Laudende Default seite entfernen
parent
86d1ad1fae
commit
bb7d0f11d1
|
|
@ -1,5 +1,3 @@
|
|||
# im Repo-Wurzelverzeichnis:
|
||||
sudo tee config/nginx/site.conf.tmpl >/dev/null <<'EOF'
|
||||
# ===================== HTTP (Port 80) =====================
|
||||
server {
|
||||
listen 80 default_server;
|
||||
|
|
@ -16,15 +14,4 @@ server {
|
|||
}
|
||||
|
||||
# ===================== HTTPS (Port 443) ====================
|
||||
## __SSL_SERVER_BLOCK__
|
||||
EOF
|
||||
|
||||
# sicherheitshalber Default-Site entfernen (sonst doppelter default_server)
|
||||
sudo rm -f /etc/nginx/sites-enabled/default /etc/nginx/sites-available/default
|
||||
|
||||
# Nginx-Step erneut laufen lassen
|
||||
cd scripts
|
||||
sudo -E bash 70-nginx.sh
|
||||
|
||||
# Prüfen
|
||||
sudo nginx -t && sudo systemctl reload nginx
|
||||
## __SSL_SERVER_BLOCK__
|
||||
|
|
@ -27,44 +27,139 @@ sudo -u "$APP_USER" -H bash -lc "cd ${APP_DIR} && cp -n .env.example .env || tru
|
|||
grep -q '^APP_KEY=' "$ENV_FILE" || echo "APP_KEY=" >> "$ENV_FILE"
|
||||
sudo -u "$APP_USER" -H bash -lc "cd ${APP_DIR} && php artisan key:generate --force || true"
|
||||
|
||||
# APP_URL heuristisch
|
||||
APP_URL="http://${SERVER_PUBLIC_IPV4}"
|
||||
UI_CERT="/etc/ssl/ui/fullchain.pem"; UI_KEY="/etc/ssl/ui/privkey.pem"
|
||||
if [[ -f "$UI_CERT" && -f "$UI_KEY" && resolve_ok "$UI_HOST" ]]; then
|
||||
APP_URL="https://${UI_HOST}"
|
||||
# --- Hilfen -----------------------------------------------------------------
|
||||
# DNS-Check (A/AAAA zeigt auf SERVER_PUBLIC_IPV4) – kommt aus lib.sh
|
||||
# resolve_ok "$host" -> 0/1
|
||||
|
||||
# APP_HOST und APP_URL bestimmen
|
||||
APP_HOST_VAL="$SERVER_PUBLIC_IPV4"
|
||||
if [[ -n "${UI_HOST:-}" ]] && resolve_ok "$UI_HOST"; then
|
||||
APP_HOST_VAL="$UI_HOST"
|
||||
fi
|
||||
|
||||
upsert_env APP_NAME "${APP_NAME}"
|
||||
upsert_env APP_URL "${APP_URL}"
|
||||
upsert_env APP_ENV "production"
|
||||
upsert_env APP_DEBUG "false"
|
||||
upsert_env APP_LOCALE "${APP_LOCALE}"
|
||||
upsert_env APP_FALLBACK_LOCALE "en"
|
||||
upsert_env SERVER_PUBLIC_IPV4 "${SERVER_PUBLIC_IPV4}"
|
||||
upsert_env SERVER_PUBLIC_IPV6 "${SERVER_PUBLIC_IPV6}"
|
||||
UI_CERT="/etc/ssl/ui/fullchain.pem"
|
||||
UI_KEY="/etc/ssl/ui/privkey.pem"
|
||||
if [[ "$APP_HOST_VAL" = "$UI_HOST" ]]; then
|
||||
if [[ -f "$UI_CERT" && -f "$UI_KEY" ]]; then
