added installer script

This commit is contained in:
Andris Reinman 2017-10-16 13:15:51 +03:00
parent 30f0e83ed3
commit 54662e77ba
2 changed files with 324 additions and 0 deletions

15
setup/README.md Normal file
View file

@ -0,0 +1,15 @@
# Wild Duck Installer
Here you can find an example install script to install Wild Duck with Haraka and ZoneMTA. The install script is self contained, you can upload to your server and start it. It fetches all required files from Github by itself.
## Usage
sudo ./install.sh mydomain.com
Where mydomain.com is the domain name of your server.
If everything succeeds then open your browser http://mydomain.com/ and you should see the Wild Duck example webmail app. Create an account using that app and start receiving and sending emails! (Make sure though that your MX DNS uses mydomain.com)
The install script is tested on Ubuntu 16.04 and the server must be blank. There should be no existing software installed (eg. Apache or MySQL). If the server already has something installed, then remove the extra application before running this script.
Be aware though that the installation is not set up securely. MongoDB and Redis do not have authentication enabled. There are only self-signed certs installed (and Haraka on port 25 does not have any certs installed). The webmail app rins on HTTP which also means that Yubikey 2FA does not work.

309
setup/install.sh Executable file
View file

@ -0,0 +1,309 @@
#!/bin/bash
# Run as root:
# sudo ./install.sh [maildomain.com]
HOSTNAME="$1"
WILDDUCK_COMMIT="30f0e83ed34efcaacd56b997d85a0b76ad1cdd8d"
ZONEMTA_COMMIT="88f73b6f6fa4c1135af611d1bb79213ed5ee3869"
WEBMAIL_COMMIT="bbac73339f192b1dfa39be20ac3a6acf5ffffc07"
if [[ $EUID -ne 0 ]]; then
echo "This script must be run as root" 1>&2
exit 1
fi
# stop on first error
set -e
export DEBIAN_FRONTEND=noninteractive
useradd wildduck
# mongo
apt-key adv --keyserver hkp://keyserver.ubuntu.com:80 --recv 0C49F3730359A14518585931BC711F9BA15703C6
echo "deb [ arch=amd64,arm64 ] http://repo.mongodb.org/apt/ubuntu xenial/mongodb-org/3.4 multiverse" | sudo tee /etc/apt/sources.list.d/mongodb-org-3.4.list
# node
curl -sL https://deb.nodesource.com/setup_8.x | bash -
apt-get update
apt-get -q -y install mongodb-org pwgen nodejs git ufw build-essential libssl-dev dnsutils python software-properties-common nginx
# redis
apt-add-repository -y ppa:chris-lea/redis-server
apt-get update
apt-get -q -y install redis-server
apt-get clean
if [ -z "$HOSTNAME" ]
then
PUBLIC_IP=`curl -s https://api.ipify.org`
if [ ! -z "$PUBLIC_IP" ]; then
HOSTNAME=`dig +short -x $PUBLIC_IP | sed 's/\.$//'`
HOSTNAME="${HOSTNAME:-$PUBLIC_IP}"
fi
HOSTNAME="${HOSTNAME:-`hostname`}"
fi
node -v
redis-server -v
mongod --version
echo "HOSTNAME: $HOSTNAME"
####### WILD DUCK #######
cd /var/opt
git clone --bare git://github.com/nodemailer/wildduck.git
mkdir /opt/wildduck
git --git-dir=/var/opt/wildduck.git --work-tree=/opt/wildduck checkout "$WILDDUCK_COMMIT"
cp -r /opt/wildduck/config /etc/wildduck
mv /etc/wildduck/default.toml /etc/wildduck/wildduck.toml
echo 'sender="zone-mta"' >> /etc/wildduck/dbs.toml
echo 'enabled=true
port=993
host="0.0.0.0"
secure=true' > /etc/wildduck/imap.toml
echo 'enabled=true
port=995
host="0.0.0.0"
secure=true' > /etc/wildduck/pop3.toml
echo "enabled=true
port=24
emailDomain=\"$HOSTNAME\"" > /etc/wildduck/lmtp.toml
echo 'user="wildduck"
group="wildduck"' | cat - /etc/wildduck/wildduck.toml > temp && mv temp /etc/wildduck/wildduck.toml
cd /opt/wildduck
sudo npm install --production
chown -R wildduck:wildduck /var/opt/wildduck.git
chown -R wildduck:wildduck /opt/wildduck
echo '[Unit]
Description=Wild Duck Mail Server
Conflicts=cyrus.service dovecot.service
After=mongod.service redis.service
[Service]
Environment="NODE_ENV=production"
WorkingDirectory=/opt/wildduck
ExecStart=/usr/bin/node server.js --config="/etc/wildduck/wildduck.toml"
ExecReload=/bin/kill -HUP $MAINPID
Type=simple
Restart=always
[Install]
WantedBy=multi-user.target' > /etc/systemd/system/wildduck.service
systemctl enable wildduck.service
####### HARAKA #######
cd
sudo npm install --unsafe-perm -g Haraka
haraka -i /opt/haraka
cd /opt/haraka
sudo npm install --save haraka-plugin-wildduck Haraka
mv config/plugins config/pluginbs.bak
echo "26214400" > config/databytes
echo "$HOSTNAME" > config/me
echo "queue/lmtp
wildduck" > config/plugins
echo "host=127.0.0.1
port=24" > config/lmtp.ini
echo '---
accounts:
maxStorage: 1024
redis: "redis://127.0.0.1:6379/3"
mongo:
url: "mongodb://127.0.0.1:27017/wildduck"
srs:
secret: "supersecret"
