Skip to main content

All in one Server Operating System – Yunohost

yunohost logoYou may want to have your own server to host and share your files, contacts, get your own email address, blog, etc… but let’s face it, it’s not easy and require to get your hands “dirty”.



However, several projects have become popular (and quite robust) to ease the installation and management of a server.

One of them is called YunoHost (For: Why you no host?).

YunoHost is a customized Debian operating system dedicated and aiming to ease self-hosting by pre-installing and pre-configuring most of the needed base for your server, while having a growing “apps store” to install in 1 click a new software.

yunohost user interface


YunoHost includes:

While in few clicks you could install various additional apps like Roundcube, PHPMyAdmin, WordPress, Tiny Tiny RSS, and many more.

yunohost admin page

YunoHost is entirely based on free software and their code are available on Github.

They have recently release their V2 Beta4 (Last one before RC) and I have to say it’s very promising! I love the design and it’s damn easy to use and manage!

You can give it a try on their demo page.

If you got some spare time, they are looking for people to code, to adapt 3rd party apps to the platform or to translate or even to spread the word! Just check how you can contribute.

Why you no host? YUNOHOST

OpenSource RSS Reader – FreshRSS, probably the best…

FreshRSS - LogoFreshRSS is a free, self hostable, rss aggregator, they actually claim to be the the best one out their but only “in their opinion”, which is a funny statement that I’ve pushed me to try it out!


They got a running demo (demo/demodemo) to let you give a try or directly a quick link to their latest archive to install on your own server.

Written in PHP, FreshRSS is a simple to install yet with great features such as Multiusers, feeds statistics (how many articles per feed, per category, …), with keyboard shortcuts, Multi-languages at the installation, it also includes some social media sharing features (Twitter, Facebook, Google+) or simply by email but also with Shaarli, Wallabag or your own Diaspora pod! Its responsive design will also deliver a good experience for mobile devices!

It can access any HTTP protected (username/password) RSS feed and embed an archiving feature to regularly clean the old articles (3 months per default).

FreshRSS - Feeds

However no need to have necessary short archiving time if you fear about slowness of your instance as FreshRSS handle more than 100k articles without hassle.

So, best out there? Well, FreshRSS is clearly a good piece of work and one of my favourite among the previously reviewed Sismics Reader and Selfoss. The only missing feature for me will be the social network follow up (Twitter and even Youtube), although some 3rd party solutions exist such as RSS-Bridge, having everything included will be best as does Selfoss.

FreshRSS is still actively maintained, so we might have new features coming up this year!

FreshRSS - Github

Interested to run your own instance? (You should!) Here is how to:

To install FreshRSS, you will Apache2, PHP5.3.7+, MySQL 5.0.3+. If you don’t have them, please follow my previous tutorial on how to install a LAMP server.


1) Create a dedicated folder to install FreshRSS:

In root (su), type:

2) Download and extract the latest FreshRSS archive

3) Change the owner of the folder to ensure apache web user can access

4) Install the needed PHP modules: (cURL, php-mysql,

5) and proceed to the Web UI installer

Just point your web browser to http://IP/freshrss/p

FreshRSS - Installation

The step 1 will check if there are any requirements not met. If all green, you can proceed to step 2, on the general configurations (How long to keep articles, authentication method, …).

On Step 3, you will need a MySQL database, if you don’t have one ready, I suggest you to use PHPMyAdmin to create one easily.

Then simply follow the rest of the steps.

You should now have a a working FreshRSS service running on your server, so don’t forget to add my feed to keep in touch!

FreshRSS - Login

Virtualhost configuration

Now you got your RSS reader working and you want to access it from rss.domain.tld or directly from mywebmail.tld, instead of using the IP/freshrss link, you will need to set up a virtualhost. And you could force HTTPS connection.

You will need to:

1) Create a A redirection in your DNS server/registrar

2) Have SSL certificate ready. If not you can read this tutorial.

