external
/
mailinabox
mirror of https://github.com/mail-in-a-box/mailinabox.git
1
0
Fork 0
Code Issues Releases Wiki Activity

merge upstream changes to update to ubuntu 2204

This commit is contained in:
KiekerJan 2022-09-04 20:52:56 +02:00
parent 197a142043
commit 1ce9766204
19 changed files with 92 additions and 137 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
CHANGELOG.md
View File

@ -6,7 +6,7 @@ Version 60 (date TBD)
This is the first release for Ubuntu 22.04. This is the first release for Ubuntu 22.04.
**Before upgrading**, you must **first upgrade your existing Ubuntu 18.04 box to Mail-in-a-Box v0.51** (or any later version of Mail-in-a-Box supporting Ubuntu 18.04), if you haven't already done so. That may not be possible after Ubuntu 18.04 reaches its end of life in April 2023, so please compete the upgrade well before then. (If you are not using Nextcloud's contacts or calendar, you can migrate to the latest version of Mail-in-a-Box from any previous version.) **Before upgrading**, you must **first upgrade your existing Ubuntu 18.04 box to Mail-in-a-Box v0.51 or later**, if you haven't already done so. That may not be possible after Ubuntu 18.04 reaches its end of life in April 2023, so please complete the upgrade well before then. (If you are not using Nextcloud's contacts or calendar, you can migrate to the latest version of Mail-in-a-Box from any previous version.)
For complete upgrade instructions, see: For complete upgrade instructions, see:
@ -14,16 +14,13 @@ LINK TBD
No features of Mail-in-a-Box have changed in this release, but with the newer version of Ubuntu the following software packages we use are updated: No features of Mail-in-a-Box have changed in this release, but with the newer version of Ubuntu the following software packages we use are updated:
* dovecot is upgraded to 2.3.16, postfix to 3.6.3, opendmark to 1.4 (which adds ARC-Authentication-Results headers), and spampd to 2.53 (alleviating a mail delivery rate limiting bug). * dovecot is upgraded to 2.3.16, postfix to 3.6.4, opendmark to 1.4 (which adds ARC-Authentication-Results headers), and spampd to 2.53 (alleviating a mail delivery rate limiting bug).
* Nextcloud is upgraded to 23.0.0 with PHP updated from 7.2 to 8.0. * Nextcloud is upgraded to 24.0.0 with PHP updated from 7.2 to 8.1.
* certbot is upgraded to 1.21 (via the Ubuntu repository instead of a PPA). * certbot is upgraded to 1.21 (via the Ubuntu repository instead of a PPA).
* fail2ban is upgraded to 0.11.2. * fail2ban is upgraded to 0.11.2.
* nginx is upgraded to 1.18. * nginx is upgraded to 1.18.
* bind9 is replaced with unbound * bind9 is replaced with unbound
In Development
--------------
Version 57a (June 19, 2022) Version 57a (June 19, 2022)
--------------------------- ---------------------------

2
README.md
View File

@ -84,7 +84,7 @@ Additionally, this project has a [Code of Conduct](CODE_OF_CONDUCT.md), which su
In The Box In The Box
---------- ----------
Mail-in-a-Box turns a fresh Ubuntu 22.04 or 20.04 LTS 64-bit machine into a working mail server by installing and configuring various components. Mail-in-a-Box turns a fresh Ubuntu 22.04 LTS 64-bit machine into a working mail server by installing and configuring various components.
It is a one-click email appliance. There are no user-configurable setup options. It "just works." It is a one-click email appliance. There are no user-configurable setup options. It "just works."

15
lib/howto_build_xapian.txt
View File

@ -1,15 +0,0 @@
# Install required packages
apt-get build-dep dovecot-core
apt-get install dovecot-dev libxapian-dev git libxapian30 libicu-dev
# Clone the project
git clone https://github.com/grosjo/fts-xapian
cd fts-xapian
# Compile (don't install)
autoreconf -vi
./configure --with-dovecot=/usr/lib/dovecot
make
# install library found under src/.libs
cp src/.libs/lib21_fts_xapian_plugin.so /usr/lib/dovecot/modules

BIN
lib/lib21_fts_xapian_plugin.so
View File

Binary file not shown.

