###============================================================ ## Ubuntu 18.04 Mailserver installer ###============================================================ ##----------## # Menu # ##----------## #echo "Menu" #echo "Ubuntu 18.04 Mailserver installatie script." #echo "Domein zonder www en mail.:" #read domain #echo "Algemeen wachtwoord:" #read password #echo "Administrator email:" #read email ##-----------------## # Static-Vars # ##-----------------## echo "Static-Vars" domain=ictdagbesteding.nl password=JW9t9ipdgLrWvMqHq7hX email=admin@ictdagbesteding.nl phpver=7.2 domonly=${domain} domain=mail.${domain} ##----------------## # Pre-Config # ##----------------## echo "Pre-Config" hostnamectl set-hostname $domain apt update apt install mysql-server software-properties-common wget -y add-apt-repository universe -y add-apt-repository ppa:ondrej/php -y apt upgrade -y apt autoremove -y mkdir -p /var/www/"$domain"/html chmod -R 755 /var/www ##-----------------------## # Html Folder Perms # ##-----------------------## echo "Html Folder Perms" chown -R www-data:www-data /var/www/"$domain"/html ##-----------## # NGINX # ##-----------## echo "NGINX" #installing nginx from apt apt install -y nginx wget https://git.ictmaatwerk.com/VPS-scripts/Ubuntu-Web/raw/branch/master/config/nginx/nginx-default.conf -O /etc/nginx/nginx.conf cat < /etc/nginx/sites-available/"$domain" #fastcgi_cache_path /etc/nginx/cache levels=1:2 keys_zone=MYAPP:100m max_size=10g inactive=1440m; server { listen 80; server_name www.$domain; return 301 http://$domain\$request_uri; } server { listen 80; listen [::]:80; root /var/www/$domain/html; index index.php index.html index.htm index.nginx-debian.html; server_name $domain; #return 301 \$scheme:/\$domain\$request_uri; Redirect to non-www #return 301 https://domein.nl$request_uri; Redirect to other domain #add_header X-Cache "\$upstream_cache_status"; #netdata here gzip on; gzip_proxied any; gzip_types text/plain text/css text/xml text/javascript application/javascript application/x-javascript image/svg image/svg+xml application/xml image/x-icon; gzip_comp_level 2; gzip_disable "msie6"; gzip_buffers 16 8k; # location /rspamd { # proxy_pass http://127.0.0.1:11334/; # proxy_set_header Host \$host; # proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for; #} location / { #try_files \$uri \$uri/ =404; try_files \$uri \$uri/ /index.php\$is_args\$args; #try_files \$uri \$uri/ \$uri.html \$uri.php\$is_args\$query_string; } location = /favicon.ico { log_not_found off; access_log off; } location = /robots.txt { log_not_found off; access_log off; allow all; } location ~* \.(css|gif|ico|jpeg|jpg|js|png|svg|webp|eot|otf|woff|woff2|ttf|ogg)\$ { expires max; log_not_found off; add_header Cache-Control "public, no-transform"; } location ~ \.php\$ { include snippets/fastcgi-php.conf; fastcgi_pass unix:/var/run/php/php${phpver}-fpm.sock; #fastcgi_cache MYAPP; #fastcgi_cache_valid 200 302 301 1m; #fastcgi_cache_valid 404 1m; #fastcgi_cache_bypass \$no_cache; #fastcgi_no_cache \$no_cache; #fastcgi_cache_revalidate on; #fastcgi_cache_background_update on; #fastcgi_cache_lock on; #fastcgi_cache_use_stale updating; #fastcgi_buffer_size 128k; #fastcgi_buffers 256 16k; #fastcgi_busy_buffers_size 256k; #fastcgi_temp_file_write_size 256k; } location ~ /\.ht { deny all; } location /phpmyadmin { index index.php; } #Cache everything by default set \$no_cache 0; #Don't cache POST requests if (\$request_method = POST) { set \$no_cache 1; } #Don't cache if the URL contains a query string if (\$query_string != "") { set \$no_cache 1; } #Don't cache the following URLs if (\$request_uri ~* "/(administrator/|login.php)") { set \$no_cache 1; } #Don't cache if