="1" class="wikitable"
@@ Line 20: / Line 24: @@
 ! [[SAC:Backups|backup]]
 ! comments
-|-
-| grass.osgeo.org
-| /var/www/grass/grass-cms
-| admined by [[User:Neteler]], martinL
-| hopefully backuped by osgeo
-| own MediaWiki
-|-
-| grasswiki.osgeo.org
-| /var/www/grass/grass-wiki
-| admined by [[User:Neteler]], martinL
-| hopefully backuped by osgeo
-| some CMS
-|-
-| www.geotools.org
-| /var/www/geotools/web
-| SAC !?
-|
-| /home/geotools/ available, but corresponding OSGeo LDAP user account missing
-|-
-| docs.geotools.org
-| /var/www/geotools/docs
-| SAC !?
-|
-| /home/geotools/ available, but corresponding OSGeo LDAP user account missing
-|-
-| old.geotools.org
-| /var/www/geotools/wiki
-| SAC !?
-|
-| /home/geotools/ available, but corresponding OSGeo LDAP user account missing
-|-
-| www.featureserver.org
-| /var/www/featureserver/website
-| admined by [[User:Warmerda]]
-|
-| Not yet active, pending Python/GEOS issues
-|-
-| geos.osgeo.org
-| /var/www/geos/geos-web
-| admined by [[User:Warmerda]]
-|
-| Just a redirect to Trac
 |-
 | www.tilecache.org
 | /var/www/tilecache/docs
 | SAC !?
-|
+| BackupOg6 bacula job
 |
 |-
-| www.gdal.org
+| lists.osgeo.org
-| /var/www/gdal/gdal-web/
+|
-| admined by [[User:Warmerda]]
+| admin
 |
-| CRON-job migrated as well
+| Web interface for managing Mailman
 |-
 |}
+== MySQL server ==
+'''TODO''': review/cleanup
+* backed up via [[SAC:Backups|bacula]] in BackupOg6 job (see /osgeo/backup)
+* admin user credentials found in ~root/.my.cnf
+= SSL certificates =
+* LetsEncrypt is configured using certbot-auto
+** careful: check the conf files in /etc/apache2/sites-enabled/ to make sure that the VirtualHost settings do not include something like ''<VirtualHost _default_:443>'' and instead should point to the IP such as ''<VirtualHost 140.211.15.14:443>'' or else the certificate loaded will always default to mapserver.org
+** certbot-auto lives in /usr/local/sbin.
+** to add more sites, run the command:<blockquote>certbot-auto --apache -d mapserver.org -d www.mapserver.org</blockquote>
+** a cronjob (certbot-auto renew) was created to check for renewal twice a day
+** also enabled for geos.osgeo.org on by [[Jeff McKenna]] on 2018-10-01
-=== Backup strategy ===
+= Backup strategy =
-Please add here. Bacula?
+See [[SAC:Backups]] for general info about backup strategies for containers.
-[[Category:Infrastructure]]
+A dump of each mysql database is also stored as a separate file under /osgeo
+(created during the backup phase).

Difference between revisions of "Mail server"