Do I have to give up on MIAB installation?

Hi there
I posted a topic about three weeks back asking for help with an install I was having problems with. The post is here Systemd-resolved.service is masked

Apologies for not picking this up on that topic but life took over for a while.

The immediate problem then was resolved by including googles name-servers in my resolv.conf file, which otherwise only contained local host, which enabled the install script to find and install a number of things where otherwise it would just stall. The install script then got as far as starting Mail-in-a-Box management daemon but this message then just repeatedly looped without progressing.

There were some old posts on this forum about this problem on the previous version of mailinabox on ubuntu 14.04. One suggestion was that Port 10222 in the Start.sh script should be changed to port 22. I have not tried this because there were further posts indicating such changes would cause MIAB to fail.

In the responses to the posts three weeks ago there was a comment that indicated that my problem was my low end vps and this system being likely to run MSAzure related services and therefore that this would be incompatible with MIAB. I dont really understand the implications of this because I am not very technical. The suggestion was that I should change to another provider. I am not able to do this right now because of the cost.

So my questions really are

1. is there anyway to seek workarounds to the problems I am having running the Mailinabox Startup script?
2. If not and you all think the problem is because of my VPS and MS azure does this mean that I will have to give up on a MIAB install and find another solution?

Thanks in advance for any help you can give.

Give up on MIAB installation? No.

Give up on MIAB installation on an MS Azure setup? Probably.

MIAB doesn’t have that many requirements, but one of them is that you MUST have a clean Ubuntu 18.04 x64 (server edition) operating system install. Anything with a customized/tailored/templated/modified image runs the risk of not working.

There are LOADS of other VPS providers out there capable of running MIAB (Linode, Vultr, Digital Ocean, etc.) at very reasonable operations costs, I’m not sure why your reluctant to investigate one of those options.

Also, if you are dead set on using this provider, you can do so, but at set up, rather than choosing the Container-ized set up, you’ll need to use the Virtual Machine setup, which uses a KVM-based virtual machine. Granted this will cost you an extra 5€ a month, at which point you’re probably better off going with another provider anyway.

As I told you before, you do not have to give up on MiaB, you have to give up on MS Azure.

I do not understand this at all … with your current provider you are paying € 9,99 per month (after the introductory period) but most VPS’s with the necessary specs are in the range of $5 per month.

Hi there

thanks for your replies. I don’t want to give up on MIAB, I am a fan. I have run a MIAB server previously on Ubuntu 14.04 and it served me well. However that cloud provider went out of business. I assumed I was getting a clean install of Ubuntu 18.04 on my current provider. I saw that they provided Windows instances as well as Linux but assumed that their primary installations would be Linux. I didn’t spot that this would be using an MS Azure template and I would not have realised the significance, if I had. I didn’t see any of their marketing material mentioning this in relation to the Vservers on linux, although they do mention it in relation to their “cloud” offer. I thought it was a completely separate part of their offer, so I didn’t consider it.

I had paid for a 12 month contract and assumed I was tied into the full 12 months, so didn’t want to give up on this. In fact I have to pay a three month cancellation fee when I cancel which is not as bad as I thought. I have no other loyalty to this provider.

I did check around before I purchased my current contract and could not find similar offers. Following your comments I did check the other providers mentioned and there are offers for $5 but they are usually a much smaller SSD, single core processor and less RAM. Typically to get the specs of my current provider it is more commonly $20 per month.

You have answered my key question and If I want to continue with MIAB I will need to find another provider, so thanks for this. I know where I stand.

Thanks for all your help and taking the time to respond.

No sure what is going on with your reseller and stuff but just as a tidbit; I’ve got box running on Azure ok. It is a pain coz Azure is like AWS; for professional large scale projects - so everyting is configurable and even a basic setup like MiaB needs a lot of pieces.

But it is working and working well — so possible.

Nonetheless - agree with others, the easiest path is a cheap no-frills provider; there is many around that you can run MiaB on with no issues.

Hey @kellytrinh

Do you have any insights as to what some of the ‘pieces’ may be to help @grego save his already paid for hosting? The information may well help others in the future as well. Though I am going to continue to advise against using platforms such as AWS, MSAzure, and Google Compute because they each make things much more complex than they need to be, I am sure that there will always be those who do want to use those platforms.

@grego

As another user has indicated there may still be hope. Although the extra’s involved would tend to move using MSAzure related services into the unsupported modification realm.

I did notice that your host had larger than needed specs … most notably the 100gb storage and 2gb ram. Do you intend for your MiaB install to host a lot of user data, or many users? It may be that the specs you chose are overkill - but then again, maybe not.

In either case, I have found that most providers who have a longer contract with a 3 month cancellation policy to be somewhat flexible if their hosting just simply isn’t suitable. Perhaps you can ask support if they can honor an exception for this reason?

or maybe the other poster will be able to supply the missing pieces.

