cleaning all web stuff

2025-07-16 01:10:53 +00:00 · 2014-01-15 21:26:35 +01:00 · 2014-01-15 21:26:35 +01:00 · 3cecfc1a19
commit 3cecfc1a19
parent afda0405cf
8 changed files with 0 additions and 255 deletions
--- a/conf/nginx.conf
+++ b/conf/nginx.conf
@ -1,64 +0,0 @@
-# The HTTP (not SSL) server.
-
-server {
-	listen 80;
-	listen [::]:80 default_server ipv6only=on;
-
-	server_name $PUBLIC_HOSTNAME;
-
-	# We'll expose this directory publicly over http.
-	root $STORAGE_ROOT/www/static;
-
-	index index.html index.htm;
-	location / {
-		# First attempt to serve request as file, then
-		# as directory, then fall back to displaying a 404.
-		try_files $uri $uri/ /index.html;
-	}
-	
-	# Convenience redirect to https.
-	rewrite ^/mail(/.*)?$ https://$PUBLIC_HOSTNAME/mail$1 permanent;
-}
-
-# The secure HTTPS server.
-
-server {
-	listen 443 ssl;
-
-	server_name $PUBLIC_HOSTNAME;
-
-	ssl_certificate $STORAGE_ROOT/ssl/ssl_certificate.pem;
-	ssl_certificate_key $STORAGE_ROOT/ssl/ssl_private_key.pem;
-
-	# SSL configuration by @konklone at https://gist.github.com/konklone/6532544
-	# 1) prefer certain ciphersuites, to enforce Perfect Forward Secrecy and avoid known vulnerabilities. http://ggramaize.wordpress.com/2013/08/02/tls-perfect-forward-secrecy-support-with-apache/ and https://www.ssllabs.com/ssltest/analyze.html
-	ssl_prefer_server_ciphers on;
-	ssl_ciphers ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-RC4-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-SHA256:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA:RC4-SHA:AES256-GCM-SHA384:AES256-SHA256:CAMELLIA256-SHA:ECDHE-RSA-AES128-SHA:AES128-GCM-SHA256:AES128-SHA256:AES128-SHA:CAMELLIA128-SHA;
-	# 2) turn on session resumption, using a 10 min cache shared across nginx processes, as recommended by http://nginx.org/en/docs/http/configuring_https_servers.html
-	ssl_session_cache   shared:SSL:10m;
-	ssl_session_timeout 10m;
-	keepalive_timeout   70;	
-
-	# We'll expose the same static directory under https.
-	root $STORAGE_ROOT/www/static;
-
-	index index.html index.htm;
-
-	# Roundcube Webmail configuration.
-	rewrite ^/mail$ /mail/ redirect;
-	rewrite ^/mail/$ /mail/index.php;
-	location /mail/ {
-		index index.php;
-		alias /var/lib/roundcube/;
-	}
-	location ~ /mail/.*\.php {
-		include fastcgi_params;
-		fastcgi_split_path_info ^/mail(/.*)()$;
-		fastcgi_index index.php;
-		fastcgi_param SCRIPT_FILENAME /var/lib/roundcube/$fastcgi_script_name;
-		fastcgi_pass unix:/tmp/php-fastcgi.www-data.sock;
-		client_max_body_size 20M;
-	}
-
-}
-
--- a/conf/www_default.html
+++ b/conf/www_default.html
@ -1,9 +0,0 @@
-<html>
-	<head>
-		<title>this is a mailinabox</title>
-	</head>
-	<body>
-		<h1>this is a mailinabox</h1>
-		<p><a href="https://github.com/tauberer/mailinabox">https://github.com/tauberer/mailinabox</a></p>
-	</body>
-</html>
--- a/ec2/README.md
+++ b/ec2/README.md
@ -1,47 +0,0 @@
-Deploying to EC2
-================
-
-Amazon's EC2 isn't a great place to host a mail server. For one, you don't know if you'll get an IP address with a bad reputation from its previous owner. Also, setting reverse DNS requires a special request. But EC2 makes deployment easy, so it may at least be useful for testing.
-
-Instructions
------------
-
-Sign up for Amazon Web Services.
-
-Create an Access Key at https://console.aws.amazon.com/iam/home?#security_credential. Download the key and save the information somewhere secure.
-
-Set up your environment and paste in the two parts of your access key that you just downloaded: 
-
-	sudo apt-get install ec2-api-tools
-
-	export AWS_ACCESS_KEY=your_access_key_id
-	export AWS_SECRET_KEY=your_secret_key
-	export EC2_URL=ec2.us-east-1.amazonaws.com
-	export AWS_AZ=us-east-1a
-	
-Here we're using the Ubuntu 13.04 amd64 instance-store-backed AMI in the us-east region. You can select another at http://cloud-images.ubuntu.com/locator/ec2/.
-
-Generate a new "keypair" (if you don't have one) that will let you SSH into your machine after you start it:
-
-	ec2addkey mykey > mykey.pem
-	chmod go-rw mykey.pem
-
-Then launch a new instance. We're creating a m1.small instance --- it's the smallest instance that can use an instance-store-backed AMI. So charges will start to apply.
-
-	source ec2/start_instance.sh
-
-It will wait until the instance is available.
-
-You'll probably want to associate it with an Elastic IP. If you do, you'll need to update the INSTANCE_IP variable.
-	
-Log into the server:
-
-	ssh -i mykey.pem ubuntu@$INSTANCE_IP
-
-Then follow the instructions in the main README.
-
-If you were just testing and are ready to destroy your instance (and all data), run:
-
-	ec2-terminate-instances $INSTANCE
-
-
--- a/ec2/new_volume.sh
+++ b/ec2/new_volume.sh
@ -1,6 +0,0 @@
-export VOLUME_SIZE=1 # in GiB (2^30 bytes)
-ec2-create-volume -s $VOLUME_SIZE -z $AWS_AZ > volume.info
-export VOLUME_ID=`cat volume.info |  awk {'print $2'}`
-export VOLUME_IS_NEW=1
-echo Created new volume: $VOLUME_ID
-
--- a/ec2/start_instance.sh
+++ b/ec2/start_instance.sh
@ -1,35 +0,0 @@
-if [ -z "$EC2_KEYPAIR_NAME" ]; then
-	EC2_KEYPAIR_NAME=mykey
-fi
-
-UBUNTU_CONFIG="us-east-1 13.04 amd64 instance-store"
-
-export AMI=`curl -s http://cloud-images.ubuntu.com/locator/ec2/releasesTable | python3 tools/get_ubuntu_ami.py $UBUNTU_CONFIG`
-
-ec2-create-group -d "mailinabox" "mailinabox"
-for PORT in 25 53 587 993; do ec2-authorize mailinabox -P tcp -p $PORT -s 0.0.0.0/0; done
-for PORT in 53; do ec2-authorize mailinabox -P udp -p $PORT -s 0.0.0.0/0; done
-
-ec2run $AMI -k $EC2_KEYPAIR_NAME -t m1.small -z $AWS_AZ -g mailinabox > instance.info
-export INSTANCE=`cat instance.info | grep INSTANCE | awk {'print $2'}`
-
-echo Started instance $INSTANCE
-
-sleep 5
-while [ 1 ]
-do
-    export INSTANCE_IP=`ec2-describe-instances $INSTANCE | grep INSTANCE | awk {'print $14'}`
-    if [ -z "$INSTANCE_IP" ]
-    then
-		echo "Waiting for $INSTANCE to start..."
-    else
-		break
-    fi
-    sleep 6
-done
-
-# Give SSH time to start.
-sleep 5
-
-echo New instance has IP: $INSTANCE_IP
-
--- a/scripts/start.sh
+++ b/scripts/start.sh
@ -3,18 +3,6 @@

 # Check system setup.

-# Check that SSH login with password is disabled. Stop if it's enabled.
-if grep -q "^PasswordAuthentication yes" /etc/ssh/sshd_config \
- || ! grep -q "^PasswordAuthentication no" /etc/ssh/sshd_config ; then
-        echo
-        echo "The SSH server on this machine permits password-based login."
-        echo "Add your SSH public key to $HOME/.ssh/authorized_keys, check"
-        echo "check that you can log in without a password, set the option"
-        echo "'PasswordAuthentication no' in /etc/ssh/sshd_config, and then"
-	echo "restart the machine."
