Cleanup
Added Certbot PPA to the beginning of the script. Installing Certbot and all of it's plugins at the start. Added $OUTPUT variables where necessary. Cleaned up the section "Services". Added whiptail messagebox at the end of the script to display the url, admin login and password. Removed all deprecated "apt install -y" sections. Corrected a few lines for the UI menu.
This commit is contained in:
b.waal
126
installer.sh
126
installer.sh
@@ -1,8 +1,4 @@
|
||||
#!/bin/bash
|
||||
###==========================================###
|
||||
## Ubuntu 18.04 Mailserver installer ##
|
||||
###==========================================###
|
||||
|
||||
##----------##
|
||||
# Menu #
|
||||
##----------##
|
||||
@@ -33,34 +29,30 @@ if (whiptail --title "Ubuntu 18.04 Mail Server" --yesno " Do yo
|
||||
exit
|
||||
fi
|
||||
echo "" >/dev/null
|
||||
#password=$(whiptail --nocancel --passwordbox "Please enter your password (should contain at least 2 digits and 6 characters)" 8 82 --title "Config" 3>&1 1>&2 2>&3)
|
||||
#domain=$(whiptail --nocancel --inputbox " Enter the Domain without www or mail." 8 82 --title "Config" 3>&1 1>&2 2>&3)
|
||||
##email=$(whiptail --nocancel --inputbox " Enter the Administrator E-mail" 8 82 --title "Config" 3>&1 1>&2 2>&3)
|
||||
password=$(whiptail --nocancel --passwordbox "Please enter your password (should contain at least 2 digits and 6 characters)" 8 82 --title "Config" 3>&1 1>&2 2>&3)
|
||||
domain=$(whiptail --nocancel --inputbox " Enter the domain without www or mail." 8 82 --title "Config" 3>&1 1>&2 2>&3)
|
||||
email=$(whiptail --nocancel --inputbox " Enter the administrator e-mail" 8 82 --title "Config" 3>&1 1>&2 2>&3)
|
||||
elif [ $IMODE = l ]; then
|
||||
echo "" >/dev/null
|
||||
#echo "Ubuntu 18.04 Mailserver installation script."
|
||||
#echo "Domain without www or mail:"
|
||||
#read domain
|
||||
#echo "Please enter your password (should contain at least 2 digits and 6 characters:"
|
||||
#read password
|
||||
#echo "Administrator E-mail:"
|
||||
#read email
|
||||
echo "Ubuntu 18.04 Mailserver installation script."
|
||||
echo "Domain without www or e-mail:"
|
||||
read domain
|
||||
echo "Please enter your password (should contain at least 2 digits and 6 characters:"
|
||||
read password
|
||||
echo "Administrator E-mail:"
|
||||
read email
|
||||
fi
|
||||
|
||||
PKGA="add-apt-repository"
|
||||
PKGI="${PKGM} install -y"
|
||||
|
||||
##-----------------##
|
||||
# Static-Vars #
|
||||
##-----------------##
|
||||
domain=ictdownwerk.com
|
||||
password=JW9t9ipdgLrWvMqHq7hX
|
||||
email=admin@ictdagbesteding.nl
|
||||
phpver=7.3
|
||||
domonly=${domain}
|
||||
domain=mail.${domain}
|
||||
branch=stable
|
||||
dhparam=1024
|
||||
PKGA="add-apt-repository"
|
||||
PKGI="${PKGM} install -y"
|
||||
debconf-set-selections <<< "postfix postfix/mailname string $(hostname -f)"
|
||||
debconf-set-selections <<< "postfix postfix/main_mailer_type string 'Internet Site'"
|
||||
|
||||
@@ -71,9 +63,9 @@ TERM=ansi whiptail --title "Info" --infobox " Pre-Configuring" 8
|
||||
sleep 2
|
||||
hostnamectl set-hostname $domain > $OUTPUT 2>&1
|
||||
timedatectl set-timezone Europe/Amsterdam > $OUTPUT 2>&1
|
||||
mkdir -p /var/run/clamav
|
||||
adduser --system --no-create-home --disabled-password --disabled-login --shell /bin/false --group --home /var/lib/clamav clamav
|
||||
chown clamav:clamav /var/run/clamav
|
||||
#mkdir -p /var/run/clamav
|
||||
#adduser --system --no-create-home --disabled-password --disabled-login --shell /bin/false --group --home /var/lib/clamav clamav
|
||||
#chown clamav:clamav /var/run/clamav
|
||||
mkdir -p /etc/nginx
|
||||
mkdir -p /var/www/"$domain"/html
|
||||
chmod -R 755 /var/www
|
||||
@@ -96,7 +88,8 @@ $PKGM update
|
||||
$PKGI software-properties-common sudo
|
||||
$PKGA universe -y > $OUTPUT 2>&1
|
||||
$PKGA ppa:ondrej/php -y > $OUTPUT 2>&1
|
||||
wget -q -O- https://repo.dovecot.org/DOVECOT-REPO-GPG | sudo apt-key add -
|
||||
$PKGA ppa:certbot/certbot -y > $OUTPUT 2>&1
|
||||
wget -q -t7 -O- https://repo.dovecot.org/DOVECOT-REPO-GPG | sudo apt-key add -
|
||||
echo "deb https://repo.dovecot.org/ce-2.3-latest/ubuntu/$(lsb_release -cs) $(lsb_release -cs) main" | sudo tee -a /etc/apt/sources.list.d/dovecot.list > $OUTPUT 2>&1
|
||||
$PKGM update
|
||||
$PKGM upgrade -y
|
||||
@@ -104,7 +97,7 @@ $PKGM upgrade -y
|
||||
##-----------------------------##
|
||||
# Installing Requirements #
|
||||
##-----------------------------##
|
||||
$PKGI nginx postfix postfix-mysql php${phpver} php${phpver}-curl php${phpver}-dom php${phpver}-common php${phpver}-imap php${phpver}-zip php${phpver}-fpm php${phpver}-cli php${phpver}-json php${phpver}-mysql php${phpver}-opcache php${phpver}-mbstring php${phpver}-readline libc-client2007e mlock gnupg2 curl dovecot-imapd dovecot-lmtpd dovecot-pop3d dovecot-mysql dovecot-sieve dovecot-managesieved spamassassin spamc razor pyzor clamav clamav-daemon clamsmtp libclamunrar7 clamdscan amavisd-new zip lrzip liblz4-tool lhasa arj unzip bzip2 nomarch cpio lzop cabextract arc apt-listchanges libauthen-sasl-perl libdbd-mysql-perl libdbi-perl libmail-dkim-perl ripole p7zip p7zip-full p7zip-rar rpm unrar unrar-free altermime libsnmp-perl libnet-ldap-perl libnet-ph-perl libnet-snpp-perl libnet-telnet-perl unzip unattended-upgrades fail2ban
|
||||
$PKGI nginx postfix postfix-mysql php${phpver} php${phpver}-curl php${phpver}-dom php${phpver}-common php${phpver}-imap php${phpver}-zip php${phpver}-fpm php${phpver}-cli php${phpver}-json php${phpver}-mysql php${phpver}-opcache php${phpver}-mbstring php${phpver}-readline libc-client2007e mlock gnupg2 curl dovecot-imapd dovecot-lmtpd dovecot-pop3d dovecot-mysql dovecot-sieve dovecot-managesieved spamassassin spamc razor pyzor clamav clamav-daemon clamsmtp libclamunrar7 clamdscan amavisd-new zip lrzip liblz4-tool lhasa arj unzip bzip2 nomarch cpio lzop cabextract arc apt-listchanges libauthen-sasl-perl libdbd-mysql-perl libdbi-perl libmail-dkim-perl ripole p7zip p7zip-full p7zip-rar rpm unrar unrar-free altermime libsnmp-perl libnet-ldap-perl libnet-ph-perl libnet-snpp-perl libnet-telnet-perl unzip unattended-upgrades fail2ban bc python-certbot-nginx
|
||||
|
||||
##-------------##
|
||||
# Debloat #
|
||||
@@ -279,9 +272,6 @@ mysql -u root -p"$password" -e "FLUSH PRIVILEGES;" > $OUTPUT 2>&1
|
||||
##------------------##
|
||||
# PostfixADMIN #
|
||||
##------------------##
|
||||
#$PKGI postfix postfix-mysql
|
||||
#$PKGI php${phpver} php${phpver}-zip php${phpver}-fpm php${phpver}-cli php${phpver}-json php${phpver}-mysql php${phpver}-opcache php${phpver}-mbstring php${phpver}-readline
|
||||
#$PKGI libc-client2007e mlock php${phpver}-common php${phpver}-imap
|
||||
TERM=ansi whiptail --title "Info" --infobox " Configuring PostfixAdmin" 8 52
|
||||
sleep 2
|
||||
mkdir -p /var/www/"$domain"/html/postfixadmin/templates_c
