public/mailtrain
1
0
Fork 0
Code Issues Pull requests Releases Wiki Activity

Updates in the setup

Browse source
This commit is contained in:
Tomas Bures 2018-12-21 20:21:03 +01:00
parent 5a16d789a0
commit 89a2aa15a4
10 changed files with 138 additions and 545 deletions
Download patch file Download diff file Expand all files Collapse all files

227
server/setup/install-centos7.sh
View file

@ -1,227 +0,0 @@
#!/bin/bash
# This installation script works on CentOS 7
# Run as root!
if [[ $EUID -ne 0 ]]; then
echo "This script must be run as root" 1>&2
exit 1
fi
set -e
yum -y install epel-release
curl --silent --location https://rpm.nodesource.com/setup_7.x | bash -
yum -y install mariadb-server nodejs ImageMagick git python redis pwgen bind-utils gcc-c++ make
systemctl start mariadb
systemctl enable mariadb
systemctl start redis
systemctl enable redis
PUBLIC_IP=`curl -s https://api.ipify.org`
if [ ! -z "$PUBLIC_IP" ]; then
HOSTNAME=`dig +short -x $PUBLIC_IP | sed 's/\.$//'`
HOSTNAME="${HOSTNAME:-$PUBLIC_IP}"
fi
HOSTNAME="${HOSTNAME:-`hostname`}"
MYSQL_PASSWORD=`pwgen 12 -1`
MYSQL_RO_PASSWORD=`pwgen 12 -1`
DKIM_API_KEY=`pwgen 12 -1`
SMTP_PASS=`pwgen 12 -1`
# Setup MySQL user for Mailtrain
mysql -u root -e "CREATE USER 'mailtrain'@'localhost' IDENTIFIED BY '$MYSQL_PASSWORD';"
mysql -u root -e "GRANT ALL PRIVILEGES ON mailtrain.* TO 'mailtrain'@'localhost';"
mysql -u root -e "CREATE USER 'mailtrain_ro'@'localhost' IDENTIFIED BY '$MYSQL_RO_PASSWORD';"
mysql -u root -e "GRANT SELECT ON mailtrain.* TO 'mailtrain_ro'@'localhost';"
mysql -u mailtrain --password="$MYSQL_PASSWORD" -e "CREATE database mailtrain;"
# Enable firewall, allow connections to SSH, HTTP, HTTPS and SMTP
for port in 80/tcp 443/tcp 25/tcp; do firewall-cmd --add-port=$port --permanent; done
firewall-cmd --reload
# Fetch Mailtrain files
mkdir -p /opt/mailtrain
cd /opt/mailtrain
git clone git://github.com/Mailtrain-org/mailtrain.git .
# Normally we would let Mailtrain itself to import the initial SQL data but in this case
# we need to modify it, before we start Mailtrain
mysql -u mailtrain -p"$MYSQL_PASSWORD" mailtrain < setup/sql/mailtrain.sql
mysql -u mailtrain -p"$MYSQL_PASSWORD" mailtrain <<EOT
INSERT INTO \`settings\` (\`key\`, \`value\`) VALUES ('admin_email','admin@$HOSTNAME') ON DUPLICATE KEY UPDATE \`value\`='admin@$HOSTNAME';
INSERT INTO \`settings\` (\`key\`, \`value\`) VALUES ('default_address','admin@$HOSTNAME') ON DUPLICATE KEY UPDATE \`value\`='admin@$HOSTNAME';
INSERT INTO \`settings\` (\`key\`, \`value\`) VALUES ('smtp_hostname','localhost') ON DUPLICATE KEY UPDATE \`value\`='localhost';
INSERT INTO \`settings\` (\`key\`, \`value\`) VALUES ('smtp_disable_auth','') ON DUPLICATE KEY UPDATE \`value\`='';
INSERT INTO \`settings\` (\`key\`, \`value\`) VALUES ('smtp_user','mailtrain') ON DUPLICATE KEY UPDATE \`value\`='mailtrain';
INSERT INTO \`settings\` (\`key\`, \`value\`) VALUES ('smtp_pass','$SMTP_PASS') ON DUPLICATE KEY UPDATE \`value\`='$SMTP_PASS';
INSERT INTO \`settings\` (\`key\`, \`value\`) VALUES ('smtp_encryption','NONE') ON DUPLICATE KEY UPDATE \`value\`='NONE';
INSERT INTO \`settings\` (\`key\`, \`value\`) VALUES ('smtp_port','2525') ON DUPLICATE KEY UPDATE \`value\`='2525';
