hhf/docker-mailcow
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
docker-mailcow/install-mailcow-ubuntu.sh

144 lines
No EOL
3.6 KiB
Bash
Raw Blame History

#!/bin/bash
# Exit on any error
set -e
# Function to log messages
log_message() {
echo "[$(date '+%Y-%m-%d %H:%M:%S')] $1"
}
# Check if script is run as root
if [ "$EUID" -ne 0 ]; then
echo "Please run as root"
exit 1
fi
# Update system
log_message "Updating system packages..."
apt-get update && apt-get upgrade -y
# Install essential packages
log_message "Installing essential packages..."
apt-get install -y \
ca-certificates \
curl \
gnupg \
ufw \
fail2ban \
git \
sudo
# Install Docker
log_message "Installing Docker..."
install -m 0755 -d /etc/apt/keyrings
curl -fsSL https://download.docker.com/linux/ubuntu/gpg -o /etc/apt/keyrings/docker.asc
chmod a+r /etc/apt/keyrings/docker.asc
# Add Docker repository
echo \
"deb [arch=$(dpkg --print-architecture) signed-by=/etc/apt/keyrings/docker.asc] https://download.docker.com/linux/ubuntu \
$(. /etc/os-release && echo "$VERSION_CODENAME") stable" | \
tee /etc/apt/sources.list.d/docker.list > /dev/null
apt-get update
apt-get install -y docker-ce docker-ce-cli containerd.io docker-buildx-plugin docker-compose-plugin
# Create docker user and set up permissions
log_message "Creating docker user and setting up permissions..."
useradd -m -s /bin/bash dockeruser
usermod -aG docker dockeruser
echo "dockeruser ALL=(ALL) NOPASSWD: /usr/bin/docker, /usr/bin/docker-compose" | sudo tee /etc/sudoers.d/dockeruser
# Configure UFW
log_message "Configuring firewall..."
ufw default deny incoming
ufw default allow outgoing
ufw allow 22/tcp
ufw allow 25/tcp
ufw allow 80/tcp
ufw allow 110/tcp
ufw allow 143/tcp
ufw allow 443/tcp
ufw allow 465/tcp
ufw allow 587/tcp
ufw allow 993/tcp
ufw allow 995/tcp
ufw allow 4190/tcp
ufw --force enable
# Configure fail2ban with SSH honeypot
log_message "Configuring fail2ban and SSH honeypot..."
cat > /etc/fail2ban/jail.local << EOL
[DEFAULT]
bantime = 1h
findtime = 10m
maxretry = 3
[sshd]
enabled = true
port = ssh
filter = sshd
logpath = /var/log/auth.log
maxretry = 3
EOL
# Create SSH honeypot configuration
cat > /etc/fail2ban/jail.d/ssh-honeypot.conf << EOL
[ssh-honeypot]
enabled = true
filter = ssh-honeypot
logpath = /var/log/auth.log
maxretry = 1
bantime = 1d
findtime = 1d
EOL
cat > /etc/fail2ban/filter.d/ssh-honeypot.conf << EOL
[Definition]
failregex = ^%(__prefix_line)s(?:error: PAM: )?Authentication failure for .* from <HOST>
ignoreregex =
EOL
# Restart fail2ban
systemctl restart fail2ban
# Set up Mailcow directory and permissions
log_message "Setting up Mailcow directory..."
mkdir -p /opt/mailcow-dockerized
chown dockeruser:dockeruser /opt/mailcow-dockerized
# Switch to dockeruser and install Mailcow
log_message "Installing Mailcow as dockeruser..."
su - dockeruser << 'EOF'
cd /opt
git clone https://github.com/mailcow/mailcow-dockerized
cd mailcow-dockerized
./generate_config.sh
# Start Mailcow
docker compose pull
docker compose up -d
EOF
# Final security checks
log_message "Performing final security checks..."
su - dockeruser -c "cd /opt/mailcow-dockerized && docker compose ps"
ufw status
systemctl status fail2ban
log_message "Installation complete! Please check the logs above for any errors."
log_message "Remember to:"
log_message "1. Change the default passwords"
log_message "2. Configure your DNS records"
log_message "3. Set up SSL certificates"
log_message "4. Regular backup your configuration"
# Print access information
echo "================================================================"
echo "Mailcow web interface: https://$(hostname)"
echo "Docker user: dockeruser"
echo "Mailcow location: /opt/mailcow-dockerized"
echo "Firewall status:"
ufw status numbered
echo "================================================================"
Reference in a new issue View git blame Copy permalink