3) Create your virtualhost as following:

In /etc/apache2/sites-enabled/, create a file called freshrss (In root):

and paste/adapt the following content:

Adapt the content (Servername, webmaster, SSL certificate and directory, …).

When done, save the file (CTRL+X then Yes) and reload apache: (In root)

You should now be all set!

Tails 1.0, the live OS bringing privacy for anyone anywhere, is out

After several years of development and regular releases, Tails a live Operating System that can be start from CDRom of USB key, aiming at preserving the privacy and anonymity of your usage is now in its 1.0 milestone.

Several whistleblowers (Such as Edward Snowden), activists, and people seeking for anonymity are using Tails as their daily OS.

Based on Debian, Tails comes with several built-in applications pre-configured with security in mind: web browser, instant messaging client, email client, office suite, image and sound editor, etc. For example,all software is configured to connect to the Internet through Tor (If an application tries to connect to the Internet directly, the connection is automatically blocked for security)

You can use Tor, or Freenet or i2p for your connections, but Tails also includes encryption softwares and security addon/configurations such as HTTPS Everywhere plugin for Firefox, Claws Mail client with GnuPG support, LUKS for USB stick encryption, TrueCrypt, and many more.

If used as LiveUSB or LiveSD, you can also enable the persistence to keep all your changes, files, by creating persistence volume on the free space left on your device. Although the volume will be encrypted to avoid unauthorized access, the use of a persistent volume in a system which is designed to provide anonymity and leave no trace is a complicated issue.

If you seek anonymity and respect of your privacy, Tails is most probably the best Operating System. If for example you are travelling in doubtful country or will leave in a seedy hotel, etc… you better bring a SD card or USB with Tails on it….

You can download the latest version here through torrent or regular HTTP connection. (If you use torrent, please keep in seed to help spread the ISO). You could use for example Unetbootin to copy the ISO on the USB key.

The next release, v1.1 will be based on Debian 7 and be released in June.

For more information, I suggest you to visit the official website.

Simple monitoring tool for your server – Munin tutorial need to explain how important is to monitor the performance of your server, it can help you understand which process is killing your server’s performance or even help to understand what’s going on when you don’t see any major slowdown (relay for spam? disk full? etc…) in an easy way through a Web Interface.

There are several tools to do that, such as Cacti, Munin, or more entreprise oriented softwares such as Nagios, Zenoss or even monitoring from 3rd party cloud service such as Zealion (Very fancy one with easy tools to dig into the records).

Most probably the easiest tool to use is Munin and you may have already seen some graphs from this tool:

Sounds familiar?

So here is how to install it.


First of all, I assume you have a LAMP server working or similar. If you don’t have, please read my previous tutorial on how to install Apache with MySQL and PHP.

As most of similar tools, you can run the monitoring server on a different machine that you want to monitor, or attach several machines to main server.

If you have only in server, in root, simply run:

So now let’s see how to tweak a bit better the configuration by using a subdomain to access the stats, change server name, refresh time rate, adding a server to the pool, etc…



Per default, munin store its html files in /var/cache/munin/web that you may want to change to /var/www/munin directly or create a subdomain to access directly to this folder.

I prefer to use the subdomain way to be able to access the graphs through

Here is my very simple virtualhost (Vhost):

Once modified for your server, don’t forget to add a A redirection on your DNS server or registrar and to restart apache.

Also, munin will monitor locahost ( under the name “localhost.localdomain”. You may want to change this value to better identify your servers among themselves too.

Still in root (su/sudo), type:

and find the lines:

then replace localhost.localdomain with the name you want. (Freedif in my case)

You can now save the file (CTRL +X) and restart munin node:

By default, the graphs are refreshed every 5mn, if you want to decrease or increase this length, you can still modify the munin cron entry by modifying the file /etc/cron.d/munin.


Add a node

And if you want to monitor another machine, you need to install munin-node on this machine.

In root:

Next, you will need to edit the munin-node.conf file to specify your monitoring server IP to allow the connection.

