Cleanup

Added Certbot PPA to the beginning of the script. Installing Certbot and all of it's plugins at the start. Added $OUTPUT variables where necessary. Cleaned up the section "Services". Added whiptail messagebox at the end of the script to display the url, admin login and password. Removed all deprecated "apt install -y" sections. Corrected a few lines for the UI menu.
2019-09-19 02:51:33 +02:00
parent 6b93846d95
commit 18f40739c9
1 changed files with 37 additions and 89 deletions
--- a/installer.sh
+++ b/installer.sh
@@ -1,8 +1,4 @@
 #!/bin/bash
 ###==========================================###
 ##      Ubuntu 18.04 Mailserver installer     ## 
 ###==========================================###
 ##----------##
 #    Menu    #
 ##----------##
@@ -33,34 +29,30 @@ if (whiptail --title "Ubuntu 18.04 Mail Server" --yesno "                  Do yo
        exit
 fi
 echo "" >/dev/null
-#password=$(whiptail --nocancel --passwordbox "Please enter your password (should contain at least 2 digits and 6 characters)" 8 82 --title "Config" 3>&1 1>&2 2>&3)
+password=$(whiptail --nocancel --passwordbox "Please enter your password (should contain at least 2 digits and 6 characters)" 8 82 --title "Config" 3>&1 1>&2 2>&3)
-#domain=$(whiptail --nocancel --inputbox "                     Enter the Domain without www or mail." 8 82 --title "Config" 3>&1 1>&2 2>&3)
+domain=$(whiptail --nocancel --inputbox "                     Enter the domain without www or mail." 8 82 --title "Config" 3>&1 1>&2 2>&3)
-##email=$(whiptail --nocancel --inputbox "                        Enter the Administrator E-mail" 8 82 --title "Config" 3>&1 1>&2 2>&3)
+email=$(whiptail --nocancel --inputbox "                        Enter the administrator e-mail" 8 82 --title "Config" 3>&1 1>&2 2>&3)
 elif [ $IMODE = l ]; then
 echo "" >/dev/null
-#echo "Ubuntu 18.04 Mailserver installation script."
+echo "Ubuntu 18.04 Mailserver installation script."
-#echo "Domain without www or mail:"
+echo "Domain without www or e-mail:"
-#read domain
+read domain
-#echo "Please enter your password (should contain at least 2 digits and 6 characters:"
+echo "Please enter your password (should contain at least 2 digits and 6 characters:"
-#read password
+read password
-#echo "Administrator E-mail:"
+echo "Administrator E-mail:"
-#read email
+read email
 fi
 PKGA="add-apt-repository"
 PKGI="${PKGM} install -y"
 ##-----------------##
 #    Static-Vars    #
 ##-----------------##
 domain=ictdownwerk.com
 password=JW9t9ipdgLrWvMqHq7hX
 email=admin@ictdagbesteding.nl
 phpver=7.3
 domonly=${domain}
 domain=mail.${domain}
 branch=stable
 dhparam=1024
 PKGA="add-apt-repository"
 PKGI="${PKGM} install -y"
 debconf-set-selections <<< "postfix postfix/mailname string $(hostname -f)"
 debconf-set-selections <<< "postfix postfix/main_mailer_type string 'Internet Site'"
@@ -71,9 +63,9 @@ TERM=ansi whiptail --title "Info" --infobox "                Pre-Configuring" 8
 sleep 2
 hostnamectl set-hostname $domain > $OUTPUT 2>&1
 timedatectl set-timezone Europe/Amsterdam > $OUTPUT 2>&1
-mkdir -p /var/run/clamav
+#mkdir -p /var/run/clamav
-adduser --system --no-create-home --disabled-password --disabled-login --shell /bin/false --group --home /var/lib/clamav clamav
+#adduser --system --no-create-home --disabled-password --disabled-login --shell /bin/false --group --home /var/lib/clamav clamav
-chown clamav:clamav /var/run/clamav
+#chown clamav:clamav /var/run/clamav
 mkdir -p /etc/nginx
 mkdir -p /var/www/"$domain"/html
 chmod -R 755 /var/www
@@ -96,7 +88,8 @@ $PKGM update
 $PKGI software-properties-common sudo
 $PKGA universe -y > $OUTPUT 2>&1
 $PKGA ppa:ondrej/php -y > $OUTPUT 2>&1
-wget -q -O- https://repo.dovecot.org/DOVECOT-REPO-GPG | sudo apt-key add -
+$PKGA ppa:certbot/certbot -y > $OUTPUT 2>&1
 wget -q -t7 -O- https://repo.dovecot.org/DOVECOT-REPO-GPG | sudo apt-key add -
 echo "deb https://repo.dovecot.org/ce-2.3-latest/ubuntu/$(lsb_release -cs) $(lsb_release -cs) main" | sudo tee -a /etc/apt/sources.list.d/dovecot.list > $OUTPUT 2>&1
 $PKGM update
 $PKGM upgrade -y
@@ -104,7 +97,7 @@ $PKGM upgrade -y
 ##-----------------------------##
 #    Installing Requirements    #
 ##-----------------------------##
-$PKGI nginx postfix postfix-mysql php${phpver} php${phpver}-curl php${phpver}-dom php${phpver}-common php${phpver}-imap php${phpver}-zip php${phpver}-fpm php${phpver}-cli php${phpver}-json php${phpver}-mysql php${phpver}-opcache php${phpver}-mbstring php${phpver}-readline libc-client2007e mlock gnupg2 curl dovecot-imapd dovecot-lmtpd dovecot-pop3d dovecot-mysql dovecot-sieve dovecot-managesieved spamassassin spamc razor pyzor clamav clamav-daemon clamsmtp libclamunrar7 clamdscan amavisd-new zip lrzip liblz4-tool lhasa arj unzip bzip2 nomarch cpio lzop cabextract arc apt-listchanges libauthen-sasl-perl libdbd-mysql-perl libdbi-perl libmail-dkim-perl ripole p7zip p7zip-full p7zip-rar rpm unrar unrar-free altermime libsnmp-perl libnet-ldap-perl libnet-ph-perl libnet-snpp-perl libnet-telnet-perl unzip unattended-upgrades fail2ban
+$PKGI nginx postfix postfix-mysql php${phpver} php${phpver}-curl php${phpver}-dom php${phpver}-common php${phpver}-imap php${phpver}-zip php${phpver}-fpm php${phpver}-cli php${phpver}-json php${phpver}-mysql php${phpver}-opcache php${phpver}-mbstring php${phpver}-readline libc-client2007e mlock gnupg2 curl dovecot-imapd dovecot-lmtpd dovecot-pop3d dovecot-mysql dovecot-sieve dovecot-managesieved spamassassin spamc razor pyzor clamav clamav-daemon clamsmtp libclamunrar7 clamdscan amavisd-new zip lrzip liblz4-tool lhasa arj unzip bzip2 nomarch cpio lzop cabextract arc apt-listchanges libauthen-sasl-perl libdbd-mysql-perl libdbi-perl libmail-dkim-perl ripole p7zip p7zip-full p7zip-rar rpm unrar unrar-free altermime libsnmp-perl libnet-ldap-perl libnet-ph-perl libnet-snpp-perl libnet-telnet-perl unzip unattended-upgrades fail2ban bc python-certbot-nginx
 ##-------------##
 #    Debloat    #
@@ -279,9 +272,6 @@ mysql -u root -p"$password" -e "FLUSH PRIVILEGES;" > $OUTPUT 2>&1
 ##------------------##
 #    PostfixADMIN    #
 ##------------------##
 #$PKGI postfix postfix-mysql
 #$PKGI php${phpver} php${phpver}-zip php${phpver}-fpm php${phpver}-cli php${phpver}-json php${phpver}-mysql php${phpver}-opcache php${phpver}-mbstring php${phpver}-readline
 #$PKGI libc-client2007e mlock php${phpver}-common php${phpver}-imap
