Installation
============
-{pmg} is based on Debian and comes with an installation CD-ROM
-which includes a complete Debian ("stretch" for version 5.x) system as
-well as all necessary {pmg} packages.
+{pmg} is based on Debian. This is why the install disk images (ISO files)
+provided by Proxmox include a complete Debian system as well as all necessary
+{pmg} packages.
-The installer just asks you a few questions, then partitions the local
-disk(s), installs all required packages, and configures the system
-including a basic network setup. You can get a fully functional system
-within a few minutes. This is the preferred and recommended
-installation method.
+TIP: See the xref:faq-support-table[support table in the FAQ] for the
+relationship between {pmg} releases and Debian releases.
-Alternatively, {pmg} can be installed on top of an existing Debian
-system. This option is only recommended for advanced users since
-it requires more detailed knowledge about {pmg} and Debian.
+The installer will guide you through the setup, allowing you to partition the local
+disk(s), apply basic system configurations (for example, timezone, language,
+network) and install all required packages. This process should not take more
+than a few minutes. Installing with the provided ISO is the recommended method
+for new and existing users.
+Alternatively, {pmg} can be installed on top of an existing Debian system. This
+option is only recommended for advanced users because detailed knowledge about
+{pmg} is required.
+
+include::pmg-installation-media.adoc[]
+
+[[pmg_install_iso]]
Using the {pmg} Installation CD-ROM
-----------------------------------
-Includes the following:
+The installer ISO image includes the following:
* Complete operating system (Debian Linux, 64-bit)
-* Partitioning of the hard drive(s) containing the operating system
- with ext4, ext3, xfs or ZFS
+* The {pmg} installer, which partitions the hard drive(s) with ext4,
+ XFS or ZFS and installs the operating system
* Linux kernel
* Postfix MTA, ClamAV, Spamassassin and the {pmg} toolset
-* Web based management interface for using the toolset
+* Web-based management interface for using the toolset
+
+NOTE: All existing data on the for installation selected drives will be removed
+during the installation process. The installer does not add boot menu entries
+for other operating systems.
+
+Please insert the xref:installation_prepare_media[prepared installation media]
+(for example, USB flash drive or CD-ROM) and boot from it.
+
+TIP: Make sure that booting from the installation medium (for example, USB) is
+enabled in your server's firmware settings. Secure boot needs to be disabled
+when booting an installer prior to {pmg} version 8.1.
-Please insert the installation CD-ROM, then boot from that
-drive. Immediately afterwards you can choose the following menu
-options:
+[thumbnail="installer/pmg-grub-menu.png"]
-image::images/installer/pmg-grub-menu.png[]
+After choosing the correct entry (for example, Boot from USB) the {pmg} menu
+will be displayed, and one of the following options can be selected:
-Install {pmg}::
+Install {pmg} (Graphical)::
Start normal installation.
-Install {pmg} (Debug mode)::
+TIP: It's possible to use the installation wizard with a keyboard only. Buttons
+can be clicked by pressing the `ALT` key combined with the underlined character
+from the respective button. For example, `ALT + N` to press a `Next` button.
+
+Install {pmg} (Terminal UI)::
+
+Starts the terminal-mode installation wizard. It provides the same overall
+installation experience as the graphical installer, but has generally better
+compatibility with very old and very new hardware.
+
+Install {pmg} (Terminal UI, Serial Console)::
+
+Starts the terminal-mode installation wizard, additionally setting up the Linux
+kernel to use the (first) serial port of the machine for in- and output. This
+can be used if the machine is completely headless and only has a serial console
+available.
-Start installation in debug mode. It opens a shell console at several
-installation steps, so that you can debug things if something goes
-wrong. Please press `CTRL-D` to exit those debug consoles and continue
-installation. This option is mostly for developers and not meant for
-general use.
+[thumbnail="installer/pmg-tui-installer.png"]
-Rescue Boot::
+Both modes use the same code base for the actual installation process to
+benefit from more than a decade of bug fixes and ensure feature parity.
