212 lines
6.2 KiB
Bash
Executable File
212 lines
6.2 KiB
Bash
Executable File
#!/bin/bash
|
|
# Setup-Skript für Plesk Test-Server
|
|
# Ausführen nachdem der Container gestartet wurde
|
|
|
|
CONTAINER="plesk-test"
|
|
ADMIN_PASSWORD="plesk1234!"
|
|
MAX_WAIT=300
|
|
|
|
echo "============================================"
|
|
echo "Plesk Test-Server Setup"
|
|
echo "============================================"
|
|
echo ""
|
|
|
|
# Prüfen ob Container läuft
|
|
if ! docker ps --format '{{.Names}}' | grep -q "^${CONTAINER}$"; then
|
|
echo "Container '$CONTAINER' läuft nicht!"
|
|
echo "Starte zuerst mit: docker-compose up -d"
|
|
exit 1
|
|
fi
|
|
|
|
echo "Warte auf Plesk (max. ${MAX_WAIT}s)..."
|
|
WAITED=0
|
|
while [ $WAITED -lt $MAX_WAIT ]; do
|
|
if docker exec $CONTAINER curl -sk https://localhost:8443/login 2>/dev/null | grep -q "Plesk"; then
|
|
echo "Plesk Panel ist erreichbar!"
|
|
break
|
|
fi
|
|
echo " ... warte ($WAITED s)"
|
|
sleep 10
|
|
WAITED=$((WAITED + 10))
|
|
done
|
|
|
|
if [ $WAITED -ge $MAX_WAIT ]; then
|
|
echo "Timeout! Plesk nicht bereit nach ${MAX_WAIT}s"
|
|
exit 1
|
|
fi
|
|
|
|
sleep 5
|
|
|
|
echo ""
|
|
echo "Konfiguriere Fail2Ban für Entwicklung..."
|
|
# Bantime auf 1 Minute setzen (Standard ist oft 10+ Minuten)
|
|
docker exec $CONTAINER bash -c 'cat > /etc/fail2ban/jail.d/dev-settings.conf << EOF
|
|
[DEFAULT]
|
|
bantime = 60
|
|
findtime = 60
|
|
maxretry = 10
|
|
|
|
[plesk-panel]
|
|
enabled = true
|
|
bantime = 60
|
|
findtime = 60
|
|
maxretry = 10
|
|
|
|
[plesk-apache]
|
|
enabled = true
|
|
bantime = 60
|
|
findtime = 60
|
|
maxretry = 10
|
|
|
|
[plesk-wordpress]
|
|
enabled = false
|
|
|
|
[plesk-proftpd]
|
|
enabled = false
|
|
|
|
[plesk-postfix]
|
|
enabled = false
|
|
|
|
[plesk-dovecot]
|
|
enabled = false
|
|
|
|
[ssh]
|
|
enabled = false
|
|
|
|
[recidive]
|
|
enabled = false
|
|
EOF'
|
|
|
|
# Fail2Ban neu laden
|
|
docker exec $CONTAINER bash -c 'systemctl restart fail2ban 2>/dev/null || service fail2ban restart 2>/dev/null || true'
|
|
echo " -> Bantime auf 60 Sekunden gesetzt"
|
|
|
|
echo ""
|
|
echo "Aktiviere SMTP auf Port 587 (Submission/STARTTLS)..."
|
|
# Konfiguriere Dovecot Auth-Socket für Postfix-Zugriff
|
|
docker exec $CONTAINER bash -c '
|
|
# 1. Postfix-Benutzer zur Dovecot-Gruppe hinzufügen für Socket-Zugriff
|
|
usermod -aG dovecot postfix 2>/dev/null || true
|
|
echo "Postfix zur Dovecot-Gruppe hinzugefügt"
|
|
|
|
# 2. Dovecot-Konfiguration für Postfix SASL erweitern
|
|
# Prüfen ob auth-client bereits für Postfix konfiguriert ist
|
|
if ! grep -q "unix_listener auth-client" /etc/dovecot/conf.d/*auth*.conf 2>/dev/null; then
|
|
# Neue Auth-Socket Konfiguration für Postfix hinzufügen
|
|
cat >> /etc/dovecot/conf.d/10-master.conf << DOVECONF
|
|
|
|
# Auth-Socket für Postfix SASL (OpenCRM Setup)
|
|
service auth {
|
|
unix_listener auth-client {
|
|
mode = 0660
|
|
user = postfix
|
|
group = postfix
|
|
}
|
|
}
|
|
DOVECONF
|
|
echo "Dovecot Auth-Socket für Postfix konfiguriert"
|
|
# Dovecot neu laden
|
|
doveadm reload 2>/dev/null || systemctl reload dovecot 2>/dev/null || true
|
|
fi
|
|
|
|
# 3. Entferne alte submission-Konfiguration falls vorhanden
|
|
if grep -q "^submission" /etc/postfix/master.cf; then
|
|
echo "Entferne alte submission-Konfiguration..."