|
||||
@@ -302,15 +292,13 @@ useradd -u 5000 -g vmail -s /usr/sbin/nologin -d /var/mail/vmail -m vmail > $OUT
|
||||
##--------------------##
|
||||
#TERM=ansi whiptail --title "Info" --infobox " Configuring Certbot" 8 52
|
||||
#sleep 2
|
||||
#add-apt-repository ppa:certbot/certbot -y
|
||||
#apt install -y python-certbot-nginx
|
||||
#certbot --nginx -n -d "$domain" -m "$email" --hsts --redirect --no-eff-email --agree-tos
|
||||
#echo "certbot --nginx -n -d $domain -m $email --hsts --redirect --no-eff-email --agree-tos" > ~/certbotactivate.sh
|
||||
#sed -i 's/ssl ipv6only/ssl http2 ipv6only/g' /etc/nginx/sites-available/"$domain"
|
||||
#sed -i 's/listen 443 ssl/listen 443 ssl http2/g' /etc/nginx/sites-available/"$domain"
|
||||
#sed -i 's#include /etc/letsencrypt/options-ssl-nginx.conf;#ssl_ciphers EECDH+CHACHA20:EECDH+AES128:RSA+AES128:EECDH+AES256:RSA+AES256:EECDH+3DES:RSA+3DES:!MD5;#g' /etc/nginx/sites-available/"$domain"
|
||||
#openssl dhparam -out /etc/ssl/certs/dhparam.pem "$dhparam" > $OUTPUT 2>&1
|
||||
#chmod 777 -R /etc/ssl/certs/dhparam.pem
|
||||
#chmod 755 -R /etc/ssl/certs/dhparam.pem
|
||||
|
||||
##----------------------##
|
||||
# Certbot (Manual) #
|
||||
@@ -328,21 +316,14 @@ wget -q -t7 https://git.ictmaatwerk.com/VPS-scripts/Ubuntu-Mail/raw/branch/"$bra
|
||||
wget -q -t7 https://git.ictmaatwerk.com/VPS-scripts/Ubuntu-Mail/raw/branch/"$branch"/config/nginx/site-enabled -O /etc/nginx/sites-available/mail.ictdownwerk.com
|
||||
openssl dhparam -out /etc/ssl/certs/dhparam.pem "$dhparam" > $OUTPUT 2>&1
|
||||
openssl dhparam -out /etc/letsencrypt/ssl-dhparams.pem "$dhparam" > $OUTPUT 2>&1
|
||||
chmod 777 -R /etc/letsencrypt/ssl-dhparams.pem
|
||||
chmod 777 -R /etc/ssl/certs/dhparam.pem
|
||||
chmod 777 -R /etc/letsencrypt/live/$domain/cert.pem
|
||||
chmod 777 -R /etc/letsencrypt/live/$domain/chain.pem
|
||||
chmod 777 -R /etc/letsencrypt/live/$domain/fullchain.pem
|
||||
chmod 777 -R /etc/letsencrypt/live/$domain/privkey.pem
|
||||
chmod 755 -R /etc/letsencrypt/ssl-dhparams.pem
|
||||
chmod 755 -R /etc/ssl/certs/dhparam.pem
|
||||
chmod 755 -R /etc/letsencrypt/live/$domain/cert.pem
|
||||
chmod 755 -R /etc/letsencrypt/live/$domain/chain.pem
|
||||
chmod 755 -R /etc/letsencrypt/live/$domain/fullchain.pem
|
||||
chmod 755 -R /etc/letsencrypt/live/$domain/privkey.pem
|
||||
chmod 644 -R /etc/nginx/sites-available/mail.ictdownwerk.com
|
||||
|
||||
##-----------------------##
|
||||
# Postfix Installer #
|
||||
##-----------------------##
|
||||
debconf-set-selections <<< "postfix postfix/mailname string $(hostname -f)"
|
||||
debconf-set-selections <<< "postfix postfix/main_mailer_type string 'Internet Site'"
|
||||
#$PKGI postfix postfix-mysql
|
||||
|
||||
##---------------------------##
|
||||
# Postfix Configuration #
|
||||
##---------------------------##
|
||||
@@ -386,14 +367,6 @@ postconf -e "smtpd_recipient_restrictions = permit_sasl_authenticated,permit_myn
|
||||
sed -i 's/mynetworks = /#mynetworks = /g' /etc/postfix/main.cf
|
||||
wget -q -t7 https://git.ictmaatwerk.com/VPS-scripts/Ubuntu-Mail/raw/branch/$branch/config/postfix/master.cf -O /etc/postfix/master.cf
|
||||
|
||||
##-----------------------##
|
||||
# Dovecot Installer #
|
||||
##-----------------------##
|
||||
#wget -O- https://repo.dovecot.org/DOVECOT-REPO-GPG | sudo apt-key add -
|
||||
