From 54662e77baf8886b281dd7f402677a2158d45673 Mon Sep 17 00:00:00 2001 From: Andris Reinman Date: Mon, 16 Oct 2017 13:15:51 +0300 Subject: [PATCH] added installer script --- setup/README.md | 15 +++ setup/install.sh | 309 +++++++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 324 insertions(+) create mode 100644 setup/README.md create mode 100755 setup/install.sh diff --git a/setup/README.md b/setup/README.md new file mode 100644 index 00000000..7254dbf7 --- /dev/null +++ b/setup/README.md @@ -0,0 +1,15 @@ +# Wild Duck Installer + +Here you can find an example install script to install Wild Duck with Haraka and ZoneMTA. The install script is self contained, you can upload to your server and start it. It fetches all required files from Github by itself. + +## Usage + + sudo ./install.sh mydomain.com + +Where mydomain.com is the domain name of your server. + +If everything succeeds then open your browser http://mydomain.com/ and you should see the Wild Duck example webmail app. Create an account using that app and start receiving and sending emails! (Make sure though that your MX DNS uses mydomain.com) + +The install script is tested on Ubuntu 16.04 and the server must be blank. There should be no existing software installed (eg. Apache or MySQL). If the server already has something installed, then remove the extra application before running this script. + +Be aware though that the installation is not set up securely. MongoDB and Redis do not have authentication enabled. There are only self-signed certs installed (and Haraka on port 25 does not have any certs installed). The webmail app rins on HTTP which also means that Yubikey 2FA does not work. diff --git a/setup/install.sh b/setup/install.sh new file mode 100755 index 00000000..e14ad2e5 --- /dev/null +++ b/setup/install.sh @@ -0,0 +1,309 @@ +#!/bin/bash + +# Run as root: +# sudo ./install.sh [maildomain.com] + +HOSTNAME="$1" + +WILDDUCK_COMMIT="30f0e83ed34efcaacd56b997d85a0b76ad1cdd8d" +ZONEMTA_COMMIT="88f73b6f6fa4c1135af611d1bb79213ed5ee3869" +WEBMAIL_COMMIT="bbac73339f192b1dfa39be20ac3a6acf5ffffc07" + +if [[ $EUID -ne 0 ]]; then + echo "This script must be run as root" 1>&2 + exit 1 +fi + +# stop on first error +set -e + +export DEBIAN_FRONTEND=noninteractive + +useradd wildduck + +# mongo +apt-key adv --keyserver hkp://keyserver.ubuntu.com:80 --recv 0C49F3730359A14518585931BC711F9BA15703C6 +echo "deb [ arch=amd64,arm64 ] http://repo.mongodb.org/apt/ubuntu xenial/mongodb-org/3.4 multiverse" | sudo tee /etc/apt/sources.list.d/mongodb-org-3.4.list + +# node +curl -sL https://deb.nodesource.com/setup_8.x | bash - + +apt-get update + +apt-get -q -y install mongodb-org pwgen nodejs git ufw build-essential libssl-dev dnsutils python software-properties-common nginx + +# redis +apt-add-repository -y ppa:chris-lea/redis-server +apt-get update +apt-get -q -y install redis-server + +apt-get clean + +if [ -z "$HOSTNAME" ] + then + PUBLIC_IP=`curl -s https://api.ipify.org` + if [ ! -z "$PUBLIC_IP" ]; then + HOSTNAME=`dig +short -x $PUBLIC_IP | sed 's/\.$//'` + HOSTNAME="${HOSTNAME:-$PUBLIC_IP}" + fi + HOSTNAME="${HOSTNAME:-`hostname`}" +fi + +node -v +redis-server -v +mongod --version +echo "HOSTNAME: $HOSTNAME" + +####### WILD DUCK ####### + +cd /var/opt +git clone --bare git://github.com/nodemailer/wildduck.git +mkdir /opt/wildduck +git --git-dir=/var/opt/wildduck.git --work-tree=/opt/wildduck checkout "$WILDDUCK_COMMIT" +cp -r /opt/wildduck/config /etc/wildduck +mv /etc/wildduck/default.toml /etc/wildduck/wildduck.toml + +echo 'sender="zone-mta"' >> /etc/wildduck/dbs.toml + +echo 'enabled=true +port=993 +host="0.0.0.0" +secure=true' > /etc/wildduck/imap.toml + +echo 'enabled=true +port=995 +host="0.0.0.0" +secure=true' > /etc/wildduck/pop3.toml + +echo "enabled=true +port=24 +emailDomain=\"$HOSTNAME\"" > /etc/wildduck/lmtp.toml + +echo 'user="wildduck" +group="wildduck"' | cat - /etc/wildduck/wildduck.toml > temp && mv temp /etc/wildduck/wildduck.toml + +cd /opt/wildduck +sudo npm install --production + +chown -R wildduck:wildduck /var/opt/wildduck.git +chown -R wildduck:wildduck /opt/wildduck + +echo '[Unit] +Description=Wild Duck Mail Server +Conflicts=cyrus.service dovecot.service +After=mongod.service redis.service + +[Service] +Environment="NODE_ENV=production" +WorkingDirectory=/opt/wildduck +ExecStart=/usr/bin/node server.js --config="/etc/wildduck/wildduck.toml" +ExecReload=/bin/kill -HUP $MAINPID +Type=simple +Restart=always + +[Install] +WantedBy=multi-user.target' > /etc/systemd/system/wildduck.service + +systemctl enable wildduck.service + +####### HARAKA ####### +cd +sudo npm install --unsafe-perm -g Haraka +haraka -i /opt/haraka +cd /opt/haraka +sudo npm install --save haraka-plugin-wildduck Haraka + +mv config/plugins config/pluginbs.bak + +echo "26214400" > config/databytes + +echo "$HOSTNAME" > config/me + +echo "queue/lmtp +wildduck" > config/plugins + +echo "host=127.0.0.1 +port=24" > config/lmtp.ini + +echo '--- +accounts: + maxStorage: 1024 +redis: "redis://127.0.0.1:6379/3" +mongo: + url: "mongodb://127.0.0.1:27017/wildduck" +srs: + secret: "supersecret" +attachments: + type: "gridstore" + bucket: "attachments" + decodeBase64: true +log: + authlogExpireDays: 30' > config/wildduck.yaml + +echo '[Unit] +Description=Haraka MX Server +After=mongod.service redis.service + +[Service] +Environment="NODE_ENV=production" +WorkingDirectory=/opt/haraka +ExecStart=/usr/bin/node ./node_modules/.bin/haraka -c . +Type=simple +Restart=always + +[Install] +WantedBy=multi-user.target' > /etc/systemd/system/haraka.service + +echo 'user=wildduck +group=wildduck' >> config/smtp.ini + +chown -R wildduck:wildduck /opt/haraka + +systemctl enable haraka.service + +#### ZoneMTA #### + +cd /var/opt +git clone --bare git://github.com/zone-eu/zone-mta-template.git zone-mta.git +mkdir /opt/zone-mta +git --git-dir=/var/opt/zone-mta.git --work-tree=/opt/zone-mta checkout "$ZONEMTA_COMMIT" +cp -r /opt/zone-mta/config /etc/zone-mta +sed -i -e 's/port=2525/port=587/g;s/host="127.0.0.1"/host="0.0.0.0"/g;s/authentication=false/authentication=true/g' /etc/zone-mta/interfaces/feeder.toml +echo '# @include "../wildduck/dbs.toml"' > /etc/zone-mta/dbs-production.toml +echo 'user="wildduck" +group="wildduck"' | cat - /etc/zone-mta/zonemta.toml > temp && mv temp /etc/zone-mta/zonemta.toml + +echo "[\"modules/zonemta-wildduck\"] +enabled=[\"receiver\", \"sender\"] + +# which interfaces this plugin applies to +interfaces=[\"feeder\"] + +# optional hostname to be used in headers +# defaults to os.hostname() +hostname=\"$HOSTNAME\" + +# How long to