|
||||
APP_URL_VAL="https://${UI_HOST}"
|
||||
else
|
||||
APP_URL_VAL="http://${UI_HOST}"
|
||||
fi
|
||||
else
|
||||
if [[ -f "$UI_CERT" && -f "$UI_KEY" ]]; then
|
||||
APP_URL_VAL="https://${SERVER_PUBLIC_IPV4}"
|
||||
else
|
||||
APP_URL_VAL="http://${SERVER_PUBLIC_IPV4}"
|
||||
fi
|
||||
fi
|
||||
|
||||
# --- .env schreiben (vollständig wie vorher) --------------------------------
|
||||
upsert_env APP_URL "${APP_URL_VAL}"
|
||||
upsert_env APP_HOST "${APP_HOST_VAL}"
|
||||
upsert_env APP_ADMIN_USER "${ADMIN_USER}"
|
||||
upsert_env APP_ADMIN_EMAIL "${ADMIN_EMAIL}"
|
||||
upsert_env APP_ADMIN_PASS "${ADMIN_PASS}"
|
||||
upsert_env APP_NAME "${APP_NAME}"
|
||||
upsert_env APP_ENV "${APP_ENV:-production}"
|
||||
upsert_env APP_DEBUG "${APP_DEBUG:-false}"
|
||||
|
||||
# Locale
|
||||
upsert_env APP_LOCALE "${APP_LOCALE:-de}"
|
||||
upsert_env APP_FALLBACK_LOCALE "en"
|
||||
|
||||
# Server IPs
|
||||
upsert_env SERVER_PUBLIC_IPV4 "${SERVER_PUBLIC_IPV4}"
|
||||
if [[ -n "${SERVER_PUBLIC_IPV6:-}" ]]; then
|
||||
upsert_env SERVER_PUBLIC_IPV6 "${SERVER_PUBLIC_IPV6}"
|
||||
else
|
||||
upsert_env SERVER_PUBLIC_IPV6 ""
|
||||
fi
|
||||
|
||||
# Hosts & LE
|
||||
upsert_env BASE_DOMAIN "${BASE_DOMAIN}"
|
||||
upsert_env UI_SUB "${UI_SUB}"
|
||||
upsert_env WEBMAIL_SUB "${WEBMAIL_SUB}"
|
||||
upsert_env SYSTEM_SUB "${SYSTEM_SUB}"
|
||||
upsert_env MTA_SUB "${MTA_SUB}"
|
||||
upsert_env LE_EMAIL "${LE_EMAIL:-admin@${BASE_DOMAIN}}"
|
||||
|
||||
# DB
|
||||
upsert_env DB_CONNECTION "mysql"
|
||||
upsert_env DB_HOST "127.0.0.1"
|
||||
upsert_env DB_PORT "3306"
|
||||
upsert_env DB_DATABASE "${DB_NAME}"
|
||||
upsert_env DB_USERNAME "${DB_USER}"
|
||||
upsert_env DB_PASSWORD "${DB_PASS}"
|
||||
upsert_env DB_HOST "127.0.0.1"
|
||||
upsert_env DB_PORT "3306"
|
||||
upsert_env DB_DATABASE "${DB_NAME}"
|
||||
upsert_env DB_USERNAME "${DB_USER}"
|
||||
upsert_env DB_PASSWORD "${DB_PASS}"
|
||||
|
||||
upsert_env CACHE_DRIVER "redis"
|
||||
upsert_env SESSION_DRIVER "redis"
|
||||
upsert_env REDIS_CLIENT "phpredis"
|
||||
upsert_env REDIS_HOST "127.0.0.1"
|
||||
upsert_env REDIS_PORT "6379"
|
||||
upsert_env REDIS_PASSWORD "${REDIS_PASS:-}"
|
||||
# Cache/Session/Redis
|
||||
upsert_env CACHE_SETTINGS_STORE "redis"
|
||||
upsert_env CACHE_STORE "redis"
|
||||
upsert_env CACHE_DRIVER "redis"
|