 TERM=ansi whiptail --title "Info" --infobox "           Configuring PostfixAdmin" 8 52
 sleep 2
 mkdir -p /var/www/"$domain"/html/postfixadmin/templates_c
@@ -302,15 +292,13 @@ useradd -u 5000 -g vmail -s /usr/sbin/nologin -d /var/mail/vmail -m vmail > $OUT
 ##--------------------##
 #TERM=ansi whiptail --title "Info" --infobox "              Configuring Certbot" 8 52
 #sleep 2
 #add-apt-repository ppa:certbot/certbot -y
 #apt install -y python-certbot-nginx
 #certbot --nginx -n -d "$domain" -m "$email" --hsts --redirect --no-eff-email --agree-tos
 #echo "certbot --nginx -n -d $domain -m $email --hsts --redirect --no-eff-email --agree-tos" > ~/certbotactivate.sh
 #sed -i 's/ssl ipv6only/ssl http2 ipv6only/g' /etc/nginx/sites-available/"$domain"
 #sed -i 's/listen 443 ssl/listen 443 ssl http2/g' /etc/nginx/sites-available/"$domain"
 #sed -i 's#include /etc/letsencrypt/options-ssl-nginx.conf;#ssl_ciphers EECDH+CHACHA20:EECDH+AES128:RSA+AES128:EECDH+AES256:RSA+AES256:EECDH+3DES:RSA+3DES:!MD5;#g' /etc/nginx/sites-available/"$domain"
 #openssl dhparam -out /etc/ssl/certs/dhparam.pem "$dhparam" > $OUTPUT 2>&1
-#chmod 777 -R /etc/ssl/certs/dhparam.pem
+#chmod 755 -R /etc/ssl/certs/dhparam.pem
 ##----------------------##
 #    Certbot (Manual)    #
@@ -328,21 +316,14 @@ wget -q -t7 https://git.ictmaatwerk.com/VPS-scripts/Ubuntu-Mail/raw/branch/"$bra
 wget -q -t7 https://git.ictmaatwerk.com/VPS-scripts/Ubuntu-Mail/raw/branch/"$branch"/config/nginx/site-enabled -O /etc/nginx/sites-available/mail.ictdownwerk.com
 openssl dhparam -out /etc/ssl/certs/dhparam.pem "$dhparam" > $OUTPUT 2>&1
 openssl dhparam -out /etc/letsencrypt/ssl-dhparams.pem "$dhparam" > $OUTPUT 2>&1
-chmod 777 -R /etc/letsencrypt/ssl-dhparams.pem
+chmod 755 -R /etc/letsencrypt/ssl-dhparams.pem
-chmod 777 -R /etc/ssl/certs/dhparam.pem
+chmod 755 -R /etc/ssl/certs/dhparam.pem
-chmod 777 -R /etc/letsencrypt/live/$domain/cert.pem
+chmod 755 -R /etc/letsencrypt/live/$domain/cert.pem
-chmod 777 -R /etc/letsencrypt/live/$domain/chain.pem
+chmod 755 -R /etc/letsencrypt/live/$domain/chain.pem
-chmod 777 -R /etc/letsencrypt/live/$domain/fullchain.pem
+chmod 755 -R /etc/letsencrypt/live/$domain/fullchain.pem
-chmod 777 -R /etc/letsencrypt/live/$domain/privkey.pem
+chmod 755 -R /etc/letsencrypt/live/$domain/privkey.pem
 chmod 644 -R /etc/nginx/sites-available/mail.ictdownwerk.com
 ##-----------------------##
 #    Postfix Installer    #
 ##-----------------------##
 debconf-set-selections <<< "postfix postfix/mailname string $(hostname -f)"
 debconf-set-selections <<< "postfix postfix/main_mailer_type string 'Internet Site'"
 #$PKGI postfix postfix-mysql
 ##---------------------------##
 #    Postfix Configuration    #
 ##---------------------------##
@@ -386,14 +367,6 @@ postconf -e "smtpd_recipient_restrictions = permit_sasl_authenticated,permit_myn
 sed -i 's/mynetworks = /#mynetworks = /g' /etc/postfix/main.cf
 wget -q -t7 https://git.ictmaatwerk.com/VPS-scripts/Ubuntu-Mail/raw/branch/$branch/config/postfix/master.cf -O /etc/postfix/master.cf
 ##-----------------------##
 #    Dovecot Installer    #
 ##-----------------------##
 #wget -O- https://repo.dovecot.org/DOVECOT-REPO-GPG | sudo apt-key add -
