mirror of
https://github.com/mail-in-a-box/mailinabox.git
synced 2024-11-24 02:37:05 +00:00
6d259a6e12
On some machines localhost is defined as something other than 127.0.0.1, and if we mix "127.0.0.1" and "localhost" then some connections won't be to to the address a service is actually running on. This was the case with DKIM: It was running on "localhost" but Postfix was connecting to it at 127.0.0.1. (https://discourse.mailinabox.email/t/opendkim-is-not-running-port-8891/1188/12.) I suppose "localhost" could be an alias to an IPv6 address? We don't really want local services binding on IPv6, so use "127.0.0.1" to be explicit and don't use "localhost" to be sure we get an IPv4 address. Fixes #797
158 lines
5.2 KiB
Bash
Executable File
158 lines
5.2 KiB
Bash
Executable File
#!/bin/bash
|
|
# This is the entry point for configuring the system.
|
|
#####################################################
|
|
|
|
source setup/functions.sh # load our functions
|
|
|
|
# Check system setup: Are we running as root on Ubuntu 14.04 on a
|
|
# machine with enough memory? Is /tmp mounted with exec.
|
|
# If not, this shows an error and exits.
|
|
source setup/preflight.sh
|
|
|
|
# Ensure Python reads/writes files in UTF-8. If the machine
|
|
# triggers some other locale in Python, like ASCII encoding,
|
|
# Python may not be able to read/write files. This is also
|
|
# in the management daemon startup script and the cron script.
|
|
|
|
if [ -z `locale -a | grep en_US.utf8` ]; then
|
|
# Generate locale if not exists
|
|
hide_output locale-gen en_US.UTF-8
|
|
fi
|
|
|
|
export LANGUAGE=en_US.UTF-8
|
|
export LC_ALL=en_US.UTF-8
|
|
export LANG=en_US.UTF-8
|
|
export LC_TYPE=en_US.UTF-8
|
|
|
|
# Fix so line drawing characters are shown correctly in Putty on Windows. See #744.
|
|
export NCURSES_NO_UTF8_ACS=1
|
|
|
|
# Recall the last settings used if we're running this a second time.
|
|
if [ -f /etc/mailinabox.conf ]; then
|
|
# Run any system migrations before proceeding. Since this is a second run,
|
|
# we assume we have Python already installed.
|
|
setup/migrate.py --migrate || exit 1
|
|
|
|
# Load the old .conf file to get existing configuration options loaded
|
|
# into variables with a DEFAULT_ prefix.
|
|
cat /etc/mailinabox.conf | sed s/^/DEFAULT_/ > /tmp/mailinabox.prev.conf
|
|
source /tmp/mailinabox.prev.conf
|
|
rm -f /tmp/mailinabox.prev.conf
|
|
else
|
|
FIRST_TIME_SETUP=1
|
|
fi
|
|
|
|
# Put a start script in a global location. We tell the user to run 'mailinabox'
|
|
# in the first dialog prompt, so we should do this before that starts.
|
|
cat > /usr/local/bin/mailinabox << EOF;
|
|
#!/bin/bash
|
|
cd `pwd`
|
|
source setup/start.sh
|
|
EOF
|
|
chmod +x /usr/local/bin/mailinabox
|
|
|
|
# Ask the user for the PRIMARY_HOSTNAME, PUBLIC_IP, and PUBLIC_IPV6,
|
|
# if values have not already been set in environment variables. When running
|
|
# non-interactively, be sure to set values for all! Also sets STORAGE_USER and
|
|
# STORAGE_ROOT.
|
|
source setup/questions.sh
|
|
|
|
# Run some network checks to make sure setup on this machine makes sense.
|
|
# Skip on existing installs since we don't want this to block the ability to
|
|
# upgrade, and these checks are also in the control panel status checks.
|
|
if [ -z "$DEFAULT_PRIMARY_HOSTNAME" ]; then
|
|
if [ -z "$SKIP_NETWORK_CHECKS" ]; then
|
|
source setup/network-checks.sh
|
|
fi
|
|
fi
|
|
|
|
# Create the STORAGE_USER and STORAGE_ROOT directory if they don't already exist.
|
|
# If the STORAGE_ROOT is missing the mailinabox.version file that lists a
|
|
# migration (schema) number for the files stored there, assume this is a fresh
|
|
# installation to that directory and write the file to contain the current
|
|
# migration number for this version of Mail-in-a-Box.
|
|
if ! id -u $STORAGE_USER >/dev/null 2>&1; then
|
|
useradd -m $STORAGE_USER
|
|
fi
|
|
if [ ! -d $STORAGE_ROOT ]; then
|
|
mkdir -p $STORAGE_ROOT
|
|
fi
|
|
if [ ! -f $STORAGE_ROOT/mailinabox.version ]; then
|
|
echo $(setup/migrate.py --current) > $STORAGE_ROOT/mailinabox.version
|
|
chown $STORAGE_USER.$STORAGE_USER $STORAGE_ROOT/mailinabox.version
|
|
fi
|
|
|
|
|
|
# Save the global options in /etc/mailinabox.conf so that standalone
|
|
# tools know where to look for data.
|
|
cat > /etc/mailinabox.conf << EOF;
|
|
STORAGE_USER=$STORAGE_USER
|
|
STORAGE_ROOT=$STORAGE_ROOT
|
|
PRIMARY_HOSTNAME=$PRIMARY_HOSTNAME
|
|
PUBLIC_IP=$PUBLIC_IP
|
|
PUBLIC_IPV6=$PUBLIC_IPV6
|
|
PRIVATE_IP=$PRIVATE_IP
|
|
PRIVATE_IPV6=$PRIVATE_IPV6
|
|
EOF
|
|
|
|
# Start service configuration.
|
|
source setup/system.sh
|
|
source setup/ssl.sh
|
|
source setup/dns.sh
|
|
source setup/mail-postfix.sh
|
|
source setup/mail-dovecot.sh
|
|
source setup/mail-users.sh
|
|
source setup/dkim.sh
|
|
source setup/spamassassin.sh
|
|
source setup/web.sh
|
|
source setup/webmail.sh
|
|
source setup/owncloud.sh
|
|
source setup/zpush.sh
|
|
source setup/management.sh
|
|
source setup/munin.sh
|
|
|
|
# Ping the management daemon to write the DNS and nginx configuration files.
|
|
until nc -z -w 4 127.0.0.1 10222
|
|
do
|
|
echo Waiting for the Mail-in-a-Box management daemon to start...
|
|
sleep 2
|
|
done
|
|
tools/dns_update
|
|
tools/web_update
|
|
|
|
# If DNS is already working, try to provision TLS certficates from Let's Encrypt.
|
|
# Suppress extra reasons why domains aren't getting a new certificate.
|
|
management/ssl_certificates.py -q
|
|
|
|
# If there aren't any mail users yet, create one.
|
|
source setup/firstuser.sh
|
|
|
|
# Done.
|
|
echo
|
|
echo "-----------------------------------------------"
|
|
echo
|
|
echo Your Mail-in-a-Box is running.
|
|
echo
|
|
echo Please log in to the control panel for further instructions at:
|
|
echo
|
|
if management/status_checks.py --check-primary-hostname; then
|
|
# Show the nice URL if it appears to be resolving and has a valid certificate.
|
|
echo https://$PRIMARY_HOSTNAME/admin
|
|
echo
|
|
echo "If you have a DNS problem put the box's IP address in the URL"
|
|
echo "(https://$PUBLIC_IP/admin) but then check the SSL fingerprint:"
|
|
openssl x509 -in $STORAGE_ROOT/ssl/ssl_certificate.pem -noout -fingerprint \
|
|
| sed "s/SHA1 Fingerprint=//"
|
|
else
|
|
echo https://$PUBLIC_IP/admin
|
|
echo
|
|
echo You will be alerted that the website has an invalid certificate. Check that
|
|
echo the certificate fingerprint matches:
|
|
echo
|
|
openssl x509 -in $STORAGE_ROOT/ssl/ssl_certificate.pem -noout -fingerprint \
|
|
| sed "s/SHA1 Fingerprint=//"
|
|
echo
|
|
echo Then you can confirm the security exception and continue.
|
|
echo
|
|
fi
|