-This option allows you to boot an existing installation. It searches
-all attached hard disks and, if it finds an existing installation,
-boots directly into that disk using the existing Linux kernel. This
-can be useful if there are problems with the boot block (grub), or the
-BIOS is unable to read the boot block from the disk.
+TIP: The 'Terminal UI' option can be used in case the graphical installer does
+not work correctly, due to e.g. driver issues.
-Test Memory::
+Advanced Options: Install {pmg} (Graphical, Debug Mode)::
-Runs `memtest86+`. This is useful to check if your memory is
-functional and error free.
+Starts the installation in debug mode. A console will be opened at several
+installation steps. This helps to debug the situation if something goes wrong.
+To exit a debug console, press `CTRL-D`. This option can be used to boot a live
+system with all basic tools available. You can use it, for example, to repair a
+degraded ZFS 'rpool' or fix the bootloader for an existing {pmg} setup.
-You normally select *Install {pmg}* to start the installation. First
-step ist to read our EULA (End User License Agreement).
+Advanced Options: Install {pmg} (Terminal UI, Debug Mode)::
-image::images/installer/pmg-license-agreement.png[]
+Same as the graphical debug mode, but preparing the system to run the
+terminal-based installer instead.
-After that you get prompted to select the target hard disk(s).
+Advanced Options: Install {pmg} (Serial Console Debug Mode)::
-NOTE: By default, the complete server is used and all existing data is
-removed.
+Same the terminal-based debug mode, but additionally sets up the Linux kernel to
+use the (first) serial port of the machine for in- and output.
-image::images/installer/pmg-select-target-disk.png[]
+Advanced Options: Rescue Boot::
+
+With this option you can boot an existing installation. It searches all attached
+hard disks. If it finds an existing installation, it boots directly into that
+disk using the Linux kernel from the ISO. This can be useful if there are
+problems with the bootloader (GRUB/`systemd-boot`) or the BIOS/UEFI is unable to
+read the boot block from the disk.
+
+Advanced Options: Test Memory (memtest86+)::
+
+Runs `memtest86+`. This is useful to check if the memory is functional and free
+of errors. Secure Boot must be turned off in the UEFI firmware setup utility to
+run this option.
+
+You normally select *Install {pmg} (Graphical)* to start the installation.
+
+[thumbnail="installer/pmg-select-target-disk.png"]
+
+The first step is to read our EULA (End User License Agreement). Following
+this, you can select the target hard disk(s) for the installation.
+
+CAUTION: By default, the whole server is used and all existing data is removed.
+Make sure there is no important data on the server before proceeding with the
+installation.
The `Options` button lets you select the target file system, which
-defaults to `ext4`. The installer uses LVM if you select `ext3`,
-`ext4` or `xfs` as file system, and offers additional option to
+defaults to `ext4`. The installer uses LVM if you select
+`ext4` or `xfs` as a file system, and offers additional options to
restrict LVM space (see <<advanced_lvm_options,below>>)
-If you have more than one disk, you can also use ZFS as file system.
-ZFS supports several software RAID levels, so this is specially useful
+If you have more than one disk, you can also use ZFS as a file system.
+ZFS supports several software RAID levels, which is particularly useful
if you do not have a hardware RAID controller. The `Options` button
-lets you select the ZFS RAID level, and you can choose disks there.
+lets you choose the ZFS RAID level and select which disks will be used.
+
+WARNING: ZFS on top of any hardware RAID is not supported and can result in data
+loss.
+
+[thumbnail="installer/pmg-select-location.png"]
+
+The next page asks for basic configuration options like your
+location, timezone, and keyboard layout. The location is used to
+select a nearby download server, in order to increase the speed of updates.
+The installer is usually able to auto-detect these settings, so you only need to
+change them in rare situations when auto-detection fails, or when you want to
+use a keyboard layout not commonly used in your country.
+
+[thumbnail="installer/pmg-set-password.png", float="left"]
+
+You then need to specify an email address and the superuser (root)
+password. The password must have at least 5 characters, but we highly
+recommend to use stronger passwords - here are some guidelines:
+
+- Use a minimum password length of at least 12 characters.
