cleaning all web stuff

2025-07-18 01:30:55 +00:00 · 2014-01-15 21:26:35 +01:00 · 2014-01-15 21:26:35 +01:00 · 3cecfc1a19
commit 3cecfc1a19
parent afda0405cf
8 changed files with 0 additions and 255 deletions
--- a/conf/nginx.conf
+++ b/conf/nginx.conf
@ -1,64 +0,0 @@
 # The HTTP (not SSL) server.
 server {
 	listen 80;
 	listen [::]:80 default_server ipv6only=on;
 	server_name $PUBLIC_HOSTNAME;
 	# We'll expose this directory publicly over http.
 	root $STORAGE_ROOT/www/static;
 	index index.html index.htm;
 	location / {
 		# First attempt to serve request as file, then
 		# as directory, then fall back to displaying a 404.
 		try_files $uri $uri/ /index.html;
 	}
 	# Convenience redirect to https.
 	rewrite ^/mail(/.*)?$ https://$PUBLIC_HOSTNAME/mail$1 permanent;
 }
 # The secure HTTPS server.
 server {
 	listen 443 ssl;
 	server_name $PUBLIC_HOSTNAME;
 	ssl_certificate $STORAGE_ROOT/ssl/ssl_certificate.pem;
 	ssl_certificate_key $STORAGE_ROOT/ssl/ssl_private_key.pem;
 	# SSL configuration by @konklone at https://gist.github.com/konklone/6532544
 	# 1) prefer certain ciphersuites, to enforce Perfect Forward Secrecy and avoid known vulnerabilities. http://ggramaize.wordpress.com/2013/08/02/tls-perfect-forward-secrecy-support-with-apache/ and https://www.ssllabs.com/ssltest/analyze.html
 	ssl_prefer_server_ciphers on;
 	ssl_ciphers ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-RC4-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-SHA256:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA:RC4-SHA:AES256-GCM-SHA384:AES256-SHA256:CAMELLIA256-SHA:ECDHE-RSA-AES128-SHA:AES128-GCM-SHA256:AES128-SHA256:AES128-SHA:CAMELLIA128-SHA;
 	# 2) turn on session resumption, using a 10 min cache shared across nginx processes, as recommended by http://nginx.org/en/docs/http/configuring_https_servers.html
 	ssl_session_cache   shared:SSL:10m;
 	ssl_session_timeout 10m;
 	keepalive_timeout   70;	
 	# We'll expose the same static directory under https.
 	root $STORAGE_ROOT/www/static;
 	index index.html index.htm;
 	# Roundcube Webmail configuration.
 	rewrite ^/mail$ /mail/ redirect;
 	rewrite ^/mail/$ /mail/index.php;
 	location /mail/ {
 		index index.php;
 		alias /var/lib/roundcube/;
 	}
 	location ~ /mail/.*\.php {
 		include fastcgi_params;
 		fastcgi_split_path_info ^/mail(/.*)()$;
 		fastcgi_index index.php;
 		fastcgi_param SCRIPT_FILENAME /var/lib/roundcube/$fastcgi_script_name;
 		fastcgi_pass unix:/tmp/php-fastcgi.www-data.sock;
 		client_max_body_size 20M;
 	}
 }
--- a/conf/www_default.html
+++ b/conf/www_default.html
@ -1,9 +0,0 @@
 <html>
 	<head>
 		<title>this is a mailinabox</title>
 	</head>
 	<body>
 		<h1>this is a mailinabox</h1>
 		<p><a href="https://github.com/tauberer/mailinabox">https://github.com/tauberer/mailinabox</a></p>
 	</body>
 </html>
--- a/ec2/README.md
+++ b/ec2/README.md
@ -1,47 +0,0 @@
 Deploying to EC2
 ================
 Amazon's EC2 isn't a great place to host a mail server. For one, you don't know if you'll get an IP address with a bad reputation from its previous owner. Also, setting reverse DNS requires a special request. But EC2 makes deployment easy, so it may at least be useful for testing.
 Instructions
 ------------
 Sign up for Amazon Web Services.
 Create an Access Key at https://console.aws.amazon.com/iam/home?#security_credential. Download the key and save the information somewhere secure.
