2014-04-23 22:54:05 +00:00
|
|
|
#!/bin/bash
|
2013-09-01 14:13:51 +00:00
|
|
|
# This is the entry point for configuring the system.
|
|
|
|
#####################################################
|
|
|
|
|
2014-06-07 17:54:58 +00:00
|
|
|
source setup/functions.sh # load our functions
|
|
|
|
|
2018-08-24 12:44:53 +00:00
|
|
|
# Check system setup: Are we running as root on Ubuntu 18.04 on a
|
2016-02-21 17:47:09 +00:00
|
|
|
# machine with enough memory? Is /tmp mounted with exec.
|
|
|
|
# If not, this shows an error and exits.
|
2014-10-04 18:05:00 +00:00
|
|
|
source setup/preflight.sh
|
2014-07-16 12:27:14 +00:00
|
|
|
|
2014-09-30 11:33:27 +00:00
|
|
|
# Ensure Python reads/writes files in UTF-8. If the machine
|
|
|
|
# triggers some other locale in Python, like ASCII encoding,
|
2016-02-13 16:51:06 +00:00
|
|
|
# Python may not be able to read/write files. This is also
|
|
|
|
# in the management daemon startup script and the cron script.
|
2014-09-30 11:33:27 +00:00
|
|
|
|
2020-08-10 02:07:45 +00:00
|
|
|
# Make sure we have locales at all (some images are THAT minimal)
|
|
|
|
apt_get_quiet install locales
|
|
|
|
|
2018-08-24 12:48:09 +00:00
|
|
|
if ! locale -a | grep en_US.utf8 > /dev/null; then
|
2020-08-10 02:07:45 +00:00
|
|
|
echo "Generating locales..."