there is a cookie called PHPSESSID if (\$http_cookie = "PHPSESSID") { set \$no_cache 1; } } EOF ln -s /etc/nginx/sites-available/"$domain" /etc/nginx/sites-enabled/ ##-------------------------------## # NGINX Single core bug fix # ##-------------------------------## echo "NGINX Single core bug fix" mkdir /etc/systemd/system/nginx.service.d printf "[Service]\nExecStartPost=/bin/sleep 0.1\n" > /etc/systemd/system/nginx.service.d/override.conf systemctl daemon-reload ##------------------------------## # MySQL_Secure_Installation # ##------------------------------## echo "MySQL_Secure_Installation" mysqladmin -u root password "$password" mysql -u root -p"$password" -e "DELETE FROM mysql.user WHERE User='root' AND Host NOT IN ('localhost', '127.0.0.1', '::1')" mysql -u root -p"$password" -e "DELETE FROM mysql.user WHERE User=''" mysql -u root -p"$password" -e "DELETE FROM mysql.db WHERE Db='test' OR Db='test\_%'" mysql -u root -p"$password" -e "SELECT user,authentication_string,plugin,host FROM mysql.user;" mysql -u root -p"$password" -e "ALTER USER 'root'@'localhost' IDENTIFIED WITH mysql_native_password BY '"$password"';" mysql -u root -p"$password" -e "FLUSH PRIVILEGES;" ##-----------## # MySQL # ##-----------## echo "MySQL" mkdir -p /etc/nginx mysql -u root -p"$password" -e "CREATE DATABASE postfixadmin;" mysql -u root -p"$password" -e "GRANT ALL ON postfixadmin.* TO 'postfixadmin'@'localhost' IDENTIFIED BY '"$password"';" mysql -u root -p"$password" -e "FLUSH PRIVILEGES;" ##------------------## # PostfixADMIN # ##------------------## echo "PostfixADMIN" apt install php${phpver} php${phpver}-zip php${phpver}-fpm php${phpver}-cli php${phpver}-json php${phpver}-mysql php${phpver}-opcache php${phpver}-mbstring php${phpver}-readline -y apt install libc-client2007e mlock php${phpver}-common php${phpver}-imap -y mkdir -p /var/www/"$domain"/html/postfixadmin/templates_c wget --tries=3 https://downloads.sourceforge.net/project/postfixadmin/postfixadmin/postfixadmin-3.1/postfixadmin-3.1.tar.gz -O /tmp/postfixadmin.tar.gz tar -xf /tmp/postfixadmin.tar.gz -C /var/www/"$domain"/html/postfixadmin --strip-components=1 chown -R www-data: /var/www/"$domain"/html/ chmod 755 -R /var/www/"$domain"/html/postfixadmin/templates_c wget https://git.ictmaatwerk.com/VPS-scripts/Ubuntu-Mail/raw/branch/dev/config/postfixadmin/config.local.php -O /var/www/$domain/html/postfixadmin/config.local.php sed -i -e 's/PASSword/'$password'/' -e 's/ABuSe/'$domain'/' -e 's/HostMASter/'$domain'/' -e 's/PostMAster/'$domain'/' -e 's/WebMAster/'$domain'/' /var/www/"$domain"/html/postfixadmin/config.local.php bash /var/www/"$domain"/html/postfixadmin/scripts/postfixadmin-cli admin add superadmin@"$domain" --superadmin 1 --active 1 --password "$password" --password2 "$password" groupadd -g 5000 vmail useradd -u 5000 -g vmail -s /usr/sbin/nologin -d /var/mail/vmail -m vmail ##-------------## # Certbot # ##-------------## echo "Certbot" add-apt-repository ppa:certbot/certbot -y apt install -y python-certbot-nginx mkdir -p /etc/letsencrypt/live/$domain/ certbot --nginx -n -d "$domain" -m "$email" --hsts --redirect --no-eff-email --agree-tos echo "certbot --nginx -n -d $domain -m $email --hsts --redirect --no-eff-email --agree-tos" > ~/certbotactivate.sh sed -i -e 's/ssl ipv6only/ssl http2 ipv6only/' -e 's/listen 443 ssl/listen 443 ssl http2/' /etc/nginx/sites-available/"$domain" sed -i 's#include /etc/letsencrypt/options-ssl-nginx.conf;#ssl_ciphers EECDH+CHACHA20:EECDH+AES128:RSA+AES128:EECDH+AES256:RSA+AES256:EECDH+3DES:RSA+3DES:!MD5;#g' /etc/nginx/sites-available/"$domain" openssl dhparam -out /etc/ssl/certs/dhparam.pem 1024 chmod 755 -R /etc/ssl/certs/dhparam.pem systemctl restart nginx