I need a best practice suggestions related to my FQDN for my server that's also the Postfix $mydestination

22 posts / 0 new
Last post
#1 Mon, 12/11/2017 - 10:33
WNYmathGuy
WNYmathGuy's picture

I need a best practice suggestions related to my FQDN for my server that's also the Postfix $mydestination

So I have a few URL's of my own. Let's call AllSites.com my main one that I named my Ubuntu 16.04 server with. After getting Virtualmin up and running on the AllSites server do I immediately create a new virtual server for AllSites.com?

That seems wrong to me because admin@allsites.com isn't a virtual mail account, it's a real Unix account. My instinct is to make a default server in Apache for HTTP and HTTPS which represents any outside request for AllSites.com.

I saw that after creating my first virtual server via the Virtualmin interface, let's call it FirstCoolSite.com, that entries automatically went into BIND, which I never did in the past when just using Webmin to host all of my sites. Also, any new attempt to browse to AllSites.com after the addition of FirstCoolSite.com will display FirstCoolSite.com because Virtualmin didn't automatically assume that AllSites.com was the default Apache virtual host.

I envision my AllSites.com to be a place where badly formed URL's for a Virtualmin virtual server will render a page that shows good links to the sites I do host helping the person get to the right place for their browsing.

So where is the link to best practices regarding this matter? I would like to do things the Webmin/Virtualmin way to avoid any snares of my own "cleverness" in the future.

Mon, 12/11/2017 - 14:36
unborn
unborn's picture

Hi, its in documentation pages all sound and clear. If you need to understand more about fqdn, there are tons of the docs on google with 'how-to' setup for each distro.. but they will point you to same direction. its basics that I guess everyone get learned before even try host anything out there on internet. did you check out virtuamin docs already?

Configuring/troubleshooting Debian servers is always great fun

Contact me directly ? GPG/PGP supported!

Mon, 12/11/2017 - 21:17 (Reply to #2)
WNYmathGuy
WNYmathGuy's picture

Perhaps I didn't speak clearly. You seem to be answering a question I didn't ask.

-- I'm remarkably average

Mon, 12/11/2017 - 14:38
unborn
unborn's picture

also have look up for DNS documentation.. its all connected.. dot by dot. - again each distro have its own setup (perhaps), but 98% is same lead - to point you into right direction.

Configuring/troubleshooting Debian servers is always great fun

Contact me directly ? GPG/PGP supported!

Mon, 12/11/2017 - 21:18 (Reply to #4)
WNYmathGuy
WNYmathGuy's picture

This is also answering a question I wasn't asking.

-- I'm remarkably average

Mon, 12/11/2017 - 14:44
unborn
unborn's picture

ah and for this "I envision my AllSites.com to be a place where badly formed URL's for a Virtualmin virtual server will render a page that shows good links to the sites I do host helping the person get to the right place for their browsing." - virtualmin like anything else be it cpanel or whatever be it only apache will have no affect on your links.. that is something you should be able to figure out as sysop (web dev and sys admin) perhaps look out for seo advice, best one is duckduckgo or google advice - there is tons of documentation on this issue as well. If there are links you do not host - well check your app code mate, I guess it have nothing to do with virtualmin. no offence matey.

Configuring/troubleshooting Debian servers is always great fun

Contact me directly ? GPG/PGP supported!

Mon, 12/11/2017 - 21:19 (Reply to #6)
WNYmathGuy
WNYmathGuy's picture

This is also not helping at all. I'm going to try rewording my question in a new comment in the main thread.

-- I'm remarkably average

Mon, 12/11/2017 - 21:30
noisemarine

WNYmathGuy, are you in a position to start fresh, or have you invested too much time already (ie, live sites etc)?

Tue, 12/12/2017 - 15:48 (Reply to #8)
WNYmathGuy
WNYmathGuy's picture

Yes, I am able to start fresh. I have all the useful things I've done so far under a pure Webmin system backed up safely. I'm waiting for some server upgrade parts before I build the keeper production server and use Virtualmin. As of now, I'm trying to make as many mistakes before the parts arrive so I'm not doing atomic face-palms afterward.

