public/mailtrain
1
0
Fork 0
Code Issues Pull requests Releases Wiki Activity

Updates in install scripts

Browse source
This commit is contained in:
root 2018-12-25 12:29:26 +01:00
parent 2bfaf344e7
commit 7b7d5ecf2a
5 changed files with 194 additions and 178 deletions
Download patch file Download diff file Expand all files Collapse all files

232
setup/functions
View file

@ -1,10 +1,106 @@
# This is not a standalone script. It provides common functions to server-*.sh scripts # This is not a standalone script. It provides common functions to server-*.sh scripts
local hostType="$1"
case "$hostType" in
centos7)
hostTypeLabel="CentOS 7"
redisService=redis
apacheConf="/etc/httpd/conf.d/mailtrain.conf"
if hash firewall-cmd 2>/dev/null; then if hash firewall-cmd 2>/dev/null; then
firewallCmdExists=yes firewallCmdExists=yes
fi fi
;;
ubuntu1804)
hostTypeLabel="Ubuntu 18.04 LTS"
redisService=redis-server
apacheConf="/etc/apache2/conf-available/mailtrain.conf"
if hash ufw 2>/dev/null; then
firewallCmdExists=yes
fi
;;
esac
function performInstallLocal {
local paramCount="$1"
if [ $paramCount -ne 0 ]; then
echo "Error: incorrect number of parameters."
cat <<EOF
Basic usage: install-${hostType}-local.sh
Installs Mailtrain 2 on ${hostTypeLabel}. This performs installation for local use on HTTP ports 3000, 3003, 3004. If you want
to make these ports available from outside, setup an HTTPS proxy yourself or use install-${hostType}-https.sh instead.
Example: install-${hostType}-local.sh
EOF
exit 1
fi
installPrerequisities
installMailtrain http://localhost:3000 http://localhost:3003 http://localhost:3004 0.0.0.0 false
installService
}
function performInstallHttps {
local paramCount="$1"
hostTrusted="$2"
hostSandbox="$3"
hostPublic="$4"
email="$5"
if [ $paramCount -ne 4 ]; then
echo "Error: incorrect number of parameters."
cat <<EOF
Basic usage: install-${hostType}-https.sh <trusted host> <sandbox host> <public host> <email>
Installs Mailtrain 2 on ${hostTypeLabel}. This performs installation for external use. It installs Mailtrain, sets up
a reverse HTTPS proxy using Apache HTTPD, sets up firewall rules, and obtains a certificate from Letsencrypt.
You have to allocate three endpoints for Mailtrain - trusted (admin UI), sandbox (editors for templates), public (subscription forms and archive).
These endpoints have to differ in hostname. It's fine to host them all from one IP address. The email parameters is needed by certbot.
Note, that this will automatically accept the Let's Encrypt's Terms of Service.
Thus, by running this script below, you agree with the Let's Encrypt's Terms of Service (https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf).
Example: install-${hostType}-https.sh mailtrain.example.com sbox.mailtrain.example.com lists.example.com admin@example.com
EOF
exit 1
fi
installPrerequisities
installHttpd
createCertificates "${hostTrusted}" "${hostSandbox}" "${hostPublic}" "${email}"
installHttpsProxy "${hostTrusted}" 443 "${hostSandbox}" 443 "${hostPublic}" 443 "/etc/letsencrypt/live/${hostPublic}/cert.pem" "/etc/letsencrypt/live/${hostPublic}/privkey.pem" "/etc/letsencrypt/live/${hostPublic}/chain.pem"
installMailtrain "https://${hostTrusted}" "https://${hostSandbox}" "https://${hostPublic}" 127.0.0.1 true
installService
}
function installPrerequisities { function installPrerequisities {
# Run as root!
if [[ $EUID -ne 0 ]]; then
echo "This script must be run as root" 1>&2
