From 9204954691a921eefe38ba6fd528fda855d9bfa6 Mon Sep 17 00:00:00 2001
From: Cloud User <centos@ip-172-31-25-13.eu-west-1.compute.internal>
Date: Tue, 25 Dec 2018 08:32:14 +0000
Subject: [PATCH] Updates in install scripts

---
 setup/functions                | 279 ++++++++++++++++++++++++
 setup/functions.sh             | 377 ---------------------------------
 setup/install-centos7-https.sh |   6 +-
 setup/install-centos7-local.sh |   5 +-
 setup/install-centos7.sh       | 161 --------------
 5 files changed, 285 insertions(+), 543 deletions(-)
 create mode 100644 setup/functions
 delete mode 100644 setup/functions.sh
 delete mode 100644 setup/install-centos7.sh

diff --git a/setup/functions b/setup/functions
new file mode 100644
index 00000000..2076d508
--- /dev/null
+++ b/setup/functions
@@ -0,0 +1,279 @@
+# This is not a standalone script. It provides common functions to server-*.sh scripts
+
+if hash firewall-cmd 2>/dev/null; then
+    firewallCmdExists=yes
+fi
+
+function installBase {
+    local urlBaseTrusted="$1"
+    local urlBaseSandbox="$2"
+    local urlBasePublic="$3"
+    
+    yum -y install epel-release
+    
+    curl --silent --location https://rpm.nodesource.com/setup_10.x | bash -
+    cat > /etc/yum.repos.d/mongodb-org.repo <<EOT
+[mongodb-org-4.0]
+name=MongoDB Repository
+baseurl=https://repo.mongodb.org/yum/redhat/\$releasever/mongodb-org/4.0/x86_64/
+gpgcheck=1
+enabled=1
+gpgkey=https://www.mongodb.org/static/pgp/server-4.0.asc
+EOT
+    
+    yum -y install mariadb-server nodejs ImageMagick git python redis pwgen bind-utils gcc-c++ make mongodb-org
+    
+    systemctl start mariadb
+    systemctl enable mariadb
+    
+    systemctl start redis
+    systemctl enable redis
+    
+    systemctl start mongod
+    systemctl enable mongod
+    
+    
+    mysqlPassword=`pwgen 12 -1`
+    mysqlRoPassword=`pwgen 12 -1`
+    
+    # Setup MySQL user for Mailtrain
+    mysql -u root -e "CREATE USER 'mailtrain'@'localhost' IDENTIFIED BY '$mysqlPassword';"
+    mysql -u root -e "GRANT ALL PRIVILEGES ON mailtrain.* TO 'mailtrain'@'localhost';"
+    mysql -u root -e "CREATE USER 'mailtrain_ro'@'localhost' IDENTIFIED BY '$mysqlRoPassword';"
+    mysql -u root -e "GRANT SELECT ON mailtrain.* TO 'mailtrain_ro'@'localhost';"
+    mysql -u mailtrain --password="$mysqlPassword" -e "CREATE database mailtrain;"
+    
+    # Add new user for the mailtrain daemon to run as
+    useradd mailtrain || true
+    
+    # Setup installation configuration
+    cat > server/config/production.yaml <<EOT
+user: mailtrain
+group: mailtrain
+roUser: nobody
+roGroup: nobody
+
+www:
+  secret: "`pwgen -1`"
+  trustedUrlBase: $urlBaseTrusted
+  sandboxUrlBase: $urlBaseSandbox
+  publicUrlBase: $urlBasePublic
+
+
+mysql:
+  password: "$mysqlPassword"
+
+redis:
+  enabled: true
+
+log:
+  level: warn
+
+builtinZoneMTA:
+  log:
+    level: info
+
+queue:
+  processes: 5
+EOT
+    
+    cat >> server/services/workers/reports/config/production.yaml <<EOT
+log:
+  level: warn
+
+mysql:
+  user: mailtrain_ro
+  password: "$mysqlRoPassword"
+EOT
+    
+    # Install required node packages
+    for idx in client shared server zone-mta; do
+        (cd $idx && npm install)
+    done
+    
+    (cd client && npm run build)
+    
+    chown -R mailtrain:mailtrain .
