mirror of
https://git.myvelabs.com/docker/myvemail.git
synced 2025-12-17 22:56:19 +00:00
renamed: 01-nginx-setup.sh -> 01-setup.sh
deleted: 02-generate-env.sh
This commit is contained in:
Myve
parent
d42b05171b
commit
cfcba20e0f
2 changed files with 64 additions and 54 deletions
167
01-setup.sh
Executable file
167
01-setup.sh
Executable file
|
|
@ -0,0 +1,167 @@
|
|||
#!/usr/bin/env bash
|
||||
# Fill in the following variables
|
||||
appname= #google
|
||||
proxyurl= #http://webapps.kvm
|
||||
proxyport= #4000
|
||||
domain= #www.google.com
|
||||
eff_email_address= #eff@eff.com
|
||||
|
||||
# Exit on any error
|
||||
set -e
|
||||
|
||||
# Check for subdomain
|
||||
if [ $(echo ${domain} | awk -F . '{print $3}') ]
|
||||
then
|
||||
_subdomain=$(echo ${domain} | awk -F . '{print $1}')
|
||||
_domain="$(echo ${domain} | awk -F . '{print $2}').$(echo ${domain_url} | awk -F . '{print $3}')"
|
||||
else
|
||||
echo "Invalid \${domain} variable, exiting"
|
||||
exit 1
|
||||
fi
|
||||
|
||||
# Variable check
|
||||
if [ -z ${appname} ] || [ -z ${proxyurl} ] || [ -z ${proxyport} ] || [ -z ${domain} ] || [ -z ${eff_email_address} ]
|
||||
then
|
||||
echo "Missing variable, exiting..."
|
||||
exit 1
|
||||
fi
|
||||
|
||||
# Figure out nginx conf directory
|
||||
if grep -q 'include.*conf.d' /etc/nginx/nginx.conf
|
||||
then
|
||||
nginxdir=/etc/nginx/conf.d
|
||||
elif grep -q 'include.*sites-available' /etc/nginx/nginx.conf
|
||||
then
|
||||
nginxdir=/etc/nginx/sites-available
|
||||
sudo ln -s -f /etc/nginx/sites-available/${appname}.conf /etc/nginx/sites-enabled/
|
||||
else
|
||||
echo "Missing nginx directory, exiting..."
|
||||
exit 1
|
||||
fi
|
||||
|
||||
# Virtual proxy
|
||||
cat <<- 'proxy' | \
|
||||
sed -e "s|{{domain}}|${domain}|" \
|
||||
-e "s|{{proxyurl}}|${proxyurl}|" \
|
||||
-e "s|{{proxyport}}|${proxyport}|" \
|
||||
-e "s|{{appname}}|${appname}|" | sudo tee ${nginxdir}/${appname}.conf >/dev/null
|
||||
server {
|
||||
server_name {{domain}};
|
||||
|
||||
location / {
|
||||
proxy_pass {{proxyurl}}:{{proxyport}}:;
|
||||
error_log /var/log/nginx/{{appname}}_error.log;
|
||||
access_log /var/log/nginx/{{appname}}_access.log;
|
||||
|
||||
# proxy_params;
|
||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||
proxy_set_header X-Forwarded-Host $host;
|
||||
proxy_set_header X-Forwarded-Port $server_port;
|
||||
proxy_set_header X-Forwarded-Scheme $scheme;
|
||||
proxy_set_header X-Forwarded-Proto $scheme;
|
||||
proxy_set_header X-Real-IP $remote_addr;
|
||||
proxy_set_header Accept-Encoding "";
|
||||
proxy_set_header Host $host;
|
||||
|
||||
client_body_buffer_size 512k;
|
||||
proxy_read_timeout 86400s;
|
||||
client_max_body_size 0;
|
||||
|
||||
# Websocket
|
||||
proxy_http_version 1.1;
|
||||
proxy_cache_bypass $http_upgrade;
|
||||
proxy_set_header Upgrade $http_upgrade;
|
||||
proxy_set_header Connection "upgrade";
|
||||
}
|
||||
|
||||
# http_upgrade
|
||||
# Security
|
||||
