Ubuntu 24.03
Ssh-key ed25519 with a passphrase for the key
If you don’t want to remove passphrase from the key, use ssh-agent and add the key to ssh-agent before deploying using ssh-add.
Red line in your log “Can’t install unbound …” says that standart chatmail installation wants it’s own DNS server (unbound).
Try to disable DNS server from your Linux distro with
systemctl stop systemd-resolve
systemctl disable systemd-resolve
systemctl mask systemd-resolve
and repeat install process.
Thanks to everyone for their help, I think I’ve figured everything out and launched “Chatmail relays” for testing. However, there are still a few questions (marked in the screenshots), is that normal?
1.When checking “scripts/cmdeploy dns”, it complains about letsencrypt, but the nginx certificate is present, and the page at “https:/my-domain/index.html” opens fine with the QR code. I also noticed that running this script periodically sometimes randomly shows no records at all (A, SRV, TXT, etc.). However, my DNS records are definitely correct and present. What could be the reason for this?
2. “No privacy settings” - what does this mean?
If you are on unix system, or have unix tools installed - go to your chatmail/relay source dir and execute:
grep -H -n -r -i -C4 --exclude-dir='.git' 'No privacy'
In short, it will search for text ‘No privacy’ in script files.
Result will be:
cmdeploy/src/cmdeploy/cmdeploy.py-149- if args.config.privacy_mail:
cmdeploy/src/cmdeploy/cmdeploy.py-150- out.green(“privacy settings: present”)
cmdeploy/src/cmdeploy/cmdeploy.py-151- else:
cmdeploy/src/cmdeploy/cmdeploy.py:152: out.red(“no privacy settings”)
So, now you get that this warning depends on some privacy_mail argument, Search for it:
grep -H -n -r -i -C4 --exclude-dir='.git' privacy_mail
Results:
chatmaild/src/chatmaild/config.py:54: self.privacy_mail = params.get(“privacy_mail”)
www/src/info.md-34-If you have any further questions or requests regarding account deletion
www/src/info.md:35:please send a message from your account to {{ config.privacy_mail }}.
cmdeploy/src/cmdeploy/cmdeploy.py-148- out.green(f"chatmail domain: {args.config.mail_domain}")
cmdeploy/src/cmdeploy/cmdeploy.py:149: if args.config.privacy_mail:
cmdeploy/src/cmdeploy/cmdeploy.py-150- out.green(“privacy settings: present”)
www/src/info.md-34-If you have any further questions or requests regarding account deletion
www/src/info.md:35:please send a message from your account to {{ config.privacy_mail }}.
www/src/privacy.md:51:E-mail: {{ config.privacy_mail }}
www/src/privacy.md-53-We have appointed a data protection officer:
www/src/privacy.md-252-If you have any questions or complaints,
www/src/privacy.md-253-please feel free to contact us by email:
www/src/privacy.md:254:{{ config.privacy_mail }}
I hope now you know what this warning means, and the way to fix it if needed.
Do you mean ‘5 skipped’ ?
Yes, I’m using Debian 12. In general, as I understand it, these are the default settings, and there’s no need to modify them. Does this have any impact on the relay’s functionality? The same applies to the third screenshot.
Yes, I’m confused by the single error and the five missing entries in the screenshot.
I have two more important security questions:
Cause of that error is probably a bug in the script.
For tests that where skipped on your screenshot, try to run
CHATMAIL_DOMAIN2=nine.testrun.org cmdeploy test --slow
Did you try to use DC app with your new server?
Yes, the app works on two devices, and messages are delivered instantly. There are no visible issues with this.
For SSH to work it’s enough to have your private SSH key on your workstation / mobile, and copy your public SSH key to the server / VPS.
There is no need to put private key on the server.
Can you tell me, I am on a remote VPS, where the relay is deployed, I want to change the standard SSH port (22) to my own. In what place of the locally cloned repository from “github” can I do this? I did not find this in chatmail.ini.
You should edit your /etc/ssh/sshd_config file. …
(Here was not relevant instruction; deleted.)
You didn’t quite understand me, or it’s not a correct translation, but I can easily change the SSH port on my remote VPS. However, when I try to log in from my local PC, where the local “reley” repository is not authorized, for example, when running the command “scripts/cmdeploy status”, it fails. Similarly, other commands also fail. I receive an error message stating that port 22 is unavailable.
Where on the local PC in the cloned “relay” repository, can I change or specify a different SSH port than 22? That’s what I need!
(This sould be in README.md, but still not there yet.)
thanks
I want to deploy a remote chat mail relay server on a non-standard SSH port(22) from a local PC. Is this possible, or can only the 22 port be used for deployment?
Edit ~/.ssh/config file, add
Host *
Port 2222
Use your chatmail server’ SSH port number instead of 2222.
‘~’ means your home directory (if you’re using Linux OS).
This will change default remote port number to all your SSH connections, so better comment it out after you not needed anymore. Or read about ‘Host’ option in `man ssh_config’, adn edit it accordingly.