-- I'm remarkably average

Tue, 12/12/2017 - 18:14 (Reply to #9)
noisemarine

Cool. Basically, I was going to say something very similar to what Joe said. It's just easier to do from scratch, and it will make sure everything is configured properly from the get go.

Mon, 12/11/2017 - 21:57
Joe
Joe's picture

I kind of waffle on this. For some servers, I use the "main" domain I'll be hosting on the server, with an awareness that there will be some trickiness if I add mailboxes under that domain; I don't recommend this for new users, or for servers that'll host mail under that domain name (though it can be done).

But, for most servers, I use an arbitrary sub-domain that I won't be using for any websites or mailboxes. e.g. srv1.domain.tld. This is the easiest route for almost everything you could want to do; getting an SSL cert for it will require you to manually add an A record to your zone later, but it won't cause Postfix to complain about the virtual mailbox db having users with the same domain as the destination (you can fix this manually, if you do want to use just domain.tld), and you can have a standard naming convention across all of your Virtualmin servers as you grow your business.

I know this sounds really complicated, and I know it's intimidating to be asked for this important seeming bit of information when you first install, but it's not really a big deal; I just like to cover all the bases. But, in reality, no matter what you pick it can be made to work without a huge amount of effort. For maximum ease of use, choose an arbitrary subdomain that won't be a Virtualmin domain (but is a subdomain of a domain that Virtualmin will manage so you can easily create an A record for DNS and get a Let's Encrypt cert for the name..that same cert can be used for all services for all users that connect via that name). e.g. if I were setting a server that hosted my business website domain.tld, and it was my first server, I would make the server name srv1.domain.tld. (or s1..sN, or a..z, or whatever other subdomain scheme you like).

--

Check out the forum guidelines!

Tue, 12/12/2017 - 21:24 (Reply to #11)
WNYmathGuy
WNYmathGuy's picture

I think I get what you're saying, but it doesn't mean I know the pros & cons of the choices yet. Maybe it's just different ways through the woods to grandma's house? Oh, and just to put another fly in the ointment, I'm behind DHCP through Verizon FiOS. I know static IP's are recommended here at Virtualmin, but hey... ...I never planted that money tree.

So if I understand one of your suggestions correctly... ...while installing the Ubuntu software, I'll name my server something like "Alpha.AllSites" instead of just "AllSites". (and I assume I should have an A record for alpha over on Google Domains pointing to my IP) As a little aside here, because I'm a DHCP connection, these two following code blocks are showing a change I make to my /etc/dhcp/dhclient.conf file:

request subnet-mask, broadcast-address, time-offset, routers,
domain-name, domain-name-servers, domain-search, host-name,
dhcp6.name-servers, dhcp6.domain-search, dhcp6.fqdn, dhcp6.sntp-servers,
netbios-name-servers, netbios-scope, interface-mtu,
rfc3442-classless-static-routes, ntp-servers;

... gets changed to ...

request subnet-mask, broadcast-address, time-offset, routers;
# domain-name, domain-name-servers, domain-search, host-name,
# dhcp6.name-servers, dhcp6.domain-search, dhcp6.fqdn, dhcp6.sntp-servers,
# netbios-name-servers, netbios-scope, interface-mtu,
# rfc3442-classless-static-routes, ntp-servers;
prepend domain-name-servers 8.8.8.8, 8.8.4.4;

I think I'm doing the right thing there, but meh; I dunno where to RTFM to really know.

Then the contents of my /etc/hostname file would say "Alpha.AllSites",
and the 127.0.1.1 line inside /etc/hosts should have "alpha.allsites.com www.allsites.com allsites.com Alpha.AllSites".
Then after browsing to https://Alpha.AllSites:10000/ (or the .com URL) during the Virtualmin Post-Installation Wizard when asked for a Primary nameserver I'll type "alpha.allsites.com", and leave the Secondary nameservers (optional) field blank.
After the wizard finishes and I verify it, then I'll click Create Virtual Server which will be called "allsites.com".
I go back to the Webmin tab and use Lets Encrypt to ask for a single cert key pair covering:
- allsites.com
- www.allsites.com
- alpha.allsites.com
- ftp.allsites.com
- mail.allsites.com
- webmail.allsites.com
- m.allsites.com
- localhost.allsites.com
etc., etc. Then I use that pair of files for Webmin, and for the apache virtual host(s) related to allsites.com.