11
management/backup.py
View File

@ -15,7 +15,7 @@ import dateutil.parser, dateutil.relativedelta, dateutil.tz
import rtyaml import rtyaml
from exclusiveprocess import Lock from exclusiveprocess import Lock
from utils import load_environment, shell, wait_for_service, fix_boto, get_php_version from utils import load_environment, shell, wait_for_service, get_php_version
def backup_status(env): def backup_status(env):
# If backups are disabled, return no status. # If backups are disabled, return no status.
@ -200,12 +200,7 @@ def get_duplicity_target_url(config):
from urllib.parse import urlsplit, urlunsplit from urllib.parse import urlsplit, urlunsplit
target = list(urlsplit(target)) target = list(urlsplit(target))
# Duplicity now defaults to boto3 as the backend for S3, but we have # Although we store the S3 hostname in the target URL,
# legacy boto installed (boto3 doesn't support Ubuntu 18.04) so
# we retarget for classic boto.
target[0] = "boto+" + target[0]
# In addition, although we store the S3 hostname in the target URL,
# duplicity no longer accepts it in the target URL. The hostname in # duplicity no longer accepts it in the target URL. The hostname in
# the target URL must be the bucket name. The hostname is passed # the target URL must be the bucket name. The hostname is passed
# via get_duplicity_additional_args. Move the first part of the # via get_duplicity_additional_args. Move the first part of the
@ -457,7 +452,6 @@ def list_target_files(config):
elif target.scheme == "s3": elif target.scheme == "s3":
# match to a Region # match to a Region
fix_boto() # must call prior to importing boto
import boto.s3 import boto.s3
from boto.exception import BotoServerError from boto.exception import BotoServerError
custom_region = False custom_region = False
@ -634,4 +628,3 @@ if __name__ == "__main__":
# possibly performing an incremental backup. # possibly performing an incremental backup.
full_backup = "--full" in sys.argv full_backup = "--full" in sys.argv
perform_backup(full_backup) perform_backup(full_backup)

1
management/daemon.py
View File

@ -122,7 +122,6 @@ def index():
no_users_exist = (len(get_mail_users(env)) == 0) no_users_exist = (len(get_mail_users(env)) == 0)
no_admins_exist = (len(get_admins(env)) == 0) no_admins_exist = (len(get_admins(env)) == 0)
utils.fix_boto() # must call prior to importing boto
import boto.s3 import boto.s3
backup_s3_hosts = [(r.name, r.endpoint) for r in boto.s3.regions()] backup_s3_hosts = [(r.name, r.endpoint) for r in boto.s3.regions()]

33
management/ssl_certificates.py
View File

@ -58,36 +58,33 @@ def get_ssl_certificates(env):
# Not a valid PEM format for a PEM type we care about. # Not a valid PEM format for a PEM type we care about.
continue continue
# Remember where we got this object.
pem._filename = fn
# Is it a private key? # Is it a private key?
if isinstance(pem, RSAPrivateKey): if isinstance(pem, RSAPrivateKey):
private_keys[pem.public_key().public_numbers()] = pem private_keys[pem.public_key().public_numbers()] = { "filename": fn, "key": pem }
# Is it a certificate? # Is it a certificate?
if isinstance(pem, Certificate): if isinstance(pem, Certificate):
certificates.append(pem) certificates.append({ "filename": fn, "cert": pem })
# Process the certificates. # Process the certificates.
domains = { } domains = { }
for cert in certificates: for cert in certificates:
# What domains is this certificate good for? # What domains is this certificate good for?
cert_domains, primary_domain = get_certificate_domains(cert) cert_domains, primary_domain = get_certificate_domains(cert["cert"])
cert._primary_domain = primary_domain cert["primary_domain"] = primary_domain
# Is there a private key file for this certificate? # Is there a private key file for this certificate?
private_key = private_keys.get(cert.public_key().public_numbers()) private_key = private_keys.get(cert["cert"].public_key().public_numbers())
if not private_key: if not private_key:
continue continue
cert._private_key = private_key cert["private_key"] = private_key
# Add this cert to the list of certs usable for the domains. # Add this cert to the list of certs usable for the domains.
for domain in cert_domains: for domain in cert_domains:
# The primary hostname can only use a certificate mapped # The primary hostname can only use a certificate mapped
# to the system private key. # to the system private key.
if domain == env['PRIMARY_HOSTNAME']: if domain == env['PRIMARY_HOSTNAME']:
if cert._private_key._filename != os.path.join(env['STORAGE_ROOT'], 'ssl', 'ssl_private_key.pem'): if cert["private_key"]["filename"] != os.path.join(env['STORAGE_ROOT'], 'ssl', 'ssl_private_key.pem'):
continue continue
domains.setdefault(domain, []).append(cert) domains.setdefault(domain, []).append(cert)
@ -100,10 +97,10 @@ def get_ssl_certificates(env):
#for c in cert_list: print(domain, c.not_valid_before, c.not_valid_after, "("+str(now)+")", c.issuer, c.subject, c._filename) #for c in cert_list: print(domain, c.not_valid_before, c.not_valid_after, "("+str(now)+")", c.issuer, c.subject, c._filename)
cert_list.sort(key = lambda cert : ( cert_list.sort(key = lambda cert : (
# must be valid NOW # must be valid NOW
cert.not_valid_before <= now <= cert.not_valid_after, cert["cert"].not_valid_before <= now <= cert["cert"].not_valid_after,
# prefer one that is not self-signed # prefer one that is not self-signed
cert.issuer != cert.subject, cert["cert"].issuer != cert["cert"].subject,
########################################################### ###########################################################
# The above lines ensure that valid certificates are chosen # The above lines ensure that valid certificates are chosen
@ -113,7 +110,7 @@ def get_ssl_certificates(env):
# prefer one with the expiration furthest into the future so # prefer one with the expiration furthest into the future so
# that we can easily rotate to new certs as we get them # that we can easily rotate to new certs as we get them
cert.not_valid_after, cert["cert"].not_valid_after,
########################################################### ###########################################################
# We always choose the certificate that is good for the # We always choose the certificate that is good for the
@ -128,15 +125,15 @@ def get_ssl_certificates(env):
# in case a certificate is installed in multiple paths, # in case a certificate is installed in multiple paths,
# prefer the... lexicographically last one? # prefer the... lexicographically last one?
cert._filename, cert["filename"],
), reverse=True) ), reverse=True)
cert = cert_list.pop(0) cert = cert_list.pop(0)
ret[domain] = { ret[domain] = {
"private-key": cert._private_key._filename, "private-key": cert["private_key"]["filename"],
"certificate": cert._filename, "certificate": cert["filename"],
"primary-domain": cert._primary_domain, "primary-domain": cert["primary_domain"],
"certificate_object": cert, "certificate_object": cert["cert"],
} }
return ret return ret