 #echo "deb https://repo.dovecot.org/ce-2.3-latest/ubuntu/$(lsb_release -cs) $(lsb_release -cs) main" | sudo tee -a /etc/apt/sources.list.d/dovecot.list
 #$PKGM update
 #$PKGI dovecot-imapd dovecot-lmtpd dovecot-pop3d dovecot-mysql
 ##---------------------------##
 #    Dovecot Configuration    #
 ##---------------------------##
@@ -419,7 +392,6 @@ chmod +x /usr/local/bin/quota-warning.sh
 ##--------------------------------------##
 TERM=ansi whiptail --title "Info" --infobox "            Configuring Spam Folder" 8 52
 sleep 2
 #$PKGI dovecot-sieve dovecot-managesieved
 mkdir -p /etc/dovecot/sieve/
 wget -q -t7 https://git.ictmaatwerk.com/VPS-scripts/Ubuntu-Mail/raw/branch/$branch/config/dovecot/15-lda.conf -O /etc/dovecot/conf.d/15-lda.conf
 wget -q -t7 https://git.ictmaatwerk.com/VPS-scripts/Ubuntu-Mail/raw/branch/"$branch"/config/dovecot/90-sieve.conf -O /etc/dovecot/conf.d/90-sieve.conf
@@ -432,7 +404,6 @@ chgrp dovecot /etc/dovecot/sieve/default.svbin > $OUTPUT 2>&1
 ##------------------##
 #    Spamassassin    #
 ##------------------##
 #$PKGI spamassassin spamc razor pyzor
 TERM=ansi whiptail --title "Info" --infobox "            Configuring Spamassassin" 8 52
 sleep 2
 sed -i -e 's/# report_safe 1/report_safe 0/' -e 's/# required_score 5.0/required_score 5.0/' -e 's/endif # Mail::SpamAssassin::Plugin::Shortcircuit//' /etc/spamassassin/local.cf
@@ -458,7 +429,6 @@ echo "endif # Mail::SpamAssassin::Plugin::Shortcircuit" >> /etc/spamassassin/loc
 ##------------##
 #    ClamAV    #
 ##------------##
 #$PKGI clamav clamav-daemon clamsmtp libclamunrar7 clamdscan
 TERM=ansi whiptail --title "Info" --infobox "               Configuring ClamAV" 8 52
 sleep 2
 mkdir -p /var/log/clamav
@@ -470,12 +440,10 @@ chmod 775 -R /var/lib/clamav/* /var/lib/clamav
 ##------------##
 #    Amavis    #
 ##------------##
 #$PKGI amavisd-new
 #$PKGI zip lrzip liblz4-tool lhasa arj unzip bzip2 nomarch cpio lzop cabextract arc apt-listchanges libauthen-sasl-perl libdbd-mysql-perl libdbi-perl libmail-dkim-perl ripole p7zip p7zip-full p7zip-rar rpm unrar unrar-free altermime libsnmp-perl libnet-ldap-perl libnet-ph-perl libnet-snpp-perl libnet-telnet-perl
 TERM=ansi whiptail --title "Info" --infobox "               Configuring Amavis" 8 52
 sleep 2
 sed -i -e 's/@bypass/'@bypass'/' -e 's/   /    /' /etc/amavis/conf.d/15-content_filter_mode
-adduser clamav amavis >/dev/null
+adduser clamav amavis > $OUTPUT 2>&1
 sed -i 's/clamd.conf/'clamd.conf'/g' /etc/clamav/freshclam.conf
 echo "#Pipe incoming mail trough Amavis" >> /etc/postfix/main.cf
 postconf -e 'content_filter = amavis:[127.0.0.1]:10024'
@@ -506,7 +474,6 @@ wget -q -t7 https://git.ictmaatwerk.com/VPS-scripts/Ubuntu-Mail/raw/branch/"$bra
 ##--------------##
 #    Rainloop    #
 ##--------------##
 #$PKGI unzip
 TERM=ansi whiptail --title "Info" --infobox "             Configuring Rainloop" 8 52
 sleep 2
 wget -q -t7 https://git.ictmaatwerk.com/VPS-scripts/Ubuntu-Mail/raw/branch/"$branch"/rainloop.sh -O /tmp/rainloop.sh
@@ -516,7 +483,6 @@ ln -s /opt/rainloop /var/www/"$domain"/html/
 ##--------------##
 #    Fail2Ban    #
 ##--------------##
 #$PKGI fail2ban
