Updates to install scripts

2018-12-25 10:02:30 +01:00 · 2018-12-25 10:02:30 +01:00 · 40f85a957f
commit 40f85a957f
parent 9204954691
4 changed files with 190 additions and 50 deletions
--- a/setup/functions
+++ b/setup/functions
@ -4,13 +4,9 @@ if hash firewall-cmd 2>/dev/null; then
    firewallCmdExists=yes
 fi

-function installBase {
-    local urlBaseTrusted="$1"
-    local urlBaseSandbox="$2"
-    local urlBasePublic="$3"
-    
+function installPrerequisities {
    yum -y install epel-release
-    
+
    curl --silent --location https://rpm.nodesource.com/setup_10.x | bash -
    cat > /etc/yum.repos.d/mongodb-org.repo <<EOT
 [mongodb-org-4.0]
@ -20,19 +16,26 @@ gpgcheck=1
 enabled=1
 gpgkey=https://www.mongodb.org/static/pgp/server-4.0.asc
 EOT
-    
-    yum -y install mariadb-server nodejs ImageMagick git python redis pwgen bind-utils gcc-c++ make mongodb-org
-    
+
+    yum -y install mariadb-server nodejs ImageMagick git python redis pwgen bind-utils gcc-c++ make mongodb-org bzip2
+
    systemctl start mariadb
    systemctl enable mariadb
-    
+
    systemctl start redis
    systemctl enable redis
-    
+
    systemctl start mongod
    systemctl enable mongod
-    
-    
+}
+
+
+function installMailtrain {
+    local urlBaseTrusted="$1"
+    local urlBaseSandbox="$2"
+    local urlBasePublic="$3"
+    local wwwHost="$4"
+
    mysqlPassword=`pwgen 12 -1`
    mysqlRoPassword=`pwgen 12 -1`
    
@ -54,6 +57,7 @@ roUser: nobody
 roGroup: nobody

 www:
+  host: $wwwHost
  secret: "`pwgen -1`"
  trustedUrlBase: $urlBaseTrusted
  sandboxUrlBase: $urlBaseSandbox
@ -67,11 +71,11 @@ redis:
  enabled: true

 log:
-  level: warn
+  level: info

 builtinZoneMTA:
  log:
-    level: info
+    level: warn

 queue:
  processes: 5
@ -118,10 +122,12 @@ EOT
    systemctl daemon-reload
    
    systemctl start mailtrain.service
-    
+
+    echo
+    echo
    echo "Success! Open http://$urlBaseTrusted/ and login as admin:test"

-    if [ -n "$firewallCmdExists" ]; then
+    if [ -z "$firewallCmdExists" ]; then
        echo "Note that firewall was not setup because firewall-cmd is missing on your system. Please make sure your firewall is correctly setup. If you are on AWS, this means to enable HTTPS and HTTP in your security group."
    fi
 }
@ -144,7 +150,7 @@ function installHttps {
    echo > /etc/httpd/conf.d/mailtrain.conf

    cat >> /etc/httpd/conf.d/mailtrain.conf <<EOT
-<VirtualHost ${hostTrusted}:80>
+<VirtualHost *:80>
    ServerName ${hostTrusted}

    ServerSignature Off
@ -156,7 +162,7 @@ function installHttps {
    LogLevel warn
 </VirtualHost>

-<VirtualHost ${hostSandbox}:80>
+<VirtualHost *:80>
    ServerName ${hostSandbox}

    ServerSignature Off
@ -168,7 +174,7 @@ function installHttps {
    LogLevel warn
 </VirtualHost>

-<VirtualHost ${hostPublic}:80>
+<VirtualHost *:80>
    ServerName ${hostPublic}

    ServerSignature Off
@ -179,6 +185,7 @@ function installHttps {
    ErrorLog logs/${hostPublic}_redirect_error.log
    LogLevel warn
 </VirtualHost>
+
 EOT

    if [ -n "$firewallCmdExists" ]; then
@ -187,7 +194,7 @@ EOT
    fi

    cat >> /etc/httpd/conf.d/mailtrain.conf <<EOT
-<VirtualHost ${hostTrusted}:${portTrusted}>
+<VirtualHost *:${portTrusted}>
    ServerName ${hostTrusted}:${portTrusted}

    ErrorLog logs/${hostTrusted}_ssl_error.log
@ -204,7 +211,7 @@ EOT
    ProxyPassReverse "/" "http://127.0.0.1:3000/"
 </VirtualHost>

-<VirtualHost ${hostSandbox}:${portSandbox}>
+<VirtualHost *:${portSandbox}>
    ServerName ${hostSandbox}:${portSandbox}

