nodemailer/wildduck
1
1
Fork 0
mirror of https://github.com/nodemailer/wildduck.git synced 2024-09-20 15:26:03 +08:00
Code Issues Packages Projects Releases Wiki Activity

updated install script

Browse source
This commit is contained in:
System Administrator 2018-04-17 22:09:47 +03:00
parent c72bf2e6ad
commit b6221ef60f
5 changed files with 117 additions and 126 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

6
config/default.toml
View file

@ -1,9 +1,10 @@
# Uncomment if you start the app as root and want to downgrade
# once all privileged actions are completed
# If you do not use privileged ports then you can start the app already under required user account
#user="wildduck"
#group="wildduck"
# process title and syslog ident
# process title
ident="wildduck"
# how many processes to start
@ -48,9 +49,6 @@ bugsnagCode=""
[log]
level="silly"
# log to syslog if true
# not needed if you run the app as systemd service
syslog=false
# delete authentication log entries after 30 days
# changing this value only affects new entries

40
logger.js
View file

@ -1,40 +0,0 @@
'use strict';
const config = require('wild-config');
const log = require('npmlog');
let syslog;
try {
// might not be installed
syslog = require('modern-syslog'); // eslint-disable-line global-require
} catch (E) {
// just ignore
}
if (config.log.syslog && syslog) {
syslog.open(config.ident, syslog.option.LOG_PID, syslog.level.LOG_INFO);
let logger = data => {
data.messageRaw[0] = '(' + data.prefix + ') ' + data.messageRaw[0];
return data.messageRaw;
};
switch (log.level) {
/* eslint-disable no-fallthrough */
case 'silly':
log.on('log.silly', data => syslog.debug(...logger(data)));
case 'verbose':
log.on('log.verbose', data => syslog.info(...logger(data)));
case 'info':
log.on('log.info', data => syslog.notice(...logger(data)));
case 'http':
log.on('log.http', data => syslog.note(...logger(data)));
case 'warn':
log.on('log.warn', data => syslog.warn(...logger(data)));
case 'error':
log.on('log.error', data => syslog.error(...logger(data)));
/* eslint-enable no-fallthrough */
}
log.level = 'silent'; // disable normal log stream
}

10
package.json
View file

@ -6,7 +6,8 @@
"scripts": {
"toc": "markdown-toc -i docs/api.md",
"test": "mongo --eval 'db.dropDatabase()' wildduck-test && redis-cli -n 13 flushdb && NODE_ENV=test grunt",
"apidoc": "apidoc -i lib/api/ -o docs/"
"apidoc": "apidoc -i lib/api/ -o docs/",
"show": "NODE_CONFIG_ONLY=true node server.js"
},
"keywords": ["imap", "mail server"],
"author": "Andris Reinman",
@ -40,7 +41,7 @@
"iconv-lite": "0.4.21",
"ioredfour": "1.0.2-ioredis",
"ioredis": "3.2.2",
"joi": "13.1.2",
"joi": "13.2.0",
"js-yaml": "3.11.0",
"key-fingerprint": "1.1.0",
"libbase64": "1.0.2",
@ -55,7 +56,7 @@
"node-forge": "0.7.5",
"nodemailer": "4.6.4",
"npmlog": "4.1.2",
"openpgp": "3.0.4",
"openpgp": "3.0.7",
"qrcode": "1.2.0",
"restify": "6.4.0",
"restify-logger": "2.0.1",
@ -73,7 +74,6 @@
"url": "git://github.com/wildduck-email/wildduck.git"
},
"optionalDependencies": {
"@ronomon/crypto-async": "2.3.0",
"modern-syslog": "1.1.4"
"@ronomon/crypto-async": "2.3.0"
}
}

1
server.js
View file

@ -17,7 +17,6 @@ const log = require('npmlog');
const packageData = require('./package.json');
log.level = config.log.level;
require('./logger');
const printLogo = () => {
let logo = fs