+    chmod o-rwx server/config
+    
+    # Setup log rotation to not spend up entire storage on logs
+    cat <<EOT > /etc/logrotate.d/mailtrain
+/var/log/mailtrain.log {
+    daily
+    rotate 12
+    compress
+    delaycompress
+    missingok
+    notifempty
+    copytruncate
+    nomail
+}
+EOT
+    
+    # Set up systemd service script
+    cp setup/mailtrain-centos7.service /etc/systemd/system/mailtrain.service
+    systemctl enable mailtrain.service
+    
+    # Start the service
+    systemctl daemon-reload
+    
+    systemctl start mailtrain.service
+    
+    echo "Success! Open http://$urlBaseTrusted/ and login as admin:test"
+
+    if [ -n "$firewallCmdExists" ]; then
+        echo "Note that firewall was not setup because firewall-cmd is missing on your system. Please make sure your firewall is correctly setup. If you are on AWS, this means to enable HTTPS and HTTP in your security group."
+    fi
+}
+
+
+
+function installHttps {
+    local hostTrusted="$1"
+    local portTrusted="$2"
+    local hostSandbox="$3"
+    local portSandbox="$4"
+    local hostPublic="$5"
+    local portPublic="$6"
+    local certificateFile="$7"
+    local certificateKey="$8"
+    local caChainFile="$9"
+
+    yum -y install httpd mod_ssl
+
+    echo > /etc/httpd/conf.d/mailtrain.conf
+
+    cat >> /etc/httpd/conf.d/mailtrain.conf <<EOT
+<VirtualHost ${hostTrusted}:80>
+    ServerName ${hostTrusted}
+
+    ServerSignature Off
+
+    RewriteEngine On
+    RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,QSA,R=permanent]
+
+    ErrorLog logs/${hostTrusted}_redirect_error.log
+    LogLevel warn
+</VirtualHost>
+
+<VirtualHost ${hostSandbox}:80>
+    ServerName ${hostSandbox}
+
+    ServerSignature Off
+
+    RewriteEngine On
+    RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,QSA,R=permanent]
+
+    ErrorLog logs/${hostSandbox}_redirect_error.log
+    LogLevel warn
+</VirtualHost>
+
+<VirtualHost ${hostPublic}:80>
+    ServerName ${hostPublic}
+
+    ServerSignature Off
+
+    RewriteEngine On
+    RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,QSA,R=permanent]
+
+    ErrorLog logs/${hostPublic}_redirect_error.log
+    LogLevel warn
+</VirtualHost>
+EOT
+
+    if [ -n "$firewallCmdExists" ]; then
+        # Enable port 80 on the firewall
+        firewall-cmd --add-port=80/tcp --permanent
+    fi
+
+    cat >> /etc/httpd/conf.d/mailtrain.conf <<EOT
+<VirtualHost ${hostTrusted}:${portTrusted}>
+    ServerName ${hostTrusted}:${portTrusted}
+
+    ErrorLog logs/${hostTrusted}_ssl_error.log
+    TransferLog logs/${hostTrusted}_ssl_access.log
+    LogLevel warn
+
+    SSLEngine on
+    SSLCertificateFile ${certificateFile}
+    SSLCertificateKeyFile ${certificateKey}
+    SSLCertificateChainFile ${caChainFile}
+
+    ProxyPreserveHost On
+    ProxyPass "/" "http://127.0.0.1:3000/"
+    ProxyPassReverse "/" "http://127.0.0.1:3000/"
+</VirtualHost>
+
+<VirtualHost ${hostSandbox}:${portSandbox}>
+    ServerName ${hostSandbox}:${portSandbox}
+
+    ErrorLog logs/${hostSandbox}_ssl_error.log
+    TransferLog logs/${hostSandbox}_ssl_access.log
+    LogLevel warn
+
+    SSLEngine on
+    SSLCertificateFile ${certificateFile}
