Site update
This commit is contained in:
parent
6f9ac9c5b8
commit
26d0746f07
205
content/blog/virgin-mutt-user-meet-mblaze.md
Normal file
205
content/blog/virgin-mutt-user-meet-mblaze.md
Normal file
@ -0,0 +1,205 @@
|
|||||||
|
+++
|
||||||
|
title = 'Virgin (Neo)Mutt User Meet Mblaze'
|
||||||
|
date = 2023-10-24T18:13:18+02:00
|
||||||
|
draft = false
|
||||||
|
+++
|
||||||
|
|
||||||
|
We have all heard of (Neo)Mutt when it comes to managing e-mail in the terminal right? What would you do if I told you there is an even better and more UNIX way to manage mail on the terminal? Well there is and it's called [mblaze](https://github.com/leahneukirchen/mblaze).
|
||||||
|
|
||||||
|
<!--more-->
|
||||||
|
|
||||||
|
In this post I will explain to you how to setup mblaze for managing your email, but for that we will 2 more additional software to manage our mail with mblaze. [OpenSMTPD](https://www.opensmtpd.org/) the openbsd fast mail server for getting local mail from services like crontab and sending mail with, and [isync](https://isync.sourceforge.io/) for downloading our mail from our remote server's either selfhosted or gmail.
|
||||||
|
|
||||||
|
# 1. OpenSMTPD
|
||||||
|
|
||||||
|
First we will setup OpenSMTP for local mail, and we will also relay's that allow us to send e-mail from our selfhosted or gmail mail server's for example. Make sure to install opensmtpd from your package maanager.
|
||||||
|
|
||||||
|
> Edit `/etc/smtpd/smtpd.conf`
|
||||||
|
|
||||||
|
```conf
|
||||||
|
table aliases file:/etc/mail/aliases
|
||||||
|
table credentials file:/etc/mail/credentials
|
||||||
|
|
||||||
|
listen on 127.0.0.1
|
||||||
|
|
||||||
|
action "local_mail" maildir "/home/%{user.username}/.local/share/Maildir/local" alias <aliases>
|
||||||
|
action outbound_selfhost relay host smtp+tls://selfhost@subdomain.domain.com:587 auth <credentials>
|
||||||
|
action outbound_gmail relay host smtp+tls://gmail@smtp.gmail.com:587 auth <credentials>
|
||||||
|
|
||||||
|
match for local action "local_mail"
|
||||||
|
match mail-from "selfhost@domain.com" for any action outbound_selfhost
|
||||||
|
match mail-from "username@gmail.com" for any action outbound_gmail
|
||||||
|
```
|
||||||
|
|
||||||
|
Next you will need to update aliases in file /etc/mail/aliases under the comment `# Well-known aliases -- these should be filled in!` to your main user account on your system.
|
||||||
|
|
||||||
|
Now we will also setup the passwords in the `/etc/mail/credentials`, Note for gmail you will need to setup app password for it to be usable with this method and enable smtp in gmail.
|
||||||
|
|
||||||
|
```conf
|
||||||
|
selfhost selfhost:selfhost_password
|
||||||
|
gmail gmail:gmail_password
|
||||||
|
```
|
||||||
|
|
||||||
|
Also make sure to run `sudo chmod 600 /etc/mail/credentials` to make sure the password's aren't readable if you aren't running as sudo.
|
||||||
|
|
||||||
|
# 2. isync
|
||||||
|
|
||||||
|
Now we will setup isync to get our e-mail from our server's. In this example there is both settings for a selfhosted server and a gmail one.
|
||||||
|
|
||||||
|
> Edit `$HOME/.mbsyncrc`
|
||||||
|
|
||||||
|
```rc
|
||||||
|
IMAPStore selfhost-remote
|
||||||
|
Host subdomain.domain.com
|
||||||
|
Port 993
|
||||||
|
User selfhost@domain.com
|
||||||
|
PassCmd "Command for password" or Pass password
|
||||||
|
SSLType IMAPS
|
||||||
|
CertificateFile /etc/ssl/certs/ca-certificates.crt
|
||||||
|
|
||||||
|
MaildirStore selfhost-local
|
||||||
|
Path ~/.local/share/Maildir/selfhost/
|
||||||
|
Inbox ~/.local/share/Maildir/selfhost/INBOX
|
||||||
|
SubFolders Verbatim
|
||||||
|
|
||||||
|
Channel selfhost
|
||||||
|
Far :selfhost-remote:
|
||||||
|
Near :selfhost-local:
|
||||||
|
Create Both
|
||||||
|
Expunge Both
|
||||||
|
Patterns * !"[Gmail]/All Mail" !"*fts-flatcurve*" !"*virtual*"
|
||||||
|
SyncState *
|
||||||
|
Create Both
|
||||||
|
|
||||||
|
IMAPStore gmail-remote
|
||||||
|
Host imap.gmail.com
|
||||||
|
Port 993
|
||||||
|
User gmail@gmail.com
|
||||||
|
PassCmd "Command for password" or Pass password
|
||||||
|
SSLType IMAPS
|
||||||
|
CertificateFile /etc/ssl/certs/ca-certificates.crt
|
||||||
|
|
||||||
|
MaildirStore gmail-local
|
||||||
|
Path ~/.local/share/Maildir/gmail/
|
||||||
|
Inbox ~/.local/share/Maildir/gmail/INBOX
|
||||||
|
SubFolders Verbatim
|
||||||
|
|
||||||
|
Channel gmail
|
||||||
|
Far :gmail-remote:
|
||||||
|
Near :gmail-local:
|
||||||
|
Create Both
|
||||||
|
Expunge Both
|
||||||
|
Patterns * !"[Gmail]/All Mail" !"*fts-flatcurve*" !"*virtual*"
|
||||||
|
SyncState *
|
||||||
|
Create Both
|
||||||
|
```
|
||||||
|
|
||||||
|
Then you can run `mbsync -V gmail/selfhost` to sync a specific account or you can run `mbsync -a` to sync all your account's.
|
||||||
|
|
||||||
|
# 3. mblaze
|
||||||
|
|
||||||
|
Now we will start working on the most juicy part, setting up mblaze for basic usage. First we will setup a basic mblaze profile for our local account.
|
||||||
|
|
||||||
|
> Edit `$HOME/.mblaze/profile`
|
||||||
|
|
||||||
|
```conf
|
||||||
|
Local-Mailbox: user
|
||||||
|
FQDN: "Generate using command mgenmid"
|
||||||
|
Maildir: /home/crony/.local/share/Maildir/local
|
||||||
|
Outbox: /home/crony/.local/share/Maildir/local/Sent/
|
||||||
|
Drafts: /home/crony/.local/share/Maildir/local/Drafts/
|
||||||
|
Reply-From: user
|
||||||
|
# You don't need this, it just makes it easier to see date
|
||||||
|
Scan-Format: %c%u%r %-3n %10d %17f %t %2i%s
|
||||||
|
```
|
||||||
|
|
||||||
|
And now we are ready for using mblaze for managing our local mail with mblaze. Now for the rest of this blog I will show how I manage multiple account's using a scipt and a couple function's. I will also link a video that will show you in more detail things for using mblaze for managing your mail which was my inspiration for making this post.
|
||||||
|
|
||||||
|
# 4. Multiple profiles management
|
||||||
|
|
||||||
|
You can do this in a lot of ways with mblaze since it is very easily scriptable, but I do it with a script that copies over a preconfigure profile from `$HOME/.config/mblaze`
|
||||||
|
|
||||||
|
> example selfhost mblaze config `$HOME/.config/mblaze/selfhost`
|
||||||
|
|
||||||
|
```conf
|
||||||
|
Local-Mailbox: User Name <user@domain.com>
|
||||||
|
FQDN: "Generate using command mgenmid"
|
||||||
|
Maildir: /home/crony/.local/share/Maildir/selfhost
|
||||||
|
Outbox: /home/crony/.local/share/Maildir/selfhost/Sent/
|
||||||
|
Drafts: /home/crony/.local/share/Maildir/selfhost/Drafts/
|
||||||
|
Reply-From: User Name <user@domain.com>
|
||||||
|
Scan-Format: %c%u%r %-3n %10d %17f %t %2i%s
|
||||||
|
```
|
||||||
|
|
||||||
|
> example gmail mblaze config `$HOME/.config/mblaze/gmail`
|
||||||
|
|
||||||
|
```conf
|
||||||
|
Local-Mailbox: user <user@gmail.com>
|
||||||
|
FQDN: "Generate using command mgenmid"
|
||||||
|
Maildir: /home/crony/.local/share/Maildir/gmail
|
||||||
|
Outbox: /home/crony/.local/share/Maildir/gmail/[Gmail]/Sent Mail
|
||||||
|
Drafts: /home/crony/.local/share/Maildir/gmail/[Gmail]/Drafts
|
||||||
|
Reply-From: user <user@gmail.com>
|
||||||
|
Scan-Format: %c%u%r %-3n %10d %17f %t %2i%s
|
||||||
|
```
|
||||||
|
|
||||||
|
For the local profile, just copy the config saved to `$HOME/.mblaze/profile` to `$HOME/.config/mblaze/local`.
|
||||||
|
|
||||||
|
Now onto the script and functions I use with my zsh.
|
||||||
|
|
||||||
|
> mprofile
|
||||||
|
```bash
|
||||||
|
#!/bin/sh
|
||||||
|
|
||||||
|
profiles=$(find "$HOME"/.config/mblaze -type f -exec basename "{}" \;)
|
||||||
|
currentMaildir=$(grep "^Maildir:" "$HOME"/.mblaze/profile | cut -d: -f 2 | sed 's/ //g')
|
||||||
|
|
||||||
|
[ -z "$1" ] && basename "$(grep -w "$currentMaildir" -l -R "$HOME"/.config/mblaze)" && exit 0
|
||||||
|
[ "$1" = "-l" ] && printf '%s\n' "$profiles" && exit 0
|
||||||
|
|
||||||
|
profile="$1"
|
||||||
|
|
||||||
|
if printf '%s\n' "$profiles" | grep -qw "$profile"; then
|
||||||
|
cp "$HOME"/.config/mblaze/"$profile" "$HOME"/.mblaze/profile
|
||||||
|
else
|
||||||
|
printf '%s\n' "This profile doesn't exist"
|
||||||
|
fi
|
||||||
|
```
|
||||||
|
|
||||||
|
The script is able to print the current profile when run without argument, listing all available profiles using -l and setting the profile by providing it's name.
|
||||||
|
|
||||||
|
> functions
|
||||||
|
```bash
|
||||||
|
# mblaze functions
|
||||||
|
|
||||||
|
# Get new mail for current profile
|
||||||
|
mnew () {
|
||||||
|
maildir=$(grep "^Maildir:" $HOME/.mblaze/profile | cut -d: -f 2 | sed 's/ //g')
|
||||||
|
profile=$(basename $maildir)
|
||||||
|
if [ "$profile" = "local" ]; then
|
||||||
|
mlist -s "$maildir"| msort -dr | mseq -S
|
||||||
|
else
|
||||||
|
mbsync -V $profile
|
||||||
|
mlist -s "$maildir"/INBOX | msort -dr | mseq -S
|
||||||
|
fi
|
||||||
|
}
|
||||||
|
|
||||||
|
# Get full mail for current profile including threads
|
||||||
|
mall () {
|
||||||
|
maildir=$(grep "^Maildir:" $HOME/.mblaze/profile | cut -d: -f 2 | sed 's/ //g')
|
||||||
|
sent=$(grep "^Outbox:" $HOME/.mblaze/profile | cut -d: -f 2 | sed 's/ //g')
|
||||||
|
profile=$(basename $maildir)
|
||||||
|
if [ "$profile" = "local" ]; then
|
||||||
|
mlist "$maildir" | mthread -r -S "$maildir" | mseq -S
|
||||||
|
else
|
||||||
|
mbsync -V $profile
|
||||||
|
mlist "$maildir"/INBOX | mthread -r -S "$sent" | mseq -S
|
||||||
|
fi
|
||||||
|
}
|
||||||
|
```
|
||||||
|
|
||||||
|
For the rest of usage of mblaze, I really recommend to use `man mblaze` since the software is really well documented, or you can also watch this [video](https://piped.cronyakatsuki.xyz/watch?v=5YS8RPC4zwc) I took the inspiration from for this setup.
|
||||||
|
|
||||||
|
# Conclusion
|
||||||
|
|
||||||
|
Hope you have had a good read, and I hope you will maybe try out this mail setup, or create your own even better setup for your self.
|
||||||
@ -39,6 +39,9 @@
|
|||||||
|
|
||||||
<section class="list">
|
<section class="list">
|
||||||
|
|
||||||
|
<a href="/blog/virgin-mutt-user-meet-mblaze/">
|
||||||
|
24-10-2023 || Virgin (Neo)Mutt User Meet Mblaze</a><br />
|
||||||
|
|
||||||
<a href="/blog/setup-dns-pihole-unbound/">
|
<a href="/blog/setup-dns-pihole-unbound/">
|
||||||
27-09-2023 || Setup dns with adblock and dot/doh with pi-hole and unbound</a><br />
|
27-09-2023 || Setup dns with adblock and dot/doh with pi-hole and unbound</a><br />
|
||||||
|
|
||||||
|
|||||||
@ -6,11 +6,181 @@
|
|||||||
<description>Recent content in Blog on Crony Akatsuki's Website</description>
|
<description>Recent content in Blog on Crony Akatsuki's Website</description>
|
||||||
<generator>Hugo -- gohugo.io</generator>
|
<generator>Hugo -- gohugo.io</generator>
|
||||||
<language>en-us</language>
|
<language>en-us</language>
|
||||||
<lastBuildDate>Wed, 27 Sep 2023 00:00:00 +0000</lastBuildDate>
|
<lastBuildDate>Tue, 24 Oct 2023 18:13:18 +0200</lastBuildDate>
|
||||||
|
|
||||||
<atom:link href="https://cronyakatsuki.xyz/blog/index.xml" rel="self" type="application/rss+xml" />
|
<atom:link href="https://cronyakatsuki.xyz/blog/index.xml" rel="self" type="application/rss+xml" />
|
||||||
|
|
||||||
|
|
||||||
|
<item>
|
||||||
|
<title>Virgin (Neo)Mutt User Meet Mblaze</title>
|
||||||
|
<link>https://cronyakatsuki.xyz/blog/virgin-mutt-user-meet-mblaze/</link>
|
||||||
|
<pubDate>24-10-2023</pubDate>
|
||||||
|
|
||||||
|
<guid>https://cronyakatsuki.xyz/blog/virgin-mutt-user-meet-mblaze/</guid>
|
||||||
|
<description><p>We have all heard of (Neo)Mutt when it comes to managing e-mail in the terminal right? What would you do if I told you there is an even better and more UNIX way to manage mail on the terminal? Well there is and it&rsquo;s called <a href="https://github.com/leahneukirchen/mblaze">mblaze</a>.</p>
|
||||||
|
<p>In this post I will explain to you how to setup mblaze for managing your email, but for that we will 2 more additional software to manage our mail with mblaze. <a href="https://www.opensmtpd.org/">OpenSMTPD</a> the openbsd fast mail server for getting local mail from services like crontab and sending mail with, and <a href="https://isync.sourceforge.io/">isync</a> for downloading our mail from our remote server&rsquo;s either selfhosted or gmail.</p>
|
||||||
|
<h1 id="1-opensmtpd">1. OpenSMTPD</h1>
|
||||||
|
<p>First we will setup OpenSMTP for local mail, and we will also relay&rsquo;s that allow us to send e-mail from our selfhosted or gmail mail server&rsquo;s for example. Make sure to install opensmtpd from your package maanager.</p>
|
||||||
|
<blockquote>
|
||||||
|
<p>Edit <code>/etc/smtpd/smtpd.conf</code></p>
|
||||||
|
</blockquote>
|
||||||
|
<pre tabindex="0"><code class="language-conf" data-lang="conf">table aliases file:/etc/mail/aliases
|
||||||
|
table credentials file:/etc/mail/credentials
|
||||||
|
|
||||||
|
listen on 127.0.0.1
|
||||||
|
|
||||||
|
action &#34;local_mail&#34; maildir &#34;/home/%{user.username}/.local/share/Maildir/local&#34; alias &lt;aliases&gt;
|
||||||
|
action outbound_selfhost relay host smtp+tls://selfhost@subdomain.domain.com:587 auth &lt;credentials&gt;
|
||||||
|
action outbound_gmail relay host smtp+tls://gmail@smtp.gmail.com:587 auth &lt;credentials&gt;
|
||||||
|
|
||||||
|
match for local action &#34;local_mail&#34;
|
||||||
|
match mail-from &#34;selfhost@domain.com&#34; for any action outbound_selfhost
|
||||||
|
match mail-from &#34;username@gmail.com&#34; for any action outbound_gmail
|
||||||
|
</code></pre><p>Next you will need to update aliases in file /etc/mail/aliases under the comment <code># Well-known aliases -- these should be filled in!</code> to your main user account on your system.</p>
|
||||||
|
<p>Now we will also setup the passwords in the <code>/etc/mail/credentials</code>, Note for gmail you will need to setup app password for it to be usable with this method and enable smtp in gmail.</p>
|
||||||
|
<pre tabindex="0"><code class="language-conf" data-lang="conf">selfhost selfhost:selfhost_password
|
||||||
|
gmail gmail:gmail_password
|
||||||
|
</code></pre><p>Also make sure to run <code>sudo chmod 600 /etc/mail/credentials</code> to make sure the password&rsquo;s aren&rsquo;t readable if you aren&rsquo;t running as sudo.</p>
|
||||||
|
<h1 id="2-isync">2. isync</h1>
|
||||||
|
<p>Now we will setup isync to get our e-mail from our server&rsquo;s. In this example there is both settings for a selfhosted server and a gmail one.</p>
|
||||||
|
<blockquote>
|
||||||
|
<p>Edit <code>$HOME/.mbsyncrc</code></p>
|
||||||
|
</blockquote>
|
||||||
|
<pre tabindex="0"><code class="language-rc" data-lang="rc">IMAPStore selfhost-remote
|
||||||
|
Host subdomain.domain.com
|
||||||
|
Port 993
|
||||||
|
User selfhost@domain.com
|
||||||
|
PassCmd &#34;Command for password&#34; or Pass password
|
||||||
|
SSLType IMAPS
|
||||||
|
CertificateFile /etc/ssl/certs/ca-certificates.crt
|
||||||
|
|
||||||
|
MaildirStore selfhost-local
|
||||||
|
Path ~/.local/share/Maildir/selfhost/
|
||||||
|
Inbox ~/.local/share/Maildir/selfhost/INBOX
|
||||||
|
SubFolders Verbatim
|
||||||
|
|
||||||
|
Channel selfhost
|
||||||
|
Far :selfhost-remote:
|
||||||
|
Near :selfhost-local:
|
||||||
|
Create Both
|
||||||
|
Expunge Both
|
||||||
|
Patterns * !&#34;[Gmail]/All Mail&#34; !&#34;*fts-flatcurve*&#34; !&#34;*virtual*&#34;
|
||||||
|
SyncState *
|
||||||
|
Create Both
|
||||||
|
|
||||||
|
IMAPStore gmail-remote
|
||||||
|
Host imap.gmail.com
|
||||||
|
Port 993
|
||||||
|
User gmail@gmail.com
|
||||||
|
PassCmd &#34;Command for password&#34; or Pass password
|
||||||
|
SSLType IMAPS
|
||||||
|
CertificateFile /etc/ssl/certs/ca-certificates.crt
|
||||||
|
|
||||||
|
MaildirStore gmail-local
|
||||||
|
Path ~/.local/share/Maildir/gmail/
|
||||||
|
Inbox ~/.local/share/Maildir/gmail/INBOX
|
||||||
|
SubFolders Verbatim
|
||||||
|
|
||||||
|
Channel gmail
|
||||||
|
Far :gmail-remote:
|
||||||
|
Near :gmail-local:
|
||||||
|
Create Both
|
||||||
|
Expunge Both
|
||||||
|
Patterns * !&#34;[Gmail]/All Mail&#34; !&#34;*fts-flatcurve*&#34; !&#34;*virtual*&#34;
|
||||||
|
SyncState *
|
||||||
|
Create Both
|
||||||
|
</code></pre><p>Then you can run <code>mbsync -V gmail/selfhost</code> to sync a specific account or you can run <code>mbsync -a</code> to sync all your account&rsquo;s.</p>
|
||||||
|
<h1 id="3-mblaze">3. mblaze</h1>
|
||||||
|
<p>Now we will start working on the most juicy part, setting up mblaze for basic usage. First we will setup a basic mblaze profile for our local account.</p>
|
||||||
|
<blockquote>
|
||||||
|
<p>Edit <code>$HOME/.mblaze/profile</code></p>
|
||||||
|
</blockquote>
|
||||||
|
<pre tabindex="0"><code class="language-conf" data-lang="conf">Local-Mailbox: user
|
||||||
|
FQDN: &#34;Generate using command mgenmid&#34;
|
||||||
|
Maildir: /home/crony/.local/share/Maildir/local
|
||||||
|
Outbox: /home/crony/.local/share/Maildir/local/Sent/
|
||||||
|
Drafts: /home/crony/.local/share/Maildir/local/Drafts/
|
||||||
|
Reply-From: user
|
||||||
|
# You don&#39;t need this, it just makes it easier to see date
|
||||||
|
Scan-Format: %c%u%r %-3n %10d %17f %t %2i%s
|
||||||
|
</code></pre><p>And now we are ready for using mblaze for managing our local mail with mblaze. Now for the rest of this blog I will show how I manage multiple account&rsquo;s using a scipt and a couple function&rsquo;s. I will also link a video that will show you in more detail things for using mblaze for managing your mail which was my inspiration for making this post.</p>
|
||||||
|
<h1 id="4-multiple-profiles-management">4. Multiple profiles management</h1>
|
||||||
|
<p>You can do this in a lot of ways with mblaze since it is very easily scriptable, but I do it with a script that copies over a preconfigure profile from <code>$HOME/.config/mblaze</code></p>
|
||||||
|
<blockquote>
|
||||||
|
<p>example selfhost mblaze config <code>$HOME/.config/mblaze/selfhost</code></p>
|
||||||
|
</blockquote>
|
||||||
|
<pre tabindex="0"><code class="language-conf" data-lang="conf">Local-Mailbox: User Name &lt;user@domain.com&gt;
|
||||||
|
FQDN: &#34;Generate using command mgenmid&#34;
|
||||||
|
Maildir: /home/crony/.local/share/Maildir/selfhost
|
||||||
|
Outbox: /home/crony/.local/share/Maildir/selfhost/Sent/
|
||||||
|
Drafts: /home/crony/.local/share/Maildir/selfhost/Drafts/
|
||||||
|
Reply-From: User Name &lt;user@domain.com&gt;
|
||||||
|
Scan-Format: %c%u%r %-3n %10d %17f %t %2i%s
|
||||||
|
</code></pre><blockquote>
|
||||||
|
<p>example gmail mblaze config <code>$HOME/.config/mblaze/gmail</code></p>
|
||||||
|
</blockquote>
|
||||||
|
<pre tabindex="0"><code class="language-conf" data-lang="conf">Local-Mailbox: user &lt;user@gmail.com&gt;
|
||||||
|
FQDN: &#34;Generate using command mgenmid&#34;
|
||||||
|
Maildir: /home/crony/.local/share/Maildir/gmail
|
||||||
|
Outbox: /home/crony/.local/share/Maildir/gmail/[Gmail]/Sent Mail
|
||||||
|
Drafts: /home/crony/.local/share/Maildir/gmail/[Gmail]/Drafts
|
||||||
|
Reply-From: user &lt;user@gmail.com&gt;
|
||||||
|
Scan-Format: %c%u%r %-3n %10d %17f %t %2i%s
|
||||||
|
</code></pre><p>For the local profile, just copy the config saved to <code>$HOME/.mblaze/profile</code> to <code>$HOME/.config/mblaze/local</code>.</p>
|
||||||
|
<p>Now onto the script and functions I use with my zsh.</p>
|
||||||
|
<blockquote>
|
||||||
|
<p>mprofile</p>
|
||||||
|
</blockquote>
|
||||||
|
<div class="highlight"><pre tabindex="0" style="color:#c6d0f5;background-color:#303446;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-bash" data-lang="bash"><span style="display:flex;"><span><span style="color:#737994;font-style:italic">#!/bin/sh
|
||||||
|
</span></span></span><span style="display:flex;"><span><span style="color:#737994;font-style:italic"></span>
|
||||||
|
</span></span><span style="display:flex;"><span><span style="color:#f2d5cf">profiles</span><span style="color:#99d1db;font-weight:bold">=</span><span style="color:#ca9ee6">$(</span>find <span style="color:#a6d189">&#34;</span><span style="color:#f2d5cf">$HOME</span><span style="color:#a6d189">&#34;</span>/.config/mblaze -type f -exec basename <span style="color:#a6d189">&#34;{}&#34;</span> <span style="color:#8caaee">\;</span><span style="color:#ca9ee6">)</span>
|
||||||
|
</span></span><span style="display:flex;"><span><span style="color:#f2d5cf">currentMaildir</span><span style="color:#99d1db;font-weight:bold">=</span><span style="color:#ca9ee6">$(</span>grep <span style="color:#a6d189">&#34;^Maildir:&#34;</span> <span style="color:#a6d189">&#34;</span><span style="color:#f2d5cf">$HOME</span><span style="color:#a6d189">&#34;</span>/.mblaze/profile | cut -d: -f <span style="color:#ef9f76">2</span> | sed <span style="color:#a6d189">&#39;s/ //g&#39;</span><span style="color:#ca9ee6">)</span>
|
||||||
|
</span></span><span style="display:flex;"><span>
|
||||||
|
</span></span><span style="display:flex;"><span><span style="color:#99d1db;font-weight:bold">[</span> -z <span style="color:#a6d189">&#34;</span><span style="color:#f2d5cf">$1</span><span style="color:#a6d189">&#34;</span> <span style="color:#99d1db;font-weight:bold">]</span> <span style="color:#99d1db;font-weight:bold">&amp;&amp;</span> basename <span style="color:#a6d189">&#34;</span><span style="color:#ca9ee6">$(</span>grep -w <span style="color:#a6d189">&#34;</span><span style="color:#f2d5cf">$currentMaildir</span><span style="color:#a6d189">&#34;</span> -l -R <span style="color:#a6d189">&#34;</span><span style="color:#f2d5cf">$HOME</span><span style="color:#a6d189">&#34;</span>/.config/mblaze<span style="color:#ca9ee6">)</span><span style="color:#a6d189">&#34;</span> <span style="color:#99d1db;font-weight:bold">&amp;&amp;</span> <span style="color:#99d1db">exit</span> <span style="color:#ef9f76">0</span>
|
||||||
|
</span></span><span style="display:flex;"><span><span style="color:#99d1db;font-weight:bold">[</span> <span style="color:#a6d189">&#34;</span><span style="color:#f2d5cf">$1</span><span style="color:#a6d189">&#34;</span> <span style="color:#99d1db;font-weight:bold">=</span> <span style="color:#a6d189">&#34;-l&#34;</span> <span style="color:#99d1db;font-weight:bold">]</span> <span style="color:#99d1db;font-weight:bold">&amp;&amp;</span> <span style="color:#99d1db">printf</span> <span style="color:#a6d189">&#39;%s\n&#39;</span> <span style="color:#a6d189">&#34;</span><span style="color:#f2d5cf">$profiles</span><span style="color:#a6d189">&#34;</span> <span style="color:#99d1db;font-weight:bold">&amp;&amp;</span> <span style="color:#99d1db">exit</span> <span style="color:#ef9f76">0</span>
