boban
/
mailwolt-installer
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
mailwolt-installer/scripts/99-summary.sh

182 lines
6.4 KiB
Bash
Raw Blame History

This file contains ambiguous Unicode characters!

This file contains ambiguous Unicode characters that may be confused with others in your current locale. If your use case is intentional and legitimate, you can safely ignore this warning. Use the Escape button to highlight these characters.

#!/usr/bin/env bash
set -euo pipefail
source ./lib.sh
# ─────────────────────────────────────────────────────────────
# Schöner Abschluss-Summary mit Farben, Diensten & Smoke-Test
# ─────────────────────────────────────────────────────────────
# Farben & Symbole
BOLD="\033[1m"; DIM="\033[2m"; NC="\033[0m"
GREEN="\033[1;32m"; RED="\033[1;31m"; YELLOW="\033[1;33m"; CYAN="\033[1;36m"; GREY="\033[0;90m"
OKS="${GREEN}OK${NC}"; FAILS="${RED}FAIL${NC}"; WARN="${YELLOW}!${NC}"
PLUS="${GREEN}[+]${NC}"
bar(){ printf "${CYAN}%s${NC}\n" "──────────────────────────────────────────────────────────────────────────────"; }
log(){ printf "${GREEN}[+]${NC} %s\n" "$*"; }
ok() { printf " [${OKS}]\n"; }
fail(){ printf " [${FAILS}]\n"; }
# Evtl. persistente Variablen laden (falls vom Installer geschrieben)
set +u
[ -r /etc/mailwolt/installer.env ] && . /etc/mailwolt/installer.env
set -u
# Defaults / Umgebung
APP_USER="${APP_USER:-mailwolt}"
APP_GROUP="${APP_GROUP:-www-data}"
APP_DIR="${APP_DIR:-/var/www/${APP_USER}}"
BASE_DOMAIN="${BASE_DOMAIN:-example.com}"
UI_HOST="${UI_HOST:-}"
WEBMAIL_HOST="${WEBMAIL_HOST:-}"
MAIL_HOSTNAME="${MAIL_HOSTNAME:-}"
APP_ENV="${APP_ENV:-production}"
PROXY_MODE="${PROXY_MODE:-0}"
NPM_IP="${NPM_IP:-}"
LE_EMAIL="${LE_EMAIL:-admin@${BASE_DOMAIN}}"
ACME_WEBROOT="/var/www/letsencrypt"
# Zert-Pfade (werden idR via Hook symlinked)
UI_CERT="/etc/ssl/ui/fullchain.pem"
UI_KEY="/etc/ssl/ui/privkey.pem"
WEBMAIL_CERT="/etc/ssl/webmail/fullchain.pem"
MAIL_CERT="/etc/ssl/mail/fullchain.pem"
# IPs
SERVER_PUBLIC_IPV4="${SERVER_PUBLIC_IPV4:-$(detect_ip)}"
SERVER_PUBLIC_IPV6="${SERVER_PUBLIC_IPV6:-$(detect_ipv6)}"
# Scheme/URLs ableiten
SCHEME="http"
[[ -s "$UI_CERT" && -s "$UI_KEY" ]] && SCHEME="https"
APP_URL="${SCHEME}://${UI_HOST:-$SERVER_PUBLIC_IPV4}"
WEBMAIL_URL="${SCHEME}://${WEBMAIL_HOST:-$SERVER_PUBLIC_IPV4}"
# Erkennen, ob die Zert-Symlinks auf LE zeigen (nur kosmetisch)
real_target() { readlink -f -- "$1" 2>/dev/null || true; }
UI_CERT_TARGET="$(real_target "$UI_CERT")"
WEBMAIL_CERT_TARGET="$(real_target "$WEBMAIL_CERT")"
MAIL_CERT_TARGET="$(real_target "$MAIL_CERT")"
is_le(){ [[ "$1" == /etc/letsencrypt/live/*/fullchain.pem ]]; }
UI_LE=$([[ -n "$UI_CERT_TARGET" ]] && is_le "$UI_CERT_TARGET" && echo "LE" || echo "self-signed/none")
WEBMAIL_LE=$([[ -n "$WEBMAIL_CERT_TARGET" ]] && is_le "$WEBMAIL_CERT_TARGET" && echo "LE" || echo "self-signed/none")
MAIL_LE=$([[ -n "$MAIL_CERT_TARGET" ]] && is_le "$MAIL_CERT_TARGET" && echo "LE" || echo "self-signed/none")
echo
bar
printf " %s %s\n" "✔ MailWolt Bootstrap fertig" ""
bar
# Kopf-Infos
printf " %-14s %s\n" "Aufruf UI:" "${APP_URL}"
printf " %-14s %s\n" "Webmail:" "${WEBMAIL_URL}"
printf " %-14s %s\n" "App Root:" "${APP_DIR}"
printf " %-14s %s\n" "Mail-FQDN:" "${MAIL_HOSTNAME:-$SERVER_PUBLIC_IPV4}"
printf " %-14s %s\n" "BASE_DOMAIN:" "${BASE_DOMAIN}"
printf " %-14s %s\n" "LE-Email:" "${LE_EMAIL}"
printf " %-14s %s\n" "APP_ENV:" "${APP_ENV}"
[[ -v PROXY_MODE ]] && printf " %-14s %s\n" "Proxy-Mode:" "$([[ "$PROXY_MODE" = "1" ]] && echo "ja (NPM: ${NPM_IP:-unbekannt})" || echo "nein")"printf " %-14s %s\n" "Server IPv4:" "${SERVER_PUBLIC_IPV4}"
printf " %-14s %s\n" "Server IPv6:" "${SERVER_PUBLIC_IPV6:-}"
printf " %-14s %s\n" "ACME Webroot:" "${ACME_WEBROOT}"
echo
printf " %-14s UI=%s, Webmail=%s, MX=%s\n" "Zertifikate:" "$UI_LE" "$WEBMAIL_LE" "$MAIL_LE"
echo
echo " Anmeldung: Keine vordefinierten Admin-Daten."
echo " Bitte zuerst registrieren (Erst-User wird Admin, danach"
echo " wird die Registrierung automatisch gesperrt)."
echo
# Dienste-Status
bar
echo " Services"
bar
OK_LIST=()
FAIL_LIST=()
svc(){
local unit="$1" label="${2:-$1}"
printf " • %-18s … " "$label"
if systemctl is-active --quiet "$unit"; then
ok
OK_LIST+=("$label")
else
fail
FAIL_LIST+=("$label")
fi
}
# Kern-Services
svc nginx
svc mariadb
svc redis-server
svc postfix
svc dovecot
# App-Worker (tolerant)
svc "${APP_USER}-ws" "mailwolt-ws" || true
svc "${APP_USER}-schedule" "mailwolt-schedule" || true
svc "${APP_USER}-queue" "mailwolt-queue" || true
# Kurze Zusammenfassung
echo
if ((${#OK_LIST[@]})); then
printf " ${GREEN}OK:${NC} %s\n" "$(IFS=', '; echo "${OK_LIST[*]}")"
fi
if ((${#FAIL_LIST[@]})); then
printf " ${RED}FAIL:${NC} %s\n" "$(IFS=', '; echo "${FAIL_LIST[*]}")"
echo " ${YELLOW}Hinweis:${NC} Details mit: journalctl -u <dienst> -b --no-pager"
fi
echo
# Smoke-Test
bar
echo " Smoke-Test (SMTP/IMAP/POP3 mit/ohne TLS)"
bar
check_port(){
local tag="$1" cmd="$2" desc="$3"
printf " [%-3s] %-35s … " "$tag" "$desc"
if timeout 8s bash -lc "$cmd" >/dev/null 2>&1; then ok; else fail; fi
}
# ein kurzes Delay, damit frisch gestartete Dienste lauschen
sleep 6 || true
# SMTP
check_port "25" 'printf "EHLO x\r\nQUIT\r\n" | nc -w 3 127.0.0.1 25' \
"SMTP (EHLO)"
check_port "465" 'printf "QUIT\r\n" | openssl s_client -connect 127.0.0.1:465 -quiet -ign_eof' \
"SMTPS (TLS + EHLO)"
check_port "587" 'printf "EHLO x\r\nSTARTTLS\r\nQUIT\r\n" | openssl s_client -starttls smtp -connect 127.0.0.1:587 -quiet -ign_eof' \
"Submission (STARTTLS)"
# POP/IMAP
check_port "110" 'printf "QUIT\r\n" | nc -w 3 127.0.0.1 110' \
"POP3 (QUIT)"
check_port "995" 'printf "QUIT\r\n" | openssl s_client -connect 127.0.0.1:995 -quiet -ign_eof' \
"POP3S (TLS + QUIT)"
check_port "143" 'printf ". CAPABILITY\r\n. LOGOUT\r\n" | nc -w 3 127.0.0.1 143' \
"IMAP (CAPABILITY/LOGOUT)"
check_port "993" 'printf ". CAPABILITY\r\n. LOGOUT\r\n" | openssl s_client -connect 127.0.0.1:993 -quiet -ign_eof' \
"IMAPS (TLS + CAPABILITY/LOGOUT)"
echo
# Nützliche Hinweise am Ende
if [[ "$UI_LE" != "LE" || "$WEBMAIL_LE" != "LE" ]]; then
echo -e " ${YELLOW}Hinweis:${NC} UI/Webmail verwenden noch kein Let's-Encrypt-Zertifikat."
echo -e " Prüfe Symlinks unter /etc/ssl/{ui,webmail} und den LE-Hook (21/75-Skripte)."
echo
fi
if [[ "$PROXY_MODE" = "1" ]]; then
echo -e " ${GREY}Proxy-Hinweis:${NC} App erwartet TLS am Proxy (keine https-Redirects im Backend)."
echo
fi
Reference in New Issue View Git Blame Copy Permalink