hhf/docker-mailcow
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Update install-mailcow-ubuntu.sh

Browse source
This commit is contained in:
HHF Technology 2024-12-06 16:30:46 +05:30
parent 3e19423845
commit 3a542bf108
1 changed files with 148 additions and 170 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

318
install-mailcow-ubuntu.sh
View file

@ -1,75 +1,99 @@
#!/bin/bash #!/bin/bash
# Exit on any error # Exit on error
set -e set -e
# Checkpoint file
CHECKPOINT_FILE="/tmp/mailcow_install_progress"
MAILCOW_DIR="/opt/mailcow-dockerized"
# Function to log messages # Function to log messages
log_message() { log_message() {
echo "[$(date '+%Y-%m-%d %H:%M:%S')] $1" echo "[$(date '+%Y-%m-%d %H:%M:%S')] $1"
} }
# Function to save checkpoint
save_checkpoint() {
echo "$1" > "$CHECKPOINT_FILE"
log_message "Checkpoint saved: $1"
}
# Function to get last checkpoint
get_checkpoint() {
if [ -f "$CHECKPOINT_FILE" ]; then
cat "$CHECKPOINT_FILE"
else
echo "start"
fi
}
# Function to check if a step is completed
is_step_completed() {
local current_checkpoint=$(get_checkpoint)
local step=$1
case $current_checkpoint in
"docker_installed"|"fail2ban_configured"|"mailcow_installed"|"complete")
if [ "$step" = "system_updated" ]; then return 0; fi
;;
"fail2ban_configured"|"mailcow_installed"|"complete")
if [ "$step" = "docker_installed" ]; then return 0; fi
;;
"mailcow_installed"|"complete")
if [ "$step" = "fail2ban_configured" ]; then return 0; fi
;;
"complete")
if [ "$step" = "mailcow_installed" ]; then return 0; fi
;;
esac
return 1
}
# Check if script is run as root # Check if script is run as root
if [ "$EUID" -ne 0 ]; then if [ "$EUID" -ne 0 ]; then
echo "Please run as root" echo "Please run as root"
exit 1 exit 1
fi fi
# Update system # Start or resume installation
log_message "Updating system packages..." log_message "Starting or resuming installation from checkpoint: $(get_checkpoint)"
apt-get update && apt-get upgrade -y
# Install essential packages # Step 1: Update system
log_message "Installing essential packages..." if ! is_step_completed "system_updated"; then
apt-get install -y \ log_message "Updating system packages..."
ca-certificates \ apt-get update && apt-get upgrade -y
curl \ apt-get install -y ca-certificates curl gnupg ufw fail2ban git sudo
gnupg \ save_checkpoint "system_updated"
ufw \ fi
fail2ban \
git \
sudo
# Install Docker # Step 2: Install Docker
log_message "Installing Docker..." if ! is_step_completed "docker_installed"; then
install -m 0755 -d /etc/apt/keyrings log_message "Installing Docker..."