exit 1
fi
case "$hostType" in
centos7)
yum -y install epel-release yum -y install epel-release
curl --silent --location https://rpm.nodesource.com/setup_10.x | bash - curl --silent --location https://rpm.nodesource.com/setup_10.x | bash -
@ -17,24 +113,37 @@ enabled=1
gpgkey=https://www.mongodb.org/static/pgp/server-4.0.asc gpgkey=https://www.mongodb.org/static/pgp/server-4.0.asc
EOT EOT
yum -y install mariadb-server nodejs ImageMagick git python redis pwgen bind-utils gcc-c++ make mongodb-org bzip2 yum -y install mariadb-server nodejs ImageMagick redis pwgen gcc-c++ make mongodb-org bzip2
;;
ubuntu1804)
curl -sL https://deb.nodesource.com/setup_10.x | sudo -E bash -
sudo apt-key adv --keyserver hkp://keyserver.ubuntu.com:80 --recv 9DA31620334BD75D9DCB49F368818C72E52529D4
echo "deb [ arch=amd64 ] https://repo.mongodb.org/apt/ubuntu bionic/mongodb-org/4.0 multiverse" | sudo tee /etc/apt/sources.list.d/mongodb-org-4.0.list
apt-get update
apt-get install -y mariadb-server nodejs imagemagick redis pwgen g++ make mongodb-org bzip2
;;
esac
systemctl start mariadb systemctl start mariadb
systemctl enable mariadb systemctl enable mariadb
systemctl start redis systemctl start ${redisService}
systemctl enable redis systemctl enable ${redisService}
systemctl start mongod systemctl start mongod
systemctl enable mongod systemctl enable mongod
} }
function installMailtrain { function installMailtrain {
local urlBaseTrusted="$1" local urlBaseTrusted="$1"
local urlBaseSandbox="$2" local urlBaseSandbox="$2"
local urlBasePublic="$3" local urlBasePublic="$3"
local wwwHost="$4" local wwwHost="$4"
local wwwProxy="$5"
mysqlPassword=`pwgen 12 -1` mysqlPassword=`pwgen 12 -1`
mysqlRoPassword=`pwgen 12 -1` mysqlRoPassword=`pwgen 12 -1`
@ -58,6 +167,7 @@ roGroup: nobody
www: www:
host: $wwwHost host: $wwwHost
proxy: $wwwProxy
secret: "`pwgen -1`" secret: "`pwgen -1`"
trustedUrlBase: $urlBaseTrusted trustedUrlBase: $urlBaseTrusted
sandboxUrlBase: $urlBaseSandbox sandboxUrlBase: $urlBaseSandbox
@ -99,42 +209,48 @@ EOT
chown -R mailtrain:mailtrain . chown -R mailtrain:mailtrain .
chmod o-rwx server/config chmod o-rwx server/config
# Setup log rotation to not spend up entire storage on logs
cat <<EOT > /etc/logrotate.d/mailtrain
/var/log/mailtrain.log {
daily
rotate 12
compress
delaycompress
missingok
notifempty
copytruncate
nomail
} }
EOT
# Set up systemd service script
cp setup/mailtrain-centos7.service /etc/systemd/system/mailtrain.service
systemctl enable mailtrain.service
# Start the service function installHttpd {
systemctl daemon-reload case "$hostType" in
centos7)
yum -y install httpd mod_ssl
systemctl start httpd
systemctl enable httpd
systemctl start mailtrain.service setsebool -P httpd_can_network_connect 1
echo if [ -n "$firewallCmdExists" ]; then
echo # Enable SSL ports on the firewall
echo "Success! Open http://$urlBaseTrusted/ and login as admin:test" for port in "80/tcp" "${portTrusted}/tcp" "${portSandbox}/tcp" "${portPublic}/tcp"; do
firewall-cmd --add-port=$port --permanent
done
if [ -z "$firewallCmdExists" ]; then # Activate the firefall settings
echo "Note that firewall was not setup because firewall-cmd is missing on your system. Please make sure your firewall is correctly setup. If you are on AWS, this means to enable HTTPS and HTTP in your security group." firewall-cmd --reload
fi fi
;;
ubuntu1804)
apt-get install -y apache2
a2enmod ssl
systemctl restart apache2
