Passa al contenuto principale

YunoHost

We will install YunoHost in an Incus container.

1. Setup DNS records

cd /var/ds/nsd/
nano zones/user1.fs.al.db

Append these records:

; YunoHost domain and subdomains
yh.user1.fs.al.          3600  IN  A  65.109.96.100
yh.user1.fs.al.          3600  IN  CAA  0  issue  "letsencrypt.org"

*.yh.user1.fs.al.          3600  IN  A  65.109.96.100
*.yh.user1.fs.al.          3600  IN  CAA  0  issue  "letsencrypt.org"

; YunoHost email
yh.user1.fs.al.          3600  IN  MX   10  yh.user1.fs.al.
yh.user1.fs.al.          3600  IN  TXT  "v=spf1 a mx -all"
_dmarc.yh.user1.fs.al.   3600  IN  TXT  "v=DMARC1; p=none"

*.yh.user1.fs.al.          3600  IN  MX   10  yh.user1.fs.al.
*.yh.user1.fs.al.          3600  IN  TXT  "v=spf1 a mx -all"
_dmarc.*.yh.user1.fs.al.   3600  IN  TXT  "v=DMARC1; p=none"

Update the serial number and restart the container.

Check the records:

dig yh.user1.fs.al
dig yh.user1.fs.al CAA
dig yh.user1.fs.al MX
dig yh.user1.fs.al TXT
dig _dmarc.yh.user1.fs.al TXT

dig abc.yh.user1.fs.al
dig abc.yh.user1.fs.al CAA
dig abc.yh.user1.fs.al MX
dig abc.yh.user1.fs.al TXT
dig _dmarc.abc.yh.user1.fs.al TXT
note

The plan is to install apps in different paths under the domain yh.user1.fs.al. However, if an app requires its own domain (cannot be installed on a path different that root), we can use a subdomain.

2. Create a container

We can create a new container with the script create-container.sh that we have seen before:

#wget https://linux-cli.fs.al/apps/part6/create-container.sh
#chmod +x create-container.sh

./create-container.sh yunohost 10.31.96.203
incus ls

3. Forward HTTP requests

cd /var/ds/sniproxy/
nano etc/sniproxy.conf

If we assume that all the YunoHost apps that we will install will use subdomains of yh.user1.fs.al, we can add these lines to the table:

    # container: yunohost
    yh\.user1\.fs\.al       10.31.96.203
    .*\.yh\.user1\.fs\.al   10.31.96.203

Then restart it:

ds restart

4. Install YunoHost

incus shell yunohost

curl https://install.yunohost.org | bash

yunohost tools postinstall --help
yunohost tools postinstall \
    --domain yh.user1.fs.al \
    --username user1 \
    --password 'Pass.123' \
    --fullname 'Dashamir Hoxha' \
    --i-have-read-terms-of-services
yunohost diagnosis run
yunohost diagnosis show --issues --human-readable

yunohost domain cert install
yunohost domain cert status

Open in browser: https://yh.user1.fs.al/yunohost/admin/ and login with user1 and Pass.123.

5. Fix some problems

We can fix some of the problems reported by diagnosis, and we can ignore some others.

5.1 Add a DKIM record

cd /var/ds/nsd/
nano zones/user1.fs.al.db

Append a record like this, with the key that is provided by YH:

mail._domainkey.yh.user1.fs.al.    3600  IN  TXT (
    "v=DKIM1; h=sha256; k=rsa; p=MIGfMA0GCSqGSIb3 . . . . . . . . . . DAQAB"
)  ; ----- DKIM key for yh.user1.fs.al

Update the serial number, and restart the container:

ds restart

Check it:

dig mail._domainkey.yh.user1.fs.al. TXT +short
note

If we will need to enable sending emails from a subdomain, then we will have to add a DKIM key for it as well, in the same way.

5.2 Relay incoming emails

The SMTP ports on the host are being used by the simple SMTP server, so we cannot forward them to the yunohost container. However we can relay the incoming emails to the container (the same trick that we did for Discourse ).

cd /var/ds/smtp.user1.fs.al
ls cmd/
nano cmd/relay-setup.sh

Add the configuration lines for YH. It should look like this:

    # create a config file for relay_domains
    cat <<EOF > config/relay_domains
talk.user1.fs.al
yh.user1.fs.al
*.yh.user1.fs.al
EOF

    # create a config file for transport_maps
    cat <<EOF > config/transport_maps
talk.user1.fs.al    smtp:mail-receiver.talk.user1.fs.al:25
yh.user1.fs.al      smtp:10.31.96.203:25
*.yh.user1.fs.al    smtp:10.31.96.203:25
EOF

Rebuild the SMTP container:

ds make

6. Install Roundcube

We need a mail client to check the emails. Install Roundcube on the address https://yh.user1.fs.al/webmail

Verify that sending emails to an outside address works. Send emails from outside to the address user1@yh.user1.fs.al.

Go to the account of user1 and add a mail alias (for example xyz@yh.user1.fs.al) and a mail forward (for example dashohoxha@gmail.com). Test that these work as expected.

7. Install more apps

Before installing and testing a new app, let's make a snapshot of the container:

incus snapshot create yunohost before-installing-app1
incus snapshot list yunohost

In case the app is broken, or in case we want to remove it (if we installed it just for testing), it is always easier and safer to revert the whole container to a previous checkpoint/snapshot.