 Set up your environment and paste in the two parts of your access key that you just downloaded: 
 	sudo apt-get install ec2-api-tools
 	export AWS_ACCESS_KEY=your_access_key_id
 	export AWS_SECRET_KEY=your_secret_key
 	export EC2_URL=ec2.us-east-1.amazonaws.com
 	export AWS_AZ=us-east-1a
 Here we're using the Ubuntu 13.04 amd64 instance-store-backed AMI in the us-east region. You can select another at http://cloud-images.ubuntu.com/locator/ec2/.
 Generate a new "keypair" (if you don't have one) that will let you SSH into your machine after you start it:
 	ec2addkey mykey > mykey.pem
 	chmod go-rw mykey.pem
 Then launch a new instance. We're creating a m1.small instance --- it's the smallest instance that can use an instance-store-backed AMI. So charges will start to apply.
 	source ec2/start_instance.sh
 It will wait until the instance is available.
 You'll probably want to associate it with an Elastic IP. If you do, you'll need to update the INSTANCE_IP variable.
 Log into the server:
 	ssh -i mykey.pem ubuntu@$INSTANCE_IP
 Then follow the instructions in the main README.
 If you were just testing and are ready to destroy your instance (and all data), run:
 	ec2-terminate-instances $INSTANCE
--- a/ec2/new_volume.sh
+++ b/ec2/new_volume.sh
@ -1,6 +0,0 @@
 export VOLUME_SIZE=1 # in GiB (2^30 bytes)
 ec2-create-volume -s $VOLUME_SIZE -z $AWS_AZ > volume.info
 export VOLUME_ID=`cat volume.info |  awk {'print $2'}`
 export VOLUME_IS_NEW=1
 echo Created new volume: $VOLUME_ID
--- a/ec2/start_instance.sh
+++ b/ec2/start_instance.sh
@ -1,35 +0,0 @@
 if [ -z "$EC2_KEYPAIR_NAME" ]; then
 	EC2_KEYPAIR_NAME=mykey
 fi
 UBUNTU_CONFIG="us-east-1 13.04 amd64 instance-store"
 export AMI=`curl -s http://cloud-images.ubuntu.com/locator/ec2/releasesTable | python3 tools/get_ubuntu_ami.py $UBUNTU_CONFIG`
 ec2-create-group -d "mailinabox" "mailinabox"
 for PORT in 25 53 587 993; do ec2-authorize mailinabox -P tcp -p $PORT -s 0.0.0.0/0; done
 for PORT in 53; do ec2-authorize mailinabox -P udp -p $PORT -s 0.0.0.0/0; done
 ec2run $AMI -k $EC2_KEYPAIR_NAME -t m1.small -z $AWS_AZ -g mailinabox > instance.info
 export INSTANCE=`cat instance.info | grep INSTANCE | awk {'print $2'}`
 echo Started instance $INSTANCE
 sleep 5
 while [ 1 ]
 do
    export INSTANCE_IP=`ec2-describe-instances $INSTANCE | grep INSTANCE | awk {'print $14'}`
    if [ -z "$INSTANCE_IP" ]
    then
 		echo "Waiting for $INSTANCE to start..."
    else
 		break
    fi
    sleep 6
 done
 # Give SSH time to start.
 sleep 5
 echo New instance has IP: $INSTANCE_IP
--- a/scripts/start.sh
+++ b/scripts/start.sh
@ -3,18 +3,6 @@
 # Check system setup.
 # Check that SSH login with password is disabled. Stop if it's enabled.
 if grep -q "^PasswordAuthentication yes" /etc/ssh/sshd_config \
 || ! grep -q "^PasswordAuthentication no" /etc/ssh/sshd_config ; then
        echo
        echo "The SSH server on this machine permits password-based login."
        echo "Add your SSH public key to $HOME/.ssh/authorized_keys, check"
        echo "check that you can log in without a password, set the option"
        echo "'PasswordAuthentication no' in /etc/ssh/sshd_config, and then"
 	echo "restart the machine."