if [ -n "$firewallCmdExists" ]; then
# Enable SSL ports on the firewall
for port in "80/tcp" "${portTrusted}/tcp" "${portSandbox}/tcp" "${portPublic}/tcp"; do
ufw allow $port
done
ufw --force enable
fi
;;
esac
} }
function installHttpsProxy {
function installHttps {
local hostTrusted="$1" local hostTrusted="$1"
local portTrusted="$2" local portTrusted="$2"
local hostSandbox="$3" local hostSandbox="$3"
@ -145,11 +261,10 @@ function installHttps {
local certificateKey="$8" local certificateKey="$8"
local caChainFile="$9" local caChainFile="$9"
yum -y install httpd mod_ssl
echo > /etc/httpd/conf.d/mailtrain.conf > $apacheConf
cat >> /etc/httpd/conf.d/mailtrain.conf <<EOT cat >> $apacheConf <<EOT
<VirtualHost *:80> <VirtualHost *:80>
ServerName ${hostTrusted} ServerName ${hostTrusted}
@ -186,14 +301,6 @@ function installHttps {
LogLevel warn LogLevel warn
</VirtualHost> </VirtualHost>
EOT
if [ -n "$firewallCmdExists" ]; then
# Enable port 80 on the firewall
firewall-cmd --add-port=80/tcp --permanent
fi
cat >> /etc/httpd/conf.d/mailtrain.conf <<EOT
<VirtualHost *:${portTrusted}> <VirtualHost *:${portTrusted}>
ServerName ${hostTrusted}:${portTrusted} ServerName ${hostTrusted}:${portTrusted}
@ -247,56 +354,53 @@ EOT
EOT EOT
# Enable and start httpd case "$hostType" in
systemctl start httpd centos7)
systemctl enable httpd systemctl restart httpd
;;
if [ -n "$firewallCmdExists" ]; then ubuntu1804)
# Enable SSL ports on the firewall a2enconf mailtrain
for port in "${portTrusted}/tcp" "${portSandbox}/tcp" "${portPublic}/tcp"; do systemctl restart apache2
firewall-cmd --add-port=$port --permanent ;;
done esac
# Activate the firefall settings
firewall-cmd --reload
fi
} }
function createCertificates { function createCertificates {
# This assumes that HTTPD is not yet running # This assumes that HTTPD is already running
local hostTrusted="$1" local hostTrusted="$1"
local hostSandbox="$2" local hostSandbox="$2"
local hostPublic="$3" local hostPublic="$3"
local email="$4" local email="$4"
case "$hostType" in
centos7)
yum install -y certbot yum install -y certbot
;;
if [ -n "$firewallCmdExists" ]; then ubuntu1804)
# Temporarily enable port 80 on the firewall apt-get install -y certbot
firewall-cmd --add-port=80/tcp ;;
fi esac
certbot certonly --agree-tos --email "${email}" --standalone -n -d "${hostPublic}" -d "${hostTrusted}" -d "${hostSandbox}" certbot certonly --agree-tos --email "${email}" --apache -n -d "${hostPublic}" -d "${hostTrusted}" -d "${hostSandbox}"
# Install cron # Install cron
echo "0 3 * * * /usr/bin/certbot certonly --apache -n -d \"${hostPublic}\" -d \"${hostTrusted}\" -d \"${hostSandbox}\"" > crontab echo "0 3 * * * /usr/bin/certbot certonly --apache -n -d \"${hostPublic}\" -d \"${hostTrusted}\" -d \"${hostSandbox}\"" > crontab
crontab crontab crontab crontab
rm -rf crontab rm -rf crontab
if [ -n "$firewallCmdExists" ]; then
# Revert firewall to original state
firewall-cmd --reload
fi
} }
function installService { function installService {
cat > /etc/systemd/system/mailtrain.service <<EOT cat > /etc/systemd/system/mailtrain.service <<EOT
[Unit] [Unit]
Description=Mailtrain server Description=Mailtrain server
After=syslog.target network.target mariadb.service redis.service mongod.service After=syslog.target network.target mariadb.service ${redisService}.service mongod.service
[Service] [Service]
Environment="NODE_ENV=production" Environment="NODE_ENV=production"

