Updates in the setup

2018-12-21 20:21:03 +01:00 · 2018-12-21 20:21:03 +01:00 · 89a2aa15a4
commit 89a2aa15a4
parent 5a16d789a0
10 changed files with 138 additions and 545 deletions
--- a/setup/install-centos7.sh
+++ b/setup/install-centos7.sh
@ -0,0 +1,137 @@
+#!/bin/bash
+
+# This installation script works on CentOS 7
+# Run as root!
+
+if [[ $EUID -ne 0 ]]; then
+   echo "This script must be run as root" 1>&2
+   exit 1
+fi
+
+set -e
+
+yum -y install epel-release
+
+curl --silent --location https://rpm.nodesource.com/setup_11.x | bash -
+cat > /etc/yum.repos.d/mongodb-org.repo <<EOT
+[mongodb-org-4.0]
+name=MongoDB Repository
+baseurl=https://repo.mongodb.org/yum/redhat/$releasever/mongodb-org/4.0/x86_64/
+gpgcheck=1
+enabled=1
+gpgkey=https://www.mongodb.org/static/pgp/server-4.0.asc
+EOT
+
+yum -y install mariadb-server nodejs ImageMagick git python redis pwgen bind-utils gcc-c++ make mongodb-org
+
+systemctl start mariadb
+systemctl enable mariadb
+
+systemctl start redis
+systemctl enable redis
+
+systemctl start mongod
+systemctl enable mongod
+
+
+PUBLIC_IP=`curl -s https://api.ipify.org`
+if [ ! -z "$PUBLIC_IP" ]; then
+    HOSTNAME=`dig +short -x $PUBLIC_IP | sed 's/\.$//'`
+    HOSTNAME="${HOSTNAME:-$PUBLIC_IP}"
+fi
+HOSTNAME="${HOSTNAME:-`hostname`}"
+
+MYSQL_PASSWORD=`pwgen 12 -1`
+MYSQL_RO_PASSWORD=`pwgen 12 -1`
+
+# Setup MySQL user for Mailtrain
+mysql -u root -e "CREATE USER 'mailtrain'@'localhost' IDENTIFIED BY '$MYSQL_PASSWORD';"
+mysql -u root -e "GRANT ALL PRIVILEGES ON mailtrain.* TO 'mailtrain'@'localhost';"
+mysql -u root -e "CREATE USER 'mailtrain_ro'@'localhost' IDENTIFIED BY '$MYSQL_RO_PASSWORD';"
+mysql -u root -e "GRANT SELECT ON mailtrain.* TO 'mailtrain_ro'@'localhost';"
+mysql -u mailtrain --password="$MYSQL_PASSWORD" -e "CREATE database mailtrain;"
+
+# Enable firewall, allow connections to SSH, HTTP, HTTPS and SMTP
+for port in 80/tcp 443/tcp 25/tcp; do firewall-cmd --add-port=$port --permanent; done
+firewall-cmd --reload
+
+# Fetch Mailtrain files
+mkdir -p /opt/mailtrain
+cd /opt/mailtrain
+git clone git://github.com/Mailtrain-org/mailtrain.git .
+
+# Add new user for the mailtrain daemon to run as
+useradd mailtrain || true
+
+# Setup installation configuration
+cat > config/production.yaml <<EOT
+user: mailtrain
+group: mailtrain
+roUser: nobody
+roGroup: nobody
+
+www:
+  port: 3000
+  secret: "`pwgen -1`"
+  trustedUrlBase: http://$HOSTNAME:3000
+  sandboxUrlBase: http://$HOSTNAME:3003
+  publicUrlBase: http://$HOSTNAME:3004
+
+
+mysql:
+  password: "$MYSQL_PASSWORD"
+
+redis:
+  enabled: true
+
+log:
+  level: warn
+
+builtinZoneMTA:
+  log:
+    level: info
+
+queue:
+  processes: 5
+EOT
+
+cat >> workers/reports/config/production.yaml <<EOT
+log:
+  level: warn
+
+mysql:
+  user: mailtrain_ro
+  password: "$MYSQL_RO_PASSWORD"
+EOT
+
+# Install required node packages
+(cd
+npm install --no-progress --production
+
+chown -R mailtrain:mailtrain .
+chmod o-rwx config
+
+# Setup log rotation to not spend up entire storage on logs
+cat <<EOM > /etc/logrotate.d/mailtrain
+/var/log/mailtrain.log {
+    daily
+    rotate 12
+    compress
+    delaycompress
+    missingok
+    notifempty
+    copytruncate
+    nomail
+}
+EOM
+
+# Set up systemd service script
+cp setup/mailtrain-centos7.service /etc/systemd/system/mailtrain.service
+systemctl enable mailtrain.service
+
+# Start the service
+systemctl daemon-reload
+
+systemctl start mailtrain.service
+
+echo "Success! Open http://$HOSTNAME/ and log in as admin:test";
--- a/setup/mailtrain-apache-sample.conf
+++ b/setup/mailtrain-apache-sample.conf
@ -0,0 +1,101 @@
+# This example sets up virtual domains for mailtrain protected by HTTPS (including redirect from http to https)
+# Note that you will need mod_proxy and mod_ssl modules installed and enabled
+
+# This setup assumes three DNS names:
+# - mail.example.org - public endpoint used for subscriptions, campaign images, etc.
