Tech Question about my Linux Server

A thing that may be relevant: s_client doesn’t do cert chain verification unless you give it sonething to verify against (-CApath iirc).

• OK [CAPABILITY IMAP4rev1 SASL-IR LOGIN-REFERRALS ID ENABLE IDLE LITERAL+ AUTH=PLAIN AUTH=LOGIN AUTH=DIGEST-MD5 AUTH=CRAM-MD5] Dovecot ready.

This is what my up and running current mail server courtesy plesk is saying. But this line is missing from the new one. Something something wrong is… thanks though. I am not sure what s_client is but google led me to places that said to try openssl s_client -showcerts -connect domainname:443 and i realized i had a running server to compare against

I think I need some dinner before debugging some more. Thanks

Solved it.

There is no good reason to run the mailserver behind the proxy. I need the proxy to distribute all the requests to all the different http services.

I am only going to run one service on the mail ports…

So for now I just ditched the proxy thing because that proxy-protocol thing they were suggesting is not working. I am not sure I want to debug that further when I don’t need it.

Thanks @RogerBW your comment pointed me in the right direction

I have now destroyed the server I played with and…
Begun on an ansible playbook to set it up from scratch as cleanly as possible and with documentation of what I need to be doing to get it going.

I am copy pasting stuff from the web. I am not good at reading tutorials, watching videos or basically learning without doing.

So I think I am ready to try migrating.
What I have made are 2 things:

• an ansible playbook that sets up the server up to and including docker installation
• a docker-compose file that has container definitions for all the services I want to run and some necessary configurations

So next up my agenda is scp the docker setup and make sure all the containers are up and running. Caveat is: there are a few manual tweaks necessary with database init.

Then there is some more finetuning needed for the mailserver. Once that is done, I can start a first migration attempt. I am saying first but I am hoping that I can finish it in one go. I am not planning on automating the migration.

What I think I need to do for the migration is the following:

• rsync the mail directories
• export two wordpress installations via the software and reimport on the other side (don’t forget to setup plugins before import as this will hopefully fix the missing galleries issue)
• import the mysql export for my homebrew tools
• scp static content
• put nextcloud in maintenance mode and follow the instructions for that

Does this sound sensible? Am I missing something?

I am starting to feel like I should finish this sooner rather than later as our nextcloud installation seems to be deteriorating and the version provided by plesk is 6 versions behind current and does not seem to be upgradeable. And even more than mail, nextcloud is the thing we depend on.

It may be on your plan already, but: freeze each thing (on both sides) before the final sync, then thaw the new ones afterwards.

The next cloud maintenance mode documentation reminds one of the freeze
So yes. It is on my radar. Only relevant for mail and nextcloud in any case.

Next Cloud is the horror.
The installation from plesk is a total mess and it is inside a chroot environment that I somehow don’t have real access to even as root.

I am beginning to think that I am going to have to trash it and hopefully salvage our calendars and contacts data somehow and reupload all the files.

My attempts to rsync the 12GB of data… fail with a weird error I am too tired to google right now.

PS: I’ve given up. I just downloaded my calendars and contacts and reimported them to the new installation and will reupload all my files. plesk + nextcloud is THE worst.

I had a nextCloud install at some point. I’ve abandoned it due to the strange hybrid file-backed but also database-backed logic it uses.

I like nextcloud. I don’t know what else I would use to have my own “dropbox” style file thingy.
Also it has a calendar and contacts app that I can access via dav and sync to my phone so I don’t have to host this stuff at google. There is even a google docs replacement that I’ve been meaning to try but my plesk install wouldn’t let me.

I have friends who don’t want their contact data in a google address book -.-

The issue I have right now is that the combination of installing it via a “stunted” plesk server app that is not upgrading anymore… has made it so have such a “special” installation that I cannot migrate to a new instance.

I used to have “radicale” for contacts/calendar but that crashed more than it didn’t… and nextcloud has an actual web interface I can use to add or edit data.

I like the idea of nextcloud but I absolutely ban PHP from my servers. It’s just too easy to code in major security problems. I haven’t found a dropbox-like thing that doesn’t involve it, and I may have to write one.

For contacts and calendar I also used to use radicale and also found it pretty rough, but now I have it under Xandikos; the backing is files in git, so you have a full history of what’s changed too. (And DavX⁵ bridges them to my phone.)

now all that’s left to move over is mail.
“all”

kind of the most critical piece of it all.
tonight I’ll start the mailserver & webmailer
let’s hope emails will not have the same chroot problems that nextcloud had.
(I have previously used Thunderbird to migrate emails between accounts–if all else fails…)

there is also still some fiddling with the mail aliases that I need to do.

I am now receiving mails on my new server!

Not all done. Sieve is not working … edit: it is now working but I haven’t been able to “persist” my “making it work edits” yet
Incron needs installing (I haven’t found a better way to do certain things with postfix configs than reloading when a certain file is modified and incron is perfect)
my partner’s mails are still on the old server because without sieve he is not moving
I have no idea if traefik will renew certificates
I need to do some monitoring and automate backups.

The install feels clean and well-documented. Not all automated but by and large repeatable!

Btw: I am quite happy with my new nextcloud installation. It’s quite smooth now. And fast.
Everything on the new server is so fast.
I always knew Plesk was a crutch but it took me years to get rid of it

So thanks for helping me with tips, motivation and rubberducking. It’s been a big help in this 2 year journey (really I started this 2 years ago).

I felt like this thread was closed…
But now I have another question.

So I had sieve working and my partner moved his mails over and when he tested sieve it didn’t work.
Sieve port was open and one could edit scripts both from within roundcube or from a standalone sieve client. But execution of the rules was not happening.

(I had been fiddling with some stuff to get incron on an externally written alias file for postfix that I am automatically pushing over to the postfix container. Some container restarts…)

This morning I wanted to test what would happen if the server had to reboot. (all is well on that end)

And suddenly sieve is working again.

This is windowsy behavior.

Can anyone of you explain to me why this happened? I am not sure wether I am supposed to be happy that sieve is working or worried because I do not understand why?

Were your scripts and his scripts installed via the same interface? File permissions?

My thanks You were absolutely right. I had to fiddle around a bit with the sieve thing initially and there is a file that is not there by default that needs to exist and I had made one for my account and none for his.

You’re a wizard!

Well, I have the beard for it.

Now that the server is mostly running, I realize that I was carrying the task as mental load for 2 years and that it didn’t weigh nothing.

The plesk server was an emergency thing I did and the frustation after my previous server crashed and the failure of having it crash made it so immensely difficult to get back to doing a “proper” self-hosted server.

There is one niggling bit left though before I can “play”: at lunch I spent about 10 minutes explaining to my partner all the data that needs to be backed up. For now data backup is manual and shitty. This is still nagging at me and I will only rest when I have an automated regular backup of file-system + database data.

(With plesk I was lucky that I never needed the backups it did… just saying)

But I don’t want to rely on luck for this iteration.
I am not friends with rsync.

I love rsync! Happy to talk about it at far too great a length.

Particularly --link-dest which gives you deduplicated generational backups.

I will get back to you on that.