+    SSLCertificateKeyFile ${certificateKey}
+    SSLCertificateChainFile ${caChainFile}
+
+    ProxyPreserveHost On
+    ProxyPass "/" "http://127.0.0.1:3003/"
+    ProxyPassReverse "/" "http://127.0.0.1:3003/"
+</VirtualHost>
+
+<VirtualHost ${hostPublic}:${portPublic}>
+    ServerName ${hostPublic}:${portPublic}
+
+    ErrorLog logs/${hostPublic}_ssl_error.log
+    TransferLog logs/${hostPublic}_ssl_access.log
+    LogLevel warn
+
+    SSLEngine on
+    SSLCertificateFile ${certificateFile}
+    SSLCertificateKeyFile ${certificateKey}
+    SSLCertificateChainFile ${caChainFile}
+
+    ProxyPreserveHost On
+    ProxyPass "/" "http://127.0.0.1:3004/"
+    ProxyPassReverse "/" "http://127.0.0.1:3004/"
+</VirtualHost>
+EOT
+
+
+    # Enable and start httpd
+    systemctl start httpd
+    systemctl enable httpd
+
+    if [ -n "$firewallCmdExists" ]; then
+        # Enable SSL ports on the firewall
+        for port in "${portTrusted}/tcp" "${portSandbox}/tcp" "${portPublic}/tcp"; do
+            firewall-cmd --add-port=$port --permanent
+        done
+
+        # Activate the firefall settings
+        firewall-cmd --reload
+    fi
+}
+
+
+function createCertificates {
+    local hostTrusted="$1"
+    local hostSandbox="$2"
+    local hostPublic="$3"
+    local email="$4"
+
+    yum install -y certbot
+
+    if [ -n "$firewallCmdExists" ]; then
+        # Temporarily enable port 80 on the firewall
+        firewall-cmd --add-port=80/tcp
+    fi
+
+    certbot certonly --agree-tos --email "${email}" --standalone -n -d "${hostPublic}" -d "${hostTrusted}" -d "${hostSandbox}"
+
+    if [ -n "$firewallCmdExists" ]; then
+        # Revert firewall to original state
+        firewall-cmd --reload
+    fi
+}
+
diff --git a/setup/functions.sh b/setup/functions.sh
deleted file mode 100644
index 505f289f..00000000
--- a/setup/functions.sh
+++ /dev/null
@@ -1,377 +0,0 @@
-# This is not a standalone script. It provides common functions to server-*.sh scripts
-
-function installBase {
-    local urlBaseTrusted="$1"
-    local urlBaseSandbox="$2"
-    local urlBasePublic="$3"
-    
-    yum -y install epel-release
-    
-    curl --silent --location https://rpm.nodesource.com/setup_11.x | bash -
-    cat > /etc/yum.repos.d/mongodb-org.repo <<EOT
-    [mongodb-org-4.0]
-    name=MongoDB Repository
-    baseurl=https://repo.mongodb.org/yum/redhat/\$releasever/mongodb-org/4.0/x86_64/
-    gpgcheck=1
-    enabled=1
-    gpgkey=https://www.mongodb.org/static/pgp/server-4.0.asc
-    EOT
-    
-    yum -y install mariadb-server nodejs ImageMagick git python redis pwgen bind-utils gcc-c++ make mongodb-org
-    
-    systemctl start mariadb
-    systemctl enable mariadb
-    
-    systemctl start redis
-    systemctl enable redis
-    
-    systemctl start mongod
-    systemctl enable mongod
-    
-    
-    mysqlPassword=`pwgen 12 -1`
-    mysqlRoPassword=`pwgen 12 -1`
-    
-    # Setup MySQL user for Mailtrain
-    mysql -u root -e "CREATE USER 'mailtrain'@'localhost' IDENTIFIED BY '$mysqlPassword';"
-    mysql -u root -e "GRANT ALL PRIVILEGES ON mailtrain.* TO 'mailtrain'@'localhost';"
-    mysql -u root -e "CREATE USER 'mailtrain_ro'@'localhost' IDENTIFIED BY '$mysqlRoPassword';"
