minimal changeset to get things working on 18.04
@joshdata squashed pull request #1398, removed some comments, and added these notes: * The old init.d script for the management daemon is replaced with a systemd service. * A systemd service configuration is added to configure permissions for munin on startup. * nginx SSL settings are updated because nginx's options and defaults have changed, and we now enable http2. * Automatic SSHFP record generation is updated to know that 22 is the default SSH daemon port, since it is no longer explicit in sshd_config. * The dovecot-lucene package is dropped because the Mail-in-a-Box PPA where we built the package has not been updated for Ubuntu 18.04. * The stock postgrey package is installed instead of the one from our PPA (which we no longer support), which loses the automatic whitelisting of DNSWL.org-whitelisted senders. * Drop memcached and the status check for memcached, which we used to use with ownCloud long ago but are no longer installing. * Other minor changes.
This commit is contained in:
parent
504a9b0abc
commit
d96613b8fe
20 changed files with 101 additions and 412 deletions
|
@ -1,10 +1,13 @@
|
||||||
CHANGELOG
|
CHANGELOG
|
||||||
=========
|
=========
|
||||||
|
|
||||||
|
This branch supports Ubuntu 18.04 **only**. When upgrading, **always** upgrade your **existing** Ubuntu 14.04 machine to version the latest release supporting Ubuntu 14.04 --- v0.28. If you are running an older version of Mail-in-a-Box which has an old version of ownCloud or Nextcloud, you will *not* be able to upgrade your data because older versions of ownCloud and Nextcloud that are required to perform the upgrade *cannot* be run on Ubuntu 18.04.
|
||||||
|
|
||||||
In Development
|
In Development
|
||||||
--------------
|
--------------
|
||||||
|
|
||||||
* Starting with v0.28, TLS certificate provisioning wouldn't work on new boxes until the mailinabox setup command was run a second time because of a problem with the non-interactive setup.
|
* Starting with v0.28, TLS certificate provisioning wouldn't work on new boxes until the mailinabox setup command was run a second time because of a problem with the non-interactive setup.
|
||||||
|
|
||||||
* Update to Nextcloud 13.0.5.
|
* Update to Nextcloud 13.0.5.
|
||||||
* Update to Roundcube 1.3.7.
|
* Update to Roundcube 1.3.7.
|
||||||
* Update to Z-Push 2.4.4.
|
* Update to Z-Push 2.4.4.
|
||||||
|
|
9
Vagrantfile
vendored
9
Vagrantfile
vendored
|
@ -2,14 +2,7 @@
|
||||||
# vi: set ft=ruby :
|
# vi: set ft=ruby :
|
||||||
|
|
||||||
Vagrant.configure("2") do |config|
|
Vagrant.configure("2") do |config|
|
||||||
config.vm.box = "ubuntu14.04"
|
config.vm.box = "ubuntu/bionic64"
|
||||||
config.vm.box_url = "http://cloud-images.ubuntu.com/vagrant/trusty/current/trusty-server-cloudimg-amd64-vagrant-disk1.box"
|
|
||||||
|
|
||||||
if Vagrant.has_plugin?("vagrant-cachier")
|
|
||||||
# Configure cached packages to be shared between instances of the same base box.
|
|
||||||
# More info on http://fgrehm.viewdocs.io/vagrant-cachier/usage
|
|
||||||
config.cache.scope = :box
|
|
||||||
end
|
|
||||||
|
|
||||||
# Network config: Since it's a mail server, the machine must be connected
|
# Network config: Since it's a mail server, the machine must be connected
|
||||||
# to the public web. However, we currently don't want to expose SSH since
|
# to the public web. However, we currently don't want to expose SSH since
|
||||||
|
|
10
conf/mailinabox.service
Normal file
10
conf/mailinabox.service
Normal file
|
@ -0,0 +1,10 @@
|
||||||
|
[Unit]
|
||||||
|
Description=Mail-in-a-Box System Management Service
|
||||||
|
After=multi-user.target
|
||||||
|
|
||||||
|
[Service]
|
||||||
|
Type=idle
|
||||||
|
ExecStart=/usr/local/lib/mailinabox/start
|
||||||
|
|
||||||
|
[Install]
|
||||||
|
WantedBy=multi-user.target
|
|
@ -1,135 +0,0 @@
|
||||||
#! /bin/sh
|
|
||||||
### BEGIN INIT INFO
|
|
||||||
# Provides: mailinabox
|
|
||||||
# Required-Start: $all
|
|
||||||
# Required-Stop: $all
|
|
||||||
# Default-Start: 2 3 4 5
|
|
||||||
# Default-Stop: 0 1 6
|
|
||||||
# Short-Description: Start and stop the Mail-in-a-Box management daemon.
|
|
||||||
# Description: Start and stop the Mail-in-a-Box management daemon.
|
|
||||||
### END INIT INFO
|
|
||||||
|
|
||||||
# Adapted from http://blog.codefront.net/2007/06/11/nginx-php-and-a-php-fastcgi-daemon-init-script/
|
|
||||||
|
|
||||||
PATH=/sbin:/usr/sbin:/bin:/usr/bin
|
|
||||||
DESC="Mail-in-a-Box Management Daemon"
|
|
||||||
NAME=mailinabox
|
|
||||||
DAEMON=/usr/local/lib/mailinabox/start
|
|
||||||
PIDFILE=/var/run/$NAME.pid
|
|
||||||
SCRIPTNAME=/etc/init.d/$NAME
|
|
||||||
|
|
||||||
# Exit if the package is not installed
|
|
||||||
[ -x "$DAEMON" ] || exit 0
|
|
||||||
|
|
||||||
# Set defaults.
|
|
||||||
START=yes
|
|
||||||
EXEC_AS_USER=root
|
|
||||||
|
|
||||||
# Ensure Python reads/writes files in UTF-8. If the machine
|
|
||||||
# triggers some other locale in Python, like ASCII encoding,
|
|
||||||
# Python may not be able to read/write files. Set also
|
|
||||||
# setup/start.sh (where the locale is also installed if not
|
|
||||||
# already present) and management/daily_tasks.sh.
|
|
||||||
export LANGUAGE=en_US.UTF-8
|
|
||||||
export LC_ALL=en_US.UTF-8
|
|
||||||
export LANG=en_US.UTF-8
|
|
||||||
export LC_TYPE=en_US.UTF-8
|
|
||||||
|
|
||||||
# Read configuration variable file if it is present
|
|
||||||
[ -r /etc/default/$NAME ] && . /etc/default/$NAME
|
|
||||||
|
|
||||||
# Load the VERBOSE setting and other rcS variables
|
|
||||||
. /lib/init/vars.sh
|
|
||||||
|
|
||||||
# Define LSB log_* functions.
|
|
||||||
# Depend on lsb-base (>= 3.0-6) to ensure that this file is present.
|
|
||||||
. /lib/lsb/init-functions
|
|
||||||
|
|
||||||
# If the daemon is not enabled, give the user a warning and then exit,
|
|
||||||
# unless we are stopping the daemon
|
|
||||||
if [ "$START" != "yes" -a "$1" != "stop" ]; then
|
|
||||||
log_warning_msg "To enable $NAME, edit /etc/default/$NAME and set START=yes"
|
|
||||||
exit 0
|
|
||||||
fi
|
|
||||||
|
|
||||||
# Process configuration
|
|
||||||
#export ...