keep auth records in log +authlogExpireDays=30 + +# SRS settings for forwarded emails + +# Handle rewriting of forwarded emails +forwardedSRS=true +# SRS secret value. Must be the same as in the MX side +secret=\"secret value\" +# SRS domain, must resolve back to MX +rewriteDomain=\"$HOSTNAME\" + +# Delivery settings for local messages +# do not set these values if you do not want to use local delivery + +# Use LMTP instead of SMTP +localLmtp=true +localMxPort=24 +# SMTP/LMTP server for local delivery +[[\"modules/zonemta-wildduck\".localMx]] + priority=0 + # hostname is for logging only, IP is actually used + exchange=\"$HOSTNAME\" + A=[\"127.0.0.1\"] + AAAA=[] +# Interface to be used for local delivery +# Make sure that it can connect to the localMX IP +[\"modules/zonemta-wildduck\".localZoneAddress] + address=\"127.0.0.1\" + name=\"$HOSTNAME\"" > /etc/zone-mta/plugins/wildduck.toml + +cd /opt/zone-mta +sudo npm install zonemta-wildduck --save +sudo npm install --production + +chown -R wildduck:wildduck /var/opt/zone-mta.git +chown -R wildduck:wildduck /opt/zone-mta + +echo '[Unit] +Description=Zone Mail Transport Agent +Conflicts=sendmail.service exim.service postfix.service +After=mongod.service redis.service + +[Service] +Environment="NODE_ENV=production" +WorkingDirectory=/opt/zone-mta +ExecStart=/usr/bin/node index.js --config="/etc/zone-mta/zonemta.toml" +ExecReload=/bin/kill -HUP $MAINPID +Type=simple +Restart=always + +[Install] +WantedBy=multi-user.target' > /etc/systemd/system/zone-mta.service + +systemctl enable zone-mta.service + +#### WWW #### + +cd /var/opt +git clone --bare git://github.com/nodemailer/wildduck-webmail.git +mkdir /opt/wildduck-webmail +git --git-dir=/var/opt/wildduck-webmail.git --work-tree=/opt/wildduck-webmail checkout "$WEBMAIL_COMMIT" +cp /opt/wildduck-webmail/config/default.toml /etc/wildduck/wildduck-webmail.toml + +sed -i -e "s/localhost/$HOSTNAME/g" /etc/wildduck/wildduck-webmail.toml + +cd /opt/wildduck-webmail +sudo npm install --production + +chown -R wildduck:wildduck /var/opt/wildduck-webmail.git +chown -R wildduck:wildduck /opt/wildduck-webmail + +echo '[Unit] +Description=Wildduck Webmail +After=wildduck.service + +[Service] +Environment="NODE_ENV=production" +WorkingDirectory=/opt/wildduck-webmail +ExecStart=/usr/bin/node server.js --config="/etc/wildduck/wildduck-webmail.toml" +ExecReload=/bin/kill -HUP $MAINPID +Type=simple +Restart=always + +[Install] +WantedBy=multi-user.target' > /etc/systemd/system/wildduck-webmail.service + +systemctl enable wildduck-webmail.service + +mv /etc/nginx/sites-available/default /etc/nginx/sites-available/default.bak + +echo 'server { + listen 80 default_server; + listen [::]:80 default_server; + + server_name _; + + location / { + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header HOST $http_host; + proxy_set_header X-NginX-Proxy true; + proxy_pass http://127.0.0.1:3000; + proxy_redirect off; + } +}' > /etc/nginx/sites-available/default + +#### UFW #### + +ufw allow 22/tcp +ufw allow 80/tcp +ufw allow 443/tcp +ufw allow 25/tcp +ufw allow 587/tcp +ufw --force enable + +### start services #### + +systemctl start mongod +systemctl start wildduck +systemctl start haraka +systemctl start zone-mta +systemctl start wildduck-webmail +systemctl reload nginx