Home Esplora Aiuto
Accedi
mirrors
/
mailcow-dockerized
mirror da https://github.com/mailcow/mailcow-dockerized
2
0
Forka 0
File Problemi 0 Wiki
Sfoglia il codice sorgente

[Web] add github version tag

FreddleSpl0it 3 anni fa
parent
c520f21d28
commit
a1a96bfabb
2 ha cambiato i file con 0 aggiunte e 1137 eliminazioni
Visualizzazione unificata Mostra Diff Stats
  1. 0 379
      generate_config.sh
  2. 0 758
      update.sh

+ 0 - 379
generate_config.sh
Vedi File 

@@ -1,379 +0,0 @@
 
-#!/usr/bin/env bash
 
-
 
-set -o pipefail
 
-
 
-if [[ "$(uname -r)" =~ ^4\.15\.0-60 ]]; then
 
-  echo "DO NOT RUN mailcow ON THIS UBUNTU KERNEL!";
 
-  echo "Please update to 5.x or use another distribution."
 
-  exit 1
 
-fi
 
-
 
-if [[ "$(uname -r)" =~ ^4\.4\. ]]; then
 
-  if grep -q Ubuntu <<< $(uname -a); then
 
-    echo "DO NOT RUN mailcow ON THIS UBUNTU KERNEL!";
 
-    echo "Please update to linux-generic-hwe-16.04 by running \"apt-get install --install-recommends linux-generic-hwe-16.04\""
 
-    exit 1
 
-  fi
 
-fi
 
-
 
-if grep --help 2>&1 | grep -q -i "busybox"; then
 
-  echo "BusyBox grep detected, please install gnu grep, \"apk add --no-cache --upgrade grep\""
 
-  exit 1
 
-fi
 
-if cp --help 2>&1 | grep -q -i "busybox"; then
 
-  echo "BusyBox cp detected, please install coreutils, \"apk add --no-cache --upgrade coreutils\""
 
-  exit 1
 
-fi
 
-
 
-for bin in openssl curl docker-compose docker git awk sha1sum; do
 
-  if [[ -z $(which ${bin}) ]]; then echo "Cannot find ${bin}, exiting..."; exit 1; fi
 
-done
 
-
 
-if [ -f mailcow.conf ]; then
 
-  read -r -p "A config file exists and will be overwritten, are you sure you want to continue? [y/N] " response
 
-  case $response in
 
-    [yY][eE][sS]|[yY])
 
-      mv mailcow.conf mailcow.conf_backup
 
-      chmod 600 mailcow.conf_backup
 
-      ;;
 
-    *)
 
-      exit 1
 
-    ;;
 
-  esac
 
-fi
 
-
 
-echo "Press enter to confirm the detected value '[value]' where applicable or enter a custom value."
 
-while [ -z "${MAILCOW_HOSTNAME}" ]; do
 
-  read -p "Mail server hostname (FQDN) - this is not your mail domain, but your mail servers hostname: " -e MAILCOW_HOSTNAME
 
-  DOTS=${MAILCOW_HOSTNAME//[^.]};
 
-  if [ ${#DOTS} -lt 2 ] && [ ! -z ${MAILCOW_HOSTNAME} ]; then
 
-    echo "${MAILCOW_HOSTNAME} is not a FQDN"
 
-    MAILCOW_HOSTNAME=
 
-  fi
 
-done
 
-
 
-if [ -a /etc/timezone ]; then
 
-  DETECTED_TZ=$(cat /etc/timezone)
 
-elif [ -a /etc/localtime ]; then
 
-  DETECTED_TZ=$(readlink /etc/localtime|sed -n 's|^.*zoneinfo/||p')
 
-fi
 
-
 
-while [ -z "${MAILCOW_TZ}" ]; do
 
-  if [ -z "${DETECTED_TZ}" ]; then
 
-    read -p "Timezone: " -e MAILCOW_TZ
 
-  else
 
-    read -p "Timezone [${DETECTED_TZ}]: " -e MAILCOW_TZ
 
-    [ -z "${MAILCOW_TZ}" ] && MAILCOW_TZ=${DETECTED_TZ}
 
-  fi
 
-done
 
-
 
-MEM_TOTAL=$(awk '/MemTotal/ {print $2}' /proc/meminfo)
 
-
 
-if [ ${MEM_TOTAL} -le "2621440" ]; then
 
-  echo "Installed memory is <= 2.5 GiB. It is recommended to disable ClamAV to prevent out-of-memory situations."
 
-  echo "ClamAV can be re-enabled by setting SKIP_CLAMD=n in mailcow.conf."
 
-  read -r -p  "Do you want to disable ClamAV now? [Y/n] " response
 
-  case $response in
 
-    [nN][oO]|[nN])
 
-      SKIP_CLAMD=n
 
-      ;;
 
-    *)
 
-      SKIP_CLAMD=y
 
-    ;;
 
-  esac
 
-else
 
-  SKIP_CLAMD=n
 
-fi
 
-
 
-if [ ${MEM_TOTAL} -le "2097152" ]; then
 
-  echo "Disabling Solr on low-memory system."
 
-  SKIP_SOLR=y
 
-elif [ ${MEM_TOTAL} -le "3670016" ]; then
 
-  echo "Installed memory is <= 3.5 GiB. It is recommended to disable Solr to prevent out-of-memory situations."
 
-  echo "Solr is a prone to run OOM and should be monitored. The default Solr heap size is 1024 MiB and should be set in mailcow.conf according to your expected load."
 
-  echo "Solr can be re-enabled by setting SKIP_SOLR=n in mailcow.conf but will refuse to start with less than 2 GB total memory."
 
-  read -r -p  "Do you want to disable Solr now? [Y/n] " response
 
-  case $response in
 
-    [nN][oO]|[nN])
 
-      SKIP_SOLR=n
 
-      ;;
 
-    *)
 
-      SKIP_SOLR=y
 
-    ;;
 
-  esac
 
-else
 
-  SKIP_SOLR=n
 
-fi
 
-
 
-[ ! -f ./data/conf/rspamd/override.d/worker-controller-password.inc ] && echo '# Placeholder' > ./data/conf/rspamd/override.d/worker-controller-password.inc
 
-
 
-cat << EOF > mailcow.conf
 
-# ------------------------------
 
-# mailcow web ui configuration
 
-# ------------------------------
 
-# example.org is _not_ a valid hostname, use a fqdn here.
 
-# Default admin user is "admin"
 
-# Default password is "moohoo"
 
-
 
-MAILCOW_HOSTNAME=${MAILCOW_HOSTNAME}
 
-
 
-# Password hash algorithm
 
-# Only certain password hash algorithm are supported. For a fully list of supported schemes,
 
-# see https://mailcow.github.io/mailcow-dockerized-docs/models/model-passwd/
 
-MAILCOW_PASS_SCHEME=BLF-CRYPT
 
-
 
-# ------------------------------
 
-# SQL database configuration
 
-# ------------------------------
 
-
 
-DBNAME=mailcow
 
-DBUSER=mailcow
 
-
 
-# Please use long, random alphanumeric strings (A-Za-z0-9)
 
-
 
-DBPASS=$(LC_ALL=C </dev/urandom tr -dc A-Za-z0-9 | head -c 28)
 
-DBROOT=$(LC_ALL=C </dev/urandom tr -dc A-Za-z0-9 | head -c 28)
 
-
 
-# ------------------------------
 
-# HTTP/S Bindings
 
-# ------------------------------
 
-
 
-# You should use HTTPS, but in case of SSL offloaded reverse proxies:
 
-# Might be important: This will also change the binding within the container.
 
-# If you use a proxy within Docker, point it to the ports you set below.
 
-# Do _not_ use IP:PORT in HTTP(S)_BIND or HTTP(S)_PORT
 
-# IMPORTANT: Do not use port 8081, 9081 or 65510!
 
-# Example: HTTP_BIND=1.2.3.4
 
-# For IPv4 and IPv6 leave it empty: HTTP_BIND= & HTTPS_PORT=
 
-# For IPv6 see https://mailcow.github.io/mailcow-dockerized-docs/post_installation/firststeps-ip_bindings/
 
-
 
-HTTP_PORT=80
 
-HTTP_BIND=
 
-
 
-HTTPS_PORT=443
 
-HTTPS_BIND=
 
-
 
-# ------------------------------
 
-# Other bindings
 
-# ------------------------------
 
-# You should leave that alone
 
-# Format: 11.22.33.44:25 or 12.34.56.78:465 etc.
 
