]>
Commit | Line | Data |
---|---|---|
1 | Installation | |
2 | ============ | |
3 | ||
4 | {pmg} is based on Debian. This is why the install disk images (ISO files) | |
5 | provided by Proxmox include a complete Debian system as well as all necessary | |
6 | {pmg} packages. | |
7 | ||
8 | TIP: See the xref:faq-support-table[support table in the FAQ] for the | |
9 | relationship between {pmg} releases and Debian releases. | |
10 | ||
11 | The installer will guide you through the setup, allowing you to partition the local | |
12 | disk(s), apply basic system configurations (for example, timezone, language, | |
13 | network) and install all required packages. This process should not take more | |
14 | than a few minutes. Installing with the provided ISO is the recommended method | |
15 | for new and existing users. | |
16 | ||
17 | Alternatively, {pmg} can be installed on top of an existing Debian system. This | |
18 | option is only recommended for advanced users because detailed knowledge about | |
19 | {pmg} is required. | |
20 | ||
21 | include::pmg-installation-media.adoc[] | |
22 | ||
23 | [[pmg_install_iso]] | |
24 | Using the {pmg} Installation CD-ROM | |
25 | ----------------------------------- | |
26 | ||
27 | The installer ISO image includes the following: | |
28 | ||
29 | * Complete operating system (Debian Linux, 64-bit) | |
30 | ||
31 | * The {pmg} installer, which partitions the hard drive(s) with ext4, | |
32 | XFS or ZFS and installs the operating system | |
33 | ||
34 | * Linux kernel | |
35 | ||
36 | * Postfix MTA, ClamAV, Spamassassin and the {pmg} toolset | |
37 | ||
38 | * Web-based management interface for using the toolset | |
39 | ||
40 | ||
41 | Please insert the xref:installation_prepare_media[prepared installation media] | |
42 | (for example, USB flash drive or CD-ROM) and boot from it. | |
43 | ||
44 | TIP: Make sure that booting from the installation medium (for example, USB) is | |
45 | enabled in your servers firmware settings. | |
46 | ||
47 | After choosing the correct entry (for example, Boot from USB) the {pmg} menu | |
48 | will be displayed, and one of the following options can be selected: | |
49 | ||
50 | image::images/installer/pmg-grub-menu.png[] | |
51 | ||
52 | Install {pmg}:: | |
53 | ||
54 | Start normal installation. | |
55 | ||
56 | Install {pmg} (Debug mode):: | |
57 | ||
58 | Start installation in debug mode. This opens a shell console at various stages | |
59 | throughout the installation, so that you can debug issues, if something goes | |
60 | wrong. You can press `CTRL-D` to exit the debug console and continue the | |
61 | installation. This option is mostly for developers and not meant for general | |
62 | use. | |
63 | ||
64 | Rescue Boot:: | |
65 | ||
66 | This option allows you to boot an existing installation. It searches | |
67 | all attached hard disks and, if it finds an existing installation, | |
68 | boots directly into that disk using the existing Linux kernel. This | |
69 | can be useful if there are problems with the boot block (grub), or the | |
70 | BIOS is unable to read the boot block from the disk. | |
71 | ||
72 | Test Memory:: | |
73 | ||
74 | Runs `memtest86+`. This is useful to check if your memory is | |
75 | functional and error free. | |
76 | ||
77 | You normally select *Install {pmg}* to start the installation. | |
78 | ||
79 | image::images/installer/pmg-select-target-disk.png[] | |
80 | ||
81 | The first step is to read our EULA (End User License Agreement). Following | |
82 | this, you can select the target hard disk(s) for the installation. | |
83 | ||
84 | CAUTION: By default, the whole server is used and all existing data is removed. | |
85 | Make sure there is no important data on the server before proceeding with the | |
86 | installation. | |
87 | ||
88 | The `Options` button lets you select the target file system, which | |