server_tokens off;
|
||||
add_header X-Frame-Options "SAMEORIGIN" always;
|
||||
add_header X-Content-Type-Options "nosniff" always;
|
||||
add_header X-XSS-Protection "1; mode=block" always;
|
||||
add_header Referrer-Policy "strict-origin" always;
|
||||
add_header X-Permitted-Cross-Domain-Policies "none" always;
|
||||
add_header X-Robots-Tag "noindex, nofollow" always;
|
||||
# add_header Content-Security-Policy "default-src 'self';" always;
|
||||
|
||||
# http2
|
||||
http2 on;
|
||||
|
||||
# http3
|
||||
listen 443 quic;
|
||||
add_header Alt-Svc 'h3=":443"; ma=86400';
|
||||
quic_retry on;
|
||||
http3 on;
|
||||
|
||||
# Certbot defaults
|
||||
listen 443 ssl;
|
||||
include /etc/letsencrypt/options-ssl-nginx.conf;
|
||||
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;
|
||||
add_header Strict-Transport-Security "max-age=31536000" always;
|
||||
}
|
||||
proxy
|
||||
|
||||
# Run certbot
|
||||
if sudo nginx -t
|
||||
then
|
||||
sudo certbot --nginx --non-interactive --agree-tos --no-eff-email -m ${eff_email_address} -d ${domain} \
|
||||
--staple-ocsp --hsts --no-redirect --renew-hook 'docker exec --interactive --tty myvemail /bin/ash -c "dovecot reload; postfix reload"'
|
||||
else
|
||||
exit 1
|
||||
fi
|
||||
|
||||
# SSL
|
||||
[ -d ./data/ssl/ ] || install --directory ./data/ssl/
|
||||
sudo ln -s /etc/letsencrypt/live/${domain}/fullchain.pem ./data/ssl/tls.pem
|
||||
sudo ln -s /etc/letsencrypt/live/${domain}/privkey.pem ./data/ssl/tls.key
|
||||
[ -f ./data/ssl/dh.pem ] || openssl dhparam -out ./data/ssl/dh.pem 4096
|
||||
|
||||
# Postwhite
|
||||
[ -f ./data/postwhite ] || touch ./data/postwhite
|
||||
|
||||
# Environment file
|
||||
cat >./.env <<- gen-env
|
||||
# Required
|
||||
# Mail domain
|
||||
MYVEMAIL_SUBDOMAIN=${_subdomain}
|
||||
MYVEMAIL_DOMAIN=${_domain}
|
||||
|
||||
# Webmail port
|
||||
MYVEMAIL_PORT=${proxyport}
|
||||
|
||||
# Optional
|
||||
# Version: latest or stable (defaults to latest)
|
||||
MYVEMAIL_VERSION=
|
||||
|
||||
# Additional mail domains separated by commas
|
||||
MYVEMAIL_ADDMX=
|
||||
|
||||
# Backup mail servers separated by commas
|
||||
MYVEMAIL_BACKUPMX=
|
||||
|
||||
# Volumes
|
||||
MYVEMAIL_VOLUME_MARIADB=
|
||||
MYVEMAIL_VOLUME_SSL=
|
||||
MYVEMAIL_VOLUME_DATA=
|
||||
MYVEMAIL_VOLUME_MAIL=
|
||||
MYVEMAIL_VOLUME_DKIM=
|
||||
MYVEMAIL_VOLUME_POSTWHITE=
|
||||
|
||||
# MariaDB
|
||||
# Roundcube
|
||||
MYVEMAIL_ROUNDCUBE_DBNAME=roundcube
|
||||
MYVEMAIL_ROUNDCUBE_DBUSER=roundcube
|
||||
MYVEMAIL_ROUNDCUBE_DBPASS=$(openssl rand -hex 32)
|
||||
# Postfixadmin
|
||||
MYVEMAIL_POSTFIXADMIN_DBNAME=postfixadmin
|
||||
MYVEMAIL_POSTFIXADMIN_DBUSER=postfixadmin
|
||||
MYVEMAIL_POSTFIXADMIN_DBPASS=$(openssl rand -hex 32)
|
||||
gen-env
|
||||
|
||||
# Cleanup
|
||||
rm -f ${0}
|
||||
|
||||
# Myvemail initial setup
|
||||
docker compose pull
|
||||
docker compose run --rm -it myvemail setup
|
||||
Loading…
Add table
Add a link
Reference in a new issue