|
|
||||||
DAEMON_ARGS=""
|
|
||||||
|
|
||||||
|
|
||||||
do_start()
|
|
||||||
{
|
|
||||||
# Return
|
|
||||||
# 0 if daemon has been started
|
|
||||||
# 1 if daemon was already running
|
|
||||||
# 2 if daemon could not be started
|
|
||||||
start-stop-daemon --start --quiet --pidfile $PIDFILE --exec $DAEMON --test > /dev/null \
|
|
||||||
|| return 1
|
|
||||||
start-stop-daemon --start --quiet --pidfile $PIDFILE --exec $DAEMON \
|
|
||||||
--background --make-pidfile --chuid $EXEC_AS_USER --startas $DAEMON -- \
|
|
||||||
$DAEMON_ARGS \
|
|
||||||
|| return 2
|
|
||||||
}
|
|
||||||
|
|
||||||
do_stop()
|
|
||||||
{
|
|
||||||
# Return
|
|
||||||
# 0 if daemon has been stopped
|
|
||||||
# 1 if daemon was already stopped
|
|
||||||
# 2 if daemon could not be stopped
|
|
||||||
# other if a failure occurred
|
|
||||||
start-stop-daemon --stop --quiet --retry=TERM/30/KILL/5 --pidfile $PIDFILE > /dev/null # --name $DAEMON
|
|
||||||
RETVAL="$?"
|
|
||||||
[ "$RETVAL" = 2 ] && return 2
|
|
||||||
# Wait for children to finish too if this is a daemon that forks
|
|
||||||
# and if the daemon is only ever run from this initscript.
|
|
||||||
# If the above conditions are not satisfied then add some other code
|
|
||||||
# that waits for the process to drop all resources that could be
|
|
||||||
# needed by services started subsequently. A last resort is to
|
|
||||||
# sleep for some time.
|
|
||||||
start-stop-daemon --stop --quiet --oknodo --retry=0/30/KILL/5 --exec $DAEMON
|
|
||||||
[ "$?" = 2 ] && return 2
|
|
||||||
# Many daemons don't delete their pidfiles when they exit.
|
|
||||||
rm -f $PIDFILE
|
|
||||||
return "$RETVAL"
|
|
||||||
}
|
|
||||||
case "$1" in
|
|
||||||
start)
|
|
||||||
[ "$VERBOSE" != no ] && log_daemon_msg "Starting $DESC" "$NAME"
|
|
||||||
do_start
|
|
||||||
case "$?" in
|
|
||||||
0|1) [ "$VERBOSE" != no ] && log_end_msg 0 ;;
|
|
||||||
2) [ "$VERBOSE" != no ] && log_end_msg 1 ;;
|
|
||||||
esac
|
|
||||||
;;
|
|
||||||
stop)
|
|
||||||
[ "$VERBOSE" != no ] && log_daemon_msg "Stopping $DESC" "$NAME"
|
|
||||||
do_stop
|
|
||||||
case "$?" in
|
|
||||||
0|1) [ "$VERBOSE" != no ] && log_end_msg 0 ;;
|
|
||||||
2) [ "$VERBOSE" != no ] && log_end_msg 1 ;;
|
|
||||||
esac
|
|
||||||
;;
|
|
||||||
restart|force-reload)
|
|
||||||
log_daemon_msg "Restarting $DESC" "$NAME"
|
|
||||||
do_stop
|
|
||||||
case "$?" in
|
|
||||||
0|1)
|
|
||||||
do_start
|
|
||||||
case "$?" in
|
|
||||||
0) log_end_msg 0 ;;
|
|
||||||
1) log_end_msg 1 ;; # Old process is still running
|
|
||||||
*) log_end_msg 1 ;; # Failed to start
|
|
||||||
esac
|
|
||||||
;;
|
|
||||||
*)
|
|
||||||
# Failed to stop
|
|
||||||
log_end_msg 1
|
|
||||||
;;
|
|
||||||
esac
|
|
||||||
;;
|
|
||||||
*)
|
|
||||||
echo "Usage: $SCRIPTNAME {start|stop|restart|force-reload}" >&2
|
|
||||||
exit 3
|
|
||||||
;;
|
|
||||||
esac
|
|
10
conf/munin.service
Normal file
10
conf/munin.service
Normal file
|
@ -0,0 +1,10 @@
|
||||||
|
[Unit]
|
||||||
|
Description=Munin System Monitoring Startup Script
|
||||||
|
After=multi-user.target
|
||||||
|
|
||||||
|
[Service]
|
||||||
|
Type=idle
|
||||||
|
ExecStart=/usr/local/lib/mailinabox/munin_start.sh
|
||||||
|
|
||||||
|
[Install]
|
||||||
|
WantedBy=multi-user.target
|
|
@ -1,76 +1,20 @@
|
||||||
# from https://gist.github.com/konklone/6532544 and https://mozilla.github.io/server-side-tls/ssl-config-generator/
|
# We track the Mozilla "intermediate" compatibility TLS recommendations.
|
||||||
###################################################################################################################
