mirror of
https://github.com/mail-in-a-box/mailinabox.git
synced 2026-06-14 09:28:58 +02:00
Merge branch 'main' into dnsmigratetounbound
This commit is contained in:
KiekerJan
@@ -23,7 +23,7 @@ if [ -z "$TAG" ]; then
|
||||
if [ "$UBUNTU_VERSION" == "Ubuntu 22.04 LTS" ]; then
|
||||
# This machine is running Ubuntu 22.04, which is supported by
|
||||
# Mail-in-a-Box versions 60 and later.
|
||||
TAG=v60.1
|
||||
TAG=v62
|
||||
elif [ "$UBUNTU_VERSION" == "Ubuntu 18.04 LTS" ]; then
|
||||
# This machine is running Ubuntu 18.04, which is supported by
|
||||
# Mail-in-a-Box versions 0.40 through 5x.
|
||||
|
||||
@@ -202,13 +202,13 @@ chmod -R o-rwx /etc/dovecot
|
||||
|
||||
# Ensure mailbox files have a directory that exists and are owned by the mail user.
|
||||
mkdir -p $STORAGE_ROOT/mail/mailboxes
|
||||
chown -R mail.mail $STORAGE_ROOT/mail/mailboxes
|
||||
chown -R mail:mail $STORAGE_ROOT/mail/mailboxes
|
||||
|
||||
# Same for the sieve scripts.
|
||||
mkdir -p $STORAGE_ROOT/mail/sieve
|
||||
mkdir -p $STORAGE_ROOT/mail/sieve/global_before
|
||||
mkdir -p $STORAGE_ROOT/mail/sieve/global_after
|
||||
chown -R mail.mail $STORAGE_ROOT/mail/sieve
|
||||
chown -R mail:mail $STORAGE_ROOT/mail/sieve
|
||||
|
||||
# Allow the IMAP/POP ports in the firewall.
|
||||
ufw_allow imaps
|
||||
|
||||
@@ -34,8 +34,8 @@ contact.admin.always_send warning critical
|
||||
EOF
|
||||
|
||||
# The Debian installer touches these files and chowns them to www-data:adm for use with spawn-fcgi
|
||||
chown munin. /var/log/munin/munin-cgi-html.log
|
||||
chown munin. /var/log/munin/munin-cgi-graph.log
|
||||
chown munin /var/log/munin/munin-cgi-html.log
|
||||
chown munin /var/log/munin/munin-cgi-graph.log
|
||||
|
||||
# ensure munin-node knows the name of this machine
|
||||
# and reduce logging level to warning
|
||||
|
||||
@@ -21,8 +21,8 @@ echo "Installing Nextcloud (contacts/calendar)..."