        exit
 fi
 # Gather information from the user about the hostname and public IP
 # address of this host.
 if [ -z "$PUBLIC_HOSTNAME" ]; then
@ -60,8 +48,6 @@ EOF
 . scripts/dkim.sh
 . scripts/spamassassin.sh
 . scripts/dns_update.sh
 . scripts/web.sh
 . scripts/webmail.sh
 if [ -z `tools/mail.py user` ]; then
 	# The outut of "tools/mail.py user" is a list of mail users. If there
--- a/scripts/web.sh
+++ b/scripts/web.sh
@ -1,30 +0,0 @@
 # HTTP: Turn on a web server serving static files
 #################################################
 apt-get install -q -y \
 	nginx
 rm -f /etc/nginx/sites-enabled/default
 STORAGE_ROOT_ESC=$(echo $STORAGE_ROOT|sed 's/[\\\/&]/\\&/g')
 PUBLIC_HOSTNAME_ESC=$(echo $PUBLIC_HOSTNAME|sed 's/[\\\/&]/\\&/g')
 # copy in the nginx configuration file and substitute some
 # variables
 cat conf/nginx.conf \
 	| sed "s/\$STORAGE_ROOT/$STORAGE_ROOT_ESC/g" \
 	| sed "s/\$PUBLIC_HOSTNAME/$PUBLIC_HOSTNAME_ESC/g" \
 	> /etc/nginx/conf.d/local.conf
 # make a default homepage
 mkdir -p $STORAGE_ROOT/www/static
 cp conf/www_default.html $STORAGE_ROOT/www/static/index.html
 chown -R $STORAGE_USER $STORAGE_ROOT/www/static/index.html
 service nginx restart
 conf/php-fcgid start
 ufw allow http
 ufw allow https
--- a/scripts/webmail.sh
+++ b/scripts/webmail.sh
@ -1,50 +0,0 @@
 # Webmail: Using roundcube
 ##########################
 DEBIAN_FRONTEND=noninteractive apt-get install -q -y \
 	roundcube-core php5-sqlite
 # The version of roundcube shipped with Ubuntu is really out of date so we'll
 # now upgrade the packages. We do it this way so the other dependencies are
 # pulled in via apt for us automatically.
 mkdir -p externals
 pkg_ver=0.9.2-2_all
 wget -nc -P externals http://ftp.debian.org/debian/pool/main/r/roundcube/{roundcube,roundcube-core,roundcube-sqlite3,roundcube-plugins}_$pkg_ver.deb
 DEBIAN_FRONTEND=noninteractive dpkg -Gi externals/{roundcube,roundcube-core,roundcube-sqlite3,roundcube-plugins}_$pkg_ver.deb
 # Buuuut.... the .deb is missing things?
 wget -nc -P externals http://downloads.sourceforge.net/project/roundcubemail/roundcubemail/0.9.3/roundcubemail-0.9.3.tar.gz
 tar -xzf externals/roundcubemail-0.9.3.tar.gz
 if [ ! -d /usr/share/roundcube/SQL ]; then mv roundcubemail-0.9.3/SQL/ /usr/share/roundcube/; fi
 rm -rf roundcubemail-0.9.3
 # Settings
 tools/editconf.py /etc/roundcube/main.inc.php \
 	"\$rcmail_config['default_host']='ssl://localhost';" \
 	"\$rcmail_config['default_port']=993;" \
 	"\$rcmail_config['imap_timeout']=30;" \
 	"\$rcmail_config['smtp_server']='tls://localhost';"\
 	"\$rcmail_config['smtp_user']='%u';"\
 	"\$rcmail_config['smtp_pass']='%p';"\
 	"\$rcmail_config['smtp_timeout']=30;" \
 	"\$rcmail_config['use_https']=true;" \
 	"\$rcmail_config['session_lifetime']=60*24*3;" \
 	"\$rcmail_config['password_charset']='utf8';" \
 	"\$rcmail_config['message_sort_col']='arrival';" \
 	"\$rcmail_config['junk_mbox']='Spam';" \
 	"\$rcmail_config['default_folders']=array('INBOX', 'Drafts', 'Sent', 'Spam', 'Trash');" \
 	"\$rcmail_config['draft_autosave']=30;"
 # Configure storage of user preferences.
 mkdir -p $STORAGE_ROOT/mail/roundcube
 cat - > /etc/roundcube/debian-db.php <<EOF;
 <?php
 \$dbtype = 'sqlite';
 \$basepath = '$STORAGE_ROOT/mail/roundcube';
 \$dbname = 'roundcube.sqlite';
 ?>
 EOF
 chown -R www-data.www-data $STORAGE_ROOT/mail/roundcube