Supplemental Information

Setting myhostname in /etc/amavisd.conf

If amavisd_init.out.sh does not start after the installation process, configure myhostname to match your <fqdn> value on /etc/amavisd.out.conf.

$myhostname = '<fqdn>';

Changing Admin Center IP address and nftables rules

If you want that Admin Center (D-Center) runs on a different IP address than the other Sec@GW components, run the following commands.

   nmcli con mod <interface_adapter> +ipv4.addresses <new_dcenter_IP_address>/<dcenter_netmask>
   nmcli connection reload
   nmcli device reapply <interface_adapter>
perl /opt/Sec@GW/admin_tools/lib/dcenteraddresschange.pl <instance> <new_dcenter_IP_address> <dcenter_port>

The port number is usually 443. If you changed the Admin Center (D-Center) IP address by doing the previous changes, you must make the corresponding changes to nftables.

nano /etc/opt/Sec@GW/nftables/instance-rules/global_https_rules

add rule filter INPUT ip saddr 0/0 ip daddr <new_dcenter_IP_address> tcp dport <dcenter_port> ct state new,established accept

Check from /etc/httpd/conf.d/<instance>_admin.conf that there is “Allow from” only from necessary networks.

Afterwards restart both nftables and httpd.

nftables chain names

When RPM is installed, you must change the nftables chain names in all nft commands from lowercase to uppercase.

Below is an example of an nft command.

[root@n1 ~]#  nft add rule filter output tcp dport 443 ct state new accept
Error: Could not process rule: No such file or directory
add rule filter output tcp dport 443 ct state new accept
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
[root@n1 ~]#

For the above script to run successfully, the chain name output must be converted to uppercase as follows:

nft add rule filter OUTPUT tcp dport 443 ct state new accept

Listening ports

All listening ports of the Apache virtual hosts change from 443 to 4443 even if you install only one instance.

Nginx listens to port 443 and directs requests to correct services.

Proxy configuration

You may need to configure a proxy server for Identity Service if SSN-Auth is enabled in the Secure Mail and if required by your network environment.
Edit the .env file located within the config directory /server/instancenamehere/dsuite/identity-service/config/ to change the value of the PROXY= variable with the value of your proxy.

Docker command cheat sheet

  • docker ps shows all running containers.
  • docker ps -a shows all containers.
  • docker stop containername stops a container.
  • docker start containername starts a container.
  • docker restart containername restarts a container.
  • docker top containername shows processes inside a container.
  • docker inspect containername shows detailed information about a container.
  • docker exec -it containername command runs a command inside a Docker container.
  • docker logs containername shows container logs.
  • docker image ls lists images.
  • docker network ls lists networks.
  • docker network inspect networkname shows detailed information about a network
  • docker stats shows CPU/Mem usage of containers.

Was this page helpful?