|
# Note that these settings are repeated in the SMTP and IMAP configuration.
|
||||||
|
|
||||||
# Basically the nginx configuration I use at konklone.com.
|
|
||||||
# I check it using https://www.ssllabs.com/ssltest/analyze.html?d=konklone.com
|
|
||||||
#
|
|
||||||
# To provide feedback, please tweet at @konklone or email eric@konklone.com.
|
|
||||||
# Comments on gists don't notify the author.
|
|
||||||
#
|
|
||||||
# Thanks to WubTheCaptain (https://wubthecaptain.eu) for his help and ciphersuites.
|
|
||||||
# Thanks to Ilya Grigorik (https://www.igvita.com) for constant inspiration.
|
|
||||||
|
|
||||||
# Path to certificate and private key.
|
|
||||||
# The .crt may omit the root CA cert, if it's a standard CA that ships with clients.
|
|
||||||
#ssl_certificate /path/to/unified.crt;
|
|
||||||
#ssl_certificate_key /path/to/my-private-decrypted.key;
|
|
||||||
|
|
||||||
# Tell browsers to require SSL (warning: difficult to change your mind)
|
|
||||||
# Handled by the management daemon because we can toggle this version or a
|
|
||||||
# preload version.
|
|
||||||
#add_header Strict-Transport-Security max-age=31536000;
|
|
||||||
|
|
||||||
# Prefer certain ciphersuites, to enforce Forward Secrecy and avoid known vulnerabilities.
|
|
||||||
#
|
|
||||||
# Forces forward secrecy in all browsers and clients that can use TLS,
|
|
||||||
# but with a small exception (DES-CBC3-SHA) for IE8/XP users.
|
|
||||||
#
|
|
||||||
# Reference client: https://www.ssllabs.com/ssltest/analyze.html
|
|
||||||
ssl_prefer_server_ciphers on;
|
|
||||||
ssl_ciphers 'ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS';
|
|
||||||
|
|
||||||
# Cut out (the old, broken) SSLv3 entirely.
|
|
||||||
# This **excludes IE6 users** and (apparently) Yandexbot.
|
|
||||||
# Just comment out if you need to support IE6, bless your soul.
|
|
||||||
ssl_protocols TLSv1.2 TLSv1.1 TLSv1;
|
ssl_protocols TLSv1.2 TLSv1.1 TLSv1;
|
||||||
|
ssl_ciphers 'ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS';
|
||||||
|
ssl_dhparam STORAGE_ROOT/ssl/dh2048.pem;
|
||||||
|
|
||||||
# Turn on session resumption, using a cache shared across nginx processes,
|
|
||||||
# as recommended by http://nginx.org/en/docs/http/configuring_https_servers.html
|
# as recommended by http://nginx.org/en/docs/http/configuring_https_servers.html
|
||||||
ssl_session_cache shared:SSL:50m;
|
ssl_session_cache shared:SSL:50m;
|
||||||
ssl_session_timeout 1d;
|
ssl_session_timeout 1d;
|
||||||
#keepalive_timeout 70; # in Ubuntu 14.04/nginx 1.4.6 the default is 65, so plenty good
|
|
||||||
|
|
||||||
# Buffer size of 1400 bytes fits in one MTU.
|
# Buffer size of 1400 bytes fits in one MTU.
|
||||||
# nginx 1.5.9+ ONLY
|
# nginx 1.5.9+ ONLY
|
||||||
#ssl_buffer_size 1400;
|
ssl_buffer_size 1400;
|
||||||
|
|
||||||
# SPDY header compression (0 for none, 9 for slow/heavy compression). Preferred is 6.
|
|
||||||
#
|
|
||||||
# BUT: header compression is flawed and vulnerable in SPDY versions 1 - 3.
|
|
||||||
# Disable with 0, until using a version of nginx with SPDY 4.
|
|
||||||
spdy_headers_comp 0;
|
|
||||||
|
|
||||||
# Now let's really get fancy, and pre-generate a 2048 bit random parameter
|
|
||||||
# for DH elliptic curves. If not created and specified, default is only 1024 bits.
|
|
||||||
#
|
|
||||||
# Generated by OpenSSL with the following command:
|
|
||||||
# openssl dhparam -outform pem -out dhparam2048.pem 2048
|
|
||||||
#
|
|
||||||
# Note: raising the bits to 2048 excludes Java 6 clients. Comment out if a problem.
|
|
||||||
ssl_dhparam STORAGE_ROOT/ssl/dh2048.pem;
|
|
||||||
|
|
||||||
|
|
||||||
# OCSP stapling - means nginx will poll the CA for signed OCSP responses,
|
|
||||||
# and send them to clients so clients don't make their own OCSP calls.
|
|
||||||
# http://en.wikipedia.org/wiki/OCSP_stapling
|
|
||||||
#
|
|
||||||
# while the ssl_certificate above may omit the root cert if the CA is trusted,
|
|
||||||
# ssl_trusted_certificate below must point to a chain of **all** certs
|
|
||||||
# in the trust path - (your cert, intermediary certs, root cert)
|
|
||||||
#
|
|
||||||
# 8.8.8.8 and 8.8.4.4 below are Google's public IPv4 DNS servers.
|
|
||||||
# nginx will use them to talk to the CA.
|
|
||||||
ssl_stapling on;
|
ssl_stapling on;
|
||||||
ssl_stapling_verify on;
|
ssl_stapling_verify on;
|
||||||
resolver 127.0.0.1 valid=86400;
|
resolver 127.0.0.1 valid=86400;
|
||||||
resolver_timeout 10;
|
resolver_timeout 10;
|
||||||
|
|
||||||
|
# h/t https://gist.github.com/konklone/6532544
|
||||||
|
|
|
@ -31,8 +31,8 @@ server {
|
||||||
|
|
||||||
# The secure HTTPS server.
|
# The secure HTTPS server.
|
||||||
server {
|
server {
|
||||||
listen 443 ssl;
|
listen 443 ssl http2;
|
||||||
listen [::]:443 ssl;
|
listen [::]:443 ssl http2;
|
||||||
|
|
||||||
server_name $HOSTNAME;
|
server_name $HOSTNAME;
|
||||||
|
|
||||||
|
|
|
@ -354,19 +354,20 @@ def build_sshfp_records():
