external/mailinabox
1
0
Fork 0
mirror of https://github.com/mail-in-a-box/mailinabox.git synced 2025-04-21 03:02:09 +00:00
Code Issues Releases Wiki Activity

Merge branch 'master' into issue1159

Browse Source
This commit is contained in:
yodax 2017-07-15 19:35:15 +02:00
commit 8fcfcf820c
16 changed files with 230 additions and 106 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

19
CHANGELOG.md
View File

@ -6,6 +6,23 @@ In Development
Mail: Mail:
* Updated to [Roundcube 1.3](https://roundcube.net/news/2017/06/26/roundcube-webmail-1.3.0-released), but unfortunately dropping the Vacation plugin because it has not been supported by its author and is not compatible with Roundcube 1.3.
* Updated to [Z-Push 2.3.7](http://download.z-push.org/final/2.3/z-push-2.3.7.txt).
Nextcloud:
* Nextcloud updated to 12.0.0.
v0.23a (May 31, 2017)
---------------------
Corrects a problem in the new way third-party assets are downloaded during setup for the control panel, since v0.23.
v0.23 (May 30, 2017)
--------------------
Mail:
* The default theme for Roundcube was changed to the nicer Larry theme. * The default theme for Roundcube was changed to the nicer Larry theme.
* Exchange/ActiveSync support has been replaced with z-push 2.3.6 from z-push.org (rather than z-push-contrib). * Exchange/ActiveSync support has been replaced with z-push 2.3.6 from z-push.org (rather than z-push-contrib).
@ -19,7 +36,7 @@ Control Panel/Management:
* Fix an error in the control panel showing rsync backup status. * Fix an error in the control panel showing rsync backup status.
* Fix an error in the control panel related to IPv6 addresses. * Fix an error in the control panel related to IPv6 addresses.
* TLS certificates for internationalized domain names can now be provisioned from Let's Encrypt automatically. * TLS certificates for internationalized domain names can now be provisioned from Let's Encrypt automatically.
* Download management web assets (jQuery/Bootstrap) to the static web root directory. * Third-party assets used in the control panel (jQuery/Bootstrap) are now downloaded during setup and served from the box rather than from a CDN.
DNS: DNS:

4
README.md
View File

@ -59,7 +59,7 @@ by me:
$ curl -s https://keybase.io/joshdata/key.asc | gpg --import $ curl -s https://keybase.io/joshdata/key.asc | gpg --import
gpg: key C10BDD81: public key "Joshua Tauberer <jt@occams.info>" imported gpg: key C10BDD81: public key "Joshua Tauberer <jt@occams.info>" imported
$ git verify-tag v0.22 $ git verify-tag v0.23a
gpg: Signature made ..... using RSA key ID C10BDD81 gpg: Signature made ..... using RSA key ID C10BDD81
gpg: Good signature from "Joshua Tauberer <jt@occams.info>" gpg: Good signature from "Joshua Tauberer <jt@occams.info>"
gpg: WARNING: This key is not certified with a trusted signature! gpg: WARNING: This key is not certified with a trusted signature!
@ -72,7 +72,7 @@ and on my [personal homepage](https://razor.occams.info/). (Of course, if this r
Checkout the tag corresponding to the most recent release: Checkout the tag corresponding to the most recent release:
$ git checkout v0.22 $ git checkout v0.23a
Begin the installation. Begin the installation.

2
conf/nginx-top.conf
View File

@ -7,6 +7,6 @@
## your own --- please do not ask for help from us. ## your own --- please do not ask for help from us.
upstream php-fpm { upstream php-fpm {
server unix:/var/run/php5-fpm.sock; server unix:/var/run/php/php7.0-fpm.sock;
} }

18
management/dns_update.py
View File

@ -12,6 +12,11 @@ import dns.resolver
from mailconfig import get_mail_domains from mailconfig import get_mail_domains
from utils import shell, load_env_vars_from_file, safe_domain_name, sort_domains from utils import shell, load_env_vars_from_file, safe_domain_name, sort_domains
# From https://stackoverflow.com/questions/3026957/how-to-validate-a-domain-name-using-regex-php/16491074#16491074
# Thanks to Onur Yıldırım
# This regular expression matches domain names according to RFCs, it also accepts fqdn with an leading dot
DOMAIN_RE = "^(?!\-)(?:[a-zA-Z\d\-]{0,62}[a-zA-Z\d]\.){1,126}(?!\d+)[a-zA-Z\d]{1,63}(\.?)$"
def get_dns_domains(env): def get_dns_domains(env):
# Add all domain names in use by email users and mail aliases and ensure # Add all domain names in use by email users and mail aliases and ensure
# PRIMARY_HOSTNAME is in the list. # PRIMARY_HOSTNAME is in the list.
@ -759,6 +764,9 @@ def set_custom_dns_record(qname, rtype, value, action, env):
if qname != "_secondary_nameserver": if qname != "_secondary_nameserver":
raise ValueError("%s is not a domain name or a subdomain of a domain name managed by this box." % qname) raise ValueError("%s is not a domain name or a subdomain of a domain name managed by this box." % qname)
if not re.search(DOMAIN_RE, qname):
raise ValueError("Invalid name.")
# validate rtype # validate rtype
rtype = rtype.upper() rtype = rtype.upper()
if value is not None and qname != "_secondary_nameserver": if value is not None and qname != "_secondary_nameserver":
@ -767,6 +775,16 @@ def set_custom_dns_record(qname, rtype, value, action, env):
v = ipaddress.ip_address(value) # raises a ValueError if there's a problem v = ipaddress.ip_address(value) # raises a ValueError if there's a problem
if rtype == "A" and not isinstance(v, ipaddress.IPv4Address): raise ValueError("That's an IPv6 address.") if rtype == "A" and not isinstance(v, ipaddress.IPv4Address): raise ValueError("That's an IPv6 address.")
if rtype == "AAAA" and not isinstance(v, ipaddress.IPv6Address): raise ValueError("That's an IPv4 address.") if rtype == "AAAA" and not isinstance(v, ipaddress.IPv6Address): raise ValueError("That's an IPv4 address.")
elif rtype in ("CNAME", "NS"):
if rtype == "NS" and qname == zone:
raise ValueError("NS records can only be set for subdomains.")
# ensure value has a trailing dot
if not value.endswith("."):
value = value + "."
if not re.search(DOMAIN_RE, value):
raise ValueError("Invalid value.")
elif rtype in ("CNAME", "TXT", "SRV", "MX", "SSHFP", "CAA"): elif rtype in ("CNAME", "TXT", "SRV", "MX", "SSHFP", "CAA"):
# anything goes # anything goes
pass pass

