mirror of
https://github.com/mail-in-a-box/mailinabox.git
synced 2026-03-20 18:27:23 +01:00
Merge remote-tracking branch 'upstream/main' into merge-upstream
# Conflicts: # setup/firstuser.sh # setup/functions.sh # setup/mail-users.sh # setup/management.sh # setup/network-checks.sh # setup/nextcloud.sh # setup/questions.sh # setup/ssl.sh # setup/start.sh # setup/system.sh # setup/webmail.sh # tools/archive_conf_files.sh # tools/web_update
This commit is contained in:
downtownallday
@@ -37,7 +37,7 @@ export LC_TYPE=en_US.UTF-8
|
||||
export NCURSES_NO_UTF8_ACS=1
|
||||
|
||||
# if encryption-at-rest is enabled, make sure the drive is mounted
|
||||
ehdd/mount.sh
|
||||
ehdd/mount.sh
|
||||
|
||||
# Recall the last settings used if we're running this a second time.
|
||||
if [ -f /etc/mailinabox.conf ]; then
|
||||
@@ -58,7 +58,7 @@ fi
|
||||
# in the first dialog prompt, so we should do this before that starts.
|
||||
cat > /usr/local/bin/mailinabox << EOF;
|
||||
#!/bin/bash
|
||||
cd $(pwd)
|
||||
cd $PWD
|
||||
source $(source ehdd/ehdd_funcs.sh; if hdd_exists; then echo 'ehdd/start-encrypted.sh'; else echo 'setup/start.sh'; fi)
|
||||
EOF
|
||||
chmod +x /usr/local/bin/mailinabox
|
||||
@@ -87,22 +87,22 @@ fi
|
||||
# migration (schema) number for the files stored there, assume this is a fresh
|
||||
# installation to that directory and write the file to contain the current
|
||||
# migration number for this version of Mail-in-a-Box.
|
||||
if ! id -u $STORAGE_USER >/dev/null 2>&1; then
|
||||
useradd -m $STORAGE_USER
|
||||
if ! id -u "$STORAGE_USER" >/dev/null 2>&1; then
|
||||
useradd -m "$STORAGE_USER"
|
||||
# default permissions for new home directories in jammy (ubuntu
|
||||
# 22) changed from 0755 to 0750. openldap (slapd.service) runs
|
||||
# under its own user account (openldap) and requires access to
|
||||
# STORAGE_ROOT
|
||||
chmod o+x $STORAGE_ROOT
|
||||
chmod o+x "$STORAGE_ROOT"
|
||||
fi
|
||||
if [ ! -d $STORAGE_ROOT ]; then
|
||||
mkdir -p $STORAGE_ROOT
|
||||
if [ ! -d "$STORAGE_ROOT" ]; then
|
||||
mkdir -p "$STORAGE_ROOT"
|
||||
fi
|
||||
f=$STORAGE_ROOT
|
||||
while [[ $f != / ]]; do chmod a+rx "$f"; f=$(dirname "$f"); done;
|
||||
if [ ! -f $STORAGE_ROOT/mailinabox-ldap.version ]; then
|
||||
setup/migrate.py --current > $STORAGE_ROOT/mailinabox-ldap.version
|
||||
chown $STORAGE_USER:$STORAGE_USER $STORAGE_ROOT/mailinabox-ldap.version
|
||||
if [ ! -f "$STORAGE_ROOT/mailinabox-ldap.version" ]; then
|
||||
setup/migrate.py --current > "$STORAGE_ROOT/mailinabox-ldap.version"
|
||||
chown "$STORAGE_USER:$STORAGE_USER" "$STORAGE_ROOT/mailinabox-ldap.version"
|
||||
fi
|
||||
|
||||
# normalize the directory path for setup mods
|
||||
@@ -161,14 +161,14 @@ source setup/firstuser.sh
|
||||
# We'd let certbot ask the user interactively, but when this script is
|
||||
# run in the recommended curl-pipe-to-bash method there is no TTY and
|
||||
# certbot will fail if it tries to ask.
|
||||
if [ -z "${SKIP_CERTBOT:-}" ] && [ ! -d $STORAGE_ROOT/ssl/lets_encrypt/accounts/acme-v02.api.letsencrypt.org/ ]; then
|
||||
if [ -z "${SKIP_CERTBOT:-}" ] && [ ! -d "$STORAGE_ROOT/ssl/lets_encrypt/accounts/acme-v02.api.letsencrypt.org/" ]; then
|
||||
echo
|
||||
echo "-----------------------------------------------"
|
||||
echo "Mail-in-a-Box uses Let's Encrypt to provision free SSL/TLS certificates"
|
||||
echo "to enable HTTPS connections to your box. We're automatically"
|
||||
echo "agreeing you to their subscriber agreement. See https://letsencrypt.org."
|
||||
echo
|
||||
certbot register --register-unsafely-without-email --agree-tos --config-dir $STORAGE_ROOT/ssl/lets_encrypt
|
||||
certbot register --register-unsafely-without-email --agree-tos --config-dir "$STORAGE_ROOT/ssl/lets_encrypt"
|
||||
fi
|
||||
|
||||
#
|
||||
@@ -179,27 +179,27 @@ source setup/setupmods.sh
|
||||
echo
|
||||
echo "-----------------------------------------------"
|
||||
echo
|
||||
echo Your Mail-in-a-Box is running.
|
||||
echo "Your Mail-in-a-Box is running."
|
||||
echo
|
||||
echo Please log in to the control panel for further instructions at:
|
||||
echo "Please log in to the control panel for further instructions at:"
|
||||
echo
|
||||
if management/status_checks.py --check-primary-hostname; then
|
||||
# Show the nice URL if it appears to be resolving and has a valid certificate.
|
||||
echo https://$PRIMARY_HOSTNAME/admin
|
||||
echo "https://$PRIMARY_HOSTNAME/admin"
|
||||
echo
|
||||
echo "If you have a DNS problem put the box's IP address in the URL"
|
||||
echo "(https://$PUBLIC_IP/admin) but then check the TLS fingerprint:"
|
||||
openssl x509 -in $STORAGE_ROOT/ssl/ssl_certificate.pem -noout -fingerprint -sha256\
|
||||
openssl x509 -in "$STORAGE_ROOT/ssl/ssl_certificate.pem" -noout -fingerprint -sha256\
|
||||
| sed "s/SHA256 Fingerprint=//i"
|
||||
else
|
||||
echo https://$PUBLIC_IP/admin
|
||||
echo "https://$PUBLIC_IP/admin"
|
||||
echo
|
||||
echo You will be alerted that the website has an invalid certificate. Check that
|
||||
echo the certificate fingerprint matches:
|
||||
echo "You will be alerted that the website has an invalid certificate. Check that"
|
||||
echo "the certificate fingerprint matches:"
|
||||
echo
|
||||
openssl x509 -in $STORAGE_ROOT/ssl/ssl_certificate.pem -noout -fingerprint -sha256\
|
||||
openssl x509 -in "$STORAGE_ROOT/ssl/ssl_certificate.pem" -noout -fingerprint -sha256\
|
||||
| sed "s/SHA256 Fingerprint=//i"
|
||||
echo
|
||||
echo Then you can confirm the security exception and continue.
|
||||
echo "Then you can confirm the security exception and continue."
|
||||
echo
|
||||
fi
|
||||
|
||||
Reference in New Issue
Block a user