|
2014-09-30 11:33:27 +00:00
|
|
|
# Generate locale if not exists
|
2020-08-10 02:07:45 +00:00
|
|
|
echo "en_US.UTF-8 UTF-8" >> /etc/locale.gen
|
|
|
|
hide_output locale-gen
|
2014-09-30 11:33:27 +00:00
|
|
|
fi
|
|
|
|
|
|
|
|
export LANGUAGE=en_US.UTF-8
|
|
|
|
export LC_ALL=en_US.UTF-8
|
|
|
|
export LANG=en_US.UTF-8
|
|
|
|
export LC_TYPE=en_US.UTF-8
|
|
|
|
|
2016-03-23 20:50:27 +00:00
|
|
|
# Fix so line drawing characters are shown correctly in Putty on Windows. See #744.
|
2016-03-01 13:40:39 +00:00
|
|
|
export NCURSES_NO_UTF8_ACS=1
|
2016-03-23 20:50:27 +00:00
|
|
|
|
2014-06-03 21:31:13 +00:00
|
|
|
# Recall the last settings used if we're running this a second time.
|
|
|
|
if [ -f /etc/mailinabox.conf ]; then
|
2014-06-30 20:41:29 +00:00
|
|
|
# Run any system migrations before proceeding. Since this is a second run,
|
|
|
|
# we assume we have Python already installed.
|
2015-03-29 14:32:17 +00:00
|
|
|
setup/migrate.py --migrate || exit 1
|
2014-06-30 20:41:29 +00:00
|
|
|
|
2014-08-03 21:41:32 +00:00
|
|
|
# Load the old .conf file to get existing configuration options loaded
|
|
|
|
# into variables with a DEFAULT_ prefix.
|
2014-06-03 21:31:13 +00:00
|
|
|
cat /etc/mailinabox.conf | sed s/^/DEFAULT_/ > /tmp/mailinabox.prev.conf
|
|
|
|
source /tmp/mailinabox.prev.conf
|
2014-08-03 21:41:32 +00:00
|
|
|
rm -f /tmp/mailinabox.prev.conf
|
2015-12-26 13:08:08 +00:00
|
|
|
else
|
|
|
|
FIRST_TIME_SETUP=1
|
2014-06-03 21:31:13 +00:00
|
|
|
fi
|
2013-08-31 13:05:58 +00:00
|
|
|
|
2014-09-21 20:56:28 +00:00
|
|
|
# Put a start script in a global location. We tell the user to run 'mailinabox'
|
|
|
|
# in the first dialog prompt, so we should do this before that starts.
|
2022-11-07 21:28:04 +00:00
|
|
|
cat > /usr/local/sbin/mailinabox << EOF;
|
2014-09-21 20:56:28 +00:00
|
|
|
#!/bin/bash
|
2021-06-27 21:24:26 +00:00
|
|
|
cd $(pwd)
|
2014-09-21 20:56:28 +00:00
|
|
|
source setup/start.sh
|
|
|
|
EOF
|
2022-11-07 21:33:43 +00:00
|
|
|
chmod 744 /usr/local/sbin/mailinabox
|
2014-09-21 20:56:28 +00:00
|
|
|
|
2015-12-26 16:48:23 +00:00
|
|
|
# Ask the user for the PRIMARY_HOSTNAME, PUBLIC_IP, and PUBLIC_IPV6,
|
2014-08-25 12:09:37 +00:00
|
|
|
# if values have not already been set in environment variables. When running
|
2015-05-07 11:11:21 +00:00
|
|
|
# non-interactively, be sure to set values for all! Also sets STORAGE_USER and
|
|
|
|
# STORAGE_ROOT.
|
2014-10-04 18:05:00 +00:00
|
|
|
source setup/questions.sh
|
2014-06-03 21:17:10 +00:00
|
|
|
|
2014-07-26 15:26:59 +00:00
|
|
|
# Run some network checks to make sure setup on this machine makes sense.
|
2015-07-21 10:21:56 +00:00
|
|
|
# Skip on existing installs since we don't want this to block the ability to
|
|
|
|
# upgrade, and these checks are also in the control panel status checks.
|
2018-11-30 15:24:19 +00:00
|
|
|
if [ -z "${DEFAULT_PRIMARY_HOSTNAME:-}" ]; then
|
|
|
|
if [ -z "${SKIP_NETWORK_CHECKS:-}" ]; then
|
2015-05-07 11:11:21 +00:00
|
|
|
source setup/network-checks.sh
|
2015-02-01 17:01:33 +00:00
|
|
|
fi
|
2015-07-21 10:21:56 +00:00
|
|
|
fi
|
2015-02-01 17:01:33 +00:00
|
|
|
|
2015-05-07 11:11:21 +00:00
|
|
|
# Create the STORAGE_USER and STORAGE_ROOT directory if they don't already exist.
|
2022-07-28 17:20:49 +00:00
|
|
|
#
|
|
|
|
# Set the directory and all of its parent directories' permissions to world
|
|
|
|
# readable since it holds files owned by different processes.
|
|
|
|
#
|
2015-05-07 11:11:21 +00:00
|
|
|
# If the STORAGE_ROOT is missing the mailinabox.version file that lists a
|
|
|
|
# migration (schema) number for the files stored there, assume this is a fresh
|
|
|
|
# installation to that directory and write the file to contain the current
|
|
|
|
# migration number for this version of Mail-in-a-Box.
|
2015-02-01 17:01:33 +00:00
|
|
|
if ! id -u $STORAGE_USER >/dev/null 2>&1; then
|
|
|
|
useradd -m $STORAGE_USER
|
|
|
|
fi
|
|
|
|
if [ ! -d $STORAGE_ROOT ]; then
|
2013-08-31 13:05:58 +00:00
|
|
|
mkdir -p $STORAGE_ROOT
|
2015-03-04 10:25:06 +00:00
|
|
|
fi
|
2022-07-28 17:20:49 +00:00
|
|
|
f=$STORAGE_ROOT
|
|
|
|
while [[ $f != / ]]; do chmod a+rx "$f"; f=$(dirname "$f"); done;
