]>
Commit | Line | Data |
---|---|---|
03c03402 DM |
1 | Installation |
2 | ============ | |
3 | ||
4 | {pmg} is based on Debian and comes with an installation CD-ROM | |
7cf7c2d3 | 5 | which includes a complete Debian ("buster" for version 6.x) system as |
03c03402 DM |
6 | well as all necessary {pmg} packages. |
7 | ||
bf99325b DW |
8 | The installer asks some questions, then partitions the local |
9 | disk(s), installs all required packages, and configures the system, | |
10 | including a basic network setup. This gives you a fully functional system | |
11 | within minutes. This is the preferred and recommended | |
03c03402 DM |
12 | installation method. |
13 | ||
14 | Alternatively, {pmg} can be installed on top of an existing Debian | |
15 | system. This option is only recommended for advanced users since | |
16 | it requires more detailed knowledge about {pmg} and Debian. | |
17 | ||
dfcaa012 AL |
18 | include::pmg-installation-media.adoc[] |
19 | ||
39abbce4 | 20 | [[pmg_install_iso]] |
03c03402 DM |
21 | Using the {pmg} Installation CD-ROM |
22 | ----------------------------------- | |
23 | ||
dfcaa012 | 24 | The installer ISO image includes the following: |
03c03402 DM |
25 | |
26 | * Complete operating system (Debian Linux, 64-bit) | |
27 | ||
b2d388d4 | 28 | * The {pmg} installer, which partitions the hard drive(s) with ext4, |
bf99325b | 29 | xfs or ZFS and installs the operating system |
03c03402 DM |
30 | |
31 | * Linux kernel | |
32 | ||
33 | * Postfix MTA, ClamAV, Spamassassin and the {pmg} toolset | |
34 | ||
582a64ad | 35 | * Web-based management interface for using the toolset |
03c03402 | 36 | |
b2d388d4 | 37 | |
dfcaa012 AL |
38 | |
39 | Please insert the xref:installation_prepare_media[prepared installation media] | |
40 | (for example, USB flash drive or CD-ROM) and boot from it. | |
41 | ||
42 | TIP: Make sure that booting from the installation medium (for example, USB) is | |
43 | enabled in your servers firmware settings. | |
44 | ||
bf99325b DW |
45 | After choosing the correct entry (for example, Boot from USB) the {pmg} menu |
46 | will be displayed, and one of the following options can be selected: | |
03c03402 DM |
47 | |
48 | image::images/installer/pmg-grub-menu.png[] | |
49 | ||
50 | Install {pmg}:: | |
51 | ||
52 | Start normal installation. | |
53 | ||
54 | Install {pmg} (Debug mode):: | |
55 | ||
bf99325b DW |
56 | Start installation in debug mode. This opens a shell console at various stages |
57 | throughout the installation, so that you can debug issues, if something goes | |
58 | wrong. You can press `CTRL-D` to exit the debug console and continue the | |
59 | installation. This option is mostly for developers and not meant for general | |
60 | use. | |
03c03402 DM |
61 | |
62 | Rescue Boot:: | |
63 | ||
64 | This option allows you to boot an existing installation. It searches | |
65 | all attached hard disks and, if it finds an existing installation, | |
66 | boots directly into that disk using the existing Linux kernel. This | |
67 | can be useful if there are problems with the boot block (grub), or the | |
68 | BIOS is unable to read the boot block from the disk. | |
69 | ||
70 | Test Memory:: | |
71 | ||
72 | Runs `memtest86+`. This is useful to check if your memory is | |
73 | functional and error free. | |
74 | ||
dc69da07 | 75 | You normally select *Install {pmg}* to start the installation. |
03c03402 | 76 | |
dc69da07 | 77 | image::images/installer/pmg-select-target-disk.png[] |
03c03402 | 78 | |
bf99325b DW |
79 | The first step is to read our EULA (End User License Agreement). Following |
80 | this, you can select the target hard disk(s) for the installation. | |
03c03402 | 81 | |
582a64ad OB |
82 | CAUTION: By default, the whole server is used and all existing data is removed. |
83 | Make sure there is no important data on the server before proceeding with the | |
84 | installation. | |
03c03402 | 85 | |
03c03402 | 86 | The `Options` button lets you select the target file system, which |
12908dd2 | 87 | defaults to `ext4`. The installer uses LVM if you select |
bf99325b | 88 | `ext4` or `xfs` as a file system, and offers additional options to |
03c03402 DM |