2
management/status_checks.py
View File

@ -640,7 +640,7 @@ def check_web_domain(domain, rounded_time, ssl_certificates, env, output):
for (rtype, expected) in (("A", env['PUBLIC_IP']), ("AAAA", env.get('PUBLIC_IPV6'))): for (rtype, expected) in (("A", env['PUBLIC_IP']), ("AAAA", env.get('PUBLIC_IPV6'))):
if not expected: continue # IPv6 is not configured if not expected: continue # IPv6 is not configured
value = query_dns(domain, rtype) value = query_dns(domain, rtype)
if value == expected: if normalize_ip(value) == normalize_ip(expected):
ok_values.append(value) ok_values.append(value)
else: else:
output.print_error("""This domain should resolve to your box's IP address (%s %s) if you would like the box to serve output.print_error("""This domain should resolve to your box's IP address (%s %s) if you would like the box to serve

3
management/templates/custom-dns.html
View File

@ -39,6 +39,7 @@
<option value="MX" data-hint="Enter record in the form of PRIORITY DOMAIN., including trailing period (e.g. 20 mx.example.com.).">MX (mail exchanger)</option> <option value="MX" data-hint="Enter record in the form of PRIORITY DOMAIN., including trailing period (e.g. 20 mx.example.com.).">MX (mail exchanger)</option>
<option value="SRV" data-hint="Enter record in the form of PRIORITY WEIGHT PORT TARGET., including trailing period (e.g. 10 10 5060 sip.example.com.).">SRV (service record)</option> <option value="SRV" data-hint="Enter record in the form of PRIORITY WEIGHT PORT TARGET., including trailing period (e.g. 10 10 5060 sip.example.com.).">SRV (service record)</option>
<option value="SSHFP" data-hint="Enter record in the form of ALGORITHM TYPE FINGERPRINT.">SSHFP (SSH fingerprint record)</option> <option value="SSHFP" data-hint="Enter record in the form of ALGORITHM TYPE FINGERPRINT.">SSHFP (SSH fingerprint record)</option>
<option value="NS" data-hint="Enter a hostname to which this subdomain should be delegated to">NS (DNS subdomain delegation)</option>
</select> </select>
</div> </div>
</div> </div>
@ -126,7 +127,7 @@
<tr><td>email</td> <td>The email address of any administrative user here.</td></tr> <tr><td>email</td> <td>The email address of any administrative user here.</td></tr>
<tr><td>password</td> <td>That user&rsquo;s password.</td></tr> <tr><td>password</td> <td>That user&rsquo;s password.</td></tr>
<tr><td>qname</td> <td>The fully qualified domain name for the record you are trying to set. It must be one of the domain names or a subdomain of one of the domain names hosted on this box. (Add mail users or aliases to add new domains.)</td></tr> <tr><td>qname</td> <td>The fully qualified domain name for the record you are trying to set. It must be one of the domain names or a subdomain of one of the domain names hosted on this box. (Add mail users or aliases to add new domains.)</td></tr>
<tr><td>rtype</td> <td>The resource type. Defaults to <code>A</code> if omitted. Possible values: <code>A</code> (an IPv4 address), <code>AAAA</code> (an IPv6 address), <code>TXT</code> (a text string), <code>CNAME</code> (an alias, which is a fully qualified domain name &mdash; don&rsquo;t forget the final period), <code>MX</code>, <code>SRV</code>, <code>SSHFP</code> or <code>CAA</code>.</td></tr> <tr><td>rtype</td> <td>The resource type. Defaults to <code>A</code> if omitted. Possible values: <code>A</code> (an IPv4 address), <code>AAAA</code> (an IPv6 address), <code>TXT</code> (a text string), <code>CNAME</code> (an alias, which is a fully qualified domain name &mdash; don&rsquo;t forget the final period), <code>MX</code>, <code>SRV</code>, <code>SSHFP</code>, <code>CAA</code> or <code>NS</code>.</td></tr>
<tr><td>value</td> <td>For PUT, POST, and DELETE, the record&rsquo;s value. If the <code>rtype</code> is <code>A</code> or <code>AAAA</code> and <code>value</code> is empty or omitted, the IPv4 or IPv6 address of the remote host is used (be sure to use the <code>-4</code> or <code>-6</code> options to curl). This is handy for dynamic DNS!</td></tr> <tr><td>value</td> <td>For PUT, POST, and DELETE, the record&rsquo;s value. If the <code>rtype</code> is <code>A</code> or <code>AAAA</code> and <code>value</code> is empty or omitted, the IPv4 or IPv6 address of the remote host is used (be sure to use the <code>-4</code> or <code>-6</code> options to curl). This is handy for dynamic DNS!</td></tr>
</table> </table>

6
management/templates/index.html
View File

@ -9,7 +9,7 @@
<meta name="robots" content="noindex, nofollow"> <meta name="robots" content="noindex, nofollow">
<link rel="stylesheet" href="/admin/assets/bootstrap.min.css"> <link rel="stylesheet" href="/admin/assets/bootstrap/css/bootstrap.min.css">
<style> <style>
body { body {
overflow-y: scroll; overflow-y: scroll;
@ -63,7 +63,7 @@
margin-bottom: 1em; margin-bottom: 1em;
} }
</style> </style>
<link rel="stylesheet" href="/admin/assets/bootstrap-theme.min.css"> <link rel="stylesheet" href="/admin/assets/bootstrap/css/bootstrap-theme.min.css">
</head> </head>
<body> <body>
@ -192,7 +192,7 @@
</div> </div>
<script src="/admin/assets/jquery.min.js"></script> <script src="/admin/assets/jquery.min.js"></script>
<script src="/admin/assets/bootstrap.min.js"></script> <script src="/admin/assets/bootstrap/js/bootstrap.min.js"></script>
<script> <script>
var global_modal_state = null; var global_modal_state = null;

2
setup/bootstrap.sh
View File

@ -7,7 +7,7 @@
######################################################### #########################################################
if [ -z "$TAG" ]; then if [ -z "$TAG" ]; then
TAG=v0.22 TAG=v0.23a
fi fi
# Are we running as root? # Are we running as root?

