We build your Gmail with courtesans and preference

Instead of the preface

One fine, and maybe not so beautiful, the day was overtaken by paranoia and me. It was decided to run away from Google. With that, run somewhere on your site to be calm for the safety of their favorite services.

So, in this article I will talk about how I raised and set up mail, calendar, contacts, RSS aggregator on my server and, as a bonus, file storage.

0. Server

Before you deploy all the necessary services, you first need to decide where they will live. The first thought that comes to mind is to deploy everything on your home computer. But the included 24/7 computer at home gives a lot of inconvenience. In addition, we want our services to be always available, and with the quality of home Internet and electricity it is almost impossible. What is there to talk about quality, many Internet providers prohibit keeping any servers at home.
')
Thus, the choice fell on a virtual server from Digital Ocean . I think the service needs no introduction. For myself, I chose the simplest tariff plan , namely $ 5 / month, 20GB SSD and 512MB RAM. Such modest characteristics are enough to solve the problems described above for home use.

Also, we need to register a domain. Since I was a greedy ass I was sorry for the domain in the .com zone, I used the services of the wonderful Dot.tk registrar - they issue domains in the .tk zone for free, with the condition that your site will work and you will renew the domain registration in time. name. In other words - if you use a domain, then use it for health. If you just staked out the name, then do not be greedy, give this name to someone else.

For convenience, you can transfer the domain maintenance to the Digital Ocean servers, which I did by selecting “Custom DNS” and entering the addresses of the following NS servers: ns1.digitalocean.com, ns2.digitalocean.com, ns3.digitalocean.com .

1. Mail

After we have deployed a server and have registered a domain, we can proceed with the installation of the services we need. I am also a lazy ass lazy person and I like to use packages that work right out of the box. Therefore, to install the mail server, I chose iRedMail . The free version will be quite enough to solve our problems.

This is a set of scripts that installs and configures the following link in a matter of minutes:

• dovecot
• postfix
• mysql / postgresql / openldap (optional)
• amavisd
• clamav
• spamassissin
• apache
• roundcubemail

+ Some more buns, which are written in detail here .

ATTENTION: it is written on the iRedAdmin website that it needs to be installed _only_ on a freshly installed OS. I did not try to install the package on the "beushny" server, however, I suspect that this will not end in the best way.

We will not stay long at the installation stage; this procedure is quite simple and is described in detail here , here and here . After installation we can go to the control panel at example.com/iredadmin example.com/iredadmin and create a new user. Now we have a fully working mail server.

But we will go a little further and replace apache with nginx. First you need to install the web server itself. In ubuntu, this is done like this:

 apt-get install nginx 

Now you need to configure it so that all our services are available. Since we want all traffic to be encrypted, it is necessary to slightly modify the default config to enable encryption. More information about configuring encryption in nginx can be read here . My global /etc/nginx/nginx.conf configuration is as follows:

 http { ssl_certificate /path/to/cert; ssl_certificate_key /path/to/key; ssl_protocols TLSv1 TLSv1.1 TLSv1.2; ssl_ciphers "RC4:HIGH:!aNULL:!MD5:!kEDH"; ssl_session_cache shared:SSL:10m; ssl_session_timeout 5m; ssl_prefer_server_ciphers on; add_header Strict-Transport-Security 'max-age=604800'; sendfile on; tcp_nopush on; tcp_nodelay on; keepalive_timeout 65; types_hash_max_size 2048; server_name_in_redirect on; include /etc/nginx/mime.types; default_type application/octet-stream; access_log /var/log/nginx/access.log; error_log /var/log/nginx/error.log; gzip on; gzip_disable "msie6"; include /etc/nginx/sites-enabled/*; } 

Thus, I enabled encryption globally for all sites that nginx will serve. Now we need to write configs for the services we need.

To do this in / etc / nginx / sites-enabled / create a new file with something like this:

 server { listen 80; server_name example.com www.example.com; return 301 https://$server_name$request_uri; #    https } server { listen 443 ssl; server_name example.com www.example.com; index index.php index.html index.htm; ssl on; access_log /var/log/nginx/root/access.log; error_log /var/log/nginx/root/error.log; location /phpmyadmin { root /usr/share/; location ~ ^/phpmyadmin/(.+\.php)$ { try_files $uri = 404; root /usr/share/; fastcgi_pass unix:/var/run/php5-fpm.sock; fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; fastcgi_param HTTPS on; include fastcgi_params; } location ~* ^/phpmyadmin/(.+\.(jpg|jpeg|gif|css|png|js|ico|html|xml|txt))$ { root /usr/share/; } } location /iredadmin { root /var/www; uwsgi_pass 127.0.0.1:3031; include uwsgi_params; uwsgi_param SCRIPT_NAME /iredadmin; uwsgi_modifier1 30; location ~* ^/iredadmin/static/ { root /var/www; } } location ~/(\.ht|README|AUTHORS|INSTALL|LICENSE|CONFIG|ChangeLog) { deny all; } } 

Here we see the rules for servicing the addresses / phpmyadmin and / iredadmin. Since phpmyadmin is written to surprise php like this , it is necessary to install php5-fpm in order for it to work. In ubuntu, this is done like this:

 apt-get install php5-fpm 

Next, in the /etc/php5/fpm/pool.d/www.conf config file, write the line:

 listen = /var/run/php5-fpm.sock 

So we specify fpm to listen on the /var/run/php5-fpm.sock socket. It is on this socket that our nginx is configured.