89 | restrict LVM space (see <<advanced_lvm_options,below>>) |
90 | ||
bf99325b DW |
91 | If you have more than one disk, you can also use ZFS as a file system. |
92 | ZFS supports several software RAID levels, which is particularly useful | |
03c03402 | 93 | if you do not have a hardware RAID controller. The `Options` button |
bf99325b | 94 | lets you choose the ZFS RAID level and select which disks will be used. |
03c03402 | 95 | |
dc69da07 DM |
96 | image::images/installer/pmg-select-location.png[] |
97 | ||
582a64ad | 98 | The next page asks for basic configuration options like your |
bf99325b DW |
99 | location, timezone, and keyboard layout. The location is used to |
100 | select a nearby download server, in order to increase the speed of updates. | |
101 | The installer is usually able to auto-detect these settings, so you only need to | |
102 | change them in rare situations when auto-detection fails, or when you want to | |
582a64ad | 103 | use a keyboard layout not commonly used in your country. |
dc69da07 DM |
104 | |
105 | image::images/installer/pmg-set-password.png[] | |
106 | ||
107 | You then need to specify an email address and the superuser (root) | |
108 | password. The password must have at least 5 characters, but we highly | |
109 | recommend to use stronger passwords - here are some guidelines: | |
110 | ||
111 | - Use a minimum password length of 12 to 14 characters. | |
112 | ||
113 | - Include lowercase and uppercase alphabetic characters, numbers and symbols. | |
114 | ||
60522152 TL |
115 | - Avoid character repetition, keyboard patterns, dictionary words, letter or |
116 | number sequences, usernames, relative or pet names, romantic links (current | |
117 | or past) and biographical information (e.g., ID numbers, ancestors' names or | |
118 | dates). | |
dc69da07 | 119 | |
aecce55c TL |
120 | It is sometimes necessary to send notification to the system administrator, for |
121 | example: | |
dc69da07 DM |
122 | |
123 | - Information about available package updates. | |
124 | ||
bf99325b | 125 | - Error messages from periodic cron jobs. |
dc69da07 | 126 | |
aecce55c | 127 | All those notification mails will be sent to the specified email address. |
dc69da07 DM |
128 | |
129 | image::images/installer/pmg-setup-network.png[] | |
03c03402 | 130 | |
aecce55c TL |
131 | The next step is the network configuration. Please note that you can use either |
132 | IPv4 or IPv6 here, but not both. If you want to configure a dual stack node, | |
bf99325b | 133 | you can easily do that after the installation. |
03c03402 | 134 | |
f6249b79 TL |
135 | image::images/installer/pmg-summary.png[] |
136 | ||
aecce55c TL |
137 | When you press `Next`, you will see an overview of your entered configuration. |
138 | Please re-check every setting, you can still use the `Previous` button to go | |
139 | back and edit any settings. | |
f6249b79 | 140 | |
bf99325b DW |
141 | After clicking `Install`, the installer will begin to format and copy packages |
142 | to the target disk(s). | |
dc69da07 DM |
143 | |
144 | image::images/installer/pmg-installation.png[] | |
145 | ||
bf99325b DW |
146 | Copying the packages usually takes several minutes. When this is |
147 | finished, you can reboot the server. | |
03c03402 | 148 | |
bf99325b | 149 | Further configuration is done via the {pmg} web interface: |
f03ead41 SI |
150 | |
151 | [thumbnail="pmg-gui-login-window.png"] | |
03c03402 | 152 | |
bf99325b | 153 | . Point your browser to the IP address given during the installation |
f03ead41 | 154 | (https://youripaddress:8006). |
b5b01ac3 | 155 | |
bf99325b | 156 | . Log in and upload your subscription key. |
b2d388d4 | 157 | + |
bf99325b | 158 | NOTE: The default login is "root", and the password is the one chosen during the |
aecce55c | 159 | installation. |
03c03402 | 160 | |
b2d388d4 DM |
161 | . Check the IP configuration and hostname. |
162 | ||
bf99325b | 163 | . Check the timezone. |
b2d388d4 DM |
164 | |
165 | . Check your xref:firewall_settings[Firewall settings]. | |
166 | ||
bf99325b | 167 | . Configure {pmg} to forward the incoming SMTP traffic to your mail |
b2d388d4 | 168 | server ('Configuration/Mail Proxy/Default Relay') - 'Default |
