#!/usr/bin/env bash set -euo pipefail source ./lib.sh # ───────────────────────────────────────────────────────────── # Schöner Abschluss-Summary mit Farben, Diensten & Smoke-Test # ───────────────────────────────────────────────────────────── # Farben & Symbole BOLD="\033[1m"; DIM="\033[2m"; NC="\033[0m" GREEN="\033[1;32m"; RED="\033[1;31m"; YELLOW="\033[1;33m"; CYAN="\033[1;36m"; GREY="\033[0;90m" OKS="${GREEN}OK${NC}"; FAILS="${RED}FAIL${NC}"; WARN="${YELLOW}!${NC}" PLUS="${GREEN}[+]${NC}" bar(){ printf "${CYAN}%s${NC}\n" "──────────────────────────────────────────────────────────────────────────────"; } log(){ printf "${GREEN}[+]${NC} %s\n" "$*"; } ok() { printf " [${OKS}]\n"; } fail(){ printf " [${FAILS}]\n"; } # Evtl. persistente Variablen laden (falls vom Installer geschrieben) set +u [ -r /etc/mailwolt/installer.env ] && . /etc/mailwolt/installer.env set -u # Defaults / Umgebung APP_USER="${APP_USER:-mailwolt}" APP_GROUP="${APP_GROUP:-www-data}" APP_DIR="${APP_DIR:-/var/www/${APP_USER}}" BASE_DOMAIN="${BASE_DOMAIN:-example.com}" UI_HOST="${UI_HOST:-}" WEBMAIL_HOST="${WEBMAIL_HOST:-}" MAIL_HOSTNAME="${MAIL_HOSTNAME:-}" APP_ENV="${APP_ENV:-production}" PROXY_MODE="${PROXY_MODE:-0}" NPM_IP="${NPM_IP:-}" LE_EMAIL="${LE_EMAIL:-admin@${BASE_DOMAIN}}" ACME_WEBROOT="/var/www/letsencrypt" # Zert-Pfade (werden idR via Hook symlinked) UI_CERT="/etc/ssl/ui/fullchain.pem" UI_KEY="/etc/ssl/ui/privkey.pem" WEBMAIL_CERT="/etc/ssl/webmail/fullchain.pem" MAIL_CERT="/etc/ssl/mail/fullchain.pem" # IPs SERVER_PUBLIC_IPV4="${SERVER_PUBLIC_IPV4:-$(detect_ip)}" SERVER_PUBLIC_IPV6="${SERVER_PUBLIC_IPV6:-$(detect_ipv6)}" # Scheme/URLs ableiten SCHEME="http" [[ -s "$UI_CERT" && -s "$UI_KEY" ]] && SCHEME="https" APP_URL="${SCHEME}://${UI_HOST:-$SERVER_PUBLIC_IPV4}" WEBMAIL_URL="${SCHEME}://${WEBMAIL_HOST:-$SERVER_PUBLIC_IPV4}" # Erkennen, ob die Zert-Symlinks auf LE zeigen (nur kosmetisch) real_target() { readlink -f -- "$1" 2>/dev/null || true; } UI_CERT_TARGET="$(real_target "$UI_CERT")" WEBMAIL_CERT_TARGET="$(real_target "$WEBMAIL_CERT")" MAIL_CERT_TARGET="$(real_target "$MAIL_CERT")" is_le(){ [[ "$1" == /etc/letsencrypt/live/*/fullchain.pem ]]; } UI_LE=$([[ -n "$UI_CERT_TARGET" ]] && is_le "$UI_CERT_TARGET" && echo "LE" || echo "self-signed/none") WEBMAIL_LE=$([[ -n "$WEBMAIL_CERT_TARGET" ]] && is_le "$WEBMAIL_CERT_TARGET" && echo "LE" || echo "self-signed/none") MAIL_LE=$([[ -n "$MAIL_CERT_TARGET" ]] && is_le "$MAIL_CERT_TARGET" && echo "LE" || echo "self-signed/none") echo bar printf " %s %s\n" "✔ MailWolt Bootstrap fertig" "" bar # Kopf-Infos printf " %-14s %s\n" "Aufruf UI:" "${APP_URL}" printf " %-14s %s\n" "Webmail:" "${WEBMAIL_URL}" printf " %-14s %s\n" "App Root:" "${APP_DIR}" printf " %-14s %s\n" "Mail-FQDN:" "${MAIL_HOSTNAME:-$SERVER_PUBLIC_IPV4}" printf " %-14s %s\n" "BASE_DOMAIN:" "${BASE_DOMAIN}" printf " %-14s %s\n" "LE-Email:" "${LE_EMAIL}" printf " %-14s %s\n" "APP_ENV:" "${APP_ENV}" [[ -v PROXY_MODE ]] && printf " %-14s %s\n" "Proxy-Mode:" "$([[ "$PROXY_MODE" = "1" ]] && echo "ja (NPM: ${NPM_IP:-unbekannt})" || echo "nein")"printf " %-14s %s\n" "Server IPv4:" "${SERVER_PUBLIC_IPV4}" printf " %-14s %s\n" "Server IPv6:" "${SERVER_PUBLIC_IPV6:-–}" printf " %-14s %s\n" "ACME Webroot:" "${ACME_WEBROOT}" echo printf " %-14s UI=%s, Webmail=%s, MX=%s\n" "Zertifikate:" "$UI_LE" "$WEBMAIL_LE" "$MAIL_LE" echo echo " Anmeldung: Keine vordefinierten Admin-Daten." echo " Bitte zuerst registrieren (Erst-User wird Admin, danach" echo " wird die Registrierung automatisch gesperrt)." echo # Dienste-Status bar echo " Services" bar OK_LIST=() FAIL_LIST=() svc(){ local unit="$1" label="${2:-$1}" printf " • %-18s … " "$label" if systemctl is-active --quiet "$unit"; then ok OK_LIST+=("$label") else fail FAIL_LIST+=("$label") fi } # Kern-Services svc nginx svc mariadb svc redis-server svc postfix svc dovecot # App-Worker (tolerant) svc "${APP_USER}-ws" "mailwolt-ws" || true svc "${APP_USER}-schedule" "mailwolt-schedule" || true svc "${APP_USER}-queue" "mailwolt-queue" || true # Kurze Zusammenfassung echo if ((${#OK_LIST[@]})); then printf " ${GREEN}OK:${NC} %s\n" "$(IFS=', '; echo "${OK_LIST[*]}")" fi if ((${#FAIL_LIST[@]})); then printf " ${RED}FAIL:${NC} %s\n" "$(IFS=', '; echo "${FAIL_LIST[*]}")" echo " ${YELLOW}Hinweis:${NC} Details mit: journalctl -u -b --no-pager" fi echo # Smoke-Test bar echo " Smoke-Test (SMTP/IMAP/POP3 mit/ohne TLS)" bar check_port(){ local tag="$1" cmd="$2" desc="$3" printf " [%-3s] %-35s … " "$tag" "$desc" if timeout 8s bash -lc "$cmd" >/dev/null 2>&1; then ok; else fail; fi } # ein kurzes Delay, damit frisch gestartete Dienste lauschen sleep 6 || true # SMTP check_port "25" 'printf "EHLO x\r\nQUIT\r\n" | nc -w 3 127.0.0.1 25' \ "SMTP (EHLO)" check_port "465" 'printf "QUIT\r\n" | openssl s_client -connect 127.0.0.1:465 -quiet -ign_eof' \ "SMTPS (TLS + EHLO)" check_port "587" 'printf "EHLO x\r\nSTARTTLS\r\nQUIT\r\n" | openssl s_client -starttls smtp -connect 127.0.0.1:587 -quiet -ign_eof' \ "Submission (STARTTLS)" # POP/IMAP check_port "110" 'printf "QUIT\r\n" | nc -w 3 127.0.0.1 110' \ "POP3 (QUIT)" check_port "995" 'printf "QUIT\r\n" | openssl s_client -connect 127.0.0.1:995 -quiet -ign_eof' \ "POP3S (TLS + QUIT)" check_port "143" 'printf ". CAPABILITY\r\n. LOGOUT\r\n" | nc -w 3 127.0.0.1 143' \ "IMAP (CAPABILITY/LOGOUT)" check_port "993" 'printf ". CAPABILITY\r\n. LOGOUT\r\n" | openssl s_client -connect 127.0.0.1:993 -quiet -ign_eof' \ "IMAPS (TLS + CAPABILITY/LOGOUT)" echo # Nützliche Hinweise am Ende if [[ "$UI_LE" != "LE" || "$WEBMAIL_LE" != "LE" ]]; then echo -e " ${YELLOW}Hinweis:${NC} UI/Webmail verwenden noch kein Let's-Encrypt-Zertifikat." echo -e " Prüfe Symlinks unter /etc/ssl/{ui,webmail} und den LE-Hook (21/75-Skripte)." echo fi if [[ "$PROXY_MODE" = "1" ]]; then echo -e " ${GREY}Proxy-Hinweis:${NC} App erwartet TLS am Proxy (keine https-Redirects im Backend)." echo fi