diff --git a/mailcow/install.sh b/mailcow/install.sh new file mode 100644 index 0000000..50ce338 --- /dev/null +++ b/mailcow/install.sh @@ -0,0 +1,77 @@ +#!/bin/bash +# Mailcow install script +# Run on the Mailcow VM (10.48.200.82) after first SSH login: +# ssh ubuntu@10.48.200.82 +# bash <(curl -s https://raw.githubusercontent.com/myronblair/ProxMailcow/main/mailcow/install.sh) + +set -euo pipefail + +MAILCOW_HOSTNAME="mail.web.orbishosting.com" +MAILCOW_TZ="America/New_York" +MAILCOW_DIR="/opt/mailcow-dockerized" + +echo "=== Installing Docker ===" +curl -fsSL https://get.docker.com | sh +usermod -aG docker ubuntu +systemctl enable docker + +echo "=== Cloning Mailcow ===" +git clone https://github.com/mailcow/mailcow-dockerized "$MAILCOW_DIR" +cd "$MAILCOW_DIR" + +echo "=== Generating Mailcow config ===" +MAILCOW_HOSTNAME="$MAILCOW_HOSTNAME" \ +MAILCOW_TZ="$MAILCOW_TZ" \ + ./generate_config.sh + +echo "=== Applying reverse proxy settings ===" +# Run behind Nginx Proxy Manager: +# HTTP on port 8080 (NPM proxies this) +# HTTPS only on localhost (NPM handles external SSL) +sed -i 's/^HTTP_PORT=.*/HTTP_PORT=8080/' mailcow.conf +sed -i 's/^HTTP_BIND=.*/HTTP_BIND=0.0.0.0/' mailcow.conf +sed -i 's/^HTTPS_PORT=.*/HTTPS_PORT=8443/' mailcow.conf +sed -i 's/^HTTPS_BIND=.*/HTTPS_BIND=127.0.0.1/' mailcow.conf + +echo "=== Pulling Docker images (this takes 5-10 min) ===" +docker compose pull + +echo "=== Starting Mailcow ===" +docker compose up -d + +echo "=== Creating systemd service ===" +cat > /etc/systemd/system/mailcow.service << 'SERVICE' +[Unit] +Description=Mailcow Email Server +After=docker.service +Requires=docker.service + +[Service] +Type=oneshot +RemainAfterExit=yes +WorkingDirectory=/opt/mailcow-dockerized +ExecStart=/usr/bin/docker compose up -d +ExecStop=/usr/bin/docker compose down +TimeoutStartSec=0 + +[Install] +WantedBy=multi-user.target +SERVICE + +systemctl daemon-reload +systemctl enable mailcow.service + +echo "" +echo "=== MAILCOW INSTALL COMPLETE ===" +echo "Internal web UI: http://10.48.200.82:8080" +echo "Public URL (after NPM + FortiGate): https://mail.web.orbishosting.com" +echo "Default admin: admin / moohoo — CHANGE IMMEDIATELY" +echo "" +echo "Container status:" +cd "$MAILCOW_DIR" && docker compose ps +echo "" +echo "Next steps:" +echo " 1. Configure NPM proxy host (see nginx-proxy-manager/npm-proxy-setup.md)" +echo " 2. Apply FortiGate changes (see docs/fortigate-changes.md)" +echo " 3. Configure DNS (see docs/dns-records.md)" +echo " 4. Add domain and mailboxes (see mailcow/post-install.md)" diff --git a/nginx-proxy-manager/install.sh b/nginx-proxy-manager/install.sh new file mode 100644 index 0000000..e19f2ef --- /dev/null +++ b/nginx-proxy-manager/install.sh @@ -0,0 +1,64 @@ +#!