    ErrorLog logs/${hostSandbox}_ssl_error.log
@ -221,8 +228,8 @@ EOT
    ProxyPassReverse "/" "http://127.0.0.1:3003/"
 </VirtualHost>

-<VirtualHost ${hostPublic}:${portPublic}>
-    ServerName ${hostPublic}:${portPublic}
+<VirtualHost *:${portPublic}>
+    ServerName *:${portPublic}

    ErrorLog logs/${hostPublic}_ssl_error.log
    TransferLog logs/${hostPublic}_ssl_access.log
@ -257,6 +264,8 @@ EOT


 function createCertificates {
+    # This assumes that HTTPD is not yet running
+
    local hostTrusted="$1"
    local hostSandbox="$2"
    local hostPublic="$3"
@ -271,9 +280,35 @@ function createCertificates {

    certbot certonly --agree-tos --email "${email}" --standalone -n -d "${hostPublic}" -d "${hostTrusted}" -d "${hostSandbox}"

+    # Install cron
+    echo "0 3 * * * /usr/bin/certbot certonly --apache -n -d \"${hostPublic}\" -d \"${hostTrusted}\" -d \"${hostSandbox}\"" > crontab
+    crontab crontab
+    rm -rf crontab
+
    if [ -n "$firewallCmdExists" ]; then
        # Revert firewall to original state
        firewall-cmd --reload
    fi
 }

+
+function installService {
+    cat > /etc/systemd/system/mailtrain.service <<EOT
+[Unit]
+Description=Mailtrain server
+After=syslog.target network.target mariadb.service redis.service mongod.service
+
+[Service]
+Environment="NODE_ENV=production"
+WorkingDirectory=/opt/mailtrain/server
+ExecStart=/usr/bin/node index.js
+Type=simple
+Restart=always
+RestartSec=10
+
+[Install]
+WantedBy=multi-user.target
+EOT
+
+    systemctl daemon-reload
+}
--- a/setup/install-centos7-https.sh
+++ b/setup/install-centos7-https.sh
@ -25,11 +25,12 @@ Installs Mailtrain 2 on CentOS 7. This performs installation for external use. I
 a reverse HTTPS proxy using Apache HTTPD, sets up firewall rules, and obtains a certificate from Letsencrypt.

 You have to allocate three endpoints for Mailtrain - trusted (admin UI), sandbox (editors for templates), public (subscription forms and archive).
-These endpoints have to differ in hostname. It's fine to host them all from one IP address.
+These endpoints have to differ in hostname. It's fine to host them all from one IP address. The email parameters is needed by certbot.

-The email is needed by certbot. Please note that by running the script, you agree with Letsencrypt's conditions.
+Note, that this will automatically accept the Let's Encrypt's Terms of Service.
+Thus, by running this script below, you agree with the Let's Encrypt's Terms of Service (https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf).

-Example: install-centos7-https.sh mailtrain.example.com sbox.mailtrain.example.com mail.example.com admin@example.com
+Example: install-centos7-https.sh mailtrain.example.com sbox.mailtrain.example.com lists.example.com admin@example.com
 EOF

  exit 1
@ -45,8 +46,12 @@ hostSandbox="$2"
 hostPublic="$3"
 email="$4"

+installPrerequisities
+
 createCertificates "${hostTrusted}" "${hostSandbox}" "${hostPublic}" "${email}"

 installHttps "${hostTrusted}" 443 "${hostSandbox}" 443 "${hostPublic}" 443 "/etc/letsencrypt/live/${hostPublic}/cert.pem" "/etc/letsencrypt/live/${hostPublic}/privkey.pem" "/etc/letsencrypt/live/${hostPublic}/chain.pem" 

-installBase "https://${hostTrusted}" "https://${hostSandbox}" "https://${hostPublic}" "${email}"
+installMailtrain "https://${hostTrusted}" "https://${hostSandbox}" "https://${hostPublic}" 127.0.0.1
+
+installService
--- a/setup/install-centos7-local.sh
+++ b/setup/install-centos7-local.sh
@ -1,5 +1,4 @@
 #!/bin/bash
-set -x

 # This installation script works on CentOS 7
 # Run as root!
@ -36,4 +35,8 @@ if [ $# -lt 0 ]; then
        HELP
 fi

-installBase http://localhost:3000 http://localhost:3003 http://localhost:3004
+installPrerequisities
+
+installMailtrain http://localhost:3000 http://localhost:3003 http://localhost:3004 0.0.0.0
+
+installService