186
setup/install.sh
View file

@ -12,18 +12,55 @@ fi
HOSTNAME="$1"
WILDDUCK_COMMIT="0b164d0b8956efff78f19d100e6bf0e19a084ca6"
ZONEMTA_COMMIT="be89e4cebce5ff022f80483928892388821c42ce"
WEBMAIL_COMMIT="300b05e4ad7c1421890e3f4166dbd456bfafd04c"
if [ -z "$HOSTNAME" ]
then
PUBLIC_IP=`curl -s https://api.ipify.org`
if [ ! -z "$PUBLIC_IP" ]; then
HOSTNAME=`dig +short -x $PUBLIC_IP | sed 's/\.$//'`
HOSTNAME="${HOSTNAME:-$PUBLIC_IP}"
fi
HOSTNAME="${HOSTNAME:-`hostname`}"
fi
MAILDOMAIN="${2:-$HOSTNAME}"
if lsof -Pi :25 -sTCP:LISTEN -t >/dev/null ; then
echo "Error: SMTP server already running on port 25"
exit 1
fi
if lsof -Pi :587 -sTCP:LISTEN -t >/dev/null ; then
echo "Error: SMTP server already running on port 587"
exit 1
fi
if lsof -Pi :993 -sTCP:LISTEN -t >/dev/null ; then
echo "Error: IMAP server already running on port 993"
exit 1
fi
if lsof -Pi :995 -sTCP:LISTEN -t >/dev/null ; then
echo "Error: POP3 server already running on port 995"
exit 1
fi
if lsof -Pi :80 -sTCP:LISTEN -t >/dev/null ; then
echo "Error: HTTP server already running on port 80"
exit 1
fi
if lsof -Pi :443 -sTCP:LISTEN -t >/dev/null ; then
echo "Error: HTTPS server already running on port 443"
exit 1
fi
WILDDUCK_COMMIT="c72bf2e6ad033a955acb23ffd42b533d3222980f"
ZONEMTA_COMMIT="3a29c8048c6afed8e985a6c4eb9df61b93f49756"
WEBMAIL_COMMIT="221783539bd4382917d750989bb2ab425804f80a"
WILDDUCK_ZONEMTA_COMMIT="1a27ef9ff5020aaaa1b1032deb557525bba7e7ca"
WILDDUCK_HARAKA_COMMIT="92eba398676dd2418a0830256aa554efd09fb546"
HARAKA_VERSION="2.8.17"
if [[ $EUID -ne 0 ]]; then
echo "This script must be run as root" 1>&2
exit 1
fi
# stop on first error
set -e
@ -35,7 +72,7 @@ git --git-dir=/var/opt/$1.git --work-tree=\"/opt/$1\" checkout "\$3" -f
cd \"/opt/$1\"
rm -rf package-lock.json
npm install --production --progress=false
sudo /bin/systemctl restart $1 || echo \"Failed restarting service\"" > "/var/opt/$1.git/hooks/update"
sudo $SYSTEMCTL_PATH restart $1 || echo \"Failed restarting service\"" > "/var/opt/$1.git/hooks/update"
chmod +x "/var/opt/$1.git/hooks/update"
}
@ -46,7 +83,7 @@ cd \"/opt/$1\"
rm -rf package-lock.json
npm install --progress=false
npm run bowerdeps
sudo /bin/systemctl restart $1 || echo \"Failed restarting service\"" > "/var/opt/$1.git/hooks/update"
sudo $SYSTEMCTL_PATH restart $1 || echo \"Failed restarting service\"" > "/var/opt/$1.git/hooks/update"
chmod +x "/var/opt/$1.git/hooks/update"
}
@ -69,7 +106,7 @@ gpg --armor --export 58712A2291FA4AD5 | apt-key add -
echo "deb [ arch=amd64,arm64 ] http://repo.mongodb.org/apt/ubuntu xenial/mongodb-org/3.6 multiverse" | sudo tee /etc/apt/sources.list.d/mongodb-org-3.6.list
apt-get update
apt-get -q -y install curl pwgen git ufw build-essential libssl-dev dnsutils python software-properties-common nginx lsb-release wget
apt-get -q -y install pwgen git ufw build-essential libssl-dev dnsutils python software-properties-common nginx lsb-release wget