|
||||||
|
</span></span><span style="display:flex;"><span>
|
||||||
|
</span></span><span style="display:flex;"><span><span style="color:#f2d5cf">profile</span><span style="color:#99d1db;font-weight:bold">=</span><span style="color:#a6d189">&#34;</span><span style="color:#f2d5cf">$1</span><span style="color:#a6d189">&#34;</span>
|
||||||
|
</span></span><span style="display:flex;"><span>
|
||||||
|
</span></span><span style="display:flex;"><span><span style="color:#ca9ee6">if</span> <span style="color:#99d1db">printf</span> <span style="color:#a6d189">&#39;%s\n&#39;</span> <span style="color:#a6d189">&#34;</span><span style="color:#f2d5cf">$profiles</span><span style="color:#a6d189">&#34;</span> | grep -qw <span style="color:#a6d189">&#34;</span><span style="color:#f2d5cf">$profile</span><span style="color:#a6d189">&#34;</span>; <span style="color:#ca9ee6">then</span>
|
||||||
|
</span></span><span style="display:flex;"><span> cp <span style="color:#a6d189">&#34;</span><span style="color:#f2d5cf">$HOME</span><span style="color:#a6d189">&#34;</span>/.config/mblaze/<span style="color:#a6d189">&#34;</span><span style="color:#f2d5cf">$profile</span><span style="color:#a6d189">&#34;</span> <span style="color:#a6d189">&#34;</span><span style="color:#f2d5cf">$HOME</span><span style="color:#a6d189">&#34;</span>/.mblaze/profile
|
||||||
|
</span></span><span style="display:flex;"><span><span style="color:#ca9ee6">else</span>
|
||||||
|
</span></span><span style="display:flex;"><span> <span style="color:#99d1db">printf</span> <span style="color:#a6d189">&#39;%s\n&#39;</span> <span style="color:#a6d189">&#34;This profile doesn&#39;t exist&#34;</span>
|
||||||
|
</span></span><span style="display:flex;"><span><span style="color:#ca9ee6">fi</span>
|
||||||
|
</span></span></code></pre></div><p>The script is able to print the current profile when run without argument, listing all available profiles using -l and setting the profile by providing it&rsquo;s name.</p>
|
||||||
|
<blockquote>
|
||||||
|
<p>functions</p>
|
||||||
|
</blockquote>
|
||||||
|
<div class="highlight"><pre tabindex="0" style="color:#c6d0f5;background-color:#303446;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-bash" data-lang="bash"><span style="display:flex;"><span><span style="color:#737994;font-style:italic"># mblaze functions</span>
|
||||||
|
</span></span><span style="display:flex;"><span>
|
||||||
|
</span></span><span style="display:flex;"><span><span style="color:#737994;font-style:italic"># Get new mail for current profile</span>
|
||||||
|
</span></span><span style="display:flex;"><span>mnew <span style="color:#99d1db;font-weight:bold">()</span> <span style="color:#99d1db;font-weight:bold">{</span>
|
||||||
|
</span></span><span style="display:flex;"><span> <span style="color:#f2d5cf">maildir</span><span style="color:#99d1db;font-weight:bold">=</span><span style="color:#ca9ee6">$(</span>grep <span style="color:#a6d189">&#34;^Maildir:&#34;</span> <span style="color:#f2d5cf">$HOME</span>/.mblaze/profile | cut -d: -f <span style="color:#ef9f76">2</span> | sed <span style="color:#a6d189">&#39;s/ //g&#39;</span><span style="color:#ca9ee6">)</span>
|
||||||
|
</span></span><span style="display:flex;"><span> <span style="color:#f2d5cf">profile</span><span style="color:#99d1db;font-weight:bold">=</span><span style="color:#ca9ee6">$(</span>basename <span style="color:#f2d5cf">$maildir</span><span style="color:#ca9ee6">)</span>
|
||||||
|
</span></span><span style="display:flex;"><span> <span style="color:#ca9ee6">if</span> <span style="color:#99d1db;font-weight:bold">[</span> <span style="color:#a6d189">&#34;</span><span style="color:#f2d5cf">$profile</span><span style="color:#a6d189">&#34;</span> <span style="color:#99d1db;font-weight:bold">=</span> <span style="color:#a6d189">&#34;local&#34;</span> <span style="color:#99d1db;font-weight:bold">]</span>; <span style="color:#ca9ee6">then</span>
|
||||||
|
</span></span><span style="display:flex;"><span> mlist -s <span style="color:#a6d189">&#34;</span><span style="color:#f2d5cf">$maildir</span><span style="color:#a6d189">&#34;</span>| msort -dr | mseq -S
|
||||||
|
</span></span><span style="display:flex;"><span> <span style="color:#ca9ee6">else</span>
|
||||||
|
</span></span><span style="display:flex;"><span> mbsync -V <span style="color:#f2d5cf">$profile</span>
|
||||||
|
</span></span><span style="display:flex;"><span> mlist -s <span style="color:#a6d189">&#34;</span><span style="color:#f2d5cf">$maildir</span><span style="color:#a6d189">&#34;</span>/INBOX | msort -dr | mseq -S
|
||||||
|
</span></span><span style="display:flex;"><span> <span style="color:#ca9ee6">fi</span>
|
||||||
|
</span></span><span style="display:flex;"><span><span style="color:#99d1db;font-weight:bold">}</span>
|
||||||
|
</span></span><span style="display:flex;"><span>
|
||||||
|
</span></span><span style="display:flex;"><span><span style="color:#737994;font-style:italic"># Get full mail for current profile including threads</span>
|
||||||
|
</span></span><span style="display:flex;"><span>mall <span style="color:#99d1db;font-weight:bold">()</span> <span style="color:#99d1db;font-weight:bold">{</span>
|
||||||
|
</span></span><span style="display:flex;"><span> <span style="color:#f2d5cf">maildir</span><span style="color:#99d1db;font-weight:bold">=</span><span style="color:#ca9ee6">$(</span>grep <span style="color:#a6d189">&#34;^Maildir:&#34;</span> <span style="color:#f2d5cf">$HOME</span>/.mblaze/profile | cut -d: -f <span style="color:#ef9f76">2</span> | sed <span style="color:#a6d189">&#39;s/ //g&#39;</span><span style="color:#ca9ee6">)</span>
|
||||||
|
</span></span><span style="display:flex;"><span> <span style="color:#f2d5cf">sent</span><span style="color:#99d1db;font-weight:bold">=</span><span style="color:#ca9ee6">$(</span>grep <span style="color:#a6d189">&#34;^Outbox:&#34;</span> <span style="color:#f2d5cf">$HOME</span>/.mblaze/profile | cut -d: -f <span style="color:#ef9f76">2</span> | sed <span style="color:#a6d189">&#39;s/ //g&#39;</span><span style="color:#ca9ee6">)</span>
|
||||||
|
</span></span><span style="display:flex;"><span> <span style="color:#f2d5cf">profile</span><span style="color:#99d1db;font-weight:bold">=</span><span style="color:#ca9ee6">$(</span>basename <span style="color:#f2d5cf">$maildir</span><span style="color:#ca9ee6">)</span>
|
||||||
|
</span></span><span style="display:flex;"><span> <span style="color:#ca9ee6">if</span> <span style="color:#99d1db;font-weight:bold">[</span> <span style="color:#a6d189">&#34;</span><span style="color:#f2d5cf">$profile</span><span style="color:#a6d189">&#34;</span> <span style="color:#99d1db;font-weight:bold">=</span> <span style="color:#a6d189">&#34;local&#34;</span> <span style="color:#99d1db;font-weight:bold">]</span>; <span style="color:#ca9ee6">then</span>
|
||||||
|
</span></span><span style="display:flex;"><span> mlist <span style="color:#a6d189">&#34;</span><span style="color:#f2d5cf">$maildir</span><span style="color:#a6d189">&#34;</span> | mthread -r -S <span style="color:#a6d189">&#34;</span><span style="color:#f2d5cf">$maildir</span><span style="color:#a6d189">&#34;</span> | mseq -S
|
||||||
|
</span></span><span style="display:flex;"><span> <span style="color:#ca9ee6">else</span>
|
||||||
|
</span></span><span style="display:flex;"><span> mbsync -V <span style="color:#f2d5cf">$profile</span>
|
||||||
|
</span></span><span style="display:flex;"><span> mlist <span style="color:#a6d189">&#34;</span><span style="color:#f2d5cf">$maildir</span><span style="color:#a6d189">&#34;</span>/INBOX | mthread -r -S <span style="color:#a6d189">&#34;</span><span style="color:#f2d5cf">$sent</span><span style="color:#a6d189">&#34;</span> | mseq -S
|
||||||
|
</span></span><span style="display:flex;"><span> <span style="color:#ca9ee6">fi</span>
|
||||||
|
</span></span><span style="display:flex;"><span><span style="color:#99d1db;font-weight:bold">}</span>
|
||||||
|
</span></span></code></pre></div><p>For the rest of usage of mblaze, I really recommend to use <code>man mblaze</code> since the software is really well documented, or you can also watch this <a href="https://piped.cronyakatsuki.xyz/watch?v=5YS8RPC4zwc">video</a> I took the inspiration from for this setup.</p>
|
||||||
|
<h1 id="conclusion">Conclusion</h1>
|
||||||
|
<p>Hope you have had a good read, and I hope you will maybe try out this mail setup, or create your own even better setup for your self.</p></description>
|
||||||
|
</item>
|
||||||
|
|
||||||
<item>
|
<item>
|
||||||
<title>Setup dns with adblock and dot/doh with pi-hole and unbound</title>
|
<title>Setup dns with adblock and dot/doh with pi-hole and unbound</title>
|
||||||
<link>https://cronyakatsuki.xyz/blog/setup-dns-pihole-unbound/</link>
|
<link>https://cronyakatsuki.xyz/blog/setup-dns-pihole-unbound/</link>
|
||||||
@ -23,40 +193,40 @@
|
|||||||
<p>Let&rsquo;s start with setting up pihole. I will be installing it with their script on a debian system for easier unbound integration ( unbound doesn&rsquo;t have an official docker container ).</p>
|
<p>Let&rsquo;s start with setting up pihole. I will be installing it with their script on a debian system for easier unbound integration ( unbound doesn&rsquo;t have an official docker container ).</p>
|
||||||
<p>I recommend to read up on the pihole&rsquo;s docs on exactly how to install it since pihole get&rsquo;s frequent updates. <a href="https://docs.pi-hole.net/main/basic-install/">DOCS</a></p>
|
<p>I recommend to read up on the pihole&rsquo;s docs on exactly how to install it since pihole get&rsquo;s frequent updates. <a href="https://docs.pi-hole.net/main/basic-install/">DOCS</a></p>
|
||||||
<p>I recommend you to install the admin page for easier managmenet and ability to change the upstream dns server ( needed for changing it to unbound later on ). To be able to access the admin page I use an nginx configuration like this one.</p>
|
<p>I recommend you to install the admin page for easier managmenet and ability to change the upstream dns server ( needed for changing it to unbound later on ). To be able to access the admin page I use an nginx configuration like this one.</p>
|
||||||
<div class="highlight"><pre tabindex="0" style="color:#ef9f76;background-color:#303446;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-nginx" data-lang="nginx"><span style="display:flex;"><span><span style="color:#ca9ee6">server</span> <span style="color:#c6d0f5">{</span>
|
<div class="highlight"><pre tabindex="0" style="color:#c6d0f5;background-color:#303446;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-nginx" data-lang="nginx"><span style="display:flex;"><span><span style="color:#ca9ee6">server</span> {
|
||||||
</span></span><span style="display:flex;"><span> <span style="color:#ca9ee6">server_name</span> <span style="color:#a6d189">example.com</span> <span style="color:#c6d0f5">;</span>
|
</span></span><span style="display:flex;"><span> <span style="color:#81c8be">server_name</span> <span style="color:#a6d189">example.com</span> ;
|
||||||
</span></span><span style="display:flex;"><span>
|
</span></span><span style="display:flex;"><span>
|
||||||
</span></span><span style="display:flex;"><span> <span style="color:#ca9ee6">location</span> <span style="color:#a6d189">/</span> <span style="color:#c6d0f5">{</span>
|
</span></span><span style="display:flex;"><span> <span style="color:#81c8be">location</span> <span style="color:#a6d189">/</span> {
|
||||||
</span></span><span style="display:flex;"><span> <span style="color:#ca9ee6">return</span> 403<span style="color:#c6d0f5">;</span>
|
</span></span><span style="display:flex;"><span> <span style="color:#81c8be">return</span> <span style="color:#ef9f76">403</span>;
|
||||||
</span></span><span style="display:flex;"><span> <span style="color:#c6d0f5">}</span>
|
</span></span><span style="display:flex;"><span> }
|
||||||
</span></span><span style="display:flex;"><span>
|
</span></span><span style="display:flex;"><span>
|
||||||
</span></span><span style="display:flex;"><span> <span style="color:#ca9ee6">location</span> <span style="color:#a6d189">/admin</span> <span style="color:#c6d0f5">{</span>
|
</span></span><span style="display:flex;"><span> <span style="color:#81c8be">location</span> <span style="color:#a6d189">/admin</span> {
|
||||||
</span></span><span style="display:flex;"><span> <span style="color:#ca9ee6">proxy_pass</span> <span style="color:#a6d189">http://127.0.0.1:8185/admin</span><span style="color:#c6d0f5">;</span>
|
</span></span><span style="display:flex;"><span> <span style="color:#81c8be">proxy_pass</span> <span style="color:#a6d189">http://127.0.0.1:8185/admin</span>;
|
||||||
</span></span><span style="display:flex;"><span> <span style="color:#ca9ee6">proxy_set_header</span> <span style="color:#a6d189">Host</span> <span style="color:#babbf1">$host</span><span style="color:#c6d0f5">;</span>
|
</span></span><span style="display:flex;"><span> <span style="color:#81c8be">proxy_set_header</span> <span style="color:#a6d189">Host</span> <span style="color:#f2d5cf">$host</span>;
|
||||||
</span></span><span style="display:flex;"><span> <span style="color:#c6d0f5">}</span>
|
</span></span><span style="display:flex;"><span> }
|
||||||
</span></span><span style="display:flex;"><span>
|
</span></span><span style="display:flex;"><span>
|
||||||
</span></span><span style="display:flex;"><span> <span style="color:#626880;font-style:italic"># If you want to log user activity, comment these
|
</span></span><span style="display:flex;"><span> <span style="color:#737994;font-style:italic"># If you want to log user activity, comment these
|
||||||
</span></span></span><span style="display:flex;"><span><span style="color:#626880;font-style:italic"></span> <span style="color:#ca9ee6">access_log</span> <span style="color:#a6d189">/dev/null</span><span style="color:#c6d0f5">;</span>
|
</span></span></span><span style="display:flex;"><span><span style="color:#737994;font-style:italic"></span> <span style="color:#81c8be">access_log</span> <span style="color:#a6d189">/dev/null</span>;
|
||||||
</span></span><span style="display:flex;"><span> <span style="color:#ca9ee6">error_log</span> <span style="color:#a6d189">/dev/null</span><span style="color:#c6d0f5">;</span>
|
</span></span><span style="display:flex;"><span> <span style="color:#81c8be">error_log</span> <span style="color:#a6d189">/dev/null</span>;
|
||||||
</span></span><span style="display:flex;"><span>
|
</span></span><span style="display:flex;"><span>
|
||||||
</span></span><span style="display:flex;"><span> <span style="color:#ca9ee6">listen</span> <span style="color:#a6d189">[::]:443</span> <span style="color:#a6d189">ssl</span><span style="color:#c6d0f5">;</span> <span style="color:#626880;font-style:italic"># managed by Certbot
|
</span></span><span style="display:flex;"><span> <span style="color:#81c8be">listen</span> <span style="color:#a6d189">[::]:443</span> <span style="color:#a6d189">ssl</span>; <span style="color:#737994;font-style:italic"># managed by Certbot
|
||||||
</span></span></span><span style="display:flex;"><span><span style="color:#626880;font-style:italic"></span> <span style="color:#ca9ee6">listen</span> 443 <span style="color:#a6d189">ssl</span><span style="color:#c6d0f5">;</span> <span style="color:#626880;font-style:italic"># managed by Certbot
|
</span></span></span><span style="display:flex;"><span><span style="color:#737994;font-style:italic"></span> <span style="color:#81c8be">listen</span> <span style="color:#ef9f76">443</span> <span style="color:#a6d189">ssl</span>; <span style="color:#737994;font-style:italic"># managed by Certbot
|
||||||
</span></span></span><span style="display:flex;"><span><span style="color:#626880;font-style:italic"></span> <span style="color:#ca9ee6">ssl_certificate</span> <span style="color:#a6d189">/etc/letsencrypt/live/example.com/fullchain.pem</span><span style="color:#c6d0f5">;</span> <span style="color:#626880;font-style:italic"># managed by Certbot
|
</span></span></span><span style="display:flex;"><span><span style="color:#737994;font-style:italic"></span> <span style="color:#81c8be">ssl_certificate</span> <span style="color:#a6d189">/etc/letsencrypt/live/example.com/fullchain.pem</span>; <span style="color:#737994;font-style:italic"># managed by Certbot
|
||||||
</span></span></span><span style="display:flex;"><span><span style="color:#626880;font-style:italic"></span> <span style="color:#ca9ee6">ssl_certificate_key</span> <span style="color:#a6d189">/etc/letsencrypt/live/example.com/privkey.pem</span><span style="color:#c6d0f5">;</span> <span style="color:#626880;font-style:italic"># managed by Certbot
|
</span></span></span><span style="display:flex;"><span><span style="color:#737994;font-style:italic"></span> <span style="color:#81c8be">ssl_certificate_key</span> <span style="color:#a6d189">/etc/letsencrypt/live/example.com/privkey.pem</span>; <span style="color:#737994;font-style:italic"># managed by Certbot
|
||||||
</span></span></span><span style="display:flex;"><span><span style="color:#626880;font-style:italic"></span> <span style="color:#ca9ee6">include</span> <span style="color:#a6d189">/etc/letsencrypt/options-ssl-nginx.conf</span><span style="color:#c6d0f5">;</span> <span style="color:#626880;font-style:italic"># managed by Certbot
|
</span></span></span><span style="display:flex;"><span><span style="color:#737994;font-style:italic"></span> <span style="color:#81c8be">include</span> <span style="color:#a6d189">/etc/letsencrypt/options-ssl-nginx.conf</span>; <span style="color:#737994;font-style:italic"># managed by Certbot
|
||||||
</span></span></span><span style="display:flex;"><span><span style="color:#626880;font-style:italic"></span> <span style="color:#ca9ee6">ssl_dhparam</span> <span style="color:#a6d189">/etc/letsencrypt/ssl-dhparams.pem</span><span style="color:#c6d0f5">;</span> <span style="color:#626880;font-style:italic"># managed by Certbot
|
</span></span></span><span style="display:flex;"><span><span style="color:#737994;font-style:italic"></span> <span style="color:#81c8be">ssl_dhparam</span> <span style="color:#a6d189">/etc/letsencrypt/ssl-dhparams.pem</span>; <span style="color:#737994;font-style:italic"># managed by Certbot
|
||||||
</span></span></span><span style="display:flex;"><span><span style="color:#626880;font-style:italic"></span><span style="color:#c6d0f5">}</span>
|
</span></span></span><span style="display:flex;"><span><span style="color:#737994;font-style:italic"></span>}
|
||||||
</span></span><span style="display:flex;"><span><span style="color:#ca9ee6">server</span> <span style="color:#c6d0f5">{</span>
|
</span></span><span style="display:flex;"><span><span style="color:#ca9ee6">server</span> {
|
||||||
</span></span><span style="display:flex;"><span> <span style="color:#ca9ee6">if</span> <span style="color:#a6d189">(</span><span style="color:#babbf1">$host</span> <span style="color:#c6d0f5">=</span> <span style="color:#a6d189">example.com)</span> <span style="color:#c6d0f5">{</span>
|
</span></span><span style="display:flex;"><span> <span style="color:#81c8be">if</span> <span style="color:#a6d189">(</span><span style="color:#f2d5cf">$host</span> = <span style="color:#a6d189">example.com)</span> {
|
||||||
</span></span><span style="display:flex;"><span> <span style="color:#ca9ee6">return</span> 301 <span style="color:#a6d189">https://</span><span style="color:#babbf1">$host$request_uri</span><span style="color:#c6d0f5">;</span>
|
</span></span><span style="display:flex;"><span> <span style="color:#81c8be">return</span> <span style="color:#ef9f76">301</span> <span style="color:#a6d189">https://</span><span style="color:#f2d5cf">$host$request_uri</span>;
|
||||||
</span></span><span style="display:flex;"><span> <span style="color:#c6d0f5">}</span> <span style="color:#626880;font-style:italic"># managed by Certbot
|
</span></span><span style="display:flex;"><span> } <span style="color:#737994;font-style:italic"># managed by Certbot
|
||||||
</span></span></span><span style="display:flex;"><span><span style="color:#626880;font-style:italic"></span>
|
</span></span></span><span style="display:flex;"><span><span style="color:#737994;font-style:italic"></span>
|
||||||
</span></span><span style="display:flex;"><span>
|
</span></span><span style="display:flex;"><span>
|
||||||
</span></span><span style="display:flex;"><span> <span style="color:#ca9ee6">server_name</span> <span style="color:#a6d189">example.com</span> <span style="color:#c6d0f5">;</span>
|
</span></span><span style="display:flex;"><span> <span style="color:#81c8be">server_name</span> <span style="color:#a6d189">example.com</span> ;
|
||||||
</span></span><span style="display:flex;"><span> <span style="color:#ca9ee6">listen</span> 80<span style="color:#c6d0f5">;</span>
|
</span></span><span style="display:flex;"><span> <span style="color:#81c8be">listen</span> <span style="color:#ef9f76">80</span>;
|
||||||
</span></span><span style="display:flex;"><span> <span style="color:#ca9ee6">listen</span> <span style="color:#a6d189">[::]:80</span><span style="color:#c6d0f5">;</span>
|
</span></span><span style="display:flex;"><span> <span style="color:#81c8be">listen</span> <span style="color:#a6d189">[::]:80</span>;
|
||||||
</span></span><span style="display:flex;"><span> <span style="color:#ca9ee6">return</span> 404<span style="color:#c6d0f5">;</span> <span style="color:#626880;font-style:italic"># managed by Certbot
|
</span></span><span style="display:flex;"><span> <span style="color:#81c8be">return</span> <span style="color:#ef9f76">404</span>; <span style="color:#737994;font-style:italic"># managed by Certbot
|
||||||
</span></span></span><span style="display:flex;"><span><span style="color:#626880;font-style:italic"></span><span style="color:#c6d0f5">}</span>
|
</span></span></span><span style="display:flex;"><span><span style="color:#737994;font-style:italic"></span>}
|
||||||
</span></span></code></pre></div><p>The main point of this config is the <code>/admin</code> location that you need to pass the lighttpd port to acces the website, you can just do it on your main website also.
|
</span></span></code></pre></div><p>The main point of this config is the <code>/admin</code> location that you need to pass the lighttpd port to acces the website, you can just do it on your main website also.
