Carbonio CE Related...
 
Notifications
Clear all

[Sticky] Carbonio CE Related Scripts

20 Posts
6 Users
4 Reactions
5,328 Views
(@fucine)
Joined: 8 months ago
Posts: 6
 

@sharif I think that there's repetition in your script; try looking for ${!hostnames[@]} and you'll find two identical blocks:

  • one dealing with "# Function to set the hostname"
  • the other one dealing with "# Function to configure /etc/hosts"

Cheers, e.-


   
ReplyQuote
(@fucine)
Joined: 8 months ago
Posts: 6
 

I think to have discovered a little bug in the "Fan Made Script" (ce_installation_script_public_UB_v3.sh), when it comes to the "# Function to Change Admin User Password" routine. This is the original source code:

# Function to Change Admin User Password
change_admin_user_password() {
    echo "Changing admin user (zextras@$(hostname -d)) password..."
    read -s -p "Enter new admin password: " ADMIN_PWD
    echo # Move to a new line for clean output
    if su - zextras -c "carbonio prov sp zextras@$(hostname -d) $ADMIN_PWD"; then
        echo "Admin user password changed successfully."
        status[19]="Done"
    else
        echo "Failed to change admin user password."
        status[19]="Failed"
    fi
}

And this is my modification:

# Function to Change Admin User Password
change_admin_user_password() {
    echo "Changing admin user (zextras@$(hostname -f)) password..."
    read -s -p "Enter new admin password: " ADMIN_PWD
    echo # Move to a new line for clean output
    if su - zextras -c "carbonio prov sp zextras@$(hostname -f) $ADMIN_PWD"; then
        echo "Admin user password changed successfully."
        status[19]="Done"
    else
        echo "Failed to change admin user password."
        status[19]="Failed"
    fi
}

In the end it should be used hostname -f and not hostname -d for this command to actually work

su - zextras -c "carbonio prov sp zextras@fucine.email XXXXXX"

See, in fact, here:

root@mail:~# hostname -d
email

root@mail:~# hostname -f
fucine.email

So by using hostname -d I'd have gotten (which actually failed, for obvious reason):

su - zextras -c "carbonio prov sp zextras@email XXXXXX"

Whilst by using hostname -f I got (which worked, as we had to reference zextras@fucine.email):

su - zextras -c "carbonio prov sp zextras@fucine.email XXXXXX"

Quick guide:

Option Description Example
-i Displays the network address (IP) of the host | Example: hostname -i
-f Displays the Fully Qualified Domain Name (FQDN) of the host | Example: hostname -f
-s Displays the short hostname. This is the hostname up to the first ‘.’ | Example: hostname -s
-a Displays the alias name of the host | Example: hostname -a
-d Displays the DNS domain name | Example: hostname -d
-y Displays the NIS/YP domain name | Example: hostname -y
-n Displays the network node hostname | Example: hostname -n
-v Verbose output | Example: hostname -v
-h Displays help message and exit | Example: hostname -h
-V Displays version information and exit | Example: hostname -V

Furthermore, for anyone downloading the script from the link posted as comment to this YouTube video, it might be useful to convert it via:

dos2unix ce_installation_script_public_UB_v3.sh

If dos2unix is not already installed in your system then having it in place would be as easy as (for Debian GNU/Linux systems):

sudo apt install dos2unix

   
ReplyQuote
(@fucine)
Joined: 8 months ago
Posts: 6
 

In the end it should be used hostname -f and not hostname -d for this command to actually work

