boban
/
mailwolt-installer
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
mailwolt-installer/scripts/99-summary.sh

212 lines
7.3 KiB
Bash
Raw Permalink Blame History

This file contains ambiguous Unicode characters!

This file contains ambiguous Unicode characters that may be confused with others in your current locale. If your use case is intentional and legitimate, you can safely ignore this warning. Use the Escape button to highlight these characters.

#!/usr/bin/env bash
set -euo pipefail
source ./lib.sh
# ─────────────────────────────────────────────────────────────
# MailWolt Abschluss / Summary (Dienste, Zertifikate, Smoke-Test)
# ─────────────────────────────────────────────────────────────
# Farben & Deko
NC="\033[0m"; BOLD="\033[1m"; DIM="\033[2m"
GREEN="\033[1;32m"; RED="\033[1;31m"; YELLOW="\033[1;33m"; CYAN="\033[1;36m"; GREY="\033[0;90m"
OKS="${GREEN}OK${NC}"; FAILS="${RED}FAIL${NC}"
bar(){ printf "${CYAN}%s${NC}\n" "──────────────────────────────────────────────────────────────────────────────"; }
ok(){ printf " [${OKS}]\n"; }
fail(){ printf " [${FAILS}]\n"; }
# Installer-Variablen laden (falls vorhanden)
set +u
[ -r /etc/mailwolt/installer.env ] && . /etc/mailwolt/installer.env
set -u
# Defaults / Umgebung
APP_USER="${APP_USER:-mailwolt}"
APP_GROUP="${APP_GROUP:-www-data}"
APP_DIR="${APP_DIR:-/var/www/${APP_USER}}"
BASE_DOMAIN="${BASE_DOMAIN:-example.com}"
UI_HOST="${UI_HOST:-}"
WEBMAIL_HOST="${WEBMAIL_HOST:-}"
MAIL_HOSTNAME="${MAIL_HOSTNAME:-}"
APP_ENV="${APP_ENV:-production}"
PROXY_MODE="${PROXY_MODE:-}" # leer = nicht anzeigen; "1"=Proxy, "dev"=Dev, sonst "nein"
NPM_IP="${NPM_IP:-}"
LE_EMAIL="${LE_EMAIL:-admin@${BASE_DOMAIN}}"
ACME_WEBROOT="/var/www/letsencrypt"
# Zert-Pfade (werden via Hook nach /etc/ssl/* verlinkt)
UI_CERT="/etc/ssl/ui/fullchain.pem"
UI_KEY="/etc/ssl/ui/privkey.pem"
WEBMAIL_CERT="/etc/ssl/webmail/fullchain.pem"
MAIL_CERT="/etc/ssl/mail/fullchain.pem"
# IPs (aus lib.sh)
SERVER_PUBLIC_IPV4="${SERVER_PUBLIC_IPV4:-$(detect_ip)}"
SERVER_PUBLIC_IPV6="${SERVER_PUBLIC_IPV6:-$(detect_ipv6)}"
# URLs (https nur, wenn UI-Cert+Key vorhanden)
SCHEME="http"
[[ -s "$UI_CERT" && -s "$UI_KEY" ]] && SCHEME="https"
APP_URL="${SCHEME}://${UI_HOST:-$SERVER_PUBLIC_IPV4}"
WEBMAIL_URL="${SCHEME}://${WEBMAIL_HOST:-$SERVER_PUBLIC_IPV4}"
# Ziel eines Symlinks auflösen
real_target(){ readlink -f -- "$1" 2>/dev/null || true; }
# "LE" werten, wenn live/* ODER archive/* (auch fullchainN.pem) getroffen wird
is_le_path(){
local p="$1"
[[ "$p" == /etc/letsencrypt/live/*/fullchain.pem || "$p" == /etc/letsencrypt/archive/*/fullchain*.pem ]]
}
UI_CERT_TARGET="$(real_target "$UI_CERT")"
WEBMAIL_CERT_TARGET="$(real_target "$WEBMAIL_CERT")"
MAIL_CERT_TARGET="$(real_target "$MAIL_CERT")"
is_le_path() {
case "$1" in
/etc/letsencrypt/live/*) return 0 ;;
*) return 1 ;;
esac
}
# robust gegen set -u: immer ${var:-}
UI_LE="self-signed/none"
if [ -s "${UI_CERT:-}" ] && [ -n "${UI_CERT_TARGET:-}" ] && is_le_path "${UI_CERT_TARGET:-}"; then
UI_LE="LE"
fi
WEBMAIL_LE="self-signed/none"
if [ -s "${WEBMAIL_CERT:-}" ] && [ -n "${WEBMAIL_CERT_TARGET:-}" ] && is_le_path "${WEBMAIL_CERT_TARGET:-}"; then
WEBMAIL_LE="LE"
fi
MAIL_LE="self-signed/none"
if [ -s "${MAIL_CERT:-}" ] && [ -n "${MAIL_CERT_TARGET:-}" ] && is_le_path "${MAIL_CERT_TARGET:-}"; then
MAIL_LE="LE"
fi
echo
bar
printf " %s\n" "✔ MailWolt Bootstrap fertig"
bar
# Kopf-Infos
printf " %-14s %s\n" "Aufruf UI:" "${APP_URL}"
printf " %-14s %s\n" "Webmail:" "${WEBMAIL_URL}"
printf " %-14s %s\n" "App Root:" "${APP_DIR}"