9
setup/functions.sh
View File

@ -48,6 +48,15 @@ function apt_install {
apt_get_quiet install $PACKAGES apt_get_quiet install $PACKAGES
} }
function apt_add_repository_to_unattended_upgrades {
if [ -f /etc/apt/apt.conf.d/50unattended-upgrades ]; then
if ! grep -q "$1" /etc/apt/apt.conf.d/50unattended-upgrades; then
sed -i "/Allowed-Origins/a \
\"$1\";" /etc/apt/apt.conf.d/50unattended-upgrades
fi
fi
}
function get_default_hostname { function get_default_hostname {
# Guess the machine's hostname. It should be a fully qualified # Guess the machine's hostname. It should be a fully qualified
# domain name suitable for DNS. None of these calls may provide # domain name suitable for DNS. None of these calls may provide

13
setup/management.sh
View File

@ -66,6 +66,7 @@ fi
# Make sure we have the directory to save to. # Make sure we have the directory to save to.
assets_dir=/usr/local/lib/mailinabox/vendor/assets assets_dir=/usr/local/lib/mailinabox/vendor/assets
rm -rf $assets_dir
mkdir -p $assets_dir mkdir -p $assets_dir
# jQuery CDN URL # jQuery CDN URL
@ -77,15 +78,13 @@ wget_verify $jquery_url/jquery-$jquery_version.min.js 43dc554608df885a59ddeece15
# Bootstrap CDN URL # Bootstrap CDN URL
bootstrap_version=3.3.7 bootstrap_version=3.3.7
bootstrap_url=https://maxcdn.bootstrapcdn.com/bootstrap/$bootstrap_version bootstrap_url=https://github.com/twbs/bootstrap/releases/download/v$bootstrap_version/bootstrap-$bootstrap_version-dist.zip
# Get Bootstrap # Get Bootstrap
wget_verify $bootstrap_url/js/bootstrap.min.js 430a443d74830fe9be26efca431f448c1b3740f9 $assets_dir/bootstrap.min.js wget_verify $bootstrap_url e6b1000b94e835ffd37f4c6dcbdad43f4b48a02a /tmp/bootstrap.zip
wget_verify $bootstrap_url/css/bootstrap-theme.min.css 8256575374f430476bdcd49de98c77990229ce31 $assets_dir/bootstrap-theme.min.css unzip -q /tmp/bootstrap.zip -d /usr/local/lib/mailinabox/vendor/assets
wget_verify $bootstrap_url/css/bootstrap-theme.min.css.map 87f7dfd79d77051ac2eca7d093d961fbd1c8f6eb $assets_dir/bootstrap-theme.min.css.map mv /usr/local/lib/mailinabox/vendor/assets/bootstrap-$bootstrap_version-dist /usr/local/lib/mailinabox/vendor/assets/bootstrap
wget_verify $bootstrap_url/css/bootstrap.min.css 6527d8bf3e1e9368bab8c7b60f56bc01fa3afd68 $assets_dir/bootstrap.min.css rm -f /tmp/bootstrap.zip
wget_verify $bootstrap_url/css/bootstrap.min.css.map e0d7b2bde55a0bac1b658a507e8ca491a6729e06 $assets_dir/bootstrap.min.css.map
# Link the management server daemon into a well known location. # Link the management server daemon into a well known location.
rm -f /usr/local/bin/mailinabox-daemon rm -f /usr/local/bin/mailinabox-daemon

