(simatec) Let's Encrypt added

2022-03-09 14:28:14 +01:00 · 2022-03-09 14:28:14 +01:00 · d8cdf12ff7
commit d8cdf12ff7
parent 61a27c6f05
5 changed files with 208 additions and 65 deletions
--- a/README.md
+++ b/README.md
@ -49,12 +49,6 @@ chmod +x /usr/local/bin/docker-compose
 reboot now
 ```

-* remove postfix
-
-```
-apt purge postfix -y
-```
-
 * Clone repository

 ```
@ -78,53 +72,21 @@ bash install-piler.sh

 Congratulations your Piler is installed...

-The Piler can now be reached at http://your-domain:8080.
+If you have Let's Encrypt activated, you can reach the Piler at https://your-piler-domain
+
+If Let's Encrypt is disabled, the Piler is at http://your-piler-domain or at http://your-local-IP


 > After installation, any changes can be made in piler.conf at any time and the install script can then be run again.


-******************************************************************************************************
-
-### SSL certificates
-
-If you want to run your Piler with SSL certificates, which always makes sense if the Piler isn't running locally, then I recommend the Nginx proxy manager for Docker.
-
-I built my setup with the Nginx.
-
-The Ngnix can be installed with the following compose.
-
-Create a docker-compose.yml file similar to this:
-
-```
-version: '3'
-services:
-  app:
-    image: 'jc21/nginx-proxy-manager:latest'
-    restart: unless-stopped
-    ports:
-      - '80:80'
-      - '81:81'
-      - '443:443'
-    volumes:
-      - ./data:/data
-      - ./letsencrypt:/etc/letsencrypt
-```
-
-```
-docker-compose up -d
-```
-
-Log in to the Admin UI
-When your docker container is running, connect to it on port 81 for the admin interface. Sometimes this can take a little bit because of the entropy of keys.
-
-http://your-domain:81
-
-
 **********************************************************************************************************

 ## Changelog

+### 0.2.0 (09.03.2022)
+* (simatec) Let's Encrypt added
+
 ### 0.1.0 (08.03.2022)
 * (simatec) first beta

--- a/config/piler-default.yml
+++ b/config/piler-default.yml
@ -51,8 +51,8 @@ services:
      - TZ=Europe/Berlin
    ports:
      - "25:25"
-      - "8080:80"
-      - "8443:443"
+      - "80:80"
+      - "443:443"
    volumes:
      - piler_etc:/etc/piler
      - piler_var:/var/piler
--- a/config/piler-ssl.yml
+++ b/config/piler-ssl.yml
@ -0,0 +1,109 @@
+version: "3"
+services:
+  nginx-proxy:
+    image: jwilder/nginx-proxy
+    container_name: nginx-proxy
+    restart: always
+    ports:
+      - "80:80"
+      - "443:443"
+    volumes:
+      - ./nginx-data/certs:/etc/nginx/certs
+      - ./nginx-data/vhost.d:/etc/nginx/vhost.d
+      - ./nginx-data/html:/usr/share/nginx/html
+      - /var/run/docker.sock:/tmp/docker.sock:ro
+  nginx-letsencrypt:
+    image: jrcs/letsencrypt-nginx-proxy-companion
+    container_name: nginx-letsencrypt
+    restart: always
+    volumes_from:
+      - nginx-proxy
+    volumes:
+      - /var/run/docker.sock:/var/run/docker.sock:ro
+    environment:
+      - DEFAULT_EMAIL=${LETSENCRYPT_EMAIL}
+  mysql:
+    image: mariadb:10.5
+    container_name: mysql-piler
+    restart: unless-stopped
+    cap_drop:
+      - ALL
+    cap_add:
+      - dac_override
+      - setuid
+      - setgid
+    environment:
+      - MYSQL_DATABASE=${MYSQL_DATABASE}
+      - MYSQL_USER=${MYSQL_USER}
+      - MYSQL_PASSWORD=${MYSQL_PASSWORD}
+      - MYSQL_RANDOM_ROOT_PASSWORD=yes
+      - "TZ=Europe/Berlin"
+    command: --character-set-server=utf8mb4 --collation-server=utf8mb4_unicode_ci
+    healthcheck:
+      test: mysql --user=${MYSQL_USER} --password=${MYSQL_PASSWORD} piler --execute "show tables"
+      interval: "60s"
+      timeout: "5s"
+      start_period: "15s"
+      retries: 3
+    volumes:
+      - db_data:/var/lib/mysql
+
+  memcached:
+    image: memcached:latest
+    container_name: memcached-piler
+    restart: unless-stopped
+    cap_drop:
+      - ALL
+    command: -m 64
+
+  piler:
+    image: sutoj/piler:1.3.11
+    container_name: piler
+    restart: unless-stopped
+    expose:
+      - "80"
+    hostname: ${PILER_DOMAIN}
+    init: true
+    environment:
+      - MYSQL_DATABASE=${MYSQL_DATABASE}
+      - MYSQL_USER=${MYSQL_USER}
+      - MYSQL_PASSWORD=${MYSQL_PASSWORD}
+      - MYSQL_HOSTNAME=mysql
+      - PILER_HOSTNAME=${PILER_DOMAIN}
+      - MEMCACHED_HOST=memcached
+      - TZ=Europe/Berlin
+      - VIRTUAL_HOST=${PILER_DOMAIN}
+      - LETSENCRYPT_HOST=${PILER_DOMAIN}
+      - LETSENCRYPT_EMAIL=${LETSENCRYPT_EMAIL}
+    ports:
+      - "25:25"
+    volumes:
+      - piler_etc:/etc/piler
+      - piler_var:/var/piler
+      - /etc/localtime:/etc/localtime
+    healthcheck:
+      test: curl -s smtp://localhost/
+      interval: "60s"
+      timeout: "3s"
+      start_period: "15s"
+      retries: 3
+    deploy:
+      resources:
+        reservations:
+          memory: 512M
+        limits:
+          memory: 512M
+
+    depends_on:
+      - "memcached"
+      - "mysql"
+
+networks:
+  default:
+    external:
+      name: nginx-proxy
+
+volumes:
+  db_data:
+  piler_etc:
+  piler_var:
--- a/install-piler.sh
+++ b/install-piler.sh
@ -1,22 +1,76 @@
 #!/bin/bash

+# Colors
+if [ -z ${BASH_SOURCE} ]; then
+	blue=`echo "\e[1m\e[34m"`
+	green=`echo "\e[1m\e[32m"`
+	greenBold=`echo "\e[1m\e[1;32m"`
+	redBold=`echo "\e[1m\e[1;31m"`
+	red=`echo "\e[1m\e[31m"`
+	purple=`echo "\e[1m\e[35m"`
+	bold=`echo "\e[1m"`
+  	normal=`echo "\e[0m"`
+else
+  	blue=`echo -e "\e[1m\e[34m"`
+  	green=`echo -e "\e[1m\e[32m"`
+  	greenBold=`echo -e "\e[1m\e[1;32m"`
+	redBold=`echo -e "\e[1m\e[1;31m"`
+	puple=`echo -e "\e[1m\e[35m"`
+	bold=`echo -e "\e[1m"`
+  	normal=`echo -en "\e[0m"`
+fi
+
+HLINE="=================================================================="
+
 . ./piler.conf
 ln -s ./piler.conf .env

+if [ -f /opt/piler-docker/docker-compose.yml ]; then
+    rm /opt/piler-docker/docker-compose.yml
+fi
+
+if [ "$USE_LETSENCRYPT" = "yes" ]; then
+    cp /opt/piler-docker/config/piler-ssl.yml /opt/piler-docker/docker-compose.yml
+else
+    cp /opt/piler-docker/config/piler-default.yml /opt/piler-docker/docker-compose.yml
+fi
+
+while true; do
+    read -ep "Postfix must be uninstalled prior to installation. Do you want to uninstall Postfix now? (y/n): " yn
+    case $yn in
+        [Yy]* ) apt purge postfix -y; break;;
+        [Nn]* ) echo -e "${redBold}    The installation process is aborted because Postfix has not been uninstalled.!! ${normal}"; exit;;
+        * ) echo -e "${red} Please confirm with y or n.";;
+    esac
+done
+
 # docker start
 echo
-echo "==================================="
-echo "start docker-compose for Piler"
-echo "==================================="
+echo "${greenBold}${HLINE}"
+echo "${greenBold}start docker-compose for Piler"
+echo "${greenBold}${HLINE}${normal}"
 echo

