Hey erix,

thank you for sharing this. When i got the the time i will have a few Test-Runs and get back to you (or even send and pull-request :-)).

8 days later

Thanks crpb,

I've merged your pull request and added the suggested solution for the missing php-fpm run directory. I hope this makes it even more useful :-)

  • crpb replied to this.

    eryx
    Hey,
    i just realized there was a little typo o_0

    [[ $- == *i* ]] && read -e -p " Enter Hostname:" -i "$HOSTNAME" DOMAINNAME
DOMAIN="${$(hostname -f):-$DOMAINNAME}"

      Hi erix,
      try to install at really base debian11 and discovered small mistake in grommunio-web
      script:
      echo "## CORRECT GROMMUNIO WEB FPM CONFIG ##"
      sed -i s/"listen = \/run\/php-fpm\/grommunio-web"/"listen = \/run\/php\/grommunio-web"/g /etc/php/7.4/fpm/pool.d/pool-grommunio-web.conf

      but at /usr/share/grommunio-common/nginx/upstreams.d/grommunio-web.conf is still:
      upstream fpm_web {
      server unix:/run/php-fpm/grommunio-web
      }

      and user web GUI not work.

      • crpb replied to this.

        Hi erix,
        at gromox-http config ports variables are not defined:
        echo "listen_port=$GROMOX_HTTP_PORT" > /etc/gromox/http.cfg
        echo "listen_ssl_port=$GROMOX_HTTP_SSL_PORT" >> /etc/gromox/http.cfg

        in advanced I discovered, it is not possible to delivere any email (connection refused), autodiscover not work (connection refused)

        I did not find why gromox-http not work unfortunately. Here I stuck :(

        Hi Crpb,

        I discovered, I have old version of the script. The last one is better. Thanks.

        Hi @crpb / @ladas,

        thanks for the input and sorry for the delay. I've added the missing port parameters and also fixed the mentioned typo.

        Best regards

        Also I've now added the grommunio-sync package and base config

        And also grommunio-dav, I think this is all I can do for now. I would love to also add grommunio-antispam, but unfortunately there's still no package for that.

        Hi eryx,
        Thank you, for the script. I tested it at Debian11 and made some modifications. If someone has similar needs like me, maybe it could be useful. Here is short description:

        1. at postfix configuration not work for my server: hosts=localhost at g-alias.cf and g-virt.cf I replaced it by hosts=127.0.0.1 (postfix say: cannot comunicate with mysql db) If someone know why, I will be glad to know. I get this advice here at forum.
        2. I do not want to have system hostname the same like primary domain for email. So I hash system hostname modification, add variable $FQDN=hostname.domain.com and reduce $DOMAIN=domain.com After that I add or change some config files directive default_domain = $DOMAIN and hostname=$FQDN
        3. Rename autodiscover.cfg to autodiscover.ini because in php scripts is relation to autodiscover.ini file and get_hostname() for Autodiscover.xml not corectly generated. It is also necessary to add chapter [exchange] with directive hostname into it, to be correctly generated URLs for Autodiscover.xml
        4. I modified $ADMINPASSWD variable to be asked interactively. Not necessary to change it after installation by hand.
        5. Just notice. Syntax: DOMAIN="${$(hostname -f):-$DOMAINNAME}" at my server say: bad substitution.
          Here is the script:
        #!/bin/bash

########## VARIABLES ##########
DBHOST='localhost'
DBUSER='grommunio'
DBPASSWD="$(openssl rand -base64 12)"
DBNAME='grommunio'
#ADMINPASSWD="$(openssl rand -base64 12)"
read -e -p " Enter admin password: " ADMINPASSWD
#[[ $- == *i* ]] && read -e -p " Enter Hostname:" -i "$HOSTNAME" DOMAINNAME
#DOMAIN="${$(hostname -f):-$DOMAINNAME}"
CREATE_SELF_SIGNED_SSL='true'
SSL_CERT_FILE_PATH='/etc/ssl/private/server.crt'
SSL_KEY_FILE_PATH='/etc/ssl/private/server.key'
GROMOX_HTTP_PORT=10080
GROMOX_HTTP_SSL_PORT=10443
GROMMUNIO_TIMEZONE="Europe/Berlin"
DOMAIN='domain.com' # Modify according to your needs
FQDN='hostname.domain.com' # Modify according to your needs