|
||||
# we automatically install intermediate versions as needed.
|
||||
# * The hash is the SHA1 hash of the ZIP package, which you can find by just running this script and
|
||||
# copying it from the error message when it doesn't match what is below.
|
||||
nextcloud_ver=23.0.10
|
||||
nextcloud_hash=8831c7862e39460fbb789bacac8729fab0ba02dd
|
||||
nextcloud_ver=23.0.12
|
||||
nextcloud_hash=d138641b8e7aabebe69bb3ec7c79a714d122f729
|
||||
|
||||
# Nextcloud apps
|
||||
# --------------
|
||||
@@ -33,12 +33,12 @@ nextcloud_hash=8831c7862e39460fbb789bacac8729fab0ba02dd
|
||||
# https://github.com/nextcloud/user_external/blob/master/appinfo/info.xml
|
||||
# * The hash is the SHA1 hash of the ZIP package, which you can find by just running this script and
|
||||
# copying it from the error message when it doesn't match what is below.
|
||||
contacts_ver=4.2.2
|
||||
contacts_hash=ca13d608ed8955aa374cb4f31b6026b57ef88887
|
||||
calendar_ver=3.5.1
|
||||
calendar_hash=c8136a3deb872a3ef73ce1155b58f3ab27ec7110
|
||||
user_external_ver=3.0.0
|
||||
user_external_hash=0df781b261f55bbde73d8c92da3f99397000972f
|
||||
contacts_ver=4.2.5
|
||||
contacts_hash=8f898f003eb6b1a85c0c43b52f829d3aa759ed88
|
||||
calendar_ver=3.5.5
|
||||
calendar_hash=8505abcf7b3ab2f32d7ca1593b545e577cbeedb4
|
||||
user_external_ver=3.1.0
|
||||
user_external_hash=22cabc88b6fc9c26dad3b46be1a652979c9fcf15
|
||||
|
||||
# Clear prior packages and install dependencies from apt.
|
||||
|
||||
@@ -69,8 +69,8 @@ InstallNextcloud() {
|
||||
echo "Upgrading to Nextcloud version $version"
|
||||
echo
|
||||
|
||||
# Download and verify
|
||||
wget_verify https://download.nextcloud.com/server/releases/nextcloud-$version.zip $hash /tmp/nextcloud.zip
|
||||
# Download and verify
|
||||
wget_verify https://download.nextcloud.com/server/releases/nextcloud-$version.zip $hash /tmp/nextcloud.zip
|
||||
|
||||
# Remove the current owncloud/Nextcloud
|
||||
rm -rf /usr/local/lib/owncloud
|
||||
@@ -110,7 +110,7 @@ InstallNextcloud() {
|
||||
# Make sure permissions are correct or the upgrade step won't run.
|
||||
# $STORAGE_ROOT/owncloud may not yet exist, so use -f to suppress
|
||||
# that error.
|
||||
chown -f -R www-data.www-data $STORAGE_ROOT/owncloud /usr/local/lib/owncloud || /bin/true
|
||||
chown -f -R www-data:www-data $STORAGE_ROOT/owncloud /usr/local/lib/owncloud || /bin/true
|
||||
|
||||
# If this isn't a new installation, immediately run the upgrade script.
|
||||
# Then check for success (0=ok and 3=no upgrade needed, both are success).
|
||||
@@ -259,7 +259,7 @@ EOF
|
||||
EOF
|
||||
|
||||
# Set permissions
|
||||
chown -R www-data.www-data $STORAGE_ROOT/owncloud /usr/local/lib/owncloud
|
||||
chown -R www-data:www-data $STORAGE_ROOT/owncloud /usr/local/lib/owncloud
|
||||
|
||||
# Execute Nextcloud's setup step, which creates the Nextcloud sqlite database.
|
||||
# It also wipes it if it exists. And it updates config.php with database
|
||||
@@ -311,7 +311,7 @@ var_export(\$CONFIG);
|
||||
echo ";";
|
||||
?>
|
||||
EOF
|
||||
chown www-data.www-data $STORAGE_ROOT/owncloud/config.php
|
||||
chown www-data:www-data $STORAGE_ROOT/owncloud/config.php
|
||||
|
||||
# Enable/disable apps. Note that this must be done after the Nextcloud setup.
|
||||
# The firstrunwizard gave Josh all sorts of problems, so disabling that.
|
||||
|
||||
@@ -85,7 +85,7 @@ f=$STORAGE_ROOT
|
||||
while [[ $f != / ]]; do chmod a+rx "$f"; f=$(dirname "$f"); done;
|
||||
if [ ! -f $STORAGE_ROOT/mailinabox.version ]; then
|
||||
setup/migrate.py --current > $STORAGE_ROOT/mailinabox.version
|
||||
chown $STORAGE_USER.$STORAGE_USER $STORAGE_ROOT/mailinabox.version
|
||||
chown $STORAGE_USER:$STORAGE_USER $STORAGE_ROOT/mailinabox.version
|
||||
fi
|
||||
|
||||
# Save the global options in /etc/mailinabox.conf so that standalone
|
||||
@@ -167,7 +167,7 @@ if management/status_checks.py --check-primary-hostname; then
|
||||
echo "If you have a DNS problem put the box's IP address in the URL"
|
||||
echo "(https://$PUBLIC_IP/admin) but then check the TLS fingerprint:"
|
||||
openssl x509 -in $STORAGE_ROOT/ssl/ssl_certificate.pem -noout -fingerprint -sha256\
|
||||
| sed "s/SHA256 Fingerprint=//"
|
||||
| sed "s/SHA256 Fingerprint=//i"
|
||||
else
|
||||
echo https://$PUBLIC_IP/admin
|
||||
echo
|
||||
@@ -175,7 +175,7 @@ else
|
||||
echo the certificate fingerprint matches:
|
||||
echo
|
||||
openssl x509 -in $STORAGE_ROOT/ssl/ssl_certificate.pem -noout -fingerprint -sha256\
|
||||
| sed "s/SHA256 Fingerprint=//"
|
||||
| sed "s/SHA256 Fingerprint=//i"
|
||||
echo
|
||||
echo Then you can confirm the security exception and continue.
