mirror of
https://github.com/bashclub/zamba-lxc-toolbox.git
synced 2024-12-25 03:30:12 +01:00
Replace mailpiler by piler (updgrade to 1.4)
This commit is contained in:
parent
a3c8efc00d
commit
92f7a4774c
@ -1,36 +0,0 @@
|
||||
#!/bin/bash
|
||||
|
||||
# Authors:
|
||||
# (C) 2021 Idea an concept by Christian Zengel <christian@sysops.de>
|
||||
# (C) 2021 Script design and prototype by Markus Helmke <m.helmke@nettwarker.de>
|
||||
# (C) 2021 Script rework and documentation by Thorsten Spille <thorsten@spille-edv.de>
|
||||
|
||||
# This file contains the project constants on service level
|
||||
|
||||
# Debian Version, which will be installed
|
||||
LXC_TEMPLATE_VERSION="debian-11-standard"
|
||||
|
||||
# Create sharefs mountpoint
|
||||
LXC_MP="0"
|
||||
|
||||
# Create unprivileged container
|
||||
LXC_UNPRIVILEGED="1"
|
||||
|
||||
# enable nesting feature
|
||||
LXC_NESTING="1"
|
||||
|
||||
# enable keyctl feature
|
||||
LXC_KEYCTL="0"
|
||||
|
||||
# Defines the version number of piler mail archive to install (type in exact version number (e.g. 1.3.11) or 'latest')
|
||||
PILER_VERSION="1.3.12"
|
||||
# Defines the version of sphinx to install
|
||||
PILER_SPHINX_VERSION="3.3.1"
|
||||
# Defines the php version to install
|
||||
PILER_PHP_VERSION="7.4"
|
||||
|
||||
# Sets the minimum amount of RAM the service needs for operation
|
||||
LXC_MEM_MIN=1024
|
||||
|
||||
# service dependent meta tags
|
||||
SERVICE_TAGS="php-fpm,nginx,mariadb,sphinx"
|
@ -1,189 +0,0 @@
|
||||
#!/bin/bash
|
||||
|
||||
# Authors:
|
||||
# (C) 2021 Idea an concept by Christian Zengel <christian@sysops.de>
|
||||
# (C) 2021 Script design and prototype by Markus Helmke <m.helmke@nettwarker.de>
|
||||
# (C) 2021 Script rework and documentation by Thorsten Spille <thorsten@spille-edv.de>
|
||||
|
||||
source /root/functions.sh
|
||||
source /root/zamba.conf
|
||||
source /root/constants-service.conf
|
||||
|
||||
HOSTNAME=$(hostname -f)
|
||||
|
||||
echo "Ensure your Hostname is set to your Piler FQDN!"
|
||||
|
||||
echo $HOSTNAME
|
||||
|
||||
if
|
||||
[ "$HOSTNAME" != "$PILER_FQDN" ]
|
||||
then
|
||||
echo "Hostname doesn't match $PILER_FQDN! Check install.sh, /etc/hosts, /etc/hostname." && exit
|
||||
else
|
||||
echo "Hostname matches $PILER_FQDN, so starting installation."
|
||||
fi
|
||||
|
||||
# install php
|
||||
wget -q https://packages.sury.org/php/apt.gpg -O- | apt-key add -
|
||||
echo "deb https://packages.sury.org/php/ $(lsb_release -sc) main" | tee /etc/apt/sources.list.d/php.list
|
||||
|
||||
apt-key adv --fetch-keys 'https://mariadb.org/mariadb_release_signing_key.asc'
|
||||
add-apt-repository "deb [arch=amd64] https://mirror.wtnet.de/mariadb/repo/10.5/debian $(lsb_release -cs) main"
|
||||
|
||||
apt update
|
||||
|
||||
DEBIAN_FRONTEND=noninteractive DEBIAN_PRIORITY=critical apt install -y -qq build-essential libwrap0-dev libpst-dev tnef libytnef0-dev \
|
||||
unrtf catdoc libtre-dev tre-agrep poppler-utils libzip-dev unixodbc libpq5 libpoppler-dev openssl libssl-dev memcached telnet nginx \
|
||||
mariadb-server default-libmysqlclient-dev python3-mysqldb gcc libwrap0 libzip4 latex2rtf latex2html catdoc tnef zipcmp zipmerge ziptool libsodium23 \
|
||||