22
management/status_checks.py
View File

@ -338,9 +338,9 @@ def run_domain_checks(rounded_time, env, output, pool, domains_to_check=None):
domains_to_check = [ domains_to_check = [
d for d in domains_to_check d for d in domains_to_check
if not ( if not (
d.split(".", 1)[0] in ("www", "autoconfig", "autodiscover", "mta-sts") d.split(".", 1)[0] in ("www", "autoconfig", "autodiscover", "mta-sts")
and len(d.split(".", 1)) == 2 and len(d.split(".", 1)) == 2
and d.split(".", 1)[1] in domains_to_check and d.split(".", 1)[1] in domains_to_check
) )
] ]
@ -810,8 +810,8 @@ def query_dns(qname, rtype, nxdomain='[Not Set]', at=None, as_list=False, retry=
# Make sure at is not a string that cannot be used as a nameserver # Make sure at is not a string that cannot be used as a nameserver
if at: if at:
if at not in {'[Not set]', '[timeout]'}: if at not in {'[Not set]', '[timeout]'}:
resolver = dns.resolver.Resolver() resolver = dns.resolver.Resolver()
resolver.nameservers = [at] resolver.nameservers = [at]
else: else:
logging.error("at not set to a usable nameserver, %s", at) logging.error("at not set to a usable nameserver, %s", at)
@ -941,13 +941,13 @@ def what_version_is_this(env):
def get_latest_miab_version(): def get_latest_miab_version():
# This pings https://mailinabox.email/setup.sh and extracts the tag named in # This pings https://mailinabox.email/setup.sh and extracts the tag named in
# the script to determine the current product version. # the script to determine the current product version.
from urllib.request import urlopen, HTTPError, URLError from urllib.request import urlopen, HTTPError, URLError
from socket import timeout from socket import timeout
try: try:
return re.search(b'TAG=(.*)', urlopen("https://mailinabox.email/setup.sh?ping=1", timeout=5).read()).group(1).decode("utf8") return re.search(b'TAG=(.*)', urlopen("https://mailinabox.email/setup.sh?ping=1", timeout=5).read()).group(1).decode("utf8")
except (HTTPError, URLError, timeout): except (HTTPError, URLError, timeout):
return None return None
def check_miab_version(env, output): def check_miab_version(env, output):
config = load_settings(env) config = load_settings(env)

7
management/utils.py
View File

@ -177,13 +177,6 @@ def wait_for_service(port, public, env, timeout):
return False return False
time.sleep(min(timeout/4, 1)) time.sleep(min(timeout/4, 1))
def fix_boto():
# Google Compute Engine instances install some Python-2-only boto plugins that
# conflict with boto running under Python 3. Disable boto's default configuration
# file prior to importing boto so that GCE's plugin is not loaded:
import os
os.environ["BOTO_CONFIG"] = "/etc/boto3.cfg"
def get_php_version(): def get_php_version():
# Gets the version of PHP installed in the system. # Gets the version of PHP installed in the system.
return shell("check_output", ["/usr/bin/php", "-v"])[4:7] return shell("check_output", ["/usr/bin/php", "-v"])[4:7]

2
setup/bootstrap.sh
View File

@ -34,7 +34,7 @@ if [ -z "$TAG" ]; then
# This machine is running Ubuntu 18.04, which is supported by # This machine is running Ubuntu 18.04, which is supported by
# Mail-in-a-Box versions 0.40 through 5x. # Mail-in-a-Box versions 0.40 through 5x.
echo "Support is ending for Ubuntu 18.04." echo "Support is ending for Ubuntu 18.04."
echo "Please immediately begin to migrate your information to" echo "Please immediately begin to migrate your data to"
echo "a new machine running Ubuntu 22.04. See:" echo "a new machine running Ubuntu 22.04. See:"
echo "https://mailinabox.email/maintenance.html#upgrade" echo "https://mailinabox.email/maintenance.html#upgrade"
TAG=v57a TAG=v57a