|
||||||
# Get our local fingerprints by running ssh-keyscan. The output looks
|
# Get our local fingerprints by running ssh-keyscan. The output looks
|
||||||
# like the known_hosts file: hostname, keytype, fingerprint. The order
|
# like the known_hosts file: hostname, keytype, fingerprint. The order
|
||||||
# of the output is arbitrary, so sort it to prevent spurrious updates
|
# of the output is arbitrary, so sort it to prevent spurrious updates
|
||||||
# to the zone file (that trigger bumping the serial number).
|
# to the zone file (that trigger bumping the serial number). However,
|
||||||
|
# if SSH has been configured to listen on a nonstandard port, we must
|
||||||
# scan the sshd_config and find the ssh ports (port 22 may be closed)
|
# specify that port to sshkeyscan.
|
||||||
|
port = 22
|
||||||
with open('/etc/ssh/sshd_config', 'r') as f:
|
with open('/etc/ssh/sshd_config', 'r') as f:
|
||||||
ports = []
|
for line in f:
|
||||||
t = f.readlines()
|
s = line.rstrip().split()
|
||||||
for line in t:
|
|
||||||
s = line.split()
|
|
||||||
if len(s) == 2 and s[0] == 'Port':
|
if len(s) == 2 and s[0] == 'Port':
|
||||||
ports = ports + [s[1]]
|
try:
|
||||||
# the keys are the same at each port, so we only need to get
|
port = int(s[1])
|
||||||
# them at the first port found (may not be port 22)
|
except ValueError:
|
||||||
keys = shell("check_output", ["ssh-keyscan", "-t", "rsa,dsa,ecdsa,ed25519", "-p", ports[0], "localhost"])
|
pass
|
||||||
|
break
|
||||||
|
keys = shell("check_output", ["ssh-keyscan", "-t", "rsa,dsa,ecdsa,ed25519", "-p", str(port), "localhost"])
|
||||||
for key in sorted(keys.split("\n")):
|
for key in sorted(keys.split("\n")):
|
||||||
if key.strip() == "" or key[0] == "#": continue
|
if key.strip() == "" or key[0] == "#": continue
|
||||||
try:
|
try:
|
||||||
|
|
2
management/munin_start.sh
Normal file
2
management/munin_start.sh
Normal file
|
@ -0,0 +1,2 @@
|
||||||
|
#!/bin/bash
|
||||||
|
mkdir -p /var/run/munin && chown munin /var/run/munin
|
|
@ -28,7 +28,6 @@ def get_services():
|
||||||
{ "name": "Spamassassin", "port": 10025, "public": False, },
|
{ "name": "Spamassassin", "port": 10025, "public": False, },
|
||||||
{ "name": "OpenDKIM", "port": 8891, "public": False, },
|
{ "name": "OpenDKIM", "port": 8891, "public": False, },
|
||||||
{ "name": "OpenDMARC", "port": 8893, "public": False, },
|
{ "name": "OpenDMARC", "port": 8893, "public": False, },
|
||||||
{ "name": "Memcached", "port": 11211, "public": False, },
|
|
||||||
{ "name": "Mail-in-a-Box Management Daemon", "port": 10222, "public": False, },
|
{ "name": "Mail-in-a-Box Management Daemon", "port": 10222, "public": False, },
|
||||||
{ "name": "SSH Login (ssh)", "port": get_ssh_port(), "public": True, },
|
{ "name": "SSH Login (ssh)", "port": get_ssh_port(), "public": True, },
|
||||||
{ "name": "Public DNS (nsd4)", "port": 53, "public": True, },
|
{ "name": "Public DNS (nsd4)", "port": 53, "public": True, },
|
||||||
|
|
|
@ -21,6 +21,11 @@ mkdir -p $STORAGE_ROOT/mail/dkim
|
||||||
# Not quite sure why.
|
# Not quite sure why.
|
||||||
echo "127.0.0.1" > /etc/opendkim/TrustedHosts
|
echo "127.0.0.1" > /etc/opendkim/TrustedHosts
|
||||||
|
|
||||||
|
# We need to at least create these files, since we reference them later.
|
||||||
|
# Otherwise, opendkim startup will fail
|
||||||
|
touch /etc/opendkim/KeyTable
|
||||||
|
touch /etc/opendkim/SigningTable
|
||||||
|
|
||||||
if grep -q "ExternalIgnoreList" /etc/opendkim.conf; then
|
if grep -q "ExternalIgnoreList" /etc/opendkim.conf; then
|
||||||
true # already done #NODOC
|
true # already done #NODOC
|
||||||
else
|
else
|
||||||
|
@ -75,6 +80,9 @@ tools/editconf.py /etc/postfix/main.cf \
|
||||||
non_smtpd_milters=\$smtpd_milters \
|
non_smtpd_milters=\$smtpd_milters \
|
||||||
milter_default_action=accept
|
milter_default_action=accept
|
||||||
|
|
||||||
|
# We need to explicitly enable the opendmarc service, or it will not start
|
||||||
|
hide_output systemctl enable opendmarc
|
||||||
|
|
||||||
# Restart services.
|
# Restart services.
|
||||||
restart_service opendkim
|
restart_service opendkim
|
||||||
restart_service opendmarc
|
restart_service opendmarc
|
||||||
|
|
|
@ -26,7 +26,7 @@ source /etc/mailinabox.conf # load global vars
|
||||||
echo "Installing Dovecot (IMAP server)..."
|
echo "Installing Dovecot (IMAP server)..."
|
||||||
apt_install \
|
apt_install \
|
||||||
dovecot-core dovecot-imapd dovecot-pop3d dovecot-lmtpd dovecot-sqlite sqlite3 \
|
dovecot-core dovecot-imapd dovecot-pop3d dovecot-lmtpd dovecot-sqlite sqlite3 \
|
||||||
dovecot-sieve dovecot-managesieved dovecot-lucene
|
dovecot-sieve dovecot-managesieved
|
||||||
|
|
||||||
# The `dovecot-imapd`, `dovecot-pop3d`, and `dovecot-lmtpd` packages automatically
|
# The `dovecot-imapd`, `dovecot-pop3d`, and `dovecot-lmtpd` packages automatically
|
||||||
# enable IMAP, POP and LMTP protocols.
|
# enable IMAP, POP and LMTP protocols.
|
||||||
|
@ -112,17 +112,6 @@ tools/editconf.py /etc/dovecot/conf.d/20-imap.conf \
|
||||||
tools/editconf.py /etc/dovecot/conf.d/20-pop3.conf \
|
tools/editconf.py /etc/dovecot/conf.d/20-pop3.conf \
|
||||||
pop3_uidl_format="%08Xu%08Xv"
|
pop3_uidl_format="%08Xu%08Xv"
|
||||||
|
|
||||||
# Full Text Search - Enable full text search of mail using dovecot's lucene plugin,
|
|
||||||
# which *we* package and distribute (dovecot-lucene package).
|
|
||||||
tools/editconf.py /etc/dovecot/conf.d/10-mail.conf \
|
|
||||||
mail_plugins="\$mail_plugins fts fts_lucene"
|
|
||||||
cat > /etc/dovecot/conf.d/90-plugin-fts.conf << EOF;
|
|
||||||
plugin {
|
|
||||||
fts = lucene
|
|
||||||
fts_lucene = whitespace_chars=@.