89 | defaults to `ext4`. The installer uses LVM if you select | |
90 | `ext4` or `xfs` as a file system, and offers additional options to | |
91 | restrict LVM space (see <<advanced_lvm_options,below>>) | |
92 | ||
93 | If you have more than one disk, you can also use ZFS as a file system. | |
94 | ZFS supports several software RAID levels, which is particularly useful | |
95 | if you do not have a hardware RAID controller. The `Options` button | |
96 | lets you choose the ZFS RAID level and select which disks will be used. | |
97 | ||
98 | image::images/installer/pmg-select-location.png[] | |
99 | ||
100 | The next page asks for basic configuration options like your | |
101 | location, timezone, and keyboard layout. The location is used to | |
102 | select a nearby download server, in order to increase the speed of updates. | |
103 | The installer is usually able to auto-detect these settings, so you only need to | |
104 | change them in rare situations when auto-detection fails, or when you want to | |
105 | use a keyboard layout not commonly used in your country. | |
106 | ||
107 | image::images/installer/pmg-set-password.png[] | |
108 | ||
109 | You then need to specify an email address and the superuser (root) | |
110 | password. The password must have at least 5 characters, but we highly | |
111 | recommend to use stronger passwords - here are some guidelines: | |
112 | ||
113 | - Use a minimum password length of 12 to 14 characters. | |
114 | ||
115 | - Include lowercase and uppercase alphabetic characters, numbers and symbols. | |
116 | ||
117 | - Avoid character repetition, keyboard patterns, dictionary words, letter or | |
118 | number sequences, usernames, relative or pet names, romantic links (current | |
119 | or past) and biographical information (e.g., ID numbers, ancestors' names or | |
120 | dates). | |
121 | ||
122 | It is sometimes necessary to send notification to the system administrator, for | |
123 | example: | |
124 | ||
125 | - Information about available package updates. | |
126 | ||
127 | - Error messages from periodic cron jobs. | |
128 | ||
129 | All those notification mails will be sent to the specified email address. | |
130 | ||
131 | image::images/installer/pmg-setup-network.png[] | |
132 | ||
133 | The next step is the network configuration. Please note that you can use either | |
134 | IPv4 or IPv6 here, but not both. If you want to configure a dual stack node, | |
135 | you can easily do that after the installation. | |
136 | ||
137 | image::images/installer/pmg-summary.png[] | |
138 | ||
139 | When you press `Next`, you will see an overview of your entered configuration. | |
140 | Please re-check every setting, you can still use the `Previous` button to go | |
141 | back and edit any settings. | |
142 | ||
143 | After clicking `Install`, the installer will begin to format and copy packages | |
144 | to the target disk(s). | |
145 | ||
146 | image::images/installer/pmg-installation.png[] | |
147 | ||
148 | Copying the packages usually takes several minutes. When this is | |
149 | finished, you can reboot the server. | |
150 | ||
151 | Further configuration is done via the {pmg} web interface: | |
152 | ||
153 | [thumbnail="pmg-gui-login-window.png"] | |
154 | ||
155 | . Point your browser to the IP address given during the installation | |
156 | (https://youripaddress:8006). | |
157 | ||
158 | . Log in and upload your subscription key. | |
159 | + | |
160 | NOTE: The default login is "root", and the password is the one chosen during the | |
161 | installation. | |
162 | ||
163 | . Check the IP configuration and hostname. | |
164 | ||
165 | . Check the timezone. | |
166 | ||
167 | . Check your xref:firewall_settings[Firewall settings]. | |
168 | ||
169 | . Configure {pmg} to forward the incoming SMTP traffic to your mail | |
170 | server ('Configuration/Mail Proxy/Default Relay') - 'Default | |
