(simatec) Let's Encrypt added
This commit is contained in:
parent
61a27c6f05
commit
d8cdf12ff7
5 changed files with 208 additions and 65 deletions
50
README.md
50
README.md
|
@ -49,12 +49,6 @@ chmod +x /usr/local/bin/docker-compose
|
||||||
reboot now
|
reboot now
|
||||||
```
|
```
|
||||||
|
|
||||||
* remove postfix
|
|
||||||
|
|
||||||
```
|
|
||||||
apt purge postfix -y
|
|
||||||
```
|
|
||||||
|
|
||||||
* Clone repository
|
* Clone repository
|
||||||
|
|
||||||
```
|
```
|
||||||
|
@ -78,53 +72,21 @@ bash install-piler.sh
|
||||||
|
|
||||||
Congratulations your Piler is installed...
|
Congratulations your Piler is installed...
|
||||||
|
|
||||||
The Piler can now be reached at http://your-domain:8080.
|
If you have Let's Encrypt activated, you can reach the Piler at https://your-piler-domain
|
||||||
|
|
||||||
|
If Let's Encrypt is disabled, the Piler is at http://your-piler-domain or at http://your-local-IP
|
||||||
|
|
||||||
|
|
||||||
> After installation, any changes can be made in piler.conf at any time and the install script can then be run again.
|
> After installation, any changes can be made in piler.conf at any time and the install script can then be run again.
|
||||||
|
|
||||||
|
|
||||||
******************************************************************************************************
|
|
||||||
|
|
||||||
### SSL certificates
|
|
||||||
|
|
||||||
If you want to run your Piler with SSL certificates, which always makes sense if the Piler isn't running locally, then I recommend the Nginx proxy manager for Docker.
|
|
||||||
|
|
||||||
I built my setup with the Nginx.
|
|
||||||
|
|
||||||
The Ngnix can be installed with the following compose.
|
|
||||||
|
|
||||||
Create a docker-compose.yml file similar to this:
|
|
||||||
|
|
||||||
```
|
|
||||||
version: '3'
|
|
||||||
services:
|
|
||||||
app:
|
|
||||||
image: 'jc21/nginx-proxy-manager:latest'
|
|
||||||
restart: unless-stopped
|
|
||||||
ports:
|
|
||||||
- '80:80'
|
|
||||||
- '81:81'
|
|
||||||
- '443:443'
|
|
||||||
volumes:
|
|
||||||
- ./data:/data
|
|
||||||
- ./letsencrypt:/etc/letsencrypt
|
|
||||||
```
|
|
||||||
|
|
||||||
```
|
|
||||||
docker-compose up -d
|
|
||||||
```
|
|
||||||
|
|
||||||
Log in to the Admin UI
|
|
||||||
When your docker container is running, connect to it on port 81 for the admin interface. Sometimes this can take a little bit because of the entropy of keys.
|
|
||||||
|
|
||||||
http://your-domain:81
|
|
||||||
|
|
||||||
|
|
||||||
**********************************************************************************************************
|
**********************************************************************************************************
|
||||||
|
|
||||||
## Changelog
|
## Changelog
|
||||||
|
|
||||||
|
### 0.2.0 (09.03.2022)
|
||||||
|
* (simatec) Let's Encrypt added
|
||||||
|
|
||||||
### 0.1.0 (08.03.2022)
|
### 0.1.0 (08.03.2022)
|
||||||
* (simatec) first beta
|
* (simatec) first beta
|
||||||
|
|
||||||
|
|
|
@ -51,8 +51,8 @@ services:
|
||||||
- TZ=Europe/Berlin
|
- TZ=Europe/Berlin
|
||||||
ports:
|
ports:
|
||||||
- "25:25"
|
- "25:25"
|
||||||
- "8080:80"
|
- "80:80"
|
||||||
- "8443:443"
|
- "443:443"
|
||||||
volumes:
|
volumes:
|
||||||
- piler_etc:/etc/piler
|
- piler_etc:/etc/piler
|
||||||
- piler_var:/var/piler
|
- piler_var:/var/piler
|
109
config/piler-ssl.yml
Normal file