/bin/bash +# Nginx Proxy Manager install script +# Run on the NPM VM (10.48.200.80) after first SSH login: +# ssh ubuntu@10.48.200.80 +# bash <(curl -s https://raw.githubusercontent.com/myronblair/ProxMailcow/main/nginx-proxy-manager/install.sh) + +set -euo pipefail + +echo "=== Installing Docker ===" +curl -fsSL https://get.docker.com | sh +usermod -aG docker ubuntu +systemctl enable docker + +echo "=== Setting up Nginx Proxy Manager ===" +mkdir -p /opt/npm/data /opt/npm/letsencrypt + +cat > /opt/npm/docker-compose.yml << 'COMPOSE' +version: '3.8' +services: + npm: + image: jc21/nginx-proxy-manager:latest + restart: unless-stopped + ports: + - "80:80" + - "443:443" + - "81:81" + volumes: + - ./data:/data + - ./letsencrypt:/etc/letsencrypt + environment: + DISABLE_IPV6: "true" +COMPOSE + +echo "=== Starting NPM ===" +cd /opt/npm && docker compose up -d + +echo "=== Creating systemd service ===" +cat > /etc/systemd/system/npm.service << 'SERVICE' +[Unit] +Description=Nginx Proxy Manager +After=docker.service +Requires=docker.service + +[Service] +Type=oneshot +RemainAfterExit=yes +WorkingDirectory=/opt/npm +ExecStart=/usr/bin/docker compose up -d +ExecStop=/usr/bin/docker compose down + +[Install] +WantedBy=multi-user.target +SERVICE + +systemctl daemon-reload +systemctl enable npm.service + +echo "" +echo "=== NPM INSTALL COMPLETE ===" +echo "Admin UI: http://10.48.200.80:81" +echo "Default login: admin@example.com / changeme" +echo "CHANGE THE PASSWORD IMMEDIATELY." +echo "" +echo "Next step: Configure proxy hosts per nginx-proxy-manager/npm-proxy-setup.md" diff --git a/proxmox/snippets/mailcow-cloud-init.yaml b/proxmox/snippets/mailcow-cloud-init.yaml index fa5f535..b28293a 100644 --- a/proxmox/snippets/mailcow-cloud-init.yaml +++ b/proxmox/snippets/mailcow-cloud-init.yaml @@ -1,7 +1,6 @@ #cloud-config # Mailcow VM - Ubuntu 24.04 -# VM 201 | IP: 10.48.200.82 -# Hostname: mail.web.orbishosting.com +# Minimal cloud-init: SSH access only. Run mailcow/install.sh after first login. ssh_pwauth: true @@ -9,81 +8,25 @@ users: - name: ubuntu sudo: ALL=(ALL) NOPASSWD:ALL shell: /bin/bash + lock_passwd: false ssh_authorized_keys: - ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBkYziIaOaq3RvncBi92m7jy96UxC8dm2VNeWDP2dyhs proxmailcow-admin +chpasswd: + list: | + ubuntu:mailstack2024! + expire: false + package_update: true -package_upgrade: true packages: + - qemu-guest-agent - curl - ca-certificates - git - - htop - - net-tools - nftables - - qemu-guest-agent runcmd: - # Enable and start qemu-guest-agent - - systemctl enable qemu-guest-agent - - systemctl start qemu-guest-agent - - # Set hostname (Mailcow requires this to match MAILCOW_HOSTNAME) + - systemctl enable qemu-guest-agent --now - hostnamectl set-hostname mail.web.orbishosting.com - - echo "127.0.0.1 mail.web.orbishosting.com mail" >> /etc/hosts - - # Install Docker - - curl -fsSL https://get.docker.com | sh - - systemctl enable docker - - usermod -aG docker ubuntu - - # Install Mailcow - - git clone https://github.com/mailcow/mailcow-dockerized /opt/mailcow-dockerized - - # Generate Mailcow config non-interactively - - | - cd /opt/mailcow-dockerized - MAILCOW_HOSTNAME=mail.web.orbishosting.com \ - MAILCOW_TZ=America/New_York \ - ./generate_config.sh - - # Configure Mailcow to run behind NPM reverse proxy - # HTTP on 8080 (proxied by NPM), HTTPS bound only to localhost - - | - sed -i 's/^HTTP_PORT=.*/HTTP_PORT=8080/' /opt/mailcow-dockerized/mailcow.conf - sed -i 's/^HTTP_BIND=.*/HTTP_BIND=0.0.0.0/' /opt/mailcow-dockerized/mailcow.conf - sed -i 's/^HTTPS_PORT=.*/HTTPS_PORT=8443/' /opt/mailcow-dockerized/mailcow.conf - sed -i 's/^HTTPS_BIND=.