15
setup/dns.sh
View File

@ -10,8 +10,6 @@
source setup/functions.sh # load our functions source setup/functions.sh # load our functions
source /etc/mailinabox.conf # load global vars source /etc/mailinabox.conf # load global vars
echo "Installing nsd (DNS server)..."
# Prepare nsd's configuration. # Prepare nsd's configuration.
# We configure nsd before installation as we only want it to bind to some addresses # We configure nsd before installation as we only want it to bind to some addresses
# and it otherwise will have port / bind conflicts with unbound used as the local resolver # and it otherwise will have port / bind conflicts with unbound used as the local resolver
@ -69,18 +67,19 @@ cat > /etc/logrotate.d/nsd <<EOF;
EOF EOF
# Add systemd override file to fix some permissions # Add systemd override file to fix some permissions
mkdir -p /etc/systemd/system/nsd.service.d/ #mkdir -p /etc/systemd/system/nsd.service.d/
cat > /etc/systemd/system/nsd.service.d/nsd-permissions.conf << EOF #cat > /etc/systemd/system/nsd.service.d/nsd-permissions.conf << EOF
[Service] #[Service]
ReadWritePaths=/var/lib/nsd /etc/nsd /run /var/log /run/nsd #ReadWritePaths=/var/lib/nsd /etc/nsd /run /var/log /run/nsd
CapabilityBoundingSet=CAP_CHOWN CAP_IPC_LOCK CAP_NET_BIND_SERVICE CAP_SETGID CAP_SETUID CAP_SYS_CHROOT CAP_NET_ADMIN #CapabilityBoundingSet=CAP_CHOWN CAP_IPC_LOCK CAP_NET_BIND_SERVICE CAP_SETGID CAP_SETUID CAP_SYS_CHROOT CAP_NET_ADMIN
EOF #EOF
# Install the packages. # Install the packages.
# #
# * nsd: The non-recursive nameserver that publishes our DNS records. # * nsd: The non-recursive nameserver that publishes our DNS records.
# * ldnsutils: Helper utilities for signing DNSSEC zones. # * ldnsutils: Helper utilities for signing DNSSEC zones.
# * openssh-client: Provides ssh-keyscan which we use to create SSHFP records. # * openssh-client: Provides ssh-keyscan which we use to create SSHFP records.
echo "Installing nsd (DNS server)..."
apt_install nsd ldnsutils openssh-client apt_install nsd ldnsutils openssh-client
# Create DNSSEC signing keys. # Create DNSSEC signing keys.

2
setup/dovecot-fts-xapian.sh
View File

@ -35,8 +35,6 @@ if [ ! -f /usr/lib/dovecot/decode2text.sh ]; then
cp -f /usr/share/doc/dovecot-core/examples/decode2text.sh /usr/lib/dovecot cp -f /usr/share/doc/dovecot-core/examples/decode2text.sh /usr/lib/dovecot
fi fi
#cp -f lib/lib21_fts_xapian_plugin.so /usr/lib/dovecot/modules/
# Create configuration file # Create configuration file
cat > /etc/dovecot/conf.d/90-plugin-fts.conf << EOF; cat > /etc/dovecot/conf.d/90-plugin-fts.conf << EOF;
plugin { plugin {

2
setup/functions.sh
View File

@ -4,6 +4,8 @@
# -o pipefail: don't ignore errors in the non-last command in a pipeline # -o pipefail: don't ignore errors in the non-last command in a pipeline
set -euo pipefail set -euo pipefail
PHP_VER=php_version
function hide_output { function hide_output {
# This function hides the output of a command unless the command fails # This function hides the output of a command unless the command fails
# and returns a non-zero exit code. # and returns a non-zero exit code.

9
setup/management.sh
View File

@ -1,6 +1,7 @@
#!/bin/bash #!/bin/bash
source setup/functions.sh source setup/functions.sh
source /etc/mailinabox.conf # load global vars
echo "Installing Mail-in-a-Box system management daemon..." echo "Installing Mail-in-a-Box system management daemon..."
@ -28,9 +29,9 @@ done
apt_install duplicity python3-pip virtualenv certbot rsync apt_install duplicity python3-pip virtualenv certbot rsync
# b2sdk is used for backblaze backups. # b2sdk is used for backblaze backups.
# boto is used for amazon aws backups. # boto3 is used for amazon aws backups.
# Both are installed outside the pipenv, so they can be used by duplicity # Both are installed outside the pipenv, so they can be used by duplicity
hide_output pip3 install --upgrade b2sdk==1.14.1 boto hide_output pip3 install --upgrade b2sdk boto3
# Create a virtualenv for the installation of Python 3 packages # Create a virtualenv for the installation of Python 3 packages
# used by the management daemon. # used by the management daemon.
@ -51,8 +52,8 @@ hide_output $venv/bin/pip install --upgrade \
rtyaml "email_validator>=1.0.0" "exclusiveprocess" \ rtyaml "email_validator>=1.0.0" "exclusiveprocess" \
flask dnspython python-dateutil expiringdict \ flask dnspython python-dateutil expiringdict \
qrcode[pil] pyotp \ qrcode[pil] pyotp \
"idna>=2.0.0" "cryptography==2.2.2" psutil postfix-mta-sts-resolver \ "idna>=2.0.0" "cryptography==37.0.2" psutil postfix-mta-sts-resolver \
b2sdk==1.14.1 boto b2sdk boto3
# CONFIGURATION # CONFIGURATION