|
||||||
Also to make lighttpd work with nginx listening on port 80 you need to edit the <code>server.port</code> to port you wan&rsquo;t to use in lighttpd config file located at <code>/etc/lighttpd/lighttpd.conf</code> and then just restart lighttpd</p>
|
Also to make lighttpd work with nginx listening on port 80 you need to edit the <code>server.port</code> to port you wan&rsquo;t to use in lighttpd config file located at <code>/etc/lighttpd/lighttpd.conf</code> and then just restart lighttpd</p>
|
||||||
<h2 id="2-unbound">2. Unbound</h2>
|
<h2 id="2-unbound">2. Unbound</h2>
|
||||||
@ -65,104 +235,104 @@ Also to make lighttpd work with nginx listening on port 80 you need to edit the
|
|||||||
<h2 id="3-dns-over-tls">3. DNS over TLS</h2>
|
<h2 id="3-dns-over-tls">3. DNS over TLS</h2>
|
||||||
<p>For dns over tls you need to first have a ssl certificate. I recommend on using certbot to generate one with this command <code>certbot --nginx -d dot.example.com</code>.</p>
|
<p>For dns over tls you need to first have a ssl certificate. I recommend on using certbot to generate one with this command <code>certbot --nginx -d dot.example.com</code>.</p>
|
||||||
<p>Next you will need a reverse proxy, in my case I use nginx. You will need to add this configuration to your main nginx config located at <code>/etc/nginx/nginx.conf</code>. <strong>Make sure to add this outside of the http block and change example.com to your domain</strong></p>
|
<p>Next you will need a reverse proxy, in my case I use nginx. You will need to add this configuration to your main nginx config located at <code>/etc/nginx/nginx.conf</code>. <strong>Make sure to add this outside of the http block and change example.com to your domain</strong></p>
|
||||||
<div class="highlight"><pre tabindex="0" style="color:#ef9f76;background-color:#303446;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-nginx" data-lang="nginx"><span style="display:flex;"><span><span style="color:#ca9ee6">stream</span> <span style="color:#c6d0f5">{</span>
|
<div class="highlight"><pre tabindex="0" style="color:#c6d0f5;background-color:#303446;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-nginx" data-lang="nginx"><span style="display:flex;"><span><span style="color:#ca9ee6">stream</span> {
|
||||||
</span></span><span style="display:flex;"><span> <span style="color:#ca9ee6">log_format</span> <span style="color:#a6d189">basic</span> <span style="color:#a6d189">&#39;</span><span style="color:#babbf1">$remote_addr</span> <span style="color:#a6d189">[</span><span style="color:#babbf1">$time_local]</span> <span style="color:#babbf1">$protocol</span> <span style="color:#babbf1">$status</span> <span style="color:#babbf1">$bytes_sent</span> <span style="color:#babbf1">$bytes_received</span> <span style="color:#babbf1">$session_time</span> <span style="color:#babbf1">$upstream_addr&#39;</span><span style="color:#c6d0f5">;</span>
|
</span></span><span style="display:flex;"><span> <span style="color:#81c8be">log_format</span> <span style="color:#a6d189">basic</span> <span style="color:#a6d189">&#39;</span><span style="color:#f2d5cf">$remote_addr</span> <span style="color:#a6d189">[</span><span style="color:#f2d5cf">$time_local]</span> <span style="color:#f2d5cf">$protocol</span> <span style="color:#f2d5cf">$status</span> <span style="color:#f2d5cf">$bytes_sent</span> <span style="color:#f2d5cf">$bytes_received</span> <span style="color:#f2d5cf">$session_time</span> <span style="color:#f2d5cf">$upstream_addr&#39;</span>;
|
||||||
</span></span><span style="display:flex;"><span>
|
</span></span><span style="display:flex;"><span>
|
||||||
</span></span><span style="display:flex;"><span> <span style="color:#ca9ee6">upstream</span> <span style="color:#a6d189">dns</span>
|
</span></span><span style="display:flex;"><span> <span style="color:#81c8be">upstream</span> <span style="color:#a6d189">dns</span>
|
||||||
</span></span><span style="display:flex;"><span> <span style="color:#c6d0f5">{</span>
|
</span></span><span style="display:flex;"><span> {
|
||||||
</span></span><span style="display:flex;"><span> <span style="color:#ca9ee6">zone</span> <span style="color:#a6d189">dns</span> 64k<span style="color:#c6d0f5">;</span>
|
</span></span><span style="display:flex;"><span> <span style="color:#81c8be">zone</span> <span style="color:#a6d189">dns</span> <span style="color:#ef9f76">64k</span>;
|
||||||
</span></span><span style="display:flex;"><span> <span style="color:#ca9ee6">server</span> <span style="color:#babbf1">127.0.0.1</span><span style="color:#c6d0f5">:</span>53<span style="color:#c6d0f5">;</span>
|
</span></span><span style="display:flex;"><span> <span style="color:#81c8be">server</span> 127.0.0.1:<span style="color:#ef9f76">53</span>;
|
||||||
</span></span><span style="display:flex;"><span> <span style="color:#c6d0f5">}</span>
|
</span></span><span style="display:flex;"><span> }
|
||||||
</span></span><span style="display:flex;"><span>
|
</span></span><span style="display:flex;"><span>
|
||||||
</span></span><span style="display:flex;"><span> <span style="color:#ca9ee6">server</span> <span style="color:#c6d0f5">{</span>
|
</span></span><span style="display:flex;"><span> <span style="color:#81c8be">server</span> {
|
||||||
</span></span><span style="display:flex;"><span> <span style="color:#ca9ee6">listen</span> 853 <span style="color:#a6d189">ssl</span><span style="color:#c6d0f5">;</span>
|
</span></span><span style="display:flex;"><span> <span style="color:#81c8be">listen</span> <span style="color:#ef9f76">853</span> <span style="color:#a6d189">ssl</span>;
|
||||||
</span></span><span style="display:flex;"><span>
|
</span></span><span style="display:flex;"><span>
|
||||||
</span></span><span style="display:flex;"><span> <span style="color:#ca9ee6">access_log</span> <span style="color:#a6d189">/var/log/nginx/dot-access.log</span> <span style="color:#a6d189">basic</span><span style="color:#c6d0f5">;</span>
|
</span></span><span style="display:flex;"><span> <span style="color:#81c8be">access_log</span> <span style="color:#a6d189">/var/log/nginx/dot-access.log</span> <span style="color:#a6d189">basic</span>;
|
||||||
</span></span><span style="display:flex;"><span> <span style="color:#ca9ee6">error_log</span> <span style="color:#a6d189">/var/log/nginx/dot-error.log</span><span style="color:#c6d0f5">;</span>
|
</span></span><span style="display:flex;"><span> <span style="color:#81c8be">error_log</span> <span style="color:#a6d189">/var/log/nginx/dot-error.log</span>;
|
||||||
</span></span><span style="display:flex;"><span>
|
</span></span><span style="display:flex;"><span>
|
||||||
</span></span><span style="display:flex;"><span> <span style="color:#ca9ee6">ssl_certificate</span> <span style="color:#a6d189">/etc/letsencrypt/live/dot.example.com/fullchain.pem</span><span style="color:#c6d0f5">;</span>
|
</span></span><span style="display:flex;"><span> <span style="color:#81c8be">ssl_certificate</span> <span style="color:#a6d189">/etc/letsencrypt/live/dot.example.com/fullchain.pem</span>;
|
||||||
</span></span><span style="display:flex;"><span> <span style="color:#ca9ee6">ssl_certificate_key</span> <span style="color:#a6d189">/etc/letsencrypt/live/dot.example.com/privkey.pem</span><span style="color:#c6d0f5">;</span>
|
</span></span><span style="display:flex;"><span> <span style="color:#81c8be">ssl_certificate_key</span> <span style="color:#a6d189">/etc/letsencrypt/live/dot.example.com/privkey.pem</span>;
|
||||||
</span></span><span style="display:flex;"><span>
|
</span></span><span style="display:flex;"><span>
|
||||||
</span></span><span style="display:flex;"><span> <span style="color:#ca9ee6">ssl_protocols</span> <span style="color:#a6d189">TLSv1.2</span> <span style="color:#a6d189">TLSv1.3</span><span style="color:#c6d0f5">;</span>
|
</span></span><span style="display:flex;"><span> <span style="color:#81c8be">ssl_protocols</span> <span style="color:#a6d189">TLSv1.2</span> <span style="color:#a6d189">TLSv1.3</span>;
|
||||||
</span></span><span style="display:flex;"><span> <span style="color:#ca9ee6">ssl_ciphers</span> <span style="color:#a6d189">HIGH:!aNULL:!MD5</span><span style="color:#c6d0f5">;</span>
|
</span></span><span style="display:flex;"><span> <span style="color:#81c8be">ssl_ciphers</span> <span style="color:#a6d189">HIGH:!aNULL:!MD5</span>;
|
||||||
</span></span><span style="display:flex;"><span>
|
</span></span><span style="display:flex;"><span>
|
||||||
</span></span><span style="display:flex;"><span> <span style="color:#ca9ee6">ssl_handshake_timeout</span> <span style="color:#a6d189">10s</span><span style="color:#c6d0f5">;</span>
|
</span></span><span style="display:flex;"><span> <span style="color:#81c8be">ssl_handshake_timeout</span> <span style="color:#a6d189">10s</span>;
|
||||||
</span></span><span style="display:flex;"><span> <span style="color:#ca9ee6">ssl_session_cache</span> <span style="color:#a6d189">shared:SSL:20m</span><span style="color:#c6d0f5">;</span>
|
</span></span><span style="display:flex;"><span> <span style="color:#81c8be">ssl_session_cache</span> <span style="color:#a6d189">shared:SSL:20m</span>;
|
||||||
</span></span><span style="display:flex;"><span> <span style="color:#ca9ee6">ssl_session_timeout</span> <span style="color:#a6d189">4h</span><span style="color:#c6d0f5">;</span>
|
</span></span><span style="display:flex;"><span> <span style="color:#81c8be">ssl_session_timeout</span> <span style="color:#a6d189">4h</span>;
|
||||||
</span></span><span style="display:flex;"><span> <span style="color:#ca9ee6">proxy_pass</span> <span style="color:#a6d189">dns</span><span style="color:#c6d0f5">;</span>
|
</span></span><span style="display:flex;"><span> <span style="color:#81c8be">proxy_pass</span> <span style="color:#a6d189">dns</span>;
|
||||||
</span></span><span style="display:flex;"><span> <span style="color:#ca9ee6">proxy_responses</span> 1<span style="color:#c6d0f5">;</span>
|
</span></span><span style="display:flex;"><span> <span style="color:#81c8be">proxy_responses</span> <span style="color:#ef9f76">1</span>;
|
||||||
</span></span><span style="display:flex;"><span> <span style="color:#ca9ee6">proxy_timeout</span> <span style="color:#a6d189">1s</span><span style="color:#c6d0f5">;</span>
|
</span></span><span style="display:flex;"><span> <span style="color:#81c8be">proxy_timeout</span> <span style="color:#a6d189">1s</span>;
|
||||||
</span></span><span style="display:flex;"><span> <span style="color:#c6d0f5">}</span>
|
</span></span><span style="display:flex;"><span> }
|
||||||
</span></span><span style="display:flex;"><span><span style="color:#c6d0f5">}</span>
|
</span></span><span style="display:flex;"><span>}
|
||||||
</span></span></code></pre></div><p>Also make sure to enable port 853, example ufw command is <code>ufw allow 853/tcp</code>. Then restart nginx, to test if this configuration is working you can use your android phone by setting the private dns address to <code>dot.example.com</code> and then visit the website<a href="https://dnsleaktest.com">dnsleaktest</a></p>
|
</span></span></code></pre></div><p>Also make sure to enable port 853, example ufw command is <code>ufw allow 853/tcp</code>. Then restart nginx, to test if this configuration is working you can use your android phone by setting the private dns address to <code>dot.example.com</code> and then visit the website<a href="https://dnsleaktest.com">dnsleaktest</a></p>
|
||||||
<h2 id="4-dns-over-https">4. DNS over HTTPS</h2>
|
<h2 id="4-dns-over-https">4. DNS over HTTPS</h2>
|
||||||
<p>For using dns over https we will be installing additional package called dnsdinst. On debian systems just run <code>apt install dnsdinst</code>. Next you will need to setup dnsdinst config and restart it. Make sure to change example.com.</p>
|
<p>For using dns over https we will be installing additional package called dnsdinst. On debian systems just run <code>apt install dnsdinst</code>. Next you will need to setup dnsdinst config and restart it. Make sure to change example.com.</p>
|
||||||
<div class="highlight"><pre tabindex="0" style="color:#ef9f76;background-color:#303446;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-conf" data-lang="conf"><span style="display:flex;"><span><span style="color:#babbf1">--</span> <span style="color:#babbf1">dnsdist</span> <span style="color:#babbf1">configuration</span> <span style="color:#babbf1">file</span><span style="color:#c6d0f5">,</span> <span style="color:#babbf1">an</span> <span style="color:#babbf1">example</span> <span style="color:#babbf1">can</span> <span style="color:#babbf1">be</span> <span style="color:#babbf1">found</span> <span style="color:#babbf1">in</span> <span style="color:#e78284">/</span><span style="color:#babbf1">usr</span><span style="color:#e78284">/</span><span style="color:#babbf1">share</span><span style="color:#e78284">/</span><span style="color:#babbf1">doc</span><span style="color:#e78284">/</span><span style="color:#babbf1">dnsdist</span><span style="color:#e78284">/</span><span style="color:#babbf1">examples</span><span style="color:#e78284">/</span>
|
<pre tabindex="0"><code class="language-conf" data-lang="conf">-- dnsdist configuration file, an example can be found in /usr/share/doc/dnsdist/examples/
|
||||||
|
|
||||||
|
-- disable security status polling via DNS
|
||||||
|
setSecurityPollSuffix(&#34;&#34;)
|
||||||
|
|
||||||
|
-- fix up possibly badly truncated answers from pdns 2.9.22
|
||||||
|
-- truncateTC(true)
|
||||||
|
|
||||||
|
-- Answer to only clients from this subnet
|
||||||
|
setACL(&#34;127.0.0.1/8&#34;)
|
||||||
|
|
||||||
|
-- Define upstream DNS server (Pi-hole)
|
||||||
|
newServer({address=&#34;127.0.0.1&#34;, name=&#34;Pi-hole&#34;, checkName=&#34;example.com&#34;, checkInterval=60, mustResolve=true})
|
||||||
|
|
||||||
|
-- Create local DOH server listener in DNS over HTTP mode, otherwise the information coming from nginx won&#39;t be processed well
|
||||||
|
addDOHLocal(&#34;127.0.0.1:5300&#34;, nil, nil, &#34;/dns-query&#34;, { reusePort=true })
|
||||||
|
</code></pre><p>Next we will need another ssl certificate for the doh domain, for that we will once again using certbot with this command <code>certbot --nginx -d doh.example.com</code>after that add this configuratin to nginx either in sites-available and linking it to sites enabled or in http block in main nginx configuration.</p>
|
||||||
|
<div class="highlight"><pre tabindex="0" style="color:#c6d0f5;background-color:#303446;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-nginx" data-lang="nginx"><span style="display:flex;"><span><span style="color:#737994;font-style:italic"># Proxy Cache storage - so we can cache the DoH response from the upstream
|
||||||
|
</span></span></span><span style="display:flex;"><span><span style="color:#737994;font-style:italic"></span><span style="color:#ca9ee6">proxy_cache_path</span> <span style="color:#a6d189">/var/run/doh_cache</span> <span style="color:#a6d189">levels=1:2</span> <span style="color:#a6d189">keys_zone=doh_cache:10m</span>;
|
||||||
</span></span><span style="display:flex;"><span>
|
</span></span><span style="display:flex;"><span>
|
||||||
</span></span><span style="display:flex;"><span><span style="color:#babbf1">--</span> <span style="color:#babbf1">disable</span> <span style="color:#babbf1">security</span> <span style="color:#babbf1">status</span> <span style="color:#babbf1">polling</span> <span style="color:#babbf1">via</span> <span style="color:#babbf1">DNS</span>
|
</span></span><span style="display:flex;"><span><span style="color:#ca9ee6">server</span> {
|
||||||
</span></span><span style="display:flex;"><span><span style="color:#99d1db">setSecurityPollSuffix</span><span style="color:#c6d0f5">(</span><span style="color:#a6d189">&#34;&#34;</span><span style="color:#c6d0f5">)</span>
|
</span></span><span style="display:flex;"><span> <span style="color:#81c8be">listen</span> <span style="color:#ef9f76">80</span>;
|
||||||
|
</span></span><span style="display:flex;"><span> <span style="color:#81c8be">server_name</span> <span style="color:#a6d189">doh.example.com</span>;
|
||||||
|
</span></span><span style="display:flex;"><span> <span style="color:#81c8be">return</span> <span style="color:#ef9f76">301</span> <span style="color:#a6d189">https://doh.example.com/</span><span style="color:#f2d5cf">$request_uri</span>;
|
||||||
|
</span></span><span style="display:flex;"><span>}
|
||||||
</span></span><span style="display:flex;"><span>
|
</span></span><span style="display:flex;"><span>
|
||||||
</span></span><span style="display:flex;"><span><span style="color:#babbf1">--</span> <span style="color:#babbf1">fix</span> <span style="color:#babbf1">up</span> <span style="color:#babbf1">possibly</span> <span style="color:#babbf1">badly</span> <span style="color:#babbf1">truncated</span> <span style="color:#babbf1">answers</span> <span style="color:#babbf1">from</span> <span style="color:#babbf1">pdns</span> <span style="color:#babbf1">2.9.22</span>
|
</span></span><span style="display:flex;"><span><span style="color:#737994;font-style:italic"># This virtual server accepts HTTP/2 over HTTPS
|
||||||
</span></span><span style="display:flex;"><span><span style="color:#babbf1">--</span> <span style="color:#99d1db">truncateTC</span><span style="color:#c6d0f5">(</span><span style="color:#ca9ee6;font-style:italic">true</span><span style="color:#c6d0f5">)</span>
|
</span></span></span><span style="display:flex;"><span><span style="color:#737994;font-style:italic"></span><span style="color:#ca9ee6">server</span> {
|
||||||
|
</span></span><span style="display:flex;"><span> <span style="color:#81c8be">listen</span> <span style="color:#ef9f76">443</span> <span style="color:#a6d189">ssl</span> <span style="color:#a6d189">http2</span>;
|
||||||
|
</span></span><span style="display:flex;"><span> <span style="color:#81c8be">server_name</span> <span style="color:#a6d189">doh.example.com</span>;
|
||||||
</span></span><span style="display:flex;"><span>
|
</span></span><span style="display:flex;"><span>
|
||||||
</span></span><span style="display:flex;"><span><span style="color:#babbf1">--</span> <span style="color:#babbf1">Answer</span> <span style="color:#babbf1">to</span> <span style="color:#babbf1">only</span> <span style="color:#babbf1">clients</span> <span style="color:#babbf1">from</span> <span style="color:#babbf1">this</span> <span style="color:#e5c890">subnet</span>
|
</span></span><span style="display:flex;"><span> <span style="color:#81c8be">access_log</span> <span style="color:#a6d189">/var/log/nginx/doh.access</span>;
|
||||||
</span></span><span style="display:flex;"><span><span style="color:#99d1db">setACL</span><span style="color:#c6d0f5">(</span><span style="color:#a6d189">&#34;127.0.0.1/8&#34;</span><span style="color:#c6d0f5">)</span>
|
</span></span><span style="display:flex;"><span> <span style="color:#81c8be">error_log</span> <span style="color:#a6d189">/var/log/nginx/doh.error</span> <span style="color:#a6d189">error</span>;
|
||||||
</span></span><span style="display:flex;"><span>
|
</span></span><span style="display:flex;"><span>
|
||||||
</span></span><span style="display:flex;"><span><span style="color:#babbf1">--</span> <span style="color:#babbf1">Define</span> <span style="color:#babbf1">upstream</span> <span style="color:#babbf1">DNS</span> <span style="color:#99d1db">server</span> <span style="color:#c6d0f5">(</span><span style="color:#babbf1">Pi-hole</span><span style="color:#c6d0f5">)</span>
|
</span></span><span style="display:flex;"><span> <span style="color:#81c8be">ssl_certificate</span> <span style="color:#a6d189">/etc/letsencrypt/live/doh.example.com/fullchain.pem</span>;
|
||||||
</span></span><span style="display:flex;"><span><span style="color:#99d1db">newServer</span><span style="color:#c6d0f5">({</span><span style="color:#babbf1">address</span><span style="color:#99d1db">=</span><span style="color:#a6d189">&#34;127.0.0.1&#34;</span><span style="color:#c6d0f5">,</span> <span style="color:#babbf1">name</span><span style="color:#99d1db">=</span><span style="color:#a6d189">&#34;Pi-hole&#34;</span><span style="color:#c6d0f5">,</span> <span style="color:#babbf1">checkName</span><span style="color:#99d1db">=</span><span style="color:#a6d189">&#34;example.com&#34;</span><span style="color:#c6d0f5">,</span> <span style="color:#babbf1">checkInterval</span><span style="color:#99d1db">=</span><span style="color:#babbf1">60</span><span style="color:#c6d0f5">,</span> <span style="color:#babbf1">mustResolve</span><span style="color:#99d1db">=</span><span style="color:#ca9ee6;font-style:italic">true</span><span style="color:#c6d0f5">})</span>
|
</span></span><span style="display:flex;"><span> <span style="color:#81c8be">ssl_certificate_key</span> <span style="color:#a6d189">/etc/letsencrypt/live/doh.example.com/privkey.pem</span>;
|
||||||
</span></span><span style="display:flex;"><span>
|
|
||||||
</span></span><span style="display:flex;"><span><span style="color:#babbf1">--</span> <span style="color:#babbf1">Create</span> <span style="color:#babbf1">local</span> <span style="color:#babbf1">DOH</span> <span style="color:#babbf1">server</span> <span style="color:#babbf1">listener</span> <span style="color:#babbf1">in</span> <span style="color:#babbf1">DNS</span> <span style="color:#babbf1">over</span> <span style="color:#babbf1">HTTP</span> <span style="color:#babbf1">mode</span><span style="color:#c6d0f5">,</span> <span style="color:#babbf1">otherwise</span> <span style="color:#babbf1">the</span> <span style="color:#babbf1">information</span> <span style="color:#babbf1">coming</span> <span style="color:#babbf1">from</span> <span style="color:#babbf1">nginx</span> <span style="color:#babbf1">won</span><span style="color:#e78284">&#39;</span><span style="color:#babbf1">t</span> <span style="color:#babbf1">be</span> <span style="color:#babbf1">processed</span> <span style="color:#babbf1">well</span>
|
|
||||||
</span></span><span style="display:flex;"><span><span style="color:#99d1db">addDOHLocal</span><span style="color:#c6d0f5">(</span><span style="color:#a6d189">&#34;127.0.0.1:5300&#34;</span><span style="color:#c6d0f5">,</span> <span style="color:#babbf1">nil</span><span style="color:#c6d0f5">,</span> <span style="color:#babbf1">nil</span><span style="color:#c6d0f5">,</span> <span style="color:#a6d189">&#34;/dns-query&#34;</span><span style="color:#c6d0f5">,</span> <span style="color:#c6d0f5">{</span> <span style="color:#babbf1">reusePort</span><span style="color:#99d1db">=</span><span style="color:#ca9ee6;font-style:italic">true</span> <span style="color:#c6d0f5">})</span>
|
|
||||||
</span></span></code></pre></div><p>Next we will need another ssl certificate for the doh domain, for that we will once again using certbot with this command <code>certbot --nginx -d doh.example.com</code>after that add this configuratin to nginx either in sites-available and linking it to sites enabled or in http block in main nginx configuration.</p>
|
|
||||||
<div class="highlight"><pre tabindex="0" style="color:#ef9f76;background-color:#303446;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-nginx" data-lang="nginx"><span style="display:flex;"><span><span style="color:#626880;font-style:italic"># Proxy Cache storage - so we can cache the DoH response from the upstream
|
|
||||||
</span></span></span><span style="display:flex;"><span><span style="color:#626880;font-style:italic"></span><span style="color:#ca9ee6">proxy_cache_path</span> <span style="color:#a6d189">/var/run/doh_cache</span> <span style="color:#a6d189">levels=1:2</span> <span style="color:#a6d189">keys_zone=doh_cache:10m</span><span style="color:#c6d0f5">;</span>
|
|
||||||
</span></span><span style="display:flex;"><span>
|
|
||||||
</span></span><span style="display:flex;"><span><span style="color:#ca9ee6">server</span> <span style="color:#c6d0f5">{</span>
|
|
||||||
</span></span><span style="display:flex;"><span> <span style="color:#ca9ee6">listen</span> 80<span style="color:#c6d0f5">;</span>
|
|
||||||
</span></span><span style="display:flex;"><span> <span style="color:#ca9ee6">server_name</span> <span style="color:#a6d189">doh.example.com</span><span style="color:#c6d0f5">;</span>
|
|
||||||
</span></span><span style="display:flex;"><span> <span style="color:#ca9ee6">return</span> 301 <span style="color:#a6d189">https://doh.example.com/</span><span style="color:#babbf1">$request_uri</span><span style="color:#c6d0f5">;</span>
|
|
||||||
</span></span><span style="display:flex;"><span><span style="color:#c6d0f5">}</span>
|
|
||||||
</span></span><span style="display:flex;"><span>
|
|
||||||
</span></span><span style="display:flex;"><span><span style="color:#626880;font-style:italic"># This virtual server accepts HTTP/2 over HTTPS
|
|
||||||
</span></span></span><span style="display:flex;"><span><span style="color:#626880;font-style:italic"></span><span style="color:#ca9ee6">server</span> <span style="color:#c6d0f5">{</span>
|
|
||||||
</span></span><span style="display:flex;"><span> <span style="color:#ca9ee6">listen</span> 443 <span style="color:#a6d189">ssl</span> <span style="color:#a6d189">http2</span><span style="color:#c6d0f5">;</span>
|
|
||||||
</span></span><span style="display:flex;"><span> <span style="color:#ca9ee6">server_name</span> <span style="color:#a6d189">doh.example.com</span><span style="color:#c6d0f5">;</span>
|
|
||||||
</span></span><span style="display:flex;"><span>
|
|
||||||
</span></span><span style="display:flex;"><span> <span style="color:#ca9ee6">access_log</span> <span style="color:#a6d189">/var/log/nginx/doh.access</span><span style="color:#c6d0f5">;</span>
|
|
||||||
</span></span><span style="display:flex;"><span> <span style="color:#ca9ee6">error_log</span> <span style="color:#a6d189">/var/log/nginx/doh.error</span> <span style="color:#a6d189">error</span><span style="color:#c6d0f5">;</span>
|
|
||||||
</span></span><span style="display:flex;"><span>
|
|
||||||
</span></span><span style="display:flex;"><span> <span style="color:#ca9ee6">ssl_certificate</span> <span style="color:#a6d189">/etc/letsencrypt/live/doh.example.com/fullchain.pem</span><span style="color:#c6d0f5">;</span>
|
|
||||||
</span></span><span style="display:flex;"><span> <span style="color:#ca9ee6">ssl_certificate_key</span> <span style="color:#a6d189">/etc/letsencrypt/live/doh.example.com/privkey.pem</span><span style="color:#c6d0f5">;</span>