I now know why you are wanting to save this project with this host - I too would absolutely hate to lose a year prepaid service because it was unsuitable.

From memory the various pieces would be:

0. 1st Setup a lot more involved than other VPS providers. Image for Ubuntu 18.04 is a bit hard to find - it isn’t in the Azure standard list but if you look on Marketplace it is there. Even after that there is a lot of option on setup; usually defaults fine but not so clear what is chargable or not.

1. Security groups: for other providers might have something permissive by default. For Azure, it starts with nothing-other-than-SSH allowed. After I installed MiaB, check the staus page and a lot of red initially with all the services blocked. Had to go through and manually set up rules to allow traffic.

2. Port 25: Blocked by default. Have to ask to open. You do actually get a person at the other end looking through (as I said; Azure probably more suited for enterprise not for a hobby servers) and they need to get another department approval (!!!). Took 2 days but worked through in the end.

3. Reverse DNS: It is slight hassle to do. Need to delve into special Azure CLI. Instructions on Azure web is fine but no human help available. Make sure your A records are properly propagated because the system is automated and will fail unless all prerequisites sorted.

Anyway after all hassles - it does work quite well.

Just a tidbit for community - AWS/Azure is ok but on Google Compute; I understand they have policy of hard blocking port 25. From web, it sounds impossible to get exceptions.

Thanks again all for the helpful responses and the possible glimmer of hope.

I wanted the larger specs, partly because I use a lot of space personally for my personal email because I am very poor at housekeeping but mainly because it allows me to offer some email addresses to family and friends who are interested, like me, in opting out of the large providers.

This hosting provider is proving helpful in responding to requests so they may be able to help resolve problems. It looks to me like their install of ubuntu is missing components that are necessary for MIAB. Eg I had to install curl in order to run the initial command for set up. It also looks to me like dns issues underline some of my problems in getting an install of MIAB to complete. Initially i had to add
nameserver 8.8.8.8 and nameserver 4.4.8.8 to my resolv.conf file. Initially it had one entry of 127.0.0.1

once I did this the curl command worked and progressed through the set up until the Mail in a box management daemon was starting. Then it stalled with a loooping message of the daemon is starting. I mentioned in my earlier message in this thread that i found a thread here about a similar propblem in the earlier version of MIAB. On that occasion they identified a problem in the Start.sh script of a port 10222 on localhost not being open and suggested changing it in the script. I did try this and the script then progressed past the daemon to the next command dns-update which then also stalled with the error message
“tools/dns_update: line 6: /var/lib/mailinabox/api.key: No such file or directory”
And again I cannot progress.

I do seem quite close to getting the server running but just no able to get the final elements in place, which obviously I need to do to start some of the checks mentioned above.

Thanks again for any help.

I have a VPS at Contabo (located in Germany and the US these days) and costs me 5 euro a month. For that I get 8GB RAM, 4 cores and 200G SSD. Don’t know what your requirements are, but I am running ZFS on it (which like RAM too ), MiB, a full blown separate nextcloud, wordpress, a few dokuwiki’s, and since recently a jitsi voip server…all running nicely in their own (lxd) container with an nginx reversed proxy in front. Anyway good to know that the cloud compute possibilities are not supplying clean default instances…I’ll stay away from it.

Hi there

thanks very much for this tip. I had not come across Contabo before and they are of interest to me. They look very good value. I like the idea of containerised instances running MIAB and some of my other requirements on one server. But I have never set up a container based installation. Is it relatively straightforward for the not very technical? Can you point me to any useful resources you used in getting going?

Thanks in advance

To get you started, there’s great documentation around on https://linuxcontainers.org/lxd/getting-started-cli/ . Basically once you have lxd installed and initialised, it’s a matter of launching a new ubuntu bionic container (lxc launch ubuntu:b mailinabox) and you get a fresh ubuntu bionic container running to install mailinabox in. Don’t forget to DNAT all the ports needed on the host to point to the container IP (like: iptables -t nat -A PREROUTING -p tcp --dport 25 -j DNAT --to )

There’s also a great community behind it which are very helpful : https://discuss.linuxcontainers.org

@Sjoerd
Thanks for the info. I have followed this suggestion and set up a vps at Contabo, because if this works I will be able to manage a number of my projects in one place. I have set up the VPS and two containers, one for MIAB and one for Nginx. I have got the VPs forwarding ports to the Nginx container and I am able to display the Nginx default page on this container when I enter the public ip address. but I am having a problem configuring the reverse proxy. Would you have an example of your .conf file that you have set up for nginx to forward data to the MIAB container. I have tried to point it to this container by using the Server setting pointing to the containers internal ip address 10.67.x.x and then added the hostname of the container as the server name as defined in MIAB setup but this hasn’t worked.

Any help appreciated.