159
setup/owncloud.sh
View File

@ -9,6 +9,7 @@ source /etc/mailinabox.conf # load global vars
echo "Installing Nextcloud (contacts/calendar)..." echo "Installing Nextcloud (contacts/calendar)..."
# Keep the php5 dependancies for the owncloud upgrades
apt_install \ apt_install \
dbconfig-common \ dbconfig-common \
php5-cli php5-sqlite php5-gd php5-imap php5-curl php-pear php-apc curl libapr1 libtool libcurl4-openssl-dev php-xml-parser \ php5-cli php5-sqlite php5-gd php5-imap php5-curl php-pear php-apc curl libapr1 libtool libcurl4-openssl-dev php-xml-parser \
@ -16,6 +17,10 @@ apt_install \
apt-get purge -qq -y owncloud* apt-get purge -qq -y owncloud*
apt_install php7.0 php7.0-fpm \
php7.0-cli php7.0-sqlite php7.0-gd php7.0-imap php7.0-curl php-pear php-apc curl \
php7.0-dev php7.0-gd memcached php7.0-memcached php7.0-xml php7.0-mbstring php7.0-zip php7.0-apcu
# Migrate <= v0.10 setups that stored the ownCloud config.php in /usr/local rather than # Migrate <= v0.10 setups that stored the ownCloud config.php in /usr/local rather than
# in STORAGE_ROOT. Move the file to STORAGE_ROOT. # in STORAGE_ROOT. Move the file to STORAGE_ROOT.
if [ ! -f $STORAGE_ROOT/owncloud/config.php ] \ if [ ! -f $STORAGE_ROOT/owncloud/config.php ] \
@ -28,52 +33,35 @@ if [ ! -f $STORAGE_ROOT/owncloud/config.php ] \
ln -sf $STORAGE_ROOT/owncloud/config.php /usr/local/lib/owncloud/config/config.php ln -sf $STORAGE_ROOT/owncloud/config.php /usr/local/lib/owncloud/config/config.php
fi fi
InstallOwncloud() { InstallNextcloud() {
version=$1 version=$1
hash=$2 hash=$2
flavor=$3
echo echo
echo "Upgrading to $flavor version $version" echo "Upgrading to Nextcloud version $version"
echo echo
# Remove the current owncloud/Nextcloud # Remove the current owncloud/Nextcloud
rm -rf /usr/local/lib/owncloud rm -rf /usr/local/lib/owncloud
# Download and verify # Download and verify
if [ "$flavor" = "Nextcloud" ]; then wget_verify https://download.nextcloud.com/server/releases/nextcloud-$version.zip $hash /tmp/nextcloud.zip
wget_verify https://download.nextcloud.com/server/releases/nextcloud-$version.zip $hash /tmp/owncloud.zip
else
wget_verify https://download.owncloud.org/community/owncloud-$version.zip $hash /tmp/owncloud.zip
fi
# Extract ownCloud/Nextcloud # Extract ownCloud/Nextcloud
unzip -q /tmp/owncloud.zip -d /usr/local/lib unzip -q /tmp/nextcloud.zip -d /usr/local/lib
if [ "$flavor" = "Nextcloud" ]; then mv /usr/local/lib/nextcloud /usr/local/lib/owncloud
mv /usr/local/lib/nextcloud /usr/local/lib/owncloud rm -f /tmp/nextcloud.zip
fi
rm -f /tmp/owncloud.zip
# The two apps we actually want are not in Nextcloud core. Download the releases from # The two apps we actually want are not in Nextcloud core. Download the releases from
# their github repositories. # their github repositories.
mkdir -p /usr/local/lib/owncloud/apps mkdir -p /usr/local/lib/owncloud/apps
if [ "$flavor" = "Nextcloud" ]; then wget_verify https://github.com/nextcloud/contacts/releases/download/v1.5.3/contacts.tar.gz 78c4d49e73f335084feecd4853bd8234cf32615e /tmp/contacts.tgz
wget_verify https://github.com/nextcloud/contacts/releases/download/v1.5.3/contacts.tar.gz 78c4d49e73f335084feecd4853bd8234cf32615e /tmp/contacts.tgz
else
wget_verify https://github.com/owncloud/contacts/releases/download/v1.4.0.0/contacts.tar.gz c1c22d29699456a45db447281682e8bc3f10e3e7 /tmp/contacts.tgz
fi
tar xf /tmp/contacts.tgz -C /usr/local/lib/owncloud/apps/ tar xf /tmp/contacts.tgz -C /usr/local/lib/owncloud/apps/
rm /tmp/contacts.tgz rm /tmp/contacts.tgz
if [ "$flavor" = "Nextcloud" ]; then wget_verify https://github.com/nextcloud/calendar/releases/download/v1.5.3/calendar.tar.gz b370352d1f280805cc7128f78af4615f623827f8 /tmp/calendar.tgz
wget_verify https://github.com/nextcloud/calendar/releases/download/v1.5.2/calendar.tar.gz 7b8a94e01fe740c5c23017ed5bc211983c780fce /tmp/calendar.tgz
else
wget_verify https://github.com/nextcloud/calendar/releases/download/v1.4.0/calendar.tar.gz c84f3170efca2a99ea6254de34b0af3cb0b3a821 /tmp/calendar.tgz
fi
tar xf /tmp/calendar.tgz -C /usr/local/lib/owncloud/apps/ tar xf /tmp/calendar.tgz -C /usr/local/lib/owncloud/apps/
rm /tmp/calendar.tgz rm /tmp/calendar.tgz
@ -105,15 +93,76 @@ InstallOwncloud() {
fi fi
} }
owncloud_ver=10.0.5 # We only install ownCloud intermediate versions to be able to seemlesly upgrade to Nextcloud
owncloud_hash=686f6a8e9d7867c32e3bf3ca63b3cc2020564bf6 InstallOwncloud() {
owncloud_flavor=Nextcloud
version=$1
hash=$2
echo
echo "Upgrading to OwnCloud version $version"
echo
# Remove the current owncloud/Nextcloud
rm -rf /usr/local/lib/owncloud
# Download and verify
wget_verify https://download.owncloud.org/community/owncloud-$version.zip $hash /tmp/owncloud.zip
# Extract ownCloud
unzip -q /tmp/owncloud.zip -d /usr/local/lib
rm -f /tmp/owncloud.zip
# The two apps we actually want are not in Nextcloud core. Download the releases from
# their github repositories.
mkdir -p /usr/local/lib/owncloud/apps
wget_verify https://github.com/owncloud/contacts/releases/download/v1.4.0.0/contacts.tar.gz c1c22d29699456a45db447281682e8bc3f10e3e7 /tmp/contacts.tgz
tar xf /tmp/contacts.tgz -C /usr/local/lib/owncloud/apps/
rm /tmp/contacts.tgz
wget_verify https://github.com/nextcloud/calendar/releases/download/v1.4.0/calendar.tar.gz c84f3170efca2a99ea6254de34b0af3cb0b3a821 /tmp/calendar.tgz
tar xf /tmp/calendar.tgz -C /usr/local/lib/owncloud/apps/
rm /tmp/calendar.tgz
# Fix weird permissions.
chmod 750 /usr/local/lib/owncloud/{apps,config}
# Create a symlink to the config.php in STORAGE_ROOT (for upgrades we're restoring the symlink we previously
# put in, and in new installs we're creating a symlink and will create the actual config later).
ln -sf $STORAGE_ROOT/owncloud/config.php /usr/local/lib/owncloud/config/config.php
# Make sure permissions are correct or the upgrade step won't run.
# $STORAGE_ROOT/owncloud may not yet exist, so use -f to suppress
# that error.
chown -f -R www-data.www-data $STORAGE_ROOT/owncloud /usr/local/lib/owncloud
# If this isn't a new installation, immediately run the upgrade script.
# Then check for success (0=ok and 3=no upgrade needed, both are success).
if [ -e $STORAGE_ROOT/owncloud/owncloud.db ]; then
# ownCloud 8.1.1 broke upgrades. It may fail on the first attempt, but
# that can be OK.
sudo -u www-data php5 /usr/local/lib/owncloud/occ upgrade
if [ \( $? -ne 0 \) -a \( $? -ne 3 \) ]; then
echo "Trying ownCloud upgrade again to work around ownCloud upgrade bug..."
sudo -u www-data php5 /usr/local/lib/owncloud/occ upgrade
if [ \( $? -ne 0 \) -a \( $? -ne 3 \) ]; then exit 1; fi
sudo -u www-data php5 /usr/local/lib/owncloud/occ maintenance:mode --off
echo "...which seemed to work."
fi
fi
}
owncloud_ver=12.0.0
owncloud_hash=5d64307d9ce513a8905514b2fbe212f563fe76df
# Check if Nextcloud dir exist, and check if version matches owncloud_ver (if either doesn't - install/upgrade) # Check if Nextcloud dir exist, and check if version matches owncloud_ver (if either doesn't - install/upgrade)
if [ ! -d /usr/local/lib/owncloud/ ] \ if [ ! -d /usr/local/lib/owncloud/ ] \