|
|
||||||
</span></span><span style="display:flex;"><span>
|
</span></span><span style="display:flex;"><span>
|
||||||
</span></span><span style="display:flex;"><span>
|
</span></span><span style="display:flex;"><span>
|
||||||
</span></span><span style="display:flex;"><span> <span style="color:#626880;font-style:italic"># DoH may use GET or POST requests, Cache both
|
</span></span><span style="display:flex;"><span> <span style="color:#737994;font-style:italic"># DoH may use GET or POST requests, Cache both
|
||||||
</span></span></span><span style="display:flex;"><span><span style="color:#626880;font-style:italic"></span> <span style="color:#ca9ee6">proxy_cache_methods</span> <span style="color:#a6d189">GET</span> <span style="color:#a6d189">POST</span><span style="color:#c6d0f5">;</span>
|
</span></span></span><span style="display:flex;"><span><span style="color:#737994;font-style:italic"></span> <span style="color:#81c8be">proxy_cache_methods</span> <span style="color:#a6d189">GET</span> <span style="color:#a6d189">POST</span>;
|
||||||
</span></span><span style="display:flex;"><span>
|
</span></span><span style="display:flex;"><span>
|
||||||
</span></span><span style="display:flex;"><span> <span style="color:#626880;font-style:italic"># Return 404 to all responses, except for those using our published DoH URI
|
</span></span><span style="display:flex;"><span> <span style="color:#737994;font-style:italic"># Return 404 to all responses, except for those using our published DoH URI
|
||||||
</span></span></span><span style="display:flex;"><span><span style="color:#626880;font-style:italic"></span> <span style="color:#ca9ee6">location</span> <span style="color:#a6d189">/</span> <span style="color:#c6d0f5">{</span>
|
</span></span></span><span style="display:flex;"><span><span style="color:#737994;font-style:italic"></span> <span style="color:#81c8be">location</span> <span style="color:#a6d189">/</span> {
|
||||||
</span></span><span style="display:flex;"><span> <span style="color:#ca9ee6">try_files</span> <span style="color:#babbf1">$uri</span> <span style="color:#babbf1">$uri/</span> <span style="color:#c6d0f5">=</span>404<span style="color:#c6d0f5">;</span>
|
</span></span><span style="display:flex;"><span> <span style="color:#81c8be">try_files</span> <span style="color:#f2d5cf">$uri</span> <span style="color:#f2d5cf">$uri/</span> =<span style="color:#ef9f76">404</span>;
|
||||||
</span></span><span style="display:flex;"><span> <span style="color:#c6d0f5">}</span>
|
</span></span><span style="display:flex;"><span> }
|
||||||
</span></span><span style="display:flex;"><span>
|
</span></span><span style="display:flex;"><span>
|
||||||
</span></span><span style="display:flex;"><span> <span style="color:#ca9ee6">ssl_protocols</span> <span style="color:#a6d189">TLSv1.2</span> <span style="color:#a6d189">TLSv1.3</span><span style="color:#c6d0f5">;</span>
|
</span></span><span style="display:flex;"><span> <span style="color:#81c8be">ssl_protocols</span> <span style="color:#a6d189">TLSv1.2</span> <span style="color:#a6d189">TLSv1.3</span>;
|
||||||
</span></span><span style="display:flex;"><span> <span style="color:#ca9ee6">proxy_ssl_ciphers</span> <span style="color:#a6d189">HIGH:!aNULL:!MD5</span><span style="color:#c6d0f5">;</span>
|
</span></span><span style="display:flex;"><span> <span style="color:#81c8be">proxy_ssl_ciphers</span> <span style="color:#a6d189">HIGH:!aNULL:!MD5</span>;
|
||||||
</span></span><span style="display:flex;"><span>
|
</span></span><span style="display:flex;"><span>
|
||||||
</span></span><span style="display:flex;"><span> <span style="color:#626880;font-style:italic"># This is our published DoH URI
|
</span></span><span style="display:flex;"><span> <span style="color:#737994;font-style:italic"># This is our published DoH URI
|
||||||
</span></span></span><span style="display:flex;"><span><span style="color:#626880;font-style:italic"></span> <span style="color:#ca9ee6">location</span> <span style="color:#a6d189">/dns-query</span> <span style="color:#c6d0f5">{</span>
|
</span></span></span><span style="display:flex;"><span><span style="color:#737994;font-style:italic"></span> <span style="color:#81c8be">location</span> <span style="color:#a6d189">/dns-query</span> {
|
||||||
</span></span><span style="display:flex;"><span> <span style="color:#626880;font-style:italic"># Proxy HTTP/1.1, clear the connection header to enable Keep-Alive
|
</span></span><span style="display:flex;"><span> <span style="color:#737994;font-style:italic"># Proxy HTTP/1.1, clear the connection header to enable Keep-Alive
|
||||||
</span></span></span><span style="display:flex;"><span><span style="color:#626880;font-style:italic"></span> <span style="color:#ca9ee6">proxy_http_version</span> 1<span style="color:#a6d189">.1</span><span style="color:#c6d0f5">;</span>
|
</span></span></span><span style="display:flex;"><span><span style="color:#737994;font-style:italic"></span> <span style="color:#81c8be">proxy_http_version</span> <span style="color:#ef9f76">1</span><span style="color:#a6d189">.1</span>;
|
||||||
</span></span><span style="display:flex;"><span> <span style="color:#ca9ee6">proxy_set_header</span> <span style="color:#a6d189">Connection</span> <span style="color:#a6d189">&#34;&#34;</span><span style="color:#c6d0f5">;</span>
|
</span></span><span style="display:flex;"><span> <span style="color:#81c8be">proxy_set_header</span> <span style="color:#a6d189">Connection</span> <span style="color:#a6d189">&#34;&#34;</span>;
|
||||||
</span></span><span style="display:flex;"><span>
|
</span></span><span style="display:flex;"><span>
|
||||||
</span></span><span style="display:flex;"><span> <span style="color:#626880;font-style:italic"># Enable Cache, and set the cache_key to include the request_body
|
</span></span><span style="display:flex;"><span> <span style="color:#737994;font-style:italic"># Enable Cache, and set the cache_key to include the request_body
|
||||||
</span></span></span><span style="display:flex;"><span><span style="color:#626880;font-style:italic"></span> <span style="color:#ca9ee6">proxy_cache</span> <span style="color:#a6d189">doh_cache</span><span style="color:#c6d0f5">;</span>
|
</span></span></span><span style="display:flex;"><span><span style="color:#737994;font-style:italic"></span> <span style="color:#81c8be">proxy_cache</span> <span style="color:#a6d189">doh_cache</span>;
|
||||||
</span></span><span style="display:flex;"><span> <span style="color:#ca9ee6">proxy_cache_key</span> <span style="color:#babbf1">$scheme$proxy_host$uri$is_args$args$request_body</span><span style="color:#c6d0f5">;</span>
|
</span></span><span style="display:flex;"><span> <span style="color:#81c8be">proxy_cache_key</span> <span style="color:#f2d5cf">$scheme$proxy_host$uri$is_args$args$request_body</span>;
|
||||||
</span></span><span style="display:flex;"><span>
|
</span></span><span style="display:flex;"><span>
|
||||||
</span></span><span style="display:flex;"><span> <span style="color:#626880;font-style:italic"># proxy pass to dnsdist
|
</span></span><span style="display:flex;"><span> <span style="color:#737994;font-style:italic"># proxy pass to dnsdist
|
||||||
</span></span></span><span style="display:flex;"><span><span style="color:#626880;font-style:italic"></span> <span style="color:#ca9ee6">proxy_pass</span> <span style="color:#a6d189">http://127.0.0.1:5300</span><span style="color:#c6d0f5">;</span>
|
</span></span></span><span style="display:flex;"><span><span style="color:#737994;font-style:italic"></span> <span style="color:#81c8be">proxy_pass</span> <span style="color:#a6d189">http://127.0.0.1:5300</span>;
|
||||||
</span></span><span style="display:flex;"><span>
|
</span></span><span style="display:flex;"><span>
|
||||||
</span></span><span style="display:flex;"><span> <span style="color:#626880;font-style:italic"># proxy pass address
|
</span></span><span style="display:flex;"><span> <span style="color:#737994;font-style:italic"># proxy pass address
|
||||||
</span></span></span><span style="display:flex;"><span><span style="color:#626880;font-style:italic"></span> <span style="color:#ca9ee6">proxy_set_header</span> <span style="color:#a6d189">X-Forwarded-For</span> <span style="color:#babbf1">$proxy_add_x_forwarded_for</span><span style="color:#c6d0f5">;</span>
|
</span></span></span><span style="display:flex;"><span><span style="color:#737994;font-style:italic"></span> <span style="color:#81c8be">proxy_set_header</span> <span style="color:#a6d189">X-Forwarded-For</span> <span style="color:#f2d5cf">$proxy_add_x_forwarded_for</span>;
|
||||||
</span></span><span style="display:flex;"><span> <span style="color:#c6d0f5">}</span>
|
</span></span><span style="display:flex;"><span> }
|
||||||
</span></span><span style="display:flex;"><span><span style="color:#c6d0f5">}</span>
|
</span></span><span style="display:flex;"><span>}
|
||||||
</span></span></code></pre></div><p>After restarting nginx with this configuration you can it to your web browser as a DNS over HTTPS resolver and once again checkout <a href="https://dnsleaktest.com">dnsleaktest</a> website and check if it is all working.</p>
|
</span></span></code></pre></div><p>After restarting nginx with this configuration you can it to your web browser as a DNS over HTTPS resolver and once again checkout <a href="https://dnsleaktest.com">dnsleaktest</a> website and check if it is all working.</p>
|
||||||
<p>Hope this has been helpfull and if anybody has any way on how to make this guied better you can open a pull request or make an issue on the website&rsquo;s <a href="https://code.cronyakatsuki.xyz/crony/website">repo</a>.</p>
|
<p>Hope this has been helpfull and if anybody has any way on how to make this guied better you can open a pull request or make an issue on the website&rsquo;s <a href="https://code.cronyakatsuki.xyz/crony/website">repo</a>.</p>
|
||||||
</description>
|
</description>
|
||||||
@ -196,89 +366,89 @@ Also to make lighttpd work with nginx listening on port 80 you need to edit the
|
|||||||
<p>For this tutorial I expect that you already have a server seted up with nginx and certbot. To set up this things check out <a href="https://landchad.net">landchad</a></p>
|
<p>For this tutorial I expect that you already have a server seted up with nginx and certbot. To set up this things check out <a href="https://landchad.net">landchad</a></p>
|
||||||
<h2 id="installing-needed-packages">Installing needed packages</h2>
|
<h2 id="installing-needed-packages">Installing needed packages</h2>
|
||||||
<p>You will first need to setup miniflux apt repository to install it on your system.</p>
|
<p>You will first need to setup miniflux apt repository to install it on your system.</p>
|
||||||
<div class="highlight"><pre tabindex="0" style="color:#ef9f76;background-color:#303446;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-bash" data-lang="bash"><span style="display:flex;"><span><span style="color:#c6d0f5;font-style:italic">echo</span> <span style="color:#a6d189">&#34;deb [trusted=yes] https://repo.miniflux.app/apt/ /&#34;</span> <span style="color:#c6d0f5">|</span> sudo tee /etc/apt/sources.list.d/miniflux.list &gt; /dev/null
|
<div class="highlight"><pre tabindex="0" style="color:#c6d0f5;background-color:#303446;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-bash" data-lang="bash"><span style="display:flex;"><span><span style="color:#99d1db">echo</span> <span style="color:#a6d189">&#34;deb [trusted=yes] https://repo.miniflux.app/apt/ /&#34;</span> | sudo tee /etc/apt/sources.list.d/miniflux.list &gt; /dev/null
|
||||||
</span></span><span style="display:flex;"><span>apt update
|
</span></span><span style="display:flex;"><span>apt update
|
||||||
</span></span></code></pre></div><p>Then just install the needed packages.</p>
|
</span></span></code></pre></div><p>Then just install the needed packages.</p>
|
||||||
<div class="highlight"><pre tabindex="0" style="color:#ef9f76;background-color:#303446;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-bash" data-lang="bash"><span style="display:flex;"><span>apt install miniflux postgresql
|
<div class="highlight"><pre tabindex="0" style="color:#c6d0f5;background-color:#303446;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-bash" data-lang="bash"><span style="display:flex;"><span>apt install miniflux postgresql
|
||||||
</span></span></code></pre></div><h2 id="setting-up-postgres-database-and-miniflux">Setting up postgres database and miniflux</h2>
|
</span></span></code></pre></div><h2 id="setting-up-postgres-database-and-miniflux">Setting up postgres database and miniflux</h2>
|
||||||
<p>Here I will detail steps to create the postgres database.</p>
|
<p>Here I will detail steps to create the postgres database.</p>
|
||||||
<h3 id="initial-postgres-setup">Initial postgres setup</h3>
|
<h3 id="initial-postgres-setup">Initial postgres setup</h3>
|
||||||
<div class="highlight"><pre tabindex="0" style="color:#ef9f76;background-color:#303446;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-bash" data-lang="bash"><span style="display:flex;"><span><span style="color:#626880;font-style:italic"># Switch to the postgres user</span>
|
<div class="highlight"><pre tabindex="0" style="color:#c6d0f5;background-color:#303446;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-bash" data-lang="bash"><span style="display:flex;"><span><span style="color:#737994;font-style:italic"># Switch to the postgres user</span>
|
||||||
</span></span><span style="display:flex;"><span>$ su - postgres
|
</span></span><span style="display:flex;"><span>$ su - postgres
|
||||||
</span></span><span style="display:flex;"><span>
|
</span></span><span style="display:flex;"><span>
|
||||||
</span></span><span style="display:flex;"><span><span style="color:#626880;font-style:italic"># Creating a miniflux user, enter a safe and secure password</span>
|
</span></span><span style="display:flex;"><span><span style="color:#737994;font-style:italic"># Creating a miniflux user, enter a safe and secure password</span>
|
||||||
</span></span><span style="display:flex;"><span>$ createuser -P miniflux
|
</span></span><span style="display:flex;"><span>$ createuser -P miniflux
|
||||||
</span></span><span style="display:flex;"><span>
|
</span></span><span style="display:flex;"><span>
|
||||||
</span></span><span style="display:flex;"><span><span style="color:#626880;font-style:italic"># Create a database for miniflux that belongs to our user</span>
|
</span></span><span style="display:flex;"><span><span style="color:#737994;font-style:italic"># Create a database for miniflux that belongs to our user</span>
|
||||||
</span></span><span style="display:flex;"><span>$ createdb -O miniflux miniflux
|
</span></span><span style="display:flex;"><span>$ createdb -O miniflux miniflux
|
||||||
</span></span><span style="display:flex;"><span>
|
</span></span><span style="display:flex;"><span>
|
||||||
</span></span><span style="display:flex;"><span><span style="color:#626880;font-style:italic"># Create a database for miniflux that belongs to our user</span>
|
</span></span><span style="display:flex;"><span><span style="color:#737994;font-style:italic"># Create a database for miniflux that belongs to our user</span>
|
||||||
</span></span><span style="display:flex;"><span>$ createdb -O miniflux miniflux
|
</span></span><span style="display:flex;"><span>$ createdb -O miniflux miniflux
|
||||||
</span></span><span style="display:flex;"><span>
|
</span></span><span style="display:flex;"><span>
|
||||||
</span></span><span style="display:flex;"><span><span style="color:#626880;font-style:italic"># Creating extension hstore as superuser</span>
|
</span></span><span style="display:flex;"><span><span style="color:#737994;font-style:italic"># Creating extension hstore as superuser</span>
|
||||||
</span></span><span style="display:flex;"><span>$ psql miniflux -c <span style="color:#a6d189">&#39;create extension hstore&#39;</span>
|
</span></span><span style="display:flex;"><span>$ psql miniflux -c <span style="color:#a6d189">&#39;create extension hstore&#39;</span>
|
||||||
</span></span><span style="display:flex;"><span>
|
</span></span><span style="display:flex;"><span>
|
||||||
</span></span><span style="display:flex;"><span><span style="color:#626880;font-style:italic"># Managing the miniflux database</span>
|
</span></span><span style="display:flex;"><span><span style="color:#737994;font-style:italic"># Managing the miniflux database</span>
|
||||||
</span></span><span style="display:flex;"><span>$ psql <span style="color:#babbf1">$MINIFLUX_DATABASE</span>
|
</span></span><span style="display:flex;"><span>$ psql <span style="color:#f2d5cf">$MINIFLUX_DATABASE</span>
|
||||||
</span></span><span style="display:flex;"><span>
|
</span></span><span style="display:flex;"><span>
|
||||||
</span></span><span style="display:flex;"><span><span style="color:#626880;font-style:italic"># Giving miniflux user all privileges</span>
|
</span></span><span style="display:flex;"><span><span style="color:#737994;font-style:italic"># Giving miniflux user all privileges</span>
|
||||||
</span></span><span style="display:flex;"><span>&gt; alter user miniflux with superuser<span style="color:#c6d0f5">;</span>
|
</span></span><span style="display:flex;"><span>&gt; alter user miniflux with superuser;
|
||||||
</span></span><span style="display:flex;"><span>
|
</span></span><span style="display:flex;"><span>
|
||||||
</span></span><span style="display:flex;"><span><span style="color:#626880;font-style:italic"># Exit the postgres database</span>
|
</span></span><span style="display:flex;"><span><span style="color:#737994;font-style:italic"># Exit the postgres database</span>
|
||||||
</span></span><span style="display:flex;"><span>&gt; <span style="color:#8caaee">\q</span>
|
</span></span><span style="display:flex;"><span>&gt; <span style="color:#8caaee">\q</span>
|
||||||
</span></span><span style="display:flex;"><span>
|
</span></span><span style="display:flex;"><span>
|
||||||
</span></span><span style="display:flex;"><span><span style="color:#626880;font-style:italic"># Exit postgres user</span>
|
</span></span><span style="display:flex;"><span><span style="color:#737994;font-style:italic"># Exit postgres user</span>
|
||||||
</span></span><span style="display:flex;"><span>$ <span style="color:#c6d0f5;font-style:italic">exit</span>
|
</span></span><span style="display:flex;"><span>$ <span style="color:#99d1db">exit</span>
|
||||||
</span></span></code></pre></div><h3 id="miniflux-configuration-file">Miniflux configuration file</h3>
|
</span></span></code></pre></div><h3 id="miniflux-configuration-file">Miniflux configuration file</h3>
|
||||||
<p>Open the miniflux configuration file in path <code>/etc/miniflux.conf</code> and edit it like this.</p>
|
<p>Open the miniflux configuration file in path <code>/etc/miniflux.conf</code> and edit it like this.</p>
|
||||||
<div class="highlight"><pre tabindex="0" style="color:#ef9f76;background-color:#303446;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-bash" data-lang="bash"><span style="display:flex;"><span><span style="color:#626880;font-style:italic"># See https://miniflux.app/docs/configuration.html</span>
|
<div class="highlight"><pre tabindex="0" style="color:#c6d0f5;background-color:#303446;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-bash" data-lang="bash"><span style="display:flex;"><span><span style="color:#737994;font-style:italic"># See https://miniflux.app/docs/configuration.html</span>
|
||||||
</span></span><span style="display:flex;"><span><span style="color:#babbf1">LISTEN_ADDR</span><span style="color:#99d1db">=</span>127.0.0.1:8080
|
</span></span><span style="display:flex;"><span><span style="color:#f2d5cf">LISTEN_ADDR</span><span style="color:#99d1db;font-weight:bold">=</span>127.0.0.1:8080
|
||||||
</span></span><span style="display:flex;"><span><span style="color:#babbf1">DATABASE_URL</span><span style="color:#99d1db">=</span><span style="color:#babbf1">user</span><span style="color:#99d1db">=</span>miniflux <span style="color:#babbf1">password</span><span style="color:#99d1db">=</span>PASSWORD_HERE <span style="color:#babbf1">dbname</span><span style="color:#99d1db">=</span>miniflux <span style="color:#babbf1">sslmode</span><span style="color:#99d1db">=</span>disable
|
</span></span><span style="display:flex;"><span><span style="color:#f2d5cf">DATABASE_URL</span><span style="color:#99d1db;font-weight:bold">=</span><span style="color:#f2d5cf">user</span><span style="color:#99d1db;font-weight:bold">=</span>miniflux <span style="color:#f2d5cf">password</span><span style="color:#99d1db;font-weight:bold">=</span>PASSWORD_HERE <span style="color:#f2d5cf">dbname</span><span style="color:#99d1db;font-weight:bold">=</span>miniflux <span style="color:#f2d5cf">sslmode</span><span style="color:#99d1db;font-weight:bold">=</span>disable
|
||||||
</span></span><span style="display:flex;"><span><span style="color:#babbf1">RUN_MIGRATIONS</span><span style="color:#99d1db">=</span>1
|
</span></span><span style="display:flex;"><span><span style="color:#f2d5cf">RUN_MIGRATIONS</span><span style="color:#99d1db;font-weight:bold">=</span><span style="color:#ef9f76">1</span>
|
||||||
</span></span></code></pre></div><h3 id="migrating-the-database-and-removing-superuser-privileges-in-postgres">Migrating the database and removing superuser privileges in postgres</h3>
|
</span></span></code></pre></div><h3 id="migrating-the-database-and-removing-superuser-privileges-in-postgres">Migrating the database and removing superuser privileges in postgres</h3>
|
||||||
<p>Now we will migrate the database and remove unneded superuser privileges, since it is reccomended in the miniflux documentation.</p>
|
<p>Now we will migrate the database and remove unneded superuser privileges, since it is reccomended in the miniflux documentation.</p>
|
||||||
<div class="highlight"><pre tabindex="0" style="color:#ef9f76;background-color:#303446;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-bash" data-lang="bash"><span style="display:flex;"><span><span style="color:#626880;font-style:italic"># Migrating the database</span>
|
<div class="highlight"><pre tabindex="0" style="color:#c6d0f5;background-color:#303446;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-bash" data-lang="bash"><span style="display:flex;"><span><span style="color:#737994;font-style:italic"># Migrating the database</span>
|
||||||
</span></span><span style="display:flex;"><span>$ miniflux -c /etc/miniflux.conf -migrate
|
</span></span><span style="display:flex;"><span>$ miniflux -c /etc/miniflux.conf -migrate
|
||||||
</span></span><span style="display:flex;"><span>
|
</span></span><span style="display:flex;"><span>
|
||||||
</span></span><span style="display:flex;"><span><span style="color:#626880;font-style:italic"># Creating miniflux admin user</span>
|
</span></span><span style="display:flex;"><span><span style="color:#737994;font-style:italic"># Creating miniflux admin user</span>
|
||||||
</span></span><span style="display:flex;"><span>$ miniflux -c /etc/miniflux.conf -create-admin
|
</span></span><span style="display:flex;"><span>$ miniflux -c /etc/miniflux.conf -create-admin
|
||||||
</span></span><span style="display:flex;"><span>
|
</span></span><span style="display:flex;"><span>
|
||||||
</span></span><span style="display:flex;"><span><span style="color:#626880;font-style:italic"># Restarting the systemctl service</span>
|
</span></span><span style="display:flex;"><span><span style="color:#737994;font-style:italic"># Restarting the systemctl service</span>
|
||||||
</span></span><span style="display:flex;"><span>$ systemctl restart miniflux
|
</span></span><span style="display:flex;"><span>$ systemctl restart miniflux
|
||||||
</span></span><span style="display:flex;"><span>
|
</span></span><span style="display:flex;"><span>
|
||||||
</span></span><span style="display:flex;"><span><span style="color:#626880;font-style:italic"># Entering postgres database user</span>
|
</span></span><span style="display:flex;"><span><span style="color:#737994;font-style:italic"># Entering postgres database user</span>
|
||||||
</span></span><span style="display:flex;"><span>$ su - postgres
|
</span></span><span style="display:flex;"><span>$ su - postgres
|
||||||
</span></span><span style="display:flex;"><span>
|
</span></span><span style="display:flex;"><span>
|
||||||
</span></span><span style="display:flex;"><span><span style="color:#626880;font-style:italic"># Entering miniflux database</span>
|
</span></span><span style="display:flex;"><span><span style="color:#737994;font-style:italic"># Entering miniflux database</span>
|
||||||
</span></span><span style="display:flex;"><span>$ psql <span style="color:#babbf1">$MINIFLUX_DATABASE</span>
|
</span></span><span style="display:flex;"><span>$ psql <span style="color:#f2d5cf">$MINIFLUX_DATABASE</span>
|
||||||
</span></span><span style="display:flex;"><span>
|
</span></span><span style="display:flex;"><span>
|
||||||
</span></span><span style="display:flex;"><span><span style="color:#626880;font-style:italic"># Removing unneded superuser privileges from miniflux user</span>
|
</span></span><span style="display:flex;"><span><span style="color:#737994;font-style:italic"># Removing unneded superuser privileges from miniflux user</span>
|
||||||
</span></span><span style="display:flex;"><span>&gt; alter user miniflux with nosuperuser<span style="color:#c6d0f5">;</span>
|
</span></span><span style="display:flex;"><span>&gt; alter user miniflux with nosuperuser;
|
||||||
</span></span><span style="display:flex;"><span>
|
</span></span><span style="display:flex;"><span>
|
||||||
</span></span><span style="display:flex;"><span><span style="color:#626880;font-style:italic"># Exit the postgres database</span>
|
</span></span><span style="display:flex;"><span><span style="color:#737994;font-style:italic"># Exit the postgres database</span>
|
||||||
</span></span><span style="display:flex;"><span>&gt; <span style="color:#8caaee">\q</span>
|
</span></span><span style="display:flex;"><span>&gt; <span style="color:#8caaee">\q</span>
|
||||||
</span></span><span style="display:flex;"><span>
|
</span></span><span style="display:flex;"><span>
|
||||||