*/HTTPS_BIND=127.0.0.1/' /opt/mailcow-dockerized/mailcow.conf - - # Pull images and start Mailcow - - cd /opt/mailcow-dockerized && docker compose pull - - cd /opt/mailcow-dockerized && docker compose up -d - - # Add Mailcow startup service - - | - cat > /etc/systemd/system/mailcow.service << 'SERVICE' - [Unit] - Description=Mailcow Email Server - After=docker.service - Requires=docker.service - - [Service] - Type=oneshot - RemainAfterExit=yes - WorkingDirectory=/opt/mailcow-dockerized - ExecStart=/usr/bin/docker compose up -d - ExecStop=/usr/bin/docker compose down - TimeoutStartSec=0 - - [Install] - WantedBy=multi-user.target - SERVICE - - - systemctl enable mailcow.service - -final_message: | - Mailcow VM is ready. - Web UI accessible internally at: http://10.48.200.82:8080 - Default admin: admin / moohoo - CHANGE THE PASSWORD IMMEDIATELY after DNS and NPM proxy are configured. + - echo "127.0.1.1 mail.web.orbishosting.com mail" >> /etc/hosts diff --git a/proxmox/snippets/npm-cloud-init.yaml b/proxmox/snippets/npm-cloud-init.yaml index 64a139a..cd7f1ca 100644 --- a/proxmox/snippets/npm-cloud-init.yaml +++ b/proxmox/snippets/npm-cloud-init.yaml @@ -1,6 +1,6 @@ #cloud-config # Nginx Proxy Manager VM - Ubuntu 24.04 -# VM 200 | IP: 10.48.200.80 +# Minimal cloud-init: SSH access only. Run nginx-proxy-manager/install.sh after first login. ssh_pwauth: true @@ -8,78 +8,22 @@ users: - name: ubuntu sudo: ALL=(ALL) NOPASSWD:ALL shell: /bin/bash + lock_passwd: false ssh_authorized_keys: - ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBkYziIaOaq3RvncBi92m7jy96UxC8dm2VNeWDP2dyhs proxmailcow-admin +chpasswd: + list: | + ubuntu:mailstack2024! + expire: false + package_update: true -package_upgrade: true packages: + - qemu-guest-agent - curl - ca-certificates - git - - htop - - net-tools - - qemu-guest-agent runcmd: - # Enable and start qemu-guest-agent - - systemctl enable qemu-guest-agent - - systemctl start qemu-guest-agent - - # Install Docker - - curl -fsSL https://get.docker.com | sh - - systemctl enable docker - - usermod -aG docker ubuntu - - # Create NPM directory - - mkdir -p /opt/npm/data /opt/npm/letsencrypt - - # Write docker-compose.yml - - | - cat > /opt/npm/docker-compose.yml << 'COMPOSE' - version: '3.8' - services: - npm: - image: jc21/nginx-proxy-manager:latest - restart: unless-stopped - ports: - - "80:80" - - "443:443" - - "81:81" - volumes: - - ./data:/data - - ./letsencrypt:/etc/letsencrypt - environment: - DISABLE_IPV6: "true" - COMPOSE - - # Start NPM - - cd /opt/npm && docker compose up -d - - # Add compose startup on boot - - | - cat > /etc/systemd/system/npm.service << 'SERVICE' - [Unit] - Description=Nginx Proxy Manager - After=docker.service - Requires=docker.service - - [Service] - Type=oneshot - RemainAfterExit=yes - WorkingDirectory=/opt/npm - ExecStart=/usr/bin/docker compose up -d - ExecStop=/usr/bin/docker compose down - - [Install] - WantedBy=multi-user.target - SERVICE - - - systemctl enable npm.service - -final_message: | - NPM VM is ready. - Admin UI: http://10.48.200.80:81 - Default login: admin@example.com / changeme - CHANGE THE PASSWORD IMMEDIATELY. + - systemctl enable qemu-guest-agent --now