Laudende Default seite entfernen
parent
73ad162612
commit
9c25464e1c
|
|
@ -37,37 +37,46 @@ copy_cert() {
|
|||
|
||||
[[ -s "$cert" && -s "$key" ]] || return 0
|
||||
|
||||
# Zielordner sicherstellen
|
||||
install -d -m 0755 "$target_dir"
|
||||
|
||||
# Falls vorher Symlinks existieren → entfernen, sonst würde "install" das Ziel des Links überschreiben
|
||||
# Vorhandene Symlinks entfernen, sonst kopierst du in die LE-Datei hinein
|
||||
[ -L "${target_dir}/fullchain.pem" ] && rm -f "${target_dir}/fullchain.pem"
|
||||
[ -L "${target_dir}/privkey.pem" ] && rm -f "${target_dir}/privkey.pem"
|
||||
|
||||
# KOPIEREN mit sauberen Rechten (Chain world-readable, Key nur root)
|
||||
# Echte Dateien ablegen
|
||||
install -m 0644 "$cert" "${target_dir}/fullchain.pem"
|
||||
install -m 0600 "$key" "${target_dir}/privkey.pem"
|
||||
|
||||
echo "[+] Copied ${target_dir}/fullchain.pem und privkey.pem ← ${le_base}"
|
||||
}
|
||||
|
||||
# Nur für Domains arbeiten, die in diesem Lauf betroffen sind
|
||||
# Nur Domains bearbeiten, die in diesem Lauf betroffen sind.
|
||||
# Bei manchen Distros ist RENEWED_DOMAINS auf Erst-issue leer -> Fallback nutzen.
|
||||
RDOMS=" ${RENEWED_DOMAINS:-} "
|
||||
did_any=0
|
||||
|
||||
# UI
|
||||
if [[ -n "$UI_HOST" && "$RDOMS" == *" ${UI_HOST} "* ]]; then
|
||||
copy_cert "/etc/letsencrypt/live/${UI_HOST}" "/etc/ssl/ui"
|
||||
fi
|
||||
# Webmail
|
||||
if [[ -n "$WEBMAIL_HOST" && "$RDOMS" == *" ${WEBMAIL_HOST} "* ]]; then
|
||||
copy_cert "/etc/letsencrypt/live/${WEBMAIL_HOST}" "/etc/ssl/webmail"
|
||||
fi
|
||||
# MX
|
||||
if [[ -n "$MAIL_HOSTNAME" && "$RDOMS" == *" ${MAIL_HOSTNAME} "* ]]; then
|
||||
copy_cert "/etc/letsencrypt/live/${MAIL_HOSTNAME}" "/etc/ssl/mail"
|
||||
maybe_copy_for() {
|
||||
local host="$1" dir="$2"
|
||||
[[ -z "$host" ]] && return 0
|
||||
if [[ "$RDOMS" == *" ${host} "* ]]; then
|
||||
copy_cert "/etc/letsencrypt/live/${host}" "${dir}"
|
||||
did_any=1
|
||||
fi
|
||||
}
|
||||
|
||||
# 1) Normalfall: nur die vom Certbot gemeldeten Hosts kopieren
|
||||
maybe_copy_for "$UI_HOST" "/etc/ssl/ui"
|
||||
maybe_copy_for "$WEBMAIL_HOST" "/etc/ssl/webmail"
|
||||
maybe_copy_for "$MAIL_HOSTNAME" "/etc/ssl/mail"
|
||||
|
||||
# 2) Fallback: Beim Erstlauf/Edge-Cases alles kopieren, was bereits existiert
|
||||
if [[ "$did_any" -eq 0 ]]; then
|
||||
[[ -n "$UI_HOST" && -d "/etc/letsencrypt/live/${UI_HOST}" ]] && copy_cert "/etc/letsencrypt/live/${UI_HOST}" "/etc/ssl/ui"
|
||||