INSERT INTO \`settings\` (\`key\`, \`value\`) VALUES ('default_homepage','http://$HOSTNAME/') ON DUPLICATE KEY UPDATE \`value\`='http://$HOSTNAME/';
INSERT INTO \`settings\` (\`key\`, \`value\`) VALUES ('service_url','http://$HOSTNAME/') ON DUPLICATE KEY UPDATE \`value\`='http://$HOSTNAME/';
INSERT INTO \`settings\` (\`key\`, \`value\`) VALUES ('dkim_api_key','$DKIM_API_KEY') ON DUPLICATE KEY UPDATE \`value\`='$DKIM_API_KEY';
EOT
# Add new user for the mailtrain daemon to run as
useradd mailtrain || true
useradd zone-mta || true
# Setup installation configuration
cat >> config/production.toml <<EOT
user="mailtrain"
group="mailtrain"
roUser="nobody"
roGroup="nobody"
[log]
level="error"
[www]
port=80
secret="`pwgen -1`"
[mysql]
password="$MYSQL_PASSWORD"
[redis]
enabled=true
[queue]
processes=5
[reports]
enabled=true
EOT
cat >> workers/reports/config/production.toml <<EOT
[log]
level="error"
[mysql]
user="mailtrain_ro"
password="$MYSQL_RO_PASSWORD"
EOT
# Install required node packages
npm install --no-progress --production
chown -R mailtrain:mailtrain .
chmod o-rwx config
# Setup log rotation to not spend up entire storage on logs
cat <<EOM > /etc/logrotate.d/mailtrain
/var/log/mailtrain.log {
daily
rotate 12
compress
delaycompress
missingok
notifempty
copytruncate
nomail
}
EOM
# Set up systemd service script
cp setup/mailtrain-centos7.service /etc/systemd/system/mailtrain.service
systemctl enable mailtrain.service
# Fetch ZoneMTA files
mkdir -p /opt/zone-mta
cd /opt/zone-mta
git clone git://github.com/zone-eu/zone-mta.git .
git checkout 6964091273
# Ensure queue folder
mkdir -p /var/data/zone-mta/mailtrain
# Setup installation configuration
cat >> config/production.json <<EOT
{
"name": "Mailtrain",
"user": "zone-mta",
"group": "zone-mta",
"queue": {
"db": "/var/data/zone-mta/mailtrain"
},
"smtpInterfaces": {
"feeder": {
"enabled": true,
"port": 2525,
"processes": 2,
"authentication": true
}
},
"api": {
"maildrop": false,
"user": "mailtrain",
"pass": "$SMTP_PASS"
},
"log": {
"level": "info",
"syslog": true
},
"plugins": {
"core/email-bounce": false,
"core/http-bounce": {
"enabled": "main",
"url": "http://localhost/webhooks/zone-mta"
},
"core/http-auth": {
"enabled": ["receiver", "main"],
"url": "http://localhost:8080/test-auth"
},
"core/default-headers": {
"enabled": ["receiver", "main", "sender"],
"futureDate": false,
"xOriginatingIP": false
},
"core/http-config": {
"enabled": ["main", "receiver"],
"url": "http://localhost/webhooks/zone-mta/sender-config?api_token=$DKIM_API_KEY"
},
"core/rcpt-mx": false
},
"pools": {
"default": [{
"address": "0.0.0.0",
"name": "$HOSTNAME"
}]
},
"zones": {
"default": {
"processes": 3,
"connections": 5,
"throttling": false,
"pool": "default"
},
"transactional": {
"processes": 1,
"connections": 1,
"pool": "default"
}
},
"domainConfig": {
"default": {
"maxConnections": 4
}
}
}
EOT
# Install required node packages
npm install --no-progress --production
npm install leveldown
# Ensure queue folder is owned by MTA user
chown -R zone-mta:zone-mta /var/data/zone-mta/mailtrain
# Set up systemd service script
cp setup/zone-mta.service /etc/systemd/system/
systemctl enable zone-mta.service
# Start the service
systemctl daemon-reload
systemctl start zone-mta.service
systemctl start mailtrain.service
echo "Success! Open http://$HOSTNAME/ and log in as admin:test";

