2017-03-02 11:23:23 +01:00
|
|
|
#!/bin/bash
|
|
|
|
|
2018-06-08 09:11:03 +02:00
|
|
|
function array_by_comma { local IFS=","; echo "$*"; }
|
2017-03-02 11:23:23 +01:00
|
|
|
|
2017-05-08 15:35:24 +02:00
|
|
|
# Wait for containers
|
2018-10-11 11:53:22 +02:00
|
|
|
while ! mysqladmin status --socket=/var/run/mysqld/mysqld.sock -u${DBUSER} -p${DBPASS} --silent; do
|
[Docker API] Use TLS encryption for communication with "on-the-fly" created key paris (non-exposed)
[Docker API] Create pipe to pass Rspamd UI worker password
[Dovecot] Pull Spamassassin ruleset to be read by Rspamd (MANY THANKS to Peer Heinlein!)
[Dovecot] Garbage collector for deleted maildirs (set keep time via MAILDIR_GC_TIME which defaults to 1440 minutes)
[Web] Flush memcached after mailbox item changes, fixes #1808
[Web] Fix duplicate IDs, fixes #1792
[Compose] Use SQL sockets
[PHP-FPM] Update APCu and Redis libs
[Dovecot] Encrypt maildir with global key pair in crypt-vol-1 (BACKUP!), also fixes #1791
[Web] Fix deletion of spam aliases
[Helper] Add "crypt" to backup script
[Helper] Override file for external SQL socket (not supported!)
[Compose] New images for Rspamd, PHP-FPM, SOGo, Dovecot, Docker API, Watchdog, ACME, Postfix
2018-09-29 22:01:23 +02:00
|
|
|
echo "Waiting for SQL..."
|
2017-05-08 15:35:24 +02:00
|
|
|
sleep 2
|
|
|
|
done
|
|
|
|
|
2020-02-05 10:57:37 +01:00
|
|
|
# Do not attempt to write to slave
|
|
|
|
if [[ ! -z ${REDIS_SLAVEOF_IP} ]]; then
|
|
|
|
REDIS_CMDLINE="redis-cli -h ${REDIS_SLAVEOF_IP} -p ${REDIS_SLAVEOF_PORT}"
|
|
|
|
else
|
|
|
|
REDIS_CMDLINE="redis-cli -h redis -p 6379"
|
|
|
|
fi
|
|
|
|
|
|
|
|
until [[ $(${REDIS_CMDLINE} PING) == "PONG" ]]; do
|
[Docker API] Use TLS encryption for communication with "on-the-fly" created key paris (non-exposed)
[Docker API] Create pipe to pass Rspamd UI worker password
[Dovecot] Pull Spamassassin ruleset to be read by Rspamd (MANY THANKS to Peer Heinlein!)
[Dovecot] Garbage collector for deleted maildirs (set keep time via MAILDIR_GC_TIME which defaults to 1440 minutes)
[Web] Flush memcached after mailbox item changes, fixes #1808
[Web] Fix duplicate IDs, fixes #1792
[Compose] Use SQL sockets
[PHP-FPM] Update APCu and Redis libs
[Dovecot] Encrypt maildir with global key pair in crypt-vol-1 (BACKUP!), also fixes #1791
[Web] Fix deletion of spam aliases
[Helper] Add "crypt" to backup script
[Helper] Override file for external SQL socket (not supported!)
[Compose] New images for Rspamd, PHP-FPM, SOGo, Dovecot, Docker API, Watchdog, ACME, Postfix
2018-09-29 22:01:23 +02:00
|
|
|
echo "Waiting for Redis..."