-
 
-SMTP_PORT=25
 
-SMTPS_PORT=465
 
-SUBMISSION_PORT=587
 
-IMAP_PORT=143
 
-IMAPS_PORT=993
 
-POP_PORT=110
 
-POPS_PORT=995
 
-SIEVE_PORT=4190
 
-DOVEADM_PORT=127.0.0.1:19991
 
-SQL_PORT=127.0.0.1:13306
 
-SOLR_PORT=127.0.0.1:18983
 
-REDIS_PORT=127.0.0.1:7654
 
-
 
-# Your timezone
 
-# See https://en.wikipedia.org/wiki/List_of_tz_database_time_zones for a list of timezones
 
-# Use the row named 'TZ database name' + pay attention for 'Notes' row
 
-
 
-TZ=${MAILCOW_TZ}
 
-
 
-# Fixed project name
 
-# Please use lowercase letters only
 
-
 
-COMPOSE_PROJECT_NAME=mailcowdockerized
 
-
 
-# Set this to "allow" to enable the anyone pseudo user. Disabled by default.
 
-# When enabled, ACL can be created, that apply to "All authenticated users"
 
-# This should probably only be activated on mail hosts, that are used exclusivly by one organisation.
 
-# Otherwise a user might share data with too many other users.
 
-ACL_ANYONE=disallow
 
-
 
-# Garbage collector cleanup
 
-# Deleted domains and mailboxes are moved to /var/vmail/_garbage/timestamp_sanitizedstring
 
-# How long should objects remain in the garbage until they are being deleted? (value in minutes)
 
-# Check interval is hourly
 
-
 
-MAILDIR_GC_TIME=7200
 
-
 
-# Additional SAN for the certificate
 
-#
 
-# You can use wildcard records to create specific names for every domain you add to mailcow.
 
-# Example: Add domains "example.com" and "example.net" to mailcow, change ADDITIONAL_SAN to a value like:
 
-#ADDITIONAL_SAN=imap.*,smtp.*
 
-# This will expand the certificate to "imap.example.com", "smtp.example.com", "imap.example.net", "smtp.example.net"
 
-# plus every domain you add in the future.
 
-#
 
-# You can also just add static names...
 
-#ADDITIONAL_SAN=srv1.example.net
 
-# ...or combine wildcard and static names:
 
-#ADDITIONAL_SAN=imap.*,srv1.example.com
 
-#
 
-
 
-ADDITIONAL_SAN=
 
-
 
-# Additional server names for mailcow UI
 
-#
 
-# Specify alternative addresses for the mailcow UI to respond to
 
-# This is useful when you set mail.* as ADDITIONAL_SAN and want to make sure mail.maildomain.com will always point to the mailcow UI.
 
-# If the server name does not match a known site, Nginx decides by best-guess and may redirect users to the wrong web root.
 
-# You can understand this as server_name directive in Nginx.
 
-# Comma separated list without spaces! Example: ADDITIONAL_SERVER_NAMES=a.b.c,d.e.f
 
-
 
-ADDITIONAL_SERVER_NAMES=
 
-
 
-# Skip running ACME (acme-mailcow, Let's Encrypt certs) - y/n
 
-
 
-SKIP_LETS_ENCRYPT=n
 
-
 
-# Create seperate certificates for all domains - y/n
 
-# this will allow adding more than 100 domains, but some email clients will not be able to connect with alternative hostnames
 
-# see https://wiki.dovecot.org/SSL/SNIClientSupport
 
-ENABLE_SSL_SNI=n
 
-
 
-# Skip IPv4 check in ACME container - y/n
 
-
 
-SKIP_IP_CHECK=n
 
-
 
-# Skip HTTP verification in ACME container - y/n
 
-
 
-SKIP_HTTP_VERIFICATION=n
 
-
 
-# Skip ClamAV (clamd-mailcow) anti-virus (Rspamd will auto-detect a missing ClamAV container) - y/n
 
-
 
-SKIP_CLAMD=${SKIP_CLAMD}
 
-
 
-# Skip SOGo: Will disable SOGo integration and therefore webmail, DAV protocols and ActiveSync support (experimental, unsupported, not fully implemented) - y/n
 
-
 
-SKIP_SOGO=n
 
-
 
-# Skip Solr on low-memory systems or if you do not want to store a readable index of your mails in solr-vol-1.
 
-
 
-SKIP_SOLR=${SKIP_SOLR}
 
-
 
-# Solr heap size in MB, there is no recommendation, please see Solr docs.
 
-# Solr is a prone to run OOM and should be monitored. Unmonitored Solr setups are not recommended.
 
-
 
-SOLR_HEAP=1024
 
-
 
-# Allow admins to log into SOGo as email user (without any password)
 
-
 
-ALLOW_ADMIN_EMAIL_LOGIN=n
 
-
 
-# Enable watchdog (watchdog-mailcow) to restart unhealthy containers
 
-
 
-USE_WATCHDOG=y
 
-
 
-# Send watchdog notifications by mail (sent from watchdog@MAILCOW_HOSTNAME)
 
-# CAUTION:
 
-# 1. You should use external recipients
 
-# 2. Mails are sent unsigned (no DKIM)
 
-# 3. If you use DMARC, create a separate DMARC policy ("v=DMARC1; p=none;" in _dmarc.MAILCOW_HOSTNAME)
 
-# Multiple rcpts allowed, NO quotation marks, NO spaces
 
-
 
-#WATCHDOG_NOTIFY_EMAIL=a@example.com,b@example.com,c@example.com
 
-#WATCHDOG_NOTIFY_EMAIL=
 
-
 
-# Notify about banned IP (includes whois lookup)
 
-WATCHDOG_NOTIFY_BAN=n
 
-
 
-# Subject for watchdog mails. Defaults to "Watchdog ALERT" followed by the error message.
 
-#WATCHDOG_SUBJECT=
 
-
 
-# Checks if mailcow is an open relay. Requires a SAL. More checks will follow.
 
-# https://www.servercow.de/mailcow?lang=en
 
-# https://www.servercow.de/mailcow?lang=de
 
-# No data is collected. Opt-in and anonymous.
 
-# Will only work with unmodified mailcow setups.
 
-WATCHDOG_EXTERNAL_CHECKS=n
 
-
 
-# Enable watchdog verbose logging
 
-WATCHDOG_VERBOSE=n
 
-
 
-# Max log lines per service to keep in Redis logs
 
-
 
-LOG_LINES=9999
 
-
 
-# Internal IPv4 /24 subnet, format n.n.n (expands to n.n.n.0/24)
 
-# Use private IPv4 addresses only, see https://en.wikipedia.org/wiki/Private_network#Private_IPv4_addresses
 
-
 
-IPV4_NETWORK=172.22.1
 
-
 
-# Internal IPv6 subnet in fc00::/7
 
-# Use private IPv6 addresses only, see https://en.wikipedia.org/wiki/Private_network#Private_IPv6_addresses
 
-
 
-IPV6_NETWORK=fd4d:6169:6c63:6f77::/64
 
-
 
-# Use this IPv4 for outgoing connections (SNAT)
 
-
 
-#SNAT_TO_SOURCE=
 
-
 
-# Use this IPv6 for outgoing connections (SNAT)
 
-
 
-#SNAT6_TO_SOURCE=
 
-
 
-# Create or override an API key for the web UI
 
-# You _must_ define API_ALLOW_FROM, which is a comma separated list of IPs
 
-# An API key defined as API_KEY has read-write access
 
-# An API key defined as API_KEY_READ_ONLY has read-only access
 
-# Allowed chars for API_KEY and API_KEY_READ_ONLY: a-z, A-Z, 0-9, -
 
-# You can define API_KEY and/or API_KEY_READ_ONLY
 
-
 
-#API_KEY=
 
-#API_KEY_READ_ONLY=
 
-#API_ALLOW_FROM=172.22.1.1,127.0.0.1
 
-
 
-# mail_home is ~/Maildir
 
-MAILDIR_SUB=Maildir
 
-
 
-# SOGo session timeout in minutes
 
-SOGO_EXPIRE_SESSION=480
 
-
 
-# DOVECOT_MASTER_USER and DOVECOT_MASTER_PASS must both be provided. No special chars.
 