|
|
awk "/^submission/{skip=1; next} /^[^ \t]/ && skip{skip=0} !skip" /etc/postfix/master.cf > /tmp/master.cf.new
|
|
mv /tmp/master.cf.new /etc/postfix/master.cf
|
|
fi
|
|
|
|
# 4. Neue Submission-Konfiguration hinzufügen
|
|
cat >> /etc/postfix/master.cf << EOF
|
|
|
|
# Submission Port 587 für STARTTLS (OpenCRM Setup)
|
|
submission inet n - n - - smtpd
|
|
-o syslog_name=postfix/submission
|
|
-o smtpd_tls_security_level=encrypt
|
|
-o smtpd_sasl_auth_enable=yes
|
|
-o smtpd_sasl_type=dovecot
|
|
-o smtpd_sasl_path=/run/dovecot/auth-client
|
|
-o smtpd_sasl_security_options=noanonymous
|
|
-o smtpd_recipient_restrictions=permit_sasl_authenticated,reject
|
|
-o smtpd_relay_restrictions=permit_sasl_authenticated,reject
|
|
EOF
|
|
echo "Port 587 mit Dovecot SASL konfiguriert"
|
|
|
|
# 5. Dovecot neustarten damit Socket-Berechtigungen wirksam werden
|
|
systemctl restart dovecot 2>/dev/null || service dovecot restart 2>/dev/null || true
|
|
sleep 1
|
|
|
|
# 6. Socket-Berechtigungen als Fallback direkt setzen
|
|
chmod 666 /run/dovecot/auth-client 2>/dev/null || true
|
|
echo "Auth-Socket Berechtigungen gesetzt"
|
|
|
|
# 7. Postfix komplett neustarten (nicht nur reload)
|
|
postfix stop 2>/dev/null || true
|
|
postfix start
|
|
echo "Postfix neugestartet"
|
|
'
|
|
echo " -> SMTP Submission Port 587 konfiguriert"
|
|
|
|
echo ""
|
|
echo "Setze Admin-Passwort..."
|
|
docker exec $CONTAINER plesk bin admin --set-admin-password -passwd "$ADMIN_PASSWORD" 2>&1
|
|
|
|
echo ""
|
|
echo "Erstelle API-Key..."
|
|
docker exec $CONTAINER plesk bin secret_key --delete -filter "OpenCRM-Test" 2>/dev/null
|
|
KEY_OUTPUT=$(docker exec $CONTAINER plesk bin secret_key --create -description "OpenCRM-Test" 2>&1)
|
|
echo "$KEY_OUTPUT"
|
|
|
|
# Extrahiere den Key (UUID-Format)
|
|
API_KEY=$(echo "$KEY_OUTPUT" | grep -oE '[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}' | head -1)
|
|
|
|
echo ""
|
|
echo "============================================"
|
|
echo "SETUP ABGESCHLOSSEN"
|
|
echo "============================================"
|
|
echo ""
|
|
echo "Plesk Panel:"
|
|
echo " URL: https://localhost:8443"
|
|
echo " Benutzer: admin"
|
|
echo " Passwort: $ADMIN_PASSWORD"
|
|
echo ""
|
|
if [ -n "$API_KEY" ]; then
|
|
echo "API-Key: $API_KEY"
|
|
else
|
|
echo "API-Key: (siehe Ausgabe oben)"
|
|
fi
|
|
echo ""
|
|
echo "============================================"
|
|
echo "DOMAIN MANUELL ERSTELLEN"
|
|
echo "============================================"
|
|
echo ""
|
|
echo "Plesk prüft DNS-Einträge und blockiert externe Domains."
|
|
echo "Domain muss manuell im Panel erstellt werden:"
|
|
echo ""
|
|
echo "1. https://localhost:8443 öffnen"
|
|
echo "2. Login: admin / $ADMIN_PASSWORD"
|
|
echo "3. Tools & Settings > Security > Prohibited Domain Names"
|
|
echo " -> Policy auf 'None' setzen"
|
|
echo "4. Websites & Domains > Add Domain"
|
|
echo "5. Domain: stressfrei-wechseln.de"
|
|
echo "6. Mail-Service aktivieren"
|
|
echo "7. Optional: Tools & Settings > Mail Server Settings"
|
|
echo " -> 'Enable SMTP service on port 587' aktivieren (bereits per Script konfiguriert)"
|
|
echo ""
|
|
echo "============================================"
|
|
echo "OpenCRM Einstellungen"
|
|
echo "============================================"
|
|
echo ""
|
|
echo " Name: Plesk Test"
|
|
echo " Typ: PLESK"
|
|
echo " API-URL: https://localhost:8443"
|
|
if [ -n "$API_KEY" ]; then
|
|
echo " API-Key: $API_KEY"
|
|
else
|
|
echo " Benutzer: admin"
|
|
echo " Passwort: $ADMIN_PASSWORD"
|
|
fi
|
|
echo " Domain: stressfrei-wechseln.de"
|
|
echo ""
|
|
echo "============================================"
|