#!/usr/bin/env bash set -euo pipefail source ./lib.sh # ───────────────────────────────────────────────────────────── # MailWolt – Abschluss / Summary (Dienste, Zertifikate, Smoke-Test) # ───────────────────────────────────────────────────────────── # Farben & Deko NC="\033[0m"; BOLD="\033[1m"; DIM="\033[2m" GREEN="\033[1;32m"; RED="\033[1;31m"; YELLOW="\033[1;33m"; CYAN="\033[1;36m"; GREY="\033[0;90m" OKS="${GREEN}OK${NC}"; FAILS="${RED}FAIL${NC}" bar(){ printf "${CYAN}%s${NC}\n" "──────────────────────────────────────────────────────────────────────────────"; } ok(){ printf " [${OKS}]\n"; } fail(){ printf " [${FAILS}]\n"; } # Installer-Variablen laden (falls vorhanden) set +u [ -r /etc/mailwolt/installer.env ] && . /etc/mailwolt/installer.env set -u # Defaults / Umgebung APP_USER="${APP_USER:-mailwolt}" APP_GROUP="${APP_GROUP:-www-data}" APP_DIR="${APP_DIR:-/var/www/${APP_USER}}" BASE_DOMAIN="${BASE_DOMAIN:-example.com}" UI_HOST="${UI_HOST:-}" WEBMAIL_HOST="${WEBMAIL_HOST:-}" MAIL_HOSTNAME="${MAIL_HOSTNAME:-}" APP_ENV="${APP_ENV:-production}" PROXY_MODE="${PROXY_MODE:-}" # leer = nicht anzeigen; "1"=Proxy, "dev"=Dev, sonst "nein" NPM_IP="${NPM_IP:-}" LE_EMAIL="${LE_EMAIL:-admin@${BASE_DOMAIN}}" ACME_WEBROOT="/var/www/letsencrypt" # Zert-Pfade (werden via Hook nach /etc/ssl/* verlinkt) UI_CERT="/etc/ssl/ui/fullchain.pem" UI_KEY="/etc/ssl/ui/privkey.pem" WEBMAIL_CERT="/etc/ssl/webmail/fullchain.pem" MAIL_CERT="/etc/ssl/mail/fullchain.pem" # IPs (aus lib.sh) SERVER_PUBLIC_IPV4="${SERVER_PUBLIC_IPV4:-$(detect_ip)}" SERVER_PUBLIC_IPV6="${SERVER_PUBLIC_IPV6:-$(detect_ipv6)}" # URLs (https nur, wenn UI-Cert+Key vorhanden) SCHEME="http" [[ -s "$UI_CERT" && -s "$UI_KEY" ]] && SCHEME="https" APP_URL="${SCHEME}://${UI_HOST:-$SERVER_PUBLIC_IPV4}" WEBMAIL_URL="${SCHEME}://${WEBMAIL_HOST:-$SERVER_PUBLIC_IPV4}" # Ziel eines Symlinks auflösen real_target(){ readlink -f -- "$1" 2>/dev/null || true; } # "LE" werten, wenn live/* ODER archive/* (auch fullchainN.pem) getroffen wird is_le_path(){ local p="$1" [[ "$p" == /etc/letsencrypt/live/*/fullchain.pem || "$p" == /etc/letsencrypt/archive/*/fullchain*.pem ]] } UI_CERT_TARGET="$(real_target "$UI_CERT")" WEBMAIL_CERT_TARGET="$(real_target "$WEBMAIL_CERT")" MAIL_CERT_TARGET="$(real_target "$MAIL_CERT")" is_le_path() { case "$1" in /etc/letsencrypt/live/*) return 0 ;; *) return 1 ;; esac } # robust gegen set -u: immer ${var:-} UI_LE="self-signed/none" if [ -s "${UI_CERT:-}" ] && [ -n "${UI_CERT_TARGET:-}" ] && is_le_path "${UI_CERT_TARGET:-}"; then UI_LE="LE" fi WEBMAIL_LE="self-signed/none" if [ -s "${WEBMAIL_CERT:-}" ] && [ -n "${WEBMAIL_CERT_TARGET:-}" ] && is_le_path "${WEBMAIL_CERT_TARGET:-}"; then WEBMAIL_LE="LE" fi MAIL_LE="self-signed/none" if [ -s "${MAIL_CERT:-}" ] && [ -n "${MAIL_CERT_TARGET:-}" ] && is_le_path "${MAIL_CERT_TARGET:-}"; then MAIL_LE="LE" fi echo bar printf " %s\n" "✔ MailWolt Bootstrap fertig" bar # Kopf-Infos printf " %-14s %s\n" "Aufruf UI:" "${APP_URL}" printf " %-14s %s\n" "Webmail:" "${WEBMAIL_URL}" printf " %-14s %s\n" "App Root:" "${APP_DIR}" printf " %-14s %s\n" "Mail-FQDN:" "${MAIL_HOSTNAME:-$SERVER_PUBLIC_IPV4}" printf " %-14s %s\n" "BASE_DOMAIN:" "${BASE_DOMAIN}" printf " %-14s %s\n" "LE-Email:" "${LE_EMAIL}" printf " %-14s %s\n" "APP_ENV:" "${APP_ENV}" # Proxy-Block nur anzeigen, wenn Variable gesetzt ist if [[ -n "$PROXY_MODE" ]]; then if [[ "$PROXY_MODE" == "1" ]]; then printf " %-14s %s\n" "Proxy-Mode:" "ja (NPM: ${NPM_IP:-unbekannt})" elif [[ "$PROXY_MODE" == "dev" ]]; then printf " %-14s %s\n" "Proxy-Mode:" "Entwicklungsmodus" else printf " %-14s %s\n" "Proxy-Mode:" "nein" fi fi printf " %-14s %s\n" "Server IPv6:" "${SERVER_PUBLIC_IPV6:-–}" printf " %-14s %s\n" "ACME Webroot:" "${ACME_WEBROOT}" echo printf " %-14s UI=%s, Webmail=%s, MX=%s\n" "Zertifikate:" "$UI_LE" "$WEBMAIL_LE" "$MAIL_LE" echo echo " Anmeldung: Keine vordefinierten Admin-Daten." echo " Bitte zuerst registrieren (Erst-User wird Admin, danach" echo " wird die Registrierung automatisch gesperrt)." echo # ── Dienste ──────────────────────────────────────────────────────────────── bar echo " Services" bar OK_LIST=() FAIL_LIST=() svc(){ local unit="$1" label="${2:-$1}" printf " • %-18s … " "$label" if systemctl is-active --quiet "$unit"; then ok OK_LIST+=("$label") else fail FAIL_LIST+=("$label") fi } # Kern-Services svc nginx svc mariadb svc redis-server svc postfix svc dovecot # App-Worker (tolerant) svc "${APP_USER}-ws" "mailwolt-ws" || true svc "${APP_USER}-schedule" "mailwolt-schedule" || true svc "${APP_USER}-queue" "mailwolt-queue" || true echo if ((${#OK_LIST[@]})); then printf " ${GREEN}OK:${NC} %s\n" "$(IFS=', '; echo "${OK_LIST[*]}")" fi if ((${#FAIL_LIST[@]})); then printf " ${RED}FAIL:${NC} %s\n" "$(IFS=', '; echo "${FAIL_LIST[*]}")" echo " ${YELLOW}Hinweis:${NC} Details mit: journalctl -u -b --no-pager" fi echo # ── Smoke-Test ───────────────────────────────────────────────────────────── bar echo " Smoke-Test (SMTP/IMAP/POP3 mit/ohne TLS)" bar check_port(){ local tag="$1" cmd="$2" desc="$3" printf " [%-3s] %-35s … " "$tag" "$desc" if timeout 8s bash -lc "$cmd" >/dev/null 2>&1; then ok; else fail; fi } # kleines Delay nach Erststart sleep 6 || true # SMTP check_port "25" 'printf "EHLO x\r\nQUIT\r\n" | nc -w 3 127.0.0.1 25' \ "SMTP (EHLO)" check_port "465" 'printf "QUIT\r\n" | openssl s_client -connect 127.0.0.1:465 -quiet -ign_eof' \ "SMTPS (TLS + EHLO)" check_port "587" 'printf "EHLO x\r\nSTARTTLS\r\nQUIT\r\n" | openssl s_client -starttls smtp -connect 127.0.0.1:587 -quiet -ign_eof' \ "Submission (STARTTLS)" # POP/IMAP check_port "110" 'printf "QUIT\r\n" | nc -w 3 127.0.0.1 110' \ "POP3 (QUIT)" check_port "995" 'printf "QUIT\r\n" | openssl s_client -connect 127.0.0.1:995 -quiet -ign_eof' \ "POP3S (TLS + QUIT)" check_port "143" 'printf ". CAPABILITY\r\n. LOGOUT\r\n" | nc -w 3 127.0.0.1 143' \ "IMAP (CAPABILITY/LOGOUT)" check_port "993" 'printf ". CAPABILITY\r\n. LOGOUT\r\n" | openssl s_client -connect 127.0.0.1:993 -quiet -ign_eof' \ "IMAPS (TLS + CAPABILITY/LOGOUT)" echo # Hinweise nur ausgeben, wenn wirklich kein LE für UI/Webmail if [[ "$UI_LE" != "LE" || "$WEBMAIL_LE" != "LE" ]]; then echo -e " ${YELLOW}Hinweis:${NC} UI/Webmail verwenden noch kein Let's-Encrypt-Zertifikat." echo -e " Prüfe Symlinks unter /etc/ssl/{ui,webmail} und den LE-Hook (21/75-Skripte)." echo fi # Proxy-Info (optional) if [[ "$PROXY_MODE" == "1" ]]; then echo -e " ${GREY}Proxy-Hinweis:${NC} App erwartet TLS am Proxy (Backend ohne https-Redirects)." echo fi