Citadel

Install Citadel:

curl https://easyinstall.citadel.org/install | bash

Answer questions during automated install:

• admin: #### (admin for webcit)
• admin password: #### (admin webcit password)
• user: #### (internal use citadel user)
• port: 504 (internal use citadel port)
• http: 4480 (to keep behind VPN)
• https: 4434

Open ports to VPN only (for now):

sudo ufw allow in on <vpn_interface> to any port 4480
sudo ufw allow in on <vpn_interface> to any port 4434

WebCit configuration:

• Login via HTTP over VPN (browser, 4480)
• Reduce privileges of default registered user
• Set up accounts and mail forwarding
• Configure site configuration > fully qualified domain name and node name to <domain_name>
• Configure domain names > local host aliases to receive email to <domain_name> and mail.<domain_name>

Symbolic links to Let's Encrypt certificate:

ln -sfv /etc/letsencrypt/live/wilsons.life/privkey.pem /usr/local/citadel/keys/citadel.key 
ln -sfv /etc/letsencrypt/live/wilsons.life/fullchain.pem /usr/local/citadel/keys/citadel.cer 

Configure nginx reverse proxy:

   location /citadel/ {
        proxy_set_header Host $host;
        proxy_pass http://127.0.0.1:4480/;
        proxy_redirect off;
    }

   location /static/ {
        proxy_set_header Host $host;
        proxy_pass http://127.0.0.1:4480/static/;
        proxy_redirect off;
    }

Open external ports:

sudo ufw allow <port_to_open>/<protocol>

Double check with sudo netstat -tunlp to make sure citadel is serving on all ports before opening them.  Sometimes it takes a sudo systemctl restart citadel to get it going.

SMTP:

25/tcp
465/tcp       
587/tcp

IMAP:   

143/tcp
993/tcp

XMPP:

5222