70
setup/nextcloud.sh
View File

@ -49,8 +49,8 @@ apt_install php php-fpm \
php-dev php-xml php-mbstring php-zip php-apcu php-json \ php-dev php-xml php-mbstring php-zip php-apcu php-json \
php-intl php-imagick php-gmp php-bcmath php-intl php-imagick php-gmp php-bcmath
# Enable apc is required before installing nextcloud # Enable APC before Nextcloud tools are run.
tools/editconf.py /etc/php/$(php_version)/mods-available/apcu.ini -c ';' \ tools/editconf.py /etc/php/$PHP_VER/mods-available/apcu.ini -c ';' \
apc.enabled=1 \ apc.enabled=1 \
apc.enable_cli=1 apc.enable_cli=1
@ -155,7 +155,7 @@ fi
if [ ! -d /usr/local/lib/owncloud/ ] || [[ ! ${CURRENT_NEXTCLOUD_VER} =~ ^$nextcloud_ver ]]; then if [ ! -d /usr/local/lib/owncloud/ ] || [[ ! ${CURRENT_NEXTCLOUD_VER} =~ ^$nextcloud_ver ]]; then
# Stop php-fpm if running. If they are not running (which happens on a previously failed install), dont bail. # Stop php-fpm if running. If they are not running (which happens on a previously failed install), dont bail.
service php$(php_version)-fpm stop &> /dev/null || /bin/true service php$PHP_VER-fpm stop &> /dev/null || /bin/true
# Backup the existing ownCloud/Nextcloud. # Backup the existing ownCloud/Nextcloud.
# Create a backup directory to store the current installation and database to # Create a backup directory to store the current installation and database to
@ -182,42 +182,9 @@ if [ ! -d /usr/local/lib/owncloud/ ] || [[ ! ${CURRENT_NEXTCLOUD_VER} =~ ^$nextc
elif [[ ${CURRENT_NEXTCLOUD_VER} =~ ^1[012] ]]; then elif [[ ${CURRENT_NEXTCLOUD_VER} =~ ^1[012] ]]; then
echo "Upgrades from Mail-in-a-Box prior to v0.28 (dated July 30, 2018) with Nextcloud < 13.0.6 (you have ownCloud 10, 11 or 12) are not supported. Upgrade to Mail-in-a-Box version v0.30 first. Setup will continue, but skip the Nextcloud migration." echo "Upgrades from Mail-in-a-Box prior to v0.28 (dated July 30, 2018) with Nextcloud < 13.0.6 (you have ownCloud 10, 11 or 12) are not supported. Upgrade to Mail-in-a-Box version v0.30 first. Setup will continue, but skip the Nextcloud migration."
return 0 return 0
elif [[ ${CURRENT_NEXTCLOUD_VER} =~ ^13 ]]; then elif [[ ${CURRENT_NEXTCLOUD_VER} =~ ^1[3456789] ]]; then
# If we are running Nextcloud 13, upgrade to Nextcloud 14 echo "Upgrades from Mail-in-a-Box prior to v60 with Nextcloud 19 or earlier are not supported. Upgrade to the latest Mail-in-a-Box version supported on your machine first. Setup will continue, but skip the Nextcloud migration."
InstallNextcloud 14.0.6 4e43a57340f04c2da306c8eea98e30040399ae5a 3.3.0 e55d0357c6785d3b1f3b5f21780cb6d41d32443a 2.0.3 9d9717b29337613b72c74e9914c69b74b346c466 return 0
CURRENT_NEXTCLOUD_VER="14.0.6"
fi
if [[ ${CURRENT_NEXTCLOUD_VER} =~ ^14 ]]; then
# During the upgrade from Nextcloud 14 to 15, user_external may cause the upgrade to fail.
# We will disable it here before the upgrade and install it again after the upgrade.
hide_output sudo -u www-data php /usr/local/lib/owncloud/console.php app:disable user_external
InstallNextcloud 15.0.8 4129d8d4021c435f2e86876225fb7f15adf764a3 3.3.0 e55d0357c6785d3b1f3b5f21780cb6d41d32443a 2.0.3 a1f3835c752929e3598eb94f22300516867ac6ab 0.7.0 555a94811daaf5bdd336c5e48a78aa8567b86437
CURRENT_NEXTCLOUD_VER="15.0.8"
fi
if [[ ${CURRENT_NEXTCLOUD_VER} =~ ^15 ]]; then
InstallNextcloud 16.0.6 0bb3098455ec89f5af77a652aad553ad40a88819 3.3.0 e55d0357c6785d3b1f3b5f21780cb6d41d32443a 2.0.3 9d9717b29337613b72c74e9914c69b74b346c466 0.7.0 555a94811daaf5bdd336c5e48a78aa8567b86437
CURRENT_NEXTCLOUD_VER="16.0.6"
fi
if [[ ${CURRENT_NEXTCLOUD_VER} =~ ^16 ]]; then
InstallNextcloud 17.0.6 50b98d2c2f18510b9530e558ced9ab51eb4f11b0 3.3.0 e55d0357c6785d3b1f3b5f21780cb6d41d32443a 2.0.3 9d9717b29337613b72c74e9914c69b74b346c466 0.7.0 555a94811daaf5bdd336c5e48a78aa8567b86437
CURRENT_NEXTCLOUD_VER="17.0.6"
fi
if [[ ${CURRENT_NEXTCLOUD_VER} =~ ^17 ]]; then
# Don't exit the install if this column already exists (see #2076)
(echo "ALTER TABLE oc_flow_operations ADD COLUMN entity VARCHAR;" | sqlite3 $STORAGE_ROOT/owncloud/owncloud.db 2>/dev/null) || true
InstallNextcloud 18.0.10 39c0021a8b8477c3f1733fddefacfa5ebf921c68 3.4.1 aee680a75e95f26d9285efd3c1e25cf7f3bfd27e 2.0.3 9d9717b29337613b72c74e9914c69b74b346c466 1.0.0 3bf2609061d7214e7f0f69dd8883e55c4ec8f50a
CURRENT_NEXTCLOUD_VER="18.0.10"
fi
if [[ ${CURRENT_NEXTCLOUD_VER} =~ ^18 ]]; then
InstallNextcloud 19.0.4 01e98791ba12f4860d3d4047b9803f97a1b55c60 3.4.1 aee680a75e95f26d9285efd3c1e25cf7f3bfd27e 2.0.3 9d9717b29337613b72c74e9914c69b74b346c466 1.0.0 3bf2609061d7214e7f0f69dd8883e55c4ec8f50a