# node
curl -sL https://deb.nodesource.com/setup_8.x | bash -
@ -86,12 +123,15 @@ apt-get update
apt-get -q -y install mongodb-org nodejs tor deb.torproject.org-keyring
NODE_PATH=`which node`
SYSTEMCTL_PATH=`which systemctl`
SRS_SECRET=`pwgen 12 -1`
DKIM_SECRET=`pwgen 12 -1`
ZONEMTA_SECRET=`pwgen 12 -1`
DKIM_SELECTOR=`node -e 'console.log(Date().toString().substr(4, 3).toLowerCase() + new Date().getFullYear())'`
DKIM_SELECTOR=`$NODE_PATH -e 'console.log(Date().toString().substr(4, 3).toLowerCase() + new Date().getFullYear())'`
systemctl enable mongod.service
$SYSTEMCTL_PATH enable mongod.service
# redis
apt-add-repository -y ppa:chris-lea/redis-server
@ -108,16 +148,6 @@ apt-get -q -y --no-install-recommends install rspamd
apt-get clean
if [ -z "$HOSTNAME" ]
then
PUBLIC_IP=`curl -s https://api.ipify.org`
if [ ! -z "$PUBLIC_IP" ]; then
HOSTNAME=`dig +short -x $PUBLIC_IP | sed 's/\.$//'`
HOSTNAME="${HOSTNAME:-$PUBLIC_IP}"
fi
HOSTNAME="${HOSTNAME:-`hostname`}"
fi
node -v
redis-server -v
mongod --version
@ -131,8 +161,8 @@ rm -rf /etc/sudoers.d/wildduck
# clear previous install
if [ -f "/etc/systemd/system/wildduck.service" ]
then
systemctl stop wildduck || true
systemctl disable wildduck || true
$SYSTEMCTL_PATH stop wildduck || true
$SYSTEMCTL_PATH disable wildduck || true
rm -rf /etc/systemd/system/wildduck.service
fi
rm -rf /var/opt/wildduck.git
@ -147,7 +177,7 @@ git clone --bare git://github.com/nodemailer/wildduck.git
hook_script wildduck
# allow deploy user to restart wildduck service
echo 'deploy ALL = (root) NOPASSWD: /bin/systemctl restart wildduck' >> /etc/sudoers.d/wildduck
echo "deploy ALL = (root) NOPASSWD: $SYSTEMCTL_PATH restart wildduck" >> /etc/sudoers.d/wildduck
# checkout files from git to working directory
mkdir -p /opt/wildduck
@ -170,7 +200,7 @@ disableSTARTTLS=true" > /etc/wildduck/lmtp.toml
echo "user=\"wildduck\"
group=\"wildduck\"
emailDomain=\"$HOSTNAME\"" | cat - /etc/wildduck/wildduck.toml > temp && mv temp /etc/wildduck/wildduck.toml
emailDomain=\"$MAILDOMAIN\"" | cat - /etc/wildduck/wildduck.toml > temp && mv temp /etc/wildduck/wildduck.toml
sed -i -e "s/localhost:3000/$HOSTNAME/g;s/localhost/$HOSTNAME/g;s/2587/587/g" /etc/wildduck/wildduck.toml
@ -180,31 +210,32 @@ npm install --unsafe-perm --production
chown -R deploy:deploy /var/opt/wildduck.git
chown -R deploy:deploy /opt/wildduck
echo '[Unit]
echo "[Unit]
Description=WildDuck Mail Server
Conflicts=cyrus.service dovecot.service
After=mongod.service redis.service
[Service]
Environment="NODE_ENV=production"
Environment=\"NODE_ENV=production\"
WorkingDirectory=/opt/wildduck
ExecStart=/usr/bin/node server.js --config="/etc/wildduck/wildduck.toml"
ExecReload=/bin/kill -HUP $MAINPID
ExecStart=$NODE_PATH server.js --config=\"/etc/wildduck/wildduck.toml\"
ExecReload=/bin/kill -HUP \$MAINPID
