Laudende Default seite entfernen
parent
ff275f93c6
commit
73ad162612
|
|
@ -2,6 +2,7 @@
|
||||||
set -euo pipefail
|
set -euo pipefail
|
||||||
source ./lib.sh
|
source ./lib.sh
|
||||||
|
|
||||||
|
# Persistente Installer-Variablen (werden vom Wrapper gelesen)
|
||||||
install -d -m 0755 /etc/mailwolt
|
install -d -m 0755 /etc/mailwolt
|
||||||
cat >/etc/mailwolt/installer.env <<EOF
|
cat >/etc/mailwolt/installer.env <<EOF
|
||||||
UI_HOST=${UI_HOST}
|
UI_HOST=${UI_HOST}
|
||||||
|
|
@ -19,7 +20,7 @@ cat >/usr/local/sbin/mw-deploy.sh <<'WRAP'
|
||||||
#!/usr/bin/env bash
|
#!/usr/bin/env bash
|
||||||
set -euo pipefail
|
set -euo pipefail
|
||||||
|
|
||||||
# Installer-Variablen laden (UI_HOST, WEBMAIL_HOST, MAIL_HOSTNAME, optional LE_EMAIL etc.)
|
# Installer-Variablen laden
|
||||||
set +u
|
set +u
|
||||||
[ -r /etc/mailwolt/installer.env ] && . /etc/mailwolt/installer.env
|
[ -r /etc/mailwolt/installer.env ] && . /etc/mailwolt/installer.env
|
||||||
set -u
|
set -u
|
||||||
|
|
@ -28,37 +29,46 @@ UI_HOST="${UI_HOST:-}"
|
||||||
WEBMAIL_HOST="${WEBMAIL_HOST:-}"
|
WEBMAIL_HOST="${WEBMAIL_HOST:-}"
|
||||||
MAIL_HOSTNAME="${MAIL_HOSTNAME:-}"
|
MAIL_HOSTNAME="${MAIL_HOSTNAME:-}"
|
||||||
|
|
||||||
link_if() {
|
# --- Kopieren statt Symlinks (damit Laravel lesen kann) ---------------------
|
||||||
|
copy_cert() {
|
||||||
local le_base="$1" target_dir="$2"
|
local le_base="$1" target_dir="$2"
|
||||||
local cert="${le_base}/fullchain.pem"
|
local cert="${le_base}/fullchain.pem"
|
||||||
local key="${le_base}/privkey.pem"
|
local key="${le_base}/privkey.pem"
|
||||||
|
|
||||||
[[ -s "$cert" && -s "$key" ]] || return 0
|
[[ -s "$cert" && -s "$key" ]] || return 0
|
||||||
|
|
||||||
|
# Zielordner sicherstellen
|
||||||
install -d -m 0755 "$target_dir"
|
install -d -m 0755 "$target_dir"
|
||||||
ln -sf "$cert" "${target_dir}/fullchain.pem"
|
|
||||||
ln -sf "$key" "${target_dir}/privkey.pem"
|
# Falls vorher Symlinks existieren → entfernen, sonst würde "install" das Ziel des Links überschreiben
|
||||||
chmod 644 "${target_dir}/fullchain.pem" 2>/dev/null || true
|
[ -L "${target_dir}/fullchain.pem" ] && rm -f "${target_dir}/fullchain.pem"
|
||||||
chmod 600 "${target_dir}/privkey.pem" 2>/dev/null || true
|
[ -L "${target_dir}/privkey.pem" ] && rm -f "${target_dir}/privkey.pem"
|
||||||
echo "[+] Linked ${target_dir} -> ${le_base}"
|
|
||||||
|
# KOPIEREN mit sauberen Rechten (Chain world-readable, Key nur root)
|
||||||
|
install -m 0644 "$cert" "${target_dir}/fullchain.pem"
|
||||||
|
install -m 0600 "$key" "${target_dir}/privkey.pem"
|
||||||
|
|
||||||
|
echo "[+] Copied ${target_dir}/fullchain.pem und privkey.pem ← ${le_base}"
|
||||||
}
|
}
|
||||||
|
|
||||||
# Nur für Domains arbeiten, die im aktuellen Lauf erneuert/ausgestellt wurden
|
# Nur für Domains arbeiten, die in diesem Lauf betroffen sind
|
||||||
RDOMS=" ${RENEWED_DOMAINS:-} "
|
RDOMS=" ${RENEWED_DOMAINS:-} "
|
||||||
|
|
||||||
# UI
|
# UI
|
||||||
if [[ -n "$UI_HOST" && "$RDOMS" == *" ${UI_HOST} "* ]]; then
