4 changed files with 17 additions and 45 deletions
--- a/.env.example
+++ b/.env.example
@ -33,7 +33,7 @@ SESSION_ENCRYPT=false
 SESSION_PATH=/
 # For cross-subdomain session sharing (e.g. webmail on mail.example.com):
 # SESSION_DOMAIN=.example.com
-SESSION_DOMAIN=
+SESSION_DOMAIN=null
 #BROADCAST_CONNECTION=log
 FILESYSTEM_DISK=local
--- a/app/Console/Commands/WizardDomains.php
+++ b/app/Console/Commands/WizardDomains.php
@ -67,12 +67,8 @@ class WizardDomains extends Command
            $ssl ? 1 : 0,
        ));
-        $outStr   = (string) $out;
+        $helperOk   = $out !== null && !str_contains((string) $out, '[x]');
-        $helperOk = $out !== null
+        $outStr     = (string) $out;
            && !str_contains($outStr, '[x]')
            && !str_contains($outStr, 'command not found')
            && !str_contains($outStr, 'No such file')
            && trim($outStr) !== '';
        foreach (['ui', 'mail', 'webmail'] as $key) {
            $status = file_get_contents(self::STATE_DIR . "/{$key}");
@ -86,15 +82,12 @@ class WizardDomains extends Command
            }
        }
-        // Shell-Script schreibt done bereits vor dem nginx-Switch — nicht überschreiben
+        file_put_contents(self::STATE_DIR . '/done', $helperOk ? '1' : '0');
-        $alreadyDone = trim((string) @file_get_contents(self::STATE_DIR . '/done')) === '1';
+        Setting::set('ssl_configured', $helperOk ? '1' : '0');
        if (!$alreadyDone) {
            file_put_contents(self::STATE_DIR . '/done', $helperOk ? '1' : '0');
        }
        Setting::set('ssl_configured', ($helperOk || $alreadyDone) ? '1' : '0');
-        // SESSION_SECURE_COOKIE wird nicht automatisch gesetzt —
+        if ($helperOk && $ssl) {
-        // nginx leitet HTTP→HTTPS weiter, Secure-Flag wird im Admin gesetzt
+            $this->updateEnv(base_path('.env'), 'SESSION_SECURE_COOKIE', 'true');
        }
        return self::SUCCESS;
    }
--- a/installer.sh
+++ b/installer.sh
@ -76,9 +76,10 @@ footer_ok() {
  echo -e ""
  echo -e "  ${CYAN}➜  Setup-Wizard jetzt öffnen:${NC}"
  echo -e "     ${CYAN}http://${ip}/setup${NC}"
  echo -e "     ${GREY}https://${ip}/setup${NC}  (self-signed Zertifikat)"
  echo -e ""
  echo -e "  Laravel Root:        ${GREY}${app_dir}${NC}"
-  echo -e "  Mail-TLS Cert:       ${GREY}${cert_dir}/{cert.pem,key.pem}${NC}  (Postfix/Dovecot)"
+  echo -e "  Self-signed Cert:    ${GREY}${cert_dir}/{cert.pem,key.pem}${NC}"
  echo -e "  Postfix/Dovecot:     ${GREY}25, 465, 587, 110, 995, 143, 993${NC}"
  echo -e "${GREEN}${BAR}${NC}"
  echo
@ -725,9 +726,8 @@ if [ -n "${UI_HOST}" ] && [ "${UI_HAS_CERT}" = "1" ]; then
  cat <<CONF
 server {
-  listen 443 ssl;
+  listen 443 ssl http2;
-  listen [::]:443 ssl;
+  listen [::]:443 ssl http2;
  http2 on;
  server_name ${UI_HOST};
  ssl_certificate     /etc/letsencrypt/live/${UI_HOST}/fullchain.pem;
@ -740,7 +740,6 @@ server {
  location / { try_files \$uri \$uri/ /index.php?\$query_string; }
  location ~ \.php\$ {
    include snippets/fastcgi-php.conf;
    fastcgi_param HTTPS on;
    fastcgi_pass unix:${PHP_FPM_SOCK};
  }
  location ^~ /livewire/ { try_files \$uri /index.php?\$query_string; }
@ -753,9 +752,8 @@ if [ -n "${WEBMAIL_HOST}" ] && [ "${WM_HAS_CERT}" = "1" ]; then
  cat <<CONF
 server {
-  listen 443 ssl;
+  listen 443 ssl http2;
-  listen [::]:443 ssl;
+  listen [::]:443 ssl http2;
  http2 on;
  server_name ${WEBMAIL_HOST};
  ssl_certificate     /etc/letsencrypt/live/${WEBMAIL_HOST}/fullchain.pem;
@ -768,7 +766,6 @@ server {
  location / { try_files \$uri \$uri/ /index.php?\$query_string; }
  location ~ \.php\$ {
    include snippets/fastcgi-php.conf;
    fastcgi_param HTTPS on;
    fastcgi_pass unix:${PHP_FPM_SOCK};
  }
  location ^~ /livewire/ { try_files \$uri /index.php?\$query_string; }
@ -778,22 +775,6 @@ CONF
 fi
 ) > "${NGINX_SITE}"