#echo "deb https://repo.dovecot.org/ce-2.3-latest/ubuntu/$(lsb_release -cs) $(lsb_release -cs) main" | sudo tee -a /etc/apt/sources.list.d/dovecot.list
|
||||
#$PKGM update
|
||||
#$PKGI dovecot-imapd dovecot-lmtpd dovecot-pop3d dovecot-mysql
|
||||
|
||||
##---------------------------##
|
||||
# Dovecot Configuration #
|
||||
##---------------------------##
|
||||
@@ -419,7 +392,6 @@ chmod +x /usr/local/bin/quota-warning.sh
|
||||
##--------------------------------------##
|
||||
TERM=ansi whiptail --title "Info" --infobox " Configuring Spam Folder" 8 52
|
||||
sleep 2
|
||||
#$PKGI dovecot-sieve dovecot-managesieved
|
||||
mkdir -p /etc/dovecot/sieve/
|
||||
wget -q -t7 https://git.ictmaatwerk.com/VPS-scripts/Ubuntu-Mail/raw/branch/$branch/config/dovecot/15-lda.conf -O /etc/dovecot/conf.d/15-lda.conf
|
||||
wget -q -t7 https://git.ictmaatwerk.com/VPS-scripts/Ubuntu-Mail/raw/branch/"$branch"/config/dovecot/90-sieve.conf -O /etc/dovecot/conf.d/90-sieve.conf
|
||||
@@ -432,7 +404,6 @@ chgrp dovecot /etc/dovecot/sieve/default.svbin > $OUTPUT 2>&1
|
||||
##------------------##
|
||||
# Spamassassin #
|
||||
##------------------##
|
||||
#$PKGI spamassassin spamc razor pyzor
|
||||
TERM=ansi whiptail --title "Info" --infobox " Configuring Spamassassin" 8 52
|
||||
sleep 2
|
||||
sed -i -e 's/# report_safe 1/report_safe 0/' -e 's/# required_score 5.0/required_score 5.0/' -e 's/endif # Mail::SpamAssassin::Plugin::Shortcircuit//' /etc/spamassassin/local.cf
|
||||
@@ -458,7 +429,6 @@ echo "endif # Mail::SpamAssassin::Plugin::Shortcircuit" >> /etc/spamassassin/loc
|
||||
##------------##
|
||||
# ClamAV #
|
||||
##------------##
|
||||
#$PKGI clamav clamav-daemon clamsmtp libclamunrar7 clamdscan
|
||||
TERM=ansi whiptail --title "Info" --infobox " Configuring ClamAV" 8 52
|
||||
sleep 2
|
||||
mkdir -p /var/log/clamav
|
||||
@@ -470,12 +440,10 @@ chmod 775 -R /var/lib/clamav/* /var/lib/clamav
|
||||
##------------##
|
||||
# Amavis #
|
||||
##------------##
|
||||
#$PKGI amavisd-new
|
||||
#$PKGI zip lrzip liblz4-tool lhasa arj unzip bzip2 nomarch cpio lzop cabextract arc apt-listchanges libauthen-sasl-perl libdbd-mysql-perl libdbi-perl libmail-dkim-perl ripole p7zip p7zip-full p7zip-rar rpm unrar unrar-free altermime libsnmp-perl libnet-ldap-perl libnet-ph-perl libnet-snpp-perl libnet-telnet-perl
|
||||
TERM=ansi whiptail --title "Info" --infobox " Configuring Amavis" 8 52
|
||||
sleep 2
|
||||
sed -i -e 's/@bypass/'@bypass'/' -e 's/ / /' /etc/amavis/conf.d/15-content_filter_mode
|
||||
adduser clamav amavis >/dev/null
|
||||
adduser clamav amavis > $OUTPUT 2>&1
|
||||
sed -i 's/clamd.conf/'clamd.conf'/g' /etc/clamav/freshclam.conf
|
||||
echo "#Pipe incoming mail trough Amavis" >> /etc/postfix/main.cf
|
||||
postconf -e 'content_filter = amavis:[127.0.0.1]:10024'
|
||||
@@ -506,7 +474,6 @@ wget -q -t7 https://git.ictmaatwerk.com/VPS-scripts/Ubuntu-Mail/raw/branch/"$bra
|
||||
##--------------##
|
||||
# Rainloop #
|
||||
##--------------##
|
||||
#$PKGI unzip
|
||||
TERM=ansi whiptail --title "Info" --infobox " Configuring Rainloop" 8 52
|
||||
sleep 2
|
||||
wget -q -t7 https://git.ictmaatwerk.com/VPS-scripts/Ubuntu-Mail/raw/branch/"$branch"/rainloop.sh -O /tmp/rainloop.sh
|
||||
@@ -516,7 +483,6 @@ ln -s /opt/rainloop /var/www/"$domain"/html/
|
||||
##--------------##
|
||||
# Fail2Ban #
|
||||
##--------------##
|
||||
#$PKGI fail2ban
|
||||
TERM=ansi whiptail --title "Info" --infobox " Configuring Fail2Ban" 8 52
|
||||
sleep 2
|
||||