php$PILER_PHP_VERSION-{fpm,common,ldap,mysql,cli,opcache,phpdbg,gd,memcache,json,readline,zip}
|
||||
|
||||
DEBIAN_FRONTEND=noninteractive DEBIAN_PRIORITY=critical apt remove --purge -y -qq postfix
|
||||
|
||||
cat > /etc/mysql/conf.d/mailpiler.conf <<EOF
|
||||
innodb_buffer_pool_size=256M
|
||||
innodb_flush_log_at_trx_commit=1
|
||||
innodb_log_buffer_size=64M
|
||||
innodb_log_file_size=16M
|
||||
query_cache_size=0
|
||||
query_cache_type=0
|
||||
query_cache_limit=2M
|
||||
EOF
|
||||
|
||||
systemctl restart mariadb
|
||||
|
||||
cd /tmp
|
||||
wget https://download.mailpiler.com/generic-local/sphinx-$PILER_SPHINX_VERSION-bin.tar.gz
|
||||
tar -xvzf sphinx-$PILER_SPHINX_VERSION-bin.tar.gz -C /
|
||||
|
||||
groupadd piler
|
||||
useradd -g piler -m -s /bin/bash -d /var/piler piler
|
||||
usermod -L piler
|
||||
chmod 755 /var/piler
|
||||
|
||||
if [[ "$PILER_VERSION" == "latest" ]]; then
|
||||
URL=$(curl -s https://www.mailpiler.org/wiki/download | grep "https://bitbucket.org/jsuto/piler/downloads/piler-" | cut -d '"' -f2)
|
||||
PILER_VERSION=$(echo $URL | cut -d'-' -f2 | cut -d'.' -f1-3)
|
||||
wget -O piler-$PILER_VERSION.tar.gz $URL
|
||||
else
|
||||
wget https://bitbucket.org/jsuto/piler/downloads/piler-$PILER_VERSION.tar.gz
|
||||
fi
|
||||
tar -xvzf piler-$PILER_VERSION.tar.gz
|
||||
cd piler-$PILER_VERSION/
|
||||
./configure --localstatedir=/var --with-database=mysql --enable-tcpwrappers --enable-memcached
|
||||
make
|
||||
make install
|
||||
ldconfig
|
||||
|
||||
cp util/postinstall.sh util/postinstall.sh.bak
|
||||
sed -i "s/ PILER_SMARTHOST=.*/ PILER_SMARTHOST="\"$PILER_SMARTHOST\""/" util/postinstall.sh
|
||||
sed -i 's/ WWWGROUP=.*/ WWWGROUP="www-data"/' util/postinstall.sh
|
||||
|
||||
make postinstall
|
||||
|
||||
cp /usr/local/etc/piler/piler.conf /usr/local/etc/piler/piler.conf.bak
|
||||
sed -i "s/hostid=.*/hostid=$PILER_FQDN/" /usr/local/etc/piler/piler.conf
|
||||
sed -i "s/update_counters_to_memcached=.*/update_counters_to_memcached=1/" /usr/local/etc/piler/piler.conf
|
||||
|
||||
su piler -c "indexer --all --config /usr/local/etc/piler/sphinx.conf"
|
||||
|
||||
/etc/init.d/rc.piler start
|
||||
/etc/init.d/rc.searchd start
|
||||
|
||||
update-rc.d rc.piler defaults
|
||||
update-rc.d rc.searchd defaults
|
||||
|
||||
mkdir -p /etc/nginx/ssl
|
||||
openssl req -x509 -nodes -days 3650 -newkey rsa:4096 -keyout /etc/nginx/ssl/piler.key -out /etc/nginx/ssl/piler.crt -subj "/CN=$PILER_FQDN" -addext "subjectAltName=DNS:$PILER_FQDN"
|
||||
|
||||
cd /etc/nginx/sites-available
|
||||
cp /tmp/piler-$PILER_VERSION/contrib/webserver/piler-nginx.conf /etc/nginx/sites-available/
|
||||
ln -s /etc/nginx/sites-available/piler-nginx.conf /etc/nginx/sites-enabled/piler-nginx.conf
|
||||
|
||||
sed -i "s|PILER_HOST|$PILER_FQDN|g" /etc/nginx/sites-available/piler-nginx.conf
|
||||
sed -i "s|/var/run/php/php7.4-fpm.sock|/var/run/php/php$PILER_PHP_VERSION-fpm.sock|g" /etc/nginx/sites-available/piler-nginx.conf
|
||||
|
||||
sed -i "/server_name.*/a \\
|
||||
listen 443 ssl http2;\n\n\
|
||||
ssl_certificate /etc/nginx/ssl/piler.crt;\n\
|
||||
ssl_certificate_key /etc/nginx/ssl/piler.key;\n\n\
|
||||
ssl_session_timeout 1d;\n\
|
||||
ssl_session_cache shared:SSL:15m;\n\
|
||||
ssl_session_tickets off;\n\n\
|
||||
