From 21084616cbf75b48ba867a64a7ac6cbc204c02df Mon Sep 17 00:00:00 2001 From: boksbc Date: Thu, 16 Oct 2025 13:14:00 +0200 Subject: [PATCH] Laudende Default seite entfernen --- scripts/40-postfix.sh | 35 +++++++++++------ scripts/80-app.sh | 30 ++++++++++++++ scripts/90-services.sh | 20 ++++++---- scripts/99-summary.sh | 89 +++++++++++++++++++++++++++++++++++------- 4 files changed, 140 insertions(+), 34 deletions(-) diff --git a/scripts/40-postfix.sh b/scripts/40-postfix.sh index 71efe1a..364284f 100644 --- a/scripts/40-postfix.sh +++ b/scripts/40-postfix.sh @@ -7,6 +7,7 @@ MAIL_CERT="${MAIL_SSL_DIR}/fullchain.pem" MAIL_KEY="${MAIL_SSL_DIR}/privkey.pem" log "Postfix konfigurieren …" + postconf -e "myhostname = ${MAIL_HOSTNAME}" postconf -e "myorigin = \$myhostname" postconf -e "mydestination = " @@ -14,15 +15,15 @@ postconf -e "inet_interfaces = all" postconf -e "inet_protocols = ipv4" postconf -e "smtpd_banner = \$myhostname ESMTP" -postconf -e "smtpd_tls_cert_file=${MAIL_CERT}" -postconf -e "smtpd_tls_key_file=${MAIL_KEY}" +postconf -e "smtpd_tls_cert_file = ${MAIL_CERT}" +postconf -e "smtpd_tls_key_file = ${MAIL_KEY}" postconf -e "smtpd_tls_security_level = may" -postconf -e "smtp_tls_security_level = may" +postconf -e "smtp_tls_security_level = may" postconf -e "smtpd_tls_received_header = yes" -postconf -e "smtpd_tls_protocols=!SSLv2,!SSLv3" -postconf -e "smtpd_tls_mandatory_protocols=!SSLv2,!SSLv3" -postconf -e "smtpd_tls_loglevel=1" -postconf -e "smtp_tls_loglevel=1" +postconf -e "smtpd_tls_protocols = !SSLv2,!SSLv3" +postconf -e "smtpd_tls_mandatory_protocols = !SSLv2,!SSLv3" +postconf -e "smtpd_tls_loglevel = 1" +postconf -e "smtp_tls_loglevel = 1" postconf -e "disable_vrfy_command = yes" postconf -e "smtpd_helo_required = yes" @@ -41,11 +42,20 @@ postconf -e "smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authe postconf -e "smtpd_relay_restrictions = permit_mynetworks, reject_unauth_destination" postconf -M "smtp/inet=smtp inet n - n - - smtpd -o smtpd_peername_lookup=no -o smtpd_timeout=30s" -postconf -M "submission/inet=submission inet n - n - - smtpd -o syslog_name=postfix/submission -o smtpd_peername_lookup=no -o smtpd_tls_security_level=encrypt -o smtpd_tls_auth_only=yes -o smtpd_sasl_auth_enable=yes -o smtpd_relay_restrictions=permit_sasl_authenticated,reject -o smtpd_recipient_restrictions=permit_sasl_authenticated,reject" -postconf -M "smtps/inet=smtps inet n - n - - smtpd -o syslog_name=postfix/smtps -o smtpd_peername_lookup=no -o smtpd_tls_wrappermode=yes -o smtpd_tls_auth_only=yes -o smtpd_sasl_auth_enable=yes -o smtpd_relay_restrictions=permit_sasl_authenticated,reject -o smtpd_recipient_restrictions=permit_sasl_authenticated,reject" -postconf -M "pickup/unix=pickup unix n - y 60 1 pickup" -postconf -M "cleanup/unix=cleanup unix n - y - 0 cleanup" -postconf -M "qmgr/unix=qmgr unix n - n 300 1 qmgr" + +postconf -M "submission/inet=submission inet n - n - - smtpd \ + -o syslog_name=postfix/submission \ + -o smtpd_tls_security_level=encrypt \ + -o smtpd_tls_auth_only=yes \ + -o smtpd_sasl_auth_enable=yes \ + -o smtpd_relay_restrictions=permit_sasl_authenticated,reject" + +postconf -M "smtps/inet=smtps inet n - n - - smtpd \ + -o syslog_name=postfix/smtps \ + -o smtpd_tls_wrappermode=yes \ + -o