|
2017-05-08 15:35:24 +02:00
|
|
|
sleep 2
|
|
|
|
done
|
|
|
|
|
2020-05-27 14:34:34 +02:00
|
|
|
# Check mysql_upgrade (master and slave)
|
2018-12-10 13:22:25 +01:00
|
|
|
CONTAINER_ID=
|
2019-03-12 23:24:22 +01:00
|
|
|
until [[ ! -z "${CONTAINER_ID}" ]] && [[ "${CONTAINER_ID}" =~ ^[[:alnum:]]*$ ]]; do
|
2020-08-27 20:41:45 +02:00
|
|
|
CONTAINER_ID=$(curl --silent --insecure https://dockerapi/containers/json | jq -r ".[] | {name: .Config.Labels[\"com.docker.compose.service\"], project: .Config.Labels[\"com.docker.compose.project\"], id: .Id}" 2> /dev/null | jq -rc "select( .name | tostring | contains(\"mysql-mailcow\")) | select( .project | tostring | contains(\"${COMPOSE_PROJECT_NAME,,}\")) | .id" 2> /dev/null)
|
2021-02-11 09:33:02 +01:00
|
|
|
sleep 2
|
2019-03-12 23:24:22 +01:00
|
|
|
done
|
|
|
|
echo "MySQL @ ${CONTAINER_ID}"
|
2019-09-23 21:42:47 +02:00
|
|
|
SQL_LOOP_C=0
|
|
|
|
SQL_CHANGED=0
|
|
|
|
until [[ ${SQL_UPGRADE_STATUS} == 'success' ]]; do
|
|
|
|
if [ ${SQL_LOOP_C} -gt 4 ]; then
|
|
|
|
echo "Tried to upgrade MySQL and failed, giving up after ${SQL_LOOP_C} retries and starting container (oops, not good)"
|
|
|
|
break
|
|
|
|
fi
|
|
|
|
SQL_FULL_UPGRADE_RETURN=$(curl --silent --insecure -XPOST https://dockerapi/containers/${CONTAINER_ID}/exec -d '{"cmd":"system", "task":"mysql_upgrade"}' --silent -H 'Content-type: application/json')
|
|
|
|
SQL_UPGRADE_STATUS=$(echo ${SQL_FULL_UPGRADE_RETURN} | jq -r .type)
|
|
|
|
SQL_LOOP_C=$((SQL_LOOP_C+1))
|
|
|
|
echo "SQL upgrade iteration #${SQL_LOOP_C}"
|
|
|
|
if [[ ${SQL_UPGRADE_STATUS} == 'warning' ]]; then
|
|
|
|
SQL_CHANGED=1
|
|
|
|
echo "MySQL applied an upgrade, debug output:"
|
|
|
|
echo ${SQL_FULL_UPGRADE_RETURN}
|
|
|
|
sleep 3
|
2019-03-12 23:24:22 +01:00
|
|
|
while ! mysqladmin status --socket=/var/run/mysqld/mysqld.sock -u${DBUSER} -p${DBPASS} --silent; do
|
2019-09-23 21:42:47 +02:00
|
|
|
echo "Waiting for SQL to return, please wait"
|
2019-03-12 23:24:22 +01:00
|
|
|
sleep 2
|
|
|
|
done
|
2019-09-23 21:42:47 +02:00
|
|
|
continue
|
|
|
|
elif [[ ${SQL_UPGRADE_STATUS} == 'success' ]]; then
|
|
|
|
echo "MySQL is up-to-date - debug output:"
|
|
|
|
echo ${SQL_FULL_UPGRADE_RETURN}
|
|
|
|
else
|
2019-09-25 12:53:14 +02:00
|
|
|
echo "No valid reponse for mysql_upgrade was received, debug output:"
|
|
|
|
echo ${SQL_FULL_UPGRADE_RETURN}
|
2019-09-23 21:42:47 +02:00
|
|
|
fi
|
|
|
|
done
|
|
|
|
|
2020-05-27 14:34:34 +02:00
|
|
|
# doing post-installation stuff, if SQL was upgraded (master and slave)
|
2019-09-23 21:42:47 +02:00
|
|
|
if [ ${SQL_CHANGED} -eq 1 ]; then
|
2020-08-27 20:41:45 +02:00
|
|
|
POSTFIX=$(curl --silent --insecure https://dockerapi/containers/json | jq -r ".[] | {name: .Config.Labels[\"com.docker.compose.service\"], project: .Config.Labels[\"com.docker.compose.project\"], id: .Id}" 2> /dev/null | jq -rc "select( .name | tostring | contains(\"postfix-mailcow\")) | select( .project | tostring | contains(\"${COMPOSE_PROJECT_NAME,,}\")) | .id" 2> /dev/null)
|
2020-08-07 22:25:17 +02:00
|
|
|
if [[ -z "${POSTFIX}" ]] || ! [[ "${POSTFIX}" =~ ^[[:alnum:]]*$ ]]; then
|
2019-09-23 21:42:47 +02:00
|
|
|
echo "Could not determine Postfix container ID, skipping Postfix restart."