 TERM=ansi whiptail --title "Info" --infobox "             Configuring Fail2Ban" 8 52
 sleep 2
 wget -q -t7 https://git.ictmaatwerk.com/VPS-scripts/Ubuntu-Mail/raw/branch/"$branch"/config/fail2ban/dovecot-pop3imap.conf -O /etc/fail2ban/filter.d/dovecot-pop3imap.conf
@@ -534,28 +500,14 @@ sleep 2
 wget -q -t7 https://git.ictmaatwerk.com/VPS-scripts/Unattended-Security-Updates/raw/branch/master/installer.sh -O /tmp/unattended.sh
 source /tmp/unattended.sh
-##-----------------------##
+##---------------------##
-#    Enabling services    #
+#    System services    #
-##-----------------------##
+##---------------------##
-TERM=ansi whiptail --title "Info" --infobox "               Enabling Services" 8 52
+TERM=ansi whiptail --title "Info" --infobox "          Setting up system services" 8 52
 sleep 2
 systemctl enable nginx mysql postfix postfix@- dovecot fail2ban clamav-daemon clamav-freshclam clamsmtp spamassassin > $OUTPUT 2>&1
-
+systemctl disable amavisd-snmp-subagent amavis-mc > $OUTPUT 2>&1
-##-----------------------------------------##
+systemctl stop amavisd-snmp-subagent amavis-mc postfix dovecot > $OUTPUT 2>&1
 #    Disabling services autostart on boot   #
 ##-----------------------------------------##
 systemctl disable amavisd-snmp-subagent amavis-mc
 ##----------------------##
 #    Stopping services   #
 ##----------------------##
 systemctl stop amavisd-snmp-subagent amavis-mc postfix dovecot
 ##-----------------------##
 #    Starting services    #
 ##-----------------------##
 TERM=ansi whiptail --title "Info" --infobox "               Restarting Services" 8 52
 sleep 1
 systemctl restart nginx mysql postfix@- fail2ban clamav-daemon clamav-freshclam clamsmtp spamassassin > $OUTPUT 2>&1
 ##---------------------------------##
@@ -567,14 +519,10 @@ systemctl restart nginx mysql postfix@- fail2ban clamav-daemon clamav-freshclam
    done
 } | whiptail --gauge "      Please wait while ClamAV is updating definitions..." 6 52 0
-##-------------------------------------------##
+##-------------------------##
-#    Starting AntiVirus & AntiSpam services   #
+#    Configuring Services   #
-##-------------------------------------------##
+##-------------------------##
-systemctl start amavisd-snmp-subagent amavis-mc postfix dovecot
+systemctl start amavisd-snmp-subagent amavis-mc postfix dovecot > $OUTPUT 2>&1
 ##-----------------------------------##
 #    Letting Amavis wait for ClamAV   #
 ##-----------------------------------##
 echo "@reboot root systemctl stop amavisd-snmp-subagent amavis-mc postfix dovecot && sleep 300 && systemctl start amavisd-snmp-subagent amavis-mc postfix dovecot" >> /etc/crontab
 ##------------------##
@@ -591,6 +539,6 @@ $PKGM autoremove -y
 ##----------------------##
 TERM=ansi whiptail --title "Info" --infobox "                Done installing!" 8 52
 sleep 3
 whiptail --title "Info" --msgbox "Point your browser to https://$domain/postfixadmin to get started \n\nYour login is:    superadmin@$domonly\nYour password is: $password" 10 108
 whiptail --title "Credits" --msgbox "                   Made by: your local Wizard and God" 8 78
 whiptail --title "Info" --msgbox "Point your browser to https://$domain/postfixadmin to get started" 8 108
 clear