|
|
||||||
}
|
|
||||||
EOF
|
|
||||||
|
|
||||||
# ### LDA (LMTP)
|
# ### LDA (LMTP)
|
||||||
|
|
||||||
# Enable Dovecot's LDA service with the LMTP protocol. It will listen
|
# Enable Dovecot's LDA service with the LMTP protocol. It will listen
|
||||||
|
|
|
@ -48,9 +48,8 @@ source /etc/mailinabox.conf # load global vars
|
||||||
# > Every user with more than 100’000 queries per day on the public nameserver
|
# > Every user with more than 100’000 queries per day on the public nameserver
|
||||||
# > infrastructure and every commercial vendor of dnswl.org data (eg through
|
# > infrastructure and every commercial vendor of dnswl.org data (eg through
|
||||||
# > anti-spam solutions) must register with dnswl.org and purchase a subscription.
|
# > anti-spam solutions) must register with dnswl.org and purchase a subscription.
|
||||||
|
|
||||||
echo "Installing Postfix (SMTP server)..."
|
echo "Installing Postfix (SMTP server)..."
|
||||||
apt_install postfix postfix-pcre postgrey ca-certificates
|
apt_install postfix postfix-sqlite postfix-pcre postgrey ca-certificates
|
||||||
|
|
||||||
# ### Basic Settings
|
# ### Basic Settings
|
||||||
|
|
||||||
|
|
|
@ -87,16 +87,16 @@ rm -f /tmp/bootstrap.zip
|
||||||
|
|
||||||
# Create an init script to start the management daemon and keep it
|
# Create an init script to start the management daemon and keep it
|
||||||
# running after a reboot.
|
# running after a reboot.
|
||||||
rm -f /usr/local/bin/mailinabox-daemon # old path
|
rm -f /usr/local/bin/mailinabox-daemon /etc/init.d/mailinabox # old paths
|
||||||
cat > $inst_dir/start <<EOF;
|
cat > $inst_dir/start <<EOF;
|
||||||
#!/bin/bash
|
#!/bin/bash
|
||||||
source $venv/bin/activate
|
source $venv/bin/activate
|
||||||
exec python `pwd`/management/daemon.py
|
exec python `pwd`/management/daemon.py
|
||||||
EOF
|
EOF
|
||||||
chmod +x $inst_dir/start
|
chmod +x $inst_dir/start
|
||||||
rm -f /etc/init.d/mailinabox
|
hide_output systemctl link conf/mailinabox.service
|
||||||
ln -s $(pwd)/conf/management-initscript /etc/init.d/mailinabox
|
hide_output systemctl daemon-reload
|
||||||
hide_output update-rc.d mailinabox defaults
|
hide_output systemctl enable mailinabox.service
|
||||||
|
|
||||||
# Remove old files we no longer use.
|
# Remove old files we no longer use.
|
||||||
rm -f /etc/cron.daily/mailinabox-backup
|
rm -f /etc/cron.daily/mailinabox-backup
|
||||||
|
|
|
@ -61,6 +61,14 @@ done
|
||||||
# Create a 'state' directory. Not sure why we need to do this manually.
|
# Create a 'state' directory. Not sure why we need to do this manually.
|
||||||
mkdir -p /var/lib/munin-node/plugin-state/
|
mkdir -p /var/lib/munin-node/plugin-state/
|
||||||
|
|
||||||
|
# Create a systemd service for munin.
|
||||||
|
ln -sf $(pwd)/management/munin_start.sh /usr/local/lib/mailinabox/munin_start.sh
|
||||||
|
chmod 0744 /usr/local/lib/mailinabox/munin_start.sh
|
||||||
|
hide_output systemctl link conf/munin.service
|
||||||
|
hide_output systemctl daemon-reload
|
||||||
|
hide_output systemctl unmask munin.service
|
||||||
|
hide_output systemctl enable munin.service
|
||||||
|
|
||||||
# Restart services.
|
# Restart services.
|
||||||
restart_service munin
|
restart_service munin
|
||||||
restart_service munin-node
|
restart_service munin-node
|
||||||
|
|
|
@ -9,30 +9,12 @@ source /etc/mailinabox.conf # load global vars
|
||||||
|
|
||||||
echo "Installing Nextcloud (contacts/calendar)..."
|
echo "Installing Nextcloud (contacts/calendar)..."
|
||||||
|
|
||||||
# Keep the php5 dependancies for the owncloud upgrades
|
apt-get purge -qq -y owncloud* # we used to use the package manager
|
||||||
apt_install \
|
|
||||||
dbconfig-common \
|
|
||||||
php5-cli php5-sqlite php5-gd php5-imap php5-curl php-pear php-apc curl libapr1 libtool libcurl4-openssl-dev php-xml-parser \
|
|
||||||
php5 php5-dev php5-gd php5-fpm memcached php5-memcached
|
|
||||||
|
|
||||||
apt-get purge -qq -y owncloud*
|
|
||||||
|
|
||||||
apt_install php7.0 php7.0-fpm \
|
apt_install php7.0 php7.0-fpm \
|
||||||
php7.0-cli php7.0-sqlite php7.0-gd php7.0-imap php7.0-curl php-pear php-apc curl \
|
php7.0-cli php7.0-sqlite php7.0-gd php7.0-imap php7.0-curl php-pear php-apc curl \
|
||||||
php7.0-dev php7.0-gd php7.0-xml php7.0-mbstring php7.0-zip php7.0-apcu php7.0-json php7.0-intl
|
php7.0-dev php7.0-gd php7.0-xml php7.0-mbstring php7.0-zip php7.0-apcu php7.0-json php7.0-intl
|
||||||
|
|
||||||
# Migrate <= v0.10 setups that stored the ownCloud config.php in /usr/local rather than
|
|
||||||
# in STORAGE_ROOT. Move the file to STORAGE_ROOT.
|
|
||||||
if [ ! -f $STORAGE_ROOT/owncloud/config.php ] \
|
|
||||||
&& [ -f /usr/local/lib/owncloud/config/config.php ]; then
|
|
||||||
|
|
||||||
# Move config.php and symlink back into previous location.
|
|
||||||
echo "Migrating owncloud/config.php to new location."