-# Empty by default to auto-generate master user and password on start.
 
-# User expands to DOVECOT_MASTER_USER@mailcow.local
 
-# LEAVE EMPTY IF UNSURE
 
-DOVECOT_MASTER_USER=
 
-# LEAVE EMPTY IF UNSURE
 
-DOVECOT_MASTER_PASS=
 
-
 
-# Let's Encrypt registration contact information
 
-# Optional: Leave empty for none
 
-# This value is only used on first order!
 
-# Setting it at a later point will require the following steps:
 
-# https://mailcow.github.io/mailcow-dockerized-docs/troubleshooting/debug-reset_tls/
 
-ACME_CONTACT=
 
-
 
-# WebAuthn device manufacturer verification
 
-# After setting WEBAUTHN_ONLY_TRUSTED_VENDORS=y only devices from trusted manufacturers are allowed
 
-# root certificates can be placed for validation under mailcow-dockerized/data/web/inc/lib/WebAuthn/rootCertificates
 
-WEBAUTHN_ONLY_TRUSTED_VENDORS=n
 
-
 
-EOF
 
-
 
-mkdir -p data/assets/ssl
 
-
 
-chmod 600 mailcow.conf
 
-
 
-# copy but don't overwrite existing certificate
 
-echo "Generating snake-oil certificate..."
 
-# Making Willich more popular
 
-openssl req -x509 -newkey rsa:4096 -keyout data/assets/ssl-example/key.pem -out data/assets/ssl-example/cert.pem -days 365 -subj "/C=DE/ST=NRW/L=Willich/O=mailcow/OU=mailcow/CN=${MAILCOW_HOSTNAME}" -sha256 -nodes
 
-echo "Copying snake-oil certificate..."
 
-cp -n -d data/assets/ssl-example/*.pem data/assets/ssl/
 
-
 
-# Set app_info.inc.php
 
-mailcow_git_version=$(git describe --tags `git rev-list --tags --max-count=1`)
 
-if [ $? -eq 0 ]; then
 
-  mailcow_git_url=$(git config --get remote.origin.url)
 
-  echo '<?php' > data/web/inc/app_info.inc.php
 
-  echo '  $MAILCOW_GIT_VERSION="'$mailcow_git_version'";' >> data/web/inc/app_info.inc.php
 
-  echo '  $MAILCOW_GIT_URL="'$mailcow_git_url'";' >> data/web/inc/app_info.inc.php
 
-  echo '?>' >> data/web/inc/app_info.inc.php
 
-else
 
-  echo '<?php' > data/web/inc/app_info.inc.php
 
-  echo '  $MAILCOW_GIT_VERSION="";' >> data/web/inc/app_info.inc.php
 
-  echo '  $MAILCOW_GIT_URL="";' >> data/web/inc/app_info.inc.php
 
-  echo '?>' >> data/web/inc/app_info.inc.php
 
-  echo -e "\e[33mCannot determine current git repository version...\e[0m"
 
-fi

+ 0 - 758
update.sh
Vedi File 

@@ -1,758 +0,0 @@
 
-#!/usr/bin/env bash
 
-
 
-# Check permissions
 
-if [ "$(id -u)" -ne "0" ]; then
 
-  echo "You need to be root"
 
-  exit 1
 
-fi
 
-
 
-SCRIPT_DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
 
-
 
-# Run pre-update-hook
 
-if [ -f "${SCRIPT_DIR}/pre_update_hook.sh" ]; then
 
-  bash "${SCRIPT_DIR}/pre_update_hook.sh"
 
-fi
 
-
 
-if [[ "$(uname -r)" =~ ^4\.15\.0-60 ]]; then
 
-  echo "DO NOT RUN mailcow ON THIS UBUNTU KERNEL!";
 
-  echo "Please update to 5.x or use another distribution."
 
-  exit 1
 
-fi
 
-
 
-if [[ "$(uname -r)" =~ ^4\.4\. ]]; then
 
-  if grep -q Ubuntu <<< $(uname -a); then
 
-    echo "DO NOT RUN mailcow ON THIS UBUNTU KERNEL!"
 
-    echo "Please update to linux-generic-hwe-16.04 by running \"apt-get install --install-recommends linux-generic-hwe-16.04\""
 
-    exit 1
 
-  fi
 
-  echo "mailcow on a 4.4.x kernel is not supported. It may or may not work, please upgrade your kernel or continue at your own risk."
 
-  read -p "Press any key to continue..." < /dev/tty
 
-fi
 
-
 
-# Exit on error and pipefail
 
-set -o pipefail
 
-
 
-# Setting high dc timeout
 
-export COMPOSE_HTTP_TIMEOUT=600
 
-
 
-# Add /opt/bin to PATH
 
-PATH=$PATH:/opt/bin
 
-
 
-umask 0022
 
-
 
-for bin in curl docker-compose docker git awk sha1sum; do
 
-  if [[ -z $(which ${bin}) ]]; then echo "Cannot find ${bin}, exiting..."; exit 1; fi
 
-done
 
-
 
-export LC_ALL=C
 
-DATE=$(date +%Y-%m-%d_%H_%M_%S)
 
-BRANCH=$(cd ${SCRIPT_DIR}; git rev-parse --abbrev-ref HEAD)
 
-
 
-check_online_status() {
 
-  CHECK_ONLINE_IPS=(1.1.1.1 9.9.9.9 8.8.8.8)
 
-  for ip in "${CHECK_ONLINE_IPS[@]}"; do
 
-    if timeout 3 ping -c 1 ${ip} > /dev/null; then
 
-      return 0
 
-    fi
 
-  done
 
-  return 1
 
-}
 
-
 
-prefetch_images() {
 
-  [[ -z ${BRANCH} ]] && { echo -e "\e[33m\nUnknown branch...\e[0m"; exit 1; }
 
-  git fetch origin #${BRANCH}
 
-  while read image; do
 
-    if [[ "${image}" == "robbertkl/ipv6nat" ]]; then
 
-      if ! grep -qi "ipv6nat-mailcow" docker-compose.yml || grep -qi "enable_ipv6: false" docker-compose.yml; then
 
-        continue
 
-      fi
 
-    fi
 
-    RET_C=0
 
-    until docker pull ${image}; do
 
-      RET_C=$((RET_C + 1))
 
-      echo -e "\e[33m\nError pulling $image, retrying...\e[0m"
 
-      [ ${RET_C} -gt 3 ] && { echo -e "\e[31m\nToo many failed retries, exiting\e[0m"; exit 1; }
 
-      sleep 1
 
-    done
 
-  done < <(git show origin/${BRANCH}:docker-compose.yml | grep "image:" | awk '{ gsub("image:","", $3); print $2 }')
 
-}
 
-
 
-docker_garbage() {
 
-  IMGS_TO_DELETE=()
 
-  for container in $(grep -oP "image: \Kmailcow.+" "${SCRIPT_DIR}/docker-compose.yml"); do
 
-    REPOSITORY=${container/:*}
 
-    TAG=${container/*:}
 
-    V_MAIN=${container/*.}
 
-    V_SUB=${container/*.}
 
-    EXISTING_TAGS=$(docker images | grep ${REPOSITORY} | awk '{ print $2 }')
 
-    for existing_tag in ${EXISTING_TAGS[@]}; do
 
-      V_MAIN_EXISTING=${existing_tag/*.}
 
-      V_SUB_EXISTING=${existing_tag/*.}
 
-      # Not an integer
 
-      [[ ! $V_MAIN_EXISTING =~ ^[0-9]+$ ]] && continue
 
-      [[ ! $V_SUB_EXISTING =~ ^[0-9]+$ ]] && continue
 
-
 
-      if [[ $V_MAIN_EXISTING == "latest" ]]; then
 
-        echo "Found deprecated label \"latest\" for repository $REPOSITORY, it should be deleted."
 
-        IMGS_TO_DELETE+=($REPOSITORY:$existing_tag)
 
-      elif [[ $V_MAIN_EXISTING -lt $V_MAIN ]]; then
 
-        echo "Found tag $existing_tag for $REPOSITORY, which is older than the current tag $TAG and should be deleted."
 
-        IMGS_TO_DELETE+=($REPOSITORY:$existing_tag)
 
-      elif [[ $V_SUB_EXISTING -lt $V_SUB ]]; then
 
-        echo "Found tag $existing_tag for $REPOSITORY, which is older than the current tag $TAG and should be deleted."
 