########## INSTALL ##########
echo "## ADD GROMMUNIO APT REPO ##"
apt update
apt install -y gnupg2
wget -O - https://download.grommunio.com/RPM-GPG-KEY-grommunio | apt-key add -
echo "deb [trusted=yes] https://download.grommunio.com/community/Debian_11 Debian_11 main" > /etc/apt/sources.list.d/grommunio.list

echo "## INSTALL DEFAULT PACKAGES ##"
apt update
apt upgrade -y
echo "postfix	postfix/mailname string $FQDN" | debconf-set-selections
echo "postfix postfix/main_mailer_type string 'Internet Site'" | debconf-set-selections
DEBIAN_FRONTEND=noninteractive apt install -y mariadb-server mariadb-client redis nginx postfix postfix-mysql php php-igbinary php-redis php7.4 php7.4-fpm curl fetchmail rspamd

#echo "## SET HOSTNAME ##"
#hostnamectl set-hostname $FQDN

echo "## CREATE USERS AND GROUPS ##"
useradd -r gromox
useradd -r system-user-groweb
useradd -r grommunio-web
groupadd -r grommunio
groupadd -r nginx

echo "## INSTALL GROMMUNIO PACKAGES ##"
apt install -y grommunio-common gromox grommunio-admin-api grommunio-admin-web system-user-groweb system-user-grosync system-user-grodav grommunio-web grommunio-admin-common grommunio-sync grommunio-dav

echo "## CREATE PHP-FPM RUN FOLDER ##"
echo "d /run/php-fpm 0755 www-data gromox - -" > /etc/tmpfiles.d/run-php-fpm.conf && systemd-tmpfiles --create

echo "## ACTIVATE PHP7.4-FPM ##"
systemctl enable --now php7.4-fpm

echo "## CREATE DB AND USER ##"
mysql -h $DBHOST -e "CREATE DATABASE IF NOT EXISTS grommunio;"
mysql -h $DBHOST -e "GRANT ALL ON $DBNAME.* TO '$DBUSER'@'localhost' IDENTIFIED BY '$DBPASSWD';"

if [ "$CREATE_SELF_SIGNED_SSL" == "true" ]; then
  echo "## CREATE SELF-SIGNED SSL CERTIFICATE ##"
  openssl req -new -x509 -days 365 -nodes -keyout /etc/ssl/private/server.key -out /etc/ssl/private/server.crt -subj "/CN=$FQDN"
fi

echo "## FIX SSL FOLDER RIGHTS ##"
chmod 755 /etc/ssl/private
chmod 644 /etc/ssl/private/*

echo "## CREATE NGINX SSL CONFIG ##"
echo "ssl_certificate $SSL_CERT_FILE_PATH;" > /etc/grommunio-common/nginx/ssl_certificate.conf
echo "ssl_certificate_key $SSL_KEY_FILE_PATH;" >> /etc/grommunio-common/nginx/ssl_certificate.conf

echo "## REMOVE DEFAULT NGINX HOST ##"
rm -f /etc/nginx/sites-enabled/default

echo "## CREATE GROMOX DB CONFIG ##"
echo "mysql_username=$DBUSER" > /etc/gromox/mysql_adaptor.cfg
echo "mysql_password=$DBPASSWD" >> /etc/gromox/mysql_adaptor.cfg
echo "mysql_dbname=$DBNAME" >> /etc/gromox/mysql_adaptor.cfg
#echo "schema_upgrade=host:$DOMAIN" >> /etc/gromox/mysql_adaptor.cfg
echo "schema_upgrade=host:$FQDN" >> /etc/gromox/mysql_adaptor.cfg

echo "## CREATE GROMOX TABLES ##"
gromox-dbop -C

echo "## ACTIVATE GROMOX EVENT AND TIMER ##"
systemctl enable --now gromox-event gromox-timer

echo "## CREATE GROMOX HTTP CONFIG ##"
echo "listen_port=$GROMOX_HTTP_PORT" > /etc/gromox/http.cfg
echo "listen_ssl_port=$GROMOX_HTTP_SSL_PORT" >> /etc/gromox/http.cfg
echo "http_support_ssl=yes" >> /etc/gromox/http.cfg
echo "http_certificate_path=$SSL_CERT_FILE_PATH" >> /etc/gromox/http.cfg
echo "http_private_key_path=$SSL_KEY_FILE_PATH" >> /etc/gromox/http.cfg
echo "default_domain=$DOMAIN" >> /etc/gromox/http.cfg

