From 26c01be12a39e98133c165ac100095c7737c331d Mon Sep 17 00:00:00 2001 From: boksbc Date: Fri, 17 Oct 2025 02:35:54 +0200 Subject: [PATCH] Laudende Default seite entfernen --- scripts/21-le-deploy-hook.sh | 279 ++++++++++++++++++++--------------- scripts/75-le-issue.sh | 138 +++++++++++++---- scripts/80-app.sh | 17 +++ scripts/99-summary.sh | 11 +- 4 files changed, 303 insertions(+), 142 deletions(-) diff --git a/scripts/21-le-deploy-hook.sh b/scripts/21-le-deploy-hook.sh index 01514ae..79691ee 100644 --- a/scripts/21-le-deploy-hook.sh +++ b/scripts/21-le-deploy-hook.sh @@ -2,133 +2,182 @@ set -euo pipefail source ./lib.sh -# ──────────────────────────────────────────────────────────────────────────── -# 21-le-deploy-hook.sh -# • legt /etc/mailwolt/installer.env an (falls fehlt) -# • erzeugt Deploy-Hooks: -# - 50-mailwolt-symlinks.sh → verlinkt LE-Zerts nach /etc/ssl/{ui,webmail,mail} -# - 60-mailwolt-tlsa.sh → aktualisiert TLSA (3 1 1) für MX bei jedem Renew -# • KEIN Reload von Postfix/Dovecot (kommt später im Installer) -# ──────────────────────────────────────────────────────────────────────────── +log "Let's Encrypt Deploy-Hooks und Wrapper anlegen …" -# 0) Hostnamen persistent speichern (für spätere Deploys) -install -d -m 0755 /etc/mailwolt -if [[ ! -f /etc/mailwolt/installer.env ]]; then - cat >/etc/mailwolt/installer.env </etc/letsencrypt/renewal-hooks/deploy/50-mailwolt-symlinks.sh </usr/local/sbin/mw-deploy.sh <<'WRAP' #!/usr/bin/env bash set -euo pipefail -UI_LE="/etc/letsencrypt/live/${UI_HOST}" -WEBMAIL_LE="/etc/letsencrypt/live/${WEBMAIL_HOST}" -MX_LE="/etc/letsencrypt/live/${MAIL_HOSTNAME}" - -UI_SSL_DIR="/etc/ssl/ui" -WEBMAIL_SSL_DIR="/etc/ssl/webmail" -MAIL_SSL_DIR="/etc/ssl/mail" - -# Zielverzeichnisse anlegen (einmalig) -install -d -m 0755 "\$UI_SSL_DIR" "\$WEBMAIL_SSL_DIR" "\$MAIL_SSL_DIR" - link_if() { - local le_base="\$1" target_dir="\$2" - local cert="\${le_base}/fullchain.pem" - local key="\${le_base}/privkey.pem" - [[ -s "\$cert" && -s "\$key" ]] || return 0 - ln -sf "\$cert" "\${target_dir}/fullchain.pem" - ln -sf "\$key" "\${target_dir}/privkey.pem" - chmod 644 "\${target_dir}/fullchain.pem" 2>/dev/null || true - chmod 600 "\${target_dir}/privkey.pem" 2>/dev/null || true - echo "[+] Linked \${target_dir} -> \${le_base}" + local le_base="$1" target_dir="$2" + local cert="${le_base}/fullchain.pem" + local key="${le_base}/privkey.pem" + [[ -s "$cert" && -s "$key" ]] || return 0 + install -d -m 0755 "$target_dir" + ln -sf "$cert" "${target_dir}/fullchain.pem" + ln -sf "$key" "${target_dir}/privkey.pem" + chmod 644 "${target_dir}/fullchain.pem" 2>/dev/null || true + chmod 600 "${target_dir}/privkey.pem" 2>/dev/null || true + echo "[+] Linked ${target_dir} -> ${le_base}" } -# Verlinken (nur wenn Host konfiguriert) -[[ -n "${UI_HOST}" ]] && link_if "\$UI_LE" "\$UI_SSL_DIR" -[[ -n "${WEBMAIL_HOST}" ]] && link_if "\$WEBMAIL_LE" "\$WEBMAIL_SSL_DIR" -[[ -n "${MAIL_HOSTNAME}" ]] && link_if "\$MX_LE" "\$MAIL_SSL_DIR" +UI_HOST="${UI_HOST:-}" +WEBMAIL_HOST="${WEBMAIL_HOST:-}" +MAIL_HOSTNAME="${MAIL_HOSTNAME:-}" + +[[ -n "$UI_HOST" ]] && link_if "/etc/letsencrypt/live/${UI_HOST}" "/etc/ssl/ui" +[[ -n "$WEBMAIL_HOST" ]] && link_if "/etc/letsencrypt/live/${WEBMAIL_HOST}" "/etc/ssl/webmail" +[[ -n "$MAIL_HOSTNAME" ]] && link_if "/etc/letsencrypt/live/${MAIL_HOSTNAME}" "/etc/ssl/mail" -# Nur reloaden, wenn Nginx aktiv ist (Installer startet ihn später erst) if systemctl is-active --quiet nginx; then systemctl reload nginx || true fi +WRAP + +chmod +x /usr/local/sbin/mw-deploy.sh + +# 2) Certbot Deploy-Hook-Verzeichnis + Symlink für Renewals +install -d -m 0755 /etc/letsencrypt/renewal-hooks/deploy +cat >/etc/letsencrypt/renewal-hooks/deploy/50-mailwolt-symlinks.sh <<'HOOK' +#!/usr/bin/env bash +exec /usr/local/sbin/mw-deploy.sh HOOK chmod +x /etc/letsencrypt/renewal-hooks/deploy/50-mailwolt-symlinks.sh -# ──────────────────────────────────────────────────────────────────────────── -# 3) 60-mailwolt-tlsa.sh -# → nutzt Laravel, falls vorhanden; sonst Fallback mit OpenSSL. -# → schreibt nur, wenn sich der Hash geändert hat (idempotent) -# ──────────────────────────────────────────────────────────────────────────── -cat >/etc/letsencrypt/renewal-hooks/deploy/60-mailwolt-tlsa.sh <<'HOOK' -#!/usr/bin/env bash -set -euo pipefail +log "[✓] MailWolt Deploy-Hook eingerichtet" -# installer.env lesen -set +u -[ -r /etc/mailwolt/installer.env ] && . /etc/mailwolt/installer.env -set -u - -APP_ENV_VAL="${APP_ENV:-production}" -BASE_DOMAIN_VAL="${BASE_DOMAIN:-example.com}" - -case "$APP_ENV_VAL" in - local|dev|development) exit 0 ;; -esac -[ "$BASE_DOMAIN_VAL" = "example.com" ] && exit 0 - -MX_HOST="${MAIL_HOSTNAME:-}" -SERVICE="_25._tcp" -DNS_DIR="/etc/mailwolt/dns" -OUT_FILE="${DNS_DIR}/${MX_HOST}.tlsa.txt" - -# Nur reagieren, wenn MX-Zertifikat betroffen war -case " ${RENEWED_DOMAINS:-} " in - *" ${MX_HOST} "*) ;; - *) exit 0 ;; -esac - -CERT="${RENEWED_LINEAGE}/fullchain.pem" -[ -s "$CERT" ] || exit 0 - -# Wenn Laravel vorhanden ist → interner Command (DB + Datei idempotent) -if command -v php >/dev/null 2>&1 && [ -d /var/www/mailwolt ]; then - cd /var/www/mailwolt || exit 0 - php artisan dns:tlsa:refresh || true - exit 0 -fi - -# Fallback: nur Datei aktualisieren, wenn Hash sich ändert -HASH="$(openssl x509 -in "$CERT" -noout -pubkey \ - | openssl pkey -pubin -outform DER \ - | openssl dgst -sha256 | sed 's/^.*= //')" -NEW_LINE="${SERVICE}.