|
if [[ -n "$UI_HOST" && "$RDOMS" == *" ${UI_HOST} "* ]]; then
|
||||||
link_if "/etc/letsencrypt/live/${UI_HOST}" "/etc/ssl/ui"
|
copy_cert "/etc/letsencrypt/live/${UI_HOST}" "/etc/ssl/ui"
|
||||||
fi
|
fi
|
||||||
# Webmail
|
# Webmail
|
||||||
if [[ -n "$WEBMAIL_HOST" && "$RDOMS" == *" ${WEBMAIL_HOST} "* ]]; then
|
if [[ -n "$WEBMAIL_HOST" && "$RDOMS" == *" ${WEBMAIL_HOST} "* ]]; then
|
||||||
link_if "/etc/letsencrypt/live/${WEBMAIL_HOST}" "/etc/ssl/webmail"
|
copy_cert "/etc/letsencrypt/live/${WEBMAIL_HOST}" "/etc/ssl/webmail"
|
||||||
fi
|
fi
|
||||||
# MX
|
# MX
|
||||||
if [[ -n "$MAIL_HOSTNAME" && "$RDOMS" == *" ${MAIL_HOSTNAME} "* ]]; then
|
if [[ -n "$MAIL_HOSTNAME" && "$RDOMS" == *" ${MAIL_HOSTNAME} "* ]]; then
|
||||||
link_if "/etc/letsencrypt/live/${MAIL_HOSTNAME}" "/etc/ssl/mail"
|
copy_cert "/etc/letsencrypt/live/${MAIL_HOSTNAME}" "/etc/ssl/mail"
|
||||||
fi
|
fi
|
||||||
|
|
||||||
# Optional: TLSA via Laravel, falls App schon vorhanden (sonst still überspringen)
|
# Optional: TLSA via Laravel (still tolerant, falls App noch nicht gebaut)
|
||||||
if command -v php >/dev/null 2>&1 && [ -d /var/www/mailwolt ]; then
|
if command -v php >/dev/null 2>&1 && [ -d /var/www/mailwolt ] && [ -f /var/www/mailwolt/artisan ]; then
|
||||||
(cd /var/www/mailwolt && php artisan dns:tlsa:refresh) || true
|
(cd /var/www/mailwolt && php artisan dns:tlsa:refresh) || true
|
||||||
fi
|
fi
|
||||||
|
|
||||||
|
|
@ -69,7 +79,7 @@ fi
|
||||||
WRAP
|
WRAP
|
||||||
chmod +x /usr/local/sbin/mw-deploy.sh
|
chmod +x /usr/local/sbin/mw-deploy.sh
|
||||||
|
|
||||||
# 2) Certbot-Deploy-Hooks einrichten (ruft nur den Wrapper auf)
|
# 2) Certbot-Deploy-Hook: ruft den Wrapper bei jeder erfolgreichen Ausstellung/Renew auf
|
||||||
install -d -m 0755 /etc/letsencrypt/renewal-hooks/deploy
|
install -d -m 0755 /etc/letsencrypt/renewal-hooks/deploy
|
||||||
cat >/etc/letsencrypt/renewal-hooks/deploy/50-mailwolt-symlinks.sh <<'HOOK'
|
cat >/etc/letsencrypt/renewal-hooks/deploy/50-mailwolt-symlinks.sh <<'HOOK'
|
||||||
#!/usr/bin/env bash
|
#!/usr/bin/env bash
|
||||||
|
|
@ -79,6 +89,87 @@ chmod +x /etc/letsencrypt/renewal-hooks/deploy/50-mailwolt-symlinks.sh
|
||||||
|
|
||||||
log "[✓] MailWolt Deploy-Hook eingerichtet"
|
log "[✓] MailWolt Deploy-Hook eingerichtet"
|
||||||
|
|
||||||
|
##!/usr/bin/env bash
|
||||||
|
#set -euo pipefail
|
||||||
|
#source ./lib.sh
|
||||||
|
#
|
||||||
|
#install -d -m 0755 /etc/mailwolt
|
||||||
|
#cat >/etc/mailwolt/installer.env <<EOF
|
||||||
|
#UI_HOST=${UI_HOST}
|
||||||
|
#WEBMAIL_HOST=${WEBMAIL_HOST}
|
||||||
|
#MAIL_HOSTNAME=${MAIL_HOSTNAME}
|
||||||
|
#BASE_DOMAIN=${BASE_DOMAIN}
|
||||||
|
#LE_EMAIL=${LE_EMAIL:-admin@${BASE_DOMAIN}}
|
||||||
|
#APP_ENV=${APP_ENV:-production}
|
||||||
|
#EOF
|
||||||
|
#
|
||||||
|
#log "Let's Encrypt Deploy-Hooks und Wrapper anlegen …"
|
||||||
|
#
|
||||||
|
## 1) Wrapper, den Certbot bei Issue/Renew aufruft
|
||||||
|
#cat >/usr/local/sbin/mw-deploy.sh <<'WRAP'