# modern configuration of Mozilla SSL configurator. Tweak to your needs.\n\
|
||||
ssl_protocols TLSv1.2 TLSv1.3;\n\
|
||||
ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384;\n\
|
||||
ssl_prefer_server_ciphers off;\n\n\
|
||||
add_header X-Frame-Options SAMEORIGIN;\n\
|
||||
add_header X-Content-Type-Options nosniff;" /etc/nginx/sites-available/piler-nginx.conf
|
||||
|
||||
sed -i "/^server {.*/i\
|
||||
server {\n\
|
||||
listen 80;\n\
|
||||
server_name _;\n\
|
||||
server_tokens off;\n\
|
||||
# HTTP to HTTPS redirect.\n\
|
||||
return 301 https://$PILER_FQDN;\n\
|
||||
}" /etc/nginx/sites-available/piler-nginx.conf
|
||||
|
||||
unlink /etc/nginx/sites-enabled/default
|
||||
|
||||
cp /usr/local/etc/piler/config-site.php /usr/local/etc/piler/config-site.php.bak
|
||||
sed -i "s|\$config\['SITE_URL'\] = .*|\$config\['SITE_URL'\] = 'https://$PILER_FQDN/';|" /usr/local/etc/piler/config-site.php
|
||||
cat >> /usr/local/etc/piler/config-site.php <<EOF
|
||||
|
||||
// CUSTOM
|
||||
\$config['PROVIDED_BY'] = '$PILER_FQDN';
|
||||
\$config['SUPPORT_LINK'] = 'https://$PILER_FQDN';
|
||||
\$config['COMPATIBILITY'] = '';
|
||||
|
||||
// fancy features.
|
||||
\$config['ENABLE_INSTANT_SEARCH'] = 1;
|
||||
\$config['ENABLE_TABLE_RESIZE'] = 1;
|
||||
|
||||
\$config['ENABLE_DELETE'] = 1;
|
||||
\$config['ENABLE_ON_THE_FLY_VERIFICATION'] = 1;
|
||||
|
||||
// general settings.
|
||||
\$config['TIMEZONE'] = '$LXC_TIMEZONE';
|
||||
|
||||
// authentication
|
||||
// Enable authentication against an imap server
|
||||
//\$config['ENABLE_IMAP_AUTH'] = 1;
|
||||
//\$config['RESTORE_OVER_IMAP'] = 1;
|
||||
//\$config['IMAP_RESTORE_FOLDER_INBOX'] = 'INBOX';
|
||||
//\$config['IMAP_RESTORE_FOLDER_SENT'] = 'Sent';
|
||||
//\$config['IMAP_HOST'] = '$PILER_SMARTHOST';
|
||||
//\$config['IMAP_PORT'] = 993;
|
||||
//\$config['IMAP_SSL'] = true;
|
||||
|
||||
// authentication against an ldap directory (disabled by default)
|
||||
//\$config['ENABLE_LDAP_AUTH'] = 1;
|
||||
//\$config['LDAP_HOST'] = '$PILER_SMARTHOST';
|
||||
//\$config['LDAP_PORT'] = 389;
|
||||
//\$config['LDAP_HELPER_DN'] = 'cn=administrator,cn=users,dc=mydomain,dc=local';
|
||||
//\$config['LDAP_HELPER_PASSWORD'] = 'myxxxxpasswd';
|
||||
//\$config['LDAP_MAIL_ATTR'] = 'mail';
|
||||
//\$config['LDAP_AUDITOR_MEMBER_DN'] = '';
|
||||
//\$config['LDAP_ADMIN_MEMBER_DN'] = '';
|
||||
//\$config['LDAP_BASE_DN'] = 'ou=Benutzer,dc=krs,dc=local';
|
||||
|
||||
// authentication against an Uninvention based ldap directory
|
||||
//\$config['ENABLE_LDAP_AUTH'] = 1;
|
||||
//\$config['LDAP_HOST'] = '$PILER_SMARTHOST';
|
||||
//\$config['LDAP_PORT'] = 7389;
|
||||
//\$config['LDAP_HELPER_DN'] = 'uid=ldap-search-user,cn=users,dc=mydomain,dc=local';
|
||||
//\$config['LDAP_HELPER_PASSWORD'] = 'myxxxxpasswd';
|
||||
//\$config['LDAP_AUDITOR_MEMBER_DN'] = '';
|
||||
//\$config['LDAP_ADMIN_MEMBER_DN'] = '';
|
||||
//\$config['LDAP_BASE_DN'] = 'cn=users,dc=mydomain,dc=local';
|
||||
//\$config['LDAP_MAIL_ATTR'] = 'mailPrimaryAddress';
|
||||
//\$config['LDAP_ACCOUNT_OBJECTCLASS'] = 'person';
|
||||
//\$config['LDAP_DISTRIBUTIONLIST_OBJECTCLASS'] = 'person';
|
||||
//\$config['LDAP_DISTRIBUTIONLIST_ATTR'] = 'mailAlternativeAddress';
|
||||
|
||||
// special settings.