+
+- Include lowercase and uppercase alphabetic characters, numbers and symbols.
+
+- Avoid character repetition, keyboard patterns, dictionary words, letter or
+ number sequences, usernames, relative or pet names, romantic links (current
+ or past) and biographical information (e.g., ID numbers, ancestors' names or
+ dates).
+
+It is sometimes necessary to send notification to the system administrator, for
+example:
+
+- Information about available package updates.
+
+- Error messages from periodic cron jobs.
+
+[thumbnail="installer/pmg-setup-network.png"]
+
+All those notification mails will be sent to the specified email address.
+
+The next step is the network configuration. Please note that you can use either
+IPv4 or IPv6 here, but not both. If you want to configure a dual stack node,
+you can easily do that after the installation.
+
+[thumbnail="installer/pmg-installation.png", float="left"]
+
+When you press `Next`, you will see an overview of your entered configuration.
+Please re-check every setting, you can still use the `Previous` button to go
+back and edit any settings.
+
+After clicking `Install`, the installer will begin to format and copy packages
+to the target disk(s).
+
+[thumbnail="installer/pmg-summary.png"]
+
+Copying the packages usually takes several minutes, mostly depending on the
+speed of the installation medium and the target disk performance.
+
+When copying and setting up the packages has finished, you can reboot the
+server. This will be done automatically after a few seconds by default.
-The next pages just ask for basic configuration options like time
-zone and keyboard layout. You also need to specify your email address
-and superuser (root) password (must have at least 5 characters).
+.Installation Failure
-The last step is the network configuration. Please note that you can
-use either IPv4 or IPv6 here, but not both. If you want to configure a
-dual stack node, you can easily do that after installation.
+If the installation failed, check out specific errors on the second TTY
+(`CTRL + ALT + F2') and ensure that the systems meets the
+xref:install_minimal_requirements[minimum requirements].
-If you press `Next` now, installation starts to format disks, and
-copies packages to the target. Please wait until that is finished,
-then reboot the server.
+If the installation is still not working, look at the xref:getting_help[how to
+get help chapter].
-Further configuration is done via the Proxmox web interface. Just
-point your browser to the IP address given during installation
-(https://youripaddress:8006).
-NOTE: Default login is "root" and the root password is
-defined during the installation process.
+Accessing the Management Interface Post-Installation
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+[thumbnail="screenshot/pmg-gui-login-window.png"]
+
+After a succesful installation and reboot of the system you can use the {pmg}
+web interface for further configuration.
+
+. Point your browser to the IP address given during the installation and port
+ 8006, for example: https://youripaddress:8006
+
+. Log in using the `root` username and the password chosen during installation.
+
+. Upload your subscription key to gain access to the Enterprise repository.
+ Otherwise, you will need to set up one of the public, less tested package
+ repositories to get updates for security fixes, bug fixes, and new features.
+
+. Check the IP configuration and hostname.
+
+. Check the timezone.
+
+. Check your xref:firewall_settings[Firewall settings].
+
+. Configure {pmg} to forward the incoming SMTP traffic to your mail
+server ('Configuration/Mail Proxy/Default Relay') - 'Default
+Relay' is your email server.
+
+. Configure your email server to send all outgoing messages through
+your {pmg} ('Smart Host', port 26 by default).
+
+For detailed deployment scenarios see chapter
+xref:chapter_deployment[Planning for Deployment].
+
+After the installation, you have to route all your incoming and
+outgoing email traffic to {pmg}. For incoming traffic, you
+have to configure your firewall and/or DNS settings. For outgoing
+traffic you need to change the existing email server configuration.
[[advanced_lvm_options]]
`hdsize`::
-Defines the total HD size to be used. This way you can save free
-space on the HD for further partitioning (i.e. for an additional PV
-and VG on the same hard disk that can be used for LVM storage).
+Defines the total disk size to be used. This way you can save free
+space on the disk for further partitioning (i.e. for an additional PV
+and VG on the same disk that can be used for LVM storage).
