Laudende Default seite entfernen

2025-10-16 13:14:00 +02:00 · 2025-10-16 13:14:00 +02:00 · 21084616cb
parent 93ba754738
commit 21084616cb
4 changed files with 140 additions and 34 deletions
--- a/scripts/40-postfix.sh
+++ b/scripts/40-postfix.sh
@ -7,6 +7,7 @@ MAIL_CERT="${MAIL_SSL_DIR}/fullchain.pem"
 MAIL_KEY="${MAIL_SSL_DIR}/privkey.pem"

 log "Postfix konfigurieren …"
+
 postconf -e "myhostname = ${MAIL_HOSTNAME}"
 postconf -e "myorigin = \$myhostname"
 postconf -e "mydestination = "
@ -14,15 +15,15 @@ postconf -e "inet_interfaces = all"
 postconf -e "inet_protocols = ipv4"
 postconf -e "smtpd_banner = \$myhostname ESMTP"

-postconf -e "smtpd_tls_cert_file=${MAIL_CERT}"
-postconf -e "smtpd_tls_key_file=${MAIL_KEY}"
+postconf -e "smtpd_tls_cert_file = ${MAIL_CERT}"
+postconf -e "smtpd_tls_key_file  = ${MAIL_KEY}"
 postconf -e "smtpd_tls_security_level = may"
-postconf -e "smtp_tls_security_level = may"
+postconf -e "smtp_tls_security_level  = may"
 postconf -e "smtpd_tls_received_header = yes"
-postconf -e "smtpd_tls_protocols=!SSLv2,!SSLv3"
-postconf -e "smtpd_tls_mandatory_protocols=!SSLv2,!SSLv3"
-postconf -e "smtpd_tls_loglevel=1"
-postconf -e "smtp_tls_loglevel=1"
+postconf -e "smtpd_tls_protocols = !SSLv2,!SSLv3"
+postconf -e "smtpd_tls_mandatory_protocols = !SSLv2,!SSLv3"
+postconf -e "smtpd_tls_loglevel = 1"
+postconf -e "smtp_tls_loglevel = 1"

 postconf -e "disable_vrfy_command = yes"
 postconf -e "smtpd_helo_required = yes"
@ -41,11 +42,20 @@ postconf -e "smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authe
 postconf -e "smtpd_relay_restrictions = permit_mynetworks, reject_unauth_destination"

 postconf -M "smtp/inet=smtp inet n - n - - smtpd -o smtpd_peername_lookup=no -o smtpd_timeout=30s"
-postconf -M "submission/inet=submission inet n - n - - smtpd -o syslog_name=postfix/submission -o smtpd_peername_lookup=no -o smtpd_tls_security_level=encrypt -o smtpd_tls_auth_only=yes -o smtpd_sasl_auth_enable=yes -o smtpd_relay_restrictions=permit_sasl_authenticated,reject -o smtpd_recipient_restrictions=permit_sasl_authenticated,reject"
-postconf -M "smtps/inet=smtps inet n - n - - smtpd -o syslog_name=postfix/smtps -o smtpd_peername_lookup=no -o smtpd_tls_wrappermode=yes -o smtpd_tls_auth_only=yes -o smtpd_sasl_auth_enable=yes -o smtpd_relay_restrictions=permit_sasl_authenticated,reject -o smtpd_recipient_restrictions=permit_sasl_authenticated,reject"
-postconf -M "pickup/unix=pickup   unix n - y 60 1 pickup"
-postconf -M "cleanup/unix=cleanup unix n - y -  0 cleanup"
-postconf -M "qmgr/unix=qmgr       unix n - n 300 1 qmgr"
+
+postconf -M "submission/inet=submission inet n - n - - smtpd \
+  -o syslog_name=postfix/submission \
+  -o smtpd_tls_security_level=encrypt \
+  -o smtpd_tls_auth_only=yes \
+  -o smtpd_sasl_auth_enable=yes \
+  -o smtpd_relay_restrictions=permit_sasl_authenticated,reject"
+
+postconf -M "smtps/inet=smtps inet n - n - - smtpd \
+  -o syslog_name=postfix/smtps \
+  -o smtpd_tls_wrappermode=yes \
+  -o smtpd_tls_auth_only=yes \
+  -o smtpd_sasl_auth_enable=yes \
+  -o smtpd_relay_restrictions=permit_sasl_authenticated,reject"

 install -d -o root -g postfix -m 750 /etc/postfix/sql

@ -77,5 +87,4 @@ CONF
 chown root:postfix /etc/postfix/sql/mysql-virtual-alias-maps.cf
 chmod 640 /etc/postfix/sql/mysql-virtual-alias-maps.cf

-# Nur aktivieren – Start/Reload erst nach App/DB in 90-services.sh
 systemctl enable postfix >/dev/null 2>&1 || true
--- a/scripts/80-app.sh
+++ b/scripts/80-app.sh
@ -158,6 +158,36 @@ VITE_DEV_ORIGIN=$(grep '^APP_URL=' "${ENV_FILE}" | cut -d= -f2-)
 CONF
 fi