240
server/setup/install.sh
View file

@ -1,240 +0,0 @@
#!/bin/bash
# This installation script works on Ubuntu 14.04 and 16.04
# Run as root!
if [[ $EUID -ne 0 ]]; then
echo "This script must be run as root" 1>&2
exit 1
fi
set -e
export DEBIAN_FRONTEND=noninteractive
MYSQL_ROOT_PASSWORD=`pwgen 12 -1`
debconf-set-selections <<< 'mariadb-server-5.5 mysql-server/root_password password $MYSQL_ROOT_PASSWORD'
debconf-set-selections <<< 'mariadb-server-5.5 mysql-server/root_password_again password $MYSQL_ROOT_PASSWORD'
curl -sL https://deb.nodesource.com/setup_7.x | bash -
apt-get -q -y install mariadb-server pwgen nodejs imagemagick git ufw build-essential dnsutils python software-properties-common
apt-add-repository -y ppa:chris-lea/redis-server
apt-get update
apt-get -q -y install redis-server
apt-get clean
PUBLIC_IP=`curl -s https://api.ipify.org`
if [ ! -z "$PUBLIC_IP" ]; then
HOSTNAME=`dig +short -x $PUBLIC_IP | sed 's/\.$//'`
HOSTNAME="${HOSTNAME:-$PUBLIC_IP}"
fi
HOSTNAME="${HOSTNAME:-`hostname`}"
MYSQL_PASSWORD=`pwgen 12 -1`
MYSQL_RO_PASSWORD=`pwgen 12 -1`
DKIM_API_KEY=`pwgen 12 -1`
SMTP_PASS=`pwgen 12 -1`
# Setup MySQL user for Mailtrain
mysql -u root -e "CREATE USER 'mailtrain'@'localhost' IDENTIFIED BY '$MYSQL_PASSWORD';" -p$MYSQL_ROOT_PASSWORD
mysql -u root -e "GRANT ALL PRIVILEGES ON mailtrain.* TO 'mailtrain'@'localhost';" -p$MYSQL_ROOT_PASSWORD
mysql -u root -e "CREATE USER 'mailtrain_ro'@'localhost' IDENTIFIED BY '$MYSQL_RO_PASSWORD';" -p$MYSQL_ROOT_PASSWORD
mysql -u root -e "GRANT SELECT ON mailtrain.* TO 'mailtrain_ro'@'localhost';" -p$MYSQL_ROOT_PASSWORD
mysql -u mailtrain --password="$MYSQL_PASSWORD" -e "CREATE database mailtrain;"
# Enable firewall, allow connections to SSH, HTTP, HTTPS and SMTP
ufw allow 22/tcp
ufw allow 80/tcp
ufw allow 443/tcp
ufw allow 25/tcp
ufw --force enable
# Fetch Mailtrain files
mkdir -p /opt/mailtrain
cd /opt/mailtrain
git clone git://github.com/Mailtrain-org/mailtrain.git .
# Normally we would let Mailtrain itself to import the initial SQL data but in this case
# we need to modify it, before we start Mailtrain
mysql -u mailtrain -p"$MYSQL_PASSWORD" mailtrain < setup/sql/mailtrain.sql
mysql -u mailtrain -p"$MYSQL_PASSWORD" mailtrain <<EOT
INSERT INTO \`settings\` (\`key\`, \`value\`) VALUES ('admin_email','admin@$HOSTNAME') ON DUPLICATE KEY UPDATE \`value\`='admin@$HOSTNAME';
INSERT INTO \`settings\` (\`key\`, \`value\`) VALUES ('default_address','admin@$HOSTNAME') ON DUPLICATE KEY UPDATE \`value\`='admin@$HOSTNAME';
INSERT INTO \`settings\` (\`key\`, \`value\`) VALUES ('smtp_hostname','localhost') ON DUPLICATE KEY UPDATE \`value\`='localhost';
INSERT INTO \`settings\` (\`key\`, \`value\`) VALUES ('smtp_disable_auth','') ON DUPLICATE KEY UPDATE \`value\`='';
INSERT INTO \`settings\` (\`key\`, \`value\`) VALUES ('smtp_user','mailtrain') ON DUPLICATE KEY UPDATE \`value\`='mailtrain';
INSERT INTO \`settings\` (\`key\`, \`value\`) VALUES ('smtp_pass','$SMTP_PASS') ON DUPLICATE KEY UPDATE \`value\`='$SMTP_PASS';
INSERT INTO \`settings\` (\`key\`, \`value\`) VALUES ('smtp_encryption','NONE') ON DUPLICATE KEY UPDATE \`value\`='NONE';
INSERT INTO \`settings\` (\`key\`, \`value\`) VALUES ('smtp_port','2525') ON DUPLICATE KEY UPDATE \`value\`='2525';
INSERT INTO \`settings\` (\`key\`, \`value\`) VALUES ('default_homepage','http://$HOSTNAME/') ON DUPLICATE KEY UPDATE \`value\`='http://$HOSTNAME/';