|
2015-03-04 10:25:06 +00:00
|
|
|
if [ ! -f $STORAGE_ROOT/mailinabox.version ]; then
|
2021-06-27 21:24:26 +00:00
|
|
|
setup/migrate.py --current > $STORAGE_ROOT/mailinabox.version
|
2014-08-03 21:41:32 +00:00
|
|
|
chown $STORAGE_USER.$STORAGE_USER $STORAGE_ROOT/mailinabox.version
|
2013-08-26 21:01:48 +00:00
|
|
|
fi
|
|
|
|
|
2022-09-08 11:26:39 +00:00
|
|
|
chmod 751 $STORAGE_ROOT
|
|
|
|
|
2013-09-01 14:13:51 +00:00
|
|
|
# Save the global options in /etc/mailinabox.conf so that standalone
|
2020-05-17 16:10:38 +00:00
|
|
|
# tools know where to look for data. The default MTA_STS_MODE setting
|
|
|
|
# is blank unless set by an environment variable, but see web.sh for
|
|
|
|
# how that is interpreted.
|
2013-08-31 14:46:10 +00:00
|
|
|
cat > /etc/mailinabox.conf << EOF;
|
2014-06-20 01:16:38 +00:00
|
|
|
STORAGE_USER=$STORAGE_USER
|
2013-08-31 14:46:10 +00:00
|
|
|
STORAGE_ROOT=$STORAGE_ROOT
|
2014-06-30 13:15:36 +00:00
|
|
|
PRIMARY_HOSTNAME=$PRIMARY_HOSTNAME
|
2013-09-08 11:47:27 +00:00
|
|
|
PUBLIC_IP=$PUBLIC_IP
|
2014-06-08 22:32:52 +00:00
|
|
|
PUBLIC_IPV6=$PUBLIC_IPV6
|
2014-07-29 23:24:10 +00:00
|
|
|
PRIVATE_IP=$PRIVATE_IP
|
|
|
|
PRIVATE_IPV6=$PRIVATE_IPV6
|
2020-10-04 15:35:59 +00:00
|
|
|
GNUPGHOME=${STORAGE_ROOT}/.gnupg/
|
|
|
|
PGPKEY=${DEFAULT_PGPKEY-}
|
2021-06-27 21:24:26 +00:00
|
|
|
MTA_STS_MODE=${DEFAULT_MTA_STS_MODE:-enforce}
|
2013-08-31 14:46:10 +00:00
|
|
|
EOF
|
|
|
|
|
2013-09-01 14:13:51 +00:00
|
|
|
# Start service configuration.
|
2014-10-04 18:05:00 +00:00
|
|
|
source setup/system.sh
|
|
|
|
source setup/ssl.sh
|
|
|
|
source setup/dns.sh
|
2020-10-04 15:35:59 +00:00
|
|
|
source setup/pgp.sh
|
2014-10-04 18:05:00 +00:00
|
|
|
source setup/mail-postfix.sh
|
|
|
|
source setup/mail-dovecot.sh
|
|
|
|
source setup/mail-users.sh
|
|
|
|
source setup/dkim.sh
|
|
|
|
source setup/spamassassin.sh
|
|
|
|
source setup/web.sh
|
|
|
|
source setup/webmail.sh
|
2018-07-07 18:41:41 +00:00
|
|
|
source setup/nextcloud.sh
|
2014-10-04 18:05:00 +00:00
|
|
|
source setup/zpush.sh
|
|
|
|
source setup/management.sh
|
2015-01-28 15:10:44 +00:00
|
|
|
source setup/munin.sh
|
2014-06-03 13:24:48 +00:00
|
|
|
|
2022-11-07 21:33:43 +00:00
|
|
|
# Create a shorthand alias for the cli interface
|
|
|
|
cat > /usr/local/sbin/miabadm << EOF;
|
|
|
|
#!/bin/bash
|
|
|
|
cd $(pwd)
|
2022-11-07 22:07:24 +00:00
|
|
|
/usr/bin/env python3 management/cli.py \$@
|
2022-11-07 21:33:43 +00:00
|
|
|
EOF
|
|
|
|
chmod 744 /usr/local/sbin/miabadm
|
|
|
|
|
2016-08-18 12:32:14 +00:00
|
|
|
# Wait for the management daemon to start...
|
2016-05-06 13:06:52 +00:00
|
|
|
until nc -z -w 4 127.0.0.1 10222
|
2015-04-04 15:44:14 +00:00
|
|
|
do
|
2015-02-10 15:03:04 +00:00
|
|
|
echo Waiting for the Mail-in-a-Box management daemon to start...