|
|
||||||
mv /usr/local/lib/owncloud/config/config.php $STORAGE_ROOT/owncloud/config.php \
|
|
||||||
&& \
|
|
||||||
ln -sf $STORAGE_ROOT/owncloud/config.php /usr/local/lib/owncloud/config/config.php
|
|
||||||
fi
|
|
||||||
|
|
||||||
InstallNextcloud() {
|
InstallNextcloud() {
|
||||||
|
|
||||||
version=$1
|
version=$1
|
||||||
|
@ -93,84 +75,22 @@ InstallNextcloud() {
|
||||||
fi
|
fi
|
||||||
}
|
}
|
||||||
|
|
||||||
# We only install ownCloud intermediate versions to be able to seemlesly upgrade to Nextcloud
|
nextcloud_ver=13.0.5
|
||||||
InstallOwncloud() {
|
nextcloud_hash=e2b4a4bebd4fac14feae1e6e8997682f73fa8b50
|
||||||
|
|
||||||
version=$1
|
# Check if Nextcloud dir exist, and check if version matches nextcloud_ver (if either doesn't - install/upgrade)
|
||||||
hash=$2
|
|
||||||
|
|
||||||
echo
|
|
||||||
echo "Upgrading to OwnCloud version $version"
|
|
||||||
echo
|
|
||||||
|
|
||||||
# Remove the current owncloud/Nextcloud
|
|
||||||
rm -rf /usr/local/lib/owncloud
|
|
||||||
|
|
||||||
# Download and verify
|
|
||||||
wget_verify https://download.owncloud.org/community/owncloud-$version.tar.bz2 $hash /tmp/owncloud.tar.bz2
|
|
||||||
|
|
||||||
|
|
||||||
# Extract ownCloud
|
|
||||||
tar xjf /tmp/owncloud.tar.bz2 -C /usr/local/lib
|
|
||||||
rm -f /tmp/owncloud.tar.bz2
|
|
||||||
|
|
||||||
# The two apps we actually want are not in Nextcloud core. Download the releases from
|
|
||||||
# their github repositories.
|
|
||||||
mkdir -p /usr/local/lib/owncloud/apps
|
|
||||||
|
|
||||||
wget_verify https://github.com/owncloud/contacts/releases/download/v1.4.0.0/contacts.tar.gz c1c22d29699456a45db447281682e8bc3f10e3e7 /tmp/contacts.tgz
|
|
||||||
tar xf /tmp/contacts.tgz -C /usr/local/lib/owncloud/apps/
|
|
||||||
rm /tmp/contacts.tgz
|
|
||||||
|
|
||||||
wget_verify https://github.com/nextcloud/calendar/releases/download/v1.4.0/calendar.tar.gz c84f3170efca2a99ea6254de34b0af3cb0b3a821 /tmp/calendar.tgz
|
|
||||||
tar xf /tmp/calendar.tgz -C /usr/local/lib/owncloud/apps/
|
|
||||||
rm /tmp/calendar.tgz
|
|
||||||
|
|
||||||
# Fix weird permissions.
|
|
||||||
chmod 750 /usr/local/lib/owncloud/{apps,config}
|
|
||||||
|
|
||||||
# Create a symlink to the config.php in STORAGE_ROOT (for upgrades we're restoring the symlink we previously
|
|
||||||
# put in, and in new installs we're creating a symlink and will create the actual config later).
|
|
||||||
ln -sf $STORAGE_ROOT/owncloud/config.php /usr/local/lib/owncloud/config/config.php
|
|
||||||
|
|
||||||
# Make sure permissions are correct or the upgrade step won't run.
|
|
||||||
# $STORAGE_ROOT/owncloud may not yet exist, so use -f to suppress
|
|
||||||
# that error.
|
|
||||||
chown -f -R www-data.www-data $STORAGE_ROOT/owncloud /usr/local/lib/owncloud
|
|
||||||
|
|
||||||
# If this isn't a new installation, immediately run the upgrade script.
|
|
||||||
# Then check for success (0=ok and 3=no upgrade needed, both are success).
|
|
||||||
if [ -e $STORAGE_ROOT/owncloud/owncloud.db ]; then
|
|
||||||
# ownCloud 8.1.1 broke upgrades. It may fail on the first attempt, but
|
|
||||||
# that can be OK.
|
|
||||||
sudo -u www-data php5 /usr/local/lib/owncloud/occ upgrade
|
|
||||||
if [ \( $? -ne 0 \) -a \( $? -ne 3 \) ]; then
|
|
||||||
echo "Trying ownCloud upgrade again to work around ownCloud upgrade bug..."
|
|
||||||
sudo -u www-data php5 /usr/local/lib/owncloud/occ upgrade
|
|
||||||
if [ \( $? -ne 0 \) -a \( $? -ne 3 \) ]; then exit 1; fi
|
|
||||||
sudo -u www-data php5 /usr/local/lib/owncloud/occ maintenance:mode --off
|
|
||||||
echo "...which seemed to work."
|
|
||||||
fi
|
|
||||||
fi
|
|
||||||
}
|
|
||||||
|
|
||||||
owncloud_ver=13.0.5
|
|
||||||
owncloud_hash=e2b4a4bebd4fac14feae1e6e8997682f73fa8b50
|
|
||||||
|
|
||||||
# Check if Nextcloud dir exist, and check if version matches owncloud_ver (if either doesn't - install/upgrade)
|
|
||||||
if [ ! -d /usr/local/lib/owncloud/ ] \
|
if [ ! -d /usr/local/lib/owncloud/ ] \
|
||||||
|| ! grep -q $owncloud_ver /usr/local/lib/owncloud/version.php; then
|
|| ! grep -q $nextcloud_ver /usr/local/lib/owncloud/version.php; then
|
||||||
|
|
||||||
# Stop php-fpm if running. If theyre not running (which happens on a previously failed install), dont bail.
|
# Stop php-fpm if running. If theyre not running (which happens on a previously failed install), dont bail.
|
||||||
service php7.0-fpm stop &> /dev/null || /bin/true
|
service php7.0-fpm stop &> /dev/null || /bin/true
|
||||||
service php5-fpm stop &> /dev/null || /bin/true
|
|
||||||
|
|
||||||
# Backup the existing ownCloud/Nextcloud.
|
# Backup the existing ownCloud/Nextcloud.
|
||||||
# Create a backup directory to store the current installation and database to
|
# Create a backup directory to store the current installation and database to
|
||||||
BACKUP_DIRECTORY=$STORAGE_ROOT/owncloud-backup/`date +"%Y-%m-%d-%T"`
|
BACKUP_DIRECTORY=$STORAGE_ROOT/owncloud-backup/`date +"%Y-%m-%d-%T"`
|
||||||
mkdir -p "$BACKUP_DIRECTORY"
|
mkdir -p "$BACKUP_DIRECTORY"
|
||||||
if [ -d /usr/local/lib/owncloud/ ]; then
|
if [ -d /usr/local/lib/owncloud/ ]; then
|
||||||
echo "upgrading ownCloud/Nextcloud to $owncloud_flavor $owncloud_ver (backing up existing installation, configuration and database to directory to $BACKUP_DIRECTORY..."