109
config/piler-ssl.yml
Normal file
|
@ -0,0 +1,109 @@
|
||||||
|
version: "3"
|
||||||
|
services:
|
||||||
|
nginx-proxy:
|
||||||
|
image: jwilder/nginx-proxy
|
||||||
|
container_name: nginx-proxy
|
||||||
|
restart: always
|
||||||
|
ports:
|
||||||
|
- "80:80"
|
||||||
|
- "443:443"
|
||||||
|
volumes:
|
||||||
|
- ./nginx-data/certs:/etc/nginx/certs
|
||||||
|
- ./nginx-data/vhost.d:/etc/nginx/vhost.d
|
||||||
|
- ./nginx-data/html:/usr/share/nginx/html
|
||||||
|
- /var/run/docker.sock:/tmp/docker.sock:ro
|
||||||
|
nginx-letsencrypt:
|
||||||
|
image: jrcs/letsencrypt-nginx-proxy-companion
|
||||||
|
container_name: nginx-letsencrypt
|
||||||
|
restart: always
|
||||||
|
volumes_from:
|
||||||
|
- nginx-proxy
|
||||||
|
volumes:
|
||||||
|
- /var/run/docker.sock:/var/run/docker.sock:ro
|
||||||
|
environment:
|
||||||
|
- DEFAULT_EMAIL=${LETSENCRYPT_EMAIL}
|
||||||
|
mysql:
|
||||||
|
image: mariadb:10.5
|
||||||
|
container_name: mysql-piler
|
||||||
|
restart: unless-stopped
|
||||||
|
cap_drop:
|
||||||
|
- ALL
|
||||||
|
cap_add:
|
||||||
|
- dac_override
|
||||||
|
- setuid
|
||||||
|
- setgid
|
||||||
|
environment:
|
||||||
|
- MYSQL_DATABASE=${MYSQL_DATABASE}
|
||||||
|
- MYSQL_USER=${MYSQL_USER}
|
||||||
|
- MYSQL_PASSWORD=${MYSQL_PASSWORD}
|
||||||
|
- MYSQL_RANDOM_ROOT_PASSWORD=yes
|
||||||
|
- "TZ=Europe/Berlin"
|
||||||
|
command: --character-set-server=utf8mb4 --collation-server=utf8mb4_unicode_ci
|
||||||
|
healthcheck:
|
||||||
|
test: mysql --user=${MYSQL_USER} --password=${MYSQL_PASSWORD} piler --execute "show tables"
|
||||||
|
interval: "60s"
|
||||||
|
timeout: "5s"
|
||||||
|
start_period: "15s"
|
||||||
|
retries: 3
|
||||||
|
volumes:
|
||||||
|
- db_data:/var/lib/mysql
|
||||||
|
|
||||||
|
memcached:
|
||||||
|
image: memcached:latest
|
||||||
|
container_name: memcached-piler
|
||||||
|
restart: unless-stopped
|
||||||
|
cap_drop:
|
||||||
|
- ALL
|
||||||
|
command: -m 64
|
||||||
|
|
||||||
|
piler:
|
||||||
|
image: sutoj/piler:1.3.11
|
||||||
|
container_name: piler
|
||||||
|
restart: unless-stopped
|
||||||
|
expose:
|
||||||
|
- "80"
|
||||||
|
hostname: ${PILER_DOMAIN}
|
||||||
|
init: true
|
||||||
|
environment:
|
||||||
|
- MYSQL_DATABASE=${MYSQL_DATABASE}
|
||||||
|
- MYSQL_USER=${MYSQL_USER}
|
||||||
|
- MYSQL_PASSWORD=${MYSQL_PASSWORD}
|
||||||
|
- MYSQL_HOSTNAME=mysql
|
||||||
|
- PILER_HOSTNAME=${PILER_DOMAIN}
|
||||||
|
- MEMCACHED_HOST=memcached
|
||||||
|
- TZ=Europe/Berlin
|
||||||
|
- VIRTUAL_HOST=${PILER_DOMAIN}
|
||||||
|
- LETSENCRYPT_HOST=${PILER_DOMAIN}
|
||||||
|
- LETSENCRYPT_EMAIL=${LETSENCRYPT_EMAIL}
|
||||||
|
ports:
|
||||||
|
- "25:25"
|
||||||
|
volumes:
|
||||||
|
- piler_etc:/etc/piler
|
||||||
|
- piler_var:/var/piler
|
||||||
|
- /etc/localtime:/etc/localtime
|
||||||
|
healthcheck:
|
||||||
|
test: curl -s smtp://localhost/
|
||||||
|
interval: "60s"
|
||||||
|
timeout: "3s"
|
||||||
|
start_period: "15s"
|
||||||
|
retries: 3
|
||||||
|
deploy:
|
||||||
|
resources:
|
||||||
|
reservations:
|
||||||
|
memory: 512M
|
||||||
|
limits:
|
||||||
|
memory: 512M
|
||||||
|
|
||||||
|
depends_on:
|
||||||
|
- "memcached"
|
||||||
|
- "mysql"
|
||||||
|
|
||||||
|
networks:
|
||||||
|
default:
|
||||||
|
external:
|
||||||
|
name: nginx-proxy
|
||||||
|
|
||||||
|
volumes:
|
||||||
|
db_data:
|
||||||
|
piler_etc:
|
||||||
|
piler_var:
|
|
@ -1,22 +1,76 @@
