[Sticky] Carbonio CE Related Scripts

@deksar 

Hi,

Yes, you can migrate all IMAP folders (INBOX, Sent, Drafts, etc.) from your existing Dovecot & Postfix server to Carbonio CE. Tools like imapsync are widely used for this purpose—they preserve folder structure and flags, as long as both ends support standard IMAP (which Carbonio CE does). Carbonio CE includes: Postfix as the Mail Transfer Agent (MTA), A native mailbox server (not Dovecot) to handle IMAP/POP3 operations. 

I suggest setting up a test environment and trying experiencing operations, sample mailbox migration using imapsync etc. That way, you can verify folder compatibility, test authentication, and get a feel for the process.

Hi,

I also asked my question already in a new post (which is not published because its my first post). So please excuse my double posting.

I did the LetsEncrypt Install procedure as described in the official admin guide and it looks like all is correct but the Admin GUI as also the WebMail GUI is still not using the letsencrypt certificate - instead still the self generated one from Carbonio.

Any ideas why it's not applied?

Best regards 

Alexander

@asebestian 

Hi,

Could you please tell us more about:

1. What is your server OS?
2. What Carbonio CE release you are using?
3. What process you followed? (GUI/CLI)
4. In Which browser you are checking?

Regards,

Hi,

1. Ubuntu 22.04 with all updates (fresh installed)

2. Carbonio CE 25.6.1

3. The primary install was done only on CLI (with the fantastic scrip) and the Lets Encrypt Process was done on the GUI 

4. I tried Brave and Chrome as well as Firefox - but it doesn't relate to the browser, the problem is the certificate is not beeing replaced.
It still presents the self signed Zextras Carbonio Certificate.

Strange thing: when I look at the Virtual Hosts & Certificates all looks good (it presents me the correct lets encrypt certificate)

Thanks for your feedback

Alexander

Hi,
A small update as I did a little deeper reserach.

When I run the LetsEncrypt Certificate Request and Apply on CLI based on the steps described by Anahuac it works.
The certificates are created and applied to Carbonios Webservice like expected.

Really don't get the source why it was "theoretically" applied also with the GUI but was not set active.

Will dig a little bit deeper to get more feedback.

Thanks
Alexander

Is there a script or detailed instructions on setting up multi-server? have successfully setup the basics but am having issues getting the chats/video severs to run using the 5 server scenario. The docs are not detailed and I have yet to find any posts about setting up a working multi-server environment that has the chat/docs servers included.

@all

Considering all the changes after the first creation of FAN Made script, it is very difficult to update it regularly. To avoid any issue, I have marked it as deprecated. 

Though, it had it's own way of installing components. Using some of them and incorporating the official script, another custom script has been drafted.  please feel free to try it and drop your feedbacks:

What this script does: summary

1. Sets hostname
2. Sets /etc/hosts
3. Disable IPv6
4. Configure Zextras Repo from the Official documentation
5. Download official script from the Official documentation
6. Execute the script
7. Make sure you read/collect all the passwords at the end (service-discover, postgresql,admin login)
8. Reboot the server and check post install checks gradually.

🙏

#!/bin/bash
# ---------------------------------------------
# Wrapper Script: Carbonio CE Installation (Interactive)
# Purpose: Runs official script in interactive login shell,
#          sets random admin password safely, disables open relay, and provides post-install checks
# Supported OS: Ubuntu 22.04LTS, Ubuntu 24.04LTS
# ---------------------------------------------

# -----------------------------
# Functions
# -----------------------------

detect_os() {
    if [[ -f /etc/os-release ]]; then
        . /etc/os-release
        if [[ "$NAME" == "Ubuntu" && ( "$VERSION_ID" == "22.04" || "$VERSION_ID" == "24.04" ) ]]; then
            CODENAME=${VERSION_CODENAME:-unknown}
            echo "✅ Detected supported OS: $NAME $VERSION_ID LTS ($CODENAME)"
        else
            echo "❌ Unsupported OS: $PRETTY_NAME"
            exit 1
        fi
    else
        echo "❌ Unable to detect OS. /etc/os-release missing."
        exit 1
    fi
}

set_hostname() {
    read -rp "👉 Enter the desired hostname: " NEW_HOSTNAME
    if [[ -z "$NEW_HOSTNAME" ]]; then
        echo "❌ Hostname cannot be empty. Exiting."
        exit 1
    fi
    sudo hostnamectl set-hostname "$NEW_HOSTNAME"
    echo "✅ Hostname set to: $(hostname)"
}

disable_ipv6() {
    echo "🚫 Disabling IPv6..."
    sudo bash -c 'echo -e "\n# Disable IPv6\nnet.ipv6.conf.all.disable_ipv6 = 1\nnet.ipv6.conf.default.disable_ipv6 = 1\nnet.ipv6.conf.lo.disable_ipv6 = 1" >> /etc/sysctl.conf'
    sudo sysctl -p
    echo "✅ IPv6 disabled."
}

update_hosts() {
    HOST_IP=$(hostname -I | awk '{print $1}')
    sudo bash -c "cat <<EOF > /etc/hosts
127.0.0.1   localhost
$HOST_IP   $(hostname -f) $(hostname -s)
EOF"
    echo "✅ /etc/hosts updated:"
    cat /etc/hosts
}

set_timezone() {
    read -rp "🌍 Enter your timezone (e.g., Asia/Dhaka, Europe/Rome) [Leave blank to skip]: " TIMEZONE
    if [[ -n "$TIMEZONE" ]]; then
        sudo timedatectl set-timezone "$TIMEZONE"
        echo "✅ Timezone set to: $(timedatectl show -p Timezone --value)"
    else
        echo "⚠️ No timezone entered. Skipping timezone configuration."
    fi
}

