Supplemental Information
Setting myhostname
in /etc/amavisd.conf
If amavisd_init.out.sh
does not start after the installation process, configure myhostname
to match your <fqdn>
value on /etc/amavisd.out.conf
.
$myhostname = '<fqdn>';
Changing Admin Center IP address and nftables rules
If you want that Admin Center (D-Center) runs on a different IP address than the other Sec@GW components, run the following commands.
nmcli con mod <interface_adapter> +ipv4.addresses <new_dcenter_IP_address>/<dcenter_netmask>
nmcli connection reload
nmcli device reapply <interface_adapter>
perl /opt/Sec@GW/admin_tools/lib/dcenteraddresschange.pl <instance> <new_dcenter_IP_address> <dcenter_port>
The port number is usually 443. If you changed the Admin Center (D-Center) IP address by doing the previous changes, you must make the corresponding changes to nftables.
nano /etc/opt/Sec@GW/nftables/instance-rules/global_https_rules
add rule filter INPUT ip saddr 0/0 ip daddr <new_dcenter_IP_address> tcp dport <dcenter_port> ct state new,established accept
Check from /etc/httpd/conf.d/<instance>_admin.conf
that there is “Allow from” only from necessary networks.
Afterwards restart both nftables and httpd.
nftables chain names
When RPM is installed, you must change the nftables chain names in all nft commands from lowercase to uppercase.
Below is an example of an nft command.
[root@n1 ~]# nft add rule filter output tcp dport 443 ct state new accept
Error: Could not process rule: No such file or directory
add rule filter output tcp dport 443 ct state new accept
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
[root@n1 ~]#
For the above script to run successfully, the chain name output must be converted to uppercase as follows:
nft add rule filter OUTPUT tcp dport 443 ct state new accept
Listening ports
All listening ports of the Apache virtual hosts change from 443 to 4443 even if you install only one instance.
Nginx listens to port 443 and directs requests to correct services.
Proxy configuration
You may need to configure a proxy server for Identity Service if SSN-Auth is enabled in the Secure Mail and if required by your network environment.
Edit the .env
file located within the config directory /server/instancenamehere/dsuite/identity-service/config/
to change the value of the PROXY=
variable with the value of your proxy.
Docker command cheat sheet
docker ps
shows all running containers.docker ps -a
shows all containers.docker stop containername
stops a container.docker start containername
starts a container.docker restart containername
restarts a container.docker top containername
shows processes inside a container.docker inspect containername
shows detailed information about a container.docker exec -it containername command
runs a command inside a Docker container.docker logs containername
shows container logs.docker image ls
lists images.docker network ls
lists networks.docker network inspect networkname
shows detailed information about a networkdocker stats
shows CPU/Mem usage of containers.