-    mysql -u root -e "GRANT SELECT ON mailtrain.* TO 'mailtrain_ro'@'localhost';"
-    mysql -u mailtrain --password="$mysqlPassword" -e "CREATE database mailtrain;"
-    
-    # Add new user for the mailtrain daemon to run as
-    useradd mailtrain || true
-    
-    # Setup installation configuration
-    cat > server/config/production.yaml <<EOT
-    user: mailtrain
-    group: mailtrain
-    roUser: nobody
-    roGroup: nobody
-    
-    www:
-      secret: "`pwgen -1`"
-      trustedUrlBase: $urlBaseTrusted
-      sandboxUrlBase: $urlBaseSandbox
-      publicUrlBase: $urlBasePublic
-    
-    
-    mysql:
-      password: "$mysqlPassword"
-    
-    redis:
-      enabled: true
-    
-    log:
-      level: warn
-    
-    builtinZoneMTA:
-      log:
-        level: info
-    
-    queue:
-      processes: 5
-    EOT
-    
-    cat >> server/services/workers/reports/config/production.yaml <<EOT
-    log:
-      level: warn
-    
-    mysql:
-      user: mailtrain_ro
-      password: "$mysqlRoPassword"
-    EOT
-    
-    # Install required node packages
-    for idx in client shared server zone-mta; do
-        (cd $idx && npm install)
-    done
-    
-    (cd client && npm run build)
-    
-    chown -R mailtrain:mailtrain .
-    chmod o-rwx server/config
-    
-    # Setup log rotation to not spend up entire storage on logs
-    cat <<EOM > /etc/logrotate.d/mailtrain
-    /var/log/mailtrain.log {
-        daily
-        rotate 12
-        compress
-        delaycompress
-        missingok
-        notifempty
-        copytruncate
-        nomail
-    }
-    EOM
-    
-    # Set up systemd service script
-    cp setup/mailtrain-centos7.service /etc/systemd/system/mailtrain.service
-    systemctl enable mailtrain.service
-    
-    # Start the service
-    systemctl daemon-reload
-    
-    systemctl start mailtrain.service
-    
-    echo "Success! Open http://$urlBaseTrusted/"
-    echo "If this is a fresh installation, log in as admin:test". If this is an upgrade over existing Mailtrain DB, use the original admin password."
-}
-
-
-
-function installHttps {
-    local hostTrusted="$1"
-    local portTrusted="$2"
-    local hostSandbox="$3"
-    local portSandbox="$4"
-    local hostPublic="$5"
-    local portPublic="$6"
-    local certificateFile="$7"
-    local certificateKey="$8"
-    local caChainFile="$9"
-    local skipHttpRedirect="$10"
-
-    echo > /etc/httpd/conf.d/mailtrain.conf
-
-    if [ "$skipHttpRedirect" = "--skip-http-redirect" ]; then
-        cat >> /etc/httpd/conf.d/mailtrain.conf <<EOT
-    <VirtualHost ${hostTrusted}:80>
-        ServerName ${hostTrusted}
-
-        ServerSignature Off
-
-        RewriteEngine On
-        RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,QSA,R=permanent]
-
-        ErrorLog logs/${hostTrusted}_redirect_error.log
-        LogLevel warn
-    </VirtualHost>
-
-    <VirtualHost ${hostSandbox}:80>
-        ServerName ${hostSandbox}
-
-        ServerSignature Off
-
-        RewriteEngine On
-        RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,QSA,R=permanent]
-
-        ErrorLog logs/${hostSandbox}_redirect_error.log
-        LogLevel warn
