Installation in KVM

arnold_mad · May 24, 2016, 4:35pm

Hi !

I’m new to MIAB and want to try it on an existing Server inside a KVM.
The basic setup of MIAB is done but when I check the status page it says that the ports are not accessible from outside:

Incoming Mail (SMTP/postfix) is running but is not publicly accessible at x.x.x.x:25.

but when I do the following from my home PC I see that the port is open and responding:
telnet x.x.x.x 25
Trying x.x.x.x…
Connected to box.maderthaner.net.
Escape character is ‘^]’.
220 box.maderthaner.net ESMTP Hi, I’m a Mail-in-a-Box (Ubuntu/Postfix; see https://mailinabox.email/)

so from that side it looks ok-ish. Can I savely ignore the errors as they happen for all ports (25,587,993,4190) ?

The other problem I have is that I run multiple other HTTPS enabled sites on my server and need to forward / proxy now the MIAB user interface into KVM. Does anyone have a working Apache2 Config for this or some guidance for it ?

Thanks !

yours

Arnold

arnold_mad · May 24, 2016, 5:16pm

regarding the SSL I think I found a solution by obtaining a certificate from starssl and put it in my main Apache Server (that one that is connected to the internet) and configure the SSL connection between the apache server and the KVM MIAB NGINX server with the following config:
ServerName box.maderthaner.net

ProxyRequests On
SSLProxyEngine On
SSLProxyEngine on
SSLProxyVerify none 
SSLProxyCheckPeerCN off
SSLProxyCheckPeerName off
SSLProxyCheckPeerExpire off

ProxyPass        / https://192.168.122.99/
ProxyPassReverse / https://192.168.122.99/

SSLEngine on
	SSLCertificateFile /etc/myssl/box.maderthaner.net/2_box.maderthaner.net.crt
SSLCertificateKeyFile /etc/myssl/box.maderthaner.net/private.key

murgero · May 24, 2016, 5:53pm

When installing MIAB in a VM (KVM, Xen, QEMU, etc) try to do a 1-1 NAT with a WAN ip address to MIAB for best results, IPTABLES is your best friend.

If you cannot give the MIAB server a wan ip, or nat to it, then try using a VPS hosting provider like DigitalOcean, VPSCheap, etc.

arnold_mad · May 24, 2016, 6:06pm

I know that I could use DO or similar but I have a server on the net which is quite powerful but already hosts some websites (and it would be a waist of money to buy another server just for emailing).
The thing is that the checks say that it doesn’t work but I can send/receive emails already. Anyone knows how this checks are performed ?

murgero · May 25, 2016, 9:04pm

As long as MIAB can reach the internet AND the proper ports are open your your firewall / KVM host, you should be fine.

murgero · May 25, 2016, 9:05pm

Also talk to your service provider about your PTR record (As it will be needed to receive email from some places)

murgero · May 25, 2016, 9:11pm

Apache to do internal redirect to mail in a box KVM ip address might work:

http://pastebin.com/AFWTF8Ak

Put the above config under sites-enabled/site_config_file.conf
That will need apache rewrite and proxy modules installed and enabled.

or iptables to nat port 8080 to port 443 on your KVM (8080 or whatever port, like 4433 as an example)

But anyway, the above config is what I use in apache to redirect external BOSH requests to internal XMPP server for a service I run called airchat.urgero.org works for me like a dream.

system · June 1, 2016, 9:11pm

This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.