|
echo "Upgrading Nextcloud --- backing up existing installation, configuration, and database to directory to $BACKUP_DIRECTORY..."
|
||||||
cp -r /usr/local/lib/owncloud "$BACKUP_DIRECTORY/owncloud-install"
|
cp -r /usr/local/lib/owncloud "$BACKUP_DIRECTORY/owncloud-install"
|
||||||
fi
|
fi
|
||||||
if [ -e /home/user-data/owncloud/owncloud.db ]; then
|
if [ -e /home/user-data/owncloud/owncloud.db ]; then
|
||||||
|
@ -180,70 +100,17 @@ if [ ! -d /usr/local/lib/owncloud/ ] \
|
||||||
cp /home/user-data/owncloud/config.php $BACKUP_DIRECTORY
|
cp /home/user-data/owncloud/config.php $BACKUP_DIRECTORY
|
||||||
fi
|
fi
|
||||||
|
|
||||||
# We only need to check if we do upgrades when owncloud/Nextcloud was previously installed
|
# If ownCloud or Nextcloud was previously installed....
|
||||||
if [ -e /usr/local/lib/owncloud/version.php ]; then
|
if [ -e /usr/local/lib/owncloud/version.php ]; then
|
||||||
if grep -q "OC_VersionString = '8\.1\.[0-9]" /usr/local/lib/owncloud/version.php; then
|
# Database migrations from ownCloud are no longer possible because ownCloud cannot be run under
|
||||||
echo "We are running 8.1.x, upgrading to 8.2.11 first"
|
# PHP 7.
|
||||||
InstallOwncloud 8.2.11 e4794938fc2f15a095018ba9d6ee18b53f6f299c
|
if grep -q "OC_VersionString = '[89]\." /usr/local/lib/owncloud/version.php; then
|
||||||
|
echo "Upgrades from Mail-in-a-Box prior to v0.26c (dated February 13, 2018) with Nextcloud < 12.0.5 (you have ownCloud 8 or 9) are not supported. Upgrade to Mail-in-a-Box version v0.28 first. Setup aborting."
|
||||||
|
exit 1
|
||||||
fi
|
fi
|
||||||
|
if grep -q "OC_VersionString = '10\." /usr/local/lib/owncloud/version.php; then
|
||||||
# If we are upgrading from 8.2.x we should go to 9.0 first. Owncloud doesn't support skipping minor versions
|
echo "Upgrades from Mail-in-a-Box prior to v0.26c (dated February 13, 2018) with Nextcloud < 12.0.5 (you have ownCloud 10) are not supported. Upgrade to Mail-in-a-Box version v0.28 first. Setup aborting."
|
||||||
if grep -q "OC_VersionString = '8\.2\.[0-9]" /usr/local/lib/owncloud/version.php; then
|
exit 1
|
||||||
echo "We are running version 8.2.x, upgrading to 9.0.11 first"
|
|
||||||
|
|
||||||
# We need to disable memcached. The upgrade and install fails
|
|
||||||
# with memcached
|
|
||||||
CONFIG_TEMP=$(/bin/mktemp)
|
|
||||||
php <<EOF > $CONFIG_TEMP && mv $CONFIG_TEMP $STORAGE_ROOT/owncloud/config.php;
|
|
||||||
<?php
|
|
||||||
include("$STORAGE_ROOT/owncloud/config.php");
|
|
||||||
|
|
||||||
\$CONFIG['memcache.local'] = '\OC\Memcache\APCu';
|
|
||||||
|
|
||||||
echo "<?php\n\\\$CONFIG = ";
|
|
||||||
var_export(\$CONFIG);
|
|
||||||
echo ";";
|
|
||||||
?>
|
|
||||||
EOF
|
|
||||||
chown www-data.www-data $STORAGE_ROOT/owncloud/config.php
|
|
||||||
|
|
||||||
# We can now install owncloud 9.0.11
|
|
||||||
InstallOwncloud 9.0.11 fc8bad8a62179089bc58c406b28997fb0329337b
|
|
||||||
|
|
||||||
# The owncloud 9 migration doesn't migrate calendars and contacts
|
|
||||||
# The option to migrate these are removed in 9.1
|
|
||||||
# So the migrations should be done when we have 9.0 installed
|
|
||||||
sudo -u www-data php5 /usr/local/lib/owncloud/occ dav:migrate-addressbooks
|
|
||||||
# The following migration has to be done for each owncloud user
|
|
||||||
for directory in $STORAGE_ROOT/owncloud/*@*/ ; do
|
|
||||||
username=$(basename "${directory}")
|
|
||||||
sudo -u www-data php5 /usr/local/lib/owncloud/occ dav:migrate-calendar $username
|
|
||||||
done
|
|
||||||
sudo -u www-data php5 /usr/local/lib/owncloud/occ dav:sync-birthday-calendar
|
|
||||||
fi
|
|
||||||
|
|
||||||
# If we are upgrading from 9.0.x we should go to 9.1 first.
|
|
||||||
if grep -q "OC_VersionString = '9\.0\.[0-9]" /usr/local/lib/owncloud/version.php; then
|
|
||||||
echo "We are running ownCloud 9.0.x, upgrading to ownCloud 9.1.7 first"