09e283f2 | 169 | Relay' is your email server. |
b2d388d4 | 170 | |
09e283f2 | 171 | . Configure your email server to send all outgoing messages through |
303ee757 | 172 | your {pmg} ('Smart Host', port 26 by default). |
b2d388d4 DM |
173 | |
174 | For detailed deployment scenarios see chapter | |
175 | xref:chapter_deployment[Planning for Deployment]. | |
176 | ||
bf99325b DW |
177 | After the installation, you have to route all your incoming and |
178 | outgoing email traffic to {pmg}. For incoming traffic, you | |
b2d388d4 | 179 | have to configure your firewall and/or DNS settings. For outgoing |
09e283f2 | 180 | traffic you need to change the existing email server configuration. |
b2d388d4 | 181 | |
03c03402 DM |
182 | |
183 | [[advanced_lvm_options]] | |
184 | Advanced LVM Configuration Options | |
185 | ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ | |
186 | ||
187 | The installer creates a Volume Group (VG) called `pmg`, and additional | |
188 | Logical Volumes (LVs) called `root` and `swap`. The size of | |
189 | those volumes can be controlled with: | |
190 | ||
191 | `hdsize`:: | |
192 | ||
582a64ad OB |
193 | Defines the total disk size to be used. This way you can save free |
194 | space on the disk for further partitioning (i.e. for an additional PV | |
195 | and VG on the same disk that can be used for LVM storage). | |
03c03402 DM |
196 | |
197 | `swapsize`:: | |
198 | ||
199 | Defines the size of the `swap` volume. The default is the size of the | |
bf99325b DW |
200 | installed memory. The minimum is 4 GB and the maximum is 8 GB. The resulting |
201 | value cannot be greater than `hdsize/8`. | |
03c03402 | 202 | |
03c03402 DM |
203 | `minfree`:: |
204 | ||
bf99325b DW |
205 | Defines the amount of free space that should be left in the LVM volume group |
206 | `pmg`. With more than 128GB storage available, the default is 16GB, otherwise | |
207 | `hdsize/8` will be used. | |
03c03402 DM |
208 | + |
209 | NOTE: LVM requires free space in the VG for snapshot creation (not | |
210 | required for lvmthin snapshots). | |
211 | ||
212 | ||
213 | ZFS Performance Tips | |
214 | ~~~~~~~~~~~~~~~~~~~~ | |
215 | ||
216 | ZFS uses a lot of memory, so it is best to add additional RAM if you | |
217 | want to use ZFS. A good calculation is 4GB plus 1GB RAM for each TB | |
218 | RAW disk space. | |
219 | ||
bf99325b | 220 | ZFS also provides the ability to use a fast SSD drive as write cache. The |
03c03402 | 221 | write cache is called the ZFS Intent Log (ZIL). You can add that after |
582a64ad | 222 | the installation using the following command: |
03c03402 DM |
223 | |
224 | zpool add <pool-name> log </dev/path_to_fast_ssd> | |
225 | ||
3372775f | 226 | |
39abbce4 | 227 | [[pmg_install_on_debian]] |
03c03402 DM |
228 | Install {pmg} on Debian |
229 | ----------------------- | |
230 | ||
231 | {pmg} ships as a set of Debian packages, so you can install it | |
232 | on top of a normal Debian installation. After configuring the | |
bf99325b | 233 | xref:pmg_package_repositories[package repositories], you need to run: |
03c03402 DM |
234 | |
235 | [source,bash] | |
236 | ---- | |
3e2d2270 TL |
237 | apt update |
238 | apt install proxmox-mailgateway | |
03c03402 DM |
239 | ---- |
240 | ||
bf99325b | 241 | Installing on top of an existing Debian installation seems easy, but |
582a64ad | 242 | it assumes that you have correctly installed the base system, and you |
03c03402 DM |
243 | know how you want to configure and use the local storage. Network |
244 | configuration is also completely up to you. | |
245 | ||
246 | NOTE: In general, this is not trivial, especially when you use LVM or | |
247 | ZFS. | |
e3eaa56a DM |
248 | |
249 | ||
39abbce4 | 250 | [[pmg_install_on_debian_container]] |
bf99325b | 251 | Install {pmg} as a Linux Container Appliance |
3fc72cc0 | 252 | -------------------------------------------- |
c13d3d4f | 253 | |
bf99325b | 254 | {pmg} can also run inside a Debian-based LXC |
c13d3d4f | 255 | instance. In order to keep the set of installed software, and thus the |
582a64ad | 256 | necessary updates minimal, you can use the `proxmox-mailgateway-container` |
bf99325b | 257 | meta-package. This does not depend on any Linux kernel, firmware, or components |
