Email management, firewall, etc. compatible with Aegir
The article An introduction to the Aegir Hosting system mentions in the roadmap: "Third-party application hook-ins, i.e DNS, LDAP, Mail, Jabber... with the idea of a control panel done right".
That is, even when Aegir surely would conflict with other control panels such as ISPConfig, Virtualmin... doing similar tasks on the same server (site configuration in Apache, etc.), probably it could be compatible with complementary software for the tasks that the current Aegir versions don't yet manage: email, firewall...
For email, since the automatic installation of Aegir on Debian includes Postfix, and complex solutions like Zimbra can be resource intensive, in my case I'm considering just a GUI for Postfix. The most popular one seems to be Postfix Admin, which only requires PHP and a database like MySQL.
Given that a mail server needs a lot of maintenance work, probably I will use Postfix Admin only to send mail from the server, and Google Apps -which can deal well with spam, etc.- to receive mail.
I think Debian doesn't include a firewall by default. However, testing Aegir on a clean Linode VPS with a fresh Debian 6 Squeeze installation, it does not seem to need a firewall much. According to an external port scan, the ports 22 (ssh), 25 (smtp), 80 (http) y 443 (https) are open, but 3306 (mysql) and many others are closed. With "netstat -lnptu" (command line, from inside the server), the open ports are 22, 25, 80, 123, 443, 3306. The explanation for the difference about 3306 is in the file /etc/mysql/my.cnf:
# Instead of skip-networking the default is now to listen only on
# localhost which is more compatible and is not less secure.
bind-address = 127.0.0.1Therefore, with only a few mostly necessary ports open, probably a full firewall like Shorewall, etc. is for special cases, and installing just fail2ban would be usually enough. On Debian:
apt-get install fail2ban(the log file is /var/log/fail2ban.log)
I would like to know the experiences of others running apps for email, security, etc., to complement Aegir on a VPS or server.
#1
For some ideas you can take a look at the Barracuda project. Barracuda is a bash script to install and/or upgrade, tuned for high performance, Aegir Master Instance with all related system services.
http://drupal.org/project/barracuda
#2
Thank you. Omega8.cc's Barracuda (with Octopus recommended) seems truly interesting. It would also mean Nginx instead of Apache, Percona instead of MySQL, a 1024MB RAM VPS instead of 512MB... Well, it can be good for high performance.
#3
You only need to make those all changes if you went for the entire environment (I have), but it is also some good individual tools for different functions. My original idea was just to point out some tools that a good chunk of people are using with Aegir
BTW you don't have to use Percona, I believe you can also choose MariaDB instead of MySQL
#4
Yes, the Barracuda list includes APC, Boost, and other interesting tools to use with Aegir.
About Percona and MariaDB, looking at Omega8.cc's hosted version of Barracuda, etc., they include Percona instead of MariaDB in their fastest hosting plan, even when both seem good drop-in replacements for MySQL.
I'm now considering to try Barracuda+Octopus with Percona, maybe testing them on a Linode VPS. Thanks for the suggestions.
#5
I am thinking about switching to Aegir and definitely need email management. Currently I am using Plesk for the Hosting administration. What is the best solution to handle email accounts? Are there plans to support this?
#6
Hi,
We use Rackspace email for our clients you could use Google apps or set up a email server if you wish. We chose Rackspace email as we found it the easiest to set up for clients and we don't get bogged down with support tickets for email. Plus it keeps it separate to the server so if the Aegir server does go down clients still get email.
Hope this helps.
#7
A slightly related issue: http://drupal.org/node/1132526