-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathmail.sh
137 lines (115 loc) · 4.69 KB
/
mail.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
#!/bin/bash
# export DEBIAN_FRONTEND=noninteractive
# uncomment the above on Ubuntu 22.04
# change all these ips and hostnames or rename or comment them out accordingly
cat <<EOF > temp.txt
192.168.0.201 ispc.server.tld ispc
192.168.0.202 web01.server.tld web01
192.168.0.203 mx1.server.tld mx1
192.168.0.204 mx2.server.tld mx2
192.168.0.205 ns1.server.tld ns1
192.168.0.206 ns2.server.tld ns2
192.168.0.207 mail.server.tld mail
EOF
sed -i -e "/.*192.*/r temp.txt" -e "//d" /etc/hosts
cat /etc/hosts
rm temp.txt
HOST=mail
echo $HOST > /etc/hostname
hostname $HOST
# change all these ips or comment out accordingly of you don't have any of them
OLIPV4=192.168.0.200 # normally based on your vm's image ip
NUIPV4=192.168.0.207
OLIPV6=fe80::ac:76ff:fe2c:166e # normally based on your vm's image ip
NUIPV6=$(/usr/bin/ip a | sed '/inet6/!d; /2001/d; /dadfailed/d; /host/d; s/.*inet6 //; s_/.*__p; d')
sed -i "s/#OLIPV4/$IPV4/" /etc/netplan/01-netcfg.yaml
sed -i "s/#OLIPV6/$NUIPV6/" /etc/netplan/01-netcfg.yaml
cd /etc/ssl/private
curl https://ssl-config.mozilla.org/ffdhe4096.txt > dhparam4096.pem
ln -s dhparam4096.pem dh.pem
ln -s dhparam4096.pem dhparams.pem
ln -s dhparam4096.pem pure-ftpd-dhparams.pem
mkdir -p .secrets
cat <<EOF > .secrets/$HOST.server.tld.ini
dns_cloudflare_api_key = xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
dns_cloudflare_email = $HOST.server.tld@gmail.com
EOF
chmod 600 .secrets -R
apt -y install snapd
snap install core; snap refresh core
snap install --classic certbot
ln -s /snap/bin/certbot /usr/bin/certbot
ln -s /snap/bin/certbot /usr/local/bin/certbot
apt -y install python3-pip
pip3 install certbot-dns-cloudflare
cd /tmp
wget https://git.ispconfig.org/ispconfig/ispconfig3/-/raw/develop/server/scripts/letsencrypt_renew_hook.sh
ln -s /tmp/letsencrypt_renew_hook.sh /usr/local/bin/letsencrypt_renew_hook.sh
chmod +x /usr/local/bin/letsencrypt_renew_hook.sh
certbot certonly \
--dns-cloudflare \
--dns-cloudflare-credentials /etc/ssl/private/.secrets/$HOST.server.tld.ini \
--server https://acme-v02.api.letsencrypt.org/directory \
--agree-tos \
--non-interactive \
--email $HOST@server.tld \
--no-eff-email \
--rsa-key-size 4096 \
--renew-hook letsencrypt_renew_hook.sh \
--cert-name $HOST.server.tld \
-d $HOST.server.tld
cat <<EOF > /etc/init.d/installer-lib-temporary-fixer.sh
#!/bin/sh
### BEGIN INIT INFO
# Provides: ISPC INSTALLER LIB TEMPORARY FIXER FOR CERTBOT
# Required-Start: $local_fs $network
# Required-Stop: $local_fs
# Default-Start: 2 3 4 5
# Default-Stop: 0 1 6
# Short-Description: INSTALLER LIB TEMPORARY FIXER
# Description: Fix installer_base.lib.php v3.2.8p2 from line 3179 to 3188.
### END INIT INFO
# installer fixer
cd /tmp
wget https://www.ispconfig.org/downloads/ISPConfig-3.2.8p2.tar.gz
tar xvfz ISPConfig-3.2.8p2.tar.gz
cd /tmp/ispconfig*/install/lib
wget https://raw.githubusercontent.com/ahrasis/Multi-ISPConfig-Server-Script/main/replace.txt
sed -i $'3179r replace.txt\n;3179,3188d' installer_base.lib.php
# change mysql root password
SLOG=$(ls /tmp/ispconfig-ai/var/log/setup*)
LINE=$(awk '/Your MySQL root password is/' $SLOG)
GENPW=$($echo "$LINE" | awk '{print $NF}')
user=root
password=$GENPW # change to password given by ISPConfig AI accordingly
database=mysql
# change NEWPASSWORD to your preferred password
mysql --user="$user" --password="$password" --database="$database" --execute="ALTER USER 'root'@'localhost' IDENTIFIED BY 'NEWPASSWORD';"
EOF
chmod +x /etc/init.d/installer-lib-temporary-fixer.sh
cat <<EOF > /etc/systemd/system/installer-lib-temporary-fix.service
[Unit]
Description="Run script to fix installer_base.lib.php v3.2.8p2"
[Service]
ExecStart=/etc/init.d/installer-lib-temporary-fixer.sh
EOF
cat <<EOF > /etc/systemd/system/installer-lib-temporary-fix.path
[Unit]
Description="Monitor installer path to trigger a temporary fix service"
[Path]
PathModified=/tmp/ispconfig3_install/install/
Unit=installer-lib-temporary-fix.service
[Install]
WantedBy=multi-user.target
EOF
systemctl start installer-lib-temporary-fix.path
systemctl enable installer-lib-temporary-fix.path
# note that I prefer this to be interactive
wget -O - https://get.ispconfig.org | sh -s -- --use-nginx --unattended-upgrades --use-certbot --no-mail --no-dns --roundcube --use-php=system --interactive
# Do not run ISPConfig until you change the root password for mysql and use fixed installer_base.lib.php which you must do by opening another CLI interface via ssh
ufw allow from 192.168.0.0/24 to any port 3306 proto tcp
systemctl disable installer-lib-temporary-fix.path
systemctl stop installer-lib-temporary-fix.path
rm /etc/init.d/installer-lib-temporary-fixer.sh
rm /etc/systemd/system/installer-lib-temporary-fix.service
rm /etc/systemd/system/installer-lib-temporary-fix.path