|
|
|
|
else
|
|
|
|
echo "Restarting Postfix"
|
|
|
|
curl -X POST --silent --insecure https://dockerapi/containers/${POSTFIX}/restart | jq -r '.msg'
|
|
|
|
echo "Sleeping 5 seconds..."
|
|
|
|
sleep 5
|
2018-12-10 13:22:25 +01:00
|
|
|
fi
|
|
|
|
fi
|
|
|
|
|
2020-05-27 14:34:34 +02:00
|
|
|
# Check mysql tz import (master and slave)
|
2019-11-11 23:19:47 +01:00
|
|
|
TZ_CHECK=$(mysql --socket=/var/run/mysqld/mysqld.sock -u ${DBUSER} -p${DBPASS} ${DBNAME} -e "SELECT CONVERT_TZ('2019-11-02 23:33:00','Europe/Berlin','UTC') AS time;" -BN 2> /dev/null)
|
2019-11-11 23:24:29 +01:00
|
|
|
if [[ -z ${TZ_CHECK} ]] || [[ "${TZ_CHECK}" == "NULL" ]]; then
|
2019-11-11 23:19:47 +01:00
|
|
|
SQL_FULL_TZINFO_IMPORT_RETURN=$(curl --silent --insecure -XPOST https://dockerapi/containers/${CONTAINER_ID}/exec -d '{"cmd":"system", "task":"mysql_tzinfo_to_sql"}' --silent -H 'Content-type: application/json')
|
|
|
|
echo "MySQL mysql_tzinfo_to_sql - debug output:"
|
|
|
|
echo ${SQL_FULL_TZINFO_IMPORT_RETURN}
|
|
|
|
fi
|
2019-11-10 13:15:57 +01:00
|
|
|
|
2020-05-27 14:34:34 +02:00
|
|
|
if [[ "${MASTER}" =~ ^([yY][eE][sS]|[yY])+$ ]]; then
|
|
|
|
echo "We are master, preparing..."
|
|
|
|
# Set a default release format
|
|
|
|
if [[ -z $(${REDIS_CMDLINE} --raw GET Q_RELEASE_FORMAT) ]]; then
|
|
|
|
${REDIS_CMDLINE} --raw SET Q_RELEASE_FORMAT raw
|
|
|
|
fi
|
2017-05-08 15:35:24 +02:00
|
|
|
|
2020-05-27 14:34:34 +02:00
|
|
|
# Set max age of q items - if unset
|
|
|
|
if [[ -z $(${REDIS_CMDLINE} --raw GET Q_MAX_AGE) ]]; then
|
|
|
|
${REDIS_CMDLINE} --raw SET Q_MAX_AGE 365
|
|
|
|
fi
|
|
|
|
|
2021-04-09 13:49:22 +02:00
|
|
|
# Set default password policy - if unset
|
|
|
|
if [[ -z $(${REDIS_CMDLINE} --raw HGET PASSWD_POLICY length) ]]; then
|
|
|
|
${REDIS_CMDLINE} --raw HSET PASSWD_POLICY length 6
|
|
|
|
${REDIS_CMDLINE} --raw HSET PASSWD_POLICY chars 0
|
|
|
|
${REDIS_CMDLINE} --raw HSET PASSWD_POLICY special_chars 0
|
|
|
|
${REDIS_CMDLINE} --raw HSET PASSWD_POLICY lowerupper 0
|
|
|
|
${REDIS_CMDLINE} --raw HSET PASSWD_POLICY numbers 0
|
|
|
|
fi
|
|
|
|
|
2020-05-27 14:34:34 +02:00
|
|
|
# Trigger db init
|
|
|
|
echo "Running DB init..."
