Dovecot Systax Problem
parent
df390bab53
commit
087a0d3706
|
|
@ -43,19 +43,94 @@ else
|
|||
fi
|
||||
|
||||
# ── Builder 1: HTTP-only (Proxy-Mode: TLS endet im NPM) ───────────────────
|
||||
# $1=host, $2=outfile
|
||||
## $1=host, $2=outfile
|
||||
#build_site_http_only(){
|
||||
# local host="$1" outfile="$2"
|
||||
#
|
||||
# local def=""
|
||||
# [[ "${DEV_MODE}" = "1" ]] && def=" default_server"
|
||||
# [[ -z "${host}" || "${host}" = "_" ]] && host="_"
|
||||
#
|
||||
# cat > "$outfile" <<CONF
|
||||
## --- ${host} : HTTP (kein Redirect, kein TLS; läuft hinter Reverse-Proxy) ---
|
||||
#server {
|
||||
# listen 80;
|
||||
# listen [::]:80;
|
||||
# server_name ${host};
|
||||
#
|
||||
# # ACME HTTP-01 (optional; meist übernimmt das der Proxy)
|
||||
# location ^~ /.well-known/acme-challenge/ {
|
||||
# root ${ACME_ROOT};
|
||||
# allow all;
|
||||
# }
|
||||
#
|
||||
# root ${APP_DIR}/public;
|
||||
# index index.php index.html;
|
||||
#
|
||||
# access_log /var/log/nginx/${host}_access.log;
|
||||
# error_log /var/log/nginx/${host}_error.log;
|
||||
#
|
||||
# client_max_body_size 25m;
|
||||
#
|
||||
# location / { try_files \$uri \$uri/ /index.php?\$query_string; }
|
||||
#
|
||||
# location ~ \.php\$ {
|
||||
# include snippets/fastcgi-php.conf;
|
||||
# ${FASTCGI_PASS}
|
||||
# }
|
||||
#
|
||||
# location ^~ /livewire/ { try_files \$uri /index.php?\$query_string; }
|
||||
# location ~* \.(jpg|jpeg|png|gif|css|js|ico|svg)\$ { expires 30d; access_log off; }
|
||||
#
|
||||
# # WebSocket: Laravel Reverb (Backend intern HTTP)
|
||||
# location /ws/ {
|
||||
# proxy_http_version 1.1;
|
||||
# proxy_set_header Upgrade \$http_upgrade;
|
||||
# proxy_set_header Connection "Upgrade";
|
||||
# proxy_set_header Host \$host;
|
||||
# proxy_read_timeout 60s;
|
||||
# proxy_send_timeout 60s;
|
||||
# proxy_pass http://127.0.0.1:8080/;
|
||||
# }
|
||||
#
|
||||
# # Reverb HTTP API
|
||||
# location /apps/ {
|
||||
# proxy_http_version 1.1;
|
||||
# proxy_set_header Host \$host;
|
||||
# proxy_read_timeout 60s;
|
||||
# proxy_send_timeout 60s;
|
||||
# proxy_pass http://127.0.0.1:8080/apps/;
|
||||
# }
|
||||
#CONF
|
||||
#
|
||||
# if [[ "${DEV_MODE}" = "1" ]]; then
|
||||
# cat >> "$outfile" <<'CONF'
|
||||
# # DEV: Vite-Proxy (HMR)
|
||||
# location ^~ /@vite/ { proxy_pass http://127.0.0.1:5173/@vite/; proxy_set_header Host $host; }
|
||||
# location ^~ /node_modules/ { proxy_pass http://127.0.0.1:5173/node_modules/; proxy_set_header Host $host; }
|
||||
# location ^~ /resources/ { proxy_pass http://127.0.0.1:5173/resources/; proxy_set_header Host $host; }
|
||||
#CONF
|
||||
# fi
|
||||
#
|
||||
# echo "}" >> "$outfile"
|
||||
#}
|
||||
|
||||
build_site_http_only(){
|
||||
local host="$1" outfile="$2"
|
||||
|
||||