INSERT INTO \`settings\` (\`key\`, \`value\`) VALUES ('service_url','http://$HOSTNAME/') ON DUPLICATE KEY UPDATE \`value\`='http://$HOSTNAME/';
INSERT INTO \`settings\` (\`key\`, \`value\`) VALUES ('dkim_api_key','$DKIM_API_KEY') ON DUPLICATE KEY UPDATE \`value\`='$DKIM_API_KEY';
EOT
# Add new user for the mailtrain daemon to run as
useradd mailtrain || true
useradd zone-mta || true
# Setup installation configuration
cat >> config/production.toml <<EOT
user="mailtrain"
group="mailtrain"
[log]
level="error"
[www]
port=80
secret="`pwgen -1`"
[mysql]
password="$MYSQL_PASSWORD"
[redis]
enabled=true
[queue]
processes=5
EOT
cat >> workers/reports/config/production.toml <<EOT
[log]
level="error"
[mysql]
user="mailtrain_ro"
password="$MYSQL_RO_PASSWORD"
EOT
# Install required node packages
npm install --no-progress --production
chown -R mailtrain:mailtrain .
chmod o-rwx config
# Setup log rotation to not spend up entire storage on logs
cat <<EOM > /etc/logrotate.d/mailtrain
/var/log/mailtrain.log {
daily
rotate 12
compress
delaycompress
missingok
notifempty
copytruncate
nomail
}
EOM
if [ -d "/run/systemd/system" ]; then
# Set up systemd service script
cp setup/mailtrain.service /etc/systemd/system/
systemctl enable mailtrain.service
else
# Set up upstart service script
cp setup/mailtrain.conf /etc/init/
fi
# Fetch ZoneMTA files
mkdir -p /opt/zone-mta
cd /opt/zone-mta
git clone git://github.com/zone-eu/zone-mta.git .
git checkout 6964091273
# Ensure queue folder
mkdir -p /var/data/zone-mta/mailtrain
# Setup installation configuration
cat >> config/production.json <<EOT
{
"name": "Mailtrain",
"user": "zone-mta",
"group": "zone-mta",
"queue": {
"db": "/var/data/zone-mta/mailtrain"
},
"smtpInterfaces": {
"feeder": {
"enabled": true,
"port": 2525,
"processes": 2,
"authentication": true
}
},
"api": {
"maildrop": false,
"user": "mailtrain",
"pass": "$SMTP_PASS"
},
"log": {
"level": "info",
"syslog": true
},
"plugins": {
"core/email-bounce": false,
"core/http-bounce": {
"enabled": "main",
"url": "http://localhost/webhooks/zone-mta"
},
"core/http-auth": {
"enabled": ["receiver", "main"],
"url": "http://localhost:8080/test-auth"
},
"core/default-headers": {
"enabled": ["receiver", "main", "sender"],
"futureDate": false,
"xOriginatingIP": false
},
"core/http-config": {
"enabled": ["main", "receiver"],
"url": "http://localhost/webhooks/zone-mta/sender-config?api_token=$DKIM_API_KEY"
},
"core/rcpt-mx": false
},
"pools": {
"default": [{
"address": "0.0.0.0",
"name": "$HOSTNAME"
}]
},
"zones": {
"default": {
"processes": 3,
"connections": 5,
"throttling": false,
"pool": "default"
},
"transactional": {
"processes": 1,
"connections": 1,
"pool": "default"
}
},
"domainConfig": {
"default": {
"maxConnections": 4
}
}
}
EOT
# Install required node packages
npm install --no-progress --production
npm install leveldown
# Ensure queue folder is owned by MTA user
chown -R zone-mta:zone-mta /var/data/zone-mta/mailtrain
if [ -d "/run/systemd/system" ]; then
# Set up systemd service script
cp setup/zone-mta.service /etc/systemd/system/
systemctl enable zone-mta.service
else
# Set up upstart service script
cp setup/zone-mta.conf /etc/init/
fi
# Start the service
service zone-mta start
service mailtrain start
echo $MYSQL_ROOT_PASSWORD > ~/mysql_root_password
echo "MySQL root password: $MYSQL_ROOT_PASSWORD"
echo "Success! Open http://$HOSTNAME/ and log in as admin:test";