|
||||||
#!/bin/bash
|
#!/bin/bash
|
||||||
|
|
||||||
|
# Colors
|
||||||
|
if [ -z ${BASH_SOURCE} ]; then
|
||||||
|
blue=`echo "\e[1m\e[34m"`
|
||||||
|
green=`echo "\e[1m\e[32m"`
|
||||||
|
greenBold=`echo "\e[1m\e[1;32m"`
|
||||||
|
redBold=`echo "\e[1m\e[1;31m"`
|
||||||
|
red=`echo "\e[1m\e[31m"`
|
||||||
|
purple=`echo "\e[1m\e[35m"`
|
||||||
|
bold=`echo "\e[1m"`
|
||||||
|
normal=`echo "\e[0m"`
|
||||||
|
else
|
||||||
|
blue=`echo -e "\e[1m\e[34m"`
|
||||||
|
green=`echo -e "\e[1m\e[32m"`
|
||||||
|
greenBold=`echo -e "\e[1m\e[1;32m"`
|
||||||
|
redBold=`echo -e "\e[1m\e[1;31m"`
|
||||||
|
puple=`echo -e "\e[1m\e[35m"`
|
||||||
|
bold=`echo -e "\e[1m"`
|
||||||
|
normal=`echo -en "\e[0m"`
|
||||||
|
fi
|
||||||
|
|
||||||
|
HLINE="=================================================================="
|
||||||
|
|
||||||
. ./piler.conf
|
. ./piler.conf
|
||||||
ln -s ./piler.conf .env
|
ln -s ./piler.conf .env
|
||||||
|
|
||||||
|
if [ -f /opt/piler-docker/docker-compose.yml ]; then
|
||||||
|
rm /opt/piler-docker/docker-compose.yml
|
||||||
|
fi
|
||||||
|
|
||||||
|
if [ "$USE_LETSENCRYPT" = "yes" ]; then
|
||||||
|
cp /opt/piler-docker/config/piler-ssl.yml /opt/piler-docker/docker-compose.yml
|
||||||
|
else
|
||||||
|
cp /opt/piler-docker/config/piler-default.yml /opt/piler-docker/docker-compose.yml
|
||||||
|
fi
|
||||||
|
|
||||||
|
while true; do
|
||||||
|
read -ep "Postfix must be uninstalled prior to installation. Do you want to uninstall Postfix now? (y/n): " yn
|
||||||
|
case $yn in
|
||||||
|
[Yy]* ) apt purge postfix -y; break;;
|
||||||
|
[Nn]* ) echo -e "${redBold} The installation process is aborted because Postfix has not been uninstalled.!! ${normal}"; exit;;
|
||||||
|
* ) echo -e "${red} Please confirm with y or n.";;
|
||||||
|
esac
|
||||||
|
done
|
||||||
|
|
||||||
# docker start
|
# docker start
|
||||||
echo
|
echo
|
||||||
echo "==================================="
|
echo "${greenBold}${HLINE}"
|
||||||
echo "start docker-compose for Piler"
|
echo "${greenBold}start docker-compose for Piler"
|
||||||
echo "==================================="
|
echo "${greenBold}${HLINE}${normal}"
|
||||||
echo
|
echo
|
||||||
|
|
||||||
cd /opt/piler-docker
|
cd /opt/piler-docker
|
||||||
|
|
||||||
|
if [ "$USE_LETSENCRYPT" = "yes" ]; then
|
||||||
|
if ! docker network ls | grep -o "nginx-proxy"; then
|
||||||
|
docker network create nginx-proxy
|
||||||
|
|
||||||
|
echo
|
||||||
|
echo "${blue}${HLINE}"
|
||||||
|
echo "${blue}docker network created"
|
||||||
|
echo "${blue}${HLINE}${normal}"
|
||||||
|
echo
|
||||||
|
fi
|
||||||
|
fi
|
||||||
|
|
||||||
docker-compose up -d
|
docker-compose up -d
|
||||||
|
|
||||||
echo
|
echo
|
||||||
echo "==================================="
|
echo "${blue}${HLINE}"
|
||||||
echo "backup the File config-site.php"
|
echo "${blue}backup the File config-site.php"
|
||||||
echo "==================================="
|
echo "${blue}${HLINE}${normal}"
|
||||||
echo
|
echo
|
||||||
|
|
||||||
if [ ! -f /var/lib/docker/volumes/piler-docker_piler_etc/_data/config-site.php.bak ]; then
|
if [ ! -f /var/lib/docker/volumes/piler-docker_piler_etc/_data/config-site.php.bak ]; then
|
||||||
|
@ -27,10 +81,11 @@ else
|
||||||
fi
|
fi
|
||||||
|
|
||||||
echo
|
echo
|
||||||
echo "==================================="
|
echo "${blue}${HLINE}"
|
||||||
echo "set User settings ..."