curl -fsSL https://download.docker.com/linux/ubuntu/gpg -o /etc/apt/keyrings/docker.asc install -m 0755 -d /etc/apt/keyrings
chmod a+r /etc/apt/keyrings/docker.asc curl -fsSL https://download.docker.com/linux/ubuntu/gpg -o /etc/apt/keyrings/docker.asc
chmod a+r /etc/apt/keyrings/docker.asc
# Add Docker repository echo \
echo \ "deb [arch=$(dpkg --print-architecture) signed-by=/etc/apt/keyrings/docker.asc] https://download.docker.com/linux/ubuntu \
"deb [arch=$(dpkg --print-architecture) signed-by=/etc/apt/keyrings/docker.asc] https://download.docker.com/linux/ubuntu \ $(. /etc/os-release && echo "$VERSION_CODENAME") stable" | \
$(. /etc/os-release && echo "$VERSION_CODENAME") stable" | \ tee /etc/apt/sources.list.d/docker.list > /dev/null
tee /etc/apt/sources.list.d/docker.list > /dev/null
apt-get update apt-get update
apt-get install -y docker-ce docker-ce-cli containerd.io docker-buildx-plugin docker-compose-plugin apt-get install -y docker-ce docker-ce-cli containerd.io docker-buildx-plugin docker-compose-plugin
# Create docker user and set up permissions # Create docker user if not exists
log_message "Creating docker user and setting up permissions..." if ! id "dockeruser" &>/dev/null; then
useradd -m -s /bin/bash dockeruser useradd -m -s /bin/bash dockeruser
usermod -aG docker dockeruser usermod -aG docker dockeruser
echo "dockeruser ALL=(ALL) NOPASSWD: /usr/bin/docker, /usr/bin/docker-compose" | sudo tee /etc/sudoers.d/dockeruser fi
# Configure UFW save_checkpoint "docker_installed"
log_message "Configuring firewall..." fi
ufw default deny incoming
ufw default allow outgoing
ufw allow 22/tcp
ufw allow 25/tcp
ufw allow 80/tcp
ufw allow 110/tcp
ufw allow 143/tcp
ufw allow 443/tcp
ufw allow 465/tcp
ufw allow 587/tcp
ufw allow 993/tcp
ufw allow 995/tcp
ufw allow 4190/tcp
ufw --force enable
# Configure fail2ban for SSH # Step 3: Configure fail2ban
log_message "Configuring fail2ban for SSH protection..." if ! is_step_completed "fail2ban_configured"; then
cat > /etc/fail2ban/jail.local << EOL log_message "Configuring fail2ban..."
cat > /etc/fail2ban/jail.local << EOL
[DEFAULT] [DEFAULT]
bantime = 1h bantime = 1h
findtime = 10m findtime = 10m
@ -89,129 +113,83 @@ bantime = 1d
findtime = 10m findtime = 10m
EOL EOL
# Reload systemd daemon systemctl restart fail2ban
systemctl daemon-reload save_checkpoint "fail2ban_configured"
# Restart fail2ban
systemctl restart fail2ban
# Restart fail2ban
systemctl restart fail2ban
# Set up Mailcow directory and permissions
log_message "Setting up Mailcow directory..."
mkdir -p /opt/mailcow-dockerized
chown dockeruser:dockeruser /opt/mailcow-dockerized
# Function to get FQDN input
get_fqdn() {
local fqdn
while true; do
read -p "Please enter your Fully Qualified Domain Name (FQDN) (e.g., mail.example.com): " fqdn
if [[ $fqdn =~ ^[a-zA-Z0-9][a-zA-Z0-9.-]+\.[a-zA-Z]{2,}$ ]]; then
echo "$fqdn"
return 0
else
echo "Invalid FQDN format. Please try again."
fi
done
}
# Get timezone
get_timezone() {
local timezone
while true; do
read -p "Please enter your timezone (e.g., Europe/Berlin) [default: UTC]: " timezone
timezone=${timezone:-UTC}
if [ -f "/usr/share/zoneinfo/$timezone" ]; then
echo "$timezone"
return 0
else
echo "Invalid timezone. Please try again."
fi
done
}
# Function to configure mailcow
configure_mailcow() {
local fqdn=$1
local timezone=$2
# Create temporary config file
cat > /tmp/mailcow_config << EOL
MAILCOW_HOSTNAME=${fqdn}
TIMEZONE=${timezone}
EOL
# Ask for additional configuration
read -p "Do you want to customize additional mailcow configuration? (y/N): " customize
if [[ $customize =~ ^[Yy]$ ]]; then
nano /tmp/mailcow_config
fi
return 0
}
# Switch to dockeruser and install Mailcow
log_message "Installing Mailcow as dockeruser..."