`swapsize`::
Defines the size of the `swap` volume. The default is the size of the
-installed memory, minimum 4 GB and maximum 8 GB. The resulting value cannot
-be greater than `hdsize/8`.
-
-`maxroot`::
-
-Defines the maximum size of the `root` volume, which stores the operation
-system. The maximum limit of the `root` volume size is `hdsize/4`.
-
-`maxvz`::
-
-Defines the maximum size of the `data` volume. The actual size of the `data`
-volume is:
-+
-`datasize = hdsize - rootsize - swapsize - minfree`
-+
-Where `datasize` cannot be bigger than `maxvz`.
+installed memory. The minimum is 4 GB and the maximum is 8 GB. The resulting
+value cannot be greater than `hdsize/8`.
`minfree`::
-Defines the amount of free space left in LVM volume group `pve`.
-With more than 128GB storage available the default is 16GB, else `hdsize/8`
-will be used.
+Defines the amount of free space that should be left in the LVM volume group
+`pmg`. With more than 128GB storage available, the default is 16GB, otherwise
+`hdsize/8` will be used.
+
NOTE: LVM requires free space in the VG for snapshot creation (not
required for lvmthin snapshots).
ZFS Performance Tips
~~~~~~~~~~~~~~~~~~~~
-ZFS uses a lot of memory, so it is best to add additional RAM if you
-want to use ZFS. A good calculation is 4GB plus 1GB RAM for each TB
+ZFS works best with a lot of memory. If you intend to use ZFS make sure to have
+enough RAM available for it. A good calculation is 4GB plus 1GB RAM for each TB
RAW disk space.
-ZFS also provides the feature to use a fast SSD drive as write cache. The
-write cache is called the ZFS Intent Log (ZIL). You can add that after
-installation using the following command:
+ZFS can use a dedicated drive as write cache, called the ZFS Intent Log (ZIL).
+Use a fast drive (SSD) for it. It can be added after installation with the
+following command:
- zpool add <pool-name> log </dev/path_to_fast_ssd>
+----
+# zpool add <pool-name> log </dev/path_to_fast_ssd>
+----
+
+Adding the `nomodeset` Kernel Parameter
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+Problems may arise on very old or very new hardware due to graphics drivers. If
+the installation hangs during the boot. In that case, you can try adding the
+`nomodeset` parameter. This prevents the Linux kernel from loading any
+graphics drivers and forces it to continue using the BIOS/UEFI-provided
+framebuffer.
+
+On the {pmg} bootloader menu, navigate to 'Install {pmg} (Terminal UI)' and
+press `e` to edit the entry. Using the arrow keys, navigate to the line starting
+with `linux`, move the cursor to the end of that line and add the
+parameter `nomodeset`, separated by a space from the pre-existing last
+parameter.
+Then press `Ctrl-X` or `F10` to boot the configuration.
+[[pmg_install_on_debian]]
Install {pmg} on Debian
-----------------------
{pmg} ships as a set of Debian packages, so you can install it
on top of a normal Debian installation. After configuring the
-repositories, you need to run:
+xref:pmg_package_repositories[package repositories], you need to run:
[source,bash]
----
-apt-get update
-apt-get install proxmox-mailgateway
+apt update
+apt install proxmox-mailgateway
----
-Installing on top of an existing Debian installation looks easy, but
-it presumes that you have correctly installed the base system, and you
+Installing on top of an existing Debian installation seems easy, but
+it assumes that you have correctly installed the base system, and you
know how you want to configure and use the local storage. Network
configuration is also completely up to you.
NOTE: In general, this is not trivial, especially when you use LVM or
ZFS.
+
+
+[[pmg_install_on_debian_container]]
+Install {pmg} as a Linux Container Appliance
+--------------------------------------------
+
+{pmg} can also run inside a Debian-based LXC
+instance. In order to keep the set of installed software, and thus the
+necessary updates minimal, you can use the `proxmox-mailgateway-container`
+meta-package. This does not depend on any Linux kernel, firmware, or components
+used for booting from bare-metal, like GRUB.