${MX_HOST}. IN TLSA 3 1 1 ${HASH}" - -mkdir -p "$DNS_DIR" - -if [ -r "$OUT_FILE" ] && grep -q "IN TLSA" "$OUT_FILE"; then - if grep -q "$HASH" "$OUT_FILE"; then - echo "[TLSA] Unverändert – kein Update nötig." - exit 0 - fi -fi - -echo "$NEW_LINE" > "$OUT_FILE" -echo "[TLSA] Aktualisiert: $NEW_LINE" -HOOK -chmod +x /etc/letsencrypt/renewal-hooks/deploy/60-mailwolt-tlsa.sh - -# ──────────────────────────────────────────────────────────────────────────── -echo "[✓] Deploy-Hooks installiert." \ No newline at end of file +##!/usr/bin/env bash +#set -euo pipefail +#source ./lib.sh +# +## ──────────────────────────────────────────────────────────────────────────── +## 21-le-deploy-hook.sh +## • legt /etc/mailwolt/installer.env an (falls fehlt) +## • erzeugt Deploy-Hooks: +## - 50-mailwolt-symlinks.sh → verlinkt LE-Zerts nach /etc/ssl/{ui,webmail,mail} +## - 60-mailwolt-tlsa.sh → aktualisiert TLSA (3 1 1) für MX bei jedem Renew +## • KEIN Reload von Postfix/Dovecot (kommt später im Installer) +## ──────────────────────────────────────────────────────────────────────────── +# +## 0) Hostnamen persistent speichern (für spätere Deploys) +#install -d -m 0755 /etc/mailwolt +#if [[ ! -f /etc/mailwolt/installer.env ]]; then +# cat >/etc/mailwolt/installer.env </etc/letsencrypt/renewal-hooks/deploy/50-mailwolt-symlinks.sh </dev/null || true +# chmod 600 "\${target_dir}/privkey.pem" 2>/dev/null || true +# echo "[+] Linked \${target_dir} -> \${le_base}" +#} +# +## Verlinken (nur wenn Host konfiguriert) +#[[ -n "${UI_HOST}" ]] && link_if "\$UI_LE" "\$UI_SSL_DIR" +#[[ -n "${WEBMAIL_HOST}" ]] && link_if "\$WEBMAIL_LE" "\$WEBMAIL_SSL_DIR" +#[[ -n "${MAIL_HOSTNAME}" ]] && link_if "\$MX_LE" "\$MAIL_SSL_DIR" +# +## Nur reloaden, wenn Nginx aktiv ist (Installer startet ihn später erst) +#if systemctl is-active --quiet nginx; then +# systemctl reload nginx || true +#fi +#HOOK +#chmod +x /etc/letsencrypt/renewal-hooks/deploy/50-mailwolt-symlinks.sh +# +## ──────────────────────────────────────────────────────────────────────────── +## 3) 60-mailwolt-tlsa.sh +## → nutzt Laravel, falls vorhanden; sonst Fallback mit OpenSSL. +## → schreibt nur, wenn sich der Hash geändert hat (idempotent) +## ──────────────────────────────────────────────────────────────────────────── +#cat >/etc/letsencrypt/renewal-hooks/deploy/60-mailwolt-tlsa.sh <<'HOOK' +##!