Still in root:

and find the line

to replace with your IP (Keep the same syntax)

and restart the node.

Now on your monitoring server, you will need to modify /etc/munin/munin.conf to add your node.

and after your initial host tree:

And add your second host below:

After your modification done, you will need to restart apache. (in root)

You should now have your 2 servers being monitored.

(Note that it should take 5min to see the update)


Mail Server – Postfix + Dovecot with TLS/SSL awaited howto, Postfix is probably the most popular mail server and is usually coupled with Dovecot or Courier and in some cases, with Anti SPAM and Anti Virus. (We will see that in another article)

My previous tutorial on how to setup a mail server was based on Courier-imap, but as Dovecot became more and more popular, I had to give it a try !

Both mail systems are good but they have their own plus and minus from my experience and reading:

Courier Dovecot
+ Extremely reliable

+ Trashmail box automatically expunged

+ Powerful maildrop

+ Low memory footprint

+ Good IMAP performance through indexing

+ Highly configurable

– Larger memory footpring – Trashmail box not automatically expunged

These are obviously only my observations and I know they actually found some turnaround to their minuses.

As I’m a big IMAP user and usually never delete my mail, indexing is a big plus for me and I wanted to give it a shot, this is why I’ve migrated to Dovecot.

The tutorial below will be for a Postfix + Dovecot for IMAP with SSL security. The user management will be based on users created on the system. (No SQL database or text file as it will be for few users only)


Debian comes with the default MTA (Mail Transfer Agent) called Exim which will not be useful anymore as we will replace it with Postfix.

then you will need to select a type of configuration, just choose “Internet Site”


and you will need to type your System mail name. I suggest you to create a dedicated sub domain and to use it here, in my case it will be

Doing so allow you to be ready adding server mails or changing more easily.


We will assume, you want to create an email account for your regular Debian or Ubuntu user. We will see later in this guide how to create new users.


You can generate your own self-signed certificate by running the following command:

(In Root)

This will create a pairs of key and certificates based on RSA encryption 2048 bit.

You will need to enter some info such as:

You will use these 2 key in Postfix conf and Dovecot conf.


The main configuration file of Postfix is located as /etc/postfix/ I suggest you to remove all its content and to replace by this one:

Obviously replace by your own domain name and same thing for TLS certificate and key you have just created.

Then, you need to modify the master file to do the bridge with Dovecot and allow sending mails.

and replace the #submission part by this one:


You may want to set some aliases, meaning if we send an email to root@yourdomain or webmaster@yourdomain, to make sure mails will drop into your account. If you want to make some changes, you can modify the file /etc/aliases.

Basically it says, mailer-daemon will be redirected to postmaster user (You may not have a real user called postmaster), never mind, it also says postmaster will be redirected to root and root to “MYSUER!!”. Just make sure this user suits your needs.

As it suits my need, I didn’t change anything there. But if you make any changes, don’t forget to update the configuration with the command:


Now you need to configure Dovecot through the file /etc/dovecot/dovecot.conf. Here again I suggest you to remove everything and use mine. (The original file contains a lot of links to sub conf file located in /etc/dovecot/conf.d

and replace with:

You will need to change ssl certificate location. (Last part of the file)

And finally, restart Postfix and Dovecot to update all your changes

Users Management:

In the case you want to create a new email box for a dedicated user, you can simply create a new user on your system and mails will work immediately.

In root, type:

The /sbin/nologin option will prevent the user from logging in to your server via ssh.

And that’s all at this stage.

You should now have a working email setting that you could try with Thunderbird for example. Thunderbird should recognize the server setting and you will be using STARTTLS for both IMAP and SMTP.

The next tutorial will cover how to add SPAM protection and Virus Scanning (Although Linux is well protected against viruses, you may still want to add an antivirus scan for your Windows users or when you will be accessing your mails from a Windows system.)

EDIT: The next tutorial is ready:

Reduce SPAM and improve security – Amavis + SpamAssassin + ClamAV + Procmail + PostScreen