+
+A ready-to-use appliance template is available through the `mail` section of the
+https://www.proxmox.com/proxmox-virtual-environment/overview[Proxmox VE]
+appliance manager, so if you already use Proxmox VE, you can set up a {pmg}
+instance in minutes.
+
+NOTE: It's recommended to use a static network configuration. If DHCP must be
+used, ensure that the container always leases the same IP, for example, by
+reserving one with the container's network MAC address.
+
+Additionally, you can install this on top of a container-based Debian
+installation. After configuring the
+xref:pmg_package_repositories[package repositories], you need to run:
+
+[source,bash]
+----
+apt update
+apt install proxmox-mailgateway-container
+----
+
+[[pmg_package_repositories]]
+Package Repositories
+--------------------
+
+{pmg} uses http://en.wikipedia.org/wiki/Advanced_Packaging_Tool[APT] as its
+package management tool like any other Debian-based system.
+
+Repositories in {pmg}
+~~~~~~~~~~~~~~~~~~~~~
+
+Repositories are a collection of software packages. They can be used to install
+new software, but are also important to get new updates.
+
+NOTE: You need valid Debian and Proxmox repositories to get the latest
+security updates, bug fixes and new features.
+
+APT Repositories are defined in the file `/etc/apt/sources.list` and in `.list`
+files placed in `/etc/apt/sources.list.d/`.
+
+Repository Management
+^^^^^^^^^^^^^^^^^^^^^
+
+[thumbnail="screenshot/pmg-gui-admin-repositories.png"]
+
+Since {pmg} 7.0 you can check the repository state in the web interface. The
+'Dashboard' shows a high level status overview, while the separate 'Repository'
+panel (accessible via 'Administration') shows in-depth status and list of all
+configured repositories.
+
+Basic repository management, for example, activating or deactivating a
+repository, is also supported.
+
+Sources.list
+^^^^^^^^^^^^
+
+In a `sources.list` file, each line defines a package repository. The preferred
+source must come first. Empty lines are ignored. A `#` character anywhere on a
+line marks the remainder of that line as a comment. The available packages from
+a repository are acquired by running `apt update`. Updates can be installed
+directly using `apt`, or via the GUI (Administration -> Updates).
+
+.File `/etc/apt/sources.list`
+----
+# basic Debian repositories:
+deb http://deb.debian.org/debian bookworm main contrib
+deb http://deb.debian.org/debian bookworm-updates main contrib
+
+# security updates
+deb http://security.debian.org/debian-security bookworm-security main contrib
+
+# Proxmox Mail Gateway repo required too - see below!
+----
+
+{pmg} provides three different package repositories.
+
+
+{pmg} Enterprise Repository
+~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+This is the default, stable and recommended repository, available for
+all {pmg} subscription users. It contains the most stable packages,
+and is suitable for production use. The `pmg-enterprise` repository is
+enabled by default:
+
+.File `/etc/apt/sources.list.d/pmg-enterprise.list`
+----
+deb https://enterprise.proxmox.com/debian/pmg bookworm pmg-enterprise
+----
+
+As soon as updates are available, the `root@pam` user is notified via
+email about the newly available packages. From the GUI, the change-log of
+each package can be viewed (if available), showing all details of the
+update. Thus, you will never miss important security fixes.
+
+Please note that you need a valid subscription key to access this
+repository. We offer different support levels, which you can find further
+details about at {pricing-url}.
+
+NOTE: You can disable this repository by commenting out the above line
+using a `#` (at the start of the line). This prevents error messages,
+if you do not have a subscription key. Please configure the
+`pmg-no-subscription` repository in this case.
+
+
+{pmg} No-Subscription Repository
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+As the name suggests, you do not need a subscription key to access
+this repository. It can be used for testing and non-production
+use. It's not recommended to use this on production servers, as these
+packages are not always heavily tested and validated.
+
+We recommend configuring this repository in `/etc/apt/sources.list`.