echo "## CREATE GROMOX AUTODISCOVER CONFIG ##"
echo "[database]" > /etc/gromox/autodiscover.ini
echo "host=$DBHOST" >> /etc/gromox/autodiscover.ini
echo "username=$DBUSER" >> /etc/gromox/autodiscover.ini
echo "password=$DBPASSWD" >> /etc/gromox/autodiscover.ini
echo "dbname=$DBNAME" >> /etc/gromox/autodiscover.ini
echo "[exchange]" >> /etc/gromox/autodiscover.ini
echo "hostname=$FQDN" >> /etc/gromox/autodiscover.ini

echo "## ACTIVATE GROMOX HTTP SERVICE ##"
systemctl enable --now gromox-http

echo "## ACTIVATE GROMOX MIDB AND ZCORE ##"
systemctl enable --now gromox-midb gromox-zcore

echo "## CONFIGURE GROMOX IMAP ##"
echo "listen_ssl_port=993" > /etc/gromox/imap.cfg
echo "imap_support_starttls=true" >> /etc/gromox/imap.cfg
echo "imap_certificate_path=$SSL_CERT_FILE_PATH" >> /etc/gromox/imap.cfg
echo "imap_private_key_path=$SSL_KEY_FILE_PATH" >> /etc/gromox/imap.cfg
echo "imap_force_starttls=true" >> /etc/gromox/imap.cfg
echo "default_domain=$DOMAIN" >> /etc/gromox/imap.cfg

echo "## CONFIGURE GROMOX POP3 ##"
echo "listen_ssl_port=995" > /etc/gromox/pop3.cfg
echo "pop3_support_stls=true" >> /etc/gromox/pop3.cfg
echo "pop3_certificate_path=$SSL_CERT_FILE_PATH" >> /etc/gromox/pop3.cfg
echo "pop3_private_key_path=$SSL_KEY_FILE_PATH" >> /etc/gromox/pop3.cfg
echo "pop3_force_stls=true" >> /etc/gromox/pop3.cfg
echo "default_domain='$DOMAIN" >> /etc/gromox/pop3.cfg

#echo "## ACTIVATE GROMOX IMAP AND POP3 ##"
#systemctl enable --now gromox-imap gromox-pop3

echo "## CONFIGURE GROMMUNIO ADMIN API ##"
echo "DB:" > /etc/grommunio-admin-api/conf.d/database.yaml
echo "  host: '$DBHOST'" >> /etc/grommunio-admin-api/conf.d/database.yaml
echo "  user: '$DBUSER'" >> /etc/grommunio-admin-api/conf.d/database.yaml
echo "  pass: '$DBPASSWD'" >> /etc/grommunio-admin-api/conf.d/database.yaml
echo "  database: '$DBNAME'" >> /etc/grommunio-admin-api/conf.d/database.yaml

echo "## SET GROMMUNIO ADMIN PASSWORD ##"
grommunio-admin passwd -p $ADMINPASSWD

echo "## SET CORRECT FOLDER RIGHTS FOR GROMMUNIO ADMIN API ##"
chown root:gromox /etc/gromox
chmod 755 /etc/gromox
chmod 666 /etc/gromox/*

echo "## ACTIVATE GROMMUNIO ADMIN API ##"
systemctl enable --now grommunio-admin-api

echo "## LINK NGINX SSL CONFIG FOR GROMMUNIO ADMIN ##"
if [ ! -f /etc/grommunio-admin-common/nginx-ssl.conf ]; then
  ln -s /etc/grommunio-common/nginx/ssl_certificate.conf /etc/grommunio-admin-common/nginx-ssl.conf
fi

echo "## RELOAD NGINX ##"
systemctl reload nginx

echo "## STOP POSTFIX AND ENABLE GROMOX DELIVERY AND DELIVERY QUEUE ##"
systemctl stop postfix
systemctl enable --now gromox-delivery gromox-delivery-queue

