====== Ports ======
  * 8001 mailu 80
  * 8002 mailu 443


==== Securiser SSH ====

sshd_config
  PermitRootLogin no
  AllowGroups adm
  PasswordAuthentication no
  
Généré Clef Privée avec passphrase

  ssh-keygen -b 8192
  
==== Firewall UFW ====

  
  apt install ufw
  
  ufw default deny incoming
  ufw default allow outgoing
  
  ufw allow SSH
  ufw allow "WWW Full"
  
  ufw enable
  
  ufw reload
  
Outils:
  ufw status verbose
  ufw app list
  
  # ufw <allow|deny> from <cible> to <destination> port <port>
  ufw allow from 100.100.100.100 to any port 5789
  
==== Snapd ====
install
  sudo apt update
  sudo apt install snapd
  sudo snap install core
  
check
  snap list
  snap remove [snap_name]

==== NGINX ====
  apt install nginx

LetxEncrypt
  sudo snap install --classic certbot
  sudo ln -s /snap/bin/certbot /usr/bin/certbot
  sudo snap set certbot trust-plugin-with-root=ok
  sudo snap install certbot-dns-ovh

get ovh credential  in /etc/letsencrypt/ovh.ini

  sudo certbot certonly --dns-ovh --dns-ovh-credentials /etc/letsencrypt/ovh.ini -i nginx -d *.msp-roanne.fr 
  
  
outils:
  sudo certbot renew --dry-run
  sudo certbot certificates

==== Docker ====

install: [[https://docs.docker.com/engine/install/debian/#install-using-the-repository]]
  
==== Mailu ====

domaine principal mail.msp-roanne.fr

attention a la copie du cert dans opt mailu.