|
echo "${blue}set User settings ..."
|
||||||
echo "==================================="
|
echo "${blue}${HLINE}${normal}"
|
||||||
echo
|
echo
|
||||||
|
|
||||||
cat >> /var/lib/docker/volumes/piler-docker_piler_etc/_data/config-site.php <<EOF
|
cat >> /var/lib/docker/volumes/piler-docker_piler_etc/_data/config-site.php <<EOF
|
||||||
|
|
||||||
// Smarthost
|
// Smarthost
|
||||||
|
@ -91,9 +146,9 @@ EOF
|
||||||
if [ "$USE_MAILCOW" = true ]; then
|
if [ "$USE_MAILCOW" = true ]; then
|
||||||
|
|
||||||
echo
|
echo
|
||||||
echo "==================================="
|
echo "${blue}${HLINE}"
|
||||||
echo "set Mailcow Api-Key config"
|
echo "set Mailcow Api-Key config"
|
||||||
echo "==================================="
|
echo "${blue}${HLINE}${normal}"
|
||||||
echo
|
echo
|
||||||
|
|
||||||
cat >> /var/lib/docker/volumes/piler-docker_piler_etc/_data/config-site.php <<EOF
|
cat >> /var/lib/docker/volumes/piler-docker_piler_etc/_data/config-site.php <<EOF
|
||||||
|
@ -111,18 +166,22 @@ fi
|
||||||
|
|
||||||
# docker restart
|
# docker restart
|
||||||
echo
|
echo
|
||||||
echo "==================================="
|
echo "${blue}${HLINE}"
|
||||||
echo "restart docker-compose ..."
|
echo "${blue}restart docker-compose ..."
|
||||||
echo "==================================="
|
echo "${blue}${HLINE}${normal}"
|
||||||
echo
|
echo
|
||||||
|
|
||||||
cd /opt/piler-docker
|
cd /opt/piler-docker
|
||||||
docker-compose restart
|
docker-compose restart
|
||||||
|
|
||||||
echo
|
echo
|
||||||
echo "======================================================================="
|
echo "${greenBold}${HLINE}"
|
||||||
echo "Piler install completed successfully"
|
echo "${greenBold}Piler install completed successfully"
|
||||||
echo
|
echo
|
||||||
echo "you can start in your Browser with http://${PILER_DOMAIN}:8080!"
|
if [ "$USE_LETSENCRYPT" = "yes" ]; then
|
||||||
echo "======================================================================="
|
echo "${greenBold}you can start in your Browser with https://${PILER_DOMAIN}!"
|
||||||
|
else
|
||||||
|
echo "${greenBold}you can start in your Browser with http://${PILER_DOMAIN} or http://local-ip!"
|
||||||
|
fi
|
||||||
|
echo "${greenBold}${HLINE}${normal}"
|
||||||
echo
|
echo
|
||||||
|
|
13
piler.conf
13
piler.conf
|
@ -38,6 +38,19 @@ MYSQL_PASSWORD="<your-mysql-password>"
|
||||||
|
|
||||||
#############################################
|
#############################################
|
||||||
|
|
||||||
|
########### Let's Encrypt Settings #################
|
||||||
|
|
||||||
|
# Enabled / Disabled (yes/no) Let's Encrypt
|
||||||
|
# For local Run disabled
|
||||||
|
|
||||||
|
USE_LETSENCRYPT="yes"
|
||||||
|
|
||||||
|
# Let's Encrypt registration contact information
|
||||||
|
|
||||||
|
LETSENCRYPT_EMAIL="admin@example.com"
|
||||||
|
|
||||||
|
#############################################
|
||||||
|
|
||||||
######### optional Mailcow Settings #########
|
######### optional Mailcow Settings #########
|
||||||
|
|
||||||
# if Use Mailcow API Options set "true"
|
# if Use Mailcow API Options set "true"
|
||||||
|
|
Loading…
Reference in a new issue