Ports

8001 mailu 80
8002 mailu 443

Securiser SSH

sshd_config

PermitRootLogin no
AllowGroups adm
PasswordAuthentication no

Généré Clef Privée avec passphrase

ssh-keygen -b 8192

Firewall UFW

apt install ufw

ufw default deny incoming
ufw default allow outgoing

ufw allow SSH
ufw allow "WWW Full"

ufw enable

ufw reload

Outils:

ufw status verbose
ufw app list

# ufw <allow|deny> from <cible> to <destination> port <port>
ufw allow from 100.100.100.100 to any port 5789

Snapd

install

sudo apt update
sudo apt install snapd
sudo snap install core

check

snap list
snap remove [snap_name]

NGINX

apt install nginx

LetxEncrypt

sudo snap install --classic certbot
sudo ln -s /snap/bin/certbot /usr/bin/certbot
sudo snap set certbot trust-plugin-with-root=ok
sudo snap install certbot-dns-ovh

get ovh credential in /etc/letsencrypt/ovh.ini

sudo certbot certonly --dns-ovh --dns-ovh-credentials /etc/letsencrypt/ovh.ini -i nginx -d *.msp-roanne.fr

outils:

sudo certbot renew --dry-run
sudo certbot certificates

Docker

install: https://docs.docker.com/engine/install/debian/#install-using-the-repository

Mailu

domaine principal mail.msp-roanne.fr

attention a la copie du cert dans opt mailu.