Type=simple
Restart=always
SyslogIdentifier=wildduck-server
[Install]
WantedBy=multi-user.target' > /etc/systemd/system/wildduck.service
WantedBy=multi-user.target" > /etc/systemd/system/wildduck.service
systemctl enable wildduck.service
$SYSTEMCTL_PATH enable wildduck.service
####### HARAKA #######
# clear previous install
if [ -f "/etc/systemd/system/haraka.service" ]
then
systemctl stop haraka || true
systemctl disable haraka || true
$SYSTEMCTL_PATH stop haraka || true
$SYSTEMCTL_PATH disable haraka || true
rm -rf /etc/systemd/system/haraka.service
fi
rm -rf /var/opt/haraka-plugin-wildduck.git
@ -218,11 +249,11 @@ git --git-dir=/var/opt/haraka-plugin-wildduck.git --work-tree=/opt/haraka/plugin
cd /opt/haraka/plugins/wildduck
rm -rf package-lock.json
npm install --production --progress=false
sudo /bin/systemctl restart haraka || echo \"Failed restarting service\"" > "/var/opt/haraka-plugin-wildduck.git/hooks/update"
sudo $SYSTEMCTL_PATH restart haraka || echo \"Failed restarting service\"" > "/var/opt/haraka-plugin-wildduck.git/hooks/update"
chmod +x "/var/opt/haraka-plugin-wildduck.git/hooks/update"
# allow deploy user to restart wildduck service
echo 'deploy ALL = (root) NOPASSWD: /bin/systemctl restart haraka' >> /etc/sudoers.d/wildduck
echo "deploy ALL = (root) NOPASSWD: $SYSTEMCTL_PATH restart haraka" >> /etc/sudoers.d/wildduck
cd
npm install --unsafe-perm -g Haraka@$HARAKA_VERSION
@ -303,6 +334,7 @@ WorkingDirectory=/opt/haraka
ExecStart=/usr/bin/node ./node_modules/.bin/haraka -c .
Type=simple
Restart=always
SyslogIdentifier=haraka
[Install]
WantedBy=multi-user.target' > /etc/systemd/system/haraka.service
@ -317,15 +349,15 @@ chown -R deploy:deploy /var/opt/haraka-plugin-wildduck.git
mkdir -p /opt/haraka/queue
chown -R wildduck:wildduck /opt/haraka/queue
systemctl enable haraka.service
$SYSTEMCTL_PATH enable haraka.service
#### ZoneMTA ####
# clear previous install
if [ -f "/etc/systemd/system/zone-mta.service" ]
then
systemctl stop zone-mta || true
systemctl disable zone-mta || true
$SYSTEMCTL_PATH stop zone-mta || true
$SYSTEMCTL_PATH disable zone-mta || true
rm -rf /etc/systemd/system/zone-mta.service
fi
rm -rf /var/opt/zone-mta.git
@ -345,11 +377,11 @@ git --git-dir=/var/opt/zonemta-wildduck.git --work-tree=/opt/zone-mta/plugins/wi
cd /opt/zone-mta/plugins/wildduck
rm -rf package-lock.json
npm install --production --progress=false
sudo /bin/systemctl restart zone-mta || echo \"Failed restarting service\"" > "/var/opt/zonemta-wildduck.git/hooks/update"
sudo $SYSTEMCTL_PATH restart zone-mta || echo \"Failed restarting service\"" > "/var/opt/zonemta-wildduck.git/hooks/update"
chmod +x "/var/opt/zonemta-wildduck.git/hooks/update"
# allow deploy user to restart zone-mta service
echo 'deploy ALL = (root) NOPASSWD: /bin/systemctl restart zone-mta' >> /etc/sudoers.d/zone-mta
