HomeServer13 の編集

#contents
*** ハードウエア [#s2015e58]
- Mini PC Intel NUC Kit NUC5CPYH 
-- Celeron N3050 (64bit)
-- bios062 (20170813) --- &ref(PY0062.bio);

*** ソフトウエアベース [#ad0dd999]
- Ubuntu Server 14.04-LTS (サーバー版を利用)

*** 証明書 [#ec5ec835]
- &ref(ORDER#15187565.eml);

*** 固定 IP 化 [#b0c45369]
- /etc/network/interface
 # This file describes the network interfaces available on your system
 # and how to activate them. For more information, see interfaces(5).
 
 # The loopback network interface
 auto lo
 iface lo inet loopback
 
 # The primary network interface
 #auto p2p1
 #iface p2p1 inet dhcp
 
 auto p2p1
 iface p2p1 inet static
 address                       192.168.1.25
 network                      192.168.1.0
 netmask                      255.255.255.0
 broadcast                    192.168.1.255
 gateway                      192.168.1.1
 dns-nameservers         192.168.1.25

- /etc/hostname
 mail-admin@mail:~$ cat /etc/hostname
 mail.hmuna.com

- /etc/resolve.conf
 mail-admin@mail:~$ cat /etc/resolv.conf
 # Dynamic resolv.conf(5) file for glibc resolver(3) generated by resolvconf(8)
 #     DO NOT EDIT THIS FILE BY HAND -- YOUR CHANGES WILL BE OVERWRITTEN
 nameserver 192.168.1.25

*** bind9 [#m65a489c]
- &ref(bindset.tgz);

*** メールサーバー（postfix, dovecot,　mysql） [#m8bbff17]
- postfix の virtual mailbox モード
-  https://www.exratione.com/2014/05/a-mailserver-on-ubuntu-1404-postfix-dovecot-mysql/

*** ntp [#g60a1eec]
- /etc/ntp.conf でタイムソースを変更
 # Specify one or more NTP servers.$
 # Use servers from the NTP Pool Project. Approved by Ubuntu Technical Board$
 # on 2011-02-08 (LP: #104525). See http://www.pool.ntp.org/join.html for$
 # more information.$
 #server 0.ubuntu.pool.ntp.org$
 #server 1.ubuntu.pool.ntp.org$
 #server 2.ubuntu.pool.ntp.org$
 #server 3.ubuntu.pool.ntp.org$
 
 server ntp1.jst.mfeed.ad.jp iburst$
 server ntp2.jst.mfeed.ad.jp iburst$
 server ntp3.jst.mfeed.ad.jp iburst$

*** VPN Server（Softether) [#d32d973b]

*** サーバー証明書更新（2016-12-31) [#vdf9a6cc]
- namecheap から Symantec （Symantec, GeoTrust, and Thawte) との契約を解消し Comodo と契約したとの連絡があり、推奨された 下記の証明書を新規に購入（3年間）した。

- 購入詳細履歴は　------- &ref(Namecheap.com Order Summary.eml);
-- Order Date: 	  	Dec 30, 2016 09:16:09 PM
-- Order Number: 	  	24331097
-- Transaction ID: 	  	29079556
-- User Name: 	  	wikihmuna

- CSR (Certificate Signing Request＝署名要求) を以下の内容で作成（証明書名は mail.hmuna2017 としている）
 mail-admin@mail:/etc/ssl$ sudo openssl req -new -newkey rsa:2048 -nodes -keyout mail.hmuna2017.key -out mail.hmuna2017.csr
 Generating a 2048 bit RSA private key
 .............+++
 .+++
 writing new private key to 'mail.hmuna2017.key'
 -----
 You are about to be asked to enter information that will be incorporated
 into your certificate request.
 What you are about to enter is what is called a Distinguished Name or a DN.
 There are quite a few fields but you can leave some blank
 For some fields there will be a default value,
 If you enter '.', the field will be left blank.
 -----
 Country Name (2 letter code) [AU]:JP
 State or Province Name (full name) [Some-State]:Kanagawa
 Locality Name (eg, city) []:Yokohama
 Organization Name (eg, company) [Internet Widgits Pty Ltd]:NA
 Organizational Unit Name (eg, section) []:NA
 Common Name (e.g. server FQDN or YOUR name) []:mail.hmuna.com
 Email Address []:mail-admin@hmuna.com
 