|
||||
\$config['MEMCACHED_ENABLED'] = 1;
|
||||
\$config['SPHINX_STRICT_SCHEMA'] = 1; // required for Sphinx $PILER_SPHINX_VERSION, see https://bitbucket.org/jsuto/piler/issues/1085/sphinx-331.
|
||||
EOF
|
||||
|
||||
nginx -t && systemctl restart nginx
|
27
src/piler/constants-service.conf
Normal file
27
src/piler/constants-service.conf
Normal file
@ -0,0 +1,27 @@
|
||||
#!/bin/bash
|
||||
|
||||
# Authors:
|
||||
# (C) 2024 Thorsten Spille <thorsten@spille-edv.de>
|
||||
|
||||
# This file contains the project constants on service level
|
||||
|
||||
# Debian Version, which will be installed
|
||||
LXC_TEMPLATE_VERSION="debian-12-standard"
|
||||
|
||||
# Create sharefs mountpoint
|
||||
LXC_MP="0"
|
||||
|
||||
# Create unprivileged container
|
||||
LXC_UNPRIVILEGED="1"
|
||||
|
||||
# enable nesting feature
|
||||
LXC_NESTING="1"
|
||||
|
||||
# enable keyctl feature
|
||||
LXC_KEYCTL="0"
|
||||
|
||||
# Sets the minimum amount of RAM the service needs for operation
|
||||
LXC_MEM_MIN=1024
|
||||
|
||||
# service dependent meta tags
|
||||
SERVICE_TAGS="php-fpm,nginx,mariadb,manticore"
|
23
src/piler/install-service.sh
Normal file
23
src/piler/install-service.sh
Normal file
@ -0,0 +1,23 @@
|
||||
#!/bin/bash
|
||||
|
||||
# Author:
|
||||
# (C) 2024 Thorsten Spille <thorsten@spille-edv.de>
|
||||
|
||||
source zamba.conf
|
||||
|
||||
wget -O - https://apt.bashclub.org/gpg/bashclub.pub | gpg --dearmor > /usr/share/keyrings/bashclub-keyring.gpg
|
||||
|
||||
echo "deb [signed-by=/usr/share/keyrings/bashclub-keyring.gpg] https://apt.bashclub.org/manticore bookworm main" > /etc/apt/sources.list.d/bashclub-manticore.list
|
||||
echo "deb [signed-by=/usr/share/keyrings/bashclub-keyring.gpg] https://apt.bashclub.org/testing bookworm main" > /etc/apt/sources.list.d/bashclub-testing.list
|
||||
apt update
|
||||
|
||||
DEBIAN_FRONTEND=noninteractive DEBIAN_PRIORITY=critical apt install -y -qq --no-install-recommends piler
|
||||
|
||||
echo -e "Installation of piler finished."
|
||||
echo -e "\nFor administration please visit the following Website:"
|
||||
echo -e "\thttps://${LXC_HOSTNAME}.${LXC_DOMAIN}/"
|
||||
echo -e "\nLogin with following credentials:"
|
||||
echo -e "\tUser: admin@local"
|
||||
echo -e "\tPass: pilerrocks"
|
||||
echo -e "\n\nPlease have a look the the GOBD notes (in German):"
|
||||
echo -e "\thttps://${LXC_HOSTNAME}.${LXC_DOMAIN}/gobd"
|
Loading…
Reference in New Issue
Block a user