-        IMGS_TO_DELETE+=($REPOSITORY:$existing_tag)
 
-      fi
 
-    done
 
-  done
 
-
 
-  if [[ ! -z ${IMGS_TO_DELETE[*]} ]]; then
 
-    echo "Run the following command to delete unused image tags:"
 
-    echo
 
-    echo "    docker rmi ${IMGS_TO_DELETE[*]}"
 
-    echo
 
-    if [ ! $FORCE ]; then
 
-      read -r -p "Do you want to delete old image tags right now? [y/N] " response
 
-      if [[ "$response" =~ ^([yY][eE][sS]|[yY])+$ ]]; then
 
-        docker rmi ${IMGS_TO_DELETE[*]}
 
-      else
 
-        echo "OK, skipped."
 
-      fi
 
-    else
 
-      echo "Running image removal without extra confirmation due to force mode."
 
-      docker rmi ${IMGS_TO_DELETE[*]}
 
-    fi
 
-    echo -e "\e[32mFurther cleanup...\e[0m"
 
-    echo "If you want to cleanup further garbage collected by Docker, please make sure all containers are up and running before cleaning your system by executing \"docker system prune\""
 
-  fi
 
-}
 
-
 
-in_array() {
 
-  local e match="$1"
 
-  shift
 
-  for e; do [[ "$e" == "$match" ]] && return 0; done
 
-  return 1
 
-}
 
-
 
-migrate_docker_nat() {
 
-  NAT_CONFIG='{"ipv6":true,"fixed-cidr-v6":"fd00:dead:beef:c0::/80","experimental":true,"ip6tables":true}'
 
-  # Min Docker version
 
-  DOCKERV_REQ=20.10.2
 
-  # Current Docker version
 
-  DOCKERV_CUR=$(docker version -f '{{.Server.Version}}')
 
-  if grep -qi "ipv6nat-mailcow" docker-compose.yml && grep -qi "enable_ipv6: true" docker-compose.yml; then
 
-    echo -e "\e[32mNative IPv6 implementation available.\e[0m"
 
-    echo "This will enable experimental features in the Docker daemon and configure Docker to do the IPv6 NATing instead of ipv6nat-mailcow."
 
-    echo '!!! This step is recommended !!!'
 
-    echo "mailcow will try to roll back the changes if starting Docker fails after modifying the daemon.json configuration file."
 
-    read -r -p "Should we try to enable the native IPv6 implementation in Docker now (recommended)? [y/N] " dockernatresponse
 
-    if [[ ! "${dockernatresponse}" =~ ^([yY][eE][sS]|[yY])+$ ]]; then
 
-      echo "OK, skipping this step."
 
-      return 0
 
-    fi
 
-  fi
 
-  # Sort versions and check if we are running a newer or equal version to req
 
-  if [ $(printf "${DOCKERV_REQ}\n${DOCKERV_CUR}" | sort -V | tail -n1) == "${DOCKERV_CUR}" ]; then
 
-    # If Dockerd daemon json exists
 
-    if [ -s /etc/docker/daemon.json ]; then
 
-      IFS=',' read -r -a dockerconfig <<< $(cat /etc/docker/daemon.json | tr -cd '[:alnum:],')
 
-      if ! in_array ipv6true "${dockerconfig[@]}" || \
 
-        ! in_array experimentaltrue "${dockerconfig[@]}" || \
 
-        ! in_array ip6tablestrue "${dockerconfig[@]}" || \
 
-        ! grep -qi "fixed-cidr-v6" /etc/docker/daemon.json; then
 
-          echo -e "\e[33mWarning:\e[0m You seem to have modified the /etc/docker/daemon.json configuration by yourself and not fully/correctly activated the native IPv6 NAT implementation."
 
-          echo "You will need to merge your existing configuration manually or fix/delete the existing daemon.json configuration before trying the update process again."
 
-          echo -e "Please merge the following content and restart the Docker daemon:\n"
 
-          echo ${NAT_CONFIG}
 
-          return 1
 
-      fi
 
-    else
 
-      echo "Working on IPv6 NAT, please wait..."
 
-      echo ${NAT_CONFIG} > /etc/docker/daemon.json
 
-      ip6tables -F -t nat
 
-      [[ -e /etc/alpine-release ]] && rc-service docker restart || systemctl restart docker.service
 
-      if [[ $? -ne 0 ]]; then
 
-        echo -e "\e[31mError:\e[0m Failed to activate IPv6 NAT! Reverting and exiting."
 
-        rm /etc/docker/daemon.json
 
-        if [[ -e /etc/alpine-release ]]; then
 
-          rc-service docker restart
 
-        else
 
-          systemctl reset-failed docker.service
 
-          systemctl restart docker.service
 
-        fi
 
-        return 1
 
-      fi
 
-    fi
 
-    # Removing legacy container
 
-    sed -i '/ipv6nat-mailcow:$/,/^$/d' docker-compose.yml
 
-    if [ -s docker-compose.override.yml ]; then
 
-        sed -i '/ipv6nat-mailcow:$/,/^$/d' docker-compose.override.yml
 
-        if [[ "$(cat docker-compose.override.yml | sed '/^\s*$/d' | wc -l)" == "2" ]]; then
 
-            mv docker-compose.override.yml docker-compose.override.yml_backup
 
-        fi
 
-    fi
 
-    echo -e "\e[32mGreat! \e[0mNative IPv6 NAT is active.\e[0m"
 
-  else
 
-    echo -e "\e[31mPlease upgrade Docker to version ${DOCKERV_REQ} or above.\e[0m"
 
-    return 0
 
-  fi
 
-}
 
-
 
-while (($#)); do
 
-  case "${1}" in
 
-    --check|-c)
 
-      echo "Checking remote code for updates..."
 
-      LATEST_REV=$(git ls-remote --exit-code --refs --quiet https://github.com/mailcow/mailcow-dockerized ${BRANCH} | cut -f1)
 
-      if [ $? -ne 0 ]; then
 
-        echo "A problem occurred while trying to fetch the latest revision from github."
 
-        exit 99
 
-      fi
 
-      if [[ -z $(git log HEAD --pretty=format:"%H" | grep "${LATEST_REV}") ]]; then
 
-        echo -e "Updated code is available.\nThe changes can be found here: https://github.com/mailcow/mailcow-dockerized/commits/master"
 
-        git log --date=short --pretty=format:"%ad - %s" $(git rev-parse --short HEAD)..origin/master
 
-        exit 0
 
-      else
 
-        echo "No updates available."
 
-        exit 3
 
-      fi
 
-    ;;
 
-    --ours)
 
-      MERGE_STRATEGY=ours
 
-    ;;
 
-    --skip-start)
 
-      SKIP_START=y
 
-    ;;
 
-    --gc)
 
-      echo -e "\e[32mCollecting garbage...\e[0m"
 
-      docker_garbage
 
-      exit 0
 
-    ;;
 
-    --prefetch)
 
-      echo -e "\e[32mPrefetching images...\e[0m"
 
-      prefetch_images
 
-      exit 0
 
-    ;;
 
-    -f|--force)
 
-      echo -e "\e[32mRunning in forced mode...\e[0m"
 
-      FORCE=y
 
-    ;;
 
-    --no-update-compose)
 
-      NO_UPDATE_COMPOSE=y
 
-    ;;
 
-    --help|-h)
 
-    echo './update.sh [-c|--check, --ours, --gc, --no-update-compose, --prefetch, --skip-start, -f|--force, -h|--help]
 
-
 
-  -c|--check           -   Check for updates and exit (exit codes => 0: update available, 3: no updates)
 
-  --ours               -   Use merge strategy option "ours" to solve conflicts in favor of non-mailcow code (local changes over remote changes), not recommended!
 
-  --gc                 -   Run garbage collector to delete old image tags
 
-  --no-update-compose  -   Do not update docker-compose
 
-  --prefetch           -   Only prefetch new images and exit (useful to prepare updates)
 
-  --skip-start         -   Do not start mailcow after update
 
-  -f|--force           -   Force update, do not ask questions
 
-'
 
-    exit 1
 
-  esac
 
-  shift
 
-done
 
-
 
-[[ ! -f mailcow.conf ]] && { echo "mailcow.conf is missing"; exit 1;}
 
-chmod 600 mailcow.conf
 
-source mailcow.conf
 
-DOTS=${MAILCOW_HOSTNAME//[^.]};
 
-if [ ${#DOTS} -lt 2 ]; then
 
-  echo "MAILCOW_HOSTNAME (${MAILCOW_HOSTNAME}) is not a FQDN!"
 