[[ -n "$WEBMAIL_HOST" && -d "/etc/letsencrypt/live/${WEBMAIL_HOST}" ]] && copy_cert "/etc/letsencrypt/live/${WEBMAIL_HOST}" "/etc/ssl/webmail"
|
||||
[[ -n "$MAIL_HOSTNAME" && -d "/etc/letsencrypt/live/${MAIL_HOSTNAME}"]] && copy_cert "/etc/letsencrypt/live/${MAIL_HOSTNAME}"/etc/ssl/mail
|
||||
fi
|
||||
|
||||
# Optional: TLSA via Laravel (still tolerant, falls App noch nicht gebaut)
|
||||
# Optional: TLSA via Laravel (tolerant, falls App noch nicht gebaut)
|
||||
if command -v php >/dev/null 2>&1 && [ -d /var/www/mailwolt ] && [ -f /var/www/mailwolt/artisan ]; then
|
||||
(cd /var/www/mailwolt && php artisan dns:tlsa:refresh) || true
|
||||
fi
|
||||
|
|
@ -81,14 +90,105 @@ chmod +x /usr/local/sbin/mw-deploy.sh
|
|||
|
||||
# 2) Certbot-Deploy-Hook: ruft den Wrapper bei jeder erfolgreichen Ausstellung/Renew auf
|
||||
install -d -m 0755 /etc/letsencrypt/renewal-hooks/deploy
|
||||
cat >/etc/letsencrypt/renewal-hooks/deploy/50-mailwolt-symlinks.sh <<'HOOK'
|
||||
cat >/etc/letsencrypt/renewal-hooks/deploy/50-mailwolt-certs.sh <<'HOOK'
|
||||
#!/usr/bin/env bash
|
||||
exec /usr/local/sbin/mw-deploy.sh
|
||||
HOOK
|
||||
chmod +x /etc/letsencrypt/renewal-hooks/deploy/50-mailwolt-symlinks.sh
|
||||
chmod +x /etc/letsencrypt/renewal-hooks/deploy/50-mailwolt-certs.sh
|
||||
|
||||
log "[✓] MailWolt Deploy-Hook eingerichtet"
|
||||
|
||||
##!/usr/bin/env bash
|
||||
#set -euo pipefail
|
||||
#source ./lib.sh
|
||||
#
|
||||
## Persistente Installer-Variablen (werden vom Wrapper gelesen)
|
||||
#install -d -m 0755 /etc/mailwolt
|
||||
#cat >/etc/mailwolt/installer.env <<EOF
|
||||
#UI_HOST=${UI_HOST}
|
||||
#WEBMAIL_HOST=${WEBMAIL_HOST}
|
||||
#MAIL_HOSTNAME=${MAIL_HOSTNAME}
|
||||
#BASE_DOMAIN=${BASE_DOMAIN}
|
||||
#LE_EMAIL=${LE_EMAIL:-admin@${BASE_DOMAIN}}
|
||||
#APP_ENV=${APP_ENV:-production}
|
||||
#EOF
|
||||
#
|
||||
#log "Let's Encrypt Deploy-Hooks und Wrapper anlegen …"
|
||||
#
|
||||
## 1) Wrapper, den Certbot bei Issue/Renew aufruft
|
||||
#cat >/usr/local/sbin/mw-deploy.sh <<'WRAP'
|
||||
##!/usr/bin/env bash
|
||||
#set -euo pipefail
|
||||
#
|
||||
## Installer-Variablen laden
|
||||
#set +u
|
||||
#[ -r /etc/mailwolt/installer.env ] && . /etc/mailwolt/installer.env
|
||||
#set -u
|
||||
#
|
||||
#UI_HOST="${UI_HOST:-}"
|
||||
#WEBMAIL_HOST="${WEBMAIL_HOST:-}"
|
||||
#MAIL_HOSTNAME="${MAIL_HOSTNAME:-}"
|
||||
#
|
||||
## --- Kopieren statt Symlinks (damit Laravel lesen kann) ---------------------
|
||||
#copy_cert() {
|
||||
# local le_base="$1" target_dir="$2"
|
||||
# local cert="${le_base}/fullchain.pem"
|
||||
