From 18f40739c9531bd0799fb2391af91b41bb848b68 Mon Sep 17 00:00:00 2001 From: "b.waal" Date: Thu, 19 Sep 2019 02:51:33 +0200 Subject: [PATCH] Cleanup Added Certbot PPA to the beginning of the script. Installing Certbot and all of it's plugins at the start. Added $OUTPUT variables where necessary. Cleaned up the section "Services". Added whiptail messagebox at the end of the script to display the url, admin login and password. Removed all deprecated "apt install -y" sections. Corrected a few lines for the UI menu. --- installer.sh | 126 +++++++++++++++------------------------------------ 1 file changed, 37 insertions(+), 89 deletions(-) diff --git a/installer.sh b/installer.sh index bdda6b0..b53c516 100644 --- a/installer.sh +++ b/installer.sh @@ -1,8 +1,4 @@ #!/bin/bash -###==========================================### -## Ubuntu 18.04 Mailserver installer ## -###==========================================### - ##----------## # Menu # ##----------## @@ -33,34 +29,30 @@ if (whiptail --title "Ubuntu 18.04 Mail Server" --yesno " Do yo exit fi echo "" >/dev/null -#password=$(whiptail --nocancel --passwordbox "Please enter your password (should contain at least 2 digits and 6 characters)" 8 82 --title "Config" 3>&1 1>&2 2>&3) -#domain=$(whiptail --nocancel --inputbox " Enter the Domain without www or mail." 8 82 --title "Config" 3>&1 1>&2 2>&3) -##email=$(whiptail --nocancel --inputbox " Enter the Administrator E-mail" 8 82 --title "Config" 3>&1 1>&2 2>&3) +password=$(whiptail --nocancel --passwordbox "Please enter your password (should contain at least 2 digits and 6 characters)" 8 82 --title "Config" 3>&1 1>&2 2>&3) +domain=$(whiptail --nocancel --inputbox " Enter the domain without www or mail." 8 82 --title "Config" 3>&1 1>&2 2>&3) +email=$(whiptail --nocancel --inputbox " Enter the administrator e-mail" 8 82 --title "Config" 3>&1 1>&2 2>&3) elif [ $IMODE = l ]; then echo "" >/dev/null -#echo "Ubuntu 18.04 Mailserver installation script." -#echo "Domain without www or mail:" -#read domain -#echo "Please enter your password (should contain at least 2 digits and 6 characters:" -#read password -#echo "Administrator E-mail:" -#read email +echo "Ubuntu 18.04 Mailserver installation script." +echo "Domain without www or e-mail:" +read domain +echo "Please enter your password (should contain at least 2 digits and 6 characters:" +read password +echo "Administrator E-mail:" +read email fi -PKGA="add-apt-repository" -PKGI="${PKGM} install -y" - ##-----------------## # Static-Vars # ##-----------------## -domain=ictdownwerk.com -password=JW9t9ipdgLrWvMqHq7hX -email=admin@ictdagbesteding.nl phpver=7.3 domonly=${domain} domain=mail.