c209b3af26
* Switches to latest tagged release for repo checkouts Replaces hardcoded commit hashes with a function that checks out the latest tagged release for each repository. Improves deployment flow by automatically tracking stable upstream releases. * Enforces supported architectures in install scripts Adds explicit architecture detection and validation to setup scripts, restricting them to amd64, arm64, and armhf. Updates repository configuration to use detected architecture for package sources, improving compatibility and preventing installation on unsupported systems. * Updates npm install flags for improved dependency handling Replaces deprecated and less explicit npm install flags with --omit=dev and --omit=optional to better control installed dependencies and align with modern npm practices. Reduces potential for installing unnecessary packages and improves script reliability. * Reformats SSL certificate issuance command by placing each argument on a separate line, enhancing readability and simplifying future modifications. * Updates Node.js and MongoDB to latest major versions Ensures compatibility and access to new features by moving to Node.js 22 and MongoDB 8.0. Prepares environment for current ecosystem dependencies and future-proofing. * add ending line * fix typos, improve consistency, fix npm install script, make it more modern * improve consistency --------- Co-authored-by: Joosep Jõeleht <joosep@zone.ee> Co-authored-by: Nikolai Ovtsinnikov <nikolai@zone.ee> |
||
|---|---|---|
| .. | ||
| 00_install_global_functions_variables.sh | ||
| 01_install_commits.sh | ||
| 02_install_prerequisites.sh | ||
| 03_install_check_running_services.sh | ||
| 04_install_import_keys.sh | ||
| 05_install_packages.sh | ||
| 06_install_enable_services.sh | ||
| 07_install_wildduck.sh | ||
| 08_install_haraka.sh | ||
| 09_install_zone_mta.sh | ||
| 10_install_wildduck_webmail.sh | ||
| 11_install_nginx.sh | ||
| 12_install_ufw_rules.sh | ||
| 13_install_ssl_certs.sh | ||
| 14_install_start_services.sh | ||
| 15_install_deploy.sh | ||
| get_install.sh | ||
| install.sh | ||
| README.md | ||
WildDuck Installer
Here you can find an example install script to install WildDuck with Haraka and ZoneMTA. The install script is self contained, you can upload to your server and start it as root. It fetches all required files from Github. After installation you should see exactly the same web interface as in https://webmail.wildduck.email/
The install script should work with Ubuntu version from 22.04 (probably also with 20.04) and the server must be blank. Blank meaning that there should be no existing software installed (eg. Apache, MySQL or Postfix). If the server already has something installed, then remove the extra applications before running this script. This also means that you should not run the install script in a VPS that you already use for other stuff.
What does it do?
This install script installs and configures the following components:
- WildDuck Mail Server for IMAP and POP3
- Haraka with WildDuck plugin for incoming email
- ZoneMTA with WildDuck plugin for outbound email
- WildDuck Webmail for creating accounts and viewing messages
- Nginx to serve the webmail component
- acme.sh to manage Let's Encrypt certificates
- Rspamd to check messages for spam. Messages detected as spam are routed to Junk Mail folder by default
- ClamAV to check messages for viruses. ClamAV is disabled by default, you need to enable it in the Haraka plugins file
- Unprivileged Deploy user to easily checkout and publish code changes via git
- ufw firewall to only allow public ports (so make sure your ssh runs on port 22 or otherwise change the install script first)
What it does not configure:
- DNS settings. These you need to handle yourself. See domainname-nameserver.txt file after installation for DNS configuration (includes DKIM)
Security
All components use TLS/HTTPS with Let's Encrypt certificates by default. Webmail component allows to set up two factor authentication (both TOTP and U2F). If 2FA is enabled then you can also generate application specific passwords for external applications (eg. for the IMAP client) from the Webmail interface as master password can not be used in that case.
Usage
Run the following commands as root user. Before actually starting install.sh you could inspect it to see what it exactly does.
Important
Run the following commands as
root
wget -O - https://raw.githubusercontent.com/zone-eu/wildduck/master/setup/get_install.sh | bash
./install.sh mydomain.com mail.mydomain.com
Where mydomain.com is the email address domain and mail.mydomain.com is the hostname of current server.
Make sure that used hostname points to current server as the install script tries to fetch an SSL certificate from Let's Encrypt. The MX for email address domain should point to server hostname.
If the installation succeeds then the installer writes DNS configuration to domainname-nameserver.txt file. Set up the provided DNS entries from this file before sending and receiving email.
Next point your browser to https://mydomain.com/ and you should see the WildDuck example webmail app where you can create an email account.
Config files
Configuration files are installed to the following locations:
- WildDuck: /etc/wildduck
- ZoneMTA: /etc/zone-mta
- WildDuck Webmail: /etc/wildduck/wildduck-webmail.toml
- Haraka: /opt/haraka/config
Log files
All stdout and stderr is written to service specific log files. For example WildDuck server logs can be found from /var/log/wildduck-server/wildduck-server.log.
Code changes
Install script sets up applications as remote git repositories. You can clone these to your own machine using a special deploy user. If you push changes back to the remote repo, related services are restarted automatically.
$ git clone deploy@hostname:/var/opt/wildduck.git
$ cd wildduck
$ git checkout master
$ .... make some changes
$ git add .
$ git commit -m "made some changes"
$ git push origin master -f