smtpd_tls_auth_only=yes \ + -o smtpd_sasl_auth_enable=yes \ + -o smtpd_relay_restrictions=permit_sasl_authenticated,reject" install -d -o root -g postfix -m 750 /etc/postfix/sql @@ -77,5 +87,4 @@ CONF chown root:postfix /etc/postfix/sql/mysql-virtual-alias-maps.cf chmod 640 /etc/postfix/sql/mysql-virtual-alias-maps.cf -# Nur aktivieren – Start/Reload erst nach App/DB in 90-services.sh systemctl enable postfix >/dev/null 2>&1 || true \ No newline at end of file diff --git a/scripts/80-app.sh b/scripts/80-app.sh index 5268787..d6b2d47 100644 --- a/scripts/80-app.sh +++ b/scripts/80-app.sh @@ -158,6 +158,36 @@ VITE_DEV_ORIGIN=$(grep '^APP_URL=' "${ENV_FILE}" | cut -d= -f2-) CONF fi +# Laravel Caches säubern und migrieren +sudo -u "$APP_USER" -H bash -lc "cd ${APP_DIR} && php artisan optimize:clear" + +# Migration erzwingen (damit 'settings' & Co. existieren) +sudo -u "$APP_USER" -H bash -lc "cd ${APP_DIR} && php artisan migrate --force" + +# System-Domain seeden, wenn eine echte Domain gesetzt wurde +if [[ "${BASE_DOMAIN}" != "example.com" ]]; then + sudo -u "$APP_USER" -H bash -lc "cd ${APP_DIR} && php artisan db:seed --class=SystemDomainSeeder --no-interaction || true" +fi + +sudo -u "$APP_USER" -H bash -lc "cd ${APP_DIR} && php artisan config:cache" + +# --- Frontend / Vite: einmaliger Build, wenn kein manifest.json vorhanden --- +if [[ -f "${APP_DIR}/package.json" && ! -f "${APP_DIR}/public/build/manifest.json" ]]; then + # Node nur installieren, wenn nicht vorhanden + if ! command -v node >/dev/null 2>&1; then + curl -fsSL https://deb.nodesource.com/setup_22.x | bash - + apt-get install -y nodejs + fi + + # Dependencies installieren (bevorzugt ci, Fallback auf install) + sudo -u "$APP_USER" -H bash -lc "cd ${APP_DIR} && (npm ci --no-audit --no-fund || npm install)" + + # Build ausführen (wenn kein "build"-Script, nutze npx vite) + sudo -u "$APP_USER" -H bash -lc "cd ${APP_DIR} && (npm run build || npx --yes vite build)" +fi + +sudo -u "$APP_USER" -H bash -lc "cd ${APP_DIR} && php artisan optimize:clear && php artisan config:cache" + # Rechte & Laravel Cache chown -R "$APP_USER":"$APP_GROUP" "$APP_DIR" chmod -R u=rwX,g=rwX,o=rX "$APP_DIR" diff --git a/scripts/90-services.sh b/scripts/90-services.sh index 609f67b..6a69a4a 100644 --- a/scripts/90-services.sh +++ b/scripts/90-services.sh @@ -2,7 +2,7 @@ set -euo pipefail source ./lib.sh -log "systemd Units (Reverb / Scheduler / Queue) …" +log "systemd Units (Reverb / Scheduler / Queue / Mail) …" cat > /etc/systemd/system/${APP_USER}-ws.service </dev/null 2>&1; } if db_ready; then systemctl reload postfix || true systemctl reload dovecot || true -else - echo "[i] DB noch nicht migriert – überspringe Postfix/Dovecot reload." -fi \ No newline at end of file +fi + +# Mini-Portcheck (hilft beim Installer-Output) +echo "Listening (25/465/587):" +ss -ltnp | awk '$4 ~ /:(25|465|587)$/ {print " " $0}' \ No newline at end of file diff --git a/scripts/99-summary.sh b/scripts/99-summary.sh index a4f1759..38aad1c 100644 --- a/scripts/99-summary.sh +++ b/scripts/99-summary.sh @@ -2,19 +2,80 @@ set -euo pipefail source ./lib.sh -scheme="http" -[[ -f /etc/ssl/ui/fullchain.pem && -f /etc/ssl/ui/privkey.pem ]] && scheme="https" +log(){ printf "\033[1;32m[+]\033[0m %s\n" "$*"; } +ok(){ printf " [\033[1;32mOK\033[0m]\n"; } +fail(){printf " [\033[1;31mFAIL\033[0m]\n"; } -echo -e " -${GREEN}${BAR}${NC} -${GREEN}✔ ${APP_NAME} Bootstrap fertig${NC} -${GREEN}${BAR}${NC} - Admin-User: ${YELLOW}${ADMIN_USER}${NC} - Admin-Mail: ${YELLOW}${ADMIN_EMAIL}${NC} - Passwort: ${RED}${ADMIN_PASS}${NC} +APP_USER="${APP_USER:-mailwolt}" +APP_GROUP="${APP_GROUP:-www-data}" +APP_DIR="${APP_DIR:-/var/www/${APP_USER}}" - Aufruf UI: ${CYAN}${scheme}://${SERVER_PUBLIC_IPV4}${NC} - App Root: ${GREY}${APP_DIR}${NC} - Nginx Site: ${GREY}/etc/nginx/sites-available/${APP_USER}.conf${NC} - Mail-FQDN: ${GREY}${MAIL_HOSTNAME}${NC} -" \ No newline at end of file +UI_CERT="/etc/ssl/ui/fullchain.pem" +UI_KEY="/etc/ssl/ui/privkey.pem" +SCHEME="http" + +SERVER_PUBLIC_IPV4="$(detect_ip)" +[[ -s "$UI_CERT" && -s "$UI_KEY" ]] && SCHEME="https" + +UI_HOST="${UI_HOST:-}" +APP_URL="${APP_URL:-${SCHEME}://${SERVER_PUBLIC_IPV4}}" +if [[ -n "$UI_HOST" ]]; then + APP_URL="${SCHEME}://${UI_HOST}" +fi + +MAIL_HOSTNAME="${MAIL_HOSTNAME:-${SERVER_PUBLIC_IPV4}}" + +echo +echo "──────────────────────────────────────────────────────────────────────────────" +echo "✔ MailWolt Bootstrap fertig" +echo "──────────────────────────────────────────────────────────────────────────────" +printf " Aufruf UI: %s\n" "${APP_URL}" +printf " App Root: %s\n" "${APP_DIR}" +printf " Nginx Site: %s\n" "/etc/nginx/sites-available/${APP_USER}.conf" +printf " Mail-FQDN: %s\n" "${MAIL_HOSTNAME}" +echo +echo " Anmeldung: Keine vordefinierten Admin-Daten." +echo " Bitte zuerst registrieren (Erst-User wird Admin, danach" +echo " wird die Registrierung automatisch gesperrt)." +echo + +# -------- Services ---------- +printf "Services:\n" +svc(){ + local name="$1" + printf " • %-10s … " "$name" + if systemctl is-active --quiet "$name"; then ok; else fail; fi +} +svc nginx +svc mariadb +svc redis-server +svc postfix +svc dovecot +svc "${APP_USER}-ws" || true +svc "${APP_USER}-schedule" || true +svc "${APP_USER}-queue" || true +echo + +# -------- Ports / Smoke Test ---------- +echo "──────────────────────────────────────────────────────────────────────────────" +echo " Smoke-Test (SMTP/IMAP/POP3 mit/ohne TLS)" +echo "──────────────────────────────────────────────────────────────────────────────" + +check_port(){ + local label="$1" cmd="$2" + printf "[%-3s] %-35s … " "$label" "$3" + if timeout 8s bash -lc "$cmd" >/dev/null 2>&1; then ok; else fail; fi +} + +# SMTP family +check_port "25" 'printf "QUIT\r\n" | nc -w 3 127.0.0.1 25' "SMTP (EHLO)" +check_port "465" 'printf "QUIT\r\n" | openssl s_client -connect 127.0.0.1:465 -quiet -ign_eof' "SMTPS (TLS + EHLO)" +check_port "587" 'printf "EHLO x\r\nSTARTTLS\r\nQUIT\r\n" | openssl s_client -starttls smtp -connect 127.0.0.1:587 -quiet -ign_eof' "Submission (STARTTLS)" + +# POP/IMAP +check_port "110" 'printf "QUIT\r\n" | nc -w 3 127.0.0.1 110' "POP3 (QUIT)" +check_port "995" 'printf "QUIT\r\n" | openssl s_client -connect 127.0.0.1:995 -quiet -ign_eof' "POP3S (TLS + QUIT)" +check_port "143" 'printf ". CAPABILITY\r\n. LOGOUT\r\n" | nc -w 3 127.0.0.1 143' "IMAP (CAPABILITY/LOGOUT)" +check_port "993" 'printf ". CAPABILITY\r\n. LOGOUT\r\n" | openssl s_client -connect 127.0.0.1:993 -quiet -ign_eof' "IMAPS (TLS + CAPABILITY/LOGOUT)" + +echo \ No newline at end of file