|
|
||||||
InstallOwncloud 9.1.7 1307d997d0b23dc42742d315b3e2f11423a9c808
|
|
||||||
fi
|
|
||||||
|
|
||||||
# Newer ownCloud 9.1.x versions cannot be upgraded to Nextcloud 10 and have to be
|
|
||||||
# upgraded to Nextcloud 11 straight away, see:
|
|
||||||
# https://github.com/nextcloud/server/issues/2203
|
|
||||||
# However, for some reason, upgrading to the latest Nextcloud 11.0.7 doesn't
|
|
||||||
# work either. Therefore, we're upgrading to Nextcloud 11.0.0 in the interim.
|
|
||||||
# This should not be a problem since we're upgrading to the latest Nextcloud 12
|
|
||||||
# in the next step.
|
|
||||||
if grep -q "OC_VersionString = '9\.1\.[0-9]" /usr/local/lib/owncloud/version.php; then
|
|
||||||
echo "We are running ownCloud 9.1.x, upgrading to Nextcloud 11.0.0 first"
|
|
||||||
InstallNextcloud 11.0.0 e8c9ebe72a4a76c047080de94743c5c11735e72e
|
|
||||||
fi
|
|
||||||
|
|
||||||
# If we are upgrading from 10.0.x we should go to Nextcloud 11.0 first.
|
|
||||||
if grep -q "OC_VersionString = '10\.0\.[0-9]" /usr/local/lib/owncloud/version.php; then
|
|
||||||
echo "We are running Nextcloud 10.0.x, upgrading to Nextcloud 11.0.7 first"
|
|
||||||
InstallNextcloud 11.0.7 f936ddcb2ae3dbb66ee4926eb8b2ebbddc3facbe
|
|
||||||
fi
|
fi
|
||||||
|
|
||||||
# If we are upgrading from Nextcloud 11 we should go to Nextcloud 12 first.
|
# If we are upgrading from Nextcloud 11 we should go to Nextcloud 12 first.
|
||||||
|
@ -253,7 +120,7 @@ EOF
|
||||||
fi
|
fi
|
||||||
fi
|
fi
|
||||||
|
|
||||||
InstallNextcloud $owncloud_ver $owncloud_hash
|
InstallNextcloud $nextcloud_ver $nextcloud_hash
|
||||||
fi
|
fi
|
||||||
|
|
||||||
# ### Configuring Nextcloud
|
# ### Configuring Nextcloud
|
|
@ -7,9 +7,9 @@ if [[ $EUID -ne 0 ]]; then
|
||||||
exit
|
exit
|
||||||
fi
|
fi
|
||||||
|
|
||||||
# Check that we are running on Ubuntu 14.04 LTS (or 14.04.xx).
|
# Check that we are running on Ubuntu 18.04 LTS (or 18.04.xx).
|
||||||
if [ "`lsb_release -d | sed 's/.*:\s*//' | sed 's/14\.04\.[0-9]/14.04/' `" != "Ubuntu 14.04 LTS" ]; then
|
if [ "`lsb_release -d | sed 's/.*:\s*//' | sed 's/18\.04\.[0-9]/18.04/' `" != "Ubuntu 18.04 LTS" ]; then
|
||||||
echo "Mail-in-a-Box only supports being installed on Ubuntu 14.04, sorry. You are running:"
|
echo "Mail-in-a-Box only supports being installed on Ubuntu 18.04, sorry. You are running:"
|
||||||
echo
|
echo
|
||||||
lsb_release -d | sed 's/.*:\s*//'
|
lsb_release -d | sed 's/.*:\s*//'
|
||||||
echo
|
echo
|
||||||
|
|
|
@ -106,7 +106,7 @@ source setup/dkim.sh
|
||||||
source setup/spamassassin.sh
|
source setup/spamassassin.sh
|
||||||
source setup/web.sh
|
source setup/web.sh
|
||||||
source setup/webmail.sh
|
source setup/webmail.sh
|
||||||
source setup/owncloud.sh
|
source setup/nextcloud.sh
|
||||||
source setup/zpush.sh
|
source setup/zpush.sh
|
||||||
source setup/management.sh
|
source setup/management.sh
|
||||||
source setup/munin.sh
|
source setup/munin.sh
|
||||||
|
|
|
@ -70,7 +70,7 @@ fi
|
||||||
|
|
||||||
# ### Add PPAs.
|
# ### Add PPAs.
|
||||||
|
|
||||||
# We install some non-standard Ubuntu packages maintained by us and other
|
# We install some non-standard Ubuntu packages maintained by other
|
||||||
# third-party providers. First ensure add-apt-repository is installed.
|
# third-party providers. First ensure add-apt-repository is installed.
|
||||||
|
|
||||||
if [ ! -f /usr/bin/add-apt-repository ]; then
|
if [ ! -f /usr/bin/add-apt-repository ]; then
|
||||||
|
@ -79,14 +79,7 @@ if [ ! -f /usr/bin/add-apt-repository ]; then
|
||||||
apt_install software-properties-common
|
apt_install software-properties-common
|
||||||
fi
|
fi
|
||||||
|
|
||||||
# [Main-in-a-Box's own PPA](https://launchpad.net/~mail-in-a-box/+archive/ubuntu/ppa)
|
# Install the certbot PPA.
|
||||||
# holds several .deb packages that we built on our own.
|
|
||||||
# One is a replacement for Ubuntu's stock postgrey package that makes
|
|
||||||
# some enhancements. The other is dovecot-lucene, a Lucene-based full
|
|
||||||
# text search plugin for (and by) dovecot, which is not available in
|
|
||||||
# Ubuntu currently.
|
|
||||||
|
|
||||||
hide_output add-apt-repository -y ppa:mail-in-a-box/ppa
|
|
||||||
hide_output add-apt-repository -y ppa:certbot/certbot
|
hide_output add-apt-repository -y ppa:certbot/certbot
|
||||||
|
|
||||||
# ### Update Packages
|
# ### Update Packages
|
||||||
|
|
|
@ -25,8 +25,6 @@ apt_install \
|
||||||
php7.0-cli php7.0-sqlite php7.0-mcrypt php7.0-intl php7.0-json php7.0-common php7.0-curl \
|
php7.0-cli php7.0-sqlite php7.0-mcrypt php7.0-intl php7.0-json php7.0-common php7.0-curl \
|
||||||
php7.0-gd php7.0-pspell tinymce libjs-jquery libjs-jquery-mousewheel libmagic1 php7.0-mbstring
|
php7.0-gd php7.0-pspell tinymce libjs-jquery libjs-jquery-mousewheel libmagic1 php7.0-mbstring
|
||||||
|
|
||||||
apt_get_quiet remove php-mail-mimedecode # no longer needed since Roundcube 1.1.3
|
|
||||||
|
|
||||||
# We used to install Roundcube from Ubuntu, without triggering the dependencies #NODOC
|
# We used to install Roundcube from Ubuntu, without triggering the dependencies #NODOC
|
||||||
# on Apache and MySQL, by downloading the debs and installing them manually. #NODOC
|
# on Apache and MySQL, by downloading the debs and installing them manually. #NODOC
|
||||||
# Now that we're beyond that, get rid of those debs before installing from source. #NODOC
|
# Now that we're beyond that, get rid of those debs before installing from source. #NODOC
|
||||||
|
|
Loading…
Reference in a new issue