# DEV: IP-Zugriff ohne Hostname → default_server + server_name _
|
||||
local def=""
|
||||
[[ "${DEV_MODE}" = "1" ]] && def=" default_server"
|
||||
if [[ "${DEV_MODE}" = "1" ]]; then
|
||||
def=" default_server"
|
||||
host="_"
|
||||
fi
|
||||
[[ -z "${host}" || "${host}" = "_" ]] && host="_"
|
||||
|
||||
cat > "$outfile" <<CONF
|
||||
# --- ${host} : HTTP (kein Redirect, kein TLS; läuft hinter Reverse-Proxy) ---
|
||||
# --- ${host} : HTTP (kein Redirect, kein TLS; läuft hinter Reverse-Proxy/DEV) ---
|
||||
server {
|
||||
listen 80;
|
||||
listen [::]:80;
|
||||
listen 80${def};
|
||||
listen [::]:80${def};
|
||||
server_name ${host};
|
||||
|
||||
# ACME HTTP-01 (optional; meist übernimmt das der Proxy)
|
||||
|
|
@ -67,8 +142,8 @@ server {
|
|||
root ${APP_DIR}/public;
|
||||
index index.php index.html;
|
||||
|
||||
access_log /var/log/nginx/${host}_access.log;
|
||||
error_log /var/log/nginx/${host}_error.log;
|
||||
access_log /var/log/nginx/${host/_/__}_access.log;
|
||||
error_log /var/log/nginx/${host/_/__}_error.log;
|
||||
|
||||
client_max_body_size 25m;
|
||||
|
||||
|
|
@ -82,7 +157,7 @@ server {
|
|||
location ^~ /livewire/ { try_files \$uri /index.php?\$query_string; }
|
||||
location ~* \.(jpg|jpeg|png|gif|css|js|ico|svg)\$ { expires 30d; access_log off; }
|
||||
|
||||
# WebSocket: Laravel Reverb (Backend intern HTTP)
|
||||
# WebSocket: Laravel Reverb
|
||||
location /ws/ {
|
||||
proxy_http_version 1.1;
|
||||
proxy_set_header Upgrade \$http_upgrade;
|
||||
|
|
|
|||
|
|
@ -128,6 +128,7 @@ else
|
|||
fi
|
||||
fi
|
||||
|
||||
SECURE=$([[ "${APP_ENV}" = "production" ]] && echo true || echo false)
|
||||
|
||||
# --- .env schreiben ---------------------------------------------------------
|
||||
upsert_env APP_URL "${APP_URL_VAL}"
|
||||
|
|
@ -177,7 +178,7 @@ upsert_env CACHE_STORE "redis"
|
|||
upsert_env CACHE_DRIVER "redis"
|
||||
upsert_env CACHE_PREFIX "${APP_USER_PREFIX}_cache:"
|
||||
upsert_env SESSION_DRIVER "redis"
|
||||
upsert_env SESSION_SECURE_COOKIE "true"
|
||||
upsert_env SESSION_SECURE_COOKIE "${SECURE}" # DEV=false, PROD=true
|
||||
upsert_env SESSION_SAMESITE "lax"
|
||||
upsert_env REDIS_CLIENT "phpredis"
|
||||
upsert_env REDIS_HOST "127.0.0.1"
|
||||
|
|
|
|||
|
|
@ -69,9 +69,34 @@ echo -e "${GREY}Erkannte IP (v4): ${SERVER_PUBLIC_IPV4} v6: ${SERVER_PUBLIC_IPV
|
|||
|
||||
# ── Helpers ───────────────────────────────────────────────────
|
||||
have_whiptail(){ command -v whiptail >/dev/null 2>&1; }
|
||||
valid_fqdn(){
|
||||
[[ "$1" =~ ^([a-z0-9]([-a-z0-9]*[a-z0-9])?\.)+[a-z]{2,}$ ]]
|
||||
|
||||
#valid_fqdn(){
|
||||
# [[ "$1" =~ ^([a-z0-9]([-a-z0-9]*[a-z0-9])?\.)+[a-z]{2,}$ ]]
|
||||
#}
|
||||
|
||||
# ── Host-Validierung & DEV-Erkennung ────────────────────────────────────────
|