CURRENT_NEXTCLOUD_VER="19.0.4"
fi
if [[ ${CURRENT_NEXTCLOUD_VER} =~ ^19 ]]; then
InstallNextcloud 20.0.14 92cac708915f51ee2afc1787fd845476fd090c81 4.0.0 f893ca57a543b260c9feeecbb5958c00b6998e18 2.2.2 923846d48afb5004a456b9079cf4b46d23b3ef3a 1.0.0 3bf2609061d7214e7f0f69dd8883e55c4ec8f50a
CURRENT_NEXTCLOUD_VER="20.0.14"
# Nextcloud 20 needs to have some optional columns added
sudo -u www-data php /usr/local/lib/owncloud/occ db:add-missing-columns
fi fi
if [[ ${CURRENT_NEXTCLOUD_VER} =~ ^20 ]]; then if [[ ${CURRENT_NEXTCLOUD_VER} =~ ^20 ]]; then
InstallNextcloud 21.0.7 f5c7079c5b56ce1e301c6a27c0d975d608bb01c9 4.0.0 f893ca57a543b260c9feeecbb5958c00b6998e18 2.2.2 923846d48afb5004a456b9079cf4b46d23b3ef3a 1.0.0 3bf2609061d7214e7f0f69dd8883e55c4ec8f50a InstallNextcloud 21.0.7 f5c7079c5b56ce1e301c6a27c0d975d608bb01c9 4.0.0 f893ca57a543b260c9feeecbb5958c00b6998e18 2.2.2 923846d48afb5004a456b9079cf4b46d23b3ef3a 1.0.0 3bf2609061d7214e7f0f69dd8883e55c4ec8f50a
@ -261,7 +228,7 @@ if [ ! -f $STORAGE_ROOT/owncloud/owncloud.db ]; then
array( array(
'class' => '\OCA\UserExternal\IMAP', 'class' => '\OCA\UserExternal\IMAP',
'arguments' => array( 'arguments' => array(
'127.0.0.1', 143, null '127.0.0.1', 143, null, null, false, false
), ),
), ),
), ),
@ -324,7 +291,7 @@ php <<EOF > $CONFIG_TEMP && mv $CONFIG_TEMP $STORAGE_ROOT/owncloud/config.php;
<?php <?php
include("$STORAGE_ROOT/owncloud/config.php"); include("$STORAGE_ROOT/owncloud/config.php");
\$CONFIG['config_is_read_only'] = true; # should prevent warnings from occ tool but doesn't \$CONFIG['config_is_read_only'] = true;
\$CONFIG['trusted_domains'] = array('$PRIMARY_HOSTNAME'); \$CONFIG['trusted_domains'] = array('$PRIMARY_HOSTNAME');
@ -337,7 +304,14 @@ include("$STORAGE_ROOT/owncloud/config.php");
\$CONFIG['mail_domain'] = '$PRIMARY_HOSTNAME'; \$CONFIG['mail_domain'] = '$PRIMARY_HOSTNAME';
\$CONFIG['user_backends'] = array(array('class' => '\OCA\UserExternal\IMAP','arguments' => array('127.0.0.1', 143, null),),); \$CONFIG['user_backends'] = array(
array(
'class' => '\OCA\UserExternal\IMAP',
'arguments' => array(
'127.0.0.1', 143, null, null, false, false
),
),
);
echo "<?php\n\\\$CONFIG = "; echo "<?php\n\\\$CONFIG = ";
var_export(\$CONFIG); var_export(\$CONFIG);
@ -380,7 +354,7 @@ sudo -u www-data php /usr/local/lib/owncloud/occ app:update --all
# Set PHP FPM values to support large file uploads # Set PHP FPM values to support large file uploads
# (semicolon is the comment character in this file, hashes produce deprecation warnings) # (semicolon is the comment character in this file, hashes produce deprecation warnings)
tools/editconf.py /etc/php/$(php_version)/fpm/php.ini -c ';' \ tools/editconf.py /etc/php/$PHP_VER/fpm/php.ini -c ';' \
upload_max_filesize=16G \ upload_max_filesize=16G \
post_max_size=16G \ post_max_size=16G \
output_buffering=16384 \ output_buffering=16384 \
@ -389,7 +363,7 @@ tools/editconf.py /etc/php/$(php_version)/fpm/php.ini -c ';' \
short_open_tag=On short_open_tag=On
# Set Nextcloud recommended opcache settings # Set Nextcloud recommended opcache settings
tools/editconf.py /etc/php/$(php_version)/cli/conf.d/10-opcache.ini -c ';' \ tools/editconf.py /etc/php/$PHP_VER/cli/conf.d/10-opcache.ini -c ';' \
opcache.enable=1 \ opcache.enable=1 \
opcache.enable_cli=1 \ opcache.enable_cli=1 \
opcache.interned_strings_buffer=8 \ opcache.interned_strings_buffer=8 \
@ -398,6 +372,12 @@ tools/editconf.py /etc/php/$(php_version)/cli/conf.d/10-opcache.ini -c ';' \
opcache.save_comments=1 \ opcache.save_comments=1 \
opcache.revalidate_freq=1 opcache.revalidate_freq=1
# Migrate users_external data from <0.6.0 to version 3.0.0 (see https://github.com/nextcloud/user_external).
# This version was probably in use in Mail-in-a-Box v0.41 (February 26, 2019) and earlier.
# We moved to v0.6.3 in 193763f8. Ignore errors - maybe there are duplicated users with the
# correct backend already.
sqlite3 $STORAGE_ROOT/owncloud/owncloud.db "UPDATE oc_users_external SET backend='127.0.0.1';" || /bin/true
# Set up a cron job for Nextcloud. # Set up a cron job for Nextcloud.
cat > /etc/cron.d/mailinabox-nextcloud << EOF; cat > /etc/cron.d/mailinabox-nextcloud << EOF;
#!/bin/bash #!/bin/bash
@ -419,4 +399,4 @@ rm -f /etc/cron.hourly/mailinabox-owncloud
# ``` # ```
# Enable PHP modules and restart PHP. # Enable PHP modules and restart PHP.
restart_service php$(php_version)-fpm restart_service php$PHP_VER-fpm