c13d3d4f | 258 | used for booting from bare-metal, like grub2. |
17a13972 | 259 | |
bf99325b DW |
260 | A ready-to-use appliance template is available through the `mail` section of the |
261 | https://www.proxmox.com/proxmox-ve[Proxmox VE] appliance manager, so if you | |
262 | already use Proxmox VE, you can set up a {pmg} instance in minutes. | |
17a13972 | 263 | |
bf99325b DW |
264 | NOTE: It's recommended to use a static network configuration. If DHCP must be |
265 | used, ensure that the container always leases the same IP, for example, by | |
266 | reserving one with the container's network MAC address. | |
5991f9eb | 267 | |
bf99325b | 268 | Additionally, you can install this on top of a container-based Debian |
3e2d2270 | 269 | installation. After configuring the |
bf99325b | 270 | xref:pmg_package_repositories[package repositories], you need to run: |
3e2d2270 TL |
271 | |
272 | [source,bash] | |
273 | ---- | |
274 | apt update | |
275 | apt install proxmox-mailgateway-container | |
276 | ---- | |
5991f9eb | 277 | |
e3eaa56a DM |
278 | [[pmg_package_repositories]] |
279 | Package Repositories | |
280 | -------------------- | |
281 | ||
282 | All {debian} based systems use | |
bf99325b | 283 | https://en.wikipedia.org/wiki/Advanced_Packaging_Tool[APT] as a package |
e3eaa56a DM |
284 | management tool. The list of repositories is defined in |
285 | `/etc/apt/sources.list` and `.list` files found inside | |
286 | `/etc/apt/sources.d/`. Updates can be installed directly using | |
3e2d2270 | 287 | `apt`, or via the GUI. |
e3eaa56a DM |
288 | |
289 | Apt `sources.list` files list one package repository per line, with | |
290 | the most preferred source listed first. Empty lines are ignored, and a | |
291 | `#` character anywhere on a line marks the remainder of that line as a | |
292 | comment. The information available from the configured sources is | |
3e2d2270 | 293 | acquired by `apt update`. |
e3eaa56a DM |
294 | |
295 | .File `/etc/apt/sources.list` | |
296 | ---- | |
7cf7c2d3 | 297 | deb http://ftp.debian.org/debian buster main contrib |
e3eaa56a | 298 | |
7cf7c2d3 | 299 | deb http://ftp.debian.org/debian buster-updates main contrib |
aedc8192 | 300 | |
e3eaa56a | 301 | # security updates |
79569792 | 302 | deb http://security.debian.org/debian-security buster/updates main contrib |
e3eaa56a | 303 | ---- |
79569792 | 304 | // FIXME for 7.0: change security update suite to bullseye-security |
e3eaa56a DM |
305 | |
306 | In addition, {pmg} provides three different package repositories. | |
307 | ||
308 | ||
309 | {pmg} Enterprise Repository | |
310 | ~~~~~~~~~~~~~~~~~~~~~~~~~~~ | |
311 | ||
312 | This is the default, stable and recommended repository, available for | |
313 | all {pmg} subscription users. It contains the most stable packages, | |
314 | and is suitable for production use. The `pmg-enterprise` repository is | |
315 | enabled by default: | |
316 | ||
317 | .File `/etc/apt/sources.list.d/pmg-enterprise.list` | |
318 | ---- | |
7cf7c2d3 | 319 | deb https://enterprise.proxmox.com/debian/pmg buster pmg-enterprise |
e3eaa56a DM |
320 | ---- |
321 | ||
322 | As soon as updates are available, the `root@pam` user is notified via | |
bf99325b | 323 | email about the newly available packages. From the GUI, the change-log of |
e3eaa56a | 324 | each package can be viewed (if available), showing all details of the |
bf99325b | 325 | update. Thus, you will never miss important security fixes. |
e3eaa56a | 326 | |
bf99325b DW |
327 | Please note that you need a valid subscription key to access this |
328 | repository. We offer different support levels, which you can find further | |
329 | details about at {pricing-url}. | |
e3eaa56a DM |
330 | |
331 | NOTE: You can disable this repository by commenting out the above line | |
bf99325b | 332 | using a `#` (at the start of the line). This prevents error messages, |
e3eaa56a | 333 | if you do not have a subscription key. Please configure the |
bf99325b | 334 | `pmg-no-subscription` repository in this case. |
e3eaa56a DM |
335 | |
336 | ||
337 | {pmg} No-Subscription Repository | |
338 | ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ | |
339 | ||