101
server/setup/mailtrain-apache-sample.conf
View file

@ -1,101 +0,0 @@
# This example sets up virtual domains for mailtrain protected by HTTPS (including redirect from http to https)
# Note that you will need mod_proxy and mod_ssl modules installed and enabled
# This setup assumes three DNS names:
# - mail.example.org - public endpoint used for subscriptions, campaign images, etc.
# - mailtrain.example.org - UI for administration and send out emails
# - sbox.mailtrain.example.org - sandbox for templates (to prevent potential XSS attacks in templates)
# It is OK to point all the three DNS entries to the same IP address
# You will need to customize this for your setup. In the least, this means:
# - replace "example.org" with your domain
# - point to your certificate (look for /etc/letsencrypt/live/mail.example.org in the config below)
<VirtualHost mail.example.org:80>
ServerName mail.example.org
ServerSignature Off
RewriteEngine On
RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,QSA,R=permanent]
ErrorLog logs/mail.example.org_redirect_error.log
LogLevel warn
</VirtualHost>
<VirtualHost mailtrain.example.org:80>
ServerName mailtrain.example.org
ServerSignature Off
RewriteEngine On
RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,QSA,R=permanent]
ErrorLog logs/mailtrain.example.org_redirect_error.log
LogLevel warn
</VirtualHost>
<VirtualHost sbox.mailtrain.example.org:80>
ServerName sbox.mailtrain.example.org
ServerSignature Off
RewriteEngine On
RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,QSA,R=permanent]
ErrorLog logs/sbox.mailtrain.example.org_redirect_error.log
LogLevel warn
</VirtualHost>
<VirtualHost mail.example.org:443>
ServerName mail.example.org:443
ErrorLog logs/mail.example.org_ssl_error.log
TransferLog logs/mail.example.org_ssl_access.log
LogLevel warn
SSLEngine on
SSLCertificateFile /etc/letsencrypt/live/mail.example.org/cert.pem
SSLCertificateKeyFile /etc/letsencrypt/live/mail.example.org/privkey.pem
SSLCertificateChainFile /etc/letsencrypt/live/mail.example.org/chain.pem
ProxyPreserveHost On
ProxyPass "/" "http://127.0.0.1:3004/"
ProxyPassReverse "/" "http://127.0.0.1:3004/"
</VirtualHost>
<VirtualHost mailtrain.example.org:443>
ServerName mailtrain.example.org:443
ErrorLog logs/mailtrain.example.org_ssl_error.log
TransferLog logs/mailtrain.example.org_ssl_access.log
LogLevel warn
SSLEngine on
SSLCertificateFile /etc/letsencrypt/live/mail.example.org/cert.pem