</span></span><span style="display:flex;"><span><span style="color:#626880;font-style:italic"># Exit postgres user</span>
|
</span></span><span style="display:flex;"><span><span style="color:#737994;font-style:italic"># Exit postgres user</span>
|
||||||
</span></span><span style="display:flex;"><span>$ <span style="color:#c6d0f5;font-style:italic">exit</span>
|
</span></span><span style="display:flex;"><span>$ <span style="color:#99d1db">exit</span>
|
||||||
</span></span></code></pre></div><h2 id="nginx-and-certbot-setup">Nginx and certbot setup</h2>
|
</span></span></code></pre></div><h2 id="nginx-and-certbot-setup">Nginx and certbot setup</h2>
|
||||||
<p>Make sure to have a domain to use for your miniflux setup.</p>
|
<p>Make sure to have a domain to use for your miniflux setup.</p>
|
||||||
<p>Create and open a nginx config with path <code>/etc/nginx/sites-available/miniflux.conf</code> and add this</p>
|
<p>Create and open a nginx config with path <code>/etc/nginx/sites-available/miniflux.conf</code> and add this</p>
|
||||||
<div class="highlight"><pre tabindex="0" style="color:#ef9f76;background-color:#303446;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-nginx" data-lang="nginx"><span style="display:flex;"><span><span style="color:#ca9ee6">server</span> <span style="color:#c6d0f5">{</span>
|
<div class="highlight"><pre tabindex="0" style="color:#c6d0f5;background-color:#303446;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-nginx" data-lang="nginx"><span style="display:flex;"><span><span style="color:#ca9ee6">server</span> {
|
||||||
</span></span><span style="display:flex;"><span> <span style="color:#ca9ee6">server_name</span> <span style="color:#a6d189">your.domain.ext</span><span style="color:#c6d0f5">;</span>
|
</span></span><span style="display:flex;"><span> <span style="color:#81c8be">server_name</span> <span style="color:#a6d189">your.domain.ext</span>;
|
||||||
</span></span><span style="display:flex;"><span> <span style="color:#ca9ee6">listen</span> 80<span style="color:#c6d0f5">;</span>
|
</span></span><span style="display:flex;"><span> <span style="color:#81c8be">listen</span> <span style="color:#ef9f76">80</span>;
|
||||||
</span></span><span style="display:flex;"><span> <span style="color:#ca9ee6">listen</span> <span style="color:#a6d189">[::]:80</span><span style="color:#c6d0f5">;</span>
|
</span></span><span style="display:flex;"><span> <span style="color:#81c8be">listen</span> <span style="color:#a6d189">[::]:80</span>;
|
||||||
</span></span><span style="display:flex;"><span>
|
</span></span><span style="display:flex;"><span>
|
||||||
</span></span><span style="display:flex;"><span> <span style="color:#ca9ee6">location</span> <span style="color:#a6d189">/</span> <span style="color:#c6d0f5">{</span>
|
</span></span><span style="display:flex;"><span> <span style="color:#81c8be">location</span> <span style="color:#a6d189">/</span> {
|
||||||
</span></span><span style="display:flex;"><span> <span style="color:#ca9ee6">proxy_pass</span> <span style="color:#a6d189">http://127.0.0.1:8080</span><span style="color:#c6d0f5">;</span>
|
</span></span><span style="display:flex;"><span> <span style="color:#81c8be">proxy_pass</span> <span style="color:#a6d189">http://127.0.0.1:8080</span>;
|
||||||
</span></span><span style="display:flex;"><span> <span style="color:#ca9ee6">proxy_redirect</span> <span style="color:#e5c890">off</span><span style="color:#c6d0f5">;</span>
|
</span></span><span style="display:flex;"><span> <span style="color:#81c8be">proxy_redirect</span> <span style="color:#e5c890">off</span>;
|
||||||
</span></span><span style="display:flex;"><span> <span style="color:#ca9ee6">proxy_set_header</span> <span style="color:#a6d189">Host</span> <span style="color:#babbf1">$host</span><span style="color:#c6d0f5">;</span>
|
</span></span><span style="display:flex;"><span> <span style="color:#81c8be">proxy_set_header</span> <span style="color:#a6d189">Host</span> <span style="color:#f2d5cf">$host</span>;
|
||||||
</span></span><span style="display:flex;"><span> <span style="color:#ca9ee6">proxy_set_header</span> <span style="color:#a6d189">X-Real-IP</span> <span style="color:#babbf1">$remote_addr</span><span style="color:#c6d0f5">;</span>
|
</span></span><span style="display:flex;"><span> <span style="color:#81c8be">proxy_set_header</span> <span style="color:#a6d189">X-Real-IP</span> <span style="color:#f2d5cf">$remote_addr</span>;
|
||||||
</span></span><span style="display:flex;"><span> <span style="color:#ca9ee6">proxy_set_header</span> <span style="color:#a6d189">X-Forwarded-For</span> <span style="color:#babbf1">$proxy_add_x_forwarded_for</span><span style="color:#c6d0f5">;</span>
|
</span></span><span style="display:flex;"><span> <span style="color:#81c8be">proxy_set_header</span> <span style="color:#a6d189">X-Forwarded-For</span> <span style="color:#f2d5cf">$proxy_add_x_forwarded_for</span>;
|
||||||
</span></span><span style="display:flex;"><span> <span style="color:#ca9ee6">proxy_set_header</span> <span style="color:#a6d189">X-Forwarded-Proto</span> <span style="color:#babbf1">$scheme</span><span style="color:#c6d0f5">;</span>
|
</span></span><span style="display:flex;"><span> <span style="color:#81c8be">proxy_set_header</span> <span style="color:#a6d189">X-Forwarded-Proto</span> <span style="color:#f2d5cf">$scheme</span>;
|
||||||
</span></span><span style="display:flex;"><span> <span style="color:#c6d0f5">}</span>
|
</span></span><span style="display:flex;"><span> }
|
||||||
</span></span><span style="display:flex;"><span><span style="color:#c6d0f5">}</span>
|
</span></span><span style="display:flex;"><span>}
|
||||||
</span></span></code></pre></div><p>Now just link the config to enabled sites and restart nginx service.</p>
|
</span></span></code></pre></div><p>Now just link the config to enabled sites and restart nginx service.</p>
|
||||||
<div class="highlight"><pre tabindex="0" style="color:#ef9f76;background-color:#303446;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-bash" data-lang="bash"><span style="display:flex;"><span>$ ln -s /etc/nginx/sites-available/miniflux.conf /etc/nginx/sites-enabled/miniflux.conf
|
<div class="highlight"><pre tabindex="0" style="color:#c6d0f5;background-color:#303446;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-bash" data-lang="bash"><span style="display:flex;"><span>$ ln -s /etc/nginx/sites-available/miniflux.conf /etc/nginx/sites-enabled/miniflux.conf
|
||||||
</span></span><span style="display:flex;"><span>$ systemctl restart nginx
|
</span></span><span style="display:flex;"><span>$ systemctl restart nginx
|
||||||
</span></span></code></pre></div><p>To get https on your domain you just need to run <code>certbot --nginx</code> same as in this <a href="https://landchad.net/basic/certbot/">tutorial</a></p>
|
</span></span></code></pre></div><p>To get https on your domain you just need to run <code>certbot --nginx</code> same as in this <a href="https://landchad.net/basic/certbot/">tutorial</a></p>
|
||||||
<h2 id="finishing-words">Finishing words</h2>
|
<h2 id="finishing-words">Finishing words</h2>
|
||||||
|
|||||||
@ -56,89 +56,89 @@ For this tutorial I expect that you already have a server seted up with nginx an
|
|||||||
<p>For this tutorial I expect that you already have a server seted up with nginx and certbot. To set up this things check out <a href="https://landchad.net">landchad</a></p>
|
<p>For this tutorial I expect that you already have a server seted up with nginx and certbot. To set up this things check out <a href="https://landchad.net">landchad</a></p>
|
||||||
<h2 id="installing-needed-packages">Installing needed packages</h2>
|
<h2 id="installing-needed-packages">Installing needed packages</h2>
|
||||||
<p>You will first need to setup miniflux apt repository to install it on your system.</p>
|
<p>You will first need to setup miniflux apt repository to install it on your system.</p>
|
||||||
<div class="highlight"><pre tabindex="0" style="color:#ef9f76;background-color:#303446;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-bash" data-lang="bash"><span style="display:flex;"><span><span style="color:#c6d0f5;font-style:italic">echo</span> <span style="color:#a6d189">"deb [trusted=yes] https://repo.miniflux.app/apt/ /"</span> <span style="color:#c6d0f5">|</span> sudo tee /etc/apt/sources.list.d/miniflux.list > /dev/null
|
<div class="highlight"><pre tabindex="0" style="color:#c6d0f5;background-color:#303446;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-bash" data-lang="bash"><span style="display:flex;"><span><span style="color:#99d1db">echo</span> <span style="color:#a6d189">"deb [trusted=yes] https://repo.miniflux.app/apt/ /"</span> | sudo tee /etc/apt/sources.list.d/miniflux.list > /dev/null
|
||||||
</span></span><span style="display:flex;"><span>apt update
|
</span></span><span style="display:flex;"><span>apt update
|
||||||
</span></span></code></pre></div><p>Then just install the needed packages.</p>
|
</span></span></code></pre></div><p>Then just install the needed packages.</p>
|
||||||
<div class="highlight"><pre tabindex="0" style="color:#ef9f76;background-color:#303446;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-bash" data-lang="bash"><span style="display:flex;"><span>apt install miniflux postgresql
|
<div class="highlight"><pre tabindex="0" style="color:#c6d0f5;background-color:#303446;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-bash" data-lang="bash"><span style="display:flex;"><span>apt install miniflux postgresql
|
||||||
</span></span></code></pre></div><h2 id="setting-up-postgres-database-and-miniflux">Setting up postgres database and miniflux</h2>
|
</span></span></code></pre></div><h2 id="setting-up-postgres-database-and-miniflux">Setting up postgres database and miniflux</h2>
|
||||||
<p>Here I will detail steps to create the postgres database.</p>
|
<p>Here I will detail steps to create the postgres database.</p>
|
||||||
<h3 id="initial-postgres-setup">Initial postgres setup</h3>
|
<h3 id="initial-postgres-setup">Initial postgres setup</h3>
|
||||||
<div class="highlight"><pre tabindex="0" style="color:#ef9f76;background-color:#303446;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-bash" data-lang="bash"><span style="display:flex;"><span><span style="color:#626880;font-style:italic"># Switch to the postgres user</span>
|
<div class="highlight"><pre tabindex="0" style="color:#c6d0f5;background-color:#303446;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-bash" data-lang="bash"><span style="display:flex;"><span><span style="color:#737994;font-style:italic"># Switch to the postgres user</span>
|
||||||
</span></span><span style="display:flex;"><span>$ su - postgres
|
</span></span><span style="display:flex;"><span>$ su - postgres
|
||||||
</span></span><span style="display:flex;"><span>
|
</span></span><span style="display:flex;"><span>
|
||||||
</span></span><span style="display:flex;"><span><span style="color:#626880;font-style:italic"># Creating a miniflux user, enter a safe and secure password</span>
|
</span></span><span style="display:flex;"><span><span style="color:#737994;font-style:italic"># Creating a miniflux user, enter a safe and secure password</span>
|
||||||
</span></span><span style="display:flex;"><span>$ createuser -P miniflux
|
</span></span><span style="display:flex;"><span>$ createuser -P miniflux
|
||||||
</span></span><span style="display:flex;"><span>
|
</span></span><span style="display:flex;"><span>
|
||||||
</span></span><span style="display:flex;"><span><span style="color:#626880;font-style:italic"># Create a database for miniflux that belongs to our user</span>
|
</span></span><span style="display:flex;"><span><span style="color:#737994;font-style:italic"># Create a database for miniflux that belongs to our user</span>
|
||||||
</span></span><span style="display:flex;"><span>$ createdb -O miniflux miniflux
|
</span></span><span style="display:flex;"><span>$ createdb -O miniflux miniflux
|
||||||
</span></span><span style="display:flex;"><span>
|
</span></span><span style="display:flex;"><span>
|
||||||
</span></span><span style="display:flex;"><span><span style="color:#626880;font-style:italic"># Create a database for miniflux that belongs to our user</span>
|
</span></span><span style="display:flex;"><span><span style="color:#737994;font-style:italic"># Create a database for miniflux that belongs to our user</span>
|
||||||
</span></span><span style="display:flex;"><span>$ createdb -O miniflux miniflux
|
</span></span><span style="display:flex;"><span>$ createdb -O miniflux miniflux
|
||||||
</span></span><span style="display:flex;"><span>
|
</span></span><span style="display:flex;"><span>
|
||||||
</span></span><span style="display:flex;"><span><span style="color:#626880;font-style:italic"># Creating extension hstore as superuser</span>
|
</span></span><span style="display:flex;"><span><span style="color:#737994;font-style:italic"># Creating extension hstore as superuser</span>
|
||||||
</span></span><span style="display:flex;"><span>$ psql miniflux -c <span style="color:#a6d189">'create extension hstore'</span>
|
</span></span><span style="display:flex;"><span>$ psql miniflux -c <span style="color:#a6d189">'create extension hstore'</span>
|
||||||
</span></span><span style="display:flex;"><span>
|
</span></span><span style="display:flex;"><span>
|
||||||
</span></span><span style="display:flex;"><span><span style="color:#626880;font-style:italic"># Managing the miniflux database</span>
|
</span></span><span style="display:flex;"><span><span style="color:#737994;font-style:italic"># Managing the miniflux database</span>
|
||||||
</span></span><span style="display:flex;"><span>$ psql <span style="color:#babbf1">$MINIFLUX_DATABASE</span>
|
</span></span><span style="display:flex;"><span>$ psql <span style="color:#f2d5cf">$MINIFLUX_DATABASE</span>
|
||||||
</span></span><span style="display:flex;"><span>
|
</span></span><span style="display:flex;"><span>
|
||||||
</span></span><span style="display:flex;"><span><span style="color:#626880;font-style:italic"># Giving miniflux user all privileges</span>
|
</span></span><span style="display:flex;"><span><span style="color:#737994;font-style:italic"># Giving miniflux user all privileges</span>
|
||||||
</span></span><span style="display:flex;"><span>> alter user miniflux with superuser<span style="color:#c6d0f5">;</span>
|
</span></span><span style="display:flex;"><span>> alter user miniflux with superuser;
|
||||||
</span></span><span style="display:flex;"><span>
|
</span></span><span style="display:flex;"><span>
|
||||||
</span></span><span style="display:flex;"><span><span style="color:#626880;font-style:italic"># Exit the postgres database</span>
|
</span></span><span style="display:flex;"><span><span style="color:#737994;font-style:italic"># Exit the postgres database</span>
|
||||||
</span></span><span style="display:flex;"><span>> <span style="color:#8caaee">\q</span>
|
</span></span><span style="display:flex;"><span>> <span style="color:#8caaee">\q</span>
|
||||||
</span></span><span style="display:flex;"><span>
|
</span></span><span style="display:flex;"><span>
|
||||||
</span></span><span style="display:flex;"><span><span style="color:#626880;font-style:italic"># Exit postgres user</span>
|
</span></span><span style="display:flex;"><span><span style="color:#737994;font-style:italic"># Exit postgres user</span>
|
||||||
</span></span><span style="display:flex;"><span>$ <span style="color:#c6d0f5;font-style:italic">exit</span>
|
</span></span><span style="display:flex;"><span>$ <span style="color:#99d1db">exit</span>
|
||||||
</span></span></code></pre></div><h3 id="miniflux-configuration-file">Miniflux configuration file</h3>
|
</span></span></code></pre></div><h3 id="miniflux-configuration-file">Miniflux configuration file</h3>
|
||||||
<p>Open the miniflux configuration file in path <code>/etc/miniflux.conf</code> and edit it like this.</p>
|
<p>Open the miniflux configuration file in path <code>/etc/miniflux.conf</code> and edit it like this.</p>
|
||||||
<div class="highlight"><pre tabindex="0" style="color:#ef9f76;background-color:#303446;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-bash" data-lang="bash"><span style="display:flex;"><span><span style="color:#626880;font-style:italic"># See https://miniflux.app/docs/configuration.html</span>
|
<div class="highlight"><pre tabindex="0" style="color:#c6d0f5;background-color:#303446;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-bash" data-lang="bash"><span style="display:flex;"><span><span style="color:#737994;font-style:italic"># See https://miniflux.app/docs/configuration.html</span>
|
||||||
</span></span><span style="display:flex;"><span><span style="color:#babbf1">LISTEN_ADDR</span><span style="color:#99d1db">=</span>127.0.0.1:8080
|
</span></span><span style="display:flex;"><span><span style="color:#f2d5cf">LISTEN_ADDR</span><span style="color:#99d1db;font-weight:bold">=</span>127.0.0.1:8080
|
||||||
</span></span><span style="display:flex;"><span><span style="color:#babbf1">DATABASE_URL</span><span style="color:#99d1db">=</span><span style="color:#babbf1">user</span><span style="color:#99d1db">=</span>miniflux <span style="color:#babbf1">password</span><span style="color:#99d1db">=</span>PASSWORD_HERE <span style="color:#babbf1">dbname</span><span style="color:#99d1db">=</span>miniflux <span style="color:#babbf1">sslmode</span><span style="color:#99d1db">=</span>disable
|
</span></span><span style="display:flex;"><span><span style="color:#f2d5cf">DATABASE_URL</span><span style="color:#99d1db;font-weight:bold">=</span><span style="color:#f2d5cf">user</span><span style="color:#99d1db;font-weight:bold">=</span>miniflux <span style="color:#f2d5cf">password</span><span style="color:#99d1db;font-weight:bold">=</span>PASSWORD_HERE <span style="color:#f2d5cf">dbname</span><span style="color:#99d1db;font-weight:bold">=</span>miniflux <span style="color:#f2d5cf">sslmode</span><span style="color:#99d1db;font-weight:bold">=</span>disable
|
||||||
</span></span><span style="display:flex;"><span><span style="color:#babbf1">RUN_MIGRATIONS</span><span style="color:#99d1db">=</span>1
|
</span></span><span style="display:flex;"><span><span style="color:#f2d5cf">RUN_MIGRATIONS</span><span style="color:#99d1db;font-weight:bold">=</span><span style="color:#ef9f76">1</span>
|
||||||
</span></span></code></pre></div><h3 id="migrating-the-database-and-removing-superuser-privileges-in-postgres">Migrating the database and removing superuser privileges in postgres</h3>
|
</span></span></code></pre></div><h3 id="migrating-the-database-and-removing-superuser-privileges-in-postgres">Migrating the database and removing superuser privileges in postgres</h3>
|
||||||
<p>Now we will migrate the database and remove unneded superuser privileges, since it is reccomended in the miniflux documentation.</p>
|
<p>Now we will migrate the database and remove unneded superuser privileges, since it is reccomended in the miniflux documentation.</p>
|
||||||
<div class="highlight"><pre tabindex="0" style="color:#ef9f76;background-color:#303446;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-bash" data-lang="bash"><span style="display:flex;"><span><span style="color:#626880;font-style:italic"># Migrating the database</span>
|
<div class="highlight"><pre tabindex="0" style="color:#c6d0f5;background-color:#303446;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-bash" data-lang="bash"><span style="display:flex;"><span><span style="color:#737994;font-style:italic"># Migrating the database</span>
|
||||||
</span></span><span style="display:flex;"><span>$ miniflux -c /etc/miniflux.conf -migrate
|
</span></span><span style="display:flex;"><span>$ miniflux -c /etc/miniflux.conf -migrate
|
||||||
</span></span><span style="display:flex;"><span>
|
</span></span><span style="display:flex;"><span>
|
||||||
</span></span><span style="display:flex;"><span><span style="color:#626880;font-style:italic"># Creating miniflux admin user</span>
|
</span></span><span style="display:flex;"><span><span style="color:#737994;font-style:italic"># Creating miniflux admin user</span>
|
||||||
</span></span><span style="display:flex;"><span>$ miniflux -c /etc/miniflux.conf -create-admin
|
</span></span><span style="display:flex;"><span>$ miniflux -c /etc/miniflux.conf -create-admin
|
||||||
</span></span><span style="display:flex;"><span>
|
</span></span><span style="display:flex;"><span>
|
||||||
</span></span><span style="display:flex;"><span><span style="color:#626880;font-style:italic"># Restarting the systemctl service</span>
|
</span></span><span style="display:flex;"><span><span style="color:#737994;font-style:italic"># Restarting the systemctl service</span>
|
||||||
</span></span><span style="display:flex;"><span>$ systemctl restart miniflux
|
</span></span><span style="display:flex;"><span>$ systemctl restart miniflux
|
||||||
</span></span><span style="display:flex;"><span>
|
</span></span><span style="display:flex;"><span>
|
||||||
</span></span><span style="display:flex;"><span><span style="color:#626880;font-style:italic"># Entering postgres database user</span>
|
</span></span><span style="display:flex;"><span><span style="color:#737994;font-style:italic"># Entering postgres database user</span>
|
||||||
</span></span><span style="display:flex;"><span>$ su - postgres
|
</span></span><span style="display:flex;"><span>$ su - postgres
|
||||||
</span></span><span style="display:flex;"><span>
|
</span></span><span style="display:flex;"><span>
|
||||||
</span></span><span style="display:flex;"><span><span style="color:#626880;font-style:italic"># Entering miniflux database</span>
|
</span></span><span style="display:flex;"><span><span style="color:#737994;font-style:italic"># Entering miniflux database</span>
|
||||||
</span></span><span style="display:flex;"><span>$ psql <span style="color:#babbf1">$MINIFLUX_DATABASE</span>
|
</span></span><span style="display:flex;"><span>$ psql <span style="color:#f2d5cf">$MINIFLUX_DATABASE</span>
|
||||||
</span></span><span style="display:flex;"><span>
|
</span></span><span style="display:flex;"><span>
|
||||||
</span></span><span style="display:flex;"><span><span style="color:#626880;font-style:italic"># Removing unneded superuser privileges from miniflux user</span>
|
</span></span><span style="display:flex;"><span><span style="color:#737994;font-style:italic"># Removing unneded superuser privileges from miniflux user</span>
|
||||||
</span></span><span style="display:flex;"><span>> alter user miniflux with nosuperuser<span style="color:#c6d0f5">;</span>
|
</span></span><span style="display:flex;"><span>> alter user miniflux with nosuperuser;
|
||||||
</span></span><span style="display:flex;"><span>
|
</span></span><span style="display:flex;"><span>
|
||||||
</span></span><span style="display:flex;"><span><span style="color:#626880;font-style:italic"># Exit the postgres database</span>
|
</span></span><span style="display:flex;"><span><span style="color:#737994;font-style:italic"># Exit the postgres database</span>
|
||||||
</span></span><span style="display:flex;"><span>> <span style="color:#8caaee">\q</span>
|
</span></span><span style="display:flex;"><span>> <span style="color:#8caaee">\q</span>
|
||||||
</span></span><span style="display:flex;"><span>
|
</span></span><span style="display:flex;"><span>
|
||||||
</span></span><span style="display:flex;"><span><span style="color:#626880;font-style:italic"># Exit postgres user</span>
|
</span></span><span style="display:flex;"><span><span style="color:#737994;font-style:italic"># Exit postgres user</span>
|
||||||
</span></span><span style="display:flex;"><span>$ <span style="color:#c6d0f5;font-style:italic">exit</span>
|
</span></span><span style="display:flex;"><span>$ <span style="color:#99d1db">exit</span>
|
||||||
</span></span></code></pre></div><h2 id="nginx-and-certbot-setup">Nginx and certbot setup</h2>
|
</span></span></code></pre></div><h2 id="nginx-and-certbot-setup">Nginx and certbot setup</h2>
|
||||||
<p>Make sure to have a domain to use for your miniflux setup.</p>
|
<p>Make sure to have a domain to use for your miniflux setup.</p>
|
||||||
<p>Create and open a nginx config with path <code>/etc/nginx/sites-available/miniflux.conf</code> and add this</p>
|
<p>Create and open a nginx config with path <code>/etc/nginx/sites-available/miniflux.conf</code> and add this</p>
|
||||||
<div class="highlight"><pre tabindex="0" style="color:#ef9f76;background-color:#303446;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-nginx" data-lang="nginx"><span style="display:flex;"><span><span style="color:#ca9ee6">server</span> <span style="color:#c6d0f5">{</span>
|
<div class="highlight"><pre tabindex="0" style="color:#c6d0f5;background-color:#303446;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-nginx" data-lang="nginx"><span style="display:flex;"><span><span style="color:#ca9ee6">server</span> {
|
||||||
</span></span><span style="display:flex;"><span> <span style="color:#ca9ee6">server_name</span> <span style="color:#a6d189">your.domain.ext</span><span style="color:#c6d0f5">;</span>
|
</span></span><span style="display:flex;"><span> <span style="color:#81c8be">server_name</span> <span style="color:#a6d189">your.domain.ext</span>;
|
||||||
</span></span><span style="display:flex;"><span> <span style="color:#ca9ee6">listen</span> 80<span style="color:#c6d0f5">;</span>
|
</span></span><span style="display:flex;"><span> <span style="color:#81c8be">listen</span> <span style="color:#ef9f76">80</span>;
|
||||||
</span></span><span style="display:flex;"><span> <span style="color:#ca9ee6">listen</span> <span style="color:#a6d189">[::]:80</span><span style="color:#c6d0f5">;</span>
|
</span></span><span style="display:flex;"><span> <span style="color:#81c8be">listen</span> <span style="color:#a6d189">[::]:80</span>;
|
||||||
</span></span><span style="display:flex;"><span>
|
</span></span><span style="display:flex;"><span>
|
||||||
</span></span><span style="display:flex;"><span> <span style="color:#ca9ee6">location</span> <span style="color:#a6d189">/</span> <span style="color:#c6d0f5">{</span>
|
</span></span><span style="display:flex;"><span> <span style="color:#81c8be">location</span> <span style="color:#a6d189">/</span> {
|
||||||
