boban
/
mailwolt
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Fix: Installer komplett bereinigt für sauberen Erstdurchlauf 

- acl-Paket ergänzt (setfacl)
- DB_NAME/DB_USER Doppel-Assignment entfernt
- VITE_REVERB_HOST nutzt jetzt tatsächliche SERVER_IP
- BROADCAST_CONNECTION=reverb gesetzt
- COMPOSER_ALLOW_SUPERUSER entfernt
- config:cache / route:cache / view:cache nach Migration
- /var/lib/mailwolt/wizard Verzeichnis angelegt
- git safe.directory gesetzt
- Footer zeigt /setup URL statt Login

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
main
boban 2026-04-23 22:08:42 +02:00
parent 8551a00414
commit 19618746ba
1 changed files with 27 additions and 18 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

45
installer.sh
View File

@ -63,20 +63,20 @@ footer_ok() {
local ip="$1" local ip="$1"
local app_name="${2:-$APP_NAME}" local app_name="${2:-$APP_NAME}"
local app_dir="${3:-$APP_DIR}" local app_dir="${3:-$APP_DIR}"
local nginx_site="${4:-$NGINX_SITE}" local cert_dir="${4:-$CERT_DIR}"
local cert_dir="${5:-$CERT_DIR}"
echo echo
echo -e "${GREEN}${BAR}${NC}" echo -e "${GREEN}${BAR}${NC}"
echo -e "${GREEN}${app_name} Bootstrap erfolgreich abgeschlossen${NC}" echo -e "${GREEN}${app_name} Installation erfolgreich abgeschlossen${NC}"
echo -e "${GREEN}${BAR}${NC}" echo -e "${GREEN}${BAR}${NC}"
echo -e " Aufruf: ${CYAN}http://${ip}${NC} ${GREY}| https://${ip}${NC}" echo -e ""
echo -e " Laravel Root: ${GREY}${app_dir}${NC}" echo -e " ${CYAN}➜ Setup-Wizard jetzt öffnen:${NC}"
echo -e " Nginx Site: ${GREY}${nginx_site}${NC}" echo -e " ${CYAN}http://${ip}/setup${NC}"
echo -e " Self-signed Cert: ${GREY}${cert_dir}/{cert.pem,key.pem}${NC}" echo -e " ${GREY}https://${ip}/setup${NC} (self-signed Zertifikat)"
echo -e " Postfix/Dovecot Ports aktiv: ${GREY}25, 465, 587, 110, 995, 143, 993${NC}" echo -e ""
echo -e " Rspamd/OpenDKIM: ${GREY}aktiv (DKIM-Keys später im Wizard)${NC}" echo -e " Laravel Root: ${GREY}${app_dir}${NC}"
echo -e " Monit (Watchdog): ${GREY}installiert, NICHT aktiviert${NC}" echo -e " Self-signed Cert: ${GREY}${cert_dir}/{cert.pem,key.pem}${NC}"
echo -e " Postfix/Dovecot: ${GREY}25, 465, 587, 110, 995, 143, 993${NC}"
echo -e "${GREEN}${BAR}${NC}" echo -e "${GREEN}${BAR}${NC}"
echo echo
} }
@ -142,7 +142,7 @@ apt-get -y -o Dpkg::Options::="--force-confdef" \
rspamd \ rspamd \
opendkim opendkim-tools \ opendkim opendkim-tools \
nginx \ nginx \
php php-fpm php-cli php-mbstring php-xml php-curl php-zip php-mysql php-redis php-gd php-sqlite3 unzip curl \ php php-fpm php-cli php-mbstring php-xml php-curl php-zip php-mysql php-redis php-gd php-sqlite3 unzip curl acl \
composer \ composer \
certbot python3-certbot-nginx \ certbot python3-certbot-nginx \
fail2ban \ fail2ban \
@ -191,8 +191,6 @@ fi
# ===== MariaDB vorbereiten ===== # ===== MariaDB vorbereiten =====
log "MariaDB vorbereiten…" log "MariaDB vorbereiten…"
systemctl enable --now mariadb systemctl enable --now mariadb
DB_NAME="${DB_USER}"
DB_USER="${DB_USER}"
DB_PASS="$(pw)" DB_PASS="$(pw)"
mysql -uroot <<SQL mysql -uroot <<SQL
CREATE DATABASE IF NOT EXISTS ${DB_NAME} CHARACTER SET utf8mb4 COLLATE utf8mb4_unicode_ci; CREATE DATABASE IF NOT EXISTS ${DB_NAME} CHARACTER SET utf8mb4 COLLATE utf8mb4_unicode_ci;
@ -511,8 +509,8 @@ REVERB_APP_ID="$(short)"