SSLCertificateKeyFile /etc/letsencrypt/live/mail.example.org/privkey.pem
SSLCertificateChainFile /etc/letsencrypt/live/mail.example.org/chain.pem
ProxyPreserveHost On
ProxyPass "/" "http://127.0.0.1:3000/"
ProxyPassReverse "/" "http://127.0.0.1:3000/"
</VirtualHost>
<VirtualHost sbox.mailtrain.example.org:443>
ServerName sbox.mailtrain.example.org:443
ErrorLog logs/sbox.mailtrain.example.org_ssl_error.log
TransferLog logs/sbox.mailtrain.example.org_ssl_access.log
LogLevel warn
SSLEngine on
SSLCertificateFile /etc/letsencrypt/live/mail.example.org/cert.pem
SSLCertificateKeyFile /etc/letsencrypt/live/mail.example.org/privkey.pem
SSLCertificateChainFile /etc/letsencrypt/live/mail.example.org/chain.pem
ProxyPreserveHost On
ProxyPass "/" "http://127.0.0.1:3003/"
ProxyPassReverse "/" "http://127.0.0.1:3003/"
</VirtualHost>

16
server/setup/mailtrain-centos7.service
View file

@ -1,16 +0,0 @@
[Unit]
Description=Mailtrain server
Requires=mariadb.service
After=syslog.target network.target
[Service]
Environment="NODE_ENV=production"
WorkingDirectory=/opt/mailtrain
ExecStart=/usr/bin/node index.js
Type=simple
Restart=always
RestartSec=10
[Install]
WantedBy=multi-user.target
# Alias=mailtrain.service

20
server/setup/mailtrain-nginx.conf
View file

@ -1,20 +0,0 @@
# This example sets up mailtrain.org/www.mailtrain.org virtual domains
# for Nginx and proxies requests for these domains to localhost port 3000
server {
listen 80;
listen [::]:80;
server_name mailtrain.org www.mailtrain.org;
access_log /var/log/nginx/mailtrain.log;
location / {
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header HOST $http_host;
proxy_set_header X-NginX-Proxy true;
proxy_pass http://127.0.0.1:3000;
proxy_redirect off;
}
}

17
server/setup/mailtrain.conf
View file

@ -1,17 +0,0 @@
# upstart script for example server
description "Mailtrain server"
author "Andris Reinman <andris@kreata.ee>"
start on runlevel [2345]
stop on runlevel [!2345]
env NODE_ENV=production
respawn
respawn limit 10 0
script
cd /opt/mailtrain
exec node index.js >> /var/log/mailtrain.log 2>&1
end script

16
server/setup/mailtrain.service
View file

@ -1,16 +0,0 @@
[Unit]
Description=Mailtrain server
Requires=mysql.service
After=syslog.target network.target
[Service]
Environment="NODE_ENV=production"
WorkingDirectory=/opt/mailtrain
ExecStart=/usr/bin/node index.js
Type=simple
Restart=always
RestartSec=10
[Install]
WantedBy=multi-user.target
# Alias=mailtrain.service