+# - mailtrain.example.org - UI for administration and send out emails
+# - sbox.mailtrain.example.org - sandbox for templates (to prevent potential XSS attacks in templates)
+
+# It is OK to point all the three DNS entries to the same IP address
+
+# You will need to customize this for your setup. In the least, this means:
+# - replace "example.org" with your domain
+# - point to your certificate (look for /etc/letsencrypt/live/mail.example.org in the config below)
+
+<VirtualHost mail.example.org:80>
+    ServerName mail.example.org
+
+    ServerSignature Off
+
+    RewriteEngine On
+    RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,QSA,R=permanent]
+
+    ErrorLog logs/mail.example.org_redirect_error.log
+    LogLevel warn
+</VirtualHost>
+
+<VirtualHost mailtrain.example.org:80>
+    ServerName mailtrain.example.org
+
+    ServerSignature Off
+
+    RewriteEngine On
+    RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,QSA,R=permanent]
+
+    ErrorLog logs/mailtrain.example.org_redirect_error.log
+    LogLevel warn
+</VirtualHost>
+
+<VirtualHost sbox.mailtrain.example.org:80>
+    ServerName sbox.mailtrain.example.org
+
+    ServerSignature Off
+
+    RewriteEngine On
+    RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,QSA,R=permanent]
+
+    ErrorLog logs/sbox.mailtrain.example.org_redirect_error.log
+    LogLevel warn
+</VirtualHost>
+
+<VirtualHost mail.example.org:443>
+    ServerName mail.example.org:443
+
+    ErrorLog logs/mail.example.org_ssl_error.log
+    TransferLog logs/mail.example.org_ssl_access.log
+    LogLevel warn
+
+    SSLEngine on
+    SSLCertificateFile /etc/letsencrypt/live/mail.example.org/cert.pem
+    SSLCertificateKeyFile /etc/letsencrypt/live/mail.example.org/privkey.pem
+    SSLCertificateChainFile /etc/letsencrypt/live/mail.example.org/chain.pem
+
+    ProxyPreserveHost On
+    ProxyPass "/" "http://127.0.0.1:3004/"
+    ProxyPassReverse "/" "http://127.0.0.1:3004/"
+</VirtualHost>
+
+<VirtualHost mailtrain.example.org:443>
+    ServerName mailtrain.example.org:443
+
+    ErrorLog logs/mailtrain.example.org_ssl_error.log
+    TransferLog logs/mailtrain.example.org_ssl_access.log
+    LogLevel warn
+
+    SSLEngine on
+    SSLCertificateFile /etc/letsencrypt/live/mail.example.org/cert.pem
+    SSLCertificateKeyFile /etc/letsencrypt/live/mail.example.org/privkey.pem
+    SSLCertificateChainFile /etc/letsencrypt/live/mail.example.org/chain.pem
+
+    ProxyPreserveHost On
+    ProxyPass "/" "http://127.0.0.1:3000/"
+    ProxyPassReverse "/" "http://127.0.0.1:3000/"
+</VirtualHost>
+
+<VirtualHost sbox.mailtrain.example.org:443>
+    ServerName sbox.mailtrain.example.org:443
+
+    ErrorLog logs/sbox.mailtrain.example.org_ssl_error.log
+    TransferLog logs/sbox.mailtrain.example.org_ssl_access.log
+    LogLevel warn
+
+    SSLEngine on
+    SSLCertificateFile /etc/letsencrypt/live/mail.example.org/cert.pem
+    SSLCertificateKeyFile /etc/letsencrypt/live/mail.example.org/privkey.pem
+    SSLCertificateChainFile /etc/letsencrypt/live/mail.example.org/chain.pem
+
+    ProxyPreserveHost On
+    ProxyPass "/" "http://127.0.0.1:3003/"
+    ProxyPassReverse "/" "http://127.0.0.1:3003/"
+</VirtualHost>
+
--- a/setup/mailtrain-centos7.service
+++ b/setup/mailtrain-centos7.service
@ -0,0 +1,16 @@
+[Unit]
+Description=Mailtrain server
+Requires=mariadb.service
+After=syslog.target network.target
+
+[Service]
+Environment="NODE_ENV=production"
+WorkingDirectory=/opt/mailtrain/server
+ExecStart=/usr/bin/node index.js
+Type=simple
+Restart=always
+RestartSec=10
+
+[Install]
+WantedBy=multi-user.target
+# Alias=mailtrain.service