/usr/bin/env bash +#set -euo pipefail +# +## installer.env lesen +#set +u +#[ -r /etc/mailwolt/installer.env ] && . /etc/mailwolt/installer.env +#set -u +# +#APP_ENV_VAL="${APP_ENV:-production}" +#BASE_DOMAIN_VAL="${BASE_DOMAIN:-example.com}" +# +#case "$APP_ENV_VAL" in +# local|dev|development) exit 0 ;; +#esac +#[ "$BASE_DOMAIN_VAL" = "example.com" ] && exit 0 +# +#MX_HOST="${MAIL_HOSTNAME:-}" +#SERVICE="_25._tcp" +#DNS_DIR="/etc/mailwolt/dns" +#OUT_FILE="${DNS_DIR}/${MX_HOST}.tlsa.txt" +# +## Nur reagieren, wenn MX-Zertifikat betroffen war +#case " ${RENEWED_DOMAINS:-} " in +# *" ${MX_HOST} "*) ;; +# *) exit 0 ;; +#esac +# +#CERT="${RENEWED_LINEAGE}/fullchain.pem" +#[ -s "$CERT" ] || exit 0 +# +## Wenn Laravel vorhanden ist → interner Command (DB + Datei idempotent) +#if command -v php >/dev/null 2>&1 && [ -d /var/www/mailwolt ]; then +# cd /var/www/mailwolt || exit 0 +# php artisan dns:tlsa:refresh || true +# exit 0 +#fi +# +## Fallback: nur Datei aktualisieren, wenn Hash sich ändert +#HASH="$(openssl x509 -in "$CERT" -noout -pubkey \ +# | openssl pkey -pubin -outform DER \ +# | openssl dgst -sha256 | sed 's/^.*= //')" +#NEW_LINE="${SERVICE}.${MX_HOST}. IN TLSA 3 1 1 ${HASH}" +# +#mkdir -p "$DNS_DIR" +# +#if [ -r "$OUT_FILE" ] && grep -q "IN TLSA" "$OUT_FILE"; then +# if grep -q "$HASH" "$OUT_FILE"; then +# echo "[TLSA] Unverändert – kein Update nötig." +# exit 0 +# fi +#fi +# +#echo "$NEW_LINE" > "$OUT_FILE" +#echo "[TLSA] Aktualisiert: $NEW_LINE" +#HOOK +#chmod +x /etc/letsencrypt/renewal-hooks/deploy/60-mailwolt-tlsa.sh +# +## ──────────────────────────────────────────────────────────────────────────── +#echo "[✓] Deploy-Hooks installiert." \ No newline at end of file diff --git a/scripts/75-le-issue.sh b/scripts/75-le-issue.sh index d3ff276..190212c 100644 --- a/scripts/75-le-issue.sh +++ b/scripts/75-le-issue.sh @@ -5,21 +5,26 @@ source ./lib.sh ACME_WEBROOT="/var/www/letsencrypt" install -d -m 0755 "${ACME_WEBROOT}/.well-known/acme-challenge" +# Let's Encrypt: Staging optional aktivieren (keine echten Zertifikate) CERTBOT_EXTRA=() -LE_STAGING="${LE_STAGING:-0}" # 1 = Let's Encrypt Staging aktivieren +LE_STAGING="${LE_STAGING:-0}" # 1 = Staging [[ "$LE_STAGING" = "1" ]] && CERTBOT_EXTRA+=(--test-cert) +# Einheitliche LE-E-Mail mit Fallback +LE_MAIL="${LE_EMAIL:-admin@${BASE_DOMAIN}}" + +# DNS-Auflösung gegen unsere bekannte(n) IP(s) prüfen (nur als Warnsignal) resolve_ok() { local host="$1" local pats=() [[ -n "${SERVER_PUBLIC_IPV4:-}" ]] && pats+=("${SERVER_PUBLIC_IPV4//./\\.}") [[ -n "${SERVER_PUBLIC_IPV6:-}" ]] && pats+=("${SERVER_PUBLIC_IPV6//:/\\:}") - # Wenn gar nichts bekannt ist, lieber nicht blockieren: [[ ${#pats[@]} -eq 0 ]] && return 0 getent ahosts "$host" | awk '{print $1}' | sort -u \ | grep -Eq "^($(IFS='|'; echo "${pats[*]}"))$" } +# HTTP-01 Erreichbarkeit schnell antesten (IPv4/IPv6) probe_http() { local host="$1" echo test > "${ACME_WEBROOT}/.well-known/acme-challenge/_probe" @@ -27,43 +32,124 @@ probe_http() { || curl -fsS --max-time 5 -6 "http://${host}/.well-known/acme-challenge/_probe" >/dev/null } +# Ein Zertifikat für einen Host ausstellen issue() { local