${domain} branch=stable dhparam=1024 +PKGA="add-apt-repository" +PKGI="${PKGM} install -y" debconf-set-selections <<< "postfix postfix/mailname string $(hostname -f)" debconf-set-selections <<< "postfix postfix/main_mailer_type string 'Internet Site'" @@ -71,9 +63,9 @@ TERM=ansi whiptail --title "Info" --infobox " Pre-Configuring" 8 sleep 2 hostnamectl set-hostname $domain > $OUTPUT 2>&1 timedatectl set-timezone Europe/Amsterdam > $OUTPUT 2>&1 -mkdir -p /var/run/clamav -adduser --system --no-create-home --disabled-password --disabled-login --shell /bin/false --group --home /var/lib/clamav clamav -chown clamav:clamav /var/run/clamav +#mkdir -p /var/run/clamav +#adduser --system --no-create-home --disabled-password --disabled-login --shell /bin/false --group --home /var/lib/clamav clamav +#chown clamav:clamav /var/run/clamav mkdir -p /etc/nginx mkdir -p /var/www/"$domain"/html chmod -R 755 /var/www @@ -96,7 +88,8 @@ $PKGM update $PKGI software-properties-common sudo $PKGA universe -y > $OUTPUT 2>&1 $PKGA ppa:ondrej/php -y > $OUTPUT 2>&1 -wget -q -O- https://repo.dovecot.org/DOVECOT-REPO-GPG | sudo apt-key add - +$PKGA ppa:certbot/certbot -y > $OUTPUT 2>&1 +wget -q -t7 -O- https://repo.dovecot.org/DOVECOT-REPO-GPG | sudo apt-key add - echo "deb https://repo.dovecot.org/ce-2.3-latest/ubuntu/$(lsb_release -cs) $(lsb_release -cs) main" | sudo tee -a /etc/apt/sources.list.d/dovecot.list > $OUTPUT 2>&1 $PKGM update $PKGM upgrade -y @@ -104,7 +97,7 @@ $PKGM upgrade -y ##-----------------------------## # Installing Requirements # ##-----------------------------## -$PKGI nginx postfix postfix-mysql php${phpver} php${phpver}-curl php${phpver}-dom php${phpver}-common php${phpver}-imap php${phpver}-zip php${phpver}-fpm php${phpver}-cli php${phpver}-json php${phpver}-mysql php${phpver}-opcache php${phpver}-mbstring php${phpver}-readline libc-client2007e mlock gnupg2 curl dovecot-imapd dovecot-lmtpd dovecot-pop3d dovecot-mysql dovecot-sieve dovecot-managesieved spamassassin spamc razor pyzor clamav clamav-daemon clamsmtp libclamunrar7 clamdscan amavisd-new zip lrzip liblz4-tool lhasa arj unzip bzip2 nomarch cpio lzop cabextract arc apt-listchanges libauthen-sasl-perl libdbd-mysql-perl libdbi-perl libmail-dkim-perl ripole p7zip p7zip-full p7zip-rar rpm unrar unrar-free altermime libsnmp-perl libnet-ldap-perl libnet-ph-perl libnet-snpp-perl libnet-telnet-perl unzip unattended-upgrades fail2ban +$PKGI nginx postfix postfix-mysql php${phpver} php${phpver}-curl php${phpver}-dom php${phpver}-common php${phpver}-imap php${phpver}-zip php${phpver}-fpm php${phpver}-cli php${phpver}-json php${phpver}-mysql php${phpver}-opcache php${phpver}-mbstring php${phpver}-readline libc-client2007e mlock gnupg2 curl dovecot-imapd dovecot-lmtpd dovecot-pop3d dovecot-mysql dovecot-sieve dovecot-managesieved spamassassin spamc razor pyzor clamav clamav-daemon clamsmtp libclamunrar7 clamdscan amavisd-new zip lrzip liblz4-tool lhasa arj unzip bzip2 nomarch cpio lzop cabextract arc apt-listchanges libauthen-sasl-perl libdbd-mysql-perl libdbi-perl libmail-dkim-perl ripole p7zip p7zip-full p7zip-rar rpm unrar unrar-free altermime libsnmp-perl libnet-ldap-perl libnet-ph-perl libnet-snpp-perl libnet-telnet-perl unzip unattended-upgrades fail2ban bc python-certbot-nginx ##-------------## # Debloat # @@ -279,9 +272,6 @@ mysql -u root -p"$password" -e "FLUSH PRIVILEGES;" > $OUTPUT 2>&1 ##------------------## # PostfixADMIN # ##------------------## -#$PKGI postfix postfix-mysql -#$PKGI php${phpver} php${phpver}-zip php${phpver}-fpm php${phpver}-cli php${phpver}-json php${phpver}-mysql