|
|
|
|
php -c /usr/local/etc/php -f /web/inc/init_db.inc.php
|
|
|
|
|
|
|
|
# Recreating domain map
|
|
|
|
echo "Rebuilding domain map in Redis..."
|
|
|
|
declare -a DOMAIN_ARR
|
|
|
|
${REDIS_CMDLINE} DEL DOMAIN_MAP > /dev/null
|
|
|
|
while read line
|
|
|
|
do
|
|
|
|
DOMAIN_ARR+=("$line")
|
|
|
|
done < <(mysql --socket=/var/run/mysqld/mysqld.sock -u ${DBUSER} -p${DBPASS} ${DBNAME} -e "SELECT domain FROM domain" -Bs)
|
|
|
|
while read line
|
|
|
|
do
|
|
|
|
DOMAIN_ARR+=("$line")
|
|
|
|
done < <(mysql --socket=/var/run/mysqld/mysqld.sock -u ${DBUSER} -p${DBPASS} ${DBNAME} -e "SELECT alias_domain FROM alias_domain" -Bs)
|
|
|
|
|
|
|
|
if [[ ! -z ${DOMAIN_ARR} ]]; then
|
|
|
|
for domain in "${DOMAIN_ARR[@]}"; do
|
|
|
|
${REDIS_CMDLINE} HSET DOMAIN_MAP ${domain} 1 > /dev/null
|
2018-06-08 09:11:03 +02:00
|
|
|
done
|
2020-05-27 14:34:34 +02:00
|
|
|
fi
|
|
|
|
|
|
|
|
# Set API options if env vars are not empty
|
|
|
|
if [[ ${API_ALLOW_FROM} != "invalid" ]] && [[ ! -z ${API_ALLOW_FROM} ]]; then
|
|
|
|
IFS=',' read -r -a API_ALLOW_FROM_ARR <<< "${API_ALLOW_FROM}"
|
|
|
|
declare -a VALIDATED_API_ALLOW_FROM_ARR
|
2020-07-15 07:28:02 +02:00
|
|
|
REGEX_IP6='^([0-9a-fA-F]{0,4}:){1,7}[0-9a-fA-F]{0,4}(/([0-9]|[1-9][0-9]|1[0-1][0-9]|12[0-8]))?$'
|
|
|
|
REGEX_IP4='^[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+(/([0-9]|[1-2][0-9]|3[0-2]))?$'
|
2020-05-27 14:34:34 +02:00
|
|
|
for IP in "${API_ALLOW_FROM_ARR[@]}"; do
|
|
|
|
if [[ ${IP} =~ ${REGEX_IP6} ]] || [[ ${IP} =~ ${REGEX_IP4} ]]; then
|
|
|
|
VALIDATED_API_ALLOW_FROM_ARR+=("${IP}")
|
|
|
|
fi
|
|
|
|
done
|
|
|
|
VALIDATED_IPS=$(array_by_comma ${VALIDATED_API_ALLOW_FROM_ARR[*]})
|
|
|
|
if [[ ! -z ${VALIDATED_IPS} ]]; then
|
|
|
|
if [[ ${API_KEY} != "invalid" ]] && [[ ! -z ${API_KEY} ]]; then
|
|
|
|
mysql --socket=/var/run/mysqld/mysqld.sock -u ${DBUSER} -p${DBPASS} ${DBNAME} << EOF
|
2020-04-11 20:57:11 +02:00
|
|
|
DELETE FROM api WHERE access = 'rw';
|
2020-04-10 21:21:11 +02:00
|
|
|
INSERT INTO api (api_key, active, allow_from, access) VALUES ("${API_KEY}", "1", "${VALIDATED_IPS}", "rw");
|
2018-06-08 09:11:03 +02:00
|
|
|
EOF
|
2020-05-27 14:34:34 +02:00
|
|
|
fi
|
|
|
|