||||
upsert_env CACHE_PREFIX "${APP_USER_PREFIX}_cache:"
|
||||
upsert_env SESSION_DRIVER "redis"
|
||||
upsert_env SESSION_SECURE_COOKIE "true"
|
||||
upsert_env SESSION_SAMESITE "lax"
|
||||
upsert_env REDIS_CLIENT "phpredis"
|
||||
upsert_env REDIS_HOST "127.0.0.1"
|
||||
upsert_env REDIS_PORT "6379"
|
||||
upsert_env REDIS_PASSWORD "${REDIS_PASS:-}"
|
||||
upsert_env REDIS_DB "0"
|
||||
upsert_env REDIS_CACHE_DB "1"
|
||||
upsert_env REDIS_CACHE_CONNECTION "cache"
|
||||
upsert_env REDIS_CACHE_LOCK_CONNECTION "default"
|
||||
|
||||
# Reverb / Queue / Logs
|
||||
upsert_env BROADCAST_DRIVER "reverb"
|
||||
upsert_env QUEUE_CONNECTION "redis"
|
||||
upsert_env LOG_CHANNEL "daily"
|
||||
|
||||
# Reverb Credentials/Host
|
||||
upsert_env REVERB_APP_ID "${APP_USER_PREFIX}"
|
||||
# nur Generieren, wenn leer – sonst vorhandene Werte erhalten
|
||||
grep -q '^REVERB_APP_KEY=' "$ENV_FILE" || upsert_env REVERB_APP_KEY "${APP_USER_PREFIX}_$(openssl rand -hex 16)"
|
||||
grep -q '^REVERB_APP_SECRET=' "$ENV_FILE" || upsert_env REVERB_APP_SECRET "${APP_USER_PREFIX}_$(openssl rand -hex 32)"
|
||||
upsert_env REVERB_HOST "\${APP_HOST}"
|
||||
upsert_env REVERB_PORT "443"
|
||||
upsert_env REVERB_SCHEME "https"
|
||||
upsert_env REVERB_PATH "/ws"
|
||||
upsert_env REVERB_SCALING_ENABLED "true"
|
||||
upsert_env REVERB_SCALING_CHANNEL "reverb"
|
||||
|
||||
# Vite Expose
|
||||
upsert_env VITE_REVERB_APP_KEY "\${REVERB_APP_KEY}"
|
||||
upsert_env VITE_REVERB_HOST "\${REVERB_HOST}"
|
||||
upsert_env VITE_REVERB_PORT "\${REVERB_PORT}"
|
||||
upsert_env VITE_REVERB_SCHEME "\${REVERB_SCHEME}"
|
||||
upsert_env VITE_REVERB_PATH "\${REVERB_PATH}"
|
||||
|
||||
# Reverb Server (Backend)
|
||||
upsert_env REVERB_SERVER_APP_KEY "\${REVERB_APP_KEY}"
|
||||
upsert_env REVERB_SERVER_HOST "127.0.0.1"
|
||||
upsert_env REVERB_SERVER_PORT "8080"
|
||||
upsert_env REVERB_SERVER_PATH ""
|
||||
upsert_env REVERB_SERVER_SCHEME "http"
|
||||
|
||||
# DEV-Block (optional per DEV_MODE=1)
|
||||
DEV_MODE="${DEV_MODE:-0}"
|
||||
if [[ "$DEV_MODE" = "1" ]]; then
|
||||
# vor doppelten Blöcken schützen
|
||||
sed -i '/^# --- MailWolt DEV/,/^# --- \/MailWolt DEV/d' "${ENV_FILE}"
|
||||
cat >> "${ENV_FILE}" <<CONF
|
||||
# --- MailWolt DEV ---
|
||||
VITE_DEV_HOST=127.0.0.1
|
||||
VITE_DEV_PORT=5173
|
||||
VITE_HMR_PROTOCOL=wss
|
||||