||||
valid_fqdn_prod(){ [[ "$1" =~ ^([a-z0-9]([-a-z0-9]*[a-z0-9])?\.)+[a-z]{2,}$ ]]; }
|
||||
valid_host_dev(){
|
||||
# erlaubt: single-label (ui, webmail), FQDNs, IPv4
|
||||
[[ "$1" =~ ^([a-z0-9]([-a-z0-9]*[a-z0-9])?)(\.[a-z0-9-]+)*$ ]] || [[ "$1" =~ ^([0-9]{1,3}\.){3}[0-9]{1,3}$ ]]
|
||||
}
|
||||
is_local_like(){
|
||||
local h="$(echo "$1" | tr '[:upper:]' '[:lower:]')"
|
||||
[[ "$h" =~ \.local$ || "$h" =~ \.loc$ || "$h" =~ \.dev$ || "$h" =~ \.test$ || "$h" = "localhost" ]] && return 0
|
||||
[[ "$h" =~ ^10\. || "$h" =~ ^192\.168\. || "$h" =~ ^172\.(1[6-9]|2[0-9]|3[0-1])\. || "$h" =~ ^127\. ]] && return 0
|
||||
return 1
|
||||
}
|
||||
normalize_host(){
|
||||
# $1=input $2=default (nutzt DEV_MODE für die passende Prüflogik)
|
||||
local inp="$1" def="$2"
|
||||
if [[ "${DEV_MODE}" = "1" ]]; then
|
||||
valid_host_dev "$inp" && { echo "$inp"; return; }
|
||||
else
|
||||
valid_fqdn_prod "$inp" && { echo "$inp"; return; }
|
||||
fi
|
||||
echo "$def"
|
||||
}
|
||||
|
||||
ask_tty_domain(){
|
||||
local label="$1" example="$2" def="$3" outvar="$4" inp
|
||||
echo -e "${CYAN}${label}${NC}"
|
||||
|
|
@ -95,50 +120,100 @@ CLAMAV_ENABLE=1
|
|||
OPENDMARC_ENABLE=1
|
||||
FAIL2BAN_ENABLE=1
|
||||
|
||||
if have_whiptail; then
|
||||
if command -v whiptail >/dev/null 2>&1; then
|
||||
TITLE="MailWolt Setup"
|
||||
|
||||
MTA_FQDN="$(whiptail --title "$TITLE" --inputbox "Mailserver-FQDN (MX)\nBeispiel: mx.domain.tld" 11 70 "$MTA_DEFAULT" 3>&1 1>&2 2>&3)" || exit 1
|
||||
valid_fqdn "$MTA_FQDN" || MTA_FQDN="$MTA_DEFAULT"
|
||||
# Hinweise zu erlaubten DEV-Hosts
|
||||
MSG_SUFFIX="\n\nHinweis: Im DEV-Modus sind auch single-label Hosts (z.B. ui, webmail), *.local/*.dev und IPs erlaubt."
|
||||
|
||||
UI_FQDN="$(whiptail --title "$TITLE" --inputbox "UI / Admin-Panel FQDN\nBeispiel: ui.domain.tld" 11 70 "$UI_DEFAULT" 3>&1 1>&2 2>&3)" || exit 1
|
||||
valid_fqdn "$UI_FQDN" || UI_FQDN="$UI_DEFAULT"
|
||||
_mta_in="$(whiptail --title "$TITLE" --inputbox "Mailserver-Host (MX)\nBeispiele: mx.domain.tld | mx.local | 10.0.0.10${MSG_SUFFIX}" 13 70 "$MTA_DEFAULT" 3>&1 1>&2 2>&3)" || exit 1
|
||||
_ui_in="$(whiptail --title "$TITLE" --inputbox "UI / Admin-Panel Host\nBeispiele: ui.domain.tld | ui.local | 10.0.0.10${MSG_SUFFIX}" 13 70 "$UI_DEFAULT" 3>&1 1>&2 2>&3)" || exit 1
|
||||
_wm_in="$(whiptail --title "$TITLE" --inputbox "Webmail Host\nBeispiele: webmail.domain.tld | web.local | 10.0.0.10${MSG_SUFFIX}" 13 70 "$WEBMAIL_DEFAULT" 3>&1 1>&2 2>&3)" || exit 1
|
||||
|
||||
WEBMAIL_FQDN="$(whiptail --title "$TITLE" --inputbox "Webmail FQDN\nBeispiel: webmail.domain.tld" 11 70 "$WEBMAIL_DEFAULT" 3>&1 1>&2 2>&3)" || exit 1
|
||||
valid_fqdn "$WEBMAIL_FQDN" || WEBMAIL_FQDN="$WEBMAIL_DEFAULT"
|
||||
# ZUERST provisorisch prüfen, ob „lokal“ → DEV erzwingen
|
