fail2ban won't start until the roundcube log file is created

fixes #911

setup/start.sh

@@ -111,15 +111,22 @@ source setup/zpush.sh
 source setup/management.sh
 source setup/munin.sh
 
-# Ping the management daemon to write the DNS and nginx configuration files.
+# Wait for the management daemon to start...
 until nc -z -w 4 127.0.0.1 10222
 do
 	echo Waiting for the Mail-in-a-Box management daemon to start...
 	sleep 2
 done
+
+# ...and then have it write the DNS and nginx configuration files and start those
+# services.
 tools/dns_update
 tools/web_update
 
+# Give fail2ban another restart. The log files may not all have been present when
+# fail2ban was first configured, but they should exist now.
+restart_service fail2ban
+
 # If DNS is already working, try to provision TLS certficates from Let's Encrypt.
 # Suppress extra reasons why domains aren't getting a new certificate.
 management/ssl_certificates.py -q

setup/system.sh

@@ -299,4 +299,9 @@ cat conf/fail2ban/jails.conf \
 	> /etc/fail2ban/jail.d/mailinabox.conf
 cp -f conf/fail2ban/filter.d/* /etc/fail2ban/filter.d/
 
+# On first installation, the log files that the jails look at don't all exist.
+# e.g., The roundcube error log isn't normally created until someone logs into
+# Roundcube for the first time. This causes fail2ban to fail to start. Later
+# scripts will ensure the files exist and then fail2ban is given another
+# restart at the very end of setup.
 restart_service fail2ban

setup/webmail.sh

@@ -133,6 +133,9 @@ EOF
 mkdir -p /var/log/roundcubemail /tmp/roundcubemail $STORAGE_ROOT/mail/roundcube
 chown -R www-data.www-data /var/log/roundcubemail /tmp/roundcubemail $STORAGE_ROOT/mail/roundcube
 
+# Ensure the log file monitored by fail2ban exists, or else fail2ban can't start.
+sudo -u www-data touch /var/log/roundcubemail/errors
+
 # Password changing plugin settings
 # The config comes empty by default, so we need the settings 
 # we're not planning to change in config.inc.dist...