-  echo "Please change it to a FQDN and run docker-compose down followed by docker-compose up -d"
 
-  exit 1
 
-fi
 
-
 
-if grep --help 2>&1 | head -n 1 | grep -q -i "busybox"; then echo "BusyBox grep detected, please install gnu grep, \"apk add --no-cache --upgrade grep\""; exit 1; fi
 
-# This will also cover sort
 
-if cp --help 2>&1 | head -n 1 | grep -q -i "busybox"; then echo "BusyBox cp detected, please install coreutils, \"apk add --no-cache --upgrade coreutils\""; exit 1; fi
 
-if sed --help 2>&1 | head -n 1 | grep -q -i "busybox"; then echo "BusyBox sed detected, please install gnu sed, \"apk add --no-cache --upgrade sed\""; exit 1; fi
 
-
 
-CONFIG_ARRAY=(
 
-  "SKIP_LETS_ENCRYPT"
 
-  "SKIP_SOGO"
 
-  "USE_WATCHDOG"
 
-  "WATCHDOG_NOTIFY_EMAIL"
 
-  "WATCHDOG_NOTIFY_BAN"
 
-  "WATCHDOG_EXTERNAL_CHECKS"
 
-  "WATCHDOG_SUBJECT"
 
-  "SKIP_CLAMD"
 
-  "SKIP_IP_CHECK"
 
-  "ADDITIONAL_SAN"
 
-  "DOVEADM_PORT"
 
-  "IPV4_NETWORK"
 
-  "IPV6_NETWORK"
 
-  "LOG_LINES"
 
-  "SNAT_TO_SOURCE"
 
-  "SNAT6_TO_SOURCE"
 
-  "COMPOSE_PROJECT_NAME"
 
-  "SQL_PORT"
 
-  "API_KEY"
 
-  "API_KEY_READ_ONLY"
 
-  "API_ALLOW_FROM"
 
-  "MAILDIR_GC_TIME"
 
-  "MAILDIR_SUB"
 
-  "ACL_ANYONE"
 
-  "SOLR_HEAP"
 
-  "SKIP_SOLR"
 
-  "ENABLE_SSL_SNI"
 
-  "ALLOW_ADMIN_EMAIL_LOGIN"
 
-  "SKIP_HTTP_VERIFICATION"
 
-  "SOGO_EXPIRE_SESSION"
 
-  "REDIS_PORT"
 
-  "DOVECOT_MASTER_USER"
 
-  "DOVECOT_MASTER_PASS"
 
-  "MAILCOW_PASS_SCHEME"
 
-  "ADDITIONAL_SERVER_NAMES"
 
-  "ACME_CONTACT"
 
-  "WATCHDOG_VERBOSE"
 
-  "WEBAUTHN_ONLY_TRUSTED_VENDORS"
 
-)
 
-
 
-sed -i --follow-symlinks '$a\' mailcow.conf
 
-for option in ${CONFIG_ARRAY[@]}; do
 
-  if [[ ${option} == "ADDITIONAL_SAN" ]]; then
 
-    if ! grep -q ${option} mailcow.conf; then
 
-      echo "Adding new option \"${option}\" to mailcow.conf"
 
-      echo "${option}=" >> mailcow.conf
 
-    fi
 
-  elif [[ ${option} == "COMPOSE_PROJECT_NAME" ]]; then
 
-    if ! grep -q ${option} mailcow.conf; then
 
-      echo "Adding new option \"${option}\" to mailcow.conf"
 
-      echo "COMPOSE_PROJECT_NAME=mailcowdockerized" >> mailcow.conf
 
-    fi
 
-  elif [[ ${option} == "DOVEADM_PORT" ]]; then
 
-    if ! grep -q ${option} mailcow.conf; then
 
-      echo "Adding new option \"${option}\" to mailcow.conf"
 
-      echo "DOVEADM_PORT=127.0.0.1:19991" >> mailcow.conf
 
-    fi
 
-  elif [[ ${option} == "WATCHDOG_NOTIFY_EMAIL" ]]; then
 
-    if ! grep -q ${option} mailcow.conf; then
 
-      echo "Adding new option \"${option}\" to mailcow.conf"
 
-      echo "WATCHDOG_NOTIFY_EMAIL=" >> mailcow.conf
 
-    fi
 
-  elif [[ ${option} == "LOG_LINES" ]]; then
 
-    if ! grep -q ${option} mailcow.conf; then
 
-      echo "Adding new option \"${option}\" to mailcow.conf"
 
-      echo '# Max log lines per service to keep in Redis logs' >> mailcow.conf
 
-      echo "LOG_LINES=9999" >> mailcow.conf
 
-    fi
 
-  elif [[ ${option} == "IPV4_NETWORK" ]]; then
 
-    if ! grep -q ${option} mailcow.conf; then
 
-      echo "Adding new option \"${option}\" to mailcow.conf"
 
-      echo '# Internal IPv4 /24 subnet, format n.n.n. (expands to n.n.n.0/24)' >> mailcow.conf
 
-      echo "IPV4_NETWORK=172.22.1" >> mailcow.conf
 
-    fi
 
-  elif [[ ${option} == "IPV6_NETWORK" ]]; then
 
-    if ! grep -q ${option} mailcow.conf; then
 
-      echo "Adding new option \"${option}\" to mailcow.conf"
 
-      echo '# Internal IPv6 subnet in fc00::/7' >> mailcow.conf
 
-      echo "IPV6_NETWORK=fd4d:6169:6c63:6f77::/64" >> mailcow.conf
 
-    fi
 
-  elif [[ ${option} == "SQL_PORT" ]]; then
 
-    if ! grep -q ${option} mailcow.conf; then
 
-      echo "Adding new option \"${option}\" to mailcow.conf"
 
-      echo '# Bind SQL to 127.0.0.1 on port 13306' >> mailcow.conf
 
-      echo "SQL_PORT=127.0.0.1:13306" >> mailcow.conf
 
-    fi
 
-  elif [[ ${option} == "API_KEY" ]]; then
 
-    if ! grep -q ${option} mailcow.conf; then
 
-      echo "Adding new option \"${option}\" to mailcow.conf"
 
-      echo '# Create or override API key for web UI' >> mailcow.conf
 
-      echo "#API_KEY=" >> mailcow.conf
 
-    fi
 
-  elif [[ ${option} == "API_KEY_READ_ONLY" ]]; then
 
-    if ! grep -q ${option} mailcow.conf; then
 
-      echo "Adding new option \"${option}\" to mailcow.conf"
 
-      echo '# Create or override read-only API key for web UI' >> mailcow.conf
 
-      echo "#API_KEY_READ_ONLY=" >> mailcow.conf
 
-    fi
 
-  elif [[ ${option} == "API_ALLOW_FROM" ]]; then
 
-    if ! grep -q ${option} mailcow.conf; then
 
-      echo "Adding new option \"${option}\" to mailcow.conf"
 
-      echo '# Must be set for API_KEY to be active' >> mailcow.conf
 
-      echo '# IPs only, no networks (networks can be set via UI)' >> mailcow.conf
 
-      echo "#API_ALLOW_FROM=" >> mailcow.conf
 
-    fi
 
-  elif [[ ${option} == "SNAT_TO_SOURCE" ]]; then
 
-    if ! grep -q ${option} mailcow.conf; then
 
-      echo "Adding new option \"${option}\" to mailcow.conf"
 
-      echo '# Use this IPv4 for outgoing connections (SNAT)' >> mailcow.conf
 
-      echo "#SNAT_TO_SOURCE=" >> mailcow.conf
 
-    fi
 
-  elif [[ ${option} == "SNAT6_TO_SOURCE" ]]; then
 
-    if ! grep -q ${option} mailcow.conf; then
 
-      echo "Adding new option \"${option}\" to mailcow.conf"
 
-      echo '# Use this IPv6 for outgoing connections (SNAT)' >> mailcow.conf
 
-      echo "#SNAT6_TO_SOURCE=" >> mailcow.conf
 
-    fi
 
-  elif [[ ${option} == "MAILDIR_GC_TIME" ]]; then
 
-    if ! grep -q ${option} mailcow.conf; then
 
-      echo "Adding new option \"${option}\" to mailcow.conf"
 