echo "## CONFIGURE GROMOX DELIVERY QUEUE ##"
echo "listen_port = 24" > /etc/gromox/smtp.cfg
echo "default_domain = $DOMAIN" >> /etc/gromox/smtp.cfg

echo "## CONFIGURE POSTFIX ##"
postconf -e virtual_alias_maps=mysql:/etc/postfix/g-alias.cf
postconf -e virtual_mailbox_domains=mysql:/etc/postfix/g-virt.cf
postconf -e virtual_transport="smtp:[localhost]:24"

echo "## CREATE GROMOX POSTFIX CONFIGS ##"
echo "user = $DBUSER" > /etc/postfix/g-alias.cf
echo "password = $DBPASSWD" >> /etc/postfix/g-alias.cf
echo "hosts = 127.0.0.1" >> /etc/postfix/g-alias.cf
echo "#hosts = $DBHOST" >> /etc/postfix/g-alias.cf
echo "dbname = $DBNAME" >> /etc/postfix/g-alias.cf
echo "query = SELECT mainname FROM aliases WHERE aliasname='%s'" >> /etc/postfix/g-alias.cf

echo "user = $DBUSER" > /etc/postfix/g-virt.cf
echo "password = $DBPASSWD" >> /etc/postfix/g-virt.cf
echo "hosts = 127.0.0.1" >> /etc/postfix/g-virt.cf
echo "#hosts = $DBHOST" >> /etc/postfix/g-virt.cf
echo "dbname = $DBNAME" >> /etc/postfix/g-virt.cf
echo "query = SELECT 1 FROM domains WHERE domain_status=0 AND domainname='%s'" >> /etc/postfix/g-virt.cf

echo "## ACTIVATE AND RESTART POSTFIX AND GROMOX DELIVERY AND GROMOX DELIVERY QUEUE ##"
systemctl enable --now gromox-delivery gromox-delivery-queue postfix
systemctl restart gromox-delivery-queue postfix

echo "## CONFIGURE AND ENABLE REDIS ##"
mkdir -p /var/lib/redis/default
chown redis.redis -R /var/lib/redis
systemctl disable --now redis-server.service

echo "[Unit]" > /etc/systemd/system/redis@grommunio.service
echo "Description=Redis instance: %i" >> /etc/systemd/system/redis@grommunio.service
echo "After=network.target" >> /etc/systemd/system/redis@grommunio.service
echo "PartOf=redis.target" >> /etc/systemd/system/redis@grommunio.service
echo "" >> /etc/systemd/system/redis@grommunio.service
echo "[Service]" >> /etc/systemd/system/redis@grommunio.service
echo "Type=notify" >> /etc/systemd/system/redis@grommunio.service
echo "User=redis" >> /etc/systemd/system/redis@grommunio.service
echo "Group=redis" >> /etc/systemd/system/redis@grommunio.service
echo "PrivateTmp=true" >> /etc/systemd/system/redis@grommunio.service
echo "PIDFile=/run/redis/%i.pid" >> /etc/systemd/system/redis@grommunio.service
echo "ExecStart=/usr/bin/redis-server /etc/redis/%i.conf" >> /etc/systemd/system/redis@grommunio.service
echo "LimitNOFILE=10240" >> /etc/systemd/system/redis@grommunio.service
echo "Restart=on-failure" >> /etc/systemd/system/redis@grommunio.service
echo "" >> /etc/systemd/system/redis@grommunio.service
echo "[Install]" >> /etc/systemd/system/redis@grommunio.service
echo "WantedBy=multi-user.target redis.target" >> /etc/systemd/system/redis@grommunio.service

systemctl daemon-reload
systemctl enable --now redis@grommunio.service

echo "## CONFIGURE GROMUNIO-SYNC TIMEZONE ##"
sed -i s/"define('TIMEZONE', '')"/"define('TIMEZONE', '$GROMMUNIO_TIMEZONE')"/g /etc/grommunio-sync/grommunio-sync.conf.php

echo "## ENABLE GROMMUNIO-SYNC ##"
ln -s /etc/php/7.4/fpm/php-fpm.d/pool-grommunio-sync.conf /etc/php/7.4/fpm/pool.d/
systemctl restart php7.4-fpm.service
systemctl restart nginx.service

echo "## ENABLE GROMMUNIO-DAV ##"
ln -s /etc/php/7.4/fpm/php-fpm.d/pool-grommunio-dav.conf /etc/php/7.4/fpm/pool.d/
systemctl restart php7.4-fpm.service
systemctl restart nginx.service