|| ! grep -q $owncloud_ver /usr/local/lib/owncloud/version.php; then || ! grep -q $owncloud_ver /usr/local/lib/owncloud/version.php; then
# Stop php-fpm # Stop php-fpm
hide_output service php7.0-fpm stop
hide_output service php5-fpm stop hide_output service php5-fpm stop
# Backup the existing ownCloud/Nextcloud. # Backup the existing ownCloud/Nextcloud.
@ -135,7 +184,7 @@ if [ ! -d /usr/local/lib/owncloud/ ] \
if [ -e /usr/local/lib/owncloud/version.php ]; then if [ -e /usr/local/lib/owncloud/version.php ]; then
if grep -q "8\.1\.[0-9]" /usr/local/lib/owncloud/version.php; then if grep -q "8\.1\.[0-9]" /usr/local/lib/owncloud/version.php; then
echo "We are running 8.1.x, upgrading to 8.2.3 first" echo "We are running 8.1.x, upgrading to 8.2.3 first"
InstallOwncloud 8.2.3 bfdf6166fbf6fc5438dc358600e7239d1c970613 ownCloud InstallOwncloud 8.2.3 bfdf6166fbf6fc5438dc358600e7239d1c970613
fi fi
# If we are upgrading from 8.2.x we should go to 9.0 first. Owncloud doesn't support skipping minor versions # If we are upgrading from 8.2.x we should go to 9.0 first. Owncloud doesn't support skipping minor versions
@ -149,7 +198,7 @@ if [ ! -d /usr/local/lib/owncloud/ ] \
<?php <?php
include("$STORAGE_ROOT/owncloud/config.php"); include("$STORAGE_ROOT/owncloud/config.php");
\$CONFIG['memcache.local'] = '\OC\Memcache\APC'; \$CONFIG['memcache.local'] = '\OC\Memcache\APCu';
echo "<?php\n\\\$CONFIG = "; echo "<?php\n\\\$CONFIG = ";
var_export(\$CONFIG); var_export(\$CONFIG);
@ -159,29 +208,40 @@ EOF
chown www-data.www-data $STORAGE_ROOT/owncloud/config.php chown www-data.www-data $STORAGE_ROOT/owncloud/config.php
# We can now install owncloud 9.0.2 # We can now install owncloud 9.0.2
InstallOwncloud 9.0.2 72a3d15d09f58c06fa8bee48b9e60c9cd356f9c5 ownCloud InstallOwncloud 9.0.2 72a3d15d09f58c06fa8bee48b9e60c9cd356f9c5
# The owncloud 9 migration doesn't migrate calendars and contacts # The owncloud 9 migration doesn't migrate calendars and contacts
# The option to migrate these are removed in 9.1 # The option to migrate these are removed in 9.1
# So the migrations should be done when we have 9.0 installed # So the migrations should be done when we have 9.0 installed
sudo -u www-data php /usr/local/lib/owncloud/occ dav:migrate-addressbooks sudo -u www-data php5 /usr/local/lib/owncloud/occ dav:migrate-addressbooks
# The following migration has to be done for each owncloud user # The following migration has to be done for each owncloud user
for directory in $STORAGE_ROOT/owncloud/*@*/ ; do for directory in $STORAGE_ROOT/owncloud/*@*/ ; do
username=$(basename "${directory}") username=$(basename "${directory}")
sudo -u www-data php /usr/local/lib/owncloud/occ dav:migrate-calendar $username sudo -u www-data php5 /usr/local/lib/owncloud/occ dav:migrate-calendar $username
done done
sudo -u www-data php /usr/local/lib/owncloud/occ dav:sync-birthday-calendar sudo -u www-data php5 /usr/local/lib/owncloud/occ dav:sync-birthday-calendar
fi fi
# If we are upgrading from 9.0.x we should go to 9.1 first. # If we are upgrading from 9.0.x we should go to 9.1 first.
if grep -q "9\.0\.[0-9]" /usr/local/lib/owncloud/version.php; then if grep -q "9\.0\.[0-9]" /usr/local/lib/owncloud/version.php; then
echo "We are running ownCloud 9.0.x, upgrading to ownCloud 9.1.4 first" echo "We are running ownCloud 9.0.x, upgrading to ownCloud 9.1.4 first"
InstallOwncloud 9.1.4 e637cab7b2ca3346164f3506b1a0eb812b4e841a ownCloud InstallOwncloud 9.1.4 e637cab7b2ca3346164f3506b1a0eb812b4e841a
fi fi
# If we are upgrading from 9.1.x we should go to Nextcloud 10.0 first.
if grep -q "9\.1\.[0-9]" /usr/local/lib/owncloud/version.php; then
echo "We are running ownCloud 9.1.x, upgrading to Nextcloud 10.0.5 first"
InstallNextcloud 10.0.5 686f6a8e9d7867c32e3bf3ca63b3cc2020564bf6
fi
# If we are upgrading from 10.0.x we should go to Nextcloud 11.0 first.
if grep -q "10\.0\.[0-9]" /usr/local/lib/owncloud/version.php; then
echo "We are running Nextcloud 10.0.x, upgrading to Nextcloud 11.0.3 first"
InstallNextcloud 11.0.3 a396aaa1c9f920099a90a86b4a9cd0ec13083c99
fi
fi fi
InstallOwncloud $owncloud_ver $owncloud_hash Nextcloud InstallNextcloud $owncloud_ver $owncloud_hash
fi fi
# ### Configuring Nextcloud # ### Configuring Nextcloud
@ -211,7 +271,7 @@ if [ ! -f $STORAGE_ROOT/owncloud/owncloud.db ]; then
'arguments'=>array('{127.0.0.1:993/imap/ssl/novalidate-cert}') 'arguments'=>array('{127.0.0.1:993/imap/ssl/novalidate-cert}')
) )
), ),
'memcache.local' => '\OC\Memcache\APC', 'memcache.local' => '\OC\Memcache\APCu',
'mail_smtpmode' => 'sendmail', 'mail_smtpmode' => 'sendmail',
'mail_smtpsecure' => '', 'mail_smtpsecure' => '',
'mail_smtpauthtype' => 'LOGIN', 'mail_smtpauthtype' => 'LOGIN',
@ -272,7 +332,7 @@ include("$STORAGE_ROOT/owncloud/config.php");
\$CONFIG['trusted_domains'] = array('$PRIMARY_HOSTNAME'); \$CONFIG['trusted_domains'] = array('$PRIMARY_HOSTNAME');
\$CONFIG['memcache.local'] = '\OC\Memcache\APC'; \$CONFIG['memcache.local'] = '\OC\Memcache\APCu';
\$CONFIG['overwrite.cli.url'] = '/cloud'; \$CONFIG['overwrite.cli.url'] = '/cloud';
\$CONFIG['mail_from_address'] = 'administrator'; # just the local part, matches our master administrator address \$CONFIG['mail_from_address'] = 'administrator'; # just the local part, matches our master administrator address
@ -305,7 +365,7 @@ if [ \( $? -ne 0 \) -a \( $? -ne 3 \) ]; then exit 1; fi
# Set PHP FPM values to support large file uploads # Set PHP FPM values to support large file uploads
# (semicolon is the comment character in this file, hashes produce deprecation warnings) # (semicolon is the comment character in this file, hashes produce deprecation warnings)
tools/editconf.py /etc/php5/fpm/php.ini -c ';' \ tools/editconf.py /etc/php/7.0/fpm/php.ini -c ';' \
upload_max_filesize=16G \ upload_max_filesize=16G \
post_max_size=16G \ post_max_size=16G \
output_buffering=16384 \ output_buffering=16384 \
@ -313,9 +373,23 @@ tools/editconf.py /etc/php5/fpm/php.ini -c ';' \
max_execution_time=600 \ max_execution_time=600 \
short_open_tag=On short_open_tag=On
# Set Nextcloud recommended opcache settings
tools/editconf.py /etc/php/7.0/cli/conf.d/10-opcache.ini -c ';' \
opcache.enable=1 \
opcache.enable_cli=1 \
opcache.interned_strings_buffer=8 \
opcache.max_accelerated_files=10000 \
opcache.memory_consumption=128 \
opcache.save_comments=1 \
opcache.revalidate_freq=1
# Configure the path environment for php-fpm
tools/editconf.py /etc/php/7.0/fpm/pool.d/www.conf -c ';' \
env[PATH]=/usr/local/bin:/usr/bin:/bin
# If apc is explicitly disabled we need to enable it # If apc is explicitly disabled we need to enable it
if grep -q apc.enabled=0 /etc/php5/mods-available/apcu.ini; then if grep -q apc.enabled=0 /etc/php/7.0/mods-available/apcu.ini; then
tools/editconf.py /etc/php5/mods-available/apcu.ini -c ';' \ tools/editconf.py /etc/php/7.0/mods-available/apcu.ini -c ';' \
apc.enabled=1 apc.enabled=1
fi fi
@ -337,5 +411,4 @@ chmod +x /etc/cron.hourly/mailinabox-owncloud
# ``` # ```
# Enable PHP modules and restart PHP. # Enable PHP modules and restart PHP.
php5enmod imap restart_service php7.0-fpm
restart_service php5-fpm