-      echo '# Garbage collector cleanup' >> mailcow.conf
 
-      echo '# Deleted domains and mailboxes are moved to /var/vmail/_garbage/timestamp_sanitizedstring' >> mailcow.conf
 
-      echo '# How long should objects remain in the garbage until they are being deleted? (value in minutes)' >> mailcow.conf
 
-      echo '# Check interval is hourly' >> mailcow.conf
 
-      echo 'MAILDIR_GC_TIME=1440' >> mailcow.conf
 
-    fi
 
-  elif [[ ${option} == "ACL_ANYONE" ]]; then
 
-    if ! grep -q ${option} mailcow.conf; then
 
-      echo "Adding new option \"${option}\" to mailcow.conf"
 
-      echo '# Set this to "allow" to enable the anyone pseudo user. Disabled by default.' >> mailcow.conf
 
-      echo '# When enabled, ACL can be created, that apply to "All authenticated users"' >> mailcow.conf
 
-      echo '# This should probably only be activated on mail hosts, that are used exclusivly by one organisation.' >> mailcow.conf
 
-      echo '# Otherwise a user might share data with too many other users.' >> mailcow.conf
 
-      echo 'ACL_ANYONE=disallow' >> mailcow.conf
 
-    fi
 
-  elif [[ ${option} == "SOLR_HEAP" ]]; then
 
-    if ! grep -q ${option} mailcow.conf; then
 
-      echo "Adding new option \"${option}\" to mailcow.conf"
 
-      echo '# Solr heap size, there is no recommendation, please see Solr docs.' >> mailcow.conf
 
-      echo '# Solr is a prone to run OOM on large systems and should be monitored. Unmonitored Solr setups are not recommended.' >> mailcow.conf
 
-      echo '# Solr will refuse to start with total system memory below or equal to 2 GB.' >> mailcow.conf
 
-      echo "SOLR_HEAP=1024" >> mailcow.conf
 
-    fi
 
-  elif [[ ${option} == "SKIP_SOLR" ]]; then
 
-    if ! grep -q ${option} mailcow.conf; then
 
-      echo "Adding new option \"${option}\" to mailcow.conf"
 
-      echo '# Solr is disabled by default after upgrading from non-Solr to Solr-enabled mailcows.' >> mailcow.conf
 
-      echo '# Disable Solr or if you do not want to store a readable index of your mails in solr-vol-1.' >> mailcow.conf
 
-      echo "SKIP_SOLR=y" >> mailcow.conf
 
-    fi
 
-  elif [[ ${option} == "ENABLE_SSL_SNI" ]]; then
 
-    if ! grep -q ${option} mailcow.conf; then
 
-      echo "Adding new option \"${option}\" to mailcow.conf"
 
-      echo '# Create seperate certificates for all domains - y/n' >> mailcow.conf
 
-      echo '# this will allow adding more than 100 domains, but some email clients will not be able to connect with alternative hostnames' >> mailcow.conf
 
-      echo '# see https://wiki.dovecot.org/SSL/SNIClientSupport' >> mailcow.conf
 
-      echo "ENABLE_SSL_SNI=n" >> mailcow.conf
 
-    fi
 
-  elif [[ ${option} == "SKIP_SOGO" ]]; then
 
-    if ! grep -q ${option} mailcow.conf; then
 
-      echo "Adding new option \"${option}\" to mailcow.conf"
 
-      echo '# Skip SOGo: Will disable SOGo integration and therefore webmail, DAV protocols and ActiveSync support (experimental, unsupported, not fully implemented) - y/n' >> mailcow.conf
 
-      echo "SKIP_SOGO=n" >> mailcow.conf
 
-    fi
 
-  elif [[ ${option} == "MAILDIR_SUB" ]]; then
 
-    if ! grep -q ${option} mailcow.conf; then
 
-      echo "Adding new option \"${option}\" to mailcow.conf"
 
-      echo '# MAILDIR_SUB defines a path in a users virtual home to keep the maildir in. Leave empty for updated setups.' >> mailcow.conf
 
-      echo "#MAILDIR_SUB=Maildir" >> mailcow.conf
 
-      echo "MAILDIR_SUB=" >> mailcow.conf
 
-    fi
 
-  elif [[ ${option} == "WATCHDOG_NOTIFY_BAN" ]]; then
 
-    if ! grep -q ${option} mailcow.conf; then
 
-      echo "Adding new option \"${option}\" to mailcow.conf"
 
-      echo '# Notify about banned IP. Includes whois lookup.' >> mailcow.conf
 
-      echo "WATCHDOG_NOTIFY_BAN=y" >> mailcow.conf
 
-    fi
 
-  elif [[ ${option} == "WATCHDOG_SUBJECT" ]]; then
 
-    if ! grep -q ${option} mailcow.conf; then
 
-      echo "Adding new option \"${option}\" to mailcow.conf"
 
-      echo '# Subject for watchdog mails. Defaults to "Watchdog ALERT" followed by the error message.' >> mailcow.conf
 
-      echo "#WATCHDOG_SUBJECT=" >> mailcow.conf
 
-    fi
 
-  elif [[ ${option} == "WATCHDOG_EXTERNAL_CHECKS" ]]; then
 
-    if ! grep -q ${option} mailcow.conf; then
 
-      echo "Adding new option \"${option}\" to mailcow.conf"
 
-      echo '# Checks if mailcow is an open relay. Requires a SAL. More checks will follow.' >> mailcow.conf
 
-      echo '# No data is collected. Opt-in and anonymous.' >> mailcow.conf
 
-      echo '# Will only work with unmodified mailcow setups.' >> mailcow.conf
 
-      echo "WATCHDOG_EXTERNAL_CHECKS=n" >> mailcow.conf
 
-    fi
 
-  elif [[ ${option} == "SOGO_EXPIRE_SESSION" ]]; then
 
-    if ! grep -q ${option} mailcow.conf; then
 
-      echo "Adding new option \"${option}\" to mailcow.conf"
 
-      echo '# SOGo session timeout in minutes' >> mailcow.conf
 
-      echo "SOGO_EXPIRE_SESSION=480" >> mailcow.conf
 
-    fi
 
-  elif [[ ${option} == "REDIS_PORT" ]]; then
 
-    if ! grep -q ${option} mailcow.conf; then
 
-      echo "Adding new option \"${option}\" to mailcow.conf"
 
-      echo "REDIS_PORT=127.0.0.1:7654" >> mailcow.conf
 
-    fi
 
-  elif [[ ${option} == "DOVECOT_MASTER_USER" ]]; then
 
-    if ! grep -q ${option} mailcow.conf; then
 
-      echo "Adding new option \"${option}\" to mailcow.conf"
 
-      echo '# DOVECOT_MASTER_USER and _PASS must _both_ be provided. No special chars.' >> mailcow.conf
 
-      echo '# Empty by default to auto-generate master user and password on start.' >> mailcow.conf
 
-      echo '# User expands to DOVECOT_MASTER_USER@mailcow.local' >> mailcow.conf
 
-      echo '# LEAVE EMPTY IF UNSURE' >> mailcow.conf
 
-      echo "DOVECOT_MASTER_USER=" >> mailcow.conf
 
-    fi
 
-  elif [[ ${option} == "DOVECOT_MASTER_PASS" ]]; then
 
-    if ! grep -q ${option} mailcow.conf; then
 
-      echo "Adding new option \"${option}\" to mailcow.conf"
 
-      echo '# LEAVE EMPTY IF UNSURE' >> mailcow.conf
 
-      echo "DOVECOT_MASTER_PASS=" >> mailcow.conf
 
-    fi
 
-  elif [[ ${option} == "MAILCOW_PASS_SCHEME" ]]; then
 
-    if ! grep -q ${option} mailcow.conf; then
 
-      echo "Adding new option \"${option}\" to mailcow.conf"
 
-      echo '# Password hash algorithm' >> mailcow.conf
 
-      echo '# Only certain password hash algorithm are supported. For a fully list of supported schemes,' >> mailcow.conf
 
-      echo '# see https://mailcow.github.io/mailcow-dockerized-docs/models/model-passwd/' >> mailcow.conf
 