if [[ ${API_KEY_READ_ONLY} != "invalid" ]] && [[ ! -z ${API_KEY_READ_ONLY} ]]; then
|
|
|
|
mysql --socket=/var/run/mysqld/mysqld.sock -u ${DBUSER} -p${DBPASS} ${DBNAME} << EOF
|
2020-04-11 20:57:11 +02:00
|
|
|
DELETE FROM api WHERE access = 'ro';
|
|
|
|
INSERT INTO api (api_key, active, allow_from, access) VALUES ("${API_KEY_READ_ONLY}", "1", "${VALIDATED_IPS}", "ro");
|
|
|
|
EOF
|
2020-05-27 14:34:34 +02:00
|
|
|
fi
|
2020-04-11 20:57:11 +02:00
|
|
|
fi
|
2018-06-08 09:11:03 +02:00
|
|
|
fi
|
|
|
|
|
2020-05-27 14:34:34 +02:00
|
|
|
# Create events (master only, STATUS for event on slave will be SLAVESIDE_DISABLED)
|
|
|
|
mysql --socket=/var/run/mysqld/mysqld.sock -u ${DBUSER} -p${DBPASS} ${DBNAME} << EOF
|
2019-11-06 21:02:47 +01:00
|
|
|
DROP EVENT IF EXISTS clean_spamalias;
|
|
|
|
DELIMITER //
|
|
|
|
CREATE EVENT clean_spamalias
|
|
|
|
ON SCHEDULE EVERY 1 DAY DO
|
|
|
|
BEGIN
|
|
|
|
DELETE FROM spamalias WHERE validity < UNIX_TIMESTAMP();
|
|
|
|
END;
|
|
|
|
//
|
|
|
|
DELIMITER ;
|
|
|
|
DROP EVENT IF EXISTS clean_oauth2;
|
|
|
|
DELIMITER //
|
|
|
|
CREATE EVENT clean_oauth2
|
|
|
|
ON SCHEDULE EVERY 1 DAY DO
|
|
|
|
BEGIN
|
|
|
|
DELETE FROM oauth_refresh_tokens WHERE expires < NOW();
|
|
|
|
DELETE FROM oauth_access_tokens WHERE expires < NOW();
|
|
|
|
DELETE FROM oauth_authorization_codes WHERE expires < NOW();
|
|
|
|
END;
|
|
|
|
//
|
|
|
|
DELIMITER ;
|
|
|
|
EOF
|
2020-02-05 10:57:37 +01:00
|
|
|
fi
|
|
|
|
|
|
|
|
# Create dummy for custom overrides of mailcow style
|
|
|
|
[[ ! -f /web/css/build/0081-custom-mailcow.css ]] && echo '/* Autogenerated by mailcow */' > /web/css/build/0081-custom-mailcow.css
|
2019-11-06 21:02:47 +01:00
|
|
|
|
2020-03-19 12:18:36 +01:00
|
|
|
# Fix permissions for global filters
|
|
|
|
chown -R 82:82 /global_sieve/*
|
|
|
|
|
2021-09-22 20:47:10 +02:00
|
|
|
# Fix permissions on twig cache folder
|
|
|
|
chown -R 82:82 /web/templates/cache
|
|
|
|
# Clear cache
|
|
|
|
find /web/templates/cache/* -not -name '.gitkeep' -delete
|
|
|
|
|
2019-10-18 12:01:47 +02:00
|
|
|
# Run hooks
|
|
|
|
for file in /hooks/*; do
|
|
|
|
if [ -x "${file}" ]; then
|
|
|
|
echo "Running hook ${file}"
|
|
|
|
"${file}"
|
|
|
|
fi
|
|
|
|
done
|
|
|
|
|
2017-03-02 11:23:23 +01:00
|
|
|
exec "$@"
|