11
setup/system.sh
View File

@ -119,6 +119,17 @@ apt_install python3 python3-dev python3-pip \
haveged pollinate unzip \ haveged pollinate unzip \
unattended-upgrades cron ntp fail2ban unattended-upgrades cron ntp fail2ban
# ### Add PHP7 PPA
# Nextcloud requires PHP7, we will install the ppa from ubuntu php maintainer Ondřej Surý
# The PPA is located here https://launchpad.net/%7Eondrej/+archive/ubuntu/php
# Unattended upgrades are activated for the repository
hide_output add-apt-repository -y ppa:ondrej/php
apt_add_repository_to_unattended_upgrades LP-PPA-ondrej-php:trusty
hide_output apt-get update
# ### Suppress Upgrade Prompts # ### Suppress Upgrade Prompts
# Since Mail-in-a-Box might jump straight to 18.04 LTS, there's no need # Since Mail-in-a-Box might jump straight to 18.04 LTS, there's no need
# to be reminded about 16.04 on every login. # to be reminded about 16.04 on every login.

14
setup/web.sh
View File

@ -18,7 +18,11 @@ fi
# Turn off nginx's default website. # Turn off nginx's default website.
echo "Installing Nginx (web server)..." echo "Installing Nginx (web server)..."
apt_install nginx php5-fpm
apt_install nginx php7.0-cli php7.0-fpm
# Set PHP7 as the default
update-alternatives --set php /usr/bin/php7.0
rm -f /etc/nginx/sites-enabled/default rm -f /etc/nginx/sites-enabled/default
@ -40,15 +44,15 @@ tools/editconf.py /etc/nginx/nginx.conf -s \
server_names_hash_bucket_size="128;" server_names_hash_bucket_size="128;"
# Tell PHP not to expose its version number in the X-Powered-By header. # Tell PHP not to expose its version number in the X-Powered-By header.
tools/editconf.py /etc/php5/fpm/php.ini -c ';' \ tools/editconf.py /etc/php/7.0/fpm/php.ini -c ';' \
expose_php=Off expose_php=Off
# Set PHPs default charset to UTF-8, since we use it. See #367. # Set PHPs default charset to UTF-8, since we use it. See #367.
tools/editconf.py /etc/php5/fpm/php.ini -c ';' \ tools/editconf.py /etc/php/7.0/fpm/php.ini -c ';' \
default_charset="UTF-8" default_charset="UTF-8"
# Bump up PHP's max_children to support more concurrent connections # Bump up PHP's max_children to support more concurrent connections
tools/editconf.py /etc/php5/fpm/pool.d/www.conf -c ';' \ tools/editconf.py /etc/php/7.0/fpm/pool.d/www.conf -c ';' \
pm.max_children=8 pm.max_children=8
# Other nginx settings will be configured by the management service # Other nginx settings will be configured by the management service
@ -103,7 +107,7 @@ done #NODOC
# Start services. # Start services.
restart_service nginx restart_service nginx
restart_service php5-fpm restart_service php7.0-fpm
# Open ports. # Open ports.
ufw_allow http ufw_allow http