Nope, in the end hostname -d is doing its job, but in case FQDN is referring to a 2nd level domain - which I think is the direct consequence of some step during script's execution (mine originally was "mail.fucine.email", but then it became "fucine.email") - then hostname -d would print just 1st level domain, and that should be avoided, of course.
Now I'm going to see at which step an originally defined 3rdlevel.domain.tld is rewritten in terms of domain.tld. Anyway this is what I have in place:

root@mail:~# cat /etc/hosts
127.0.0.1 localhost
78.46.195.130 fucine.email mail
root@mail:~# hostname -f
fucine.email
root@mail:~# hostname -d
email
root@mail:~# hostnamectl
 Static hostname: mail.fucine.email
       Icon name: computer-vm
         Chassis: vm
      Machine ID: 991b613a94d14f96848641da44662a6e
         Boot ID: 8efb55ea1a934084961c820976e67e72
  Virtualization: kvm
Operating System: Ubuntu 22.04.4 LTS              
          Kernel: Linux 5.15.0-105-generic
    Architecture: x86-64
 Hardware Vendor: Hetzner
  Hardware Model: vServer

Cheers, e.-


   
ReplyQuote
(@mr-ripon)
Joined: 8 months ago
Posts: 1
 

I'm using your script on Ubuntu: 20.04LTS.It's amazing !


   
ReplyQuote
(@sharif)
Admin
Joined: 3 years ago
Posts: 593
Topic starter  

Automated Installation Script for Let's Encrypt SSL Certificate in Carbonio CE

 

In Carbonio CE, we can deploy the Let's Encrypt certificate using both GUI-based Admin UI and CLI. For both the methods, the basic procedures are same:

  • Configure virtual hostname
  • Set the proper value of zimbraReverseProxyMailMode
  • Restart proxy service
  • Generate the Let's Encrypt SSL using GUI or CLI.
  • After the configuration, restart the proxy service.

If you have a single domain, then these steps are okay. But if you have like 5 to 10 domains then redoing these steps for all the domains could be time consuming and annoying.

Therefore I present you this script that will detect all the domains in your server and deploy domain level Let's encrypt certificate for them without any intervention.

#!/bin/bash

# Check if the script is run as zextras
if [ "$(whoami)" != "zextras" ]; then
  echo "This script must be run as the zextras user."
  exit 1
fi

echo "Starting Let's Encrypt SSL installation script."

# Setting zimbraVirtualHostName for each domain as zextras user
for i in $(carbonio prov -l gad); do 
  carbonio prov md $i zimbraVirtualHostName mail.$i
  echo "Virtual Hostname set for domain $i"
done
echo "Virtual Hostnames set for all domains."

sleep 1

# Setting zimbraReverseProxyMailMode to redirect as zextras user
carbonio prov ms $(hostname -f) zimbraReverseProxyMailMode redirect
echo "zimbraReverseProxyMailMode set to redirect."

sleep 1

# Restarting zmproxyctl as zextras user
zmproxyctl restart
echo "zmproxyctl restarted."

sleep 1

# Obtaining certificates for each domain as zextras user
for i in $(carbonio prov -l gad); do 
  /opt/zextras/libexec/certbot certonly --preferred-chain "ISRG Root X1" --agree-tos --email zextras@$(hostname -d) -n --keep --webroot -w /opt/zextras --cert-name $i -d mail.$i
  echo "Certificate obtained for domain $i"
done
echo "Certificates obtained for all domains."

sleep 1

# Restarting zmproxyctl again after obtaining certificates as zextras user
zmproxyctl restart
echo "zmproxyctl restarted after obtaining certificates."

echo "Let's Encrypt SSL installation script completed."

echo "##############################################################"
echo "#                                                            #"
echo "# WARNING: To set up auto-renewal for all domains, please    #"
echo "# execute the following commands as root:                    #"
echo "#                                                            #"
echo "#   sudo systemctl start carbonio-certbot.timer              #"
echo "#   sudo systemctl enable carbonio-certbot.timer             #"
echo "#                                                            #"
echo "##############################################################"

Hereby, I am requesting you to try this and let us know how it goes.

This is a mere effort to encourage you to play and do this kind of stuff that can be helpful for the entire community. I am not saying this is a perfect script. Feel free to modify it at your own discretion.

 

Remarks: I am updating existing SSL related articles be adding this script in them.

 

Have a good day!

Regards,

Sharif

 


   
ReplyQuote
Page 2 / 2