fio --loops=5 --size=1000m --filename=/mnt/fs/fiotest.tmp --stonewall --ioengine=libaio --direct=1 \
  --name=Seqread --bs=1m --rw=read \
  --name=Seqwrite --bs=1m --rw=write \
  --name=512Kread --bs=512k --rw=randread \
  --name=512Kwrite --bs=512k --rw=randwrite \
  --name=4kQD32read --bs=4k --iodepth=32 --rw=randread \
  --name=4kQD32write --bs=4k --iodepth=32 --rw=randwrite

This is just a draft. Still Working-In-Progress. Many bugs!

another PC run nginx Then we have mirror: 10.100.100.34/$arch/$repo

    server {
        listen       [::]:80;
        listen       80;
        #server_name  localhost;
    root /var/www/html;
        index  index.html index.htm;

        #charset koi8-r;

        #access_log  logs/host.access.log  main;

        location /aarch64 {
        proxy_pass https://mirror.tuna.tsinghua.edu.cn/archlinuxarm/aarch64;
        }
......

android chroot:

prepare root.

mount -t proc /proc proc/
mount -o bind /sys sys/
mount -o bind /dev dev/
# Maybe we should bind every mountpoint manually. Write a script, or copy from debian-arm blog. 
chroot /path/to/.../root/

inside: /bin/bash

export PATH=/usr/bin
export LD_LIBRARY_PATH=/usr/lib

# we should run `pacman-key --init` and `pacman-key --populate archlinuxarm`. But I failed. 
vi /etc/pacman.conf # Set Siglevel to Never

# I don't know why DNS is still not working. Modify mirrorlist to use our repo. 
rm /etc/resolv.conf
echo 10.100.100.1 > /etc/resolv.conf

Deploy

(certificate should be valid. although frontend nginx has proxy_ssl_verify off;, STARTTLS still requires a valid certificate. ) (service should be restarted every 3 month, to use latest renewed certificate, just like nginx does. )

docker run -tid --privileged -p 3092:443 -p 110:110 -p 995:995 -p 143:143 -p 993:993 -p 25:25 -p 465:465 -p 587:587 -v /srv/iredmail/vmail:/var/vmail -v /srv/iredmail/mysql:/var/lib/mysql -v /srv/iredmail/clamav:/var/lib/clamav -v /root/.acme.sh/mail.recolic.net/mail.recolic.net.key:/etc/ssl/private/iRedMail.key:ro -v /root/.acme.sh/mail.recolic.net/fullchain.cer:/etc/ssl/certs/iRedMail.crt:ro -v /sys/fs/cgroup:/sys/fs/cgroup:ro --name rmail --restart=always --hostname func.mail.recolic.net 600163736385.dkr.ecr.us-west-2.amazonaws.com/mail.recolic.net /sbin/init

If can not connect database, you need to run chown -R mysql:mysql mysql inside container. (required if mysql dir are updated. )

Upgrade from lower version

If you upgraded mysql version, you must use following code to migrate data, rather than simply copy /var/lib/mysql. see more

mysqldump -u root -p --all-databases > alldb.sql
mysql -u root -p < alldb.sql

Upgrade step:

  1. export alldb.sql from old iredmail.
  2. export alldb.sql from new iredmail.
  3. manually move all userdata from oldiredmail to new iredmail. (take care!!! DB table format may changed!)
  4. import the manually-modified new-iredmail-alldb.sql into new db, save the resulting /var/lib/mysql directory. Use this as your new mysqlDir!!

Recolic's further customize (image built at 20201021)

after making some further modification below , recolic is using 600163736385.dkr.ecr.us-west-2.amazonaws.com/mail.recolic.net in PROD. https://git.recolic.net/recolic/notebook#mailrecolicnet

Disable heavy clamav, but do not disable DKIM! https://docs.iredmail.org/completely.disable.amavisd.clamav.spamassassin.html

Disable greylisting, which causes email lost from bankofchina. Also enable reject_sender_login_mismatch. https://docs.iredmail.org/manage.iredapd.html

fix facebook problem. https://docs.iredmail.org/upgrade.iredmail.0.9.9-1.0.html#fixed-fix-improper-helo-rule-which-blocks-new-facebook-servers

allow larger attachment size. https://docs.iredmail.org/change.mail.attachment.size.html

Set session timeout to 99999 min: https://forum.iredmail.org/topic8839-iredmail-support-howwhere-to-increase-timeout-session-via-roundcube.html

DNS record guide

https://docs.iredmail.org/setup.dns.html

Manual DKIM:

echo -n "v=DKIM1; p="
openssl rsa -in /root/.acme.sh/mail.recolic.net/mail.recolic.net.key  -pubout -outform der 2>/dev/null | openssl base64 -A

iredmail docker fresh deploy

YOU MUST CREATE /root/.acme.sh/mail.recolic.net/mail.recolic.net.key and /root/.acme.sh/mail.recolic.net/fullchain.cer BEFORE ANYTHING!


docker run -tid --privileged -p 3092:443 -p 110:110 -p 995:995 -p 143:143 -p 993:993 -p 25:25 -p 465:465 -p 587:587 -v /srv/iredmail/vmail:/var/vmail -v /srv/iredmail/mysql:/var/lib/mysql -v /srv/iredmail/clamav:/var/lib/clamav -v /root/.acme.sh/mail.recolic.net/mail.recolic.net.key:/etc/ssl/private/iRedMail.key:ro -v /root/.acme.sh/mail.recolic.net/fullchain.cer:/etc/ssl/certs/iRedMail.crt:ro -v /sys/fs/cgroup:/sys/fs/cgroup:ro --name rmail --hostname func.mail.recolic.net jrei/systemd-ubuntu /sbin/init docker exec -ti rmail /bin/bash

In docker:

echo func.mail > /etc/hostname
echo 127.0.0.1 func.mail.recolic.net func.mail localhost localhost.localdomain >> /etc/hosts

apt update
apt install -y gzip vim wget rsyslog
systemctl enable rsyslog --now

wget https://github.com/iredmail/iRedMail/releases/download/1.3.1/iRedMail-1.3.1.tar.gz
tar -xvzf iRedMail-1.3.1.tar.gz ; rm iRedMail-1.3.1.tar.gz
cd iRedMail-* ; bash iRedMail.sh

NOW you have some interactive operations!

no need to edit mail storage path.

recolic note: db password/postmaster password is genpasswd('mail.recolic.net', v4)

Would you like to use filewall rules by iRedMail? NO!

docker commit rmail 600163736385.dkr.ecr.us-west-2.amazonaws.com/mail.recolic.net-20.04
docker push 600163736385.dkr.ecr.us-west-2.amazonaws.com/mail.recolic.net-20.04

Do not delete the generated dir /srv/iredmail while building image. You need the dir /srv/iredmail/mysql as template to migrate in.

Problem:

Win10 LTSE N version is too low. unable to install surface laptop drivers.

Idea:

Open msi with notepad++, replace all text "17763" with your win10 version. Don't replace other "17763" in the binary...

Quick solution:

  1. Download me and me.

  2. run SurfaceLaptop3_Win10_17763_316_bluescreen_but_works_20.020.4371.0.msi You will bluescreen but it works. rebooting.

  3. run SurfaceLaptop3_Win10_17763_20.020.4371.0.msi

  4. done