60
setup/webmail.sh
View File

@ -22,8 +22,10 @@ source /etc/mailinabox.conf # load global vars
echo "Installing Roundcube (webmail)..." echo "Installing Roundcube (webmail)..."
apt_install \ apt_install \
dbconfig-common \ dbconfig-common \
php5 php5-sqlite php5-mcrypt php5-intl php5-json php5-common php-auth php-net-smtp php-net-socket php-net-sieve php-mail-mime php-crypt-gpg php5-gd php5-pspell \ php7.0-cli php7.0-sqlite php7.0-mcrypt php7.0-intl php7.0-json php7.0-common \
tinymce libjs-jquery libjs-jquery-mousewheel libmagic1 php-auth php-net-smtp php-net-socket php-net-sieve php-mail-mime php-crypt-gpg \
php7.0-gd php7.0-pspell tinymce libjs-jquery libjs-jquery-mousewheel libmagic1
apt_get_quiet remove php-mail-mimedecode # no longer needed since Roundcube 1.1.3 apt_get_quiet remove php-mail-mimedecode # no longer needed since Roundcube 1.1.3
# We used to install Roundcube from Ubuntu, without triggering the dependencies #NODOC # We used to install Roundcube from Ubuntu, without triggering the dependencies #NODOC
@ -32,17 +34,16 @@ apt_get_quiet remove php-mail-mimedecode # no longer needed since Roundcube 1.1.
apt-get purge -qq -y roundcube* #NODOC apt-get purge -qq -y roundcube* #NODOC
# Install Roundcube from source if it is not already present or if it is out of date. # Install Roundcube from source if it is not already present or if it is out of date.
# Combine the Roundcube version number with the commit hash of vacation_sieve to track # Combine the Roundcube version number with the commit hash of plugins to track
# whether we have the latest version. # whether we have the latest version of everything.
VERSION=1.2.4 VERSION=1.3.0
HASH=e2091ea775b80eda43ab225130d5a2e888c3789a HASH=634c89b9c51c44fb757bb19c77ad5083cf7aa030
VACATION_SIEVE_VERSION=91ea6f52216390073d1f5b70b5f6bea0bfaee7e5
PERSISTENT_LOGIN_VERSION=c4516c4be37d12ef653de86497304e073a863c2a PERSISTENT_LOGIN_VERSION=c4516c4be37d12ef653de86497304e073a863c2a
HTML5_NOTIFIER_VERSION=4b370e3cd60dabd2f428a26f45b677ad1b7118d5 HTML5_NOTIFIER_VERSION=4b370e3cd60dabd2f428a26f45b677ad1b7118d5
CARDDAV_VERSION=2.0.4 CARDDAV_VERSION=2.0.4
CARDDAV_HASH=d93f3cfb3038a519e71c7c3212c1d16f5da609a4 CARDDAV_HASH=d93f3cfb3038a519e71c7c3212c1d16f5da609a4
UPDATE_KEY=$VERSION:$VACATION_SIEVE_VERSION:$PERSISTENT_LOGIN_VERSION:$HTML5_NOTIFIER_VERSION:$CARDDAV_VERSION:a UPDATE_KEY=$VERSION:$PERSISTENT_LOGIN_VERSION:$HTML5_NOTIFIER_VERSION:$CARDDAV_VERSION
# paths that are often reused. # paths that are often reused.
RCM_DIR=/usr/local/lib/roundcubemail RCM_DIR=/usr/local/lib/roundcubemail
@ -60,7 +61,7 @@ fi
if [ $needs_update == 1 ]; then if [ $needs_update == 1 ]; then
# install roundcube # install roundcube
wget_verify \ wget_verify \
https://github.com/roundcube/roundcubemail/releases/download/$VERSION/roundcubemail-$VERSION.tar.gz \ https://github.com/roundcube/roundcubemail/releases/download/$VERSION/roundcubemail-$VERSION-complete.tar.gz \
$HASH \ $HASH \
/tmp/roundcube.tgz /tmp/roundcube.tgz
tar -C /usr/local/lib --no-same-owner -zxf /tmp/roundcube.tgz tar -C /usr/local/lib --no-same-owner -zxf /tmp/roundcube.tgz
@ -68,9 +69,6 @@ if [ $needs_update == 1 ]; then
mv /usr/local/lib/roundcubemail-$VERSION/ $RCM_DIR mv /usr/local/lib/roundcubemail-$VERSION/ $RCM_DIR
rm -f /tmp/roundcube.tgz rm -f /tmp/roundcube.tgz
# install roundcube autoreply/vacation plugin
git_clone https://github.com/arodier/Roundcube-Plugins.git $VACATION_SIEVE_VERSION plugins/vacation_sieve ${RCM_PLUGIN_DIR}/vacation_sieve
# install roundcube persistent_login plugin # install roundcube persistent_login plugin
git_clone https://github.com/mfreiholz/Roundcube-Persistent-Login-Plugin.git $PERSISTENT_LOGIN_VERSION '' ${RCM_PLUGIN_DIR}/persistent_login git_clone https://github.com/mfreiholz/Roundcube-Persistent-Login-Plugin.git $PERSISTENT_LOGIN_VERSION '' ${RCM_PLUGIN_DIR}/persistent_login
@ -112,15 +110,27 @@ cat > $RCM_CONFIG <<EOF;
\$config['db_dsnw'] = 'sqlite:///$STORAGE_ROOT/mail/roundcube/roundcube.sqlite?mode=0640'; \$config['db_dsnw'] = 'sqlite:///$STORAGE_ROOT/mail/roundcube/roundcube.sqlite?mode=0640';
\$config['default_host'] = 'ssl://localhost'; \$config['default_host'] = 'ssl://localhost';
\$config['default_port'] = 993; \$config['default_port'] = 993;
\$config['imap_conn_options'] = array(
'ssl' => array(
'verify_peer' => false,
'verify_peer_name' => false,
),
);
\$config['imap_timeout'] = 15; \$config['imap_timeout'] = 15;
\$config['smtp_server'] = 'tls://127.0.0.1'; \$config['smtp_server'] = 'tls://127.0.0.1';
\$config['smtp_port'] = 587; \$config['smtp_port'] = 587;
\$config['smtp_user'] = '%u'; \$config['smtp_user'] = '%u';
\$config['smtp_pass'] = '%p'; \$config['smtp_pass'] = '%p';
\$config['smtp_conn_options'] = array(
'ssl' => array(
'verify_peer' => false,
'verify_peer_name' => false,
),
);
\$config['support_url'] = 'https://mailinabox.email/'; \$config['support_url'] = 'https://mailinabox.email/';
\$config['product_name'] = '$PRIMARY_HOSTNAME Webmail'; \$config['product_name'] = '$PRIMARY_HOSTNAME Webmail';
\$config['des_key'] = '$SECRET_KEY'; \$config['des_key'] = '$SECRET_KEY';
\$config['plugins'] = array('html5_notifier', 'archive', 'zipdownload', 'password', 'managesieve', 'jqueryui', 'vacation_sieve', 'persistent_login', 'carddav'); \$config['plugins'] = array('html5_notifier', 'archive', 'zipdownload', 'password', 'managesieve', 'jqueryui', 'persistent_login', 'carddav');
\$config['skin'] = 'larry'; \$config['skin'] = 'larry';
\$config['login_autocomplete'] = 2; \$config['login_autocomplete'] = 2;
\$config['password_charset'] = 'UTF-8'; \$config['password_charset'] = 'UTF-8';
@ -148,26 +158,6 @@ cat > ${RCM_PLUGIN_DIR}/carddav/config.inc.php <<EOF;
); );
EOF EOF
# Configure vaction_sieve.
cat > /usr/local/lib/roundcubemail/plugins/vacation_sieve/config.inc.php <<EOF;
<?php
/* Do not edit. Written by Mail-in-a-Box. Regenerated on updates. */
\$rcmail_config['vacation_sieve'] = array(
'date_format' => 'd/m/Y',
'working_hours' => array(8,18),
'msg_format' => 'text',
'logon_transform' => array('#([a-z])[a-z]+(\.|\s)([a-z])#i', '\$1\$3'),
'transfer' => array(
'mode' => 'managesieve',
'ms_activate_script' => true,
'host' => '127.0.0.1',
'port' => '4190',
'usetls' => false,
'path' => 'vacation',
)
);
EOF
# Create writable directories. # Create writable directories.
mkdir -p /var/log/roundcubemail /tmp/roundcubemail $STORAGE_ROOT/mail/roundcube mkdir -p /var/log/roundcubemail /tmp/roundcubemail $STORAGE_ROOT/mail/roundcube
chown -R www-data.www-data /var/log/roundcubemail /tmp/roundcubemail $STORAGE_ROOT/mail/roundcube chown -R www-data.www-data /var/log/roundcubemail /tmp/roundcubemail $STORAGE_ROOT/mail/roundcube
@ -210,5 +200,5 @@ chown www-data:www-data $STORAGE_ROOT/mail/roundcube/roundcube.sqlite
chmod 664 $STORAGE_ROOT/mail/roundcube/roundcube.sqlite chmod 664 $STORAGE_ROOT/mail/roundcube/roundcube.sqlite
# Enable PHP modules. # Enable PHP modules.
php5enmod mcrypt phpenmod -v php7.0 mcrypt imap
restart_service php5-fpm restart_service php7.0-fpm