 cd /opt/piler-docker
+
+if [ "$USE_LETSENCRYPT" = "yes" ]; then
+    if ! docker network ls | grep -o "nginx-proxy"; then
+        docker network create nginx-proxy
+
+        echo
+        echo "${blue}${HLINE}"
+        echo "${blue}docker network created"
+        echo "${blue}${HLINE}${normal}"
+        echo
+    fi
+fi
+
 docker-compose up -d

 echo
-echo "==================================="
-echo "backup the File config-site.php"
-echo "==================================="
+echo "${blue}${HLINE}"
+echo "${blue}backup the File config-site.php"
+echo "${blue}${HLINE}${normal}"
 echo

 if [ ! -f /var/lib/docker/volumes/piler-docker_piler_etc/_data/config-site.php.bak ]; then
@ -27,10 +81,11 @@ else
 fi

 echo
-echo "==================================="
-echo "set User settings ..."
-echo "==================================="
+echo "${blue}${HLINE}"
+echo "${blue}set User settings ..."
+echo "${blue}${HLINE}${normal}"
 echo
+
 cat >> /var/lib/docker/volumes/piler-docker_piler_etc/_data/config-site.php <<EOF

 // Smarthost
@ -88,12 +143,12 @@ cat >> /var/lib/docker/volumes/piler-docker_piler_etc/_data/config-site.php <<EO
 //\$config['LDAP_DISTRIBUTIONLIST_ATTR'] = 'mailAlternativeAddress';
 EOF

-if [ "$USE_MAILCOW" = true ] ; then
+if [ "$USE_MAILCOW" = true ]; then

 echo
-echo "==================================="
+echo "${blue}${HLINE}"
 echo "set Mailcow Api-Key config"
-echo "==================================="
+echo "${blue}${HLINE}${normal}"
 echo

 cat >> /var/lib/docker/volumes/piler-docker_piler_etc/_data/config-site.php <<EOF
@ -111,18 +166,22 @@ fi

 # docker restart
 echo
-echo "==================================="
-echo "restart docker-compose ..."
-echo "==================================="
+echo "${blue}${HLINE}"
+echo "${blue}restart docker-compose ..."
+echo "${blue}${HLINE}${normal}"
 echo

 cd /opt/piler-docker
 docker-compose restart

 echo
-echo "======================================================================="
-echo "Piler install completed successfully"
+echo "${greenBold}${HLINE}"
+echo "${greenBold}Piler install completed successfully"
 echo
-echo "you can start in your Browser with http://${PILER_DOMAIN}:8080!"
-echo "======================================================================="
+if [ "$USE_LETSENCRYPT" = "yes" ]; then
+    echo "${greenBold}you can start in your Browser with https://${PILER_DOMAIN}!"
+else
+    echo "${greenBold}you can start in your Browser with http://${PILER_DOMAIN} or http://local-ip!"
+fi
+echo "${greenBold}${HLINE}${normal}"
 echo
--- a/piler.conf
+++ b/piler.conf
@ -38,6 +38,19 @@ MYSQL_PASSWORD="<your-mysql-password>"

 #############################################

+########### Let's Encrypt Settings #################
+
+# Enabled / Disabled (yes/no) Let's Encrypt 
+# For local Run disabled
+
+USE_LETSENCRYPT="yes"
+
+# Let's Encrypt registration contact information
+
+LETSENCRYPT_EMAIL="admin@example.com"
+
+#############################################
+
 ######### optional Mailcow Settings #########

 # if Use Mailcow API Options set "true"