php${phpver}-opcache php${phpver}-mbstring php${phpver}-readline -#$PKGI libc-client2007e mlock php${phpver}-common php${phpver}-imap TERM=ansi whiptail --title "Info" --infobox " Configuring PostfixAdmin" 8 52 sleep 2 mkdir -p /var/www/"$domain"/html/postfixadmin/templates_c @@ -302,15 +292,13 @@ useradd -u 5000 -g vmail -s /usr/sbin/nologin -d /var/mail/vmail -m vmail > $OUT ##--------------------## #TERM=ansi whiptail --title "Info" --infobox " Configuring Certbot" 8 52 #sleep 2 -#add-apt-repository ppa:certbot/certbot -y -#apt install -y python-certbot-nginx #certbot --nginx -n -d "$domain" -m "$email" --hsts --redirect --no-eff-email --agree-tos #echo "certbot --nginx -n -d $domain -m $email --hsts --redirect --no-eff-email --agree-tos" > ~/certbotactivate.sh #sed -i 's/ssl ipv6only/ssl http2 ipv6only/g' /etc/nginx/sites-available/"$domain" #sed -i 's/listen 443 ssl/listen 443 ssl http2/g' /etc/nginx/sites-available/"$domain" #sed -i 's#include /etc/letsencrypt/options-ssl-nginx.conf;#ssl_ciphers EECDH+CHACHA20:EECDH+AES128:RSA+AES128:EECDH+AES256:RSA+AES256:EECDH+3DES:RSA+3DES:!MD5;#g' /etc/nginx/sites-available/"$domain" #openssl dhparam -out /etc/ssl/certs/dhparam.pem "$dhparam" > $OUTPUT 2>&1 -#chmod 777 -R /etc/ssl/certs/dhparam.pem +#chmod 755 -R /etc/ssl/certs/dhparam.pem ##----------------------## # Certbot (Manual) # @@ -328,21 +316,14 @@ wget -q -t7 https://git.ictmaatwerk.com/VPS-scripts/Ubuntu-Mail/raw/branch/"$bra wget -q -t7 https://git.ictmaatwerk.com/VPS-scripts/Ubuntu-Mail/raw/branch/"$branch"/config/nginx/site-enabled -O /etc/nginx/sites-available/mail.ictdownwerk.com openssl dhparam -out /etc/ssl/certs/dhparam.pem "$dhparam" > $OUTPUT 2>&1 openssl dhparam -out /etc/letsencrypt/ssl-dhparams.pem "$dhparam" > $OUTPUT 2>&1 -chmod 777 -R /etc/letsencrypt/ssl-dhparams.pem -chmod 777 -R /etc/ssl/certs/dhparam.pem -chmod 777 -R /etc/letsencrypt/live/$domain/cert.pem -chmod 777 -R /etc/letsencrypt/live/$domain/chain.pem -chmod 777 -R /etc/letsencrypt/live/$domain/fullchain.pem -chmod 777 -R /etc/letsencrypt/live/$domain/privkey.pem +chmod 755 -R /etc/letsencrypt/ssl-dhparams.pem +chmod 755 -R /etc/ssl/certs/dhparam.pem +chmod 755 -R /etc/letsencrypt/live/$domain/cert.pem +chmod 755 -R /etc/letsencrypt/live/$domain/chain.pem +chmod 755 -R /etc/letsencrypt/live/$domain/fullchain.pem +chmod 755 -R /etc/letsencrypt/live/$domain/privkey.pem chmod 644 -R /etc/nginx/sites-available/mail.ictdownwerk.com -##-----------------------## -# Postfix Installer # -##-----------------------## -debconf-set-selections <<< "postfix postfix/mailname string $(hostname -f)" -debconf-set-selections <<< "postfix postfix/main_mailer_type string 'Internet Site'" -#$PKGI postfix postfix-mysql - ##---------------------------## # Postfix Configuration # ##---------------------------## @@ -386,14 +367,6 @@ postconf -e "smtpd_recipient_restrictions = permit_sasl_authenticated,permit_myn sed -i 's/mynetworks = /#mynetworks = /g' /etc/postfix/main.cf wget -q -t7 https://git.ictmaatwerk.com/VPS-scripts/Ubuntu-Mail/raw/branch/$branch/config/postfix/master.cf -O /etc/postfix/master.cf -##-----------------------## -# Dovecot Installer # -##-----------------------## -#wget -O- https://repo.dovecot.org/DOVECOT-REPO-GPG | sudo apt-key add - -#echo "deb https://repo.dovecot.org/ce-2.3-latest/ubuntu/$(lsb_release -cs) $(lsb_release -cs) main" | sudo tee -a /etc/apt/sources.list.d/dovecot.list -#$PKGM update -#$PKGI dovecot-imapd dovecot-lmtpd dovecot-pop3d dovecot-mysql - ##---------------------------## # Dovecot Configuration # ##---------------------------## @@ -419,7 +392,6 @@ chmod +x /usr/local/bin/quota-warning.sh ##--------------------------------------## TERM=ansi whiptail --title "Info" --infobox " Configuring Spam Folder" 8 52 sleep 2 -#$PKGI dovecot-sieve dovecot-managesieved mkdir -p /etc/dovecot/sieve/ wget -q -t7 https://git.ictmaatwerk.com/VPS-scripts/Ubuntu-Mail/raw/branch/$branch/config/dovecot/15-lda.conf -O /etc/dovecot/conf.d/15-lda.conf wget -q -t7 https://git.ictmaatwerk.com/VPS-scripts/Ubuntu-Mail/raw/branch/"$branch"/config/dovecot/90-sieve.conf -O /etc/dovecot/conf.d/90-sieve.conf @@ -432,7 +404,6 @@ chgrp dovecot /etc/dovecot/sieve/default.svbin > $OUTPUT 2>&1 ##------------------## # Spamassassin # ##------------------## -#$PKGI spamassassin spamc razor pyzor TERM=ansi whiptail --title "Info" --infobox " Configuring Spamassassin" 8 52 sleep 2 sed -i -e 's/# report_safe 1/report_safe 0/' -e 's/# required_score 5.0/required_score 5.0/' -e 's/endif # Mail::SpamAssassin::Plugin::Shortcircuit//' /etc/spamassassin/local.cf @@ -458,7 +429,6 @@ echo "endif # Mail::SpamAssassin::Plugin::Shortcircuit" >> /etc/spamassassin/loc ##------------## # ClamAV # ##------------## -#$PKGI clamav clamav-daemon clamsmtp libclamunrar7 clamdscan TERM=ansi whiptail --title "Info" --infobox " Configuring ClamAV" 8 52 sleep 2 mkdir -p /var/log/clamav @@ -470,12 +440,10 @@ chmod 775 -R /var/lib/clamav/* /var/lib/clamav ##------------## # Amavis # ##------------## -#$PKGI amavisd-new -#$PKGI zip lrzip liblz4-tool lhasa arj unzip bzip2 nomarch cpio lzop cabextract arc apt-listchanges libauthen-sasl-perl libdbd-mysql-perl libdbi-perl libmail-dkim-perl ripole p7zip p7zip-full p7zip-rar rpm unrar unrar-free altermime libsnmp-perl libnet-ldap-perl libnet-ph-perl libnet-snpp-perl libnet-telnet-perl TERM=ansi whiptail --title "Info" --infobox " Configuring Amavis" 8 52 sleep 2 sed -i -e 's/@bypass/'@bypass'/' -e 's/ / /' /etc/amavis/conf.d/15-content_filter_mode -adduser clamav amavis >/dev/null +adduser clamav amavis > $OUTPUT 2>&1 sed -i 's/clamd.conf/'clamd.conf'/g' /etc/clamav/freshclam.conf echo "#Pipe incoming mail trough Amavis" >> /etc/postfix/main.cf postconf -e 'content_filter = amavis:[127.0.0.1]:10024' @@ -506,7 +474,6 @@ wget -q -t7 https://git.ictmaatwerk.com/VPS-scripts/Ubuntu-Mail/raw/branch/"$bra ##--------------## # Rainloop # ##--------------## -#$PKGI unzip TERM=ansi whiptail --title "Info" --infobox " Configuring Rainloop" 8 52 sleep 2 wget -q -t7 https://git.ictmaatwerk.com/VPS-scripts/Ubuntu-Mail/raw/branch/"$branch"/rainloop.sh -O /tmp/rainloop.sh @@ -516,7 +483,6 @@ ln -s /opt/rainloop /var/www/"$domain"/html/ ##--------------## # Fail2Ban # ##--------------## -#$PKGI