Compare commits
5 Commits
| Author | SHA1 | Date |
|---|---|---|
 boban
|
d50aedeafb | |
|
boban
|
bc2810eb8a | |
|
boban
|
894f753b81 | |
|
boban
|
9d3cbd88b6 | |
|
boban
|
1547302297 |
|
|
@ -67,8 +67,12 @@ class WizardDomains extends Command
|
||||||
$ssl ? 1 : 0,
|
$ssl ? 1 : 0,
|
||||||
));
|
));
|
||||||
|
|
||||||
$helperOk = $out !== null && !str_contains((string) $out, '[x]');
|
$outStr = (string) $out;
|
||||||
$outStr = (string) $out;
|
$helperOk = $out !== null
|
||||||
|
&& !str_contains($outStr, '[x]')
|
||||||
|
&& !str_contains($outStr, 'command not found')
|
||||||
|
&& !str_contains($outStr, 'No such file')
|
||||||
|
&& trim($outStr) !== '';
|
||||||
|
|
||||||
foreach (['ui', 'mail', 'webmail'] as $key) {
|
foreach (['ui', 'mail', 'webmail'] as $key) {
|
||||||
$status = file_get_contents(self::STATE_DIR . "/{$key}");
|
$status = file_get_contents(self::STATE_DIR . "/{$key}");
|
||||||
|
|
@ -82,12 +86,15 @@ class WizardDomains extends Command
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
file_put_contents(self::STATE_DIR . '/done', $helperOk ? '1' : '0');
|
// Shell-Script schreibt done bereits vor dem nginx-Switch — nicht überschreiben
|
||||||
Setting::set('ssl_configured', $helperOk ? '1' : '0');
|
$alreadyDone = trim((string) @file_get_contents(self::STATE_DIR . '/done')) === '1';
|
||||||
|
if (!$alreadyDone) {
|
||||||
if ($helperOk && $ssl) {
|
file_put_contents(self::STATE_DIR . '/done', $helperOk ? '1' : '0');
|
||||||
$this->updateEnv(base_path('.env'), 'SESSION_SECURE_COOKIE', 'true');
|
|
||||||
}
|
}
|
||||||
|
Setting::set('ssl_configured', ($helperOk || $alreadyDone) ? '1' : '0');
|
||||||
|
|
||||||
|
// SESSION_SECURE_COOKIE wird nicht automatisch gesetzt —
|
||||||
|
// nginx leitet HTTP→HTTPS weiter, Secure-Flag wird im Admin gesetzt
|
||||||
|
|
||||||
return self::SUCCESS;
|
return self::SUCCESS;
|
||||||
}
|
}
|
||||||
|
|
|
||||||
29
installer.sh
29
installer.sh
|
|
@ -725,8 +725,9 @@ if [ -n "${UI_HOST}" ] && [ "${UI_HAS_CERT}" = "1" ]; then
|
||||||
cat <<CONF
|
cat <<CONF
|
||||||
|
|
||||||
server {
|
server {
|
||||||
listen 443 ssl http2;
|
listen 443 ssl;
|
||||||
listen [::]:443 ssl http2;
|
listen [::]:443 ssl;
|
||||||
|
http2 on;
|
||||||
server_name ${UI_HOST};
|
server_name ${UI_HOST};
|
||||||
|
|
||||||
ssl_certificate /etc/letsencrypt/live/${UI_HOST}/fullchain.pem;
|
ssl_certificate /etc/letsencrypt/live/${UI_HOST}/fullchain.pem;
|
||||||
|
|
@ -739,6 +740,7 @@ server {
|
||||||
location / { try_files \$uri \$uri/ /index.php?\$query_string; }
|
location / { try_files \$uri \$uri/ /index.php?\$query_string; }
|
||||||
location ~ \.php\$ {
|
location ~ \.php\$ {
|
||||||
include snippets/fastcgi-php.conf;
|
include snippets/fastcgi-php.conf;
|
||||||
|
fastcgi_param HTTPS on;
|
||||||
fastcgi_pass unix:${PHP_FPM_SOCK};
|
fastcgi_pass unix:${PHP_FPM_SOCK};
|
||||||
}
|
}
|
||||||
location ^~ /livewire/ { try_files \$uri /index.php?\$query_string; }
|
location ^~ /livewire/ { try_files \$uri /index.php?\$query_string; }
|
||||||
|
|
@ -751,8 +753,9 @@ if [ -n "${WEBMAIL_HOST}" ] && [ "${WM_HAS_CERT}" = "1" ]; then
|
||||||
cat <<CONF
|
cat <<CONF
|
||||||
|
|
||||||
server {
|
server {
|
||||||
listen 443 ssl http2;
|
listen 443 ssl;
|
||||||
listen [::]:443 ssl http2;
|
listen [::]:443 ssl;
|
||||||
|
http2 on;
|
||||||
server_name ${WEBMAIL_HOST};
|
server_name ${WEBMAIL_HOST};
|
||||||
|
|
||||||
ssl_certificate /etc/letsencrypt/live/${WEBMAIL_HOST}/fullchain.pem;
|
ssl_certificate /etc/letsencrypt/live/${WEBMAIL_HOST}/fullchain.pem;
|
||||||
|
|
@ -765,6 +768,7 @@ server {
|
||||||
location / { try_files \$uri \$uri/ /index.php?\$query_string; }
|
location / { try_files \$uri \$uri/ /index.php?\$query_string; }
|
||||||
location ~ \.php\$ {
|
location ~ \.php\$ {
|
||||||
include snippets/fastcgi-php.conf;
|
include snippets/fastcgi-php.conf;
|
||||||
|
fastcgi_param HTTPS on;
|
||||||
fastcgi_pass unix:${PHP_FPM_SOCK};
|
fastcgi_pass unix:${PHP_FPM_SOCK};
|
||||||
}
|
}
|
||||||
location ^~ /livewire/ { try_files \$uri /index.php?\$query_string; }
|
location ^~ /livewire/ { try_files \$uri /index.php?\$query_string; }
|
||||||
|
|
@ -774,6 +778,22 @@ CONF
|
||||||
fi
|
fi
|
||||||
) > "${NGINX_SITE}"
|
) > "${NGINX_SITE}"
