Updates to install scripts

2018-12-25 10:02:30 +01:00 · 2018-12-25 10:02:30 +01:00 · 40f85a957f
commit 40f85a957f
parent 9204954691
4 changed files with 190 additions and 50 deletions
--- a/README.md
+++ b/README.md
@ -2,15 +2,14 @@

 [Mailtrain](http://mailtrain.org) is a self hosted newsletter application built on Node.js (v10+) and MySQL (v8+) or MariaDB (v10+).

-![](http://mailtrain.org/mailtrain.png)
+![](https://mailtrain.org/mailtrain.png)

 ## Features

-* Subscriber list management
+* Subscriber lists management
 * List segmentation
 * Custom fields
 * Email templates (including MJML-based templates)
-* Large CSV list import files
 * Custom reports
 * Automation (triggered and RSS campaigns)
 * Multiple users with granular user permissions and flexible sharing
@ -20,6 +19,121 @@
 * 1 vCPU
 * 2048 MB RAM

+## Quick Start
+
+### Preparation
+Mailtrain creates three URL endpoints, which are referred to as "trusted", "sandbox" and "public". This allows Mailtrain
+to guarantee security and avoid XSS attacks in the multi-user settings. The function of these three endpoints is as follows:
+- *trusted* - This is the main endpoint for the UI that a logged-in user uses to manage lists, send campaigns, etc.
+- *sandbox* - This is an endpoint not directly visible to a user. It is used to host WYSIWYG template editors.
+- *public* - This is an endpoint for subscribers. It is used to host subscription management forms, files and archive.
+
+The recommended deployment of Mailtrain would use 3 DNS entries that all points to the **same** IP address. For example as follows:
+- *lists.example.com* - public endpoint (A record `lists` under `example.com` domain)
+- *mailtrain.example.com* - trusted endpoint (CNAME record `mailtrain` under `example.com` domain that points to `lists`)
+- *sbox.mailtrain.example.com* - sandbox endpoint (CNAME record `sbox.mailtrain` under `example.com` domain that points to `lists`)
+
+
+
+### Installation on fresh CentOS 7 (public website secured by SSL)
+
+This will setup a publicly accessible Mailtrain instance. All endpoints (trusted, sandbox, public) will provide both HTTP (on port 80)
+and HTTPS (on port 443). The HTTP ports just issue HTTP redirect to their HTTPS counterparts.
+
+The script below will also acquire a valid certificate from [Let's Encrypt](https://letsencrypt.org/).
+If you are hosting Mailtrain on AWS or some other cloud provider, make sure that **before** running the installation
+script you allow inbound connection to ports 80 (HTTP) and 443 (HTTPS).
+
+**Note,** that this will automatically accept the Let's Encrypt's Terms of Service.
+Thus, by running this script below, you agree with the Let's Encrypt's Terms of Service (https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf).
+
+
+
+1. Login as root. (I had some problems running npm as root on CentOS 7 on AWS. This seems to be fixed by the seemingly extraneous `su` within `sudo`.)
+    ```
+    sudo su -
+    ```
+
+2. Install git
+    ```
+    yum install -y git
+    ```
+
+3. Download Mailtrain using git to the `/opt/mailtrain` directory
+    ```
+    cd /opt
+    git clone https://github.com/Mailtrain-org/mailtrain.git
+    cd mailtrain
+    git checkout development
+    ```
+
+4. Run the installation script. Replace the urls and your email address with the correct values. **NOTE** that running this script you agree
+   Let's Encrypt's conditions.
+    ```
+    sh setup/install-centos7-https.sh mailtrain.example.com sbox.mailtrain.example.com lists.example.com admin@example.com
+    ```
+
+5. Start Mailtrain and enable to be started by default when your server starts.
+    ```
+    systemctl start mailtrain
+    systemctl enable mailtrain
+    ```
+
+6. Open the trusted endpoint (like `https://mailtrain.example.com`)
+
+7. Authenticate as `admin`:`test`
+
+8. Update your password under admin/Account
+
+9. Update your settings under Administration/Global Settings.
+
+10. If you intend to sign your email by DKIM, set the DKIM key and DKIM selector under Administration/Send Configurations.
+
+
+### Installation on fresh CentOS 7 (local installation)
+
+This will setup a locally accessible Mailtrain instance (primarily for development and testing).
+All endpoints (trusted, sandbox, public) will provide only HTTP as follows:
+- http://localhost:3000 - trusted endpoint
+- http://localhost:3003 - sandbox endpoint
+- http://localhost:3004 - public endpoint
+
+1. Login as root
+    ```
+    sudo -i
+    ```
+
+2. Install git
+    ```
+    yum install -y git
+    ```
+
+3. Download Mailtrain using git to the `/opt/mailtrain` directory
+    ```
+    cd /opt
+    git clone https://github.com/Mailtrain-org/mailtrain.git
+    cd mailtrain
+    git checkout development
+    ```
+
+4. Run the installation script. Replace the urls and your email address with the correct values. **NOTE** that running this script you agree
+   Let's Encrypt's conditions.
+    ```
+    sh setup/install-centos7-local.sh
+    ```
+
+5. Start Mailtrain and enable to be started by default when your server starts.
+    ```
+    systemctl start mailtrain
+    systemctl enable mailtrain
+    ```
+
+6. Open the trusted endpoint http://localhost:3000
+
+7. Authenticate as `admin`:`test`
+
+
+
 ## Quick Start - Deploy with Docker
 #### Requirements:

@ -38,23 +152,6 @@ Depending on how you have configured your system and Docker you may need to prep
 * Navigate to [http://localhost:3000/settings](http://localhost:3000/settings) and update service configuration.
 * Navigate to [http://localhost:3000/users/account](http://localhost:3000/users/account) and update user information and password.

-## Quick Start - Manual Install (any OS that supports Node.js)
-
-### Requirements: 
- * Mailtrain requires at least **Node.js v10**.
-
-  1. Download Mailtrain files using git: `git clone git://github.com/Mailtrain-org/mailtrain.git` (or download [zipped repo](https://github.com/Mailtrain-org/mailtrain/archive/master.zip)) and open Mailtrain folder `cd mailtrain`
-  2. Run `npm install --production` in the Mailtrain folder to install required dependencies
-  3. Copy [config/default.toml](config/default.toml) as `config/production.toml` and update MySQL and any other settings in it
-  4. Run the server `NODE_ENV=production npm start`
-  5. Open [http://localhost:3000/](http://localhost:3000/)
-  6. Authenticate as `admin`:`test`
-  7. Navigate to [http://localhost:3000/settings](http://localhost:3000/settings) and update service configuration
-  8. Navigate to [http://localhost:3000/users/account](http://localhost:3000/users/account) and update user information and password
-
-## Read The Docs
-For more information, please [read the docs](http://docs.mailtrain.org/).
-

 ## License

--- a/setup/functions
+++ b/setup/functions
@ -4,13 +4,9 @@ if hash firewall-cmd 2>/dev/null; then
    firewallCmdExists=yes
 fi

-function installBase {
-    local urlBaseTrusted="$1"
-    local urlBaseSandbox="$2"
-    local urlBasePublic="$3"
-    
+function installPrerequisities {
    yum -y install epel-release
-    
+
    curl --silent --location https://rpm.nodesource.com/setup_10.x | bash -
    cat > /etc/yum.repos.d/mongodb-org.repo <<EOT
 [mongodb-org-4.0]
@ -20,19 +16,26 @@ gpgcheck=1
 enabled=1
 gpgkey=https://www.mongodb.org/static/pgp/server-4.0.asc
 EOT
-    
-    yum -y install mariadb-server nodejs ImageMagick git python redis pwgen bind-utils gcc-c++ make mongodb-org
-    
+
+    yum -y install mariadb-server nodejs ImageMagick git python redis pwgen bind-utils gcc-c++ make mongodb-org bzip2
+
    systemctl start mariadb
    systemctl enable mariadb
-    
+
    systemctl start redis
    systemctl enable redis
-    
+
    systemctl start mongod
    systemctl enable mongod
-    
-    
+}
+
+
+function installMailtrain {
+    local urlBaseTrusted="$1"
+    local urlBaseSandbox="$2"
+    local urlBasePublic="$3"
+    local wwwHost="$4"
+
    mysqlPassword=`pwgen 12 -1`
    mysqlRoPassword=`pwgen 12 -1`
    