|
|
|
|
sleep 2
|
|
|
|
done
|
2016-08-18 12:32:14 +00:00
|
|
|
|
|
|
|
# ...and then have it write the DNS and nginx configuration files and start those
|
|
|
|
# services.
|
2015-02-10 15:03:04 +00:00
|
|
|
tools/dns_update
|
|
|
|
tools/web_update
|
2013-09-01 14:39:36 +00:00
|
|
|
|
2016-08-18 12:32:14 +00:00
|
|
|
# Give fail2ban another restart. The log files may not all have been present when
|
|
|
|
# fail2ban was first configured, but they should exist now.
|
|
|
|
restart_service fail2ban
|
|
|
|
|
2014-06-04 23:39:58 +00:00
|
|
|
# If there aren't any mail users yet, create one.
|
2014-10-04 18:05:00 +00:00
|
|
|
source setup/firstuser.sh
|
2014-06-03 13:24:48 +00:00
|
|
|
|
2018-09-03 16:52:03 +00:00
|
|
|
# Register with Let's Encrypt, including agreeing to the Terms of Service.
|
|
|
|
# We'd let certbot ask the user interactively, but when this script is
|
|
|
|
# run in the recommended curl-pipe-to-bash method there is no TTY and
|
|
|
|
# certbot will fail if it tries to ask.
|
2018-09-03 17:07:24 +00:00
|
|
|
if [ ! -d $STORAGE_ROOT/ssl/lets_encrypt/accounts/acme-v02.api.letsencrypt.org/ ]; then
|
2018-05-13 00:02:25 +00:00
|
|
|
echo
|
|
|
|
echo "-----------------------------------------------"
|
2018-09-03 16:52:03 +00:00
|
|
|
echo "Mail-in-a-Box uses Let's Encrypt to provision free SSL/TLS certificates"
|
|
|
|
echo "to enable HTTPS connections to your box. We're automatically"
|
|
|
|
echo "agreeing you to their subscriber agreement. See https://letsencrypt.org."
|
2018-05-13 00:02:25 +00:00
|
|
|
echo
|
2018-09-03 16:52:03 +00:00
|
|
|
certbot register --register-unsafely-without-email --agree-tos --config-dir $STORAGE_ROOT/ssl/lets_encrypt
|
2018-05-13 00:02:25 +00:00
|
|
|
fi
|
|
|
|
|
2014-08-25 12:09:37 +00:00
|
|
|
# Done.
|
2014-08-17 22:43:57 +00:00
|
|
|
echo
|
|
|
|
echo "-----------------------------------------------"
|
|
|
|
echo
|
|
|
|
echo Your Mail-in-a-Box is running.
|
|
|
|
echo
|
|
|
|
echo Please log in to the control panel for further instructions at:
|
|
|
|
echo
|
2014-08-21 10:43:55 +00:00
|
|
|
if management/status_checks.py --check-primary-hostname; then
|
2014-08-17 22:43:57 +00:00
|
|
|
# Show the nice URL if it appears to be resolving and has a valid certificate.
|
|
|
|
echo https://$PRIMARY_HOSTNAME/admin
|
|
|
|
echo
|
2015-09-04 22:49:30 +00:00
|
|
|
echo "If you have a DNS problem put the box's IP address in the URL"
|
2017-03-01 12:57:03 +00:00
|
|
|
echo "(https://$PUBLIC_IP/admin) but then check the TLS fingerprint:"
|
|
|
|
openssl x509 -in $STORAGE_ROOT/ssl/ssl_certificate.pem -noout -fingerprint -sha256\
|
|
|
|
| sed "s/SHA256 Fingerprint=//"
|
2014-08-26 16:12:29 +00:00
|
|
|
else
|
|
|
|
echo https://$PUBLIC_IP/admin
|
|
|
|
echo
|
|
|
|
echo You will be alerted that the website has an invalid certificate. Check that
|
|
|
|
echo the certificate fingerprint matches:
|
2014-08-17 22:43:57 +00:00
|
|
|
echo
|
2017-03-01 12:57:03 +00:00
|
|
|
openssl x509 -in $STORAGE_ROOT/ssl/ssl_certificate.pem -noout -fingerprint -sha256\
|
|
|
|
| sed "s/SHA256 Fingerprint=//"
|
2015-09-04 22:49:30 +00:00
|
|
|
echo
|
|
|
|
echo Then you can confirm the security exception and continue.
|
|
|
|
echo
|
2014-08-17 22:43:57 +00:00
|
|
|
fi
|