</span></span><span style="display:flex;"><span> <span style="color:#ca9ee6">proxy_pass</span> <span style="color:#a6d189">http://127.0.0.1:8080</span><span style="color:#c6d0f5">;</span>
|
</span></span><span style="display:flex;"><span> <span style="color:#81c8be">proxy_pass</span> <span style="color:#a6d189">http://127.0.0.1:8080</span>;
|
||||||
</span></span><span style="display:flex;"><span> <span style="color:#ca9ee6">proxy_redirect</span> <span style="color:#e5c890">off</span><span style="color:#c6d0f5">;</span>
|
</span></span><span style="display:flex;"><span> <span style="color:#81c8be">proxy_redirect</span> <span style="color:#e5c890">off</span>;
|
||||||
</span></span><span style="display:flex;"><span> <span style="color:#ca9ee6">proxy_set_header</span> <span style="color:#a6d189">Host</span> <span style="color:#babbf1">$host</span><span style="color:#c6d0f5">;</span>
|
</span></span><span style="display:flex;"><span> <span style="color:#81c8be">proxy_set_header</span> <span style="color:#a6d189">Host</span> <span style="color:#f2d5cf">$host</span>;
|
||||||
</span></span><span style="display:flex;"><span> <span style="color:#ca9ee6">proxy_set_header</span> <span style="color:#a6d189">X-Real-IP</span> <span style="color:#babbf1">$remote_addr</span><span style="color:#c6d0f5">;</span>
|
</span></span><span style="display:flex;"><span> <span style="color:#81c8be">proxy_set_header</span> <span style="color:#a6d189">X-Real-IP</span> <span style="color:#f2d5cf">$remote_addr</span>;
|
||||||
</span></span><span style="display:flex;"><span> <span style="color:#ca9ee6">proxy_set_header</span> <span style="color:#a6d189">X-Forwarded-For</span> <span style="color:#babbf1">$proxy_add_x_forwarded_for</span><span style="color:#c6d0f5">;</span>
|
</span></span><span style="display:flex;"><span> <span style="color:#81c8be">proxy_set_header</span> <span style="color:#a6d189">X-Forwarded-For</span> <span style="color:#f2d5cf">$proxy_add_x_forwarded_for</span>;
|
||||||
</span></span><span style="display:flex;"><span> <span style="color:#ca9ee6">proxy_set_header</span> <span style="color:#a6d189">X-Forwarded-Proto</span> <span style="color:#babbf1">$scheme</span><span style="color:#c6d0f5">;</span>
|
</span></span><span style="display:flex;"><span> <span style="color:#81c8be">proxy_set_header</span> <span style="color:#a6d189">X-Forwarded-Proto</span> <span style="color:#f2d5cf">$scheme</span>;
|
||||||
</span></span><span style="display:flex;"><span> <span style="color:#c6d0f5">}</span>
|
</span></span><span style="display:flex;"><span> }
|
||||||
</span></span><span style="display:flex;"><span><span style="color:#c6d0f5">}</span>
|
</span></span><span style="display:flex;"><span>}
|
||||||
</span></span></code></pre></div><p>Now just link the config to enabled sites and restart nginx service.</p>
|
</span></span></code></pre></div><p>Now just link the config to enabled sites and restart nginx service.</p>
|
||||||
<div class="highlight"><pre tabindex="0" style="color:#ef9f76;background-color:#303446;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-bash" data-lang="bash"><span style="display:flex;"><span>$ ln -s /etc/nginx/sites-available/miniflux.conf /etc/nginx/sites-enabled/miniflux.conf
|
<div class="highlight"><pre tabindex="0" style="color:#c6d0f5;background-color:#303446;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-bash" data-lang="bash"><span style="display:flex;"><span>$ ln -s /etc/nginx/sites-available/miniflux.conf /etc/nginx/sites-enabled/miniflux.conf
|
||||||
</span></span><span style="display:flex;"><span>$ systemctl restart nginx
|
</span></span><span style="display:flex;"><span>$ systemctl restart nginx
|
||||||
</span></span></code></pre></div><p>To get https on your domain you just need to run <code>certbot --nginx</code> same as in this <a href="https://landchad.net/basic/certbot/">tutorial</a></p>
|
</span></span></code></pre></div><p>To get https on your domain you just need to run <code>certbot --nginx</code> same as in this <a href="https://landchad.net/basic/certbot/">tutorial</a></p>
|
||||||
<h2 id="finishing-words">Finishing words</h2>
|
<h2 id="finishing-words">Finishing words</h2>
|
||||||
|
|||||||
@ -58,40 +58,40 @@
|
|||||||
<p>Let’s start with setting up pihole. I will be installing it with their script on a debian system for easier unbound integration ( unbound doesn’t have an official docker container ).</p>
|
<p>Let’s start with setting up pihole. I will be installing it with their script on a debian system for easier unbound integration ( unbound doesn’t have an official docker container ).</p>
|
||||||
<p>I recommend to read up on the pihole’s docs on exactly how to install it since pihole get’s frequent updates. <a href="https://docs.pi-hole.net/main/basic-install/">DOCS</a></p>
|
<p>I recommend to read up on the pihole’s docs on exactly how to install it since pihole get’s frequent updates. <a href="https://docs.pi-hole.net/main/basic-install/">DOCS</a></p>
|
||||||
<p>I recommend you to install the admin page for easier managmenet and ability to change the upstream dns server ( needed for changing it to unbound later on ). To be able to access the admin page I use an nginx configuration like this one.</p>
|
<p>I recommend you to install the admin page for easier managmenet and ability to change the upstream dns server ( needed for changing it to unbound later on ). To be able to access the admin page I use an nginx configuration like this one.</p>
|
||||||
<div class="highlight"><pre tabindex="0" style="color:#ef9f76;background-color:#303446;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-nginx" data-lang="nginx"><span style="display:flex;"><span><span style="color:#ca9ee6">server</span> <span style="color:#c6d0f5">{</span>
|
<div class="highlight"><pre tabindex="0" style="color:#c6d0f5;background-color:#303446;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-nginx" data-lang="nginx"><span style="display:flex;"><span><span style="color:#ca9ee6">server</span> {
|
||||||
</span></span><span style="display:flex;"><span> <span style="color:#ca9ee6">server_name</span> <span style="color:#a6d189">example.com</span> <span style="color:#c6d0f5">;</span>
|
</span></span><span style="display:flex;"><span> <span style="color:#81c8be">server_name</span> <span style="color:#a6d189">example.com</span> ;
|
||||||
</span></span><span style="display:flex;"><span>
|
</span></span><span style="display:flex;"><span>
|
||||||
</span></span><span style="display:flex;"><span> <span style="color:#ca9ee6">location</span> <span style="color:#a6d189">/</span> <span style="color:#c6d0f5">{</span>
|
</span></span><span style="display:flex;"><span> <span style="color:#81c8be">location</span> <span style="color:#a6d189">/</span> {
|
||||||
</span></span><span style="display:flex;"><span> <span style="color:#ca9ee6">return</span> 403<span style="color:#c6d0f5">;</span>
|
</span></span><span style="display:flex;"><span> <span style="color:#81c8be">return</span> <span style="color:#ef9f76">403</span>;
|
||||||
</span></span><span style="display:flex;"><span> <span style="color:#c6d0f5">}</span>
|
</span></span><span style="display:flex;"><span> }
|
||||||
</span></span><span style="display:flex;"><span>
|
</span></span><span style="display:flex;"><span>
|
||||||
</span></span><span style="display:flex;"><span> <span style="color:#ca9ee6">location</span> <span style="color:#a6d189">/admin</span> <span style="color:#c6d0f5">{</span>
|
</span></span><span style="display:flex;"><span> <span style="color:#81c8be">location</span> <span style="color:#a6d189">/admin</span> {
|
||||||
</span></span><span style="display:flex;"><span> <span style="color:#ca9ee6">proxy_pass</span> <span style="color:#a6d189">http://127.0.0.1:8185/admin</span><span style="color:#c6d0f5">;</span>
|
</span></span><span style="display:flex;"><span> <span style="color:#81c8be">proxy_pass</span> <span style="color:#a6d189">http://127.0.0.1:8185/admin</span>;
|
||||||
</span></span><span style="display:flex;"><span> <span style="color:#ca9ee6">proxy_set_header</span> <span style="color:#a6d189">Host</span> <span style="color:#babbf1">$host</span><span style="color:#c6d0f5">;</span>
|
</span></span><span style="display:flex;"><span> <span style="color:#81c8be">proxy_set_header</span> <span style="color:#a6d189">Host</span> <span style="color:#f2d5cf">$host</span>;
|
||||||
</span></span><span style="display:flex;"><span> <span style="color:#c6d0f5">}</span>
|
</span></span><span style="display:flex;"><span> }
|
||||||
</span></span><span style="display:flex;"><span>
|
</span></span><span style="display:flex;"><span>
|
||||||
</span></span><span style="display:flex;"><span> <span style="color:#626880;font-style:italic"># If you want to log user activity, comment these
|
</span></span><span style="display:flex;"><span> <span style="color:#737994;font-style:italic"># If you want to log user activity, comment these
|
||||||
</span></span></span><span style="display:flex;"><span><span style="color:#626880;font-style:italic"></span> <span style="color:#ca9ee6">access_log</span> <span style="color:#a6d189">/dev/null</span><span style="color:#c6d0f5">;</span>
|
</span></span></span><span style="display:flex;"><span><span style="color:#737994;font-style:italic"></span> <span style="color:#81c8be">access_log</span> <span style="color:#a6d189">/dev/null</span>;
|
||||||
</span></span><span style="display:flex;"><span> <span style="color:#ca9ee6">error_log</span> <span style="color:#a6d189">/dev/null</span><span style="color:#c6d0f5">;</span>
|
</span></span><span style="display:flex;"><span> <span style="color:#81c8be">error_log</span> <span style="color:#a6d189">/dev/null</span>;
|
||||||
</span></span><span style="display:flex;"><span>
|
</span></span><span style="display:flex;"><span>
|
||||||
</span></span><span style="display:flex;"><span> <span style="color:#ca9ee6">listen</span> <span style="color:#a6d189">[::]:443</span> <span style="color:#a6d189">ssl</span><span style="color:#c6d0f5">;</span> <span style="color:#626880;font-style:italic"># managed by Certbot
|
</span></span><span style="display:flex;"><span> <span style="color:#81c8be">listen</span> <span style="color:#a6d189">[::]:443</span> <span style="color:#a6d189">ssl</span>; <span style="color:#737994;font-style:italic"># managed by Certbot
|
||||||
</span></span></span><span style="display:flex;"><span><span style="color:#626880;font-style:italic"></span> <span style="color:#ca9ee6">listen</span> 443 <span style="color:#a6d189">ssl</span><span style="color:#c6d0f5">;</span> <span style="color:#626880;font-style:italic"># managed by Certbot
|
</span></span></span><span style="display:flex;"><span><span style="color:#737994;font-style:italic"></span> <span style="color:#81c8be">listen</span> <span style="color:#ef9f76">443</span> <span style="color:#a6d189">ssl</span>; <span style="color:#737994;font-style:italic"># managed by Certbot
|
||||||
</span></span></span><span style="display:flex;"><span><span style="color:#626880;font-style:italic"></span> <span style="color:#ca9ee6">ssl_certificate</span> <span style="color:#a6d189">/etc/letsencrypt/live/example.com/fullchain.pem</span><span style="color:#c6d0f5">;</span> <span style="color:#626880;font-style:italic"># managed by Certbot
|
</span></span></span><span style="display:flex;"><span><span style="color:#737994;font-style:italic"></span> <span style="color:#81c8be">ssl_certificate</span> <span style="color:#a6d189">/etc/letsencrypt/live/example.com/fullchain.pem</span>; <span style="color:#737994;font-style:italic"># managed by Certbot
|
||||||
</span></span></span><span style="display:flex;"><span><span style="color:#626880;font-style:italic"></span> <span style="color:#ca9ee6">ssl_certificate_key</span> <span style="color:#a6d189">/etc/letsencrypt/live/example.com/privkey.pem</span><span style="color:#c6d0f5">;</span> <span style="color:#626880;font-style:italic"># managed by Certbot
|
</span></span></span><span style="display:flex;"><span><span style="color:#737994;font-style:italic"></span> <span style="color:#81c8be">ssl_certificate_key</span> <span style="color:#a6d189">/etc/letsencrypt/live/example.com/privkey.pem</span>; <span style="color:#737994;font-style:italic"># managed by Certbot
|
||||||
</span></span></span><span style="display:flex;"><span><span style="color:#626880;font-style:italic"></span> <span style="color:#ca9ee6">include</span> <span style="color:#a6d189">/etc/letsencrypt/options-ssl-nginx.conf</span><span style="color:#c6d0f5">;</span> <span style="color:#626880;font-style:italic"># managed by Certbot
|
</span></span></span><span style="display:flex;"><span><span style="color:#737994;font-style:italic"></span> <span style="color:#81c8be">include</span> <span style="color:#a6d189">/etc/letsencrypt/options-ssl-nginx.conf</span>; <span style="color:#737994;font-style:italic"># managed by Certbot
|
||||||
</span></span></span><span style="display:flex;"><span><span style="color:#626880;font-style:italic"></span> <span style="color:#ca9ee6">ssl_dhparam</span> <span style="color:#a6d189">/etc/letsencrypt/ssl-dhparams.pem</span><span style="color:#c6d0f5">;</span> <span style="color:#626880;font-style:italic"># managed by Certbot
|
</span></span></span><span style="display:flex;"><span><span style="color:#737994;font-style:italic"></span> <span style="color:#81c8be">ssl_dhparam</span> <span style="color:#a6d189">/etc/letsencrypt/ssl-dhparams.pem</span>; <span style="color:#737994;font-style:italic"># managed by Certbot
|
||||||
</span></span></span><span style="display:flex;"><span><span style="color:#626880;font-style:italic"></span><span style="color:#c6d0f5">}</span>
|
</span></span></span><span style="display:flex;"><span><span style="color:#737994;font-style:italic"></span>}
|
||||||
</span></span><span style="display:flex;"><span><span style="color:#ca9ee6">server</span> <span style="color:#c6d0f5">{</span>
|
</span></span><span style="display:flex;"><span><span style="color:#ca9ee6">server</span> {
|
||||||
</span></span><span style="display:flex;"><span> <span style="color:#ca9ee6">if</span> <span style="color:#a6d189">(</span><span style="color:#babbf1">$host</span> <span style="color:#c6d0f5">=</span> <span style="color:#a6d189">example.com)</span> <span style="color:#c6d0f5">{</span>
|
</span></span><span style="display:flex;"><span> <span style="color:#81c8be">if</span> <span style="color:#a6d189">(</span><span style="color:#f2d5cf">$host</span> = <span style="color:#a6d189">example.com)</span> {
|
||||||
</span></span><span style="display:flex;"><span> <span style="color:#ca9ee6">return</span> 301 <span style="color:#a6d189">https://</span><span style="color:#babbf1">$host$request_uri</span><span style="color:#c6d0f5">;</span>
|
</span></span><span style="display:flex;"><span> <span style="color:#81c8be">return</span> <span style="color:#ef9f76">301</span> <span style="color:#a6d189">https://</span><span style="color:#f2d5cf">$host$request_uri</span>;
|
||||||
</span></span><span style="display:flex;"><span> <span style="color:#c6d0f5">}</span> <span style="color:#626880;font-style:italic"># managed by Certbot
|
</span></span><span style="display:flex;"><span> } <span style="color:#737994;font-style:italic"># managed by Certbot
|
||||||
</span></span></span><span style="display:flex;"><span><span style="color:#626880;font-style:italic"></span>
|
</span></span></span><span style="display:flex;"><span><span style="color:#737994;font-style:italic"></span>
|
||||||
</span></span><span style="display:flex;"><span>
|
</span></span><span style="display:flex;"><span>
|
||||||
</span></span><span style="display:flex;"><span> <span style="color:#ca9ee6">server_name</span> <span style="color:#a6d189">example.com</span> <span style="color:#c6d0f5">;</span>
|
</span></span><span style="display:flex;"><span> <span style="color:#81c8be">server_name</span> <span style="color:#a6d189">example.com</span> ;
|
||||||
</span></span><span style="display:flex;"><span> <span style="color:#ca9ee6">listen</span> 80<span style="color:#c6d0f5">;</span>
|
</span></span><span style="display:flex;"><span> <span style="color:#81c8be">listen</span> <span style="color:#ef9f76">80</span>;
|
||||||
</span></span><span style="display:flex;"><span> <span style="color:#ca9ee6">listen</span> <span style="color:#a6d189">[::]:80</span><span style="color:#c6d0f5">;</span>
|
</span></span><span style="display:flex;"><span> <span style="color:#81c8be">listen</span> <span style="color:#a6d189">[::]:80</span>;
|
||||||
</span></span><span style="display:flex;"><span> <span style="color:#ca9ee6">return</span> 404<span style="color:#c6d0f5">;</span> <span style="color:#626880;font-style:italic"># managed by Certbot
|
</span></span><span style="display:flex;"><span> <span style="color:#81c8be">return</span> <span style="color:#ef9f76">404</span>; <span style="color:#737994;font-style:italic"># managed by Certbot
|
||||||
</span></span></span><span style="display:flex;"><span><span style="color:#626880;font-style:italic"></span><span style="color:#c6d0f5">}</span>
|
</span></span></span><span style="display:flex;"><span><span style="color:#737994;font-style:italic"></span>}
|
||||||
</span></span></code></pre></div><p>The main point of this config is the <code>/admin</code> location that you need to pass the lighttpd port to acces the website, you can just do it on your main website also.
|
</span></span></code></pre></div><p>The main point of this config is the <code>/admin</code> location that you need to pass the lighttpd port to acces the website, you can just do it on your main website also.
|
||||||
Also to make lighttpd work with nginx listening on port 80 you need to edit the <code>server.port</code> to port you wan’t to use in lighttpd config file located at <code>/etc/lighttpd/lighttpd.conf</code> and then just restart lighttpd</p>
|
Also to make lighttpd work with nginx listening on port 80 you need to edit the <code>server.port</code> to port you wan’t to use in lighttpd config file located at <code>/etc/lighttpd/lighttpd.conf</code> and then just restart lighttpd</p>
|
||||||
<h2 id="2-unbound">2. Unbound</h2>
|
<h2 id="2-unbound">2. Unbound</h2>
|
||||||
@ -100,104 +100,104 @@ Also to make lighttpd work with nginx listening on port 80 you need to edit the
|
|||||||
<h2 id="3-dns-over-tls">3. DNS over TLS</h2>
|
<h2 id="3-dns-over-tls">3. DNS over TLS</h2>
|
||||||
<p>For dns over tls you need to first have a ssl certificate. I recommend on using certbot to generate one with this command <code>certbot --nginx -d dot.example.com</code>.</p>
|
<p>For dns over tls you need to first have a ssl certificate. I recommend on using certbot to generate one with this command <code>certbot --nginx -d dot.example.com</code>.</p>
|
||||||
<p>Next you will need a reverse proxy, in my case I use nginx. You will need to add this configuration to your main nginx config located at <code>/etc/nginx/nginx.conf</code>. <strong>Make sure to add this outside of the http block and change example.com to your domain</strong></p>
|
<p>Next you will need a reverse proxy, in my case I use nginx. You will need to add this configuration to your main nginx config located at <code>/etc/nginx/nginx.conf</code>. <strong>Make sure to add this outside of the http block and change example.com to your domain</strong></p>
|
||||||
<div class="highlight"><pre tabindex="0" style="color:#ef9f76;background-color:#303446;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-nginx" data-lang="nginx"><span style="display:flex;"><span><span style="color:#ca9ee6">stream</span> <span style="color:#c6d0f5">{</span>
|
<div class="highlight"><pre tabindex="0" style="color:#c6d0f5;background-color:#303446;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-nginx" data-lang="nginx"><span style="display:flex;"><span><span style="color:#ca9ee6">stream</span> {
|
||||||
</span></span><span style="display:flex;"><span> <span style="color:#ca9ee6">log_format</span> <span style="color:#a6d189">basic</span> <span style="color:#a6d189">'</span><span style="color:#babbf1">$remote_addr</span> <span style="color:#a6d189">[</span><span style="color:#babbf1">$time_local]</span> <span style="color:#babbf1">$protocol</span> <span style="color:#babbf1">$status</span> <span style="color:#babbf1">$bytes_sent</span> <span style="color:#babbf1">$bytes_received</span> <span style="color:#babbf1">$session_time</span> <span style="color:#babbf1">$upstream_addr'</span><span style="color:#c6d0f5">;</span>
|
</span></span><span style="display:flex;"><span> <span style="color:#81c8be">log_format</span> <span style="color:#a6d189">basic</span> <span style="color:#a6d189">'</span><span style="color:#f2d5cf">$remote_addr</span> <span style="color:#a6d189">[</span><span style="color:#f2d5cf">$time_local]</span> <span style="color:#f2d5cf">$protocol</span> <span style="color:#f2d5cf">$status</span> <span style="color:#f2d5cf">$bytes_sent</span> <span style="color:#f2d5cf">$bytes_received</span> <span style="color:#f2d5cf">$session_time</span> <span style="color:#f2d5cf">$upstream_addr'</span>;
|
||||||
</span></span><span style="display:flex;"><span>
|
</span></span><span style="display:flex;"><span>
|
||||||
</span></span><span style="display:flex;"><span> <span style="color:#ca9ee6">upstream</span> <span style="color:#a6d189">dns</span>
|
</span></span><span style="display:flex;"><span> <span style="color:#81c8be">upstream</span> <span style="color:#a6d189">dns</span>
|
||||||
</span></span><span style="display:flex;"><span> <span style="color:#c6d0f5">{</span>
|
</span></span><span style="display:flex;"><span> {
|
||||||
</span></span><span style="display:flex;"><span> <span style="color:#ca9ee6">zone</span> <span style="color:#a6d189">dns</span> 64k<span style="color:#c6d0f5">;</span>
|
</span></span><span style="display:flex;"><span> <span style="color:#81c8be">zone</span> <span style="color:#a6d189">dns</span> <span style="color:#ef9f76">64k</span>;
|
||||||
</span></span><span style="display:flex;"><span> <span style="color:#ca9ee6">server</span> <span style="color:#babbf1">127.0.0.1</span><span style="color:#c6d0f5">:</span>53<span style="color:#c6d0f5">;</span>
|
</span></span><span style="display:flex;"><span> <span style="color:#81c8be">server</span> 127.0.0.1:<span style="color:#ef9f76">53</span>;
|
||||||
</span></span><span style="display:flex;"><span> <span style="color:#c6d0f5">}</span>
|
</span></span><span style="display:flex;"><span> }
|
||||||
</span></span><span style="display:flex;"><span>
|
</span></span><span style="display:flex;"><span>
|
||||||
</span></span><span style="display:flex;"><span> <span style="color:#ca9ee6">server</span> <span style="color:#c6d0f5">{</span>
|
</span></span><span style="display:flex;"><span> <span style="color:#81c8be">server</span> {
|
||||||
</span></span><span style="display:flex;"><span> <span style="color:#ca9ee6">listen</span> 853 <span style="color:#a6d189">ssl</span><span style="color:#c6d0f5">;</span>
|
</span></span><span style="display:flex;"><span> <span style="color:#81c8be">listen</span> <span style="color:#ef9f76">853</span> <span style="color:#a6d189">ssl</span>;
|
||||||
</span></span><span style="display:flex;"><span>
|
</span></span><span style="display:flex;"><span>
|
||||||
</span></span><span style="display:flex;"><span> <span style="color:#ca9ee6">access_log</span> <span style="color:#a6d189">/var/log/nginx/dot-access.log</span> <span style="color:#a6d189">basic</span><span style="color:#c6d0f5">;</span>
|
</span></span><span style="display:flex;"><span> <span style="color:#81c8be">access_log</span> <span style="color:#a6d189">/var/log/nginx/dot-access.log</span> <span style="color:#a6d189">basic</span>;
|
||||||
</span></span><span style="display:flex;"><span> <span style="color:#ca9ee6">error_log</span> <span style="color:#a6d189">/var/log/nginx/dot-error.log</span><span style="color:#c6d0f5">;</span>
|
</span></span><span style="display:flex;"><span> <span style="color:#81c8be">error_log</span> <span style="color:#a6d189">/var/log/nginx/dot-error.log</span>;
|
||||||
</span></span><span style="display:flex;"><span>
|
</span></span><span style="display:flex;"><span>
|
||||||
</span></span><span style="display:flex;"><span> <span style="color:#ca9ee6">ssl_certificate</span> <span style="color:#a6d189">/etc/letsencrypt/live/dot.example.com/fullchain.pem</span><span style="color:#c6d0f5">;</span>
|
</span></span><span style="display:flex;"><span> <span style="color:#81c8be">ssl_certificate</span> <span style="color:#a6d189">/etc/letsencrypt/live/dot.example.com/fullchain.pem</span>;
|
||||||
</span></span><span style="display:flex;"><span> <span style="color:#ca9ee6">ssl_certificate_key</span> <span style="color:#a6d189">/etc/letsencrypt/live/dot.example.com/privkey.pem</span><span style="color:#c6d0f5">;</span>
|
</span></span><span style="display:flex;"><span> <span style="color:#81c8be">ssl_certificate_key</span> <span style="color:#a6d189">/etc/letsencrypt/live/dot.example.com/privkey.pem</span>;
|
||||||
</span></span><span style="display:flex;"><span>
|
</span></span><span style="display:flex;"><span>
|
||||||
</span></span><span style="display:flex;"><span> <span style="color:#ca9ee6">ssl_protocols</span> <span style="color:#a6d189">TLSv1.2</span> <span style="color:#a6d189">TLSv1.3</span><span style="color:#c6d0f5">;</span>
|
</span></span><span style="display:flex;"><span> <span style="color:#81c8be">ssl_protocols</span> <span style="color:#a6d189">TLSv1.2</span> <span style="color:#a6d189">TLSv1.3</span>;
|
||||||
</span></span><span style="display:flex;"><span> <span style="color:#ca9ee6">ssl_ciphers</span> <span style="color:#a6d189">HIGH:!aNULL:!MD5</span><span style="color:#c6d0f5">;</span>
|
</span></span><span style="display:flex;"><span> <span style="color:#81c8be">ssl_ciphers</span> <span style="color:#a6d189">HIGH:!aNULL:!MD5</span>;
|
||||||
</span></span><span style="display:flex;"><span>
|
</span></span><span style="display:flex;"><span>
|
||||||
</span></span><span style="display:flex;"><span> <span style="color:#ca9ee6">ssl_handshake_timeout</span> <span style="color:#a6d189">10s</span><span style="color:#c6d0f5">;</span>
|
</span></span><span style="display:flex;"><span> <span style="color:#81c8be">ssl_handshake_timeout</span> <span style="color:#a6d189">10s</span>;