-    </VirtualHost>
-
-    <VirtualHost ${hostPublic}:80>
-        ServerName ${hostPublic}
-
-        ServerSignature Off
-
-        RewriteEngine On
-        RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,QSA,R=permanent]
-
-        ErrorLog logs/${hostPublic}_redirect_error.log
-        LogLevel warn
-    </VirtualHost>
-EOT
-    fi    
-
-    cat >> /etc/httpd/conf.d/mailtrain.conf <<EOT
-    <VirtualHost ${hostTrusted}:${portTrusted}>
-        ServerName ${hostTrusted}:${portTrusted}
-
-        ErrorLog logs/${hostTrusted}_ssl_error.log
-        TransferLog logs/${hostTrusted}_ssl_access.log
-        LogLevel warn
-
-        SSLEngine on
-        SSLCertificateFile ${certificateFile}
-        SSLCertificateKeyFile ${certificateKey}
-        SSLCertificateChainFile ${caChainFile}
-
-        ProxyPreserveHost On
-        ProxyPass "/" "http://127.0.0.1:3000/"
-        ProxyPassReverse "/" "http://127.0.0.1:3000/"
-    </VirtualHost>
-
-    <VirtualHost ${hostSandbox}:${portSandbox}>
-        ServerName ${hostSandbox}:${portSandbox}
-
-        ErrorLog logs/${hostSandbox}_ssl_error.log
-        TransferLog logs/${hostSandbox}_ssl_access.log
-        LogLevel warn
-
-        SSLEngine on
-        SSLCertificateFile ${certificateFile}
-        SSLCertificateKeyFile ${certificateKey}
-        SSLCertificateChainFile ${caChainFile}
-
-        ProxyPreserveHost On
-        ProxyPass "/" "http://127.0.0.1:3003/"
-        ProxyPassReverse "/" "http://127.0.0.1:3003/"
-    </VirtualHost>
-
-    <VirtualHost ${hostPublic}:${portPublic}>
-        ServerName ${hostPublic}:${portPublic}
-
-        ErrorLog logs/${hostPublic}_ssl_error.log
-        TransferLog logs/${hostPublic}_ssl_access.log
-        LogLevel warn
-
-        SSLEngine on
-        SSLCertificateFile ${certificateFile}
-        SSLCertificateKeyFile ${certificateKey}
-        SSLCertificateChainFile ${caChainFile}
-
-        ProxyPreserveHost On
-        ProxyPass "/" "http://127.0.0.1:3004/"
-        ProxyPassReverse "/" "http://127.0.0.1:3004/"
-    </VirtualHost>
-EOT
-}
-
-
-
-function installHttps {
-    local hostTrusted="$1"
-    local portTrusted="$2"
-    local hostSandbox="$3"
-    local portSandbox="$4"
-    local hostPublic="$5"
-    local portPublic="$6"
-    local certificateFile="$7"
-    local certificateKey="$8"
-    local caChainFile="$9"
-    local installHttpRedirect="$10"
-
-    yum -y install httpd mod_ssl
-
-    echo > /etc/httpd/conf.d/mailtrain.conf
-
-    if [ "$installHttpRedirect" != "yes" ]; then
-        cat >> /etc/httpd/conf.d/mailtrain.conf <<EOT
-    <VirtualHost ${hostTrusted}:80>
-        ServerName ${hostTrusted}
-
-        ServerSignature Off
-
-        RewriteEngine On
-        RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,QSA,R=permanent]
-
-        ErrorLog logs/${hostTrusted}_redirect_error.log
-        LogLevel warn
-    </VirtualHost>
-
-    <VirtualHost ${hostSandbox}:80>
-        ServerName ${hostSandbox}
-
-        ServerSignature Off
-
-        RewriteEngine On
-        RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,QSA,R=permanent]
-
-        ErrorLog logs/${hostSandbox}_redirect_error.log
-        LogLevel warn