6
setup/start.sh
View File

@ -72,6 +72,10 @@ fi
fi fi
# Create the STORAGE_USER and STORAGE_ROOT directory if they don't already exist. # Create the STORAGE_USER and STORAGE_ROOT directory if they don't already exist.
#
# Set the directory and all of its parent directories' permissions to world
# readable since it holds files owned by different processes.
#
# If the STORAGE_ROOT is missing the mailinabox.version file that lists a # If the STORAGE_ROOT is missing the mailinabox.version file that lists a
# migration (schema) number for the files stored there, assume this is a fresh # migration (schema) number for the files stored there, assume this is a fresh
# installation to that directory and write the file to contain the current # installation to that directory and write the file to contain the current
@ -82,6 +86,8 @@ fi
if [ ! -d $STORAGE_ROOT ]; then if [ ! -d $STORAGE_ROOT ]; then
mkdir -p $STORAGE_ROOT mkdir -p $STORAGE_ROOT
fi fi
f=$STORAGE_ROOT
while [[ $f != / ]]; do chmod a+rx "$f"; f=$(dirname "$f"); done;
if [ ! -f $STORAGE_ROOT/mailinabox.version ]; then if [ ! -f $STORAGE_ROOT/mailinabox.version ]; then
setup/migrate.py --current > $STORAGE_ROOT/mailinabox.version setup/migrate.py --current > $STORAGE_ROOT/mailinabox.version
chown $STORAGE_USER.$STORAGE_USER $STORAGE_ROOT/mailinabox.version chown $STORAGE_USER.$STORAGE_USER $STORAGE_ROOT/mailinabox.version

5
setup/system.sh
View File

@ -83,6 +83,9 @@ fi
tools/editconf.py /etc/systemd/journald.conf MaxRetentionSec=10day tools/editconf.py /etc/systemd/journald.conf MaxRetentionSec=10day
hide_output systemctl restart systemd-journald.service hide_output systemctl restart systemd-journald.service
# ### Add PPAs.
# We install some non-standard Ubuntu packages maintained by other # We install some non-standard Ubuntu packages maintained by other
# third-party providers. First ensure add-apt-repository is installed. # third-party providers. First ensure add-apt-repository is installed.
@ -96,6 +99,8 @@ fi
# come from there and minimal Ubuntu installs may have it turned off. # come from there and minimal Ubuntu installs may have it turned off.
hide_output add-apt-repository -y universe hide_output add-apt-repository -y universe
# Install the duplicity PPA.
hide_output add-apt-repository -y ppa:duplicity-team/duplicity-release-git
# ### Update Packages # ### Update Packages
# Update system packages to make sure we have the latest upstream versions # Update system packages to make sure we have the latest upstream versions