          Just put those parts in
          ```
          SCRIPTSTART

          SCRIPTEND
          ```

          And for all those echo Commands ...
          Heredoc maybe the better Solution
          https://tldp.org/LDP/abs/html/here-docs.html#GENERATESCRIPT

          Somethink like this for Instance. Changes/Readability is way better IMHO

          OUTFILE="/etc/systemd/system/redis@grommunio.service"
cat << EOF > $OUTFILE
[Unit]
Description=Redis instance: %i
After=network.target
PartOf=redis.target

[Service]
Type=notify
User=redis
Group=redis
PrivateTmp=true
PIDFile=/run/redis/%i.pid
ExecStart=/usr/bin/redis-server /etc/redis/%i.conf
LimitNOFILE=10240
Restart=on-failure

[Install]
WantedBy=multi-user.target redis.target
EOF

          If you don't want Variable-Expansion you can use cat << 'EOF' >...

          ladas Just notice. Syntax: DOMAIN="${$(hostname -f):-$DOMAINNAME}"

          Yeah, inserted those only from memory without testing... o0...
          This would be a safer bet i guess...

          cat test.sh
#!/usr/bin/env bash
if [ "${-#*i}" == "$-" ]; then
        read -e -p "Enter Hostname: " -i "$HOSTNAME" DOMAINNAME
fi
export DOMAIN="${HOSTNAME:-DOMAINNAME}"

          You can check this via

          unset DOMAINNAME DOMAIN
export DOMAIN="${HOSTNAME:-DOMAINNAME}"
echo $DOMAIN
DOMAINNAME=my.test.domain.tld
export DOMAIN="${HOSTNAME:-DOMAINNAME}"
echo $DOMAIN

          Meaning: set $DOMAIN to $DOMAINNAME if present, otherwise use $HOSTNAME
          A good reference on this stuff :-)

            I will try to include this as soon as possible. Hopefully this week. Otherwise feel free to open an PR ;-)

            Thanks a lot for your input!

              eryx
              Thank you for the installation script. The SSL key file is set world readable. I changed permissions

              echo "## FIX SSL FOLDER RIGHTS ##"
chgrp ssl-cert /etc/ssl/private/*
chmod 640 /etc/ssl/private/*

              and added various gromox uids to the ssl-cert group. Not sure if all are necessary.

              echo "## CREATE USERS AND GROUPS ##"
useradd -r gromox
useradd -r system-user-groweb
useradd -r grommunio-web
groupadd -r grommunio
groupadd -r nginx

usermod -a -G ssl-cert gromox
usermod -a -G ssl-cert grodav
usermod -a -G ssl-cert grosync
usermod -a -G ssl-cert groweb

              Also, may want to consider permissions on /etc/gromox/*

                Thanks for your script. Based on it we added some new automation together with lets encrypt certificate implementation.
                If you like it we can create a PR on Github. Script also fixes some permission errors and more.

                #!/bin/bash

########## VARIABLES ##########
DBHOST='localhost'
DBUSER='grommunio'
DBPASSWD="$(openssl rand -base64 12)"
DBNAME='grommunio'
ADMINPASSWD="$(openssl rand -base64 12)"
SSL_CERT_FILE_PATH='/etc/ssl/private/server.crt'
SSL_KEY_FILE_PATH='/etc/ssl/private/server.key'
GROMOX_HTTP_PORT=10080
GROMOX_HTTP_SSL_PORT=10443
GROMMUNIO_TIMEZONE="Europe/Zurich"