-      echo "MAILCOW_PASS_SCHEME=BLF-CRYPT" >> mailcow.conf
 
-    fi
 
-  elif [[ ${option} == "ADDITIONAL_SERVER_NAMES" ]]; then
 
-    if ! grep -q ${option} mailcow.conf; then
 
-      echo '# Additional server names for mailcow UI' >> mailcow.conf
 
-      echo '#' >> mailcow.conf
 
-      echo '# Specify alternative addresses for the mailcow UI to respond to' >> mailcow.conf
 
-      echo '# This is useful when you set mail.* as ADDITIONAL_SAN and want to make sure mail.maildomain.com will always point to the mailcow UI.' >> mailcow.conf
 
-      echo '# If the server name does not match a known site, Nginx decides by best-guess and may redirect users to the wrong web root.' >> mailcow.conf
 
-      echo '# You can understand this as server_name directive in Nginx.' >> mailcow.conf
 
-      echo '# Comma separated list without spaces! Example: ADDITIONAL_SERVER_NAMES=a.b.c,d.e.f' >> mailcow.conf
 
-      echo 'ADDITIONAL_SERVER_NAMES=' >> mailcow.conf
 
-    fi
 
-  elif [[ ${option} == "ACME_CONTACT" ]]; then
 
-    if ! grep -q ${option} mailcow.conf; then
 
-      echo '# Lets Encrypt registration contact information' >> mailcow.conf
 
-      echo '# Optional: Leave empty for none' >> mailcow.conf
 
-      echo '# This value is only used on first order!' >> mailcow.conf
 
-      echo '# Setting it at a later point will require the following steps:' >> mailcow.conf
 
-      echo '# https://mailcow.github.io/mailcow-dockerized-docs/troubleshooting/debug-reset_tls/' >> mailcow.conf
 
-      echo 'ACME_CONTACT=' >> mailcow.conf
 
-  fi
 
-  elif [[ ${option} == "WEBAUTHN_ONLY_TRUSTED_VENDORS" ]]; then
 
-    if ! grep -q ${option} mailcow.conf; then
 
-      echo "# WebAuthn device manufacturer verification" >> mailcow.conf
 
-      echo '# After setting WEBAUTHN_ONLY_TRUSTED_VENDORS=y only devices from trusted manufacturers are allowed' >> mailcow.conf
 
-      echo '# root certificates can be placed for validation under mailcow-dockerized/data/web/inc/lib/WebAuthn/rootCertificates' >> mailcow.conf
 
-      echo 'WEBAUTHN_ONLY_TRUSTED_VENDORS=n' >> mailcow.conf
 
-    fi
 
-elif [[ ${option} == "WATCHDOG_VERBOSE" ]]; then
 
-    if ! grep -q ${option} mailcow.conf; then
 
-      echo '# Enable watchdog verbose logging' >> mailcow.conf
 
-      echo 'WATCHDOG_VERBOSE=n' >> mailcow.conf
 
-  fi
 
-  elif ! grep -q ${option} mailcow.conf; then
 
-    echo "Adding new option \"${option}\" to mailcow.conf"
 
-    echo "${option}=n" >> mailcow.conf
 
-  fi
 
-done
 
-
 
-echo -en "Checking internet connection... "
 
-if ! check_online_status; then
 
-  echo -e "\e[31mfailed\e[0m"
 
-  exit 1
 
-else
 
-  echo -e "\e[32mOK\e[0m"
 
-fi
 
-
 
-echo -e "\e[32mChecking for newer update script...\e[0m"
 
-SHA1_1=$(sha1sum update.sh)
 
-git fetch origin #${BRANCH}
 
-git checkout origin/${BRANCH} update.sh
 
-SHA1_2=$(sha1sum update.sh)
 
-if [[ ${SHA1_1} != ${SHA1_2} ]]; then
 
-  echo "update.sh changed, please run this script again, exiting."
 
-  chmod +x update.sh
 
-  exit 2
 
-fi
 
-
 
-if [[ -f mailcow.conf ]]; then
 
-  source mailcow.conf
 
-else
 
-  echo -e "\e[31mNo mailcow.conf - is mailcow installed?\e[0m"
 
-  exit 1
 
-fi
 
-
 
-if [ ! $FORCE ]; then
 
-  read -r -p "Are you sure you want to update mailcow: dockerized? All containers will be stopped. [y/N] " response
 
-  if [[ ! "${response}" =~ ^([yY][eE][sS]|[yY])+$ ]]; then
 
-    echo "OK, exiting."
 
-    exit 0
 
-  fi
 
-  migrate_docker_nat
 
-fi
 
-
 
-echo -e "\e[32mValidating docker-compose stack configuration...\e[0m"
 
-if ! docker-compose config -q; then
 
-  echo -e "\e[31m\nOh no, something went wrong. Please check the error message above.\e[0m"
 
-  exit 1
 
-fi
 
-
 
-echo -e "\e[32mChecking for conflicting bridges...\e[0m"
 
-MAILCOW_BRIDGE=$(docker-compose config | grep -i com.docker.network.bridge.name | cut -d':' -f2)
 
-while read NAT_ID; do
 
-  iptables -t nat -D POSTROUTING $NAT_ID
 
-done < <(iptables -L -vn -t nat --line-numbers | grep $IPV4_NETWORK | grep -E 'MASQUERADE.*all' | grep -v ${MAILCOW_BRIDGE} | cut -d' ' -f1)
 
-
 
-DIFF_DIRECTORY=update_diffs
 
-DIFF_FILE=${DIFF_DIRECTORY}/diff_before_update_$(date +"%Y-%m-%d-%H-%M-%S")
 
-mv diff_before_update* ${DIFF_DIRECTORY}/ 2> /dev/null
 
-if ! git diff-index --quiet HEAD; then
 
-  echo -e "\e[32mSaving diff to ${DIFF_FILE}...\e[0m"
 
-  mkdir -p ${DIFF_DIRECTORY}
 
-  git diff --stat > ${DIFF_FILE}
 
-  git diff >> ${DIFF_FILE}
 
-fi
 
-
 
-echo -e "\e[32mPrefetching images...\e[0m"
 
-prefetch_images
 
-
 
-echo -e "\e[32mStopping mailcow...\e[0m"
 
-sleep 2
 
-MAILCOW_CONTAINERS=($(docker-compose ps -q))
 
-docker-compose down
 
-echo -e "\e[32mChecking for remaining containers...\e[0m"
 
-sleep 2
 
-for container in "${MAILCOW_CONTAINERS[@]}"; do
 
-  docker rm -f "$container" 2> /dev/null
 
-done
 
-
 
-[[ -f data/conf/nginx/ZZZ-ejabberd.conf ]] && rm data/conf/nginx/ZZZ-ejabberd.conf
 
-
 
-# Silently fixing remote url from andryyy to mailcow
 
-git remote set-url origin https://github.com/mailcow/mailcow-dockerized
 
-echo -e "\e[32mCommitting current status...\e[0m"
 
-[[ -z "$(git config user.name)" ]] && git config user.name moo
 
-[[ -z "$(git config user.email)" ]] && git config user.email moo@cow.moo
 
-[[ ! -z $(git ls-files data/conf/rspamd/override.d/worker-controller-password.inc) ]] && git rm data/conf/rspamd/override.d/worker-controller-password.inc
 
-git add -u
 
-git commit -am "Before update on ${DATE}" > /dev/null
 
-echo -e "\e[32mFetching updated code from remote...\e[0m"
 
-git fetch origin #${BRANCH}
 
-echo -e "\e[32mMerging local with remote code (recursive, strategy: \"${MERGE_STRATEGY:-theirs}\", options: \"patience\"...\e[0m"
 
-git config merge.defaultToUpstream true
 
-git merge -X${MERGE_STRATEGY:-theirs} -Xpatience -m "After update on ${DATE}"
 
-# Need to use a variable to not pass return codes of if checks
 
-MERGE_RETURN=$?
 
-if [[ ${MERGE_RETURN} == 128 ]]; then
 
-  echo -e "\e[31m\nOh no, what happened?\n=> You most likely added files to your local mailcow instance that were now added to the official mailcow repository. Please move them to another location before updating mailcow.\e[0m"
 
-  exit 1
 
-elif [[ ${MERGE_RETURN} == 1 ]]; then
 
-  echo -e "\e[93mPotenial conflict, trying to fix...\e[0m"
 
-  git status --porcelain | grep -E "UD|DU" | awk '{print $2}' | xargs rm -v
 
-  git add -A
 
-  git commit -m "After update on ${DATE}" > /dev/null
 
-  git checkout .
 