|
||||||
|
|
||||||
|
# State-Dateien VOR dem nginx-Switch schreiben:
|
||||||
|
# Browser-Poll (alle 2s) liest done=1 → Polling stoppt → "Zum Login" erscheint.
|
||||||
|
# Danach 6s sleep → nginx switchet auf HTTPS → User klickt Link → funktioniert.
|
||||||
|
STATE_DIR="/var/lib/mailwolt/wizard"
|
||||||
|
if [ -d "${STATE_DIR}" ]; then
|
||||||
|
for k in ui mail webmail; do
|
||||||
|
[ -f "${STATE_DIR}/${k}" ] && printf "done" > "${STATE_DIR}/${k}"
|
||||||
|
done
|
||||||
|
if [ "${UI_HAS_CERT}" = "1" ] || [ "${WM_HAS_CERT}" = "1" ]; then
|
||||||
|
printf "1" > "${STATE_DIR}/done"
|
||||||
|
else
|
||||||
|
printf "0" > "${STATE_DIR}/done"
|
||||||
|
fi
|
||||||
|
sleep 6
|
||||||
|
fi
|
||||||
|
|
||||||
nginx -t && systemctl reload nginx
|
nginx -t && systemctl reload nginx
|
||||||
HELPER
|
HELPER
|
||||||
chmod 755 /usr/local/sbin/mailwolt-apply-domains
|
chmod 755 /usr/local/sbin/mailwolt-apply-domains
|
||||||
|
|
@ -785,6 +805,7 @@ install -m 755 "${APP_DIR}/update.sh" /usr/local/sbin/mailwolt-update
|
||||||
cat > /etc/sudoers.d/mailwolt-certbot <<'SUDOERS'
|
cat > /etc/sudoers.d/mailwolt-certbot <<'SUDOERS'
|
||||||
www-data ALL=(root) NOPASSWD: /usr/local/sbin/mailwolt-apply-domains
|
www-data ALL=(root) NOPASSWD: /usr/local/sbin/mailwolt-apply-domains
|
||||||
www-data ALL=(root) NOPASSWD: /usr/local/sbin/mailwolt-update
|
www-data ALL=(root) NOPASSWD: /usr/local/sbin/mailwolt-update
|
||||||
|
www-data ALL=(root) NOPASSWD: /usr/bin/certbot
|
||||||
SUDOERS
|
SUDOERS
|
||||||
chmod 440 /etc/sudoers.d/mailwolt-certbot
|
chmod 440 /etc/sudoers.d/mailwolt-certbot
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -292,10 +292,12 @@
|
||||||
</div>
|
</div>
|
||||||
@elseif($step === 5 && $setupDone)
|
@elseif($step === 5 && $setupDone)
|
||||||
<div style="display:flex;justify-content:flex-end;margin-top:20px">
|
<div style="display:flex;justify-content:flex-end;margin-top:20px">
|
||||||
<button wire:click="goToLogin" class="mbx-btn-primary" style="font-size:12.5px;width:fit-content">
|
{{-- Kein wire:click — plain Link damit kein Livewire-POST nötig ist.
|
||||||
|
nginx leitet /login nach SSL-Switch automatisch auf HTTPS weiter. --}}
|
||||||
|
<a href="/login" class="mbx-btn-primary" style="font-size:12.5px;width:fit-content;text-decoration:none;display:inline-flex;align-items:center;gap:6px">
|
||||||
<svg width="12" height="12" viewBox="0 0 12 12" fill="none"><path d="M2 6.5l2.5 2.5 5.5-5.5" stroke="currentColor" stroke-width="1.5" stroke-linecap="round" stroke-linejoin="round"/></svg>
|
<svg width="12" height="12" viewBox="0 0 12 12" fill="none"><path d="M2 6.5l2.5 2.5 5.5-5.5" stroke="currentColor" stroke-width="1.5" stroke-linecap="round" stroke-linejoin="round"/></svg>
|
||||||
{{ collect($domainStatus)->contains(fn($s) => in_array($s, ['error','nodns','noipv6'])) ? 'Trotzdem zum Login' : 'Zum Login' }}
|
{{ collect($domainStatus)->contains(fn($s) => in_array($s, ['error','nodns','noipv6'])) ? 'Trotzdem zum Login' : 'Zum Login' }}
|
||||||
</button>
|
</a>
|
||||||
</div>
|
</div>
|
||||||
@endif
|
@endif
|
||||||
|
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue