Inicio Explorar Ayuda
Iniciar sesión
mirrors
/
mailcow-dockerized
espejo de https://github.com/mailcow/mailcow-dockerized
2
0
Fork 0
Archivos Incidencias 0 Wiki
Árbol: 89fb1322c6
Ramas Etiquetas
mailcow-dockeri...
/
data
/
Dockerfiles
/
phpfpm
/
docker-entrypoint.sh

docker-entrypoint.sh 8.9 KB
Histórico Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225 
  1. #!/bin/bash
    2. 

  2. 

  3. function array_by_comma { local IFS=","; echo "$*"; }
    4. 

  4. 

  5. # Wait for containers
    6. 

  6. while ! mariadb-admin status --ssl=false --socket=/var/run/mysqld/mysqld.sock -u${DBUSER} -p${DBPASS} --silent; do
    7. 

  7.   echo "Waiting for SQL..."
    8. 

  8.   sleep 2
    9. 

  9. done
    10. 

  10. 

  11. # Do not attempt to write to slave
    12. 

  12. if [[ ! -z ${REDIS_SLAVEOF_IP} ]]; then
    13. 

  13.   REDIS_HOST=$REDIS_SLAVEOF_IP
    14. 

  14.   REDIS_PORT=$REDIS_SLAVEOF_PORT
    15. 

  15. else
    16. 

  16.   REDIS_HOST="redis"
    17. 

  17.   REDIS_PORT="6379"
    18. 

  18. fi
    19. 

  19. REDIS_CMDLINE="redis-cli -h ${REDIS_HOST} -p ${REDIS_PORT} -a ${REDISPASS}"
    20. 

  20. 

  21. until [[ $(${REDIS_CMDLINE} PING) == "PONG" ]]; do
    22. 

  22.   echo "Waiting for Redis..."
    23. 

  23.   sleep 2
    24. 

  24. done
    25. 

  25. 

  26. # Set redis session store
    27. 

  27. echo -n '
    28. 

  28. session.save_handler = redis
    29. 

  29. session.save_path = "tcp://'${REDIS_HOST}':'${REDIS_PORT}'?auth='${REDISPASS}'"
    30. 

  30. ' > /usr/local/etc/php/conf.d/session_store.ini
    31. 

  31. 

  32. # Check mysql_upgrade (master and slave)
    33. 

  33. CONTAINER_ID=
    34. 

  34. until [[ ! -z "${CONTAINER_ID}" ]] && [[ "${CONTAINER_ID}" =~ ^[[:alnum:]]*$ ]]; do
    35. 

  35.   CONTAINER_ID=$(curl --silent --insecure https://dockerapi.${COMPOSE_PROJECT_NAME}_mailcow-network/containers/json | jq -r ".[] | {name: .Config.Labels[\"com.docker.compose.service\"], project: .Config.Labels[\"com.docker.compose.project\"], id: .Id}" 2> /dev/null | jq -rc "select( .name | tostring | contains(\"mysql-mailcow\")) | select( .project | tostring | contains(\"${COMPOSE_PROJECT_NAME,,}\")) | .id" 2> /dev/null)
    36. 

  36.   echo "Could not get mysql-mailcow container id... trying again"
    37. 

  37.   sleep 2
    38. 

  38. done
    39. 

  39. echo "MySQL @ ${CONTAINER_ID}"
    40. 

  40. SQL_LOOP_C=0
    41. 

  41. SQL_CHANGED=0
    42. 

  42. until [[ ${SQL_UPGRADE_STATUS} == 'success' ]]; do
    43. 

  43.   if [ ${SQL_LOOP_C} -gt 4 ]; then
    44. 

  44.     echo "Tried to upgrade MySQL and failed, giving up after ${SQL_LOOP_C} retries and starting container (oops, not good)"
    45. 

  45.     break
    46. 

  46.   fi
    47. 

  47.   SQL_FULL_UPGRADE_RETURN=$(curl --silent --insecure -XPOST https://dockerapi.${COMPOSE_PROJECT_NAME}_mailcow-network/containers/${CONTAINER_ID}/exec -d '{"cmd":"system", "task":"mysql_upgrade"}' --silent -H 'Content-type: application/json')
    48. 

  48.   SQL_UPGRADE_STATUS=$(echo ${SQL_FULL_UPGRADE_RETURN} | jq -r .type)
    49. 

  49.   SQL_LOOP_C=$((SQL_LOOP_C+1))
    50. 

  50.   echo "SQL upgrade iteration #${SQL_LOOP_C}"
    51. 

  51.   if [[ ${SQL_UPGRADE_STATUS} == 'warning' ]]; then
    52. 

  52.     SQL_CHANGED=1
    53. 

  53.     echo "MySQL applied an upgrade, debug output:"
    54. 

  54.     echo ${SQL_FULL_UPGRADE_RETURN}
    55. 

  55.     sleep 3
    56. 

  56.     while ! mariadb-admin status --ssl=false --socket=/var/run/mysqld/mysqld.sock -u${DBUSER} -p${DBPASS} --silent; do
    57. 

  57.       echo "Waiting for SQL to return, please wait"
    58. 

  58.       sleep 2
    59. 

  59.     done
    60. 

  60.     continue
    61. 

  61.   elif [[ ${SQL_UPGRADE_STATUS} == 'success' ]]; then
    62. 

  62.     echo "MySQL is up-to-date - debug output:"
    63. 

  63.     echo ${SQL_FULL_UPGRADE_RETURN}
    64. 

  64.   else
    65. 

  65.     echo "No valid reponse for mysql_upgrade was received, debug output:"
    66. 

  66.     echo ${SQL_FULL_UPGRADE_RETURN}
    67. 

  67.   fi
    68. 

  68. done
    69. 

  69. 

  70. # doing post-installation stuff, if SQL was upgraded (master and slave)
    71. 

  71. if [ ${SQL_CHANGED} -eq 1 ]; then
    72. 

  72.   POSTFIX=$(curl --silent --insecure https://dockerapi.${COMPOSE_PROJECT_NAME}_mailcow-network/containers/json | jq -r ".[] | {name: .Config.Labels[\"com.docker.compose.service\"], project: .Config.Labels[\"com.docker.compose.project\"], id: .Id}" 2> /dev/null | jq -rc "select( .name | tostring | contains(\"postfix-mailcow\")) | select( .project | tostring | contains(\"${COMPOSE_PROJECT_NAME,,}\")) | .id" 2> /dev/null)
    73. 

  73.   if [[ -z "${POSTFIX}" ]] || ! [[ "${POSTFIX}" =~ ^[[:alnum:]]*$ ]]; then
    74. 

  74.     echo "Could not determine Postfix container ID, skipping Postfix restart."
    75. 

  75.   else
    76. 

  76.     echo "Restarting Postfix"
    77. 

  77.     curl -X POST --silent --insecure https://dockerapi.${COMPOSE_PROJECT_NAME}_mailcow-network/containers/${POSTFIX}/restart | jq -r '.msg'
    78. 

  78.     echo "Sleeping 5 seconds..."
    79. 

  79.     sleep 5
    80. 

  80.   fi
    81. 

  81. fi
    82. 

  82. 

  83. # Check mysql tz import (master and slave)
    84. 

  84. TZ_CHECK=$(mysql --socket=/var/run/mysqld/mysqld.sock -u ${DBUSER} -p${DBPASS} ${DBNAME} -e "SELECT CONVERT_TZ('2019-11-02 23:33:00','Europe/Berlin','UTC') AS time;" -BN 2> /dev/null)
    85. 

  85. if [[ -z ${TZ_CHECK} ]] || [[ "${TZ_CHECK}" == "NULL" ]]; then
    86. 

  86.   SQL_FULL_TZINFO_IMPORT_RETURN=$(curl --silent --insecure -XPOST https://dockerapi.${COMPOSE_PROJECT_NAME}_mailcow-network/containers/${CONTAINER_ID}/exec -d '{"cmd":"system", "task":"mysql_tzinfo_to_sql"}' --silent -H 'Content-type: application/json')
    87. 

  87.   echo "MySQL mysql_tzinfo_to_sql - debug output:"
    88. 

  88.   echo ${SQL_FULL_TZINFO_IMPORT_RETURN}
    89. 

  89. fi
    90. 

  90. 

  91. if [[ "${MASTER}" =~ ^([yY][eE][sS]|[yY])+$ ]]; then
    92. 

  92.   echo "We are master, preparing..."
    93. 

  93.   # Set a default release format
    94. 

  94.   if [[ -z $(${REDIS_CMDLINE} --raw GET Q_RELEASE_FORMAT) ]]; then
    95. 

  95.     ${REDIS_CMDLINE} --raw SET Q_RELEASE_FORMAT raw
    96. 

  96.   fi
    97. 

  97. 

  98.   # Set max age of q items - if unset
    99. 

  99.   if [[ -z $(${REDIS_CMDLINE} --raw GET Q_MAX_AGE) ]]; then
    100. 

  100.     ${REDIS_CMDLINE} --raw SET Q_MAX_AGE 365
    101. 

  101.   fi
    102. 

  102. 

  103.   # Set default password policy - if unset
    104. 

  104.   if [[ -z $(${REDIS_CMDLINE} --raw HGET PASSWD_POLICY length) ]]; then
    105. 

  105.     ${REDIS_CMDLINE} --raw HSET PASSWD_POLICY length 6
    106. 

  106.     ${REDIS_CMDLINE} --raw HSET PASSWD_POLICY chars 0
    107. 

  107.     ${REDIS_CMDLINE} --raw HSET PASSWD_POLICY special_chars 0
    108. 

  108.     ${REDIS_CMDLINE} --raw HSET PASSWD_POLICY lowerupper 0
    109. 

  109.     ${REDIS_CMDLINE} --raw HSET PASSWD_POLICY numbers 0
    110. 

  110.   fi
    111. 

  111. 

  112.   # Trigger db init
    113. 

  113.   echo "Running DB init..."
    114. 

  114.   php -c /usr/local/etc/php -f /web/inc/init_db.inc.php
    115. 

  115. 

  116.   # Recreating domain map
    117. 

  117.   echo "Rebuilding domain map in Redis..."
    118. 

  118.   declare -a DOMAIN_ARR
    119. 

  119.     ${REDIS_CMDLINE} DEL DOMAIN_MAP > /dev/null
    120. 

  120.   while read line
    121. 

  121.   do
    122. 

  122.     DOMAIN_ARR+=("$line")
    123. 

  123.   done < <(mysql --socket=/var/run/mysqld/mysqld.sock -u ${DBUSER} -p${DBPASS} ${DBNAME} -e "SELECT domain FROM domain" -Bs)
    124. 

  124.   while read line
    125. 

  125.   do
    126. 

  126.     DOMAIN_ARR+=("$line")
    127. 

  127.   done < <(mysql --socket=/var/run/mysqld/mysqld.sock -u ${DBUSER} -p${DBPASS} ${DBNAME} -e "SELECT alias_domain FROM alias_domain" -Bs)
    128. 

  128. 

  129.   if [[ ! -z ${DOMAIN_ARR} ]]; then
    130. 

  130.   for domain in "${DOMAIN_ARR[@]}"; do
    131. 

  131.     ${REDIS_CMDLINE} HSET DOMAIN_MAP ${domain} 1 > /dev/null
    132. 

  132.   done
    133. 

  133.   fi
    134. 

  134. 

  135.   # Set API options if env vars are not empty
    136. 

  136.   if [[ ${API_ALLOW_FROM} != "invalid" ]] && [[ ! -z ${API_ALLOW_FROM} ]]; then
    137. 

  137.     IFS=',' read -r -a API_ALLOW_FROM_ARR <<< "${API_ALLOW_FROM}"
    138. 

  138.     declare -a VALIDATED_API_ALLOW_FROM_ARR
    139. 

  139.     REGEX_IP6='^([0-9a-fA-F]{0,4}:){1,7}[0-9a-fA-F]{0,4}(/([0-9]|[1-9][0-9]|1[0-1][0-9]|12[0-8]))?$'
    140. 

  140.     REGEX_IP4='^[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+(/([0-9]|[1-2][0-9]|3[0-2]))?$'
    141. 

  141.     for IP in "${API_ALLOW_FROM_ARR[@]}"; do
    142. 

  142.       if [[ ${IP} =~ ${REGEX_IP6} ]] || [[ ${IP} =~ ${REGEX_IP4} ]]; then
    143. 

  143.         VALIDATED_API_ALLOW_FROM_ARR+=("${IP}")
    144. 

  144.       fi
    145. 

  145.     done
    146. 

  146.     VALIDATED_IPS=$(array_by_comma ${VALIDATED_API_ALLOW_FROM_ARR[*]})
    147. 

  147.     if [[ ! -z ${VALIDATED_IPS} ]]; then
    148. 

  148.       if [[ ${API_KEY} != "invalid" ]] && [[ ! -z ${API_KEY} ]]; then
    149. 

  149.         mysql --socket=/var/run/mysqld/mysqld.sock -u ${DBUSER} -p${DBPASS} ${DBNAME} << EOF
    150. 

  150. DELETE FROM api WHERE access = 'rw';
    151. 

  151. INSERT INTO api (api_key, active, allow_from, access) VALUES ("${API_KEY}", "1", "${VALIDATED_IPS}", "rw");
    152. 

  152. EOF
    153. 

  153.       fi
    154. 

  154.       if [[ ${API_KEY_READ_ONLY} != "invalid" ]] && [[ ! -z ${API_KEY_READ_ONLY} ]]; then
    155. 

  155.         mysql --socket=/var/run/mysqld/mysqld.sock -u ${DBUSER} -p${DBPASS} ${DBNAME} << EOF
    156. 

  156. DELETE FROM api WHERE access = 'ro';
    157. 

  157. INSERT INTO api (api_key, active, allow_from, access) VALUES ("${API_KEY_READ_ONLY}", "1", "${VALIDATED_IPS}", "ro");
    158. 

  158. EOF
    159. 

  159.       fi
    160. 

  160.     fi
    161. 

  161.   fi
    162. 

  162. 

  163.   # Create events (master only, STATUS for event on slave will be SLAVESIDE_DISABLED)
    164. 

  164.   mysql --socket=/var/run/mysqld/mysqld.sock -u ${DBUSER} -p${DBPASS} ${DBNAME} << EOF
    165. 

  165. DROP EVENT IF EXISTS clean_spamalias;
    166. 

  166. DELIMITER //
    167. 

  167. CREATE EVENT clean_spamalias
    168. 

  168. ON SCHEDULE EVERY 1 DAY DO
    169. 

  169. BEGIN
    170. 

  170.   DELETE FROM spamalias WHERE validity < UNIX_TIMESTAMP();
    171. 

  171. END;
    172. 

  172. //
    173. 

  173. DELIMITER ;
    174. 

  174. DROP EVENT IF EXISTS clean_oauth2;
    175. 

  175. DELIMITER //
    176. 

  176. CREATE EVENT clean_oauth2
    177. 

  177. ON SCHEDULE EVERY 1 DAY DO
    178. 

  178. BEGIN
    179. 

  179.   DELETE FROM oauth_refresh_tokens WHERE expires < NOW();
    180. 

  180.   DELETE FROM oauth_access_tokens WHERE expires < NOW();
    181. 

  181.   DELETE FROM oauth_authorization_codes WHERE expires < NOW();
    182. 

  182. END;
    183. 

  183. //
    184. 

  184. DELIMITER ;
    185. 

  185. DROP EVENT IF EXISTS clean_sasl_log;
    186. 

  186. DELIMITER //
    187. 

  187. CREATE EVENT clean_sasl_log
    188. 

  188. ON SCHEDULE EVERY 1 DAY DO
    189. 

  189. BEGIN
    190. 

  190.   DELETE sasl_log.* FROM sasl_log
    191. 

  191.     LEFT JOIN (
    192. 

  192.       SELECT username, service, MAX(datetime) AS lastdate
    193. 

  193.       FROM sasl_log
    194. 

  194.       GROUP BY username, service
    195. 

  195.     ) AS last ON sasl_log.username = last.username AND sasl_log.service = last.service
    196. 

  196.     WHERE datetime < DATE_SUB(NOW(), INTERVAL 31 DAY) AND datetime < lastdate;
    197. 

  197.   DELETE FROM sasl_log
    198. 

  198.     WHERE username NOT IN (SELECT username FROM mailbox) AND
    199. 

  199.     datetime < DATE_SUB(NOW(), INTERVAL 31 DAY);
    200. 

  200. END;
    201. 

  201. //
    202. 

  202. DELIMITER ;
    203. 

  203. EOF
    204. 

  204. fi
    205. 

  205. 

  206. # Create dummy for custom overrides of mailcow style
    207. 

  207. [[ ! -f /web/css/build/0081-custom-mailcow.css ]] && echo '/* Autogenerated by mailcow */' > /web/css/build/0081-custom-mailcow.css
    208. 

  208. 

  209. # Fix permissions for global filters
    210. 

  210. chown -R 82:82 /global_sieve/*
    211. 

  211. 

  212. # Fix permissions on twig cache folder
    213. 

  213. chown -R 82:82 /web/templates/cache
    214. 

  214. # Clear cache
    215. 

  215. find /web/templates/cache/* -not -name '.gitkeep' -delete
    216. 

  216. 

  217. # Run hooks
    218. 

  218. for file in /hooks/*; do
    219. 

  219.   if [ -x "${file}" ]; then
    220. 

  220.     echo "Running hook ${file}"
    221. 

  221.     "${file}"
    222. 

  222.   fi
    223. 

  223. done
    224. 

  224. 

  225. exec "$@"
    226.