+# Laravel Caches säubern und migrieren
+sudo -u "$APP_USER" -H bash -lc "cd ${APP_DIR} && php artisan optimize:clear"
+
+# Migration erzwingen (damit 'settings' & Co. existieren)
+sudo -u "$APP_USER" -H bash -lc "cd ${APP_DIR} && php artisan migrate --force"
+
+# System-Domain seeden, wenn eine echte Domain gesetzt wurde
+if [[ "${BASE_DOMAIN}" != "example.com" ]]; then
+  sudo -u "$APP_USER" -H bash -lc "cd ${APP_DIR} && php artisan db:seed --class=SystemDomainSeeder --no-interaction || true"
+fi
+
+sudo -u "$APP_USER" -H bash -lc "cd ${APP_DIR} && php artisan config:cache"
+
+# --- Frontend / Vite: einmaliger Build, wenn kein manifest.json vorhanden ---
+if [[ -f "${APP_DIR}/package.json" && ! -f "${APP_DIR}/public/build/manifest.json" ]]; then
+  # Node nur installieren, wenn nicht vorhanden
+  if ! command -v node >/dev/null 2>&1; then
+    curl -fsSL https://deb.nodesource.com/setup_22.x | bash -
+    apt-get install -y nodejs
+  fi
+
+  # Dependencies installieren (bevorzugt ci, Fallback auf install)
+  sudo -u "$APP_USER" -H bash -lc "cd ${APP_DIR} && (npm ci --no-audit --no-fund || npm install)"
+
+  # Build ausführen (wenn kein "build"-Script, nutze npx vite)
+  sudo -u "$APP_USER" -H bash -lc "cd ${APP_DIR} && (npm run build || npx --yes vite build)"
+fi
+
+sudo -u "$APP_USER" -H bash -lc "cd ${APP_DIR} && php artisan optimize:clear && php artisan config:cache"
+
 # Rechte & Laravel Cache
 chown -R "$APP_USER":"$APP_GROUP" "$APP_DIR"
 chmod -R u=rwX,g=rwX,o=rX "$APP_DIR"
--- a/scripts/90-services.sh
+++ b/scripts/90-services.sh
@ -2,7 +2,7 @@
 set -euo pipefail
 source ./lib.sh

-log "systemd Units (Reverb / Scheduler / Queue) …"
+log "systemd Units (Reverb / Scheduler / Queue / Mail) …"

 cat > /etc/systemd/system/${APP_USER}-ws.service <<EOF
 [Unit]
@ -82,7 +82,7 @@ chmod 664 /var/log/${APP_USER}-*.log

 systemctl daemon-reload

-# Optional: Reverb nur wenn vorhanden
+# App-Dienste
 if sudo -u "$APP_USER" -H bash -lc "cd ${APP_DIR} && php artisan list --no-ansi | grep -qE '(^| )reverb:start( |$)'"; then
  systemctl enable --now ${APP_USER}-ws
 else
@ -91,15 +91,21 @@ fi
 systemctl enable --now ${APP_USER}-schedule
 systemctl enable --now ${APP_USER}-queue

-# Web stack neu laden
+# Webstack
 systemctl reload nginx || true
 systemctl restart php*-fpm || true

-# Postfix/Dovecot erst nach Migration reloaden
+# Mail-Dienste JETZT starten (damit 25/465/587 offen sind)
+systemctl enable --now postfix
+systemctl enable --now dovecot
+
+# Falls DB-Migration schon durch: einmal reload
 db_ready(){ mysql -u"${DB_USER}" -p"${DB_PASS}" -h 127.0.0.1 -D "${DB_NAME}" -e "SHOW TABLES LIKE 'migrations'\G" >/dev/null 2>&1; }
 if db_ready; then
  systemctl reload postfix || true
  systemctl reload dovecot || true
-else
-  echo "[i] DB noch nicht migriert – überspringe Postfix/Dovecot reload."
-fi
+fi
+
+# Mini-Portcheck (hilft beim Installer-Output)
+echo "Listening (25/465/587):"
+ss -ltnp | awk '$4 ~ /:(25|465|587)$/ {print "  " $0}'
--- a/scripts/99-summary.sh
+++ b/scripts/99-summary.sh
@ -2,19 +2,80 @@
 set -euo pipefail
 source ./lib.sh

-scheme="http"
-[[ -f /etc/ssl/ui/fullchain.pem && -f /etc/ssl/ui/privkey.pem ]] && scheme="https"
+log(){ printf "\033[1;32m[+]\033[0m %s\n" "$*"; }
+ok(){  printf " [\033[1;32mOK\033[0m]\n"; }
+fail(){printf " [\033[1;31mFAIL\033[0m]\n"; }