echo "deploy ALL = (root) NOPASSWD: $SYSTEMCTL_PATH restart zone-mta" >> /etc/sudoers.d/zone-mta
# checkout files from git to working directory
mkdir -p /opt/zone-mta
@ -401,7 +433,7 @@ authlogExpireDays=30
# SRS secret value. Must be the same as in the MX side
secret=\"$SRS_SECRET\"
# SRS domain, must resolve back to MX
rewriteDomain=\"$HOSTNAME\"
rewriteDomain=\"$MAILDOMAIN\"
[dkim]
# share config with WildDuck installation
@ -409,12 +441,12 @@ authlogExpireDays=30
" > /etc/zone-mta/plugins/wildduck.toml
cd /opt/zone-mta/keys
openssl genrsa -out "$HOSTNAME-dkim.pem" 2048
chmod 400 "$HOSTNAME-dkim.pem"
openssl rsa -in "$HOSTNAME-dkim.pem" -out "$HOSTNAME-dkim.cert" -pubout
DNS_ADDRESS="v=DKIM1;p=$(grep -v -e '^-' $HOSTNAME-dkim.cert | tr -d "\n")"
openssl genrsa -out "$MAILDOMAIN-dkim.pem" 2048
chmod 400 "$MAILDOMAIN-dkim.pem"
openssl rsa -in "$MAILDOMAIN-dkim.pem" -out "$MAILDOMAIN-dkim.cert" -pubout
DNS_ADDRESS="v=DKIM1;p=$(grep -v -e '^-' $MAILDOMAIN-dkim.cert | tr -d "\n")"
DKIM_JSON=`DOMAIN="$HOSTNAME" SELECTOR="$DKIM_SELECTOR" node -e 'console.log(JSON.stringify({
DKIM_JSON=`DOMAIN="$MAILDOMAIN" SELECTOR="$DKIM_SELECTOR" node -e 'console.log(JSON.stringify({
domain: process.env.DOMAIN,
selector: process.env.SELECTOR,
description: "Default DKIM key for "+process.env.DOMAIN,
@ -444,19 +476,20 @@ ExecStart=/usr/bin/node index.js --config="/etc/zone-mta/zonemta.toml"
ExecReload=/bin/kill -HUP $MAINPID
Type=simple
Restart=always
SyslogIdentifier=zone-mta
[Install]
WantedBy=multi-user.target' > /etc/systemd/system/zone-mta.service
systemctl enable zone-mta.service
$SYSTEMCTL_PATH enable zone-mta.service
#### WWW ####
####
# clear previous install
if [ -f "/etc/systemd/system/wildduck-webmail.service" ]
then
systemctl stop wildduck-webmail || true
systemctl disable wildduck-webmail || true
$SYSTEMCTL_PATH stop wildduck-webmail || true
$SYSTEMCTL_PATH disable wildduck-webmail || true
rm -rf /etc/systemd/system/wildduck-webmail.service
fi
rm -rf /var/opt/wildduck-webmail.git
@ -471,7 +504,7 @@ hook_script_bower wildduck-webmail
chmod +x /var/opt/wildduck-webmail.git/hooks/update
# allow deploy user to restart zone-mta service
echo 'deploy ALL = (root) NOPASSWD: /bin/systemctl restart wildduck-webmail' >> /etc/sudoers.d/wildduck-webmail
echo "deploy ALL = (root) NOPASSWD: $SYSTEMCTL_PATH restart wildduck-webmail" >> /etc/sudoers.d/wildduck-webmail
# checkout files from git to working directory
mkdir -p /opt/wildduck-webmail
@ -500,11 +533,12 @@ ExecStart=/usr/bin/node server.js --config="/etc/wildduck/wildduck-webmail.toml"
ExecReload=/bin/kill -HUP $MAINPID
Type=simple
Restart=always
SyslogIdentifier=wildduck-www
[Install]
WantedBy=multi-user.target' > /etc/systemd/system/wildduck-webmail.service
systemctl enable wildduck-webmail.service
$SYSTEMCTL_PATH enable wildduck-webmail.service
#### NGINX ####
@ -561,7 +595,7 @@ echo "server {