@ -54,6 +57,7 @@ roUser: nobody
 roGroup: nobody

 www:
+  host: $wwwHost
  secret: "`pwgen -1`"
  trustedUrlBase: $urlBaseTrusted
  sandboxUrlBase: $urlBaseSandbox
@ -67,11 +71,11 @@ redis:
  enabled: true

 log:
-  level: warn
+  level: info

 builtinZoneMTA:
  log:
-    level: info
+    level: warn

 queue:
  processes: 5
@ -118,10 +122,12 @@ EOT
    systemctl daemon-reload
    
    systemctl start mailtrain.service
-    
+
+    echo
+    echo
    echo "Success! Open http://$urlBaseTrusted/ and login as admin:test"

-    if [ -n "$firewallCmdExists" ]; then
+    if [ -z "$firewallCmdExists" ]; then
        echo "Note that firewall was not setup because firewall-cmd is missing on your system. Please make sure your firewall is correctly setup. If you are on AWS, this means to enable HTTPS and HTTP in your security group."
    fi
 }
@ -144,7 +150,7 @@ function installHttps {
    echo > /etc/httpd/conf.d/mailtrain.conf

    cat >> /etc/httpd/conf.d/mailtrain.conf <<EOT
-<VirtualHost ${hostTrusted}:80>
+<VirtualHost *:80>
    ServerName ${hostTrusted}

    ServerSignature Off
@ -156,7 +162,7 @@ function installHttps {
    LogLevel warn
 </VirtualHost>

-<VirtualHost ${hostSandbox}:80>
+<VirtualHost *:80>
    ServerName ${hostSandbox}

    ServerSignature Off
@ -168,7 +174,7 @@ function installHttps {
    LogLevel warn
 </VirtualHost>

-<VirtualHost ${hostPublic}:80>
+<VirtualHost *:80>
    ServerName ${hostPublic}

    ServerSignature Off
@ -179,6 +185,7 @@ function installHttps {
    ErrorLog logs/${hostPublic}_redirect_error.log
    LogLevel warn
 </VirtualHost>
+
 EOT

    if [ -n "$firewallCmdExists" ]; then
@ -187,7 +194,7 @@ EOT
    fi

    cat >> /etc/httpd/conf.d/mailtrain.conf <<EOT
-<VirtualHost ${hostTrusted}:${portTrusted}>
+<VirtualHost *:${portTrusted}>
    ServerName ${hostTrusted}:${portTrusted}

    ErrorLog logs/${hostTrusted}_ssl_error.log
@ -204,7 +211,7 @@ EOT
    ProxyPassReverse "/" "http://127.0.0.1:3000/"
 </VirtualHost>

-<VirtualHost ${hostSandbox}:${portSandbox}>
+<VirtualHost *:${portSandbox}>
    ServerName ${hostSandbox}:${portSandbox}

    ErrorLog logs/${hostSandbox}_ssl_error.log
@ -221,8 +228,8 @@ EOT
    ProxyPassReverse "/" "http://127.0.0.1:3003/"
 </VirtualHost>

-<VirtualHost ${hostPublic}:${portPublic}>
-    ServerName ${hostPublic}:${portPublic}
+<VirtualHost *:${portPublic}>
+    ServerName *:${portPublic}