Ok, so first the iptables rules I have on my vps (the nat table only):
(my outside interface is called eth0, I assume yous will be the same, but otherwise change eth0 for your interface name):

iptables -t nat -A PREROUTING -d <vps public IP>/32 -i eth0 -p tcp -m multiport --dports 80,443 -m comment --comment NGINX -j DNAT --to-destination <IP address of your nginx container>
iptables -t nat -A PREROUTING -d <vps public IP>/32 -i eth0 -p tcp -m multiport --dports 25,143,993,587,465,4190 -m comment --comment MAIL -j DNAT --to-destination <IP address of your MiaB container>

Second my /etc/nginx/sites-enabled/miab file (in nginx container):

server {

    listen 443 ssl http2 ;
    listen [::]:443 ssl http2;
    server_name <my miab hostname> ;


    ssl_certificate           /etc/letsencrypt/live/<my miab hostname>/fullchain.pem;
    ssl_certificate_key       /etc/letsencrypt/live/<my miab hostname>/privkey.pem;

    ssl on;
    ssl_session_cache  builtin:1000  shared:SSL:10m;
    ssl_session_timeout 30m;
    ssl_protocols  TLSv1 TLSv1.1 TLSv1.2;
    ssl_ciphers AESGCM:HIGH:!aNULL:!MD5;
    ssl_prefer_server_ciphers on;
    add_header Strict-Transport-Security "max-age=31536000";

    gzip off;
    access_log /var/log/nginx/miab-access.log;
    error_log /var/log/nginx/miab-error.log;


    location / {
        proxy_pass https://<ip of your miab container>;
        proxy_ssl_verify off;
        proxy_ssl_server_name on;
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
        proxy_ssl_session_reuse off;

    }
}

NB: I let my nginx proxy fetch/renew my letsencrypt certificates, so you might have to copy yours (if you have already) into the nginx container.
NB2: also configure your reversed lookup name in your contabo panel. So your public IP should be resolved to your mx record or other sending/receiving parties might not like you

Hope this helps?

@Sjoerd

Apologies for the delay in replying. This was a really helpful post and I was hoping it would enable me to implement a few changes to get going. However I made some pretty basic mistakes along the way. Although I am now a long time linux user, I am still quite basic at many of the more technical requirements, including command line usage. As a consequence I misinterpreted some responses to commands that led me to believe I had lost functionality. So I reinstalled my VPS and containers. The upside of this is that I learnt quite a lot or in some cases just realised how I was misinterpreting and I took notice of information that I hadn’t realised was significant when I installed MIAB the first time. So although it took longer than I thought, it wasn’t all a waste of time.

My problem does appear to be the lack of letsencrypt certificates in the nginx container which is preventing access on https protocol. I have tried to copy these from my Miab container but the commands are failing. I was trying to use the file pull and push command from MIAB container to host and from Host to nginx container. The example from LXC help is
Examples:
lxc file pull foo/etc/hosts .
To pull /etc/hosts from the instance and write it to the current directory.
I am trying this but getting the response

Error: Invalid number of arguments

The files are in /home/user-data/ssl/ on the MIAB container and consist of ssl-certificate.pem and sel-signed.pem

Do these files correspond to your fullchain.pem and privkey.pem?

Any thoughts would be helpful.

Thanks in advance.

Hi Grego,
The certificates in my miab container are called “ssl_certificate.pem” and “ssl_private_key.pem”. Those are the default, so I assume you must have the same? Those you should copy to your nginx container to a suitable place and refer to those in the nginx configuration.
You should be able to copy the files from the host like:

lxc file pull miab/home/user-data/ssl/ssl_certificate.pem .
lxc file pull miab/home/user-data/ssl/ssl_private_key.pem .

and push them to the nginx container:
lxc file push ssl_certificate.pem nginx/etc/ssl/ssl_certificate.pem
lxc file push ssl_private_key.pem nginx/etc/ssl/ssl_private_key.pem
or so

Hi Sjoerd

Apologies for the delay in replying. Once again this post was very useful, although mainly to confirm that the commands I was already using were the correct ones. However I still could not get them to work and it took me a few days to work out the very basic solution that the full stop (period) at the end of the command was part of the command and not part of the punctuation. Once I put that right the command worked correctly.

Nevertheless the sites enabled file that you had suggested would not pass the nginx test on my server and so I couldn’t progress. But once again it did help me to understand things better and to explore similar nginx configurations on the web and the config files on nginx in my MIAB installation. I used some of these and your config file to iron out another couple of basic errors I was making and finally last night I got to a configuration file that was accepted by nginx and allowed me to access my admin panel on MIAB.

So I am finally getting there.

Can you tell me whether you use MIAB as your name server as MIAB recommends or is this complicated by the reverse proxy set up? If so did you have to open additional ports on the VPS host or make other configurations to enable it to work?

Thanks once again for all your help.

This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.