1

Topic: Switching to nginx

==== Required information ====
- iRedMail version: 20150205
- Store mail accounts in which backend (LDAP/MySQL/PGSQL): MySQL
- Linux/BSD distribution name and version: Debian Wheezy
- Related log if you're reporting an issue: N/A
====

My apologies if this is already documented, I couldn't find it after some searching... I understand 0.9 has official support for nginx now, but what is the procedure for upgrading from the existing Apache install?

While I could probably figure this out on my own, I'd like to do this the "iRedMail way" so upgrades don't get confused, and I don't trust my Python knowledge enough to set up iRedAdmin properly.

Thanks!

----

Spider Email Archiver: On-Premises, lightweight email archiving software developed by iRedMail team. Supports Amazon S3 compatible storage and custom branding.

2

Re: Switching to nginx

hdco wrote:

==== Required information ====
My apologies if this is already documented, I couldn't find it after some searching... I understand 0.9 has official support for nginx now, but what is the procedure for upgrading from the existing Apache install?

While I could probably figure this out on my own, I'd like to do this the "iRedMail way" so upgrades don't get confused, and I don't trust my Python knowledge enough to set up iRedAdmin properly.

Maybe this is useful: http://wiki.nginx.org/IRedMail

3

Re: Switching to nginx

Saw that, I wasn't sure how old it was. I'll go with it if no better documentation. I was just hoping for an official document so I don't "void the warranty" and end up stuck if an update breaks something.

4 (edited by mir 2015-02-06 05:41:21)

Re: Switching to nginx

hdco wrote:

Saw that, I wasn't sure how old it was. I'll go with it if no better documentation. I was just hoping for an official document so I don't "void the warranty" and end up stuck if an update breaks something.

A bit old it is since SSL v2 and v3 is enabled as well as some very insecure ssl_ciphers.

I would recommend this:
http {
ssl_prefer_server_ciphers on;
ssl_session_cache shared:SSL:10m;
ssl_session_timeout             10m;
ssl_protocols                   TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers "ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA:DES-CBC3-SHA:HIGH:!aNULL:!eNULL:!EXPORT:!DES:!MD5:!PSK:!RC4";

add_header Strict-Transport-Security max-age=63072000;
add_header X-Frame-Options DENY;
add_header X-Content-Type-Options nosniff;

.....
}

5

Re: Switching to nginx

iRedMail ships sample Nginx config files: iRedMail-0.9.0/samples/nginx/.