wget -q -t7 https://git.ictmaatwerk.com/VPS-scripts/Ubuntu-Mail/raw/branch/"$branch"/config/fail2ban/dovecot-pop3imap.conf -O /etc/fail2ban/filter.d/dovecot-pop3imap.conf
|
||||
@@ -534,28 +500,14 @@ sleep 2
|
||||
wget -q -t7 https://git.ictmaatwerk.com/VPS-scripts/Unattended-Security-Updates/raw/branch/master/installer.sh -O /tmp/unattended.sh
|
||||
source /tmp/unattended.sh
|
||||
|
||||
##-----------------------##
|
||||
# Enabling services #
|
||||
##-----------------------##
|
||||
TERM=ansi whiptail --title "Info" --infobox " Enabling Services" 8 52
|
||||
##---------------------##
|
||||
# System services #
|
||||
##---------------------##
|
||||
TERM=ansi whiptail --title "Info" --infobox " Setting up system services" 8 52
|
||||
sleep 2
|
||||
systemctl enable nginx mysql postfix postfix@- dovecot fail2ban clamav-daemon clamav-freshclam clamsmtp spamassassin > $OUTPUT 2>&1
|
||||
|
||||
##-----------------------------------------##
|
||||
# Disabling services autostart on boot #
|
||||
##-----------------------------------------##
|
||||
systemctl disable amavisd-snmp-subagent amavis-mc
|
||||
|
||||
##----------------------##
|
||||
# Stopping services #
|
||||
##----------------------##
|
||||
systemctl stop amavisd-snmp-subagent amavis-mc postfix dovecot
|
||||
|
||||
##-----------------------##
|
||||
# Starting services #
|
||||
##-----------------------##
|
||||
TERM=ansi whiptail --title "Info" --infobox " Restarting Services" 8 52
|
||||
sleep 1
|
||||
systemctl disable amavisd-snmp-subagent amavis-mc > $OUTPUT 2>&1
|
||||
systemctl stop amavisd-snmp-subagent amavis-mc postfix dovecot > $OUTPUT 2>&1
|
||||
systemctl restart nginx mysql postfix@- fail2ban clamav-daemon clamav-freshclam clamsmtp spamassassin > $OUTPUT 2>&1
|
||||
|
||||
##---------------------------------##
|
||||
@@ -567,14 +519,10 @@ systemctl restart nginx mysql postfix@- fail2ban clamav-daemon clamav-freshclam
|
||||
done
|
||||
} | whiptail --gauge " Please wait while ClamAV is updating definitions..." 6 52 0
|
||||
|
||||
##-------------------------------------------##
|
||||
# Starting AntiVirus & AntiSpam services #
|
||||
##-------------------------------------------##
|
||||
systemctl start amavisd-snmp-subagent amavis-mc postfix dovecot
|
||||
|
||||
##-----------------------------------##
|
||||
# Letting Amavis wait for ClamAV #
|
||||
##-----------------------------------##
|
||||
##-------------------------##
|
||||
# Configuring Services #
|
||||
##-------------------------##
|
||||
systemctl start amavisd-snmp-subagent amavis-mc postfix dovecot > $OUTPUT 2>&1
|
||||
echo "@reboot root systemctl stop amavisd-snmp-subagent amavis-mc postfix dovecot && sleep 300 && systemctl start amavisd-snmp-subagent amavis-mc postfix dovecot" >> /etc/crontab
|
||||
|
||||
##------------------##
|
||||
@@ -591,6 +539,6 @@ $PKGM autoremove -y
|
||||
##----------------------##
|
||||
TERM=ansi whiptail --title "Info" --infobox " Done installing!" 8 52
|
||||
sleep 3
|
||||
whiptail --title "Info" --msgbox "Point your browser to https://$domain/postfixadmin to get started \n\nYour login is: superadmin@$domonly\nYour password is: $password" 10 108
|
||||
whiptail --title "Credits" --msgbox " Made by: your local Wizard and God" 8 78
|
||||
whiptail --title "Info" --msgbox "Point your browser to https://$domain/postfixadmin to get started" 8 108
|
||||
clear
|
||||
Reference in New Issue
Block a user