-echo -e "
-${GREEN}${BAR}${NC}
-${GREEN}✔ ${APP_NAME} Bootstrap fertig${NC}
-${GREEN}${BAR}${NC}
-  Admin-User:  ${YELLOW}${ADMIN_USER}${NC}
-  Admin-Mail:  ${YELLOW}${ADMIN_EMAIL}${NC}
-  Passwort:    ${RED}${ADMIN_PASS}${NC}
+APP_USER="${APP_USER:-mailwolt}"
+APP_GROUP="${APP_GROUP:-www-data}"
+APP_DIR="${APP_DIR:-/var/www/${APP_USER}}"

-  Aufruf UI:   ${CYAN}${scheme}://${SERVER_PUBLIC_IPV4}${NC}
-  App Root:    ${GREY}${APP_DIR}${NC}
-  Nginx Site:  ${GREY}/etc/nginx/sites-available/${APP_USER}.conf${NC}
-  Mail-FQDN:   ${GREY}${MAIL_HOSTNAME}${NC}
-"
+UI_CERT="/etc/ssl/ui/fullchain.pem"
+UI_KEY="/etc/ssl/ui/privkey.pem"
+SCHEME="http"
+
+SERVER_PUBLIC_IPV4="$(detect_ip)"
+[[ -s "$UI_CERT" && -s "$UI_KEY" ]] && SCHEME="https"
+
+UI_HOST="${UI_HOST:-}"
+APP_URL="${APP_URL:-${SCHEME}://${SERVER_PUBLIC_IPV4}}"
+if [[ -n "$UI_HOST" ]]; then
+  APP_URL="${SCHEME}://${UI_HOST}"
+fi
+
+MAIL_HOSTNAME="${MAIL_HOSTNAME:-${SERVER_PUBLIC_IPV4}}"
+
+echo
+echo "──────────────────────────────────────────────────────────────────────────────"
+echo "✔ MailWolt Bootstrap fertig"
+echo "──────────────────────────────────────────────────────────────────────────────"
+printf "  Aufruf UI:   %s\n" "${APP_URL}"
+printf "  App Root:    %s\n" "${APP_DIR}"
+printf "  Nginx Site:  %s\n" "/etc/nginx/sites-available/${APP_USER}.conf"
+printf "  Mail-FQDN:   %s\n" "${MAIL_HOSTNAME}"
+echo
+echo "  Anmeldung:   Keine vordefinierten Admin-Daten."
+echo "               Bitte zuerst registrieren (Erst-User wird Admin, danach"
+echo "               wird die Registrierung automatisch gesperrt)."
+echo
+
+# -------- Services ----------
+printf "Services:\n"
+svc(){
+  local name="$1"
+  printf "  • %-10s … " "$name"
+  if systemctl is-active --quiet "$name"; then ok; else fail; fi
+}
+svc nginx
+svc mariadb
+svc redis-server
+svc postfix
+svc dovecot
+svc "${APP_USER}-ws"        || true
+svc "${APP_USER}-schedule"  || true
+svc "${APP_USER}-queue"     || true
+echo
+
+# -------- Ports / Smoke Test ----------
+echo "──────────────────────────────────────────────────────────────────────────────"
+echo " Smoke-Test (SMTP/IMAP/POP3 mit/ohne TLS)"
+echo "──────────────────────────────────────────────────────────────────────────────"
+
+check_port(){
+  local label="$1" cmd="$2"
+  printf "[%-3s] %-35s … " "$label" "$3"
+  if timeout 8s bash -lc "$cmd" >/dev/null 2>&1; then ok; else fail; fi
+}
+
+# SMTP family
+check_port "25"  'printf "QUIT\r\n" | nc -w 3 127.0.0.1 25'                  "SMTP (EHLO)"
+check_port "465" 'printf "QUIT\r\n" | openssl s_client -connect 127.0.0.1:465 -quiet -ign_eof' "SMTPS (TLS + EHLO)"
+check_port "587" 'printf "EHLO x\r\nSTARTTLS\r\nQUIT\r\n" | openssl s_client -starttls smtp -connect 127.0.0.1:587 -quiet -ign_eof' "Submission (STARTTLS)"
+
+# POP/IMAP
+check_port "110" 'printf "QUIT\r\n" | nc -w 3 127.0.0.1 110'                 "POP3 (QUIT)"
+check_port "995" 'printf "QUIT\r\n" | openssl s_client -connect 127.0.0.1:995 -quiet -ign_eof' "POP3S (TLS + QUIT)"
+check_port "143" 'printf ". CAPABILITY\r\n. LOGOUT\r\n" | nc -w 3 127.0.0.1 143' "IMAP (CAPABILITY/LOGOUT)"
+check_port "993" 'printf ". CAPABILITY\r\n. LOGOUT\r\n" | openssl s_client -connect 127.0.0.1:993 -quiet -ign_eof' "IMAPS (TLS + CAPABILITY/LOGOUT)"
+
+echo