-    </VirtualHost>
-
-    <VirtualHost ${hostPublic}:80>
-        ServerName ${hostPublic}
-
-        ServerSignature Off
-
-        RewriteEngine On
-        RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,QSA,R=permanent]
-
-        ErrorLog logs/${hostPublic}_redirect_error.log
-        LogLevel warn
-    </VirtualHost>
-EOT
-
-        # Enable port 80 on the firewall
-        firewall-cmd --add-port=80/tcp --permanent
-    fi
-
-    cat >> /etc/httpd/conf.d/mailtrain.conf <<EOT
-    <VirtualHost ${hostTrusted}:${portTrusted}>
-        ServerName ${hostTrusted}:${portTrusted}
-
-        ErrorLog logs/${hostTrusted}_ssl_error.log
-        TransferLog logs/${hostTrusted}_ssl_access.log
-        LogLevel warn
-
-        SSLEngine on
-        SSLCertificateFile ${certificateFile}
-        SSLCertificateKeyFile ${certificateKey}
-        SSLCertificateChainFile ${caChainFile}
-
-        ProxyPreserveHost On
-        ProxyPass "/" "http://127.0.0.1:3000/"
-        ProxyPassReverse "/" "http://127.0.0.1:3000/"
-    </VirtualHost>
-
-    <VirtualHost ${hostSandbox}:${portSandbox}>
-        ServerName ${hostSandbox}:${portSandbox}
-
-        ErrorLog logs/${hostSandbox}_ssl_error.log
-        TransferLog logs/${hostSandbox}_ssl_access.log
-        LogLevel warn
-
-        SSLEngine on
-        SSLCertificateFile ${certificateFile}
-        SSLCertificateKeyFile ${certificateKey}
-        SSLCertificateChainFile ${caChainFile}
-
-        ProxyPreserveHost On
-        ProxyPass "/" "http://127.0.0.1:3003/"
-        ProxyPassReverse "/" "http://127.0.0.1:3003/"
-    </VirtualHost>
-
-    <VirtualHost ${hostPublic}:${portPublic}>
-        ServerName ${hostPublic}:${portPublic}
-
-        ErrorLog logs/${hostPublic}_ssl_error.log
-        TransferLog logs/${hostPublic}_ssl_access.log
-        LogLevel warn
-
-        SSLEngine on
-        SSLCertificateFile ${certificateFile}
-        SSLCertificateKeyFile ${certificateKey}
-        SSLCertificateChainFile ${caChainFile}
-
-        ProxyPreserveHost On
-        ProxyPass "/" "http://127.0.0.1:3004/"
-        ProxyPassReverse "/" "http://127.0.0.1:3004/"
-    </VirtualHost>
-EOT
-
-
-    # Enable and start httpd
-    systemctl start httpd
-    systemctl enable httpd
-
-    # Enable SSL ports on the firewall
-    for port in "${portTrusted}/tcp" "${portSandbox}/tcp" "${portPublic}/tcp"; do
-        firewall-cmd --add-port=$port --permanent
-    done
-
-    # Activate the firefall settings
-    firewall-cmd --reload
-}
-
-
-function createCertificates {
-    local hostTrusted="$1"
-    local hostSandbox="$2"
-    local hostPublic="$3"
-    local email="$4"
-
-    yum install -y certbot
-
-    # Temporarily enable port 80 on the firewall
-    firewall-cmd --add-port=80/tcp
-
-    certbot certonly --agree-tos --email "${email}" --standalone -n -d "${hostPublic}" -d "${hostTrusted}" -d "${hostSandbox}"
-
-    # Revert firewall to original state
-    firewall-cmd --reload
-}
-
diff --git a/setup/install-centos7-https.sh b/setup/install-centos7-https.sh
index db06057a..c4844631 100644
--- a/setup/install-centos7-https.sh
+++ b/setup/install-centos7-https.sh
@@ -17,7 +17,7 @@ cd $SCRIPT_PATH/..