|
||||||
|
##!/usr/bin/env bash
|
||||||
|
#set -euo pipefail
|
||||||
|
#
|
||||||
|
## Installer-Variablen laden (UI_HOST, WEBMAIL_HOST, MAIL_HOSTNAME, optional LE_EMAIL etc.)
|
||||||
|
#set +u
|
||||||
|
#[ -r /etc/mailwolt/installer.env ] && . /etc/mailwolt/installer.env
|
||||||
|
#set -u
|
||||||
|
#
|
||||||
|
#UI_HOST="${UI_HOST:-}"
|
||||||
|
#WEBMAIL_HOST="${WEBMAIL_HOST:-}"
|
||||||
|
#MAIL_HOSTNAME="${MAIL_HOSTNAME:-}"
|
||||||
|
#
|
||||||
|
#link_if() {
|
||||||
|
# local le_base="$1" target_dir="$2"
|
||||||
|
# local cert="${le_base}/fullchain.pem"
|
||||||
|
# local key="${le_base}/privkey.pem"
|
||||||
|
# [[ -s "$cert" && -s "$key" ]] || return 0
|
||||||
|
# install -d -m 0755 "$target_dir"
|
||||||
|
# ln -sf "$cert" "${target_dir}/fullchain.pem"
|
||||||
|
# ln -sf "$key" "${target_dir}/privkey.pem"
|
||||||
|
# chmod 644 "${target_dir}/fullchain.pem" 2>/dev/null || true
|
||||||
|
# chmod 600 "${target_dir}/privkey.pem" 2>/dev/null || true
|
||||||
|
# echo "[+] Linked ${target_dir} -> ${le_base}"
|
||||||
|
#}
|
||||||
|
#
|
||||||
|
## Nur für Domains arbeiten, die im aktuellen Lauf erneuert/ausgestellt wurden
|
||||||
|
#RDOMS=" ${RENEWED_DOMAINS:-} "
|
||||||
|
#
|
||||||
|
## UI
|
||||||
|
#if [[ -n "$UI_HOST" && "$RDOMS" == *" ${UI_HOST} "* ]]; then
|
||||||
|
# link_if "/etc/letsencrypt/live/${UI_HOST}" "/etc/ssl/ui"
|
||||||
|
#fi
|
||||||
|
## Webmail
|
||||||
|
#if [[ -n "$WEBMAIL_HOST" && "$RDOMS" == *" ${WEBMAIL_HOST} "* ]]; then
|
||||||
|
# link_if "/etc/letsencrypt/live/${WEBMAIL_HOST}" "/etc/ssl/webmail"
|
||||||
|
#fi
|
||||||
|
## MX
|
||||||
|
#if [[ -n "$MAIL_HOSTNAME" && "$RDOMS" == *" ${MAIL_HOSTNAME} "* ]]; then
|
||||||
|
# link_if "/etc/letsencrypt/live/${MAIL_HOSTNAME}" "/etc/ssl/mail"
|
||||||
|
#fi
|
||||||
|
#
|
||||||
|
## Optional: TLSA via Laravel, falls App schon vorhanden (sonst still überspringen)
|
||||||
|
#if command -v php >/dev/null 2>&1 && [ -d /var/www/mailwolt ]; then
|
||||||
|
# (cd /var/www/mailwolt && php artisan dns:tlsa:refresh) || true
|
||||||
|
#fi
|
||||||
|
#
|
||||||
|
## Nginx nur neu laden, wenn aktiv
|
||||||
|
#if systemctl is-active --quiet nginx; then
|
||||||
|
# systemctl reload nginx || true
|
||||||
|
#fi
|
||||||
|
#WRAP
|
||||||
|
#chmod +x /usr/local/sbin/mw-deploy.sh
|
||||||
|
#
|
||||||
|
## 2) Certbot-Deploy-Hooks einrichten (ruft nur den Wrapper auf)
|
||||||
|
#install -d -m 0755 /etc/letsencrypt/renewal-hooks/deploy
|
||||||
|
#cat >/etc/letsencrypt/renewal-hooks/deploy/50-mailwolt-symlinks.sh <<'HOOK'
|
||||||
|
##!/usr/bin/env bash
|
||||||
|
#exec /usr/local/sbin/mw-deploy.sh
|
||||||
|
#HOOK
|
||||||
|
#chmod +x /etc/letsencrypt/renewal-hooks/deploy/50-mailwolt-symlinks.sh
|
||||||
|
#
|
||||||
|
#log "[✓] MailWolt Deploy-Hook eingerichtet"
|
||||||
|
|
||||||
##!/usr/bin/env bash
|
##!/usr/bin/env bash
|
||||||
#set -euo pipefail
|
#set -euo pipefail
|
||||||
#source ./lib.sh
|
#source ./lib.sh
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue