public/mailcow-restore-user-data
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
master
mailcow-restore-user-data/userdata.sh
Git Commiter for 96-fromsofia.net 38beb24e8f fix ssl script
2023-03-04 15:54:18 +00:00

150 lines
4.5 KiB
Bash
Raw Permalink Blame History

#!/bin/bash
#Variables
AWS_REGION="" # Enter your AWS region, ex. eu-west-1
EIP_ALLOCATION_ID="" # Enter your EllasticIP Allocation ID, ex. eipalloc-a7d287sda5sds7ajk
MY_TIMEZONE="" # Enter your timezone, ex. Europe/Berlin
NFS_ADDRESS_EXPORT="" # Enter your NFS server and export, ex: 10.1.1.1:/mail-storage/
MY_MX_FQDN="" # Enter your mailcow FQDN, ex. mail.example.com
# Create SWAP and setup EIP
touch /swapfile
dd if=/dev/zero of=/swapfile bs=1M count=6000
chmod 600 /swapfile
mkswap /swapfile
swapon /swapfile
echo '/swapfile none swap defaults 0 0' >> /etc/fstab
aws ec2 associate-address --region $AWS_REGION --instance-id `curl http://169.254.169.254/latest/meta-data/instance-id` --allocation-id $EIP_ALLOCATION_ID
# Install packages, start docker and configure time
yum update -y
yum install -y vim git curl nfs-utils docker
timedatectl set-timezone $MY_TIMEZONE
systemctl start docker
systemctl enable docker
# Install docker compose
mkdir /root/.docker/cli-plugins -p
curl -SL https://github.com/docker/compose/releases/download/v2.16.0/docker-compose-linux-x86_64 -o /root/.docker/cli-plugins/docker-compose
chmod +x /root/.docker/cli-plugins/docker-compose
# Configure NFS for backup storage
echo "$NFS_ADDRESS_EXPORT /mnt nfs nfsvers=4.1,rsize=1048576,wsize=1048576,hard,timeo=600,retrans=2,noresvport 0 0" >> /etc/fstab
mount /mnt
# Stop postfix and download mailcow
sed -i 's/^smtp inet/#smtp inet/g' /etc/postfix/master.cf
systemctl reload postfix
umask 0022
cd /opt/
git clone https://github.com/mailcow/mailcow-dockerized
cd mailcow-dockerized/
# Disable ipv6
sed -i 's/enable_ipv6: true/enable_ipv6: false/g' docker-compose.yml
cat >> docker-compose.override.yml << eof
version: '2.1'
services:
ipv6nat-mailcow:
image: bash:latest
restart: "no"
entrypoint: ["echo", "ipv6nat disabled in compose.override.yml"]
eof
sed -i 's/do-ip6: yes/do-ip6: no/g' data/conf/unbound/unbound.conf
echo -e 'smtp_address_preference = ipv4\ninet_protocols = ipv4' > data/conf/postfix/extra.cf
sed -i '/::/d' data/conf/nginx/listen_*
sed -i '/::/d' data/conf/nginx/templates/listen*
sed -i '/::/d' data/conf/nginx/dynmaps.conf
sed -i 's/,\[::\]//g' data/conf/dovecot/dovecot.conf
sed -i 's/\[::\]://g' data/conf/phpfpm/php-fpm.d/pools.conf
# Run the script, start the stack and restore backup
echo -e "$MY_MX_FQDN\nY\n1\n" | ./generate_config.sh
sed -i 's/SKIP_SOGO=n/SKIP_SOGO=y/g' mailcow.conf
docker compose pull
docker compose up -d
sleep 90
echo -e '1\n0\n\n\n' | MAILCOW_BACKUP_LOCATION=/mnt/backup/ ./helper-scripts/backup_and_restore.sh restore
# Configure daily backup for mailcow (all besides vmail)
cat >> /root/mailcow-backup << eof
#!/bin/bash
rm -rf /mnt/backup_old/*
mv /mnt/backup/* /mnt/backup_old/
sync
cd /opt/mailcow-dockerized
MAILCOW_BACKUP_LOCATION=/mnt/backup /opt/mailcow-dockerized/helper-scripts/backup_and_restore.sh backup all
exit 0
eof
chmod 700 /root/mailcow-backup
mv /root/mailcow-backup /etc/cron.daily
# Verify if SSL is working and restart the acme client if not
cat >> /root/ssl-check.sh << eof
#!/bin/bash
if curl -Iv https://$MY_MX_FQDN 2>&1 | grep expire > /dev/null
then
echo SSL\ is\ valid
elif curl -Iv https://$MY_MX_FQDN 2>&1 | grep -i fail > /dev/null
then
cd /opt/mailcow-dockerized
docker compose restart acme-mailcow
fi
sleep 90
if curl -Iv https://$MY_MX_FQDN 2>&1 | grep expire > /dev/null
then
echo SSL\ is\ valid
elif curl -Iv https://$MY_MX_FQDN 2>&1 | grep -i fail > /dev/null
then
source mailcow.conf
docker compose down
rm -rf data/assets/ssl
mkdir data/assets/ssl
openssl req -x509 -newkey rsa:4096 -keyout data/assets/ssl-example/key.pem -out data/assets/ssl-example/cert.pem -days 365 -subj "/CN=$MY_MX_FQDN" -sha256 -nodes
cp -n -d data/assets/ssl-example/*.pem data/assets/ssl/
docker compose up -d
fi
sleep 90
if curl -Iv https://$MY_MX_FQDN 2>&1 | grep expire > /dev/null
then
echo SSL\ is\ valid
elif curl -Iv https://$MY_MX_FQDN 2>&1 | grep -i fail > /dev/null
then
cd /opt/mailcow-dockerized
docker compose restart acme-mailcow
fi
exit 0
eof
chmod 700 /root/ssl-check.sh
bash /root/ssl-check.sh
# Make mailcow start on system boot
cat >> /etc/systemd/system/mailcow.service << eof
[Unit]
Description=Docker Compose Application Service
Requires=docker.service
After=docker.service
[Service]
Type=oneshot
RemainAfterExit=yes
WorkingDirectory=/opt/mailcow-dockerized
ExecStart=/bin/docker compose up -d
ExecStop=/bin/docker compose down
TimeoutStartSec=0
[Install]
WantedBy=multi-user.target
eof
systemctl enable mailcow.service
Reference in New Issue View Git Blame Copy Permalink