 
 # Help function
 function HELP {
-cat << EOF
+cat <<EOF
 
 Basic usage: install-centos7-https.sh <trusted host> <sandbox host> <public host> <email>
 
@@ -47,6 +47,6 @@ email="$4"
 
 createCertificates "${hostTrusted}" "${hostSandbox}" "${hostPublic}" "${email}"
 
-installHttps "${hostTrusted}" 443 "${hostSandbox}" 443 "${hostPublic}" 443 "/etc/letsencrypt/live/${hostPublic}/cert.pem" "/etc/letsencrypt/live/${hostPublic}/privkey.pem" "/etc/letsencrypt/live/${hostPublic}/chain.pem" ""
+installHttps "${hostTrusted}" 443 "${hostSandbox}" 443 "${hostPublic}" 443 "/etc/letsencrypt/live/${hostPublic}/cert.pem" "/etc/letsencrypt/live/${hostPublic}/privkey.pem" "/etc/letsencrypt/live/${hostPublic}/chain.pem" 
 
-installBase "https://${hostTrusted}" "https://${hostSandbox}" "https://${hostPublic}" "${email}"
\ No newline at end of file
+installBase "https://${hostTrusted}" "https://${hostSandbox}" "https://${hostPublic}" "${email}"
diff --git a/setup/install-centos7-local.sh b/setup/install-centos7-local.sh
index f1367874..692c67d4 100644
--- a/setup/install-centos7-local.sh
+++ b/setup/install-centos7-local.sh
@@ -1,4 +1,5 @@
 #!/bin/bash
+set -x
 
 # This installation script works on CentOS 7
 # Run as root!
@@ -17,7 +18,7 @@ cd $SCRIPT_PATH/..
 
 # Help function
 function HELP {
-cat << EOF
+cat <<EOF
 
 Basic usage: install-centos7-local.sh
 
@@ -35,4 +36,4 @@ if [ $# -lt 0 ]; then
         HELP
 fi
 
-installBase http://localhost:3000 http://localhost:3003 http://localhost:3004
\ No newline at end of file
+installBase http://localhost:3000 http://localhost:3003 http://localhost:3004
diff --git a/setup/install-centos7.sh b/setup/install-centos7.sh
deleted file mode 100644
index 6e7bb990..00000000
--- a/setup/install-centos7.sh
+++ /dev/null
@@ -1,161 +0,0 @@
-#!/bin/bash
-
-# This installation script works on CentOS 7
-# Run as root!
-
-if [[ $EUID -ne 0 ]]; then
-   echo "This script must be run as root" 1>&2
-   exit 1
-fi
-
-set -e
-
-SCRIPT_PATH=$(dirname $(realpath -s $0))
-cd $SCRIPT_PATH/..
-
-#Help function
-function HELP {
-cat << EOF
-
-Basic usage: install-centos7.sh <trusted URL base> <sandbox URL base> <public URL base>
-
-Installs Mailtrain 2 on CentOS 7.
-
-Command line options. The following switches are recognized.
-  --with-httpd-proxy     -- URL of the ssio-template GIT repository (default: git@gitlab.sathyasai.org:webs/ssio-template.git)
-  --db-name ...          -- Name of DB and user in the DB (defaults to id with - -> _ substitution)
-  --aliases ...          -- Server aliases divided by spaces (e.g. "www.esse-institute.org www.esse-institut.de")
-  --cert-domains ...     -- Domains for which to get certs via letsencrypt (e.g. "www.esse-institute.org www.esse-institut.de")
-  --dont-push            -- Don't push the website to gitlab. It stops after creating a directory, setting the remote and doing commit
-
-
-
-Example (local installation): install-centos7.sh http://localhost:3000 http://localhost:3003 http://localhost:3004
-Example (installation behind HTTPD proxy - see mailtrain-apache-sample.conf): install-centos7.sh https://mailtrain.example.com https://sbox.mailtrain.example.com https://mail.example.com
-EOF
-
-  exit 1
-}
-
-if [ $# -lt 3 ]; then
-        echo "Error: incorrect number of parameters."