host="$1" + [[ -z "$host" ]] && return 0 + echo "[i] Versuche LE für ${host} …" - resolve_ok "$host" || { echo "[!] DNS zeigt (noch) nicht hierher – skip ${host}"; return 0; } + + if ! resolve_ok "$host"; then + echo "[!] DNS zeigt (noch) nicht hierher – überspringe: ${host}" + return 0 + fi if ! probe_http "$host"; then echo "[!] ACME-HTTP-Check für ${host} fehlgeschlagen (Port 80/IPv6/Firewall/Nginx prüfen)." + # wir versuchen es trotzdem – Certbot meldet sich, falls es scheitert fi - # MX: Key beibehalten (TLSA 3 1 1 bleibt stabil) + # Für MX den Key wiederverwenden (stabiler TLSA-Hash 3 1 1) EXTRA_ARGS=() - [[ "$host" == "$MAIL_HOSTNAME" ]] && EXTRA_ARGS+=(--reuse-key) + [[ "${host}" == "${MAIL_HOSTNAME}" ]] && EXTRA_ARGS+=(--reuse-key) - certbot certonly --agree-tos -m "${LE_EMAIL:-admin@${BASE_DOMAIN}}" \ - --non-interactive --webroot -w "$ACME_WEBROOT" -d "$host" \ + certbot certonly \ + --agree-tos -m "${LE_MAIL}" --non-interactive \ + --webroot -w "${ACME_WEBROOT}" -d "${host}" \ + --deploy-hook /usr/local/sbin/mw-deploy.sh \ "${EXTRA_ARGS[@]}" "${CERTBOT_EXTRA[@]}" || true } -if [[ "$BASE_DOMAIN" != "example.com" ]]; then - issue "$UI_HOST" - issue "$WEBMAIL_HOST" - issue "$MAIL_HOSTNAME" +# ----------------------------------------------------------------------------- +# Hauptlauf +# ----------------------------------------------------------------------------- +if [[ "${BASE_DOMAIN}" != "example.com" ]]; then + issue "${UI_HOST:-}" + issue "${WEBMAIL_HOST:-}" + issue "${MAIL_HOSTNAME:-}" -run-parts /etc/letsencrypt/renewal-hooks/deploy || true -systemctl reload nginx || true - - # TLSA direkt einmal schreiben (Hook macht es bei Renewals sowieso) - MX_CERT="/etc/letsencrypt/live/${MAIL_HOSTNAME}/fullchain.pem" - if [[ -s "$MX_CERT" ]]; then - HASH="$(openssl x509 -in "$MX_CERT" -noout -pubkey \ - | openssl pkey -pubin -outform DER \ - | openssl dgst -sha256 | sed 's/^.*= //')" - TLSA_LINE="_25._tcp.${MAIL_HOSTNAME}. IN TLSA 3 1 1 ${HASH}" - install -d -m 0755 /etc/mailwolt/dns - echo "${TLSA_LINE}" > "/etc/mailwolt/dns/${MAIL_HOSTNAME}.tlsa.txt" - echo "[TLSA] ${TLSA_LINE}" + # Der Deploy-Hook hat Symlinks bereits gesetzt und nginx ggf. neu geladen. + # Optional trotzdem manuell ausführen (harmlos, hilft bei exotischen Setups): + if [[ -d /etc/letsencrypt/renewal-hooks/deploy ]]; then + run-parts /etc/letsencrypt/renewal-hooks/deploy || true + fi + if systemctl is-active --quiet nginx; then + systemctl reload nginx || true fi else - echo "[i] BASE_DOMAIN=example.com – LE wird übersprungen." -fi \ No newline at end of file + echo "[i] BASE_DOMAIN=example.com – LE-Ausstellung wird übersprungen." +fi + +##!