attachments:
type: "gridstore"
bucket: "attachments"
decodeBase64: true
log:
authlogExpireDays: 30' > config/wildduck.yaml
echo '[Unit]
Description=Haraka MX Server
After=mongod.service redis.service
[Service]
Environment="NODE_ENV=production"
WorkingDirectory=/opt/haraka
ExecStart=/usr/bin/node ./node_modules/.bin/haraka -c .
Type=simple
Restart=always
[Install]
WantedBy=multi-user.target' > /etc/systemd/system/haraka.service
echo 'user=wildduck
group=wildduck' >> config/smtp.ini
chown -R wildduck:wildduck /opt/haraka
systemctl enable haraka.service
#### ZoneMTA ####
cd /var/opt
git clone --bare git://github.com/zone-eu/zone-mta-template.git zone-mta.git
mkdir /opt/zone-mta
git --git-dir=/var/opt/zone-mta.git --work-tree=/opt/zone-mta checkout "$ZONEMTA_COMMIT"
cp -r /opt/zone-mta/config /etc/zone-mta
sed -i -e 's/port=2525/port=587/g;s/host="127.0.0.1"/host="0.0.0.0"/g;s/authentication=false/authentication=true/g' /etc/zone-mta/interfaces/feeder.toml
echo '# @include "../wildduck/dbs.toml"' > /etc/zone-mta/dbs-production.toml
echo 'user="wildduck"
group="wildduck"' | cat - /etc/zone-mta/zonemta.toml > temp && mv temp /etc/zone-mta/zonemta.toml
echo "[\"modules/zonemta-wildduck\"]
enabled=[\"receiver\", \"sender\"]
# which interfaces this plugin applies to
interfaces=[\"feeder\"]
# optional hostname to be used in headers
# defaults to os.hostname()
hostname=\"$HOSTNAME\"
# How long to keep auth records in log
authlogExpireDays=30
# SRS settings for forwarded emails
# Handle rewriting of forwarded emails
forwardedSRS=true
# SRS secret value. Must be the same as in the MX side
secret=\"secret value\"
# SRS domain, must resolve back to MX
rewriteDomain=\"$HOSTNAME\"
# Delivery settings for local messages
# do not set these values if you do not want to use local delivery
# Use LMTP instead of SMTP
localLmtp=true
localMxPort=24
# SMTP/LMTP server for local delivery
[[\"modules/zonemta-wildduck\".localMx]]
priority=0
# hostname is for logging only, IP is actually used
exchange=\"$HOSTNAME\"
A=[\"127.0.0.1\"]
AAAA=[]
# Interface to be used for local delivery
# Make sure that it can connect to the localMX IP
[\"modules/zonemta-wildduck\".localZoneAddress]
address=\"127.0.0.1\"
name=\"$HOSTNAME\"" > /etc/zone-mta/plugins/wildduck.toml
cd /opt/zone-mta
sudo npm install zonemta-wildduck --save
sudo npm install --production
chown -R wildduck:wildduck /var/opt/zone-mta.git
chown -R wildduck:wildduck /opt/zone-mta
echo '[Unit]
Description=Zone Mail Transport Agent
Conflicts=sendmail.service exim.service postfix.service
After=mongod.service redis.service
[Service]
Environment="NODE_ENV=production"
WorkingDirectory=/opt/zone-mta
ExecStart=/usr/bin/node index.js --config="/etc/zone-mta/zonemta.toml"
ExecReload=/bin/kill -HUP $MAINPID
Type=simple
Restart=always
[Install]
WantedBy=multi-user.target' > /etc/systemd/system/zone-mta.service
systemctl enable zone-mta.service
#### WWW ####
cd /var/opt
git clone --bare git://github.com/nodemailer/wildduck-webmail.git
mkdir /opt/wildduck-webmail
git --git-dir=/var/opt/wildduck-webmail.git --work-tree=/opt/wildduck-webmail checkout "$WEBMAIL_COMMIT"
cp /opt/wildduck-webmail/config/default.toml /etc/wildduck/wildduck-webmail.toml
sed -i -e "s/localhost/$HOSTNAME/g" /etc/wildduck/wildduck-webmail.toml
cd /opt/wildduck-webmail
sudo npm install --production
chown -R wildduck:wildduck /var/opt/wildduck-webmail.git
chown -R wildduck:wildduck /opt/wildduck-webmail
echo '[Unit]
Description=Wildduck Webmail
After=wildduck.service
[Service]
Environment="NODE_ENV=production"
WorkingDirectory=/opt/wildduck-webmail
ExecStart=/usr/bin/node server.js --config="/etc/wildduck/wildduck-webmail.toml"
ExecReload=/bin/kill -HUP $MAINPID
Type=simple
Restart=always
[Install]
WantedBy=multi-user.target' > /etc/systemd/system/wildduck-webmail.service
systemctl enable wildduck-webmail.service
mv /etc/nginx/sites-available/default /etc/nginx/sites-available/default.bak
echo 'server {
listen 80 default_server;
listen [::]:80 default_server;
server_name _;
location / {
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header HOST $http_host;
proxy_set_header X-NginX-Proxy true;
proxy_pass http://127.0.0.1:3000;
proxy_redirect off;
}
}' > /etc/nginx/sites-available/default
#### UFW ####
ufw allow 22/tcp
ufw allow 80/tcp
ufw allow 443/tcp
ufw allow 25/tcp
ufw allow 587/tcp
ufw --force enable
### start services ####
systemctl start mongod
systemctl start wildduck
systemctl start haraka
systemctl start zone-mta
systemctl start wildduck-webmail
systemctl reload nginx