-  echo -e "\e[32mRemoved and recreated files if necessary.\e[0m"
 
-elif [[ ${MERGE_RETURN} != 0 ]]; then
 
-  echo -e "\e[31m\nOh no, something went wrong. Please check the error message above.\e[0m"
 
-  echo
 
-  echo "Run docker-compose up -d to restart your stack without updates or try again after fixing the mentioned errors."
 
-  exit 1
 
-fi
 
-
 
-if [[ ${NO_UPDATE_COMPOSE} == "y" ]]; then
 
-  echo -e "\e[33mNot fetching latest docker-compose, please check for updates manually!\e[0m"
 
-elif [[ -e /etc/alpine-release ]]; then
 
-  echo -e "\e[33mNot fetching latest docker-compose, because you are using Alpine Linux without glibc support. Please update docker-compose via apk!\e[0m"
 
-else
 
-  echo -e "\e[32mFetching new docker-compose version...\e[0m"
 
-  echo -e "\e[32mTrying to determine GLIBC version...\e[0m"
 
-  if ldd --version > /dev/null; then
 
-    GLIBC_V=$(ldd --version | grep -E '(GLIBC|GNU libc)' | rev | cut -d ' ' -f1 | rev | cut -d '.' -f2)
 
-    if [ ! -z "${GLIBC_V}" ] && [ ${GLIBC_V} -gt 27 ]; then
 
-      DC_DL_SUFFIX=
 
-    else
 
-      DC_DL_SUFFIX=legacy
 
-    fi
 
-  else
 
-    DC_DL_SUFFIX=legacy
 
-  fi
 
-  sleep 1
 
-  if [[ ! -z $(which pip) && $(pip list --local 2>&1 | grep -v DEPRECATION | grep -c docker-compose) == 1 ]]; then
 
-    true
 
-    #prevent breaking a working docker-compose installed with pip
 
-  elif [[ $(curl -sL -w "%{http_code}" https://www.servercow.de/docker-compose/latest.php?vers=${DC_DL_SUFFIX} -o /dev/null) == "200" ]]; then
 
-    LATEST_COMPOSE=$(curl -#L https://www.servercow.de/docker-compose/latest.php)
 
-    COMPOSE_VERSION=$(docker-compose version --short)
 
-    if [[ "$LATEST_COMPOSE" != "$COMPOSE_VERSION" ]]; then
 
-      COMPOSE_PATH=$(which docker-compose)
 
-      if [[ -w ${COMPOSE_PATH} ]]; then
 
-        curl -#L https://github.com/docker/compose/releases/download/${LATEST_COMPOSE}/docker-compose-$(uname -s)-$(uname -m) > $COMPOSE_PATH
 
-        chmod +x $COMPOSE_PATH
 
-      else
 
-        echo -e "\e[33mWARNING: $COMPOSE_PATH is not writable, but new version $LATEST_COMPOSE is available (installed: $COMPOSE_VERSION)\e[0m"
 
-      fi
 
-    fi
 
-  else
 
-    echo -e "\e[33mCannot determine latest docker-compose version, skipping...\e[0m"
 
-  fi
 
-fi
 
-
 
-echo -e "\e[32mFetching new images, if any...\e[0m"
 
-sleep 2
 
-docker-compose pull
 
-
 
-# Fix missing SSL, does not overwrite existing files
 
-[[ ! -d data/assets/ssl ]] && mkdir -p data/assets/ssl
 
-cp -n -d data/assets/ssl-example/*.pem data/assets/ssl/
 
-
 
-echo -e "Checking IPv6 settings... "
 
-if grep -q 'SYSCTL_IPV6_DISABLED=1' mailcow.conf; then
 
-  echo
 
-  echo '!! IMPORTANT !!'
 
-  echo
 
-  echo 'SYSCTL_IPV6_DISABLED was removed due to complications. IPv6 can be disabled by editing "docker-compose.yml" and setting "enable_ipv6: true" to "enable_ipv6: false".'
 
-  echo 'This setting will only be active after a complete shutdown of mailcow by running "docker-compose down" followed by "docker-compose up -d".'
 
-  echo
 
-  echo '!! IMPORTANT !!'
 
-  echo
 
-  read -p "Press any key to continue..." < /dev/tty
 
-fi
 
-
 
-# Checking for old project name bug
 
-sed -i --follow-symlinks 's#COMPOSEPROJECT_NAME#COMPOSE_PROJECT_NAME#g' mailcow.conf
 
-# Checking old, wrong bindings
 
-sed -i --follow-symlinks 's/HTTP_BIND=0.0.0.0/HTTP_BIND=/g' mailcow.conf
 
-sed -i --follow-symlinks 's/HTTPS_BIND=0.0.0.0/HTTPS_BIND=/g' mailcow.conf
 
-
 
-# Fix Rspamd maps
 
-if [ -f data/conf/rspamd/custom/global_from_blacklist.map ]; then
 
-  mv data/conf/rspamd/custom/global_from_blacklist.map data/conf/rspamd/custom/global_smtp_from_blacklist.map
 
-fi
 
-if [ -f data/conf/rspamd/custom/global_from_whitelist.map ]; then
 
-  mv data/conf/rspamd/custom/global_from_whitelist.map data/conf/rspamd/custom/global_smtp_from_whitelist.map
 
-fi
 
-
 
-# Fix deprecated metrics.conf
 
-if [ -f "data/conf/rspamd/local.d/metrics.conf" ]; then
 
-  if [ ! -z "$(git diff --name-only origin/master data/conf/rspamd/local.d/metrics.conf)" ]; then
 
-    echo -e "\e[33mWARNING\e[0m - Please migrate your customizations of data/conf/rspamd/local.d/metrics.conf to actions.conf and groups.conf after this update."
 
-    echo "The deprecated configuration file metrics.conf will be moved to metrics.conf_deprecated after updating mailcow."
 
-  fi
 
-  mv data/conf/rspamd/local.d/metrics.conf data/conf/rspamd/local.d/metrics.conf_deprecated
 
-fi
 
-
 
-# Set app_info.inc.php
 
-mailcow_git_version=$(git describe --tags `git rev-list --tags --max-count=1`)
 
-if [ $? -eq 0 ]; then
 
-  mailcow_git_url=$(git config --get remote.origin.url)
 
-  echo '<?php' > data/web/inc/app_info.inc.php
 
-  echo '  $MAILCOW_GIT_VERSION="'$mailcow_git_version'";' >> data/web/inc/app_info.inc.php
 
-  echo '  $MAILCOW_GIT_URL="'$mailcow_git_url'";' >> data/web/inc/app_info.inc.php
 
-  echo '?>' >> data/web/inc/app_info.inc.php
 
-else
 
-  echo '<?php' > data/web/inc/app_info.inc.php
 
-  echo '  $MAILCOW_GIT_VERSION="";' >> data/web/inc/app_info.inc.php
 
-  echo '  $MAILCOW_GIT_URL="";' >> data/web/inc/app_info.inc.php
 
-  echo '?>' >> data/web/inc/app_info.inc.php
 
-  echo -e "\e[33mCannot determine current git repository version...\e[0m"
 
-fi
 
-
 
-if [[ ${SKIP_START} == "y" ]]; then
 
-  echo -e "\e[33mNot starting mailcow, please run \"docker-compose up -d --remove-orphans\" to start mailcow.\e[0m"
 
-else
 
-  echo -e "\e[32mStarting mailcow...\e[0m"
 
-  sleep 2
 
-  docker-compose up -d --remove-orphans
 
-fi
 
-
 
-echo -e "\e[32mCollecting garbage...\e[0m"
 
-docker_garbage
 
-
 
-# Run post-update-hook
 
-if [ -f "${SCRIPT_DIR}/post_update_hook.sh" ]; then
 
-  bash "${SCRIPT_DIR}/post_update_hook.sh"
 
-fi
 
-
 
-#echo "In case you encounter any problem, hard-reset to a state before updating mailcow:"
 
-#echo
 
-#git reflog --color=always | grep "Before update on "
 
-#echo
 
-#echo "Use \"git reset --hard hash-on-the-left\" and run docker-compose up -d afterwards."