iredadmin, in turn, is written in python and for its work we need uwsgi. Also, for a beautiful uwsgi run, I use supervisor. Install these packages.

 apt-get install supervisor pip install uwsgi 

My uwsgi-config /etc/uwsgi/iredadmin.ini config looks like this:

 [uwsgi] chdir=/var/www/iredadmin vacuum=True pidfile=/var/run/uwsgi/iredadmin/iredadmin.pid socket=127.0.0.1:3031 plugins=python file=/var/www/iredadmin/iredadmin.py 

The supervisor config /etc/supervisor/conf.d/iredadmin.conf looks like this:

 [program:iredadmin] command=/usr/local/bin/uwsgi /etc/uwsgi/iredadmin.ini stdout_logfile=/var/log/supervisor/iredadmin.log stderr_logfile=/var/log/supervisor/iredadmin_err.log user=iredadmin 

Stop apache, run nginx and supervisor:

 service apache2 stop service nginx start supervisorctl start iredadmin 

We go to the browser and check whether everything works.

2. Contacts and calendars

In order for our working environment to be as comfortable as possible, we need to raise a server for contacts and calendars. First, my choice fell on Baikal . This is a great solution that takes place in seconds and works well. But we want all our services to be also available via the web, and Baikal, unfortunately, does not have a built-in web interface. Thus, you need to search, install and configure another product. After a non-selling search, I came across a great solution - ownCloud . This is a full-fledged WebDAV server that has a web interface and clients for different platforms. Out of the box we get the contact server and calendar. Moreover, we get our personal cloud storage!

Installation

1. Download and unzip the archive;
2. Create a database user and the database itself;
3. Configure nginx;
4. Open the installer page in the browser and follow the instructions.

I took the config for nginx from the documentation .

Contact Integration with RoundCubeMail

In order for us to use the contacts directly in the web interface of the mailbox, you need to install a plugin for RoundCubeMail. I used this one .

First you need to install the plugin-manager for RoundCube. Video installation instructions are here . In my case, it turned out that iRedMail did not grant all privileges to the roundcube database user for the roundcubemail database. Make sure that all rights are granted, otherwise the plugin manager will not be installed. After that, download the archive with the Roundcube-CardDAV plugin, unpack it and put the contents into the / var / www / roundcube / plugins / carddav / folder. Then you need to enable this plugin in the RoundCube settings in the web interface. Now in the settings there is a new item CardDAV, in which you need to register the address of our CardDAV-server.

3. RSS

In conclusion, it remains to raise only the RSS aggregator. To solve this problem, I used Tiny Tiny RSS . This is a lightweight engine that is easy to install and configure and has several themes.

Installation

1. Download and unzip the archive;
2. Create a database user and the database itself;
3. Configure nginx;
4. Open the installer page in the browser and follow the instructions.

The nginx / etc / nginx / sites-enabled / rss config is as follows:

 server { listen 80; server_name rss.example.com; return 301 https://$server_name$request_uri; } server { listen 443 ssl; server_name rss.example.com; index index.php index.html index.htm; root /var/www/tt-rss; access_log /var/log/nginx/tt-rss/access.log; error_log /var/log/nginx/tt-rss/error.log; location ~ ^/favicon.ico$ { alias /var/www/tt-rss/images/favicon.png; log_not_found off; access_log off; expires max; } location = /robots.txt { allow all; log_not_found off; access_log off; } location ~ ^/(README\.md|INSTALL|LICENSE|CHANGELOG|UPGRADING)$ { deny all; } location ~ ^/(schema|utils|install)/ { deny all; } location ~/\. { deny all; access_log off; log_not_found off; } location ~ \.php$ { try_files $uri = 404; include /etc/nginx/fastcgi_params; fastcgi_pass unix:/var/run/php5-fpm.sock; fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; fastcgi_param HTTPS on; include fastcgi_params; fastcgi_index index.php; } } 

In order for feeds to be updated automatically in the background, I added another application for the supervisor:

 # cat /etc/supervisor/conf.d/tt_rss.conf [program:tt_rss_up] command=/usr/bin/php /var/www/tt-rss/update_daemon2.php stdout_logfile=/var/log/supervisor/tt_rss_up.log stderr_logfile=/var/log/supervisor/tt_rss_up_err.log user=www-data 

4. Sync with mobile phone

Why do we need all this without synchronization with a mobile phone? So I think that there is no need.
To synchronize files, ownCloud has an application for Android and iPhone . Unfortunately, it still does not know how to synchronize the calendar and contacts, because you have to use third-party synchronizers.
As far as I know, there is no need to invent anything for the iPhone, there is synchronization with CardDAV / CalDAV out of the box. In the case of Android, you need to install applications that will synchronize our contacts and calendars. There are several applications of this kind on Google Play, my choice fell on CalDAV-Sync and CardDAV-Sync .
For Tiny Tiny RSS there is an official client for Android.

Conclusion

As a result, we got a good alternative to Gmail, which belongs to us completely. Now you can sleep peacefully, without fear of evil uncles who love to read our mail and close favorite services. As a bonus, I found that my Android smartphone now lives 1.5-2 times longer from a single charge. Only by disabling the synchronization of Google calendars and contacts.

Thanks to everyone who mastered this whole stream of thoughts. Suggestions, suggestions and constructive criticism are welcome.