VITE_HMR_CLIENT_PORT=443
|
||||
VITE_HMR_HOST=${SERVER_PUBLIC_IPV4}
|
||||
VITE_DEV_ORIGIN=$(grep '^APP_URL=' "${ENV_FILE}" | cut -d= -f2-)
|
||||
# --- /MailWolt DEV ---
|
||||
CONF
|
||||
fi
|
||||
|
||||
# Rechte & Laravel Cache
|
||||
chown -R "$APP_USER":"$APP_GROUP" "$APP_DIR"
|
||||
chmod -R u=rwX,g=rwX,o=rX "$APP_DIR"
|
||||
install -d -m 0775 -o "$APP_USER" -g "$APP_GROUP" "$APP_DIR/storage" "$APP_DIR/bootstrap/cache"
|
||||
|
||||
sudo -u "$APP_USER" -H bash -lc "cd ${APP_DIR} && php artisan optimize:clear && php artisan config:cache"
|
||||
sudo -u "$APP_USER" -H bash -lc "cd ${APP_DIR} && php artisan optimize:clear && php artisan config:cache"
|
||||
sudo systemctl restart php*-fpm || true
|
||||
|
|
@ -12,6 +12,44 @@ err(){ echo -e "${RED}[x]${NC} $*"; }
|
|||
die(){ err "$*"; exit 1; }
|
||||
require_root(){ [[ "$(id -u)" -eq 0 ]] || die "Bitte als root ausführen."; }
|
||||
|
||||
# --- Defaults, nur wenn noch nicht gesetzt ---------------------------------
|
||||
: "${APP_USER:=mailwolt}"
|
||||
: "${APP_GROUP:=www-data}"
|
||||
: "${APP_DIR:=/var/www/${APP_USER}}"
|
||||
|
||||
: "${APP_NAME:=MailWolt}"
|
||||
|
||||
: "${BASE_DOMAIN:=example.com}"
|
||||
: "${UI_SUB:=ui}"
|
||||
: "${WEBMAIL_SUB:=webmail}"
|
||||
: "${MTA_SUB:=mx}"
|
||||
: "${SYSTEM_SUB:=system}"
|
||||
|
||||
# DB / Redis (werden später durch .env überschrieben)
|
||||
: "${DB_NAME:=${APP_USER}}"
|
||||
: "${DB_USER:=${APP_USER}}"
|
||||
: "${DB_PASS:=changeme}"
|
||||
: "${REDIS_PASS:=changeme}"
|
||||
|
||||
# Stabile Zert-Pfade (UI/WEBMAIL/MX → symlinked via 20-ssl.sh)
|
||||
: "${MAIL_SSL_DIR:=/etc/ssl/mail}"
|
||||
: "${UI_SSL_DIR:=/etc/ssl/ui}"
|
||||
: "${WEBMAIL_SSL_DIR:=/etc/ssl/webmail}"
|
||||
: "${UI_CERT:=${UI_SSL_DIR}/fullchain.pem}"
|
||||
: "${UI_KEY:=${UI_SSL_DIR}/privkey.pem}"
|
||||
|
||||
# Optional: E-Mail für LE
|
||||
: "${LE_EMAIL:=admin@${BASE_DOMAIN}}"
|
||||
|
||||
load_env_file(){
|
||||
local f="$1"
|
||||
[[ -f "$f" ]] || return 0
|
||||
while IFS='=' read -r k v; do
|
||||
[[ "$k" =~ ^[A-Z0-9_]+$ ]] || continue
|
||||
export "$k=$v"
|
||||
done < <(grep -E '^[A-Z0-9_]+=' "$f")
|
||||
}
|
||||
|
||||
header(){ echo -e "${CYAN}${BAR}${NC}
|
||||
${CYAN} 888b d888 d8b 888 888 888 888 888
|
||||
${CYAN} 8888b d8888 Y8P 888 888 o 888 888 888
|
||||
|
|
|
|||
Loading…
Reference in New Issue