fail2ban TERM=ansi whiptail --title "Info" --infobox " Configuring Fail2Ban" 8 52 sleep 2 wget -q -t7 https://git.ictmaatwerk.com/VPS-scripts/Ubuntu-Mail/raw/branch/"$branch"/config/fail2ban/dovecot-pop3imap.conf -O /etc/fail2ban/filter.d/dovecot-pop3imap.conf @@ -534,28 +500,14 @@ sleep 2 wget -q -t7 https://git.ictmaatwerk.com/VPS-scripts/Unattended-Security-Updates/raw/branch/master/installer.sh -O /tmp/unattended.sh source /tmp/unattended.sh -##-----------------------## -# Enabling services # -##-----------------------## -TERM=ansi whiptail --title "Info" --infobox " Enabling Services" 8 52 +##---------------------## +# System services # +##---------------------## +TERM=ansi whiptail --title "Info" --infobox " Setting up system services" 8 52 sleep 2 systemctl enable nginx mysql postfix postfix@- dovecot fail2ban clamav-daemon clamav-freshclam clamsmtp spamassassin > $OUTPUT 2>&1 - -##-----------------------------------------## -# Disabling services autostart on boot # -##-----------------------------------------## -systemctl disable amavisd-snmp-subagent amavis-mc - -##----------------------## -# Stopping services # -##----------------------## -systemctl stop amavisd-snmp-subagent amavis-mc postfix dovecot - -##-----------------------## -# Starting services # -##-----------------------## -TERM=ansi whiptail --title "Info" --infobox " Restarting Services" 8 52 -sleep 1 +systemctl disable amavisd-snmp-subagent amavis-mc > $OUTPUT 2>&1 +systemctl stop amavisd-snmp-subagent amavis-mc postfix dovecot > $OUTPUT 2>&1 systemctl restart nginx mysql postfix@- fail2ban clamav-daemon clamav-freshclam clamsmtp spamassassin > $OUTPUT 2>&1 ##---------------------------------## @@ -567,14 +519,10 @@ systemctl restart nginx mysql postfix@- fail2ban clamav-daemon clamav-freshclam done } | whiptail --gauge " Please wait while ClamAV is updating definitions..." 6 52 0 -##-------------------------------------------## -# Starting AntiVirus & AntiSpam services # -##-------------------------------------------## -systemctl start amavisd-snmp-subagent amavis-mc postfix dovecot - -##-----------------------------------## -# Letting Amavis wait for ClamAV # -##-----------------------------------## +##-------------------------## +# Configuring Services # +##-------------------------## +systemctl start amavisd-snmp-subagent amavis-mc postfix dovecot > $OUTPUT 2>&1 echo "@reboot root systemctl stop amavisd-snmp-subagent amavis-mc postfix dovecot && sleep 300 && systemctl start amavisd-snmp-subagent amavis-mc postfix dovecot" >> /etc/crontab ##------------------## @@ -591,6 +539,6 @@ $PKGM autoremove -y ##----------------------## TERM=ansi whiptail --title "Info" --infobox " Done installing!" 8 52 sleep 3 +whiptail --title "Info" --msgbox "Point your browser to https://$domain/postfixadmin to get started \n\nYour login is: superadmin@$domonly\nYour password is: $password" 10 108 whiptail --title "Credits" --msgbox " Made by: your local Wizard and God" 8 78 -whiptail --title "Info" --msgbox "Point your browser to https://$domain/postfixadmin to get started" 8 108 clear \ No newline at end of file