|
||||
echo
|
||||
|
||||
@@ -370,3 +370,5 @@ cp -f conf/fail2ban/filter.d/* /etc/fail2ban/filter.d/
|
||||
# scripts will ensure the files exist and then fail2ban is given another
|
||||
# restart at the very end of setup.
|
||||
restart_service fail2ban
|
||||
|
||||
systemctl enable fail2ban
|
||||
|
||||
@@ -23,7 +23,8 @@ echo "Installing Roundcube (webmail)..."
|
||||
apt_install \
|
||||
dbconfig-common \
|
||||
php${PHP_VER}-cli php${PHP_VER}-sqlite3 php${PHP_VER}-intl php${PHP_VER}-common php${PHP_VER}-curl php${PHP_VER}-imap \
|
||||
php${PHP_VER}-gd php${PHP_VER}-pspell php${PHP_VER}-mbstring libjs-jquery libjs-jquery-mousewheel libmagic1
|
||||
php${PHP_VER}-gd php${PHP_VER}-pspell php${PHP_VER}-mbstring libjs-jquery libjs-jquery-mousewheel libmagic1 \
|
||||
sqlite3
|
||||
|
||||
# Install Roundcube from source if it is not already present or if it is out of date.
|
||||
# Combine the Roundcube version number with the commit hash of plugins to track
|
||||
@@ -35,8 +36,8 @@ apt_install \
|
||||
# https://github.com/mstilkerich/rcmcarddav/releases
|
||||
# The easiest way to get the package hashes is to run this script and get the hash from
|
||||
# the error message.
|
||||
VERSION=1.6.0
|
||||
HASH=fd84b4fac74419bb73e7a3bcae1978d5589c52de
|
||||
VERSION=1.6.1
|
||||
HASH=0e1c771ab83ea03bde1fd0be6ab5d09e60b4f293
|
||||
PERSISTENT_LOGIN_VERSION=bde7b6840c7d91de627ea14e81cf4133cbb3c07a # version 5.2
|
||||
HTML5_NOTIFIER_VERSION=68d9ca194212e15b3c7225eb6085dbcf02fd13d7 # version 0.6.4+
|
||||
CARDDAV_VERSION=4.4.3
|
||||
@@ -170,7 +171,7 @@ EOF
|
||||
|
||||
# Create writable directories.
|
||||
mkdir -p /var/log/roundcubemail /var/tmp/roundcubemail $STORAGE_ROOT/mail/roundcube
|
||||
chown -R www-data.www-data /var/log/roundcubemail /var/tmp/roundcubemail $STORAGE_ROOT/mail/roundcube
|
||||
chown -R www-data:www-data /var/log/roundcubemail /var/tmp/roundcubemail $STORAGE_ROOT/mail/roundcube