add_zextras_repo() {
    echo "📦 Adding Zextras repository..."
    wget -O- "https://keyserver.ubuntu.com/pks/lookup?op=get&search=0x5dc7680bc4378c471a7fa80f52fd40243e584a21" | gpg --dearmor | sudo tee /usr/share/keyrings/zextras.gpg > /dev/null
    sudo chmod 644 /usr/share/keyrings/zextras.gpg
    sudo bash -c "cat <<EOF > /etc/apt/sources.list.d/zextras.list
deb [arch=amd64 signed-by=/usr/share/keyrings/zextras.gpg]  https://repo.zextras.io/release/ubuntu  $CODENAME main
EOF"
    sudo apt clean
    sudo apt update -y
    sudo apt upgrade -y
    echo "✅ Zextras repository setup complete."
}

run_official_script() {
    TMP_SCRIPT="/tmp/install_carbonio_ce_singleserver.sh"
    SCRIPT_URL="https://docs.zextras.com/carbonio-ce/html/_downloads/bed211d6fc1b9ca35f15be01eb9aa3fc/install_carbonio_ce_singleserver_ubuntu.sh"
    wget -O "$TMP_SCRIPT" "$SCRIPT_URL"
    sudo chmod +x "$TMP_SCRIPT"
    echo "▶️ Executing official Carbonio CE installation script in interactive login shell..."
    sudo -i bash "$TMP_SCRIPT"
    echo "🎉 Official Carbonio CE script completed!"
}

wait_for_cluster_credentials() {
    echo "⏳ Waiting for service-discover cluster credentials to be created..."
    TIMEOUT=60
    SLEEP_INTERVAL=5
    ELAPSED=0

    while [[ ! -f /etc/zextras/service-discover/cluster-credentials.tar.gpg ]] && [[ $ELAPSED -lt $TIMEOUT ]]; do
        echo "Waiting for /etc/zextras/service-discover/cluster-credentials.tar.gpg ..."
        sleep $SLEEP_INTERVAL
        ELAPSED=$((ELAPSED + SLEEP_INTERVAL))
    done

    if [[ ! -f /etc/zextras/service-discover/cluster-credentials.tar.gpg ]]; then
        echo "❌ Cluster credentials not found after $TIMEOUT seconds."
        echo "Please check service-discover-server status manually."
        return 1
    fi
    echo "✅ Cluster credentials file detected."
}

set_admin_password() {
    echo "🔑 Generating random 12-character admin password..."
    ADMIN_PWD=$(openssl rand -base64 18 | tr -dc 'A-Za-z0-9' | head -c12)
    # Pass as a single argument to avoid setPassword errors
    sudo su - zextras -c "carbonio prov sp zextras '$ADMIN_PWD'"
    echo "✅ Admin password has been set successfully!"
    echo ""
    echo -e "💡 Your Carbonio admin password is:\n\e[1;32m$ADMIN_PWD\e[0m"
    echo "Please store it safely. You will need it for the first login."
}

disable_open_relay() {
    echo "🚫 Configuring MTA to disable open relay..."
    TRUSTED_IPS=$(hostname -I | awk '{for(i=1;i<=NF;i++) printf "%s/32 ", $i}')
    PUB_IP=$(curl -s  https://ipinfo.io/ip) 
    [[ -n "$PUB_IP" ]] && TRUSTED_IPS+="$PUB_IP/32"
    sudo su - zextras -c "carbonio prov ms $(hostname -f) zimbraMtaMyNetworks '127.0.0.0/8 $TRUSTED_IPS'"
    echo "✅ Open relay disabled."
}

post_install_check() {
    read -rp "Do you want to see the post-reboot checks now? (y/N): " CHECK_STATUS
    if [[ "$CHECK_STATUS" =~ ^[Yy]$ ]]; then
        echo "🔹 Checking Carbonio version and status..."
        echo 'sudo su - zextras -c "zmcontrol -v && zmcontrol status"'
        echo "🔹 Checking Consul members..."
        echo "consul members"
        echo "🔹 Checking Carbonio systemd units..."
        echo "systemctl list-units 'carbonio*'"
        echo "🔹 Checking HTTP health endpoint..."
        echo "curl -s -v  http://127.78.0.4:10000/health  | jq"
    fi
}

janus_advisory() {
    echo -e "\n💡 After installation, verify your interface IP in Janus NAT mapping:\n"
    echo "    cat /etc/janus/janus.jcfg | grep -i mapping"
    echo -e "\nExample:\n    nat_1_1_mapping = \"<your_interface_ip>\"\n"
    echo "⚠️ If you modify the mapping, restart the VideoServer:"
    echo "    sudo systemctl restart carbonio-videoserver"
    echo -e "\n✅ Ensures the new mapping configuration is active."
}

# -----------------------------
# Main Script Execution
# -----------------------------
detect_os
set_hostname
disable_ipv6
update_hosts
set_timezone
add_zextras_repo
run_official_script

# Wait for service-discover cluster credentials before continuing
if wait_for_cluster_credentials; then
    set_admin_password
    disable_open_relay

    echo ""
    echo "🎉 Carbonio CE installation and initial setup completed successfully!"
    echo "⚠️ Please reboot your server to apply all changes."

    post_install_check
    janus_advisory
else
    echo "❌ Skipping post-install configuration due to missing cluster credentials."
fi

echo ""
echo "✅ Wrapper script finished."