||||
if is_local_like "$_mta_in" || is_local_like "$_ui_in" || is_local_like "$_wm_in"; then
|
||||
DEV_MODE=1; APP_ENV="local"; APP_DEBUG="true"
|
||||
fi
|
||||
export DEV_MODE APP_ENV APP_DEBUG
|
||||
|
||||
# Jetzt mit passender Logik normalisieren
|
||||
MTA_FQDN="$(normalize_host "$_mta_in" "$MTA_DEFAULT")"
|
||||
UI_FQDN="$(normalize_host "$_ui_in" "$UI_DEFAULT")"
|
||||
WEBMAIL_FQDN="$(normalize_host "$_wm_in" "$WEBMAIL_DEFAULT")"
|
||||
|
||||
CHOICES="$(whiptail --title "$TITLE" --checklist "Optionale Dienste aktivieren" 15 70 6 \
|
||||
"ClamAV" "Virenscan (clamd/clamav-daemon)" ON \
|
||||
"OpenDMARC" "DMARC-Auswertung" ON \
|
||||
"Fail2Ban" "Brute-Force-Schutz" ON \
|
||||
3>&1 1>&2 2>&3)" || true
|
||||
|
||||
CLAMAV_ENABLE=0; [[ "$CHOICES" == *"ClamAV"* ]] && CLAMAV_ENABLE=1
|
||||
OPENDMARC_ENABLE=0; [[ "$CHOICES" == *"OpenDMARC"* ]] && OPENDMARC_ENABLE=1
|
||||
FAIL2BAN_ENABLE=0; [[ "$CHOICES" == *"Fail2Ban"* ]] && FAIL2BAN_ENABLE=1
|
||||
|
||||
whiptail --title "$TITLE" --msgbox "Zusammenfassung:
|
||||
|
||||
MX : $MTA_FQDN
|
||||
UI : $UI_FQDN
|
||||
Webmail : $WEBMAIL_FQDN
|
||||
|
||||
ClamAV : $([[ $CLAMAV_ENABLE -eq 1 ]] && echo Aktiv || echo Deaktiv)
|
||||
OpenDMARC : $([[ $OPENDMARC_ENABLE -eq 1 ]] && echo Aktiv || echo Deaktiv)
|
||||
Fail2Ban : $([[ $FAIL2BAN_ENABLE -eq 1 ]] && echo Aktiv || echo Deaktiv)
|
||||
" 16 70
|
||||
|
||||
else
|
||||
echo -e "${GREY}[i] whiptail nicht gefunden – nutze TTY-Prompts.${NC}\n"
|
||||
ask_tty_domain "Mailserver-FQDN (MX)" "mx.domain.tld" "$MTA_DEFAULT" MTA_FQDN
|
||||
ask_tty_domain "UI / Admin-Panel FQDN" "ui.domain.tld" "$UI_DEFAULT" UI_FQDN
|
||||
ask_tty_domain "Webmail FQDN" "webmail.domain.tld" "$WEBMAIL_DEFAULT" WEBMAIL_FQDN
|
||||
echo -e "${GREY}[i] whiptail nicht gefunden – TTY-Fallback.${NC}\n"
|
||||
read -r -p "Mailserver-Host (MX) [${MTA_DEFAULT}]: " _mta_in; _mta_in="${_mta_in:-$MTA_DEFAULT}"
|
||||
read -r -p "UI / Admin-Panel Host [${UI_DEFAULT}]: " _ui_in; _ui_in="${_ui_in:-$UI_DEFAULT}"
|
||||
read -r -p "Webmail Host [${WEBMAIL_DEFAULT}]: " _wm_in; _wm_in="${_wm_in:-$WEBMAIL_DEFAULT}"
|
||||
|
||||
if is_local_like "$_mta_in" || is_local_like "$_ui_in" || is_local_like "$_wm_in"; then
|
||||
DEV_MODE=1; APP_ENV="local"; APP_DEBUG="true"
|
||||
fi
|
||||
export DEV_MODE APP_ENV APP_DEBUG
|
||||
|
||||
MTA_FQDN="$(normalize_host "$_mta_in" "$MTA_DEFAULT")"
|
||||
UI_FQDN="$(normalize_host "$_ui_in" "$UI_DEFAULT")"
|
||||
WEBMAIL_FQDN="$(normalize_host "$_wm_in" "$WEBMAIL_DEFAULT")"
|
||||
|
||||
read -r -p "ClamAV aktivieren? (1/0, Enter=1): " CLAMAV_ENABLE; CLAMAV_ENABLE="${CLAMAV_ENABLE:-1}"
|
||||
read -r -p "OpenDMARC aktivieren? (1/0, Enter=1): " OPENDMARC_ENABLE; OPENDMARC_ENABLE="${OPENDMARC_ENABLE:-1}"
|
||||
read -r -p "Fail2Ban aktivieren? (1/0, Enter=1): " FAIL2BAN_ENABLE; FAIL2BAN_ENABLE="${FAIL2BAN_ENABLE:-1}"
|
||||
fi
|
||||
|
||||
#if have_whiptail; then
|
||||
# TITLE="MailWolt Setup"
|
||||
#
|
||||
# MTA_FQDN="$(whiptail --title "$TITLE" --inputbox "Mailserver-FQDN (MX)\nBeispiel: mx.domain.tld" 11 70 "$MTA_DEFAULT" 3>&1 1>&2 2>&3)" || exit 1
|
||||
# valid_fqdn "$MTA_FQDN" || MTA_FQDN="$MTA_DEFAULT"
|
||||
#
|
||||
# UI_FQDN="$(whiptail --title "$TITLE" --inputbox "UI / Admin-Panel FQDN\nBeispiel: ui.domain.tld" 11 70 "$UI_DEFAULT" 3>&1 1>&2 2>&3)" || exit 1
|
||||
# valid_fqdn "$UI_FQDN" || UI_FQDN="$UI_DEFAULT"
|
||||
#
|
||||
# WEBMAIL_FQDN="$(whiptail --title "$TITLE" --inputbox "Webmail FQDN\nBeispiel: webmail.domain.tld" 11 70 "$WEBMAIL_DEFAULT" 3>&1 1>&2 2>&3)" || exit 1
|
||||
# valid_fqdn "$WEBMAIL_FQDN" || WEBMAIL_FQDN="$WEBMAIL_DEFAULT"
|
||||
#
|
||||
# CHOICES="$(whiptail --title "$TITLE" --checklist "Optionale Dienste aktivieren" 15 70 6 \
|
||||
# "ClamAV" "Virenscan (clamd/clamav-daemon)" ON \
|
||||
# "OpenDMARC" "DMARC-Auswertung" ON \
|
||||
# "Fail2Ban" "Brute-Force-Schutz" ON \
|
||||
# 3>&1 1>&2 2>&3)" || true
|
||||
#
|
||||
# CLAMAV_ENABLE=0; [[ "$CHOICES" == *"ClamAV"* ]] && CLAMAV_ENABLE=1
|
||||
# OPENDMARC_ENABLE=0; [[ "$CHOICES" == *"OpenDMARC"* ]] && OPENDMARC_ENABLE=1
|
||||
# FAIL2BAN_ENABLE=0; [[ "$CHOICES" == *"Fail2Ban"* ]] && FAIL2BAN_ENABLE=1
|
||||
#
|
||||
# whiptail --title "$TITLE" --msgbox "Zusammenfassung:
|
||||
#
|
||||
#MX : $MTA_FQDN
|
||||
#UI : $UI_FQDN
|
||||
#Webmail : $WEBMAIL_FQDN
|
||||
#
|
||||
#ClamAV : $([[ $CLAMAV_ENABLE -eq 1 ]] && echo Aktiv || echo Deaktiv)
|
||||
#OpenDMARC : $([[ $OPENDMARC_ENABLE -eq 1 ]] && echo Aktiv || echo Deaktiv)
|
||||
#Fail2Ban : $([[ $FAIL2BAN_ENABLE -eq 1 ]] && echo Aktiv || echo Deaktiv)
|
||||
#" 16 70
|
||||
#
|
||||
#else
|
||||
# echo -e "${GREY}[i] whiptail nicht gefunden – nutze TTY-Prompts.${NC}\n"
|
||||
# ask_tty_domain "Mailserver-FQDN (MX)" "mx.domain.tld" "$MTA_DEFAULT" MTA_FQDN
|
||||
# ask_tty_domain "UI / Admin-Panel FQDN" "ui.domain.tld" "$UI_DEFAULT" UI_FQDN
|
||||
# ask_tty_domain "Webmail FQDN" "webmail.domain.tld" "$WEBMAIL_DEFAULT" WEBMAIL_FQDN
|
||||
#
|
||||
# read -r -p "ClamAV aktivieren? (1/0, Enter=1): " CLAMAV_ENABLE; CLAMAV_ENABLE="${CLAMAV_ENABLE:-1}"
|
||||
# read -r -p "OpenDMARC aktivieren? (1/0, Enter=1): " OPENDMARC_ENABLE; OPENDMARC_ENABLE="${OPENDMARC_ENABLE:-1}"
|
||||
# read -r -p "Fail2Ban aktivieren? (1/0, Enter=1): " FAIL2BAN_ENABLE; FAIL2BAN_ENABLE="${FAIL2BAN_ENABLE:-1}"
|
||||
#fi
|
||||
|
||||
# ── Defaults/Kompatibilität ──────────────────────────────────
|
||||
MTA_FQDN="${MTA_FQDN:-${MTA_DEFAULT}}"
|
||||
UI_FQDN="${UI_FQDN:-${UI_DEFAULT}}"
|
||||
|
|
|
|||
Loading…
Reference in New Issue