March 22, 2019 · de-google devops

De-Google my life - Part 2 of ¯\_(ツ)_/¯: Servers and Emails

Hello everyone! Welcome to the second post of this blog series that aims to de-google my life as much as possible. If you haven't read the first one, you should definitely check it out. On this delivery we'll focus more on code and configurations so I promise you it won't be as boring :)

Servers configuration

As I mentioned on the previous post, I'll be using two servers that are going to be configured almost the same, so I'm going to explain it only one time. In order to host my servers I'm using DigitalOcean because I'm very used to their UI, their prices are excelent and they accept Paypal. If you haven't yet, you should check them out.

To start, I'm using their $5 server which at the time of this writing includes:

  • Ubuntu 18.04 64 bits
  • 1GB RAM
  • 1 CPU
  • 1000 GB of monthly transfers

Installation

On my first SSH to the server I perform basic tasks such as updating and upgrading the server:

sudo apt update && sudo apt ugrade - y

Then I install some essentials like Ubuntu Common Properties (used to add new repositories using add-apt-repository) NGINX, HTOP, GIT and Emacs, the best text editor in this planet vim sucks

sudo apt install software-properties-common nginx htop git emacs

For SSL certificates I'm going to use Certbot because it is the most simple and usefull tool for it. This one requires some extra steps:

sudo add-apt-repository ppa:certbot/certbot -y
sudo apt update
sudo apt install python-certbot-nginx -y

By default DigitalOcean servers have no swap, so I'll add it by pasting some DigitalOcean boilerplate on to the terminal:

sudo fallocate -l 2G /swapfile
sudo chmod 600 /swapfile
sudo mkswap /swapfile
sudo swapon /swapfile
sudo cp /etc/fstab /etc/fstab.bak
echo '/swapfile none swap sw 0 0' | sudo tee -a /etc/fstab
sudo sysctl vm.swappiness=10
sudo sysctl vm.vfs_cache_pressure=50
sudo echo "vm.swappiness=10" >> /etc/sysctl.conf
sudo echo "vm.vfs_cache_pressure=50" >> /etc/sysctl.conf

This adds 2GB of swap

Then I set up my firewall with UFW:

sudo ufw allow 22 #SSH
sudo ufw allow 80 #HTTP
sudo ufw allow 443 #HTTPS
sudo ufw allow 25 #IMAP 
sudo ufw allow 143 #IMAP 
sudo ufw allow 993 #IMAPS
sudo ufw allow 110 #POP3 
sudo ufw allow 995 #POP3S
sudo ufw allow 587 #SMTP
sudo ufw allow 465 #SMTPS
sudo ufw allow 4190 #Manage Sieve

sudo ufw enable

Finally, I install docker and docker-compose, which are going to be the main software running on both servers.

# Docker
curl -sSL https://get.docker.com/ | CHANNEL=stable sh
systemctl enable docker.service
systemctl start docker.service

# Docker compose
curl -L https://github.com/docker/compose/releases/download/$(curl -Ls https://www.servercow.de/docker-compose/latest.php)/docker-compose-$(uname -s)-$(uname -m) > /usr/local/bin/docker-compose
chmod +x /usr/local/bin/docker-compose

Now that everything is done, we can continue configuring the first server!

Server #1: Mailcow

For my email I chose Mailcow. Why?

  • It checks all of my "challenges list" items from last week's post (open source and dockerized).
  • The documentation is fantastic, explaining each detail one by one.
  • It has a huge community behind it.

Installation & Setup

Installation was simple, first I followed the instructions on their official documentation

cd /opt
git clone https://github.com/mailcow/mailcow-dockerized
cd mailcow-dockerized
./generate_config.sh
# The process will ask you for your FQDN to automatically configure NGINX.
# Mine is mail.rogs.me, but yours might be whatever you want

I pointed my subdomain (an A record in Cloudflare) and I finally opened my browser and visited https://mail.rogs.me and there it was, beautiful as I was expecting.

Captura-de-pantalla-de-2019-03-20-17-20-49
What a beautiful cow

After that I just followed the documentation to configure their Let's Encrypt docker image, added more records on my DNS and tested a lot with https://www.mail-tester.com/ until I got a good score

Captura-de-pantalla-de-2019-03-20-17-25-14
My actual score. Everything is perfect in self-hosted-mail-land

I know that sometimes that score doesn't mean much, but at least is nice to know my email is completely configured.

Backups

Since I keep all my emails local, I didn't want a huge backup solution for this server, so I went with the DigitalOcean backup, which costs $1 per month. Cheap, reliable and it just works.

Private internet access (PIA) SMTP configuration

On my PC I use Mailspring as my email client, but PIA blocks any SMTP request to avoid scammers by default, so in order to have your SMTP server whitelisted you have to contact their support. This was an issue because their support was having A LOT of requests and my ticket was ignored. I went to unload my frustration on the PIA subreddit, just to find a user with the flag "PIA President" answering my angry comments.

Captura-de-pantalla-de-2019-03-20-17-28-21
I was really shocked

We later communicated via email and he was able to fix my SMTP issue in no time. With that kind of customer support, it is really hard I switch services to another VPN anytime soon :)

Conclusion

With all of this my first server was done, but it was also the easiest. This one was a pretty straightforward installation with nothing fancy going on: No backups, no NGINX configuration, nothing much. On the good side, I had my email working really quick and it was a very satisfying and rewarding experience. This is when the "selfhost everything" bug bit me and this project really started ramp up in speed. On the next post we will talk about the second server, which includes fun stuff as Nextcloud, Collabora, Dokuwiki and many more.

Stay tuned!

Click here for part 3

  • LinkedIn
  • Tumblr
  • Reddit
  • Google+
  • Pinterest
  • Pocket