+
+.File `/etc/apt/sources.list`
+----
+deb http://ftp.debian.org/debian bookworm main contrib
+deb http://ftp.debian.org/debian bookworm-updates main contrib
+
+# security updates
+deb http://security.debian.org/debian-security bookworm-security main contrib
+
+# PMG pmg-no-subscription repository provided by proxmox.com,
+# NOT recommended for production use
+deb http://download.proxmox.com/debian/pmg bookworm pmg-no-subscription
+----
+
+
+{pmg} Test Repository
+~~~~~~~~~~~~~~~~~~~~~
+
+Finally, there is a repository called `pmgtest`. This contains the
+latest packages, and is heavily used by developers to test new
+features. As with before, you can configure this using
+`/etc/apt/sources.list` by adding the following line:
+
+.sources.list entry for `pmgtest`
+----
+deb http://download.proxmox.com/debian/pmg bookworm pmgtest
+----
+
+WARNING: the `pmgtest` repository should only be used
+for testing new features or bug fixes.
+
+
+SecureApt
+~~~~~~~~~
+
+We use GnuPG to sign the `Release` files inside these repositories,
+and APT uses these signatures to verify that all packages are from a
+trusted source.
+
+The key used for verification is already installed, if you install from
+our installation CD. If you install via another means, you can manually
+download the key by executing the following command as root user:
+
+----
+ # wget https://enterprise.proxmox.com/debian/proxmox-release-bookworm.gpg -O /etc/apt/trusted.gpg.d/proxmox-release-bookworm.gpg
+----
+
+Verify the checksum afterwards with the `sha512sum` CLI tool:
+
+----
+# sha512sum /etc/apt/trusted.gpg.d/proxmox-release-bookworm.gpg
+7da6fe34168adc6e479327ba517796d4702fa2f8b4f0a9833f5ea6e6b48f6507a6da403a274fe201595edc86a84463d50383d07f64bdde2e3658108db7d6dc87 /etc/apt/trusted.gpg.d/proxmox-release-bookworm.gpg
+----
+
+or the `md5sum` CLI tool:
+
+----
+# md5sum /etc/apt/trusted.gpg.d/proxmox-release-bookworm.gpg
+41558dc019ef90bd0f6067644a51cf5b /etc/apt/trusted.gpg.d/proxmox-release-bookworm.gpg
+----
+
+
+Debian Non-Free Repository
+~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+Certain software cannot be made available in the `main` and `contrib`
+areas of the {debian} archives, since it does not adhere to the Debian
+Free Software Guidelines (DFSG). These are distributed in the
+{debian_nonfree_archive_area}. For {pmg} two packages from the `non-free` area
+are needed in order to support the RAR archive format:
+
+* `p7zip-rar` for matching xref:pmg_mailfilter_what[Archive Objects] in the
+ xref:chapter_mailfilter[Rule system]
+
+* `libclamunrar` for detecting viruses in RAR archives.
+
+To enable the `non-free` component, run `editor /etc/apt/sources.list` and
+append `non-free` to the end of each `.debian.org` repository line.
+
+Following this, you can install the required packages with:
+
+----
+apt update
+apt install libclamunrar p7zip-rar
+----
+
+
+[[pmg_debian_firmware_repo]]
+Debian Firmware Repository
+~~~~~~~~~~~~~~~~~~~~~~~~~
+Starting with Debian Bookworm ({pmg} 8) non-free firmware (as defined by
+https://www.debian.org/social_contract#guidelines[DFSG]) has been moved to the
+newly created Debian repository component `non-free-firmware`.
+
+Enable this repository if you want to set up
+xref:pmg_firmware_cpu[Early OS Microcode Updates] or need additional
+xref:pmg_firmware_runtime_files[Runtime Firmware Files] not already included in
+the pre-installed package `pve-firmware`.
+
+To be able to install packages from this component, run
+`editor /etc/apt/sources.list`, append `non-free-firmware` to the end of each
+`.debian.org` repository line and run `apt update`.
projects / pmg-docs.git / blobdiff