340 | As the name suggests, you do not need a subscription key to access | |
341 | this repository. It can be used for testing and non-production | |
bf99325b | 342 | use. It's not recommended to use this on production servers, as these |
e3eaa56a DM |
343 | packages are not always heavily tested and validated. |
344 | ||
bf99325b | 345 | We recommend configuring this repository in `/etc/apt/sources.list`. |
e3eaa56a DM |
346 | |
347 | .File `/etc/apt/sources.list` | |
348 | ---- | |
7cf7c2d3 | 349 | deb http://ftp.debian.org/debian buster main contrib |
e3eaa56a DM |
350 | |
351 | # PMG pmg-no-subscription repository provided by proxmox.com, | |
352 | # NOT recommended for production use | |
7cf7c2d3 | 353 | deb http://download.proxmox.com/debian/pmg buster pmg-no-subscription |
e3eaa56a DM |
354 | |
355 | # security updates | |
79569792 | 356 | deb http://security.debian.org/debian-security buster/updates main contrib |
e3eaa56a DM |
357 | ---- |
358 | ||
359 | ||
360 | {pmg} Test Repository | |
361 | ~~~~~~~~~~~~~~~~~~~~~ | |
362 | ||
bf99325b DW |
363 | Finally, there is a repository called `pmgtest`. This contains the |
364 | latest packages, and is heavily used by developers to test new | |
365 | features. As with before, you can configure this using | |
e3eaa56a DM |
366 | `/etc/apt/sources.list` by adding the following line: |
367 | ||
368 | .sources.list entry for `pmgtest` | |
369 | ---- | |
7cf7c2d3 | 370 | deb http://download.proxmox.com/debian/pmg buster pmgtest |
e3eaa56a DM |
371 | ---- |
372 | ||
582a64ad | 373 | WARNING: the `pmgtest` repository should only be used |
e3eaa56a DM |
374 | for testing new features or bug fixes. |
375 | ||
376 | ||
377 | SecureApt | |
378 | ~~~~~~~~~ | |
379 | ||
bf99325b DW |
380 | We use GnuPG to sign the `Release` files inside these repositories, |
381 | and APT uses these signatures to verify that all packages are from a | |
e3eaa56a DM |
382 | trusted source. |
383 | ||
bf99325b DW |
384 | The key used for verification is already installed, if you install from |
385 | our installation CD. If you install via another means, you can manually | |
e3eaa56a DM |
386 | download the key with: |
387 | ||
7cf7c2d3 | 388 | # wget http://download.proxmox.com/debian/proxmox-ve-release-6.x.gpg -O /etc/apt/trusted.gpg.d/proxmox-ve-release-6.x.gpg |
e3eaa56a DM |
389 | |
390 | Please verify the checksum afterwards: | |
391 | ||
392 | ---- | |
7cf7c2d3 SI |
393 | # sha512sum /etc/apt/trusted.gpg.d/proxmox-ve-release-6.x.gpg |
394 | acca6f416917e8e11490a08a1e2842d500b3a5d9f322c6319db0927b2901c3eae23cfb5cd5df6facf2b57399d3cfa52ad7769ebdd75d9b204549ca147da52626 /etc/apt/trusted.gpg.d/proxmox-ve-release-6.x.gpg | |
e3eaa56a DM |
395 | ---- |
396 | ||
397 | or | |
398 | ||
399 | ---- | |
7cf7c2d3 SI |
400 | # md5sum /etc/apt/trusted.gpg.d/proxmox-ve-release-6.x.gpg |
401 | f3f6c5a3a67baf38ad178e5ff1ee270c /etc/apt/trusted.gpg.d/proxmox-ve-release-6.x.gpg | |
e3eaa56a DM |
402 | ---- |
403 | ||
404 | ||
96806766 SI |
405 | Other Repository Sources |
406 | ~~~~~~~~~~~~~~~~~~~~~~~~ | |
407 | ||
408 | Certain software cannot be made available in the `main` and `contrib` | |
409 | areas of the {debian} archives, since it does not adhere to the Debian | |
410 | Free Software Guidelines (DFSG). These are distributed in the | |
411 | {debian_nonfree_archive_area}. For {pmg} two packages from the `non-free` area | |
412 | are needed in order to support the RAR archive format: | |
413 | ||
414 | * `p7zip-rar` for matching xref:pmg_mailfilter_what[Archive Objects] in the | |
415 | xref:chapter_mailfilter[Rule system] | |
416 | ||
417 | * `libclamunrar` for detecting viruses in RAR archives. | |
418 | ||
5479707c | 419 | .Additional sources.list entry for `non-free` |
96806766 SI |
420 | ---- |
421 | deb http://deb.debian.org/debian/ buster non-free | |
422 | deb http://security.debian.org/debian-security buster/updates non-free | |
423 | deb http://deb.debian.org/debian/ buster-updates non-free | |
424 | ---- | |
5479707c | 425 | |
bf99325b | 426 | Following this, you can install the required packages with: |
5479707c TL |
427 | |
428 | ---- | |
429 | apt update | |
430 | apt install libclamunrar p7zip-rar | |
431 | ---- |