REVERB_APP_KEY="$(short)" REVERB_APP_KEY="$(short)"
REVERB_APP_SECRET="$(short)" REVERB_APP_SECRET="$(short)"
grep -q '^REVERB_APP_ID=' "${APP_DIR}/.env" \ grep -q '^REVERB_APP_ID=' "${APP_DIR}/.env" \
|| printf '\nREVERB_APP_ID=%s\nREVERB_APP_KEY=%s\nREVERB_APP_SECRET=%s\nREVERB_HOST=127.0.0.1\nREVERB_PORT=8080\nREVERB_SCHEME=http\nVITE_REVERB_APP_KEY=%s\nVITE_REVERB_HOST=${SERVER_IP}\nVITE_REVERB_PORT=8080\nVITE_REVERB_SCHEME=http\n' \ || printf '\nBROADCAST_CONNECTION=reverb\nREVERB_APP_ID=%s\nREVERB_APP_KEY=%s\nREVERB_APP_SECRET=%s\nREVERB_HOST=127.0.0.1\nREVERB_PORT=8080\nREVERB_SCHEME=http\nVITE_REVERB_APP_KEY=%s\nVITE_REVERB_HOST=%s\nVITE_REVERB_PORT=8080\nVITE_REVERB_SCHEME=http\n' \
"$REVERB_APP_ID" "$REVERB_APP_KEY" "$REVERB_APP_SECRET" "$REVERB_APP_KEY" >> "${APP_DIR}/.env" "$REVERB_APP_ID" "$REVERB_APP_KEY" "$REVERB_APP_SECRET" "$REVERB_APP_KEY" "$SERVER_IP" >> "${APP_DIR}/.env"
# Bootstrap-Admin für den ersten Login # Bootstrap-Admin für den ersten Login
BOOTSTRAP_USER="${APP_USER}" BOOTSTRAP_USER="${APP_USER}"
@ -538,13 +536,16 @@ sed -i "s|^BOOTSTRAP_ADMIN_PASSWORD_HASH=.*|BOOTSTRAP_ADMIN_PASSWORD_HASH=${BOOT
# ===== Composer Dependencies ===== # ===== Composer Dependencies =====
log "Composer install…" log "Composer install…"
sudo -u "$APP_USER" -H bash -lc "cd ${APP_DIR} && COMPOSER_ALLOW_SUPERUSER=1 composer install --no-dev --optimize-autoloader --no-interaction" sudo -u "$APP_USER" -H bash -lc "cd ${APP_DIR} && composer install --no-dev --optimize-autoloader --no-interaction"
# ===== App-Key & Migrations ===== # ===== App-Key, Migrations & Caches =====
log "App-Key generieren und Datenbank migrieren…" log "App-Key generieren, Datenbank migrieren, Caches bauen…"
sudo -u "$APP_USER" -H bash -lc "cd ${APP_DIR} && php artisan key:generate --force" sudo -u "$APP_USER" -H bash -lc "cd ${APP_DIR} && php artisan key:generate --force"
sudo -u "$APP_USER" -H bash -lc "cd ${APP_DIR} && php artisan migrate --force" sudo -u "$APP_USER" -H bash -lc "cd ${APP_DIR} && php artisan migrate --force"
sudo -u "$APP_USER" -H bash -lc "cd ${APP_DIR} && php artisan storage:link --force || true" sudo -u "$APP_USER" -H bash -lc "cd ${APP_DIR} && php artisan storage:link --force || true"
sudo -u "$APP_USER" -H bash -lc "cd ${APP_DIR} && php artisan config:cache"
sudo -u "$APP_USER" -H bash -lc "cd ${APP_DIR} && php artisan route:cache"
sudo -u "$APP_USER" -H bash -lc "cd ${APP_DIR} && php artisan view:cache"
# ===== Frontend Build ===== # ===== Frontend Build =====
if [ -f "${APP_DIR}/package.json" ]; then if [ -f "${APP_DIR}/package.json" ]; then
@ -554,6 +555,14 @@ if [ -f "${APP_DIR}/package.json" ]; then
fi fi
# ===== Wizard State-Verzeichnis =====
mkdir -p /var/lib/mailwolt/wizard
chown "$APP_USER":"$APP_GROUP" /var/lib/mailwolt/wizard
chmod 775 /var/lib/mailwolt/wizard
# git safe.directory damit spätere pulls als root möglich sind
git config --global --add safe.directory "${APP_DIR}" || true
# ===== App-User/Gruppen & Rechte (am ENDE ausführen) ===== # ===== App-User/Gruppen & Rechte (am ENDE ausführen) =====
# User anlegen (nur falls noch nicht vorhanden) + Passwort setzen + Gruppe # User anlegen (nur falls noch nicht vorhanden) + Passwort setzen + Gruppe
if ! id -u "$APP_USER" >/dev/null 2>&1; then if ! id -u "$APP_USER" >/dev/null 2>&1; then