Citadel

Install Citadel:

curl https://easyinstall.citadel.org/install | bash

Answer questions during automated install:

admin: #### (admin for webcit)
admin password: #### (admin webcit password)
user: #### (internal use citadel user)
port: 504 (internal use citadel port)
http: 4480 (to keep behind VPN)
https: 4434

Open ports to VPN only (for now):

sudo ufw allow in on <vpn_interface> to any port 4480
sudo ufw allow in on <vpn_interface> to any port 4434

WebCit configuration:

Login via HTTP over VPN (browser, 4480)
Reduce privileges of default registered user
Set up accounts and mail forwarding
Configure site configuration > fully qualified domain name and node name to <domain_name>
Configure domain names > local host aliases to receive email to <domain_name> and mail.<domain_name>

Symbolic links to Let's Encrypt certificate:

ln -sfv /etc/letsencrypt/live/wilsons.life/privkey.pem /usr/local/citadel/keys/citadel.key 
ln -sfv /etc/letsencrypt/live/wilsons.life/fullchain.pem /usr/local/citadel/keys/citadel.cer

Configure nginx reverse proxy:

   location /citadel/ {
        proxy_set_header Host $host;
        proxy_pass http://127.0.0.1:4480/;
        proxy_redirect off;
    }

   location /static/ {
        proxy_set_header Host $host;
        proxy_pass http://127.0.0.1:4480/static/;
        proxy_redirect off;
    }

Open external ports:

sudo ufw allow <port_to_open>/<protocol>

Double check with sudo netstat -tunlp to make sure citadel is serving on all ports before opening them. Sometimes it takes a sudo systemctl restart citadel to get it going.

SMTP:

25/tcp
465/tcp
587/tcp

IMAP:

143/tcp
993/tcp

XMPP:

5222

Citadel

Install Citadel:

Answer questions during automated install:

Open ports to VPN only (for now):

WebCit configuration:

Symbolic links to Let's Encrypt certificate:

Configure nginx reverse proxy:

Open external ports:

No Comments