|
||||||
</span></span><span style="display:flex;"><span> <span style="color:#ca9ee6">ssl_session_cache</span> <span style="color:#a6d189">shared:SSL:20m</span><span style="color:#c6d0f5">;</span>
|
</span></span><span style="display:flex;"><span> <span style="color:#81c8be">ssl_session_cache</span> <span style="color:#a6d189">shared:SSL:20m</span>;
|
||||||
</span></span><span style="display:flex;"><span> <span style="color:#ca9ee6">ssl_session_timeout</span> <span style="color:#a6d189">4h</span><span style="color:#c6d0f5">;</span>
|
</span></span><span style="display:flex;"><span> <span style="color:#81c8be">ssl_session_timeout</span> <span style="color:#a6d189">4h</span>;
|
||||||
</span></span><span style="display:flex;"><span> <span style="color:#ca9ee6">proxy_pass</span> <span style="color:#a6d189">dns</span><span style="color:#c6d0f5">;</span>
|
</span></span><span style="display:flex;"><span> <span style="color:#81c8be">proxy_pass</span> <span style="color:#a6d189">dns</span>;
|
||||||
</span></span><span style="display:flex;"><span> <span style="color:#ca9ee6">proxy_responses</span> 1<span style="color:#c6d0f5">;</span>
|
</span></span><span style="display:flex;"><span> <span style="color:#81c8be">proxy_responses</span> <span style="color:#ef9f76">1</span>;
|
||||||
</span></span><span style="display:flex;"><span> <span style="color:#ca9ee6">proxy_timeout</span> <span style="color:#a6d189">1s</span><span style="color:#c6d0f5">;</span>
|
</span></span><span style="display:flex;"><span> <span style="color:#81c8be">proxy_timeout</span> <span style="color:#a6d189">1s</span>;
|
||||||
</span></span><span style="display:flex;"><span> <span style="color:#c6d0f5">}</span>
|
</span></span><span style="display:flex;"><span> }
|
||||||
</span></span><span style="display:flex;"><span><span style="color:#c6d0f5">}</span>
|
</span></span><span style="display:flex;"><span>}
|
||||||
</span></span></code></pre></div><p>Also make sure to enable port 853, example ufw command is <code>ufw allow 853/tcp</code>. Then restart nginx, to test if this configuration is working you can use your android phone by setting the private dns address to <code>dot.example.com</code> and then visit the website<a href="https://dnsleaktest.com">dnsleaktest</a></p>
|
</span></span></code></pre></div><p>Also make sure to enable port 853, example ufw command is <code>ufw allow 853/tcp</code>. Then restart nginx, to test if this configuration is working you can use your android phone by setting the private dns address to <code>dot.example.com</code> and then visit the website<a href="https://dnsleaktest.com">dnsleaktest</a></p>
|
||||||
<h2 id="4-dns-over-https">4. DNS over HTTPS</h2>
|
<h2 id="4-dns-over-https">4. DNS over HTTPS</h2>
|
||||||
<p>For using dns over https we will be installing additional package called dnsdinst. On debian systems just run <code>apt install dnsdinst</code>. Next you will need to setup dnsdinst config and restart it. Make sure to change example.com.</p>
|
<p>For using dns over https we will be installing additional package called dnsdinst. On debian systems just run <code>apt install dnsdinst</code>. Next you will need to setup dnsdinst config and restart it. Make sure to change example.com.</p>
|
||||||
<div class="highlight"><pre tabindex="0" style="color:#ef9f76;background-color:#303446;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-conf" data-lang="conf"><span style="display:flex;"><span><span style="color:#babbf1">--</span> <span style="color:#babbf1">dnsdist</span> <span style="color:#babbf1">configuration</span> <span style="color:#babbf1">file</span><span style="color:#c6d0f5">,</span> <span style="color:#babbf1">an</span> <span style="color:#babbf1">example</span> <span style="color:#babbf1">can</span> <span style="color:#babbf1">be</span> <span style="color:#babbf1">found</span> <span style="color:#babbf1">in</span> <span style="color:#e78284">/</span><span style="color:#babbf1">usr</span><span style="color:#e78284">/</span><span style="color:#babbf1">share</span><span style="color:#e78284">/</span><span style="color:#babbf1">doc</span><span style="color:#e78284">/</span><span style="color:#babbf1">dnsdist</span><span style="color:#e78284">/</span><span style="color:#babbf1">examples</span><span style="color:#e78284">/</span>
|
<pre tabindex="0"><code class="language-conf" data-lang="conf">-- dnsdist configuration file, an example can be found in /usr/share/doc/dnsdist/examples/
|
||||||
|
|
||||||
|
-- disable security status polling via DNS
|
||||||
|
setSecurityPollSuffix("")
|
||||||
|
|
||||||
|
-- fix up possibly badly truncated answers from pdns 2.9.22
|
||||||
|
-- truncateTC(true)
|
||||||
|
|
||||||
|
-- Answer to only clients from this subnet
|
||||||
|
setACL("127.0.0.1/8")
|
||||||
|
|
||||||
|
-- Define upstream DNS server (Pi-hole)
|
||||||
|
newServer({address="127.0.0.1", name="Pi-hole", checkName="example.com", checkInterval=60, mustResolve=true})
|
||||||
|
|
||||||
|
-- Create local DOH server listener in DNS over HTTP mode, otherwise the information coming from nginx won't be processed well
|
||||||
|
addDOHLocal("127.0.0.1:5300", nil, nil, "/dns-query", { reusePort=true })
|
||||||
|
</code></pre><p>Next we will need another ssl certificate for the doh domain, for that we will once again using certbot with this command <code>certbot --nginx -d doh.example.com</code>after that add this configuratin to nginx either in sites-available and linking it to sites enabled or in http block in main nginx configuration.</p>
|
||||||
|
<div class="highlight"><pre tabindex="0" style="color:#c6d0f5;background-color:#303446;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-nginx" data-lang="nginx"><span style="display:flex;"><span><span style="color:#737994;font-style:italic"># Proxy Cache storage - so we can cache the DoH response from the upstream
|
||||||
|
</span></span></span><span style="display:flex;"><span><span style="color:#737994;font-style:italic"></span><span style="color:#ca9ee6">proxy_cache_path</span> <span style="color:#a6d189">/var/run/doh_cache</span> <span style="color:#a6d189">levels=1:2</span> <span style="color:#a6d189">keys_zone=doh_cache:10m</span>;
|
||||||
</span></span><span style="display:flex;"><span>
|
</span></span><span style="display:flex;"><span>
|
||||||
</span></span><span style="display:flex;"><span><span style="color:#babbf1">--</span> <span style="color:#babbf1">disable</span> <span style="color:#babbf1">security</span> <span style="color:#babbf1">status</span> <span style="color:#babbf1">polling</span> <span style="color:#babbf1">via</span> <span style="color:#babbf1">DNS</span>
|
</span></span><span style="display:flex;"><span><span style="color:#ca9ee6">server</span> {
|
||||||
</span></span><span style="display:flex;"><span><span style="color:#99d1db">setSecurityPollSuffix</span><span style="color:#c6d0f5">(</span><span style="color:#a6d189">""</span><span style="color:#c6d0f5">)</span>
|
</span></span><span style="display:flex;"><span> <span style="color:#81c8be">listen</span> <span style="color:#ef9f76">80</span>;
|
||||||
|
</span></span><span style="display:flex;"><span> <span style="color:#81c8be">server_name</span> <span style="color:#a6d189">doh.example.com</span>;
|
||||||
|
</span></span><span style="display:flex;"><span> <span style="color:#81c8be">return</span> <span style="color:#ef9f76">301</span> <span style="color:#a6d189">https://doh.example.com/</span><span style="color:#f2d5cf">$request_uri</span>;
|
||||||
|
</span></span><span style="display:flex;"><span>}
|
||||||
</span></span><span style="display:flex;"><span>
|
</span></span><span style="display:flex;"><span>
|
||||||
</span></span><span style="display:flex;"><span><span style="color:#babbf1">--</span> <span style="color:#babbf1">fix</span> <span style="color:#babbf1">up</span> <span style="color:#babbf1">possibly</span> <span style="color:#babbf1">badly</span> <span style="color:#babbf1">truncated</span> <span style="color:#babbf1">answers</span> <span style="color:#babbf1">from</span> <span style="color:#babbf1">pdns</span> <span style="color:#babbf1">2.9.22</span>
|
</span></span><span style="display:flex;"><span><span style="color:#737994;font-style:italic"># This virtual server accepts HTTP/2 over HTTPS
|
||||||
</span></span><span style="display:flex;"><span><span style="color:#babbf1">--</span> <span style="color:#99d1db">truncateTC</span><span style="color:#c6d0f5">(</span><span style="color:#ca9ee6;font-style:italic">true</span><span style="color:#c6d0f5">)</span>
|
</span></span></span><span style="display:flex;"><span><span style="color:#737994;font-style:italic"></span><span style="color:#ca9ee6">server</span> {
|
||||||
|
</span></span><span style="display:flex;"><span> <span style="color:#81c8be">listen</span> <span style="color:#ef9f76">443</span> <span style="color:#a6d189">ssl</span> <span style="color:#a6d189">http2</span>;
|
||||||
|
</span></span><span style="display:flex;"><span> <span style="color:#81c8be">server_name</span> <span style="color:#a6d189">doh.example.com</span>;
|
||||||
</span></span><span style="display:flex;"><span>
|
</span></span><span style="display:flex;"><span>
|
||||||
</span></span><span style="display:flex;"><span><span style="color:#babbf1">--</span> <span style="color:#babbf1">Answer</span> <span style="color:#babbf1">to</span> <span style="color:#babbf1">only</span> <span style="color:#babbf1">clients</span> <span style="color:#babbf1">from</span> <span style="color:#babbf1">this</span> <span style="color:#e5c890">subnet</span>
|
</span></span><span style="display:flex;"><span> <span style="color:#81c8be">access_log</span> <span style="color:#a6d189">/var/log/nginx/doh.access</span>;
|
||||||
</span></span><span style="display:flex;"><span><span style="color:#99d1db">setACL</span><span style="color:#c6d0f5">(</span><span style="color:#a6d189">"127.0.0.1/8"</span><span style="color:#c6d0f5">)</span>
|
</span></span><span style="display:flex;"><span> <span style="color:#81c8be">error_log</span> <span style="color:#a6d189">/var/log/nginx/doh.error</span> <span style="color:#a6d189">error</span>;
|
||||||
</span></span><span style="display:flex;"><span>
|
</span></span><span style="display:flex;"><span>
|
||||||
</span></span><span style="display:flex;"><span><span style="color:#babbf1">--</span> <span style="color:#babbf1">Define</span> <span style="color:#babbf1">upstream</span> <span style="color:#babbf1">DNS</span> <span style="color:#99d1db">server</span> <span style="color:#c6d0f5">(</span><span style="color:#babbf1">Pi-hole</span><span style="color:#c6d0f5">)</span>
|
</span></span><span style="display:flex;"><span> <span style="color:#81c8be">ssl_certificate</span> <span style="color:#a6d189">/etc/letsencrypt/live/doh.example.com/fullchain.pem</span>;
|
||||||
</span></span><span style="display:flex;"><span><span style="color:#99d1db">newServer</span><span style="color:#c6d0f5">({</span><span style="color:#babbf1">address</span><span style="color:#99d1db">=</span><span style="color:#a6d189">"127.0.0.1"</span><span style="color:#c6d0f5">,</span> <span style="color:#babbf1">name</span><span style="color:#99d1db">=</span><span style="color:#a6d189">"Pi-hole"</span><span style="color:#c6d0f5">,</span> <span style="color:#babbf1">checkName</span><span style="color:#99d1db">=</span><span style="color:#a6d189">"example.com"</span><span style="color:#c6d0f5">,</span> <span style="color:#babbf1">checkInterval</span><span style="color:#99d1db">=</span><span style="color:#babbf1">60</span><span style="color:#c6d0f5">,</span> <span style="color:#babbf1">mustResolve</span><span style="color:#99d1db">=</span><span style="color:#ca9ee6;font-style:italic">true</span><span style="color:#c6d0f5">})</span>
|
</span></span><span style="display:flex;"><span> <span style="color:#81c8be">ssl_certificate_key</span> <span style="color:#a6d189">/etc/letsencrypt/live/doh.example.com/privkey.pem</span>;
|
||||||
</span></span><span style="display:flex;"><span>
|
|
||||||
</span></span><span style="display:flex;"><span><span style="color:#babbf1">--</span> <span style="color:#babbf1">Create</span> <span style="color:#babbf1">local</span> <span style="color:#babbf1">DOH</span> <span style="color:#babbf1">server</span> <span style="color:#babbf1">listener</span> <span style="color:#babbf1">in</span> <span style="color:#babbf1">DNS</span> <span style="color:#babbf1">over</span> <span style="color:#babbf1">HTTP</span> <span style="color:#babbf1">mode</span><span style="color:#c6d0f5">,</span> <span style="color:#babbf1">otherwise</span> <span style="color:#babbf1">the</span> <span style="color:#babbf1">information</span> <span style="color:#babbf1">coming</span> <span style="color:#babbf1">from</span> <span style="color:#babbf1">nginx</span> <span style="color:#babbf1">won</span><span style="color:#e78284">'</span><span style="color:#babbf1">t</span> <span style="color:#babbf1">be</span> <span style="color:#babbf1">processed</span> <span style="color:#babbf1">well</span>
|
|
||||||
</span></span><span style="display:flex;"><span><span style="color:#99d1db">addDOHLocal</span><span style="color:#c6d0f5">(</span><span style="color:#a6d189">"127.0.0.1:5300"</span><span style="color:#c6d0f5">,</span> <span style="color:#babbf1">nil</span><span style="color:#c6d0f5">,</span> <span style="color:#babbf1">nil</span><span style="color:#c6d0f5">,</span> <span style="color:#a6d189">"/dns-query"</span><span style="color:#c6d0f5">,</span> <span style="color:#c6d0f5">{</span> <span style="color:#babbf1">reusePort</span><span style="color:#99d1db">=</span><span style="color:#ca9ee6;font-style:italic">true</span> <span style="color:#c6d0f5">})</span>
|
|
||||||
</span></span></code></pre></div><p>Next we will need another ssl certificate for the doh domain, for that we will once again using certbot with this command <code>certbot --nginx -d doh.example.com</code>after that add this configuratin to nginx either in sites-available and linking it to sites enabled or in http block in main nginx configuration.</p>
|
|
||||||
<div class="highlight"><pre tabindex="0" style="color:#ef9f76;background-color:#303446;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-nginx" data-lang="nginx"><span style="display:flex;"><span><span style="color:#626880;font-style:italic"># Proxy Cache storage - so we can cache the DoH response from the upstream
|
|
||||||
</span></span></span><span style="display:flex;"><span><span style="color:#626880;font-style:italic"></span><span style="color:#ca9ee6">proxy_cache_path</span> <span style="color:#a6d189">/var/run/doh_cache</span> <span style="color:#a6d189">levels=1:2</span> <span style="color:#a6d189">keys_zone=doh_cache:10m</span><span style="color:#c6d0f5">;</span>
|
|
||||||
</span></span><span style="display:flex;"><span>
|
|
||||||
</span></span><span style="display:flex;"><span><span style="color:#ca9ee6">server</span> <span style="color:#c6d0f5">{</span>
|
|
||||||
</span></span><span style="display:flex;"><span> <span style="color:#ca9ee6">listen</span> 80<span style="color:#c6d0f5">;</span>
|
|
||||||
</span></span><span style="display:flex;"><span> <span style="color:#ca9ee6">server_name</span> <span style="color:#a6d189">doh.example.com</span><span style="color:#c6d0f5">;</span>
|
|
||||||
</span></span><span style="display:flex;"><span> <span style="color:#ca9ee6">return</span> 301 <span style="color:#a6d189">https://doh.example.com/</span><span style="color:#babbf1">$request_uri</span><span style="color:#c6d0f5">;</span>
|
|
||||||
</span></span><span style="display:flex;"><span><span style="color:#c6d0f5">}</span>
|
|
||||||
</span></span><span style="display:flex;"><span>
|
|
||||||
</span></span><span style="display:flex;"><span><span style="color:#626880;font-style:italic"># This virtual server accepts HTTP/2 over HTTPS
|
|
||||||
</span></span></span><span style="display:flex;"><span><span style="color:#626880;font-style:italic"></span><span style="color:#ca9ee6">server</span> <span style="color:#c6d0f5">{</span>
|
|
||||||
</span></span><span style="display:flex;"><span> <span style="color:#ca9ee6">listen</span> 443 <span style="color:#a6d189">ssl</span> <span style="color:#a6d189">http2</span><span style="color:#c6d0f5">;</span>
|
|
||||||
</span></span><span style="display:flex;"><span> <span style="color:#ca9ee6">server_name</span> <span style="color:#a6d189">doh.example.com</span><span style="color:#c6d0f5">;</span>
|
|
||||||
</span></span><span style="display:flex;"><span>
|
|
||||||
</span></span><span style="display:flex;"><span> <span style="color:#ca9ee6">access_log</span> <span style="color:#a6d189">/var/log/nginx/doh.access</span><span style="color:#c6d0f5">;</span>
|
|
||||||
</span></span><span style="display:flex;"><span> <span style="color:#ca9ee6">error_log</span> <span style="color:#a6d189">/var/log/nginx/doh.error</span> <span style="color:#a6d189">error</span><span style="color:#c6d0f5">;</span>
|
|
||||||
</span></span><span style="display:flex;"><span>
|
|
||||||
</span></span><span style="display:flex;"><span> <span style="color:#ca9ee6">ssl_certificate</span> <span style="color:#a6d189">/etc/letsencrypt/live/doh.example.com/fullchain.pem</span><span style="color:#c6d0f5">;</span>
|
|
||||||
</span></span><span style="display:flex;"><span> <span style="color:#ca9ee6">ssl_certificate_key</span> <span style="color:#a6d189">/etc/letsencrypt/live/doh.example.com/privkey.pem</span><span style="color:#c6d0f5">;</span>
|
|
||||||
</span></span><span style="display:flex;"><span>
|
</span></span><span style="display:flex;"><span>
|
||||||
</span></span><span style="display:flex;"><span>
|
</span></span><span style="display:flex;"><span>
|
||||||
</span></span><span style="display:flex;"><span> <span style="color:#626880;font-style:italic"># DoH may use GET or POST requests, Cache both
|
</span></span><span style="display:flex;"><span> <span style="color:#737994;font-style:italic"># DoH may use GET or POST requests, Cache both
|
||||||
</span></span></span><span style="display:flex;"><span><span style="color:#626880;font-style:italic"></span> <span style="color:#ca9ee6">proxy_cache_methods</span> <span style="color:#a6d189">GET</span> <span style="color:#a6d189">POST</span><span style="color:#c6d0f5">;</span>
|
</span></span></span><span style="display:flex;"><span><span style="color:#737994;font-style:italic"></span> <span style="color:#81c8be">proxy_cache_methods</span> <span style="color:#a6d189">GET</span> <span style="color:#a6d189">POST</span>;
|
||||||
</span></span><span style="display:flex;"><span>
|
</span></span><span style="display:flex;"><span>
|
||||||
</span></span><span style="display:flex;"><span> <span style="color:#626880;font-style:italic"># Return 404 to all responses, except for those using our published DoH URI
|
</span></span><span style="display:flex;"><span> <span style="color:#737994;font-style:italic"># Return 404 to all responses, except for those using our published DoH URI
|
||||||
</span></span></span><span style="display:flex;"><span><span style="color:#626880;font-style:italic"></span> <span style="color:#ca9ee6">location</span> <span style="color:#a6d189">/</span> <span style="color:#c6d0f5">{</span>
|
</span></span></span><span style="display:flex;"><span><span style="color:#737994;font-style:italic"></span> <span style="color:#81c8be">location</span> <span style="color:#a6d189">/</span> {
|
||||||
</span></span><span style="display:flex;"><span> <span style="color:#ca9ee6">try_files</span> <span style="color:#babbf1">$uri</span> <span style="color:#babbf1">$uri/</span> <span style="color:#c6d0f5">=</span>404<span style="color:#c6d0f5">;</span>
|
</span></span><span style="display:flex;"><span> <span style="color:#81c8be">try_files</span> <span style="color:#f2d5cf">$uri</span> <span style="color:#f2d5cf">$uri/</span> =<span style="color:#ef9f76">404</span>;
|
||||||
</span></span><span style="display:flex;"><span> <span style="color:#c6d0f5">}</span>
|
</span></span><span style="display:flex;"><span> }
|
||||||
</span></span><span style="display:flex;"><span>
|
</span></span><span style="display:flex;"><span>
|
||||||
</span></span><span style="display:flex;"><span> <span style="color:#ca9ee6">ssl_protocols</span> <span style="color:#a6d189">TLSv1.2</span> <span style="color:#a6d189">TLSv1.3</span><span style="color:#c6d0f5">;</span>
|
</span></span><span style="display:flex;"><span> <span style="color:#81c8be">ssl_protocols</span> <span style="color:#a6d189">TLSv1.2</span> <span style="color:#a6d189">TLSv1.3</span>;
|
||||||
</span></span><span style="display:flex;"><span> <span style="color:#ca9ee6">proxy_ssl_ciphers</span> <span style="color:#a6d189">HIGH:!aNULL:!MD5</span><span style="color:#c6d0f5">;</span>
|
</span></span><span style="display:flex;"><span> <span style="color:#81c8be">proxy_ssl_ciphers</span> <span style="color:#a6d189">HIGH:!aNULL:!MD5</span>;
|
||||||
</span></span><span style="display:flex;"><span>
|
</span></span><span style="display:flex;"><span>
|
||||||
</span></span><span style="display:flex;"><span> <span style="color:#626880;font-style:italic"># This is our published DoH URI
|
</span></span><span style="display:flex;"><span> <span style="color:#737994;font-style:italic"># This is our published DoH URI
|
||||||
</span></span></span><span style="display:flex;"><span><span style="color:#626880;font-style:italic"></span> <span style="color:#ca9ee6">location</span> <span style="color:#a6d189">/dns-query</span> <span style="color:#c6d0f5">{</span>
|
</span></span></span><span style="display:flex;"><span><span style="color:#737994;font-style:italic"></span> <span style="color:#81c8be">location</span> <span style="color:#a6d189">/dns-query</span> {
|
||||||
</span></span><span style="display:flex;"><span> <span style="color:#626880;font-style:italic"># Proxy HTTP/1.1, clear the connection header to enable Keep-Alive
|
</span></span><span style="display:flex;"><span> <span style="color:#737994;font-style:italic"># Proxy HTTP/1.1, clear the connection header to enable Keep-Alive
|
||||||
</span></span></span><span style="display:flex;"><span><span style="color:#626880;font-style:italic"></span> <span style="color:#ca9ee6">proxy_http_version</span> 1<span style="color:#a6d189">.1</span><span style="color:#c6d0f5">;</span>
|
</span></span></span><span style="display:flex;"><span><span style="color:#737994;font-style:italic"></span> <span style="color:#81c8be">proxy_http_version</span> <span style="color:#ef9f76">1</span><span style="color:#a6d189">.1</span>;
|
||||||
</span></span><span style="display:flex;"><span> <span style="color:#ca9ee6">proxy_set_header</span> <span style="color:#a6d189">Connection</span> <span style="color:#a6d189">""</span><span style="color:#c6d0f5">;</span>
|
</span></span><span style="display:flex;"><span> <span style="color:#81c8be">proxy_set_header</span> <span style="color:#a6d189">Connection</span> <span style="color:#a6d189">""</span>;
|
||||||
</span></span><span style="display:flex;"><span>
|
</span></span><span style="display:flex;"><span>
|
||||||
</span></span><span style="display:flex;"><span> <span style="color:#626880;font-style:italic"># Enable Cache, and set the cache_key to include the request_body
|
</span></span><span style="display:flex;"><span> <span style="color:#737994;font-style:italic"># Enable Cache, and set the cache_key to include the request_body
|
||||||
</span></span></span><span style="display:flex;"><span><span style="color:#626880;font-style:italic"></span> <span style="color:#ca9ee6">proxy_cache</span> <span style="color:#a6d189">doh_cache</span><span style="color:#c6d0f5">;</span>
|
</span></span></span><span style="display:flex;"><span><span style="color:#737994;font-style:italic"></span> <span style="color:#81c8be">proxy_cache</span> <span style="color:#a6d189">doh_cache</span>;
|
||||||
</span></span><span style="display:flex;"><span> <span style="color:#ca9ee6">proxy_cache_key</span> <span style="color:#babbf1">$scheme$proxy_host$uri$is_args$args$request_body</span><span style="color:#c6d0f5">;</span>
|
</span></span><span style="display:flex;"><span> <span style="color:#81c8be">proxy_cache_key</span> <span style="color:#f2d5cf">$scheme$proxy_host$uri$is_args$args$request_body</span>;
|
||||||
</span></span><span style="display:flex;"><span>
|
</span></span><span style="display:flex;"><span>
|
||||||
</span></span><span style="display:flex;"><span> <span style="color:#626880;font-style:italic"># proxy pass to dnsdist
|
</span></span><span style="display:flex;"><span> <span style="color:#737994;font-style:italic"># proxy pass to dnsdist
|
||||||
</span></span></span><span style="display:flex;"><span><span style="color:#626880;font-style:italic"></span> <span style="color:#ca9ee6">proxy_pass</span> <span style="color:#a6d189">http://127.0.0.1:5300</span><span style="color:#c6d0f5">;</span>
|
</span></span></span><span style="display:flex;"><span><span style="color:#737994;font-style:italic"></span> <span style="color:#81c8be">proxy_pass</span> <span style="color:#a6d189">http://127.0.0.1:5300</span>;
|
||||||
</span></span><span style="display:flex;"><span>
|
</span></span><span style="display:flex;"><span>
|
||||||
</span></span><span style="display:flex;"><span> <span style="color:#626880;font-style:italic"># proxy pass address
|
</span></span><span style="display:flex;"><span> <span style="color:#737994;font-style:italic"># proxy pass address
|
||||||
</span></span></span><span style="display:flex;"><span><span style="color:#626880;font-style:italic"></span> <span style="color:#ca9ee6">proxy_set_header</span> <span style="color:#a6d189">X-Forwarded-For</span> <span style="color:#babbf1">$proxy_add_x_forwarded_for</span><span style="color:#c6d0f5">;</span>
|
</span></span></span><span style="display:flex;"><span><span style="color:#737994;font-style:italic"></span> <span style="color:#81c8be">proxy_set_header</span> <span style="color:#a6d189">X-Forwarded-For</span> <span style="color:#f2d5cf">$proxy_add_x_forwarded_for</span>;
|
||||||
</span></span><span style="display:flex;"><span> <span style="color:#c6d0f5">}</span>
|
</span></span><span style="display:flex;"><span> }
|
||||||
</span></span><span style="display:flex;"><span><span style="color:#c6d0f5">}</span>