 Please enter the following 'extra' attributes
 to be sent with your certificate request
 A challenge password []:
 An optional company name []:

- 生成されたCSR(署名要求）の中味
 mail-admin@mail:/etc/ssl$ ls -l
 total 48
 drwxr-xr-x 2 root root     20480 Jul 22 00:58 certs
 -rw-r--r-- 1 root root      1054 Dec 31 12:06 mail.hmuna2017.csr
 -rw-r--r-- 1 root root      1704 Dec 31 12:06 mail.hmuna2017.key
 -rw-r--r-- 1 root root      1903 Jul 20 14:57 mail_hmuna_com.crt
 -rw-r--r-- 1 root root     10835 Dec  4  2015 openssl.cnf
 drwx--x--- 2 root ssl-cert  4096 Jul 22 00:36 private

- サーバー証明書の中味
 mail-admin@mail:/etc/ssl$ cat mail.hmuna2017.csr
 -----BEGIN CERTIFICATE REQUEST-----
 MIIC0TCCAbkCAQAwgYsxCzAJBgNVBAYTAkpQMREwDwYDVQQIDAhLYW5hZ2F3YTER
 MA8GA1UEBwwIWW9rb2hhbWExCzAJBgNVBAoMAk5BMQswCQYDVQQLDAJOQTEXMBUG
 A1UEAwwObWFpbC5obXVuYS5jb20xIzAhBgkqhkiG9w0BCQEWFG1haWwtYWRtaW5A
 aG11bmEuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAr23a2xnH
 N7N+1SakfLHSizPe04epbETWIDaBomg2PYNaQimMM9W5Et4j9DO8+v9UoVHQXI3T
 ujesNElGG1zAC+C/Y+ak9KrXsjX8ylyK5FIAZWX7Pe4Tr99faiX9rwJV+P06nUhD
 Wsm6Qxsw6N14bM7Rzc1rx6xEygrIVFMSL2yc2xsHNfvClUIlwRf2wGy27vHy+Yeo
 swJ+OsakgxIDVeOWoEvdN/yXKLZzOL++WFICx3HJoP3pra3KC5TzC5biEVClATIg
 /SxBqOKSJp9/NcMTlNtnsWSFHbnDhwg7nF8arfN8dPP9g/IpQotL2n/p+sPPaWRh
 2wAC/JjIc/O0TwIDAQABoAAwDQYJKoZIhvcNAQELBQADggEBAA/6A0ARldMDkqeQ
 tpQb5c+xODu+8x3XtV+E3xo95aQW/5vpgXy81rD0fxZH0HqyD3blNhEwd1rbfJoS
 /Wasmpsa7gSa1vUm5h8i3i4SMHdnY2J4xWyfLRIzUgwqZ5msNW++zDMw8ZiTkbO+
 LMiM4SdxTrI0y729hKjkaHeC+Ctc5PgfyL/PcTkxLBsg3ZuGhHLGSvK6x+8t8vUQ
 IEJeEI1r6X0Lre9TELtWBIBlPZy/EyRJU6rINaYozpLfpn1qgosyKYICkk/TSw8a
 /7jsq6be9F6RwXpdgk3fPJyXxzzRdhyKUFUtgWTG9flpt9/RAjEpiPHgi0AM0Iwk
 +oimXjA=
 -----END CERTIFICATE REQUEST-----

- 発行された証明書 （&ref(mail_hmuna_com.zip);）と [[ロゴ:http://www.trustlogo.com/install/index7.html]]

- &color(red){証明書をインストールしようとして気付いたが、上にリンクがある別の契約書が既に有効で期限も2019年7月とほぼ同じタイミングであることが判明。 今回の購入は無駄だった。 こちらは発行はされたがインストールしないままとする。 次回更新時にこれを延長しないように注意が必要！};
&ref(SSL_confused.JPG);

タイムスタンプを変更しない