|
||||
|
||||
# Ensure the log file monitored by fail2ban exists, or else fail2ban can't start.
|
||||
sudo -u www-data touch /var/log/roundcubemail/errors.log
|
||||
@@ -184,24 +185,23 @@ cp ${RCM_PLUGIN_DIR}/password/config.inc.php.dist \
|
||||
tools/editconf.py ${RCM_PLUGIN_DIR}/password/config.inc.php \
|
||||
"\$config['password_minimum_length']=8;" \
|
||||
"\$config['password_db_dsn']='sqlite:///$STORAGE_ROOT/mail/users.sqlite';" \
|
||||
"\$config['password_query']='UPDATE users SET password=%D WHERE email=%u';" \
|
||||
"\$config['password_dovecotpw']='/usr/bin/doveadm pw';" \
|
||||
"\$config['password_dovecotpw_method']='SHA512-CRYPT';" \
|
||||
"\$config['password_dovecotpw_with_method']=true;"
|
||||
"\$config['password_query']='UPDATE users SET password=%P WHERE email=%u';" \
|
||||
"\$config['password_algorithm']='sha512-crypt';" \
|
||||
"\$config['password_algorithm_prefix']='{SHA512-CRYPT}';"
|
||||
|
||||
# so PHP can use doveadm, for the password changing plugin
|
||||
usermod -a -G dovecot www-data
|
||||
|
||||
# set permissions so that PHP can use users.sqlite
|
||||
# could use dovecot instead of www-data, but not sure it matters
|
||||
chown root.www-data $STORAGE_ROOT/mail
|
||||
chown root:www-data $STORAGE_ROOT/mail
|
||||
chmod 775 $STORAGE_ROOT/mail
|
||||
chown root.www-data $STORAGE_ROOT/mail/users.sqlite
|
||||
chown root:www-data $STORAGE_ROOT/mail/users.sqlite
|
||||
chmod 664 $STORAGE_ROOT/mail/users.sqlite
|
||||
|
||||
# Fix Carddav permissions:
|
||||
chown -f -R root.www-data ${RCM_PLUGIN_DIR}/carddav
|
||||
# root.www-data need all permissions, others only read
|
||||
chown -f -R root:www-data ${RCM_PLUGIN_DIR}/carddav
|
||||
# root:www-data need all permissions, others only read
|
||||
chmod -R 774 ${RCM_PLUGIN_DIR}/carddav
|
||||
|
||||
# Run Roundcube database migration script (database is created if it does not exist)
|
||||
@@ -209,6 +209,16 @@ php$PHP_VER ${RCM_DIR}/bin/updatedb.sh --dir ${RCM_DIR}/SQL --package roundcube
|
||||
chown www-data:www-data $STORAGE_ROOT/mail/roundcube/roundcube.sqlite
|
||||
chmod 664 $STORAGE_ROOT/mail/roundcube/roundcube.sqlite
|
||||
|
||||
# Patch the Roundcube code to eliminate an issue that causes postfix to reject our sqlite
|
||||
# user database (see https://github.com/mail-in-a-box/mailinabox/issues/2185)
|
||||
sed -i.miabold 's/^[^#]\+.\+PRAGMA journal_mode = WAL.\+$/#&/' \
|
||||
/usr/local/lib/roundcubemail/program/lib/Roundcube/db/sqlite.php
|
||||
|
||||
# Because Roundcube wants to set the PRAGMA we just deleted from the source, we apply it here
|
||||
# to the roundcube database (see https://github.com/roundcube/roundcubemail/issues/8035)
|
||||
# Database should exist, created by migration script
|
||||
sqlite3 $STORAGE_ROOT/mail/roundcube/roundcube.sqlite 'PRAGMA journal_mode=WAL;'
|
||||
|
||||
# Enable PHP modules.
|
||||
phpenmod -v $PHP_VER imap
|
||||
restart_service php$PHP_VER-fpm
|
||||
|
||||
@@ -22,8 +22,8 @@ apt_install \
|
||||
phpenmod -v $PHP_VER imap
|
||||
|
||||
# Copy Z-Push into place.
|
||||
VERSION=2.6.2
|
||||
TARGETHASH=f0e8091a8030e5b851f5ba1f9f0e1a05b8762d80
|
||||
VERSION=2.7.0
|
||||
TARGETHASH=a520bbdc1d637c5aac379611053457edd54f2bf0
|
||||
needs_update=0 #NODOC
|
||||
if [ ! -f /usr/local/lib/z-push/version ]; then
|
||||
needs_update=1 #NODOC
|
||||
|
||||
Reference in New Issue
Block a user