10
setup/zpush.sh
View File

@ -17,13 +17,13 @@ source /etc/mailinabox.conf # load global vars
echo "Installing Z-Push (Exchange/ActiveSync server)..." echo "Installing Z-Push (Exchange/ActiveSync server)..."
apt_install \ apt_install \
php-soap php5-imap libawl-php php5-xsl php7.0-soap php7.0-imap libawl-php php7.0-xsl
php5enmod imap phpenmod -v php7.0 imap
# Copy Z-Push into place. # Copy Z-Push into place.
TARGETHASH=131229a8feda09782dfd06449adce3d5a219183f TARGETHASH=01cdfafcdf6855f566a9cbc5826b3d9930a9b35b
VERSION=2.3.6 VERSION=2.3.7
needs_update=0 #NODOC needs_update=0 #NODOC
if [ ! -f /usr/local/lib/z-push/version ]; then if [ ! -f /usr/local/lib/z-push/version ]; then
needs_update=1 #NODOC needs_update=1 #NODOC
@ -100,7 +100,7 @@ EOF
# Restart service. # Restart service.
restart_service php5-fpm restart_service php7.0-fpm
# Fix states after upgrade # Fix states after upgrade

2
tools/owncloud-restore.sh
View File

@ -27,6 +27,7 @@ fi
echo "Restoring backup from $1" echo "Restoring backup from $1"
service php5-fpm stop service php5-fpm stop
service php7.0-fpm stop
# remove the current ownCloud/Nextcloud installation # remove the current ownCloud/Nextcloud installation
rm -rf /usr/local/lib/owncloud/ rm -rf /usr/local/lib/owncloud/
@ -46,4 +47,5 @@ chown www-data.www-data $STORAGE_ROOT/owncloud/config.php
sudo -u www-data php /usr/local/lib/owncloud/occ maintenance:mode --off sudo -u www-data php /usr/local/lib/owncloud/occ maintenance:mode --off
service php5-fpm start service php5-fpm start
service php7.0-fpm start
echo "Done" echo "Done"