 # State-Dateien VOR dem nginx-Switch schreiben:
 # Browser-Poll (alle 2s) liest done=1 → Polling stoppt → "Zum Login" erscheint.
 # Danach 6s sleep → nginx switchet auf HTTPS → User klickt Link → funktioniert.
 STATE_DIR="/var/lib/mailwolt/wizard"
 if [ -d "${STATE_DIR}" ]; then
  for k in ui mail webmail; do
    [ -f "${STATE_DIR}/${k}" ] && printf "done" > "${STATE_DIR}/${k}"
  done
  if [ "${UI_HAS_CERT}" = "1" ] || [ "${WM_HAS_CERT}" = "1" ]; then
    printf "1" > "${STATE_DIR}/done"
  else
    printf "0" > "${STATE_DIR}/done"
  fi
  sleep 6
 fi
 nginx -t && systemctl reload nginx
 HELPER
 chmod 755 /usr/local/sbin/mailwolt-apply-domains
@ -805,7 +786,6 @@ install -m 755 "${APP_DIR}/update.sh" /usr/local/sbin/mailwolt-update
 cat > /etc/sudoers.d/mailwolt-certbot <<'SUDOERS'
 www-data ALL=(root) NOPASSWD: /usr/local/sbin/mailwolt-apply-domains
 www-data ALL=(root) NOPASSWD: /usr/local/sbin/mailwolt-update
 www-data ALL=(root) NOPASSWD: /usr/bin/certbot
 SUDOERS
 chmod 440 /etc/sudoers.d/mailwolt-certbot
@ -915,6 +895,7 @@ check process nginx with pidfile /run/nginx.pid
  start program = "/bin/systemctl start nginx"
  stop  program = "/bin/systemctl stop nginx"
  if failed host 127.0.0.1 port 80 type tcp for 2 cycles then restart
  if failed host 127.0.0.1 port 443 type tcpssl for 2 cycles then restart
  if 5 restarts within 10 cycles then alert
 check process fail2ban with pidfile /run/fail2ban/fail2ban.pid
--- a/resources/views/livewire/setup/wizard.blade.php
+++ b/resources/views/livewire/setup/wizard.blade.php
@ -292,12 +292,10 @@
    </div>
    @elseif($step === 5 && $setupDone)
    <div style="display:flex;justify-content:flex-end;margin-top:20px">
-        {{-- Kein wire:click — plain Link damit kein Livewire-POST nötig ist.
+        <button wire:click="goToLogin" class="mbx-btn-primary" style="font-size:12.5px;width:fit-content">
             nginx leitet /login nach SSL-Switch automatisch auf HTTPS weiter. --}}
        <a href="/login" class="mbx-btn-primary" style="font-size:12.5px;width:fit-content;text-decoration:none;display:inline-flex;align-items:center;gap:6px">
            <svg width="12" height="12" viewBox="0 0 12 12" fill="none"><path d="M2 6.5l2.5 2.5 5.5-5.5" stroke="currentColor" stroke-width="1.5" stroke-linecap="round" stroke-linejoin="round"/></svg>
            {{ collect($domainStatus)->contains(fn($s) => in_array($s, ['error','nodns','noipv6'])) ? 'Trotzdem zum Login' : 'Zum Login' }}
-        </a>
+        </button>
    </div>
    @endif