16
setup/web.sh
View File

@ -46,11 +46,11 @@ tools/editconf.py /etc/nginx/nginx.conf -s \
ssl_protocols="TLSv1.2 TLSv1.3;" ssl_protocols="TLSv1.2 TLSv1.3;"
# Tell PHP not to expose its version number in the X-Powered-By header. # Tell PHP not to expose its version number in the X-Powered-By header.
tools/editconf.py /etc/php/$(php_version)/fpm/php.ini -c ';' \ tools/editconf.py /etc/php/$PHP_VER/fpm/php.ini -c ';' \
expose_php=Off expose_php=Off
# Set PHPs default charset to UTF-8, since we use it. See #367. # Set PHPs default charset to UTF-8, since we use it. See #367.
tools/editconf.py /etc/php/$(php_version)/fpm/php.ini -c ';' \ tools/editconf.py /etc/php/$PHP_VER/fpm/php.ini -c ';' \
default_charset="UTF-8" default_charset="UTF-8"
# Set higher timeout since fts searches with Roundcube may take longer # Set higher timeout since fts searches with Roundcube may take longer
@ -60,7 +60,7 @@ tools/editconf.py /etc/php/$(php_version)/fpm/php.ini -c ';' \
default_socket_timeout=180 default_socket_timeout=180
# Configure the path environment for php-fpm # Configure the path environment for php-fpm
tools/editconf.py /etc/php/$(php_version)/fpm/pool.d/www.conf -c ';' \ tools/editconf.py /etc/php/$PHP_VER/fpm/pool.d/www.conf -c ';' \
env[PATH]=/usr/local/bin:/usr/bin:/bin \ env[PATH]=/usr/local/bin:/usr/bin:/bin \
# Configure php-fpm based on the amount of memory the machine has # Configure php-fpm based on the amount of memory the machine has
@ -70,7 +70,7 @@ tools/editconf.py /etc/php/$(php_version)/fpm/pool.d/www.conf -c ';' \
TOTAL_PHYSICAL_MEM=$(head -n 1 /proc/meminfo | awk '{print $2}' || /bin/true) TOTAL_PHYSICAL_MEM=$(head -n 1 /proc/meminfo | awk '{print $2}' || /bin/true)
if [ $TOTAL_PHYSICAL_MEM -lt 1000000 ] if [ $TOTAL_PHYSICAL_MEM -lt 1000000 ]
then then
tools/editconf.py /etc/php/$(php_version)/fpm/pool.d/www.conf -c ';' \ tools/editconf.py /etc/php/$PHP_VER/fpm/pool.d/www.conf -c ';' \
pm=ondemand \ pm=ondemand \
pm.max_children=8 \ pm.max_children=8 \
pm.start_servers=2 \ pm.start_servers=2 \
@ -78,7 +78,7 @@ then
pm.max_spare_servers=3 pm.max_spare_servers=3
elif [ $TOTAL_PHYSICAL_MEM -lt 2000000 ] elif [ $TOTAL_PHYSICAL_MEM -lt 2000000 ]
then then
tools/editconf.py /etc/php/$(php_version)/fpm/pool.d/www.conf -c ';' \ tools/editconf.py /etc/php/$PHP_VER/fpm/pool.d/www.conf -c ';' \
pm=ondemand \ pm=ondemand \
pm.max_children=16 \ pm.max_children=16 \
pm.start_servers=4 \ pm.start_servers=4 \
@ -86,14 +86,14 @@ then
pm.max_spare_servers=6 pm.max_spare_servers=6
elif [ $TOTAL_PHYSICAL_MEM -lt 3000000 ] elif [ $TOTAL_PHYSICAL_MEM -lt 3000000 ]
then then
tools/editconf.py /etc/php/$(php_version)/fpm/pool.d/www.conf -c ';' \ tools/editconf.py /etc/php/$PHP_VER/fpm/pool.d/www.conf -c ';' \
pm=dynamic \ pm=dynamic \
pm.max_children=60 \ pm.max_children=60 \
pm.start_servers=6 \ pm.start_servers=6 \
pm.min_spare_servers=3 \ pm.min_spare_servers=3 \
pm.max_spare_servers=9 pm.max_spare_servers=9
else else
tools/editconf.py /etc/php/$(php_version)/fpm/pool.d/www.conf -c ';' \ tools/editconf.py /etc/php/$PHP_VER/fpm/pool.d/www.conf -c ';' \
pm=dynamic \ pm=dynamic \
pm.max_children=120 \ pm.max_children=120 \
pm.start_servers=12 \ pm.start_servers=12 \
@ -162,7 +162,7 @@ chown www-data /var/log/nginx/geoipblock.log
# Start services. # Start services.
restart_service nginx restart_service nginx
restart_service php$(php_version)-fpm restart_service php$PHP_VER-fpm
# Open ports. # Open ports.
ufw_allow http ufw_allow http

2
setup/webmail.sh
View File

@ -217,4 +217,4 @@ chmod 664 $STORAGE_ROOT/mail/roundcube/roundcube.sqlite
# Enable PHP modules. # Enable PHP modules.
phpenmod -v php mcrypt imap phpenmod -v php mcrypt imap
restart_service php$(php_version)-fpm restart_service php$PHP_VER-fpm