52
setup/install-centos7-https.sh
View file

@ -1,57 +1,9 @@
#!/bin/bash #!/bin/bash
# This installation script works on CentOS 7
# Run as root!
if [[ $EUID -ne 0 ]]; then
echo "This script must be run as root" 1>&2
exit 1
fi
set -e set -e
SCRIPT_PATH=$(dirname $(realpath -s $0)) SCRIPT_PATH=$(dirname $(realpath -s $0))
. $SCRIPT_PATH/functions . $SCRIPT_PATH/functions centos7
cd $SCRIPT_PATH/.. cd $SCRIPT_PATH/..
performInstallHttps "$#" "$1" "$2" "$3" "$4"
# Help function
function HELP {
cat <<EOF
Basic usage: install-centos7-https.sh <trusted host> <sandbox host> <public host> <email>
Installs Mailtrain 2 on CentOS 7. This performs installation for external use. It installs Mailtrain, sets up
a reverse HTTPS proxy using Apache HTTPD, sets up firewall rules, and obtains a certificate from Letsencrypt.
You have to allocate three endpoints for Mailtrain - trusted (admin UI), sandbox (editors for templates), public (subscription forms and archive).
These endpoints have to differ in hostname. It's fine to host them all from one IP address. The email parameters is needed by certbot.
Note, that this will automatically accept the Let's Encrypt's Terms of Service.
Thus, by running this script below, you agree with the Let's Encrypt's Terms of Service (https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf).
Example: install-centos7-https.sh mailtrain.example.com sbox.mailtrain.example.com lists.example.com admin@example.com
EOF
exit 1
}
if [ $# -lt 4 ]; then
echo "Error: incorrect number of parameters."
HELP
fi
hostTrusted="$1"
hostSandbox="$2"
hostPublic="$3"
email="$4"
installPrerequisities
createCertificates "${hostTrusted}" "${hostSandbox}" "${hostPublic}" "${email}"
installHttps "${hostTrusted}" 443 "${hostSandbox}" 443 "${hostPublic}" 443 "/etc/letsencrypt/live/${hostPublic}/cert.pem" "/etc/letsencrypt/live/${hostPublic}/privkey.pem" "/etc/letsencrypt/live/${hostPublic}/chain.pem"
installMailtrain "https://${hostTrusted}" "https://${hostSandbox}" "https://${hostPublic}" 127.0.0.1
installService

37
setup/install-centos7-local.sh
View file

@ -1,42 +1,9 @@
#!/bin/bash #!/bin/bash
# This installation script works on CentOS 7
# Run as root!
if [[ $EUID -ne 0 ]]; then
echo "This script must be run as root" 1>&2
exit 1
fi
set -e set -e
SCRIPT_PATH=$(dirname $(realpath -s $0)) SCRIPT_PATH=$(dirname $(realpath -s $0))
. $SCRIPT_PATH/functions . $SCRIPT_PATH/functions centos7
cd $SCRIPT_PATH/.. cd $SCRIPT_PATH/..
performInstallLocal "$#"
# Help function
function HELP {
cat <<EOF
Basic usage: install-centos7-local.sh
Installs Mailtrain 2 on CentOS 7. This performs installation for local use on HTTP ports 3000, 3003, 3004. If you want
to make these ports available from outside, setup an HTTPS proxy yourself or use install-centos7-https.sh instead.
Example: install-centos7-local.sh
EOF
exit 1
}
if [ $# -lt 0 ]; then
echo "Error: incorrect number of parameters."
HELP
fi
installPrerequisities
installMailtrain http://localhost:3000 http://localhost:3003 http://localhost:3004 0.0.0.0
installService

9
setup/install-ubuntu1804-local.sh Normal file
View file

@ -0,0 +1,9 @@
#!/bin/bash
set -e
SCRIPT_PATH=$(dirname $(realpath -s $0))
. $SCRIPT_PATH/functions ubuntu1804
cd $SCRIPT_PATH/..
performInstallLocal "$#"

16
setup/mailtrain-centos7.service
View file

@ -1,16 +0,0 @@
[Unit]
Description=Mailtrain server
Requires=mariadb.service
After=syslog.target network.target
[Service]
Environment="NODE_ENV=production"
WorkingDirectory=/opt/mailtrain/server
ExecStart=/usr/bin/node index.js
Type=simple
Restart=always
RestartSec=10
[Install]
WantedBy=multi-user.target
# Alias=mailtrain.service