|
</span></span><span style="display:flex;"><span>}
|
||||||
</span></span></code></pre></div><p>After restarting nginx with this configuration you can it to your web browser as a DNS over HTTPS resolver and once again checkout <a href="https://dnsleaktest.com">dnsleaktest</a> website and check if it is all working.</p>
|
</span></span></code></pre></div><p>After restarting nginx with this configuration you can it to your web browser as a DNS over HTTPS resolver and once again checkout <a href="https://dnsleaktest.com">dnsleaktest</a> website and check if it is all working.</p>
|
||||||
<p>Hope this has been helpfull and if anybody has any way on how to make this guied better you can open a pull request or make an issue on the website’s <a href="https://code.cronyakatsuki.xyz/crony/website">repo</a>.</p>
|
<p>Hope this has been helpfull and if anybody has any way on how to make this guied better you can open a pull request or make an issue on the website’s <a href="https://code.cronyakatsuki.xyz/crony/website">repo</a>.</p>
|
||||||
</div>
|
</div>
|
||||||
|
|||||||
251
public/blog/virgin-mutt-user-meet-mblaze/index.html
Normal file
251
public/blog/virgin-mutt-user-meet-mblaze/index.html
Normal file
@ -0,0 +1,251 @@
|
|||||||
|
<!doctype html>
|
||||||
|
<html lang="en">
|
||||||
|
|
||||||
|
<head>
|
||||||
|
<meta charset="UTF-8" />
|
||||||
|
<meta name="viewport" content="width=device-width, initial-scale=1" />
|
||||||
|
<link href="/css/style.css" rel="stylesheet" />
|
||||||
|
|
||||||
|
<title>Virgin (Neo)Mutt User Meet Mblaze</title>
|
||||||
|
<meta property="og:title" content="Virgin (Neo)Mutt User Meet Mblaze" />
|
||||||
|
<meta property="og:description" content="We have all heard of (Neo)Mutt when it comes to managing e-mail in the terminal right? What would you do if I told you there is an even better and more UNIX way to manage mail on the terminal? Well there is and it’s called mblaze." />
|
||||||
|
<meta property="og:type" content="article" />
|
||||||
|
<meta property="og:url" content="https://cronyakatsuki.xyz/blog/virgin-mutt-user-meet-mblaze/" /><meta property="article:section" content="blog" />
|
||||||
|
<meta property="article:published_time" content="2023-10-24T18:13:18+02:00" />
|
||||||
|
<meta property="article:modified_time" content="2023-10-24T18:13:18+02:00" /><meta property="og:site_name" content="Crony Akatsuki's Website" />
|
||||||
|
|
||||||
|
</head>
|
||||||
|
|
||||||
|
<body>
|
||||||
|
<header>
|
||||||
|
<h1>Crony Akatsuki</h1>
|
||||||
|
<nav>
|
||||||
|
<span><a href="/">Home</a></span>
|
||||||
|
<span>|</span>
|
||||||
|
<span><a href="/about">About</a></span>
|
||||||
|
<span>|</span>
|
||||||
|
<span><a href="/blog">Blog</a></span>
|
||||||
|
<span>|</span>
|
||||||
|
<span><a href="/services">Services</a></span>
|
||||||
|
</nav>
|
||||||
|
</header>
|
||||||
|
|
||||||
|
|
||||||
|
<main>
|
||||||
|
<div id="content">
|
||||||
|
|
||||||
|
<h1>Virgin (Neo)Mutt User Meet Mblaze</h1>
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
<div id="blog-meta">
|
||||||
|
<p id="date">24-10-2023</p>
|
||||||
|
|
||||||
|
|
||||||
|
<hr>
|
||||||
|
</div>
|
||||||
|
|
||||||
|
<p>We have all heard of (Neo)Mutt when it comes to managing e-mail in the terminal right? What would you do if I told you there is an even better and more UNIX way to manage mail on the terminal? Well there is and it’s called <a href="https://github.com/leahneukirchen/mblaze">mblaze</a>.</p>
|
||||||
|
<p>In this post I will explain to you how to setup mblaze for managing your email, but for that we will 2 more additional software to manage our mail with mblaze. <a href="https://www.opensmtpd.org/">OpenSMTPD</a> the openbsd fast mail server for getting local mail from services like crontab and sending mail with, and <a href="https://isync.sourceforge.io/">isync</a> for downloading our mail from our remote server’s either selfhosted or gmail.</p>
|
||||||
|
<h1 id="1-opensmtpd">1. OpenSMTPD</h1>
|
||||||
|
<p>First we will setup OpenSMTP for local mail, and we will also relay’s that allow us to send e-mail from our selfhosted or gmail mail server’s for example. Make sure to install opensmtpd from your package maanager.</p>
|
||||||
|
<blockquote>
|
||||||
|
<p>Edit <code>/etc/smtpd/smtpd.conf</code></p>
|
||||||
|
</blockquote>
|
||||||
|
<pre tabindex="0"><code class="language-conf" data-lang="conf">table aliases file:/etc/mail/aliases
|
||||||
|
table credentials file:/etc/mail/credentials
|
||||||
|
|
||||||
|
listen on 127.0.0.1
|
||||||
|
|
||||||
|
action "local_mail" maildir "/home/%{user.username}/.local/share/Maildir/local" alias <aliases>
|
||||||
|
action outbound_selfhost relay host smtp+tls://selfhost@subdomain.domain.com:587 auth <credentials>
|
||||||
|
action outbound_gmail relay host smtp+tls://gmail@smtp.gmail.com:587 auth <credentials>
|
||||||
|
|
||||||
|
match for local action "local_mail"
|
||||||
|
match mail-from "selfhost@domain.com" for any action outbound_selfhost
|
||||||
|
match mail-from "username@gmail.com" for any action outbound_gmail
|
||||||
|
</code></pre><p>Next you will need to update aliases in file /etc/mail/aliases under the comment <code># Well-known aliases -- these should be filled in!</code> to your main user account on your system.</p>
|
||||||
|
<p>Now we will also setup the passwords in the <code>/etc/mail/credentials</code>, Note for gmail you will need to setup app password for it to be usable with this method and enable smtp in gmail.</p>
|
||||||
|
<pre tabindex="0"><code class="language-conf" data-lang="conf">selfhost selfhost:selfhost_password
|
||||||
|
gmail gmail:gmail_password
|
||||||
|
</code></pre><p>Also make sure to run <code>sudo chmod 600 /etc/mail/credentials</code> to make sure the password’s aren’t readable if you aren’t running as sudo.</p>
|
||||||
|
<h1 id="2-isync">2. isync</h1>
|
||||||
|
<p>Now we will setup isync to get our e-mail from our server’s. In this example there is both settings for a selfhosted server and a gmail one.</p>
|
||||||
|
<blockquote>
|
||||||
|
<p>Edit <code>$HOME/.mbsyncrc</code></p>
|
||||||
|
</blockquote>
|
||||||
|
<pre tabindex="0"><code class="language-rc" data-lang="rc">IMAPStore selfhost-remote
|
||||||
|
Host subdomain.domain.com
|
||||||
|
Port 993
|
||||||
|
User selfhost@domain.com
|
||||||
|
PassCmd "Command for password" or Pass password
|
||||||
|
SSLType IMAPS
|
||||||
|
CertificateFile /etc/ssl/certs/ca-certificates.crt
|
||||||
|
|
||||||
|
MaildirStore selfhost-local
|
||||||
|
Path ~/.local/share/Maildir/selfhost/
|
||||||
|
Inbox ~/.local/share/Maildir/selfhost/INBOX
|
||||||
|
SubFolders Verbatim
|
||||||
|
|
||||||
|
Channel selfhost
|
||||||
|
Far :selfhost-remote:
|
||||||
|
Near :selfhost-local:
|
||||||
|
Create Both
|
||||||
|
Expunge Both
|
||||||
|
Patterns * !"[Gmail]/All Mail" !"*fts-flatcurve*" !"*virtual*"
|
||||||
|
SyncState *
|
||||||
|
Create Both
|
||||||
|
|
||||||
|
IMAPStore gmail-remote
|
||||||
|
Host imap.gmail.com
|
||||||
|
Port 993
|
||||||
|
User gmail@gmail.com
|
||||||
|
PassCmd "Command for password" or Pass password
|
||||||
|
SSLType IMAPS
|
||||||
|
CertificateFile /etc/ssl/certs/ca-certificates.crt
|
||||||
|
|
||||||
|
MaildirStore gmail-local
|
||||||
|
Path ~/.local/share/Maildir/gmail/
|
||||||
|
Inbox ~/.local/share/Maildir/gmail/INBOX
|
||||||
|
SubFolders Verbatim
|
||||||
|
|
||||||
|
Channel gmail
|
||||||
|
Far :gmail-remote:
|
||||||
|
Near :gmail-local:
|
||||||
|
Create Both
|
||||||
|
Expunge Both
|
||||||
|
Patterns * !"[Gmail]/All Mail" !"*fts-flatcurve*" !"*virtual*"
|
||||||
|
SyncState *
|
||||||
|
Create Both
|
||||||
|
</code></pre><p>Then you can run <code>mbsync -V gmail/selfhost</code> to sync a specific account or you can run <code>mbsync -a</code> to sync all your account’s.</p>
|
||||||
|
<h1 id="3-mblaze">3. mblaze</h1>
|
||||||
|
<p>Now we will start working on the most juicy part, setting up mblaze for basic usage. First we will setup a basic mblaze profile for our local account.</p>
|
||||||
|
<blockquote>
|
||||||
|
<p>Edit <code>$HOME/.mblaze/profile</code></p>
|
||||||
|
</blockquote>
|
||||||
|
<pre tabindex="0"><code class="language-conf" data-lang="conf">Local-Mailbox: user
|
||||||
|
FQDN: "Generate using command mgenmid"
|
||||||
|
Maildir: /home/crony/.local/share/Maildir/local
|
||||||
|
Outbox: /home/crony/.local/share/Maildir/local/Sent/
|
||||||
|
Drafts: /home/crony/.local/share/Maildir/local/Drafts/
|
||||||
|
Reply-From: user
|
||||||
|
# You don't need this, it just makes it easier to see date
|
||||||
|
Scan-Format: %c%u%r %-3n %10d %17f %t %2i%s
|
||||||
|
</code></pre><p>And now we are ready for using mblaze for managing our local mail with mblaze. Now for the rest of this blog I will show how I manage multiple account’s using a scipt and a couple function’s. I will also link a video that will show you in more detail things for using mblaze for managing your mail which was my inspiration for making this post.</p>
|
||||||
|
<h1 id="4-multiple-profiles-management">4. Multiple profiles management</h1>
|
||||||
|
<p>You can do this in a lot of ways with mblaze since it is very easily scriptable, but I do it with a script that copies over a preconfigure profile from <code>$HOME/.config/mblaze</code></p>
|
||||||
|
<blockquote>
|
||||||
|
<p>example selfhost mblaze config <code>$HOME/.config/mblaze/selfhost</code></p>
|
||||||
|
</blockquote>
|
||||||
|
<pre tabindex="0"><code class="language-conf" data-lang="conf">Local-Mailbox: User Name <user@domain.com>
|
||||||
|
FQDN: "Generate using command mgenmid"
|
||||||
|
Maildir: /home/crony/.local/share/Maildir/selfhost
|
||||||
|
Outbox: /home/crony/.local/share/Maildir/selfhost/Sent/
|
||||||
|
Drafts: /home/crony/.local/share/Maildir/selfhost/Drafts/
|
||||||
|
Reply-From: User Name <user@domain.com>
|
||||||
|
Scan-Format: %c%u%r %-3n %10d %17f %t %2i%s
|
||||||
|
</code></pre><blockquote>
|
||||||
|
<p>example gmail mblaze config <code>$HOME/.config/mblaze/gmail</code></p>
|
||||||
|
</blockquote>
|
||||||
|
<pre tabindex="0"><code class="language-conf" data-lang="conf">Local-Mailbox: user <user@gmail.com>
|
||||||
|
FQDN: "Generate using command mgenmid"
|
||||||
|
Maildir: /home/crony/.local/share/Maildir/gmail
|
||||||
|
Outbox: /home/crony/.local/share/Maildir/gmail/[Gmail]/Sent Mail
|
||||||
|
Drafts: /home/crony/.local/share/Maildir/gmail/[Gmail]/Drafts
|
||||||
|
Reply-From: user <user@gmail.com>
|
||||||
|
Scan-Format: %c%u%r %-3n %10d %17f %t %2i%s
|
||||||
|
</code></pre><p>For the local profile, just copy the config saved to <code>$HOME/.mblaze/profile</code> to <code>$HOME/.config/mblaze/local</code>.</p>
|
||||||
|
<p>Now onto the script and functions I use with my zsh.</p>
|
||||||
|
<blockquote>
|
||||||
|
<p>mprofile</p>
|
||||||
|
</blockquote>
|
||||||
|
<div class="highlight"><pre tabindex="0" style="color:#c6d0f5;background-color:#303446;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-bash" data-lang="bash"><span style="display:flex;"><span><span style="color:#737994;font-style:italic">#!/bin/sh
|
||||||
|
</span></span></span><span style="display:flex;"><span><span style="color:#737994;font-style:italic"></span>
|
||||||
|
</span></span><span style="display:flex;"><span><span style="color:#f2d5cf">profiles</span><span style="color:#99d1db;font-weight:bold">=</span><span style="color:#ca9ee6">$(</span>find <span style="color:#a6d189">"</span><span style="color:#f2d5cf">$HOME</span><span style="color:#a6d189">"</span>/.config/mblaze -type f -exec basename <span style="color:#a6d189">"{}"</span> <span style="color:#8caaee">\;</span><span style="color:#ca9ee6">)</span>
|
||||||
|
</span></span><span style="display:flex;"><span><span style="color:#f2d5cf">currentMaildir</span><span style="color:#99d1db;font-weight:bold">=</span><span style="color:#ca9ee6">$(</span>grep <span style="color:#a6d189">"^Maildir:"</span> <span style="color:#a6d189">"</span><span style="color:#f2d5cf">$HOME</span><span style="color:#a6d189">"</span>/.mblaze/profile | cut -d: -f <span style="color:#ef9f76">2</span> | sed <span style="color:#a6d189">'s/ //g'</span><span style="color:#ca9ee6">)</span>
|
||||||
|
</span></span><span style="display:flex;"><span>
|
||||||
|
</span></span><span style="display:flex;"><span><span style="color:#99d1db;font-weight:bold">[</span> -z <span style="color:#a6d189">"</span><span style="color:#f2d5cf">$1</span><span style="color:#a6d189">"</span> <span style="color:#99d1db;font-weight:bold">]</span> <span style="color:#99d1db;font-weight:bold">&&</span> basename <span style="color:#a6d189">"</span><span style="color:#ca9ee6">$(</span>grep -w <span style="color:#a6d189">"</span><span style="color:#f2d5cf">$currentMaildir</span><span style="color:#a6d189">"</span> -l -R <span style="color:#a6d189">"</span><span style="color:#f2d5cf">$HOME</span><span style="color:#a6d189">"</span>/.config/mblaze<span style="color:#ca9ee6">)</span><span style="color:#a6d189">"</span> <span style="color:#99d1db;font-weight:bold">&&</span> <span style="color:#99d1db">exit</span> <span style="color:#ef9f76">0</span>
|
||||||
|
</span></span><span style="display:flex;"><span><span style="color:#99d1db;font-weight:bold">[</span> <span style="color:#a6d189">"</span><span style="color:#f2d5cf">$1</span><span style="color:#a6d189">"</span> <span style="color:#99d1db;font-weight:bold">=</span> <span style="color:#a6d189">"-l"</span> <span style="color:#99d1db;font-weight:bold">]</span> <span style="color:#99d1db;font-weight:bold">&&</span> <span style="color:#99d1db">printf</span> <span style="color:#a6d189">'%s\n'</span> <span style="color:#a6d189">"</span><span style="color:#f2d5cf">$profiles</span><span style="color:#a6d189">"</span> <span style="color:#99d1db;font-weight:bold">&&</span> <span style="color:#99d1db">exit</span> <span style="color:#ef9f76">0</span>
|
||||||
|
</span></span><span style="display:flex;"><span>
|
||||||
|
</span></span><span style="display:flex;"><span><span style="color:#f2d5cf">profile</span><span style="color:#99d1db;font-weight:bold">=</span><span style="color:#a6d189">"</span><span style="color:#f2d5cf">$1</span><span style="color:#a6d189">"</span>
|
||||||
|
</span></span><span style="display:flex;"><span>
|
||||||
|
</span></span><span style="display:flex;"><span><span style="color:#ca9ee6">if</span> <span style="color:#99d1db">printf</span> <span style="color:#a6d189">'%s\n'</span> <span style="color:#a6d189">"</span><span style="color:#f2d5cf">$profiles</span><span style="color:#a6d189">"</span> | grep -qw <span style="color:#a6d189">"</span><span style="color:#f2d5cf">$profile</span><span style="color:#a6d189">"</span>; <span style="color:#ca9ee6">then</span>
|
||||||
|
</span></span><span style="display:flex;"><span> cp <span style="color:#a6d189">"</span><span style="color:#f2d5cf">$HOME</span><span style="color:#a6d189">"</span>/.config/mblaze/<span style="color:#a6d189">"</span><span style="color:#f2d5cf">$profile</span><span style="color:#a6d189">"</span> <span style="color:#a6d189">"</span><span style="color:#f2d5cf">$HOME</span><span style="color:#a6d189">"</span>/.mblaze/profile
|
||||||
|
</span></span><span style="display:flex;"><span><span style="color:#ca9ee6">else</span>
|
||||||
|
</span></span><span style="display:flex;"><span> <span style="color:#99d1db">printf</span> <span style="color:#a6d189">'%s\n'</span> <span style="color:#a6d189">"This profile doesn't exist"</span>
|
||||||
|
</span></span><span style="display:flex;"><span><span style="color:#ca9ee6">fi</span>
|
||||||
|
</span></span></code></pre></div><p>The script is able to print the current profile when run without argument, listing all available profiles using -l and setting the profile by providing it’s name.</p>
|
||||||
|
<blockquote>
|
||||||
|
<p>functions</p>
|
||||||
|
</blockquote>
|
||||||
|
<div class="highlight"><pre tabindex="0" style="color:#c6d0f5;background-color:#303446;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-bash" data-lang="bash"><span style="display:flex;"><span><span style="color:#737994;font-style:italic"># mblaze functions</span>
|
||||||
|
</span></span><span style="display:flex;"><span>
|
||||||
|
</span></span><span style="display:flex;"><span><span style="color:#737994;font-style:italic"># Get new mail for current profile</span>
|
||||||
|
</span></span><span style="display:flex;"><span>mnew <span style="color:#99d1db;font-weight:bold">()</span> <span style="color:#99d1db;font-weight:bold">{</span>
|
||||||
|
</span></span><span style="display:flex;"><span> <span style="color:#f2d5cf">maildir</span><span style="color:#99d1db;font-weight:bold">=</span><span style="color:#ca9ee6">$(</span>grep <span style="color:#a6d189">"^Maildir:"</span> <span style="color:#f2d5cf">$HOME</span>/.mblaze/profile | cut -d: -f <span style="color:#ef9f76">2</span> | sed <span style="color:#a6d189">'s/ //g'</span><span style="color:#ca9ee6">)</span>
|
||||||
|
</span></span><span style="display:flex;"><span> <span style="color:#f2d5cf">profile</span><span style="color:#99d1db;font-weight:bold">=</span><span style="color:#ca9ee6">$(</span>basename <span style="color:#f2d5cf">$maildir</span><span style="color:#ca9ee6">)</span>
|
||||||
|
</span></span><span style="display:flex;"><span> <span style="color:#ca9ee6">if</span> <span style="color:#99d1db;font-weight:bold">[</span> <span style="color:#a6d189">"</span><span style="color:#f2d5cf">$profile</span><span style="color:#a6d189">"</span> <span style="color:#99d1db;font-weight:bold">=</span> <span style="color:#a6d189">"local"</span> <span style="color:#99d1db;font-weight:bold">]</span>; <span style="color:#ca9ee6">then</span>
|
||||||
|
</span></span><span style="display:flex;"><span> mlist -s <span style="color:#a6d189">"</span><span style="color:#f2d5cf">$maildir</span><span style="color:#a6d189">"</span>| msort -dr | mseq -S
|
||||||
|
</span></span><span style="display:flex;"><span> <span style="color:#ca9ee6">else</span>
|
||||||
|
</span></span><span style="display:flex;"><span> mbsync -V <span style="color:#f2d5cf">$profile</span>
|
||||||
|
</span></span><span style="display:flex;"><span> mlist -s <span style="color:#a6d189">"</span><span style="color:#f2d5cf">$maildir</span><span style="color:#a6d189">"</span>/INBOX | msort -dr | mseq -S
|
||||||
|
</span></span><span style="display:flex;"><span> <span style="color:#ca9ee6">fi</span>
|
||||||
|
</span></span><span style="display:flex;"><span><span style="color:#99d1db;font-weight:bold">}</span>
|
||||||
|
</span></span><span style="display:flex;"><span>
|
||||||
|
</span></span><span style="display:flex;"><span><span style="color:#737994;font-style:italic"># Get full mail for current profile including threads</span>
|
||||||
|
</span></span><span style="display:flex;"><span>mall <span style="color:#99d1db;font-weight:bold">()</span> <span style="color:#99d1db;font-weight:bold">{</span>
|
||||||
|
</span></span><span style="display:flex;"><span> <span style="color:#f2d5cf">maildir</span><span style="color:#99d1db;font-weight:bold">=</span><span style="color:#ca9ee6">$(</span>grep <span style="color:#a6d189">"^Maildir:"</span> <span style="color:#f2d5cf">$HOME</span>/.mblaze/profile | cut -d: -f <span style="color:#ef9f76">2</span> | sed <span style="color:#a6d189">'s/ //g'</span><span style="color:#ca9ee6">)</span>
|
||||||
|
</span></span><span style="display:flex;"><span> <span style="color:#f2d5cf">sent</span><span style="color:#99d1db;font-weight:bold">=</span><span style="color:#ca9ee6">$(</span>grep <span style="color:#a6d189">"^Outbox:"</span> <span style="color:#f2d5cf">$HOME</span>/.mblaze/profile | cut -d: -f <span style="color:#ef9f76">2</span> | sed <span style="color:#a6d189">'s/ //g'</span><span style="color:#ca9ee6">)</span>
|
||||||
|
</span></span><span style="display:flex;"><span> <span style="color:#f2d5cf">profile</span><span style="color:#99d1db;font-weight:bold">=</span><span style="color:#ca9ee6">$(</span>basename <span style="color:#f2d5cf">$maildir</span><span style="color:#ca9ee6">)</span>
|
||||||
|
</span></span><span style="display:flex;"><span> <span style="color:#ca9ee6">if</span> <span style="color:#99d1db;font-weight:bold">[</span> <span style="color:#a6d189">"</span><span style="color:#f2d5cf">$profile</span><span style="color:#a6d189">"</span> <span style="color:#99d1db;font-weight:bold">=</span> <span style="color:#a6d189">"local"</span> <span style="color:#99d1db;font-weight:bold">]</span>; <span style="color:#ca9ee6">then</span>
|
||||||
|
</span></span><span style="display:flex;"><span> mlist <span style="color:#a6d189">"</span><span style="color:#f2d5cf">$maildir</span><span style="color:#a6d189">"</span> | mthread -r -S <span style="color:#a6d189">"</span><span style="color:#f2d5cf">$maildir</span><span style="color:#a6d189">"</span> | mseq -S
|
||||||
|
</span></span><span style="display:flex;"><span> <span style="color:#ca9ee6">else</span>
|
||||||
|
</span></span><span style="display:flex;"><span> mbsync -V <span style="color:#f2d5cf">$profile</span>
|
||||||
|
</span></span><span style="display:flex;"><span> mlist <span style="color:#a6d189">"</span><span style="color:#f2d5cf">$maildir</span><span style="color:#a6d189">"</span>/INBOX | mthread -r -S <span style="color:#a6d189">"</span><span style="color:#f2d5cf">$sent</span><span style="color:#a6d189">"</span> | mseq -S
|
||||||
|
</span></span><span style="display:flex;"><span> <span style="color:#ca9ee6">fi</span>
|
||||||
|
</span></span><span style="display:flex;"><span><span style="color:#99d1db;font-weight:bold">}</span>
|
||||||
|
</span></span></code></pre></div><p>For the rest of usage of mblaze, I really recommend to use <code>man mblaze</code> since the software is really well documented, or you can also watch this <a href="https://piped.cronyakatsuki.xyz/watch?v=5YS8RPC4zwc">video</a> I took the inspiration from for this setup.</p>
|
||||||
|
<h1 id="conclusion">Conclusion</h1>
|
||||||
|
<p>Hope you have had a good read, and I hope you will maybe try out this mail setup, or create your own even better setup for your self.</p> </div>
|
||||||
|
</main>
|
||||||
|
<footer>
|
||||||
|
<div id="links">
|
||||||
|
<span><a href="https://code.cronyakatsuki.xyz">Code</a></span>
|
||||||
|
<span>|</span>
|
||||||
|
<span><a href="https://steamcommunity.com/id/CronyAkatsuki/">Steam</a></span>
|
||||||
|
<span>|</span>
|
||||||
|
<span><a href="https://osu.ppy.sh/users/18953565">Osu!</a></span>
|
||||||
|
<span>|</span>
|
||||||
|
<span><a href="https://anilist.co/user/CronyAkatsuki/">Anilist</a></span>
|
||||||
|
<span>|</span>
|
||||||
|
<span><a href="https://youtube.com/channel/UClFdlNlUipHG5Kit8GbFz5Q">Gaming Channel</a></span>
|
||||||
|
</div>
|
||||||
|
<div id="banners">
|
||||||
|
<a rel="noreferrer" href="/" target="_blank"><img src="/88x31.png"
|
||||||
|
alt="Me" title="Me" /></a>
|
||||||
|
<a rel="noreferrer" href="https://kernel.org" target="_blank"><img src="https://cyber.dabamos.de/88x31/linux_powered.gif"
|
||||||
|
alt="linux kernel" title="Best kernel in the world" /></a>
|
||||||
|
<a rel="noreferrer" href="https://debian.org" target="_blank"><img src="https://cyber.dabamos.de/88x31/debian.gif"
|
||||||
|
alt="debian" title="This website run's on debian" /></a>
|
||||||
|
<a rel="noreferrer" href="https://bitwarden.com" target="_blank"><img src="https://cyber.dabamos.de/88x31/bitwarden.gif"
|
||||||
|
alt="Bitwarden" title="Bitwarden/Vaultwarden for the win" /></a>
|
||||||
|
<a rel="noreferrer" target="_blank"><img src="https://cyber.dabamos.de/88x31/free.gif"
|
||||||
|
alt="foss" title="Foss is the way" /></a>
|
||||||
|
<a rel="noreferrer" href="https://neovim.io" target="_blank"><img src="/assets/badges/neovim.gif"
|
||||||
|
alt="Neovim" title="Written in neovim" /></a>
|
||||||
|
<a rel="noreferrer" href="https://landchad.net" target="_blank"><img src="https://landchad.net/pix/landchad.gif"
|
||||||
|
alt="LandChad" title="Get A Website!" /></a>
|
||||||
|
<a rel="noreferrer" href="https://poggerer.xyz" target="_blank"><img src="https://poggerer.xyz/88x31.png"
|
||||||
|
alt="Tulg" title="Tulg" /></a>
|
||||||
|
<a rel="noreferrer" href="https://arthurmelton.com" target="_blank"><img src="https://arthurmelton.com/88x31.png"
|
||||||
|
alt="AMTitan" title="AMTitan" /></a>
|
||||||
|
<a rel="noreferrer" href="https://aadi.net.in" target="_blank"><img src="https://aadi.net.in/88x31.png"
|
||||||
|
alt="Aadi" title="Aadi" /></a>
|
||||||
|
<a rel="noreferrer" href="https://bear.oops.wtf/" target="_blank"><img src="https://bear.oops.wtf/download/88x31.png"
|
||||||
|
alt="Bear" title="Bear" /></a>
|
||||||
|
</div>
|
||||||
|
</footer>
|
||||||
|
|
||||||
|
</body>
|
||||||
|
|
||||||
|
</html>
|
||||||
@ -2,7 +2,7 @@
|
|||||||
<html lang="en">
|
<html lang="en">
|
||||||
|
|
||||||
<head>
|
<head>
|
||||||
<meta name="generator" content="Hugo 0.118.2">
|
<meta name="generator" content="Hugo 0.119.0">
|
||||||
<meta charset="UTF-8" />
|
<meta charset="UTF-8" />
|
||||||
<meta name="viewport" content="width=device-width, initial-scale=1" />
|
<meta name="viewport" content="width=device-width, initial-scale=1" />
|
||||||
<link href="/css/style.css" rel="stylesheet" />
|
<link href="/css/style.css" rel="stylesheet" />
|
||||||
|
|||||||
@ -3,10 +3,13 @@
|
|||||||
xmlns:xhtml="http://www.w3.org/1999/xhtml">
|
xmlns:xhtml="http://www.w3.org/1999/xhtml">
|
||||||
<url>
|
<url>
|
||||||
<loc>https://cronyakatsuki.xyz/blog/</loc>
|
<loc>https://cronyakatsuki.xyz/blog/</loc>
|
||||||
<lastmod>2023-09-27T00:00:00+00:00</lastmod>
|
<lastmod>2023-10-24T18:13:18+02:00</lastmod>
|
||||||
</url><url>
|
</url><url>
|
||||||
<loc>https://cronyakatsuki.xyz/</loc>
|
<loc>https://cronyakatsuki.xyz/</loc>
|
||||||
<lastmod>2023-09-27T00:00:00+00:00</lastmod>
|
<lastmod>2023-10-24T18:13:18+02:00</lastmod>
|
||||||
|
</url><url>
|
||||||
|
<loc>https://cronyakatsuki.xyz/blog/virgin-mutt-user-meet-mblaze/</loc>
|
||||||
|
<lastmod>2023-10-24T18:13:18+02:00</lastmod>
|
||||||
</url><url>
|
</url><url>
|
||||||
<loc>https://cronyakatsuki.xyz/tags/dns/</loc>
|
<loc>https://cronyakatsuki.xyz/tags/dns/</loc>
|
||||||
<lastmod>2023-09-27T00:00:00+00:00</lastmod>
|
<lastmod>2023-09-27T00:00:00+00:00</lastmod>
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user