-        exit
-fi
-
 # Gather information from the user about the hostname and public IP
 # address of this host.
 if [ -z "$PUBLIC_HOSTNAME" ]; then
@ -60,8 +48,6 @@ EOF
 . scripts/dkim.sh
 . scripts/spamassassin.sh
 . scripts/dns_update.sh
-. scripts/web.sh
-. scripts/webmail.sh

 if [ -z `tools/mail.py user` ]; then
 	# The outut of "tools/mail.py user" is a list of mail users. If there
--- a/scripts/web.sh
+++ b/scripts/web.sh
@ -1,30 +0,0 @@
-# HTTP: Turn on a web server serving static files
-#################################################
-
-apt-get install -q -y \
-	nginx
-
-rm -f /etc/nginx/sites-enabled/default
-
-STORAGE_ROOT_ESC=$(echo $STORAGE_ROOT|sed 's/[\\\/&]/\\&/g')
-PUBLIC_HOSTNAME_ESC=$(echo $PUBLIC_HOSTNAME|sed 's/[\\\/&]/\\&/g')
-
-# copy in the nginx configuration file and substitute some
-# variables
-cat conf/nginx.conf \
-	| sed "s/\$STORAGE_ROOT/$STORAGE_ROOT_ESC/g" \
-	| sed "s/\$PUBLIC_HOSTNAME/$PUBLIC_HOSTNAME_ESC/g" \
-	> /etc/nginx/conf.d/local.conf
-
-# make a default homepage
-mkdir -p $STORAGE_ROOT/www/static
-cp conf/www_default.html $STORAGE_ROOT/www/static/index.html
-chown -R $STORAGE_USER $STORAGE_ROOT/www/static/index.html
-
-service nginx restart
-
-conf/php-fcgid start
-
-ufw allow http
-ufw allow https
-
--- a/scripts/webmail.sh
+++ b/scripts/webmail.sh
@ -1,50 +0,0 @@
-# Webmail: Using roundcube
-##########################
-
-DEBIAN_FRONTEND=noninteractive apt-get install -q -y \
-	roundcube-core php5-sqlite
-
-# The version of roundcube shipped with Ubuntu is really out of date so we'll
-# now upgrade the packages. We do it this way so the other dependencies are
-# pulled in via apt for us automatically.
-mkdir -p externals
-pkg_ver=0.9.2-2_all
-wget -nc -P externals http://ftp.debian.org/debian/pool/main/r/roundcube/{roundcube,roundcube-core,roundcube-sqlite3,roundcube-plugins}_$pkg_ver.deb
-DEBIAN_FRONTEND=noninteractive dpkg -Gi externals/{roundcube,roundcube-core,roundcube-sqlite3,roundcube-plugins}_$pkg_ver.deb
-
-# Buuuut.... the .deb is missing things?
-wget -nc -P externals http://downloads.sourceforge.net/project/roundcubemail/roundcubemail/0.9.3/roundcubemail-0.9.3.tar.gz
-tar -xzf externals/roundcubemail-0.9.3.tar.gz
-if [ ! -d /usr/share/roundcube/SQL ]; then mv roundcubemail-0.9.3/SQL/ /usr/share/roundcube/; fi
-rm -rf roundcubemail-0.9.3
-
-# Settings
-tools/editconf.py /etc/roundcube/main.inc.php \
-	"\$rcmail_config['default_host']='ssl://localhost';" \
-	"\$rcmail_config['default_port']=993;" \
-	"\$rcmail_config['imap_timeout']=30;" \
-	"\$rcmail_config['smtp_server']='tls://localhost';"\
-	"\$rcmail_config['smtp_user']='%u';"\
-	"\$rcmail_config['smtp_pass']='%p';"\
-	"\$rcmail_config['smtp_timeout']=30;" \
-	"\$rcmail_config['use_https']=true;" \
-	"\$rcmail_config['session_lifetime']=60*24*3;" \
-	"\$rcmail_config['password_charset']='utf8';" \
-	"\$rcmail_config['message_sort_col']='arrival';" \
-	"\$rcmail_config['junk_mbox']='Spam';" \
-	"\$rcmail_config['default_folders']=array('INBOX', 'Drafts', 'Sent', 'Spam', 'Trash');" \
-	"\$rcmail_config['draft_autosave']=30;"
-
-
-# Configure storage of user preferences.
-mkdir -p $STORAGE_ROOT/mail/roundcube
-cat - > /etc/roundcube/debian-db.php <<EOF;
-<?php
-\$dbtype = 'sqlite';
-\$basepath = '$STORAGE_ROOT/mail/roundcube';
-\$dbname = 'roundcube.sqlite';
-?>
-EOF
-chown -R www-data.www-data $STORAGE_ROOT/mail/roundcube
-
-