-        HELP
-fi
-
-URL_BASE_TRUSTED="$1"
-URL_BASE_SANDBOX="$2"
-URL_BASE_PUBLIC="$3"
-
-
-yum -y install epel-release
-
-curl --silent --location https://rpm.nodesource.com/setup_11.x | bash -
-cat > /etc/yum.repos.d/mongodb-org.repo <<EOT
-[mongodb-org-4.0]
-name=MongoDB Repository
-baseurl=https://repo.mongodb.org/yum/redhat/\$releasever/mongodb-org/4.0/x86_64/
-gpgcheck=1
-enabled=1
-gpgkey=https://www.mongodb.org/static/pgp/server-4.0.asc
-EOT
-
-yum -y install mariadb-server nodejs ImageMagick git python redis pwgen bind-utils gcc-c++ make mongodb-org
-
-systemctl start mariadb
-systemctl enable mariadb
-
-systemctl start redis
-systemctl enable redis
-
-systemctl start mongod
-systemctl enable mongod
-
-
-MYSQL_PASSWORD=`pwgen 12 -1`
-MYSQL_RO_PASSWORD=`pwgen 12 -1`
-
-# Setup MySQL user for Mailtrain
-mysql -u root -e "CREATE USER 'mailtrain'@'localhost' IDENTIFIED BY '$MYSQL_PASSWORD';"
-mysql -u root -e "GRANT ALL PRIVILEGES ON mailtrain.* TO 'mailtrain'@'localhost';"
-mysql -u root -e "CREATE USER 'mailtrain_ro'@'localhost' IDENTIFIED BY '$MYSQL_RO_PASSWORD';"
-mysql -u root -e "GRANT SELECT ON mailtrain.* TO 'mailtrain_ro'@'localhost';"
-mysql -u mailtrain --password="$MYSQL_PASSWORD" -e "CREATE database mailtrain;"
-
-# Add new user for the mailtrain daemon to run as
-useradd mailtrain || true
-
-# Setup installation configuration
-cat > server/config/production.yaml <<EOT
-user: mailtrain
-group: mailtrain
-roUser: nobody
-roGroup: nobody
-
-www:
-  port: 3000
-  secret: "`pwgen -1`"
-  trustedUrlBase: $URL_BASE_TRUSTED
-  sandboxUrlBase: $URL_BASE_SANDBOX
-  publicUrlBase: $URL_BASE_PUBLIC
-
-
-mysql:
-  password: "$MYSQL_PASSWORD"
-
-redis:
-  enabled: true
-
-log:
-  level: warn
-
-builtinZoneMTA:
-  log:
-    level: info
-
-queue:
-  processes: 5
-EOT
-
-cat >> server/services/workers/reports/config/production.yaml <<EOT
-log:
-  level: warn
-
-mysql:
-  user: mailtrain_ro
-  password: "$MYSQL_RO_PASSWORD"
-EOT
-
-# Install required node packages
-for idx in client shared server zone-mta; do
-    (cd $idx && npm install)
-done
-
-(cd client && npm run build)
-
-chown -R mailtrain:mailtrain .
-chmod o-rwx server/config
-
-# Setup log rotation to not spend up entire storage on logs
-cat <<EOM > /etc/logrotate.d/mailtrain
-/var/log/mailtrain.log {
-    daily
-    rotate 12
-    compress
-    delaycompress
-    missingok
-    notifempty
-    copytruncate
-    nomail
-}
-EOM
-
-# Set up systemd service script
-cp setup/mailtrain-centos7.service /etc/systemd/system/mailtrain.service
-systemctl enable mailtrain.service
-
-# Start the service
-systemctl daemon-reload
-
-systemctl start mailtrain.service
-
-echo "Success! Open http://$HOSTNAME/ and log in as admin:test";