/usr/bin/env bash +#set -euo pipefail +#source ./lib.sh +# +#ACME_WEBROOT="/var/www/letsencrypt" +#install -d -m 0755 "${ACME_WEBROOT}/.well-known/acme-challenge" +# +#CERTBOT_EXTRA=() +#LE_STAGING="${LE_STAGING:-0}" # 1 = Let's Encrypt Staging aktivieren +#[[ "$LE_STAGING" = "1" ]] && CERTBOT_EXTRA+=(--test-cert) +# +#resolve_ok() { +# local host="$1" +# local pats=() +# [[ -n "${SERVER_PUBLIC_IPV4:-}" ]] && pats+=("${SERVER_PUBLIC_IPV4//./\\.}") +# [[ -n "${SERVER_PUBLIC_IPV6:-}" ]] && pats+=("${SERVER_PUBLIC_IPV6//:/\\:}") +# # Wenn gar nichts bekannt ist, lieber nicht blockieren: +# [[ ${#pats[@]} -eq 0 ]] && return 0 +# getent ahosts "$host" | awk '{print $1}' | sort -u \ +# | grep -Eq "^($(IFS='|'; echo "${pats[*]}"))$" +#} +# +#probe_http() { +# local host="$1" +# echo test > "${ACME_WEBROOT}/.well-known/acme-challenge/_probe" +# curl -fsS --max-time 5 -4 "http://${host}/.well-known/acme-challenge/_probe" >/dev/null \ +# || curl -fsS --max-time 5 -6 "http://${host}/.well-known/acme-challenge/_probe" >/dev/null +#} +# +#issue() { +# local host="$1" +# echo "[i] Versuche LE für ${host} …" +# resolve_ok "$host" || { echo "[!] DNS zeigt (noch) nicht hierher – skip ${host}"; return 0; } +# +# if ! probe_http "$host"; then +# echo "[!] ACME-HTTP-Check für ${host} fehlgeschlagen (Port 80/IPv6/Firewall/Nginx prüfen)." +# fi +# +# # MX: Key beibehalten (TLSA 3 1 1 bleibt stabil) +# EXTRA_ARGS=() +# [[ "$host" == "$MAIL_HOSTNAME" ]] && EXTRA_ARGS+=(--reuse-key) +# +# certbot certonly --agree-tos -m "$LE_EMAIL" --non-interactive \ +# --webroot -w "$ACME_WEBROOT" -d "$UI_HOST" \ +# --deploy-hook /usr/local/sbin/mw-deploy.sh +# +# certbot certonly --agree-tos -m "${LE_EMAIL:-admin@${BASE_DOMAIN}}" \ +# --non-interactive --webroot -w "$ACME_WEBROOT" -d "$host" \ +# "${EXTRA_ARGS[@]}" "${CERTBOT_EXTRA[@]}" || true +#} +# +#if [[ "$BASE_DOMAIN" != "example.com" ]]; then +# issue "$UI_HOST" +# issue "$WEBMAIL_HOST" +# issue "$MAIL_HOSTNAME" +# +#run-parts /etc/letsencrypt/renewal-hooks/deploy || true +#systemctl reload nginx || true +# +# # TLSA direkt einmal schreiben (Hook macht es bei Renewals sowieso) +# MX_CERT="/etc/letsencrypt/live/${MAIL_HOSTNAME}/fullchain.pem" +# if [[ -s "$MX_CERT" ]]; then +# HASH="$(openssl x509 -in "$MX_CERT" -noout -pubkey \ +# | openssl pkey -pubin -outform DER \ +# | openssl dgst -sha256 | sed 's/^.*= //')" +# TLSA_LINE="_25._tcp.${MAIL_HOSTNAME}. IN TLSA 3 1 1 ${HASH}" +# install -d -m 0755 /etc/mailwolt/dns +# echo "${TLSA_LINE}" > "/etc/mailwolt/dns/${MAIL_HOSTNAME}.tlsa.txt" +# echo "[TLSA] ${TLSA_LINE}" +# fi +#else +# echo "[i] BASE_DOMAIN=example.com – LE wird übersprungen." +#fi \ No newline at end of file diff --git a/scripts/80-app.sh b/scripts/80-app.sh index 6924cb2..ab46db5 100644 --- a/scripts/80-app.sh +++ b/scripts/80-app.sh @@ -2,6 +2,16 @@ set -euo pipefail source ./lib.sh +relink_and_reload() { + if [[ -d /etc/letsencrypt/renewal-hooks/deploy ]]; then + run-parts /etc/letsencrypt/renewal-hooks/deploy || true + fi + # Nur reloaden, wenn nginx läuft (während Erstinstallation evtl. noch nicht aktiv) + if systemctl is-active --quiet nginx; then + systemctl reload nginx || true + fi +} + log "App bereitstellen …" mkdir -p "$(dirname "$APP_DIR")" chown -R "$APP_USER":"$APP_GROUP" "$(dirname "$APP_DIR")" @@ -163,6 +173,9 @@ VITE_DEV_ORIGIN=$(grep '^APP_URL=' "${ENV_FILE}" | cut -d= -f2-) CONF fi +# --- LE-Symlinks & Nginx (vor Seeder), damit UI/Webmail schon LE-Zert nutzen --- +relink_and_reload + # Laravel Caches säubern und migrieren sudo -u "$APP_USER" -H bash -lc "cd ${APP_DIR} && php artisan optimize:clear" @@ -193,10 +206,14 @@ fi sudo -u "$APP_USER" -H bash -lc "cd ${APP_DIR} && php artisan optimize:clear && php artisan config:cache" + # Rechte & Laravel Cache chown -R "$APP_USER":"$APP_GROUP" "$APP_DIR" chmod -R u=rwX,g=rwX,o=rX "$APP_DIR" install -d -m 0775 -o "$APP_USER" -g "$APP_GROUP" "$APP_DIR/storage" "$APP_DIR/bootstrap/cache" sudo -u "$APP_USER" -H bash -lc "cd ${APP_DIR} && php artisan optimize:clear && php artisan config:cache" + +relink_and_reload + sudo systemctl restart php*-fpm || true \ No newline at end of file diff --git a/scripts/99-summary.sh b/scripts/99-summary.sh index c47fd31..28d9d29 100644 --- a/scripts/99-summary.sh +++ b/scripts/99-summary.sh @@ -67,6 +67,7 @@ UI_LE=$([[ -n "$UI_CERT_TARGET" ]] && is_le "$UI_CERT_TARGET" && echo "LE" || ec WEBMAIL_LE=$([[ -n "$WEBMAIL_CERT_TARGET" ]] && is_le "$WEBMAIL_CERT_TARGET" && echo "LE" || echo "self-signed/none") MAIL_LE=$([[ -n "$MAIL_CERT_TARGET" ]] && is_le "$MAIL_CERT_TARGET" && echo "LE" || echo "self-signed/none") + echo bar printf " %s %s\n" "✔ MailWolt Bootstrap fertig" "" @@ -80,7 +81,15 @@ printf " %-14s %s\n" "Mail-FQDN:" "${MAIL_HOSTNAME:-$SERVER_PUBLIC_IPV4}" printf " %-14s %s\n" "BASE_DOMAIN:" "${BASE_DOMAIN}" printf " %-14s %s\n" "LE-Email:" "${LE_EMAIL}" printf " %-14s %s\n" "APP_ENV:" "${APP_ENV}" -[[ -v PROXY_MODE ]] && printf " %-14s %s\n" "Proxy-Mode:" "$([[ "$PROXY_MODE" = "1" ]] && echo "ja (NPM: ${NPM_IP:-unbekannt})" || echo "nein")"printf " %-14s %s\n" "Server IPv4:" "${SERVER_PUBLIC_IPV4}" +if [[ -n "${PROXY_MODE:-}" ]]; then + if [[ "$PROXY_MODE" = "1" ]]; then + printf " %-14s %s\n" "Proxy-Mode:" "ja (NPM: ${NPM_IP:-unbekannt})" + elif [[ "$PROXY_MODE" = "dev" ]]; then + printf " %-14s %s\n" "Proxy-Mode:" "Entwicklungsmodus" + else + printf " %-14s %s\n" "Proxy-Mode:" "nein" + fi +fi printf " %-14s %s\n" "Server IPv6:" "${SERVER_PUBLIC_IPV6:-–}" printf " %-14s %s\n" "ACME Webroot:" "${ACME_WEBROOT}"