printf " %-14s %s\n" "Mail-FQDN:" "${MAIL_HOSTNAME:-$SERVER_PUBLIC_IPV4}"
printf " %-14s %s\n" "BASE_DOMAIN:" "${BASE_DOMAIN}"
printf " %-14s %s\n" "LE-Email:" "${LE_EMAIL}"
printf " %-14s %s\n" "APP_ENV:" "${APP_ENV}"
# Proxy-Block nur anzeigen, wenn Variable gesetzt ist
if [[ -n "$PROXY_MODE" ]]; then
if [[ "$PROXY_MODE" == "1" ]]; then
printf " %-14s %s\n" "Proxy-Mode:" "ja (NPM: ${NPM_IP:-unbekannt})"
elif [[ "$PROXY_MODE" == "dev" ]]; then
printf " %-14s %s\n" "Proxy-Mode:" "Entwicklungsmodus"
else
printf " %-14s %s\n" "Proxy-Mode:" "nein"
fi
fi
printf " %-14s %s\n" "Server IPv6:" "${SERVER_PUBLIC_IPV6:-}"
printf " %-14s %s\n" "ACME Webroot:" "${ACME_WEBROOT}"
echo
printf " %-14s UI=%s, Webmail=%s, MX=%s\n" "Zertifikate:" "$UI_LE" "$WEBMAIL_LE" "$MAIL_LE"
echo
echo " Anmeldung: Keine vordefinierten Admin-Daten."
echo " Bitte zuerst registrieren (Erst-User wird Admin, danach"
echo " wird die Registrierung automatisch gesperrt)."
echo
# ── Dienste ────────────────────────────────────────────────────────────────
bar
echo " Services"
bar
OK_LIST=()
FAIL_LIST=()
svc(){
local unit="$1" label="${2:-$1}"
printf " • %-18s … " "$label"
if systemctl is-active --quiet "$unit"; then
ok
OK_LIST+=("$label")
else
fail
FAIL_LIST+=("$label")
fi
}
# Kern-Services
svc nginx
svc mariadb
svc redis-server
svc postfix
svc dovecot
# App-Worker (tolerant)
svc "${APP_USER}-ws" "mailwolt-ws" || true
svc "${APP_USER}-schedule" "mailwolt-schedule" || true
svc "${APP_USER}-queue" "mailwolt-queue" || true
echo
if ((${#OK_LIST[@]})); then
printf " ${GREEN}OK:${NC} %s\n" "$(IFS=', '; echo "${OK_LIST[*]}")"
fi
if ((${#FAIL_LIST[@]})); then
printf " ${RED}FAIL:${NC} %s\n" "$(IFS=', '; echo "${FAIL_LIST[*]}")"
echo " ${YELLOW}Hinweis:${NC} Details mit: journalctl -u <dienst> -b --no-pager"
fi
echo
# ── Smoke-Test ─────────────────────────────────────────────────────────────
bar
echo " Smoke-Test (SMTP/IMAP/POP3 mit/ohne TLS)"
bar
check_port(){
local tag="$1" cmd="$2" desc="$3"
printf " [%-3s] %-35s … " "$tag" "$desc"
if timeout 8s bash -lc "$cmd" >/dev/null 2>&1; then ok; else fail; fi
}
# kleines Delay nach Erststart
sleep 6 || true
# SMTP
check_port "25" 'printf "EHLO x\r\nQUIT\r\n" | nc -w 3 127.0.0.1 25' \
"SMTP (EHLO)"
check_port "465" 'printf "QUIT\r\n" | openssl s_client -connect 127.0.0.1:465 -quiet -ign_eof' \
"SMTPS (TLS + EHLO)"
check_port "587" 'printf "EHLO x\r\nSTARTTLS\r\nQUIT\r\n" | openssl s_client -starttls smtp -connect 127.0.0.1:587 -quiet -ign_eof' \
"Submission (STARTTLS)"
# POP/IMAP
check_port "110" 'printf "QUIT\r\n" | nc -w 3 127.0.0.1 110' \
"POP3 (QUIT)"
check_port "995" 'printf "QUIT\r\n" | openssl s_client -connect 127.0.0.1:995 -quiet -ign_eof' \
"POP3S (TLS + QUIT)"
check_port "143" 'printf ". CAPABILITY\r\n. LOGOUT\r\n" | nc -w 3 127.0.0.1 143' \
"IMAP (CAPABILITY/LOGOUT)"
check_port "993" 'printf ". CAPABILITY\r\n. LOGOUT\r\n" | openssl s_client -connect 127.0.0.1:993 -quiet -ign_eof' \
"IMAPS (TLS + CAPABILITY/LOGOUT)"
echo
# Hinweise nur ausgeben, wenn wirklich kein LE für UI/Webmail
if [[ "$UI_LE" != "LE" || "$WEBMAIL_LE" != "LE" ]]; then
echo -e " ${YELLOW}Hinweis:${NC} UI/Webmail verwenden noch kein Let's-Encrypt-Zertifikat."
echo -e " Prüfe Symlinks unter /etc/ssl/{ui,webmail} und den LE-Hook (21/75-Skripte)."
echo
fi
# Proxy-Info (optional)
if [[ "$PROXY_MODE" == "1" ]]; then
echo -e " ${GREY}Proxy-Hinweis:${NC} App erwartet TLS am Proxy (Backend ohne https-Redirects)."
echo
fi
Reference in New Issue View Git Blame Copy Permalink