}" > "/etc/nginx/sites-available/$HOSTNAME"
rm -rf "/etc/nginx/sites-enabled/$HOSTNAME"
ln -s "/etc/nginx/sites-available/$HOSTNAME" "/etc/nginx/sites-enabled/$HOSTNAME"
systemctl reload nginx
$SYSTEMCTL_PATH reload nginx
#### UFW ####
@ -620,25 +654,25 @@ server {
proxy_redirect off;
}
}" > "/etc/nginx/sites-available/$HOSTNAME"
systemctl reload nginx
$SYSTEMCTL_PATH reload nginx
# update reload script for future updates
echo '#!/bin/bash
/bin/systemctl reload nginx
/bin/systemctl reload wildduck
/bin/systemctl restart zone-mta
/bin/systemctl restart haraka
/bin/systemctl restart wildduck-webmail' > /usr/local/bin/reload-services.sh
echo "#!/bin/bash
$SYSTEMCTL_PATH reload nginx
$SYSTEMCTL_PATH reload wildduck
$SYSTEMCTL_PATH restart zone-mta
$SYSTEMCTL_PATH restart haraka
$SYSTEMCTL_PATH restart wildduck-webmail" > /usr/local/bin/reload-services.sh
chmod +x /usr/local/bin/reload-services.sh
### start services ####
systemctl start mongod
systemctl start wildduck
systemctl start haraka
systemctl start zone-mta
systemctl start wildduck-webmail
systemctl reload nginx
$SYSTEMCTL_PATH start mongod
$SYSTEMCTL_PATH start wildduck
$SYSTEMCTL_PATH start haraka
$SYSTEMCTL_PATH start zone-mta
$SYSTEMCTL_PATH start wildduck-webmail
$SYSTEMCTL_PATH reload nginx
cd "$INSTALLDIR"
@ -662,21 +696,21 @@ NAMESERVER SETUP
MX
--
Add this MX record to the $HOSTNAME DNS zone:
Add this MX record to the $MAILDOMAIN DNS zone:
$HOSTNAME. IN MX 5 $HOSTNAME.
$MAILDOMAIN. IN MX 5 $HOSTNAME.
SPF
---
Add this TXT record to the $HOSTNAME DNS zone:
Add this TXT record to the $MAILDOMAIN DNS zone:
$HOSTNAME. IN TXT \"v=spf1 a ~all\"
$MAILDOMAIN. IN TXT \"v=spf1 a:$HOSTNAME ~all\"
DKIM
----
Add this TXT record to the $HOSTNAME DNS zone:
Add this TXT record to the $MAILDOMAIN DNS zone:
$DKIM_SELECTOR._domainkey.$HOSTNAME. IN TXT \"$DNS_ADDRESS\"
$DKIM_SELECTOR._domainkey.$MAILDOMAIN. IN TXT \"$DNS_ADDRESS\"
PTR
---
@ -685,7 +719,7 @@ If your hosting provider does not allow you to set PTR records but has
assigned their own hostname, then edit /etc/zone-mta/pools.toml and replace
the hostname $HOSTNAME with the actual hostname of this server.
(this text is also stored to $INSTALLDIR/$HOSTNAME-nameserver.txt)" > "$INSTALLDIR/$HOSTNAME-nameserver.txt"
(this text is also stored to $INSTALLDIR/$MAILDOMAIN-nameserver.txt)" > "$INSTALLDIR/$MAILDOMAIN-nameserver.txt"
printf "Waiting for the server to start up.."
@ -696,7 +730,7 @@ done
echo "."
# Ensure DKIM key
echo "Registering DKIM key for $HOSTNAME"
echo "Registering DKIM key for $MAILDOMAIN"
echo $DKIM_JSON
curl -i -XPOST http://localhost:8080/dkim \
@ -704,6 +738,6 @@ curl -i -XPOST http://localhost:8080/dkim \
-d "$DKIM_JSON"
echo ""
cat "$INSTALLDIR/$HOSTNAME-nameserver.txt"
cat "$INSTALLDIR/$MAILDOMAIN-nameserver.txt"
echo ""
echo "All done, open https://$HOSTNAME/ in your browser"