Since I solved my Postfix sending problem with the MailGun service, I log in to my Webmin virtual server as the newly designated Administrator for allsites.com and I tweak the Postfix mail settings in SMTP Authentication And Encryption inputting the MailGun parameters for mail.allsites.com into Send outgoing mail via host and SMTP login to outgoing mail host.

IRL I'd probably use your "srv1" instead of "alpha". How am I so far? I feel like I'm on the leafy end of a long branch sawing the trunk side.

-- I'm remarkably average

Thu, 12/14/2017 - 18:36 (Reply to #12)
noisemarine

All pretty good with the following points:

  • You really should get a static IP. Your ISP may be able to sell you one for an additional monthly fee. Or, if you look around on sites like LowEndTalk you can get a 2Gb RAM VPS for around $20/yr.
  • /etc/hostname should just say alpha as that is the name of your host. Your domain is allsites.com. Your fully qualified domain name (FQDN) is alpha.allsites.com.
  • In /etc/hosts, you should use your external IP. Keep 127 for localhost.localdomain localhost.
  • In /etc/hosts for the external ip line, you just need xxx.xxx.xxx.xxx alpha.allsites.com alpha
  • You don't need all those sites for Let's Encrypt. allsites.com and www.allsites.com should be fine. The way LE works is you must have a working website that you can browse to for each name. I doubt you will have that for most on your list.
Thu, 12/14/2017 - 09:40 (Reply to #13)
paulzag

Is there a guide to this? I've been trying to do the same thing with srv2.domain.tld up to srv4.domain.tld.

I want servers 2, 3 & 4 to provide slave Nameservers (for srv1.domain.tld), Master DNS & email SSL (for Virtual Servers hosted there), and (I guess) a website so it can get a Let's Encrypt SSL cert.

If I make srv2.domain.tld a sub-server of myclient.tld then myclient's admin can manage the subdomain.

So I'm experimenting with creating a new Top-level server, but calling it srv2.domain.tld. DNS for domain.tld already has A records for srv2, srv3 & srv4. In Enabled Features I'm selecting only : Setup website for domain? Setup SSL website too? Setup Webalizer for web logs?

In order to forward mail for this specific server to domain.tld I've also selected Accept mail for domain? Setup spam filtering? Setup virus filtering?

Then I enter a Default mail forwarding address to srv2@domain.tld. I'm not sure this email stuff is necessary or correct.

Is this correct?

Thu, 12/14/2017 - 14:52 (Reply to #14)
WNYmathGuy
WNYmathGuy's picture

Ugh, this post replied to the wrong message somehow. I was aiming at post #11
https://www.virtualmin.com/comment/788578#comment-788578

Would any Virtualmin virtual server on my machine add a glue record for "srv1.domail.tld" to their Domain Name Registrar?

-- I'm remarkably average

Thu, 12/14/2017 - 18:38 (Reply to #15)
noisemarine

Virtualmin won't (can't) add glue records at registrars. You must do that manually by logging into the registrar and editing the record there, pointing the domain at your DNS servers.

Tue, 12/19/2017 - 04:13 (Reply to #16)
WNYmathGuy
WNYmathGuy's picture

I badly worded that statement. I think I was generalizing in my head, but not in the post. I was kind of asking that if a potential customer of mine gets a Virtual Server on my hosting machine, will they have to go to their domain registrar and tell it with a glue record that "srv1.myHostingDomain.tld" is their nameserver?

-- I'm remarkably average

Tue, 12/19/2017 - 05:10 (Reply to #18)
noisemarine

I'm going to say "maybe".

To explain the quotes, technically, they won't enter a "glue" record. Glue records are used when you create new DNS servers. Glue records are a type of record that is held in the parent nameservers for the TLD.

What they are really doing is delegating their domain to your nameserver/s if they do decide to have you manage their DNS.

I say maybe because they may wish to manage their own DNS elsewhere. If so, they only have to create records for parts of their domain they want you to manage (ie. www, mail, ftp, etc) and point them at your server. They don't -have- to send all DNS traffic to you, but they can. They would do that by updating the nameserver records at their registrar.