########## VARIABLES INSTALLER QUESTIONS ##########
if [ "$UID" = "0" ]; then
echo ""
echo "+--------------------------------+"
echo "| Hostname for Grommunio Server  |"
echo "+--------------------------------+"
read -p " Subdomain Name (SUBDOMAIN.example.com) ? " SUBDOMAIN
read -p " Domainname (subdomain.EXAMPLE.COM) ? " DOMAIN
echo ""
echo "+----------------------------------+"
echo "| SSL Self Signed or Let's Encrypt |"
echo "+----------------------------------+"
read -p " self oder lets ? [lets] " SSL
if [ "$SSL" = "" ] || [ "$SSL" = "lets" ]; then
SSL="lets"
echo ""
echo "+------------------------------------------------+"
echo "| E-Mail Adresss for Let's Excrypt Notifications |"
echo "+------------------------------------------------+"
read -p " Mail-Adresss ? " MAIL
fi
echo ""
echo "--------------------------------------------------"
echo " FQDN:    $SUBDOMAIN.$DOMAIN"
echo " SSL:     $SSL"
if ! [ "$MAIL" = "" ]; then
echo " Mail:    $MAIL"
fi
echo "--------------------------------------------------"
echo ""
key=""
while [ "$key" != "y" ] && [ "$key" != "n" ];do
read -n 1 -p "Correct ? [y/n]" key
done
if [ $key == "n" ]; then
exit
fi
echo ""

########## INSTALL ##########
echo "## ADD GROMMUNIO APT REPO ##"
apt update
apt install -y gnupg2
wget -O - https://download.grommunio.com/RPM-GPG-KEY-grommunio | apt-key add -
echo "deb [trusted=yes] https://download.grommunio.com/community/Debian_11 Debian_11 main" > /etc/apt/sources.list.d/grommunio.list

echo "## INSTALL DEFAULT PACKAGES ##"
apt update
apt upgrade -y
echo "postfix	postfix/mailname string $DOMAIN" | debconf-set-selections
echo "postfix postfix/main_mailer_type string 'Internet Site'" | debconf-set-selections
DEBIAN_FRONTEND=noninteractive apt install -y mariadb-server mariadb-client redis nginx postfix postfix-mysql php php-igbinary php-redis php7.4 php7.4-fpm curl fetchmail rspamd certbot python3-certbot-nginx

echo "## CREATE SSL ##"
if [ "$SSL" == "lets" ]; then
echo ""
echo " Let's Encrypt will request SSL for the following Names:"
echo " $SUBDOMAIN.$DOMAIN + autodiscover.$DOMAIN "
echo " Make sure the Firewall/NAT is open on Port 80 for US/CA IPs and DNS Records activ ?"
echo ""
echo "Continue <ENTER>"
read
certbot certonly --no-eff-email --agree-tos --nginx --deploy-hook "cp /etc/letsencrypt/live/$SUBDOMAIN.$DOMAIN/privkey.pem $SSL_KEY_FILE_PATH && cp /etc/letsencrypt/live/$SUBDOMAIN.$DOMAIN/fullchain.pem $SSL_CERT_FILE_PATH" -m $MAIL -d $SUBDOMAIN.$DOMAIN -d autodiscover.$DOMAIN
while ! ( test -f /etc/letsencrypt/live/$SUBDOMAIN.$DOMAIN/privkey.pem ) ; do
echo ""
echo " Let's Encrypt request has FAILED:"
echo " $SUBDOMAIN.$DOMAIN + autodiscover.$DOMAIN "
echo " Make sure the Firewall/NAT is open on Port 80 for US/CA IPs and DNS Records activ ?"
echo ""
echo "Continue <ENTER>"
read
certbot certonly --no-eff-email --agree-tos --nginx --deploy-hook "cp /etc/letsencrypt/live/$SUBDOMAIN.$DOMAIN/privkey.pem $SSL_KEY_FILE_PATH && cp /etc/letsencrypt/live/$SUBDOMAIN.$DOMAIN/fullchain.pem $SSL_CERT_FILE_PATH" -m $MAIL -d $SUBDOMAIN.$DOMAIN -d autodiscover.$DOMAIN
done
#ln -s /etc/letsencrypt/live/$SUBDOMAIN.$DOMAIN/privkey.pem $SSL_KEY_FILE_PATH
#ln -s /etc/letsencrypt/live/$SUBDOMAIN.$DOMAIN/fullchain.pem $SSL_CERT_FILE_PATH
else
  echo "## CREATE SELF-SIGNED SSL CERTIFICATE ##"
  openssl req -new -x509 -days 365 -nodes -keyout $SSL_KEY_FILE_PATH -out $SSL_CERT_FILE_PATH -subj "/CN=$SUBDOMAIN.$DOMAIN"
fi

echo "## SET HOSTNAME ