From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from firstgate.proxmox.com (firstgate.proxmox.com [212.224.123.68]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits)) (No client certificate requested) by lists.proxmox.com (Postfix) with ESMTPS id 1736275C98 for ; Tue, 13 Jul 2021 18:41:53 +0200 (CEST) Received: from firstgate.proxmox.com (localhost [127.0.0.1]) by firstgate.proxmox.com (Proxmox) with ESMTP id 0E4792733F for ; Tue, 13 Jul 2021 18:41:53 +0200 (CEST) Received: from proxmox-new.maurer-it.com (proxmox-new.maurer-it.com [94.136.29.106]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits)) (No client certificate requested) by firstgate.proxmox.com (Proxmox) with ESMTPS id 1020A27331 for ; Tue, 13 Jul 2021 18:41:52 +0200 (CEST) Received: from proxmox-new.maurer-it.com (localhost.localdomain [127.0.0.1]) by proxmox-new.maurer-it.com (Proxmox) with ESMTP id DB28240EAF for ; Tue, 13 Jul 2021 18:41:51 +0200 (CEST) Date: Tue, 13 Jul 2021 18:41:50 +0200 From: Stoiko Ivanov To: pmg-devel@lists.proxmox.com Message-ID: <20210713184150.0f7533ad@rosa.proxmox.com> In-Reply-To: <20210713155406.185306-1-d.whyte@proxmox.com> References: <20210713155406.185306-1-d.whyte@proxmox.com> X-Mailer: Claws Mail 3.17.8 (GTK+ 2.24.33; x86_64-pc-linux-gnu) MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit X-SPAM-LEVEL: Spam detection results: 0 AWL 0.060 Adjusted score from AWL reputation of From: address BAYES_00 -1.9 Bayes spam probability is 0 to 1% KAM_ASCII_DIVIDERS 0.8 Spam that uses ascii formatting tricks KAM_DMARC_STATUS 0.01 Test Rule for DKIM or SPF Failure with Strict Alignment SPF_HELO_NONE 0.001 SPF: HELO does not publish an SPF Record SPF_PASS -0.001 SPF: sender matches SPF record Subject: [pmg-devel] applied-series: [PATCH pmg-docs 1/4] service daemons: language fixup X-BeenThere: pmg-devel@lists.proxmox.com X-Mailman-Version: 2.1.29 Precedence: list List-Id: Proxmox Mail Gateway development discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 13 Jul 2021 16:41:53 -0000 Huge Thanks for taking the time to improve the docs!! applied all 4 patches. the improvments for pmgproxy.adoc and pmg-ssl-certificate.adoc should at some point also be carried over to pve-docs (where they were orignally taken from) thinking about it - we might consider eventually adding a dedicated repository for shared documentation and then use that in all products (maybe with some sed preprocessing) On Tue, 13 Jul 2021 17:54:03 +0200 Dylan Whyte wrote: > Very minor language updates to the "Important Service Daemons" section > of the docs > > Signed-off-by: Dylan Whyte > --- > pmg-smtp-filter.adoc | 8 ++++---- > pmgdaemon.adoc | 2 +- > pmgmirror.adoc | 2 +- > pmgpolicy.adoc | 4 ++-- > pmgproxy.adoc | 41 +++++++++++++++++++++-------------------- > pmgtunnel.adoc | 6 +++--- > 6 files changed, 32 insertions(+), 31 deletions(-) > > diff --git a/pmg-smtp-filter.adoc b/pmg-smtp-filter.adoc > index 153178e..58033e4 100644 > --- a/pmg-smtp-filter.adoc > +++ b/pmg-smtp-filter.adoc > @@ -23,14 +23,14 @@ pmg-smtp-filter - Proxmox SMTP Filter Daemon > ============================================ > endif::manvolnum[] > > -This is the Proxmox SMTP filter daemon, which does the actual spam > -filtering using the SpamAssassin and the rule database. It listens on > +The Proxmox SMTP Filter Daemon does the actual spam > +filtering, using {spamassassin} and the rule database. It listens on > 127.0.0.1:10023 and 127.0.0.1:10024. The daemon listens to a local > -address only, so you cannot access it from outside. > +address only, so you cannot access it from the outside. > > With our postfix configuration, incoming mails are sent to > 127.0.0.1:10024. Outgoing (trusted) mails are sent to > -127.0.0.1:10023. After filtering, mails are reinjected into postfix at > +127.0.0.1:10023. After filtering, mails are resent to Postfix at > 127.0.0.1:10025. > > > diff --git a/pmgdaemon.adoc b/pmgdaemon.adoc > index a809c02..4e9e03b 100644 > --- a/pmgdaemon.adoc > +++ b/pmgdaemon.adoc > @@ -27,7 +27,7 @@ This daemon exposes the whole {pmg} API on `127.0.0.1:85`. It runs as > `root` and has permission to do all privileged operations. > > NOTE: The daemon listens to a local address only, so you cannot access > -it from outside. The `pmgproxy` daemon exposes the API to the outside > +it from the outside. The `pmgproxy` daemon exposes the API to the outside > world. > > > diff --git a/pmgmirror.adoc b/pmgmirror.adoc > index 2f2c12d..80d69c3 100644 > --- a/pmgmirror.adoc > +++ b/pmgmirror.adoc > @@ -23,7 +23,7 @@ pmgmirror - Database Mirror Daemon > ================================== > endif::manvolnum[] > > -{pmg} uses an application specific asynchronous replication > +{pmg} uses an application-specific, asynchronous replication > algorithm to replicate the database to all cluster nodes. > > The daemon uses the ssh tunnel provided by 'pmgtunnel' to access > diff --git a/pmgpolicy.adoc b/pmgpolicy.adoc > index 813ed9e..1dbc0fb 100644 > --- a/pmgpolicy.adoc > +++ b/pmgpolicy.adoc > @@ -25,8 +25,8 @@ endif::manvolnum[] > > This daemon implements the Postfix SMTP access policy delegation > protocol on `127.0.0.1:10022`. It listens to a local address > -only, so you cannot access it from outside. We configure Postfix to > -use this service for greylisting and as SPF policy server. > +only, so you cannot access it from the outside. We configure Postfix to > +use this service for greylisting and as an SPF policy server. > > > ifdef::manvolnum[] > diff --git a/pmgproxy.adoc b/pmgproxy.adoc > index d5c1112..6e48fba 100644 > --- a/pmgproxy.adoc > +++ b/pmgproxy.adoc > @@ -23,12 +23,12 @@ pmgproxy - Proxmox Mail Gateway API Proxy Daemon > ================================================ > endif::manvolnum[] > > -This daemon exposes the whole {pmg} API on TCP port 8006 using > +This daemon exposes the whole {pmg} API on TCP port 8006, using > HTTPS. It runs as user `www-data` and has very limited permissions. > Operations requiring more permissions are forwarded to the local > `pmgdaemon`. > > -Requests targeted for other nodes are automatically forwarded to those > +Requests targeted at other nodes are automatically forwarded to those > nodes. This means that you can manage your whole cluster by connecting > to a single {pmg} node. > > @@ -76,18 +76,18 @@ By default the `pmgproxy` daemon listens on the wildcard address and accepts > connections from both IPv4 and IPv6 clients. > > > -By setting `LISTEN_IP` in `/etc/default/pmgproxy` you can control to which IP > -address the `pmgproxy` daemon binds. The IP-address needs to be configured on > +By setting `LISTEN_IP` in `/etc/default/pmgproxy`, you can control which IP > +address the `pmgproxy` daemon binds to. The IP-address needs to be configured on > the system. > > Setting the `sysctl` `net.ipv6.bindv6only` to the non-default `1` will cause > -the daemons to only accept connection from IPv6 clients, while usually also > -causing lots of other issues. If you set this configuration we recommend to > -either remove the `sysctl` setting, or set the `LISTEN_IP` to `0.0.0.0` (which > -will only allow IPv4 clients). > +the daemons to only accept connections from IPv6 clients, while usually also > +causing lots of other issues. If you set this configuration, we recommend either > +removing the `sysctl` setting, or setting the `LISTEN_IP` to `0.0.0.0` (which > +will allow only IPv4 clients). > > -`LISTEN_IP` can be used to only to restricting the socket to an internal > -interface and thus have less exposure to the public internet, for example: > +`LISTEN_IP` can be used to restrict the socket to an internal > +interface, thus leaving less exposure to the public internet, for example: > > ---- > LISTEN_IP="192.0.2.1" > @@ -107,8 +107,8 @@ LISTEN_IP="fe80::c463:8cff:feb9:6a4e%vmbr0" > ---- > > WARNING: The nodes in a cluster need access to `pmgproxy` for communication, > -possibly on different sub-nets. It is **not recommended** to set `LISTEN_IP` on > -clustered systems. > +possibly across different subnets. It is **not recommended** to set `LISTEN_IP` > +on clustered systems. > > To apply the change you need to either reboot your node or fully restart the > `pmgproxy` service: > @@ -118,24 +118,24 @@ systemctl restart pmgproxy.service > ---- > > NOTE: Unlike `reload`, a `restart` of the pmgproxy service can interrupt some > -long-running worker processes, for example a running console.So, please use a > -maintenance window to bring this change in effect. > +long-running worker processes, for example, a running console. Therefore, you > +should set a maintenance window to bring this change into effect. > > > SSL Cipher Suite > ---------------- > > -You can define the cipher list in `/etc/default/pmgproxy`, for example > +You can define the cipher list in `/etc/default/pmgproxy`, for example: > > CIPHERS="ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256" > > -Above is the default. See the `ciphers(1)` man page from the `openssl` > +The above is the default. See the `ciphers(1)` man page from the `openssl` > package for a list of all available options. > > -The first of these ciphers, available to both the client and the `pmgproxy`, > +The first of these ciphers that is available to both the client and `pmgproxy` > will be used. > > -Additionally you can allow the client to choose the cipher from the list above > +Additionally, you can allow the client to choose the cipher from the list above, > by disabling the HONOR_CIPHER_ORDER option in `/etc/default/pmgproxy`: > > HONOR_CIPHER_ORDER=0 > @@ -146,7 +146,7 @@ Diffie-Hellman Parameters > > You can define the used Diffie-Hellman parameters in > `/etc/default/pmgproxy` by setting `DHPARAMS` to the path of a file > -containing DH parameters in PEM format, for example > +containing DH parameters in PEM format, for example: > > DHPARAMS="/path/to/dhparams.pem" > > @@ -160,7 +160,8 @@ COMPRESSION > ----------- > > By default `pmgproxy` uses gzip HTTP-level compression for compressible > -content if the client supports it. This can be disabled in `/etc/default/pmgproxy` > +content, if the client supports it. This can be disabled in > +`/etc/default/pmgproxy` > > COMPRESSION=0 > > diff --git a/pmgtunnel.adoc b/pmgtunnel.adoc > index 6847c69..792043e 100644 > --- a/pmgtunnel.adoc > +++ b/pmgtunnel.adoc > @@ -23,10 +23,10 @@ pmgtunnel - Cluster Tunnel Daemon > ================================= > endif::manvolnum[] > > -This daemon creates a ssh tunnel to the postgres database in other > +This daemon creates an ssh tunnel to the Postgres databases on other > cluster nodes (port 5432). The tunnel is used to synchronize the > -database using an application specific asynchronous replication > -algorythm. > +database, using an application-specific, asynchronous replication > +algorithm. > > ifdef::manvolnum[] > include::pmg-copyright.adoc[]