As you get more experience with DNS, this will make a whole lot more sense. :)

Mon, 12/11/2017 - 22:17
WNYmathGuy
WNYmathGuy's picture

This is a re-write of my problem statement

Given's:

  • I own the URL allsites.com
  • I have a freshly installed Ubuntu 16.04 LTS Server and its hostname is "AllSites"
  • I have also just finished installing Virtualmin GPL and have completed the post-installation set-up via https://AllSites.com:10000
  • I plan on adding FirstCoolSite.com and SecondCoolSite.com as Virtual Servers, BUT I haven't done that yet

Question:

  • Should I first add a Virtual Server named allsites.com via the Virtualmin interface or should I create a default virtual host using Webmin's Apache module and have the pages representing allsites.com in the location that the default virtual host points to?
Background Information:

In the past when I was hosting the aforementioned sites only using Webmin software on the same Ubuntu server without a Virtualmin install, I had allsites.com being served by the Apache servers default virtual hosts for port 80 and 443. This meant that if somebody tried to go to poorch.firstcoolsite.com (a mistyped subdomain) instead of porsche.firstcoolsite.com, they would instead land on allsites.com. That default page for port 80 (aka AllSites.com) showed thumbnails hyperlinked to the other hosted sites named FirstCoolSite.com and SecondCoolSite.com so that the person browsing could easily find their way to where they wanted to go.

The port 443 default server was serving pages for managerial stuff to allowing owners of FirstCoolSite.com and SecondCoolSite.com to do things that Virtualmin takes care of but back then I didn't know about Virtualmin.

-- I'm remarkably average

Tue, 12/19/2017 - 04:59
tpnsolutions
tpnsolutions's picture

Hi,

I've watched this thread for a while, so now it's time to get involved as it seems like this topic has gone a bit nutty. Heh heh.

*** Please Note: there is NO catchall solution for your question, however the following idea (which may echo views from others in this thread) is what I use personally and it's served it's purpose well for nearly 2 decades. ***

When setting up a new server, I like to give my server a "meaningful" name which "describes" what the server is being used for.

Ex.

dns server => dnsX.tpnservers.com
email server => emlX.tpnservers.com
sql server => sqlX.tpnservers.com
web server => webX.tpnservers.com

This model was adopted after originally using names like "mars.tpnservers.com", or "aries.tpnservers.com" which sounded cool, but was super difficult later to determine the purpose of the server without consulting a spreadsheet.

Okay, so moving on... Whenever I setup a server which hosts "websites" and will therefore be running "Apache" (or any web server for that matter), I'll setup a "Virtual Server" called for instance "web1.tpnservers.com" and assign this domain as the "default website" for the server.

I'll setup a page hosted at "web1.tpnservers.com" with something that people will see by default when a website has been pointed to the server but hasn't been configured on the server. Something with instructions, or a message like "if you are seeing this, please email us..."

*** The page content could cover virtually anything, but that's what we typically use it for as we point websites to an alternate server whenever we're doing maintenance that requires us to take down the server the domain is hosted on. ***

Next, I like to host select tools for my all my clients like "phpMyAdmin", "Adminer", "RoundCube", etc. This is done as a value add for clients, and so they don't have to install or maintain their own version.

I hope this information helps, but if you'd like a personal consultation, please contact me by email to setup a day and time.

Best Regards,
Peter Knowles | TPN Solutions
Email: pknowles@tpnsolutions.com | Skype: tpnassist
Tue, 12/19/2017 - 23:36 (Reply to #21)
paulzag

I remember naming servers after planets in 2003. After we got to jupiter.server we couldn't remember which servers provided which services.

The virtual servers I host are small & low traffic. I probably should rearrange everything to spin off services to their own servers but my servers are in different data centres and aren't struggling at the moment.

However SSL certificates are presenting problems when web1.domain.tld also hosts domain.tld. What do you do then?

Tue, 12/19/2017 - 23:48 (Reply to #22)
WNYmathGuy
WNYmathGuy's picture

At UB, our local God of IT and Prof. for Operating Systems in CSE named his servers in our department after Dr. Zeuss characters. I had no Idea till I asked cause I didn't have those books in my life.

-- I'm remarkably average