# local key="${le_base}/privkey.pem"
|
||||
#
|
||||
# [[ -s "$cert" && -s "$key" ]] || return 0
|
||||
#
|
||||
# # Zielordner sicherstellen
|
||||
# install -d -m 0755 "$target_dir"
|
||||
#
|
||||
# # Falls vorher Symlinks existieren → entfernen, sonst würde "install" das Ziel des Links überschreiben
|
||||
# [ -L "${target_dir}/fullchain.pem" ] && rm -f "${target_dir}/fullchain.pem"
|
||||
# [ -L "${target_dir}/privkey.pem" ] && rm -f "${target_dir}/privkey.pem"
|
||||
#
|
||||
# # KOPIEREN mit sauberen Rechten (Chain world-readable, Key nur root)
|
||||
# install -m 0644 "$cert" "${target_dir}/fullchain.pem"
|
||||
# install -m 0600 "$key" "${target_dir}/privkey.pem"
|
||||
#
|
||||
# echo "[+] Copied ${target_dir}/fullchain.pem und privkey.pem ← ${le_base}"
|
||||
#}
|
||||
#
|
||||
## Nur für Domains arbeiten, die in diesem Lauf betroffen sind
|
||||
#RDOMS=" ${RENEWED_DOMAINS:-} "
|
||||
#
|
||||
## UI
|
||||
#if [[ -n "$UI_HOST" && "$RDOMS" == *" ${UI_HOST} "* ]]; then
|
||||
# copy_cert "/etc/letsencrypt/live/${UI_HOST}" "/etc/ssl/ui"
|
||||
#fi
|
||||
## Webmail
|
||||
#if [[ -n "$WEBMAIL_HOST" && "$RDOMS" == *" ${WEBMAIL_HOST} "* ]]; then
|
||||
# copy_cert "/etc/letsencrypt/live/${WEBMAIL_HOST}" "/etc/ssl/webmail"
|
||||
#fi
|
||||
## MX
|
||||
#if [[ -n "$MAIL_HOSTNAME" && "$RDOMS" == *" ${MAIL_HOSTNAME} "* ]]; then
|
||||
# copy_cert "/etc/letsencrypt/live/${MAIL_HOSTNAME}" "/etc/ssl/mail"
|
||||
#fi
|
||||
#
|
||||
## Optional: TLSA via Laravel (still tolerant, falls App noch nicht gebaut)
|
||||
#if command -v php >/dev/null 2>&1 && [ -d /var/www/mailwolt ] && [ -f /var/www/mailwolt/artisan ]; then
|
||||
# (cd /var/www/mailwolt && php artisan dns:tlsa:refresh) || true
|
||||
#fi
|
||||
#
|
||||
## Nginx nur neu laden, wenn aktiv
|
||||
#if systemctl is-active --quiet nginx; then
|
||||
# systemctl reload nginx || true
|
||||
#fi
|
||||
#WRAP
|
||||
#chmod +x /usr/local/sbin/mw-deploy.sh
|
||||
#
|
||||
## 2) Certbot-Deploy-Hook: ruft den Wrapper bei jeder erfolgreichen Ausstellung/Renew auf
|
||||
#install -d -m 0755 /etc/letsencrypt/renewal-hooks/deploy
|
||||
#cat >/etc/letsencrypt/renewal-hooks/deploy/50-mailwolt-symlinks.sh <<'HOOK'
|
||||
##!/usr/bin/env bash
|
||||
#exec /usr/local/sbin/mw-deploy.sh
|
||||
#HOOK
|
||||
#chmod +x /etc/letsencrypt/renewal-hooks/deploy/50-mailwolt-symlinks.sh
|
||||
#
|
||||
#log "[✓] MailWolt Deploy-Hook eingerichtet"
|
||||
|
||||
##!/usr/bin/env bash
|
||||
#set -euo pipefail
|
||||
#source ./lib.sh
|
||||
|
|
|
|||
Loading…
Reference in New Issue