171 | Relay' is your email server. | |
172 | ||
173 | . Configure your email server to send all outgoing messages through | |
174 | your {pmg} ('Smart Host', port 26 by default). | |
175 | ||
176 | For detailed deployment scenarios see chapter | |
177 | xref:chapter_deployment[Planning for Deployment]. | |
178 | ||
179 | After the installation, you have to route all your incoming and | |
180 | outgoing email traffic to {pmg}. For incoming traffic, you | |
181 | have to configure your firewall and/or DNS settings. For outgoing | |
182 | traffic you need to change the existing email server configuration. | |
183 | ||
184 | ||
185 | [[advanced_lvm_options]] | |
186 | Advanced LVM Configuration Options | |
187 | ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ | |
188 | ||
189 | The installer creates a Volume Group (VG) called `pmg`, and additional | |
190 | Logical Volumes (LVs) called `root` and `swap`. The size of | |
191 | those volumes can be controlled with: | |
192 | ||
193 | `hdsize`:: | |
194 | ||
195 | Defines the total disk size to be used. This way you can save free | |
196 | space on the disk for further partitioning (i.e. for an additional PV | |
197 | and VG on the same disk that can be used for LVM storage). | |
198 | ||
199 | `swapsize`:: | |
200 | ||
201 | Defines the size of the `swap` volume. The default is the size of the | |
202 | installed memory. The minimum is 4 GB and the maximum is 8 GB. The resulting | |
203 | value cannot be greater than `hdsize/8`. | |
204 | ||
205 | `minfree`:: | |
206 | ||
207 | Defines the amount of free space that should be left in the LVM volume group | |
208 | `pmg`. With more than 128GB storage available, the default is 16GB, otherwise | |
209 | `hdsize/8` will be used. | |
210 | + | |
211 | NOTE: LVM requires free space in the VG for snapshot creation (not | |
212 | required for lvmthin snapshots). | |
213 | ||
214 | ||
215 | ZFS Performance Tips | |
216 | ~~~~~~~~~~~~~~~~~~~~ | |
217 | ||
218 | ZFS uses a lot of memory, so it is best to add additional RAM if you | |
219 | want to use ZFS. A good calculation is 4GB plus 1GB RAM for each TB | |
220 | RAW disk space. | |
221 | ||
222 | ZFS also provides the ability to use a fast SSD drive as write cache. The | |
223 | write cache is called the ZFS Intent Log (ZIL). You can add that after | |
224 | the installation using the following command: | |
225 | ||
226 | zpool add <pool-name> log </dev/path_to_fast_ssd> | |
227 | ||
228 | ||
229 | [[pmg_install_on_debian]] | |
230 | Install {pmg} on Debian | |
231 | ----------------------- | |
232 | ||
233 | {pmg} ships as a set of Debian packages, so you can install it | |
234 | on top of a normal Debian installation. After configuring the | |
235 | xref:pmg_package_repositories[package repositories], you need to run: | |
236 | ||
237 | [source,bash] | |
238 | ---- | |
239 | apt update | |
240 | apt install proxmox-mailgateway | |
241 | ---- | |
242 | ||
243 | Installing on top of an existing Debian installation seems easy, but | |
244 | it assumes that you have correctly installed the base system, and you | |
245 | know how you want to configure and use the local storage. Network | |
246 | configuration is also completely up to you. | |
247 | ||
248 | NOTE: In general, this is not trivial, especially when you use LVM or | |
249 | ZFS. | |
250 | ||
251 | ||
252 | [[pmg_install_on_debian_container]] | |
253 | Install {pmg} as a Linux Container Appliance | |
254 | -------------------------------------------- | |
255 | ||
256 | {pmg} can also run inside a Debian-based LXC | |
257 | instance. In order to keep the set of installed software, and thus the | |
258 | necessary updates minimal, you can use the `proxmox-mailgateway-container` | |
259 | meta-package. This does not depend on any Linux kernel, firmware, or components | |
260 | used for booting from bare-metal, like grub2. | |
261 | ||
262 | A ready-to-use appliance template is available through the `mail` section of the | |
263 | https://www.proxmox.com/proxmox-ve[Proxmox VE] appliance manager, so if you | |
264 | already use Proxmox VE, you can set up a {pmg} instance in minutes. | |
265 | ||
266 | NOTE: It's recommended to use a static network configuration. If DHCP must be | |
267 | used, ensure that the container always leases the same IP, for example, by | |
268 | reserving one with the container's network MAC address. | |
269 | ||
270 | Additionally, you can install this on top of a container-based Debian | |
271 | installation. After configuring the | |
272 | xref:pmg_package_repositories[package repositories], you need to run: | |
273 | ||
274 | [source,bash] | |
275 | ---- | |
276 | apt update | |
277 | apt install proxmox-mailgateway-container | |
278 | ---- | |
279 | ||
280 | [[pmg_package_repositories]] | |
281 | Package Repositories | |
282 | -------------------- | |
283 | ||
284 | All {debian} based systems use | |
285 | https://en.wikipedia.org/wiki/Advanced_Packaging_Tool[APT] as a package | |
286 | management tool. The list of repositories is defined in | |
287 | `/etc/apt/sources.list` and `.list` files found inside | |
288 | `/etc/apt/sources.d/`. Updates can be installed directly using | |
289 | `apt`, or via the GUI. | |
290 | ||
291 | Apt `sources.list` files list one package repository per line, with | |
292 | the most preferred source listed first. Empty lines are ignored, and a | |
293 | `#` character anywhere on a line marks the remainder of that line as a | |
294 | comment. The information available from the configured sources is | |
295 | acquired by `apt update`. | |
296 | ||
297 | .File `/etc/apt/sources.list` | |
298 | ---- | |
299 | # basic Debian repositories: | |
300 | deb http://ftp.debian.org/debian bullseye main contrib | |
301 | deb http://ftp.debian.org/debian bullseye-updates main contrib | |
302 | ||
303 | # security updates | |
304 | deb http://security.debian.org/debian-security bullseye-security main contrib | |
305 | ||
306 | # Proxmox Mail Gateway repo required too - see below! | |
307 | ---- | |
308 | ||
309 | In addition, {pmg} provides three different package repositories. | |
310 | ||
311 | ||
312 | {pmg} Enterprise Repository | |
313 | ~~~~~~~~~~~~~~~~~~~~~~~~~~~ | |
314 | ||
315 | This is the default, stable and recommended repository, available for | |
316 | all {pmg} subscription users. It contains the most stable packages, | |
317 | and is suitable for production use. The `pmg-enterprise` repository is | |
318 | enabled by default: | |
319 | ||
320 | .File `/etc/apt/sources.list.d/pmg-enterprise.list` | |
321 | ---- | |
322 | deb https://enterprise.proxmox.com/debian/pmg bullseye pmg-enterprise | |
323 | ---- | |
324 | ||
325 | As soon as updates are available, the `root@pam` user is notified via | |
326 | email about the newly available packages. From the GUI, the change-log of | |
327 | each package can be viewed (if available), showing all details of the | |
328 | update. Thus, you will never miss important security fixes. | |
329 | ||
330 | Please note that you need a valid subscription key to access this | |
331 | repository. We offer different support levels, which you can find further | |
332 | details about at {pricing-url}. | |
333 | ||
334 | NOTE: You can disable this repository by commenting out the above line | |
335 | using a `#` (at the start of the line). This prevents error messages, | |
336 | if you do not have a subscription key. Please configure the | |
337 | `pmg-no-subscription` repository in this case. | |
338 | ||
339 | ||
340 | {pmg} No-Subscription Repository | |
341 | ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ | |
342 | ||
343 | As the name suggests, you do not need a subscription key to access | |
344 | this repository. It can be used for testing and non-production | |
345 | use. It's not recommended to use this on production servers, as these | |
346 | packages are not always heavily tested and validated. | |
347 | ||
348 | We recommend configuring this repository in `/etc/apt/sources.list`. | |
349 | ||
350 | .File `/etc/apt/sources.list` | |
351 | ---- | |
352 | deb http://ftp.debian.org/debian bullseye main contrib | |
353 | deb http://ftp.debian.org/debian bullseye-updates main contrib | |
354 | ||
355 | # security updates | |
356 | deb http://security.debian.org/debian-security bullseye-security main contrib | |
357 | ||
358 | # PMG pmg-no-subscription repository provided by proxmox.com, | |
359 | # NOT recommended for production use | |
360 | deb http://download.proxmox.com/debian/pmg bullseye pmg-no-subscription | |
361 | ---- | |
362 | ||
363 | ||
364 | {pmg} Test Repository | |
365 | ~~~~~~~~~~~~~~~~~~~~~ | |
366 | ||
367 | Finally, there is a repository called `pmgtest`. This contains the | |
368 | latest packages, and is heavily used by developers to test new | |
369 | features. As with before, you can configure this using | |
370 | `/etc/apt/sources.list` by adding the following line: | |
371 | ||
372 | .sources.list entry for `pmgtest` | |
373 | ---- | |
374 | deb http://download.proxmox.com/debian/pmg bullseye pmgtest | |
375 | ---- | |
376 | ||
377 | WARNING: the `pmgtest` repository should only be used | |
378 | for testing new features or bug fixes. | |
379 | ||
380 | ||
381 | SecureApt | |
382 | ~~~~~~~~~ | |
383 | ||
384 | We use GnuPG to sign the `Release` files inside these repositories, | |
385 | and APT uses these signatures to verify that all packages are from a | |
386 | trusted source. | |
387 | ||
388 | The key used for verification is already installed, if you install from | |
389 | our installation CD. If you install via another means, you can manually | |
390 | download the key with: | |
391 | ||
392 | ---- | |
393 | # wget https://enterprise.proxmox.com/debian/proxmox-release-bullseye.gpg -O /etc/apt/trusted.gpg.d/proxmox-release-bullseye.gpg | |
394 | ---- | |
395 | ||
396 | Verify the checksum afterwards with the `sha512sum` CLI tool: | |
397 | ||
398 | ---- | |
399 | # sha512sum /etc/apt/trusted.gpg.d/proxmox-release-bullseye.gpg | |
400 | 7fb03ec8a1675723d2853b84aa4fdb49a46a3bb72b9951361488bfd19b29aab0a789a4f8c7406e71a69aabbc727c936d3549731c4659ffa1a08f44db8fdcebfa /etc/apt/trusted.gpg.d/proxmox-release-bullseye.gpg | |
401 | ---- | |
402 | ||
403 | or the `md5sum` CLI tool: | |
404 | ||
405 | ---- | |
406 | # md5sum /etc/apt/trusted.gpg.d/proxmox-release-bullseye.gpg | |
407 | bcc35c7173e0845c0d6ad6470b70f50e /etc/apt/trusted.gpg.d/proxmox-release-bullseye.gpg | |
408 | ---- | |
409 | ||
410 | ||
411 | Other Repository Sources | |
412 | ~~~~~~~~~~~~~~~~~~~~~~~~ | |
413 | ||
414 | Certain software cannot be made available in the `main` and `contrib` | |
415 | areas of the {debian} archives, since it does not adhere to the Debian | |
416 | Free Software Guidelines (DFSG). These are distributed in the | |
417 | {debian_nonfree_archive_area}. For {pmg} two packages from the `non-free` area | |
418 | are needed in order to support the RAR archive format: | |
419 | ||
420 | * `p7zip-rar` for matching xref:pmg_mailfilter_what[Archive Objects] in the | |
421 | xref:chapter_mailfilter[Rule system] | |
422 | ||
423 | * `libclamunrar` for detecting viruses in RAR archives. | |
424 | ||
425 | .Additional sources.list entry for `non-free` | |
426 | ---- | |
427 | deb http://deb.debian.org/debian/ bullseye non-free | |
428 | deb http://security.debian.org/debian-security bullseye-security non-free | |
429 | deb http://deb.debian.org/debian/ bullseye-updates non-free | |
430 | ---- | |
431 | ||
432 | Following this, you can install the required packages with: | |
433 | ||
434 | ---- | |
435 | apt update | |
436 | apt install libclamunrar p7zip-rar | |
437 | ---- |