# Get configuration parameters
FQDN=$(get_fqdn)
TIMEZONE=$(get_timezone)
# Store configuration for dockeruser
echo "FQDN=$FQDN" > /tmp/mailcow_vars
echo "TIMEZONE=$TIMEZONE" >> /tmp/mailcow_vars
configure_mailcow "$FQDN" "$TIMEZONE"
su - dockeruser << 'EOF'
# Source the configuration variables
source /tmp/mailcow_vars
# Clone and set up mailcow
cd /opt
git clone https://github.com/mailcow/mailcow-dockerized
cd mailcow-dockerized
# Use the prepared configuration
cat /tmp/mailcow_config > mailcow.conf
# Generate config with the provided FQDN
printf "%s\n" "$FQDN" | ./generate_config.sh
# Offer to edit the full configuration
read -p "Would you like to review and edit the full mailcow configuration? (y/N): " edit_conf
if [[ $edit_conf =~ ^[Yy]$ ]]; then
nano mailcow.conf
fi fi
# Start Mailcow # Step 4: Install and configure Mailcow
docker compose pull if ! is_step_completed "mailcow_installed"; then
docker compose up -d log_message "Setting up Mailcow..."
EOF
# Check if FQDN is already set
if [ ! -f "/tmp/mailcow_hostname" ]; then
read -p "Please enter your Fully Qualified Domain Name (FQDN) (e.g., mail.example.com): " MAILCOW_HOSTNAME
echo "$MAILCOW_HOSTNAME" > /tmp/mailcow_hostname
else
MAILCOW_HOSTNAME=$(cat /tmp/mailcow_hostname)
log_message "Using saved FQDN: $MAILCOW_HOSTNAME"
fi
# Clean up temporary files # Create mailcow directory if not exists
rm -f /tmp/mailcow_vars /tmp/mailcow_config if [ ! -d "$MAILCOW_DIR" ]; then
mkdir -p "$MAILCOW_DIR"
chown dockeruser:dockeruser "$MAILCOW_DIR"
# Clone repository
su - dockeruser -c "cd /opt && git clone https://github.com/mailcow/mailcow-dockerized"
fi
# Final security checks # Generate config if not already generated
log_message "Performing final security checks..." if [ ! -f "$MAILCOW_DIR/mailcow.conf" ]; then
su - dockeruser -c "cd /opt/mailcow-dockerized && docker compose ps" cd "$MAILCOW_DIR"
ufw status echo "$MAILCOW_HOSTNAME" | ./generate_config.sh
systemctl status fail2ban
echo "Would you like to edit the mailcow configuration? (y/N)"
read -n1 -r
echo
if [[ $REPLY =~ ^[Yy]$ ]]; then
nano mailcow.conf
fi
fi
log_message "Installation complete! Please check the logs above for any errors." # Start Mailcow services
log_message "Remember to:" log_message "Starting Mailcow services..."
log_message "1. Change the default passwords" su - dockeruser -c "cd $MAILCOW_DIR && docker compose pull && docker compose up -d"
log_message "2. Configure your DNS records"
log_message "3. Set up SSL certificates" save_checkpoint "mailcow_installed"
log_message "4. Regular backup your configuration" fi
# Print access information # Configure UFW if not already configured
echo "================================================================" if ! ufw status | grep -q "Status: active"; then
echo "Mailcow web interface: https://$(hostname)" log_message "Configuring firewall..."
echo "Docker user: dockeruser" ufw default deny incoming
echo "Mailcow location: /opt/mailcow-dockerized" ufw default allow outgoing
echo "Firewall status:" ufw allow 22/tcp
ufw status numbered ufw allow 25/tcp
echo "================================================================" ufw allow 80/tcp
ufw allow 110/tcp
ufw allow 143/tcp
ufw allow 443/tcp
ufw allow 465/tcp
ufw allow 587/tcp
ufw allow 993/tcp
ufw allow 995/tcp
ufw allow 4190/tcp
ufw --force enable
fi
# Final steps and cleanup
if [ "$(get_checkpoint)" = "mailcow_installed" ]; then
log_message "Installation completed successfully!"
rm -f "$CHECKPOINT_FILE" "/tmp/mailcow_hostname"
save_checkpoint "complete"
# Print access information
echo "================================================================"
echo "Mailcow web interface: https://$MAILCOW_HOSTNAME"
echo "Docker user: dockeruser"
echo "Mailcow location: $MAILCOW_DIR"
echo "Firewall status:"
ufw status numbered
echo "================================================================"
fi