    ErrorLog logs/${hostPublic}_ssl_error.log
    TransferLog logs/${hostPublic}_ssl_access.log
@ -257,6 +264,8 @@ EOT


 function createCertificates {
+    # This assumes that HTTPD is not yet running
+
    local hostTrusted="$1"
    local hostSandbox="$2"
    local hostPublic="$3"
@ -271,9 +280,35 @@ function createCertificates {

    certbot certonly --agree-tos --email "${email}" --standalone -n -d "${hostPublic}" -d "${hostTrusted}" -d "${hostSandbox}"

+    # Install cron
+    echo "0 3 * * * /usr/bin/certbot certonly --apache -n -d \"${hostPublic}\" -d \"${hostTrusted}\" -d \"${hostSandbox}\"" > crontab
+    crontab crontab
+    rm -rf crontab
+
    if [ -n "$firewallCmdExists" ]; then
        # Revert firewall to original state
        firewall-cmd --reload
    fi
 }

+
+function installService {
+    cat > /etc/systemd/system/mailtrain.service <<EOT
+[Unit]
+Description=Mailtrain server
+After=syslog.target network.target mariadb.service redis.service mongod.service
+
+[Service]
+Environment="NODE_ENV=production"
+WorkingDirectory=/opt/mailtrain/server
+ExecStart=/usr/bin/node index.js
+Type=simple
+Restart=always
+RestartSec=10
+
+[Install]
+WantedBy=multi-user.target
+EOT
+
+    systemctl daemon-reload
+}
--- a/setup/install-centos7-https.sh
+++ b/setup/install-centos7-https.sh
@ -25,11 +25,12 @@ Installs Mailtrain 2 on CentOS 7. This performs installation for external use. I
 a reverse HTTPS proxy using Apache HTTPD, sets up firewall rules, and obtains a certificate from Letsencrypt.

 You have to allocate three endpoints for Mailtrain - trusted (admin UI), sandbox (editors for templates), public (subscription forms and archive).
-These endpoints have to differ in hostname. It's fine to host them all from one IP address.
+These endpoints have to differ in hostname. It's fine to host them all from one IP address. The email parameters is needed by certbot.

-The email is needed by certbot. Please note that by running the script, you agree with Letsencrypt's conditions.
+Note, that this will automatically accept the Let's Encrypt's Terms of Service.
+Thus, by running this script below, you agree with the Let's Encrypt's Terms of Service (https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf).

-Example: install-centos7-https.sh mailtrain.example.com sbox.mailtrain.example.com mail.example.com admin@example.com
+Example: install-centos7-https.sh mailtrain.example.com sbox.mailtrain.example.com lists.example.com admin@example.com
 EOF

  exit 1
@ -45,8 +46,12 @@ hostSandbox="$2"
 hostPublic="$3"
 email="$4"

+installPrerequisities
+
 createCertificates "${hostTrusted}" "${hostSandbox}" "${hostPublic}" "${email}"

 installHttps "${hostTrusted}" 443 "${hostSandbox}" 443 "${hostPublic}" 443 "/etc/letsencrypt/live/${hostPublic}/cert.pem" "/etc/letsencrypt/live/${hostPublic}/privkey.pem" "/etc/letsencrypt/live/${hostPublic}/chain.pem" 

-installBase "https://${hostTrusted}" "https://${hostSandbox}" "https://${hostPublic}" "${email}"
+installMailtrain "https://${hostTrusted}" "https://${hostSandbox}" "https://${hostPublic}" 127.0.0.1
+
+installService
--- a/setup/install-centos7-local.sh
+++ b/setup/install-centos7-local.sh
@ -1,5 +1,4 @@
 #!/bin/bash
-set -x

 # This installation script works on CentOS 7
 # Run as root!
@ -36,4 +35,8 @@ if [ $# -lt 0 ]; then
        HELP
 fi

-installBase http://localhost:3000 http://localhost:3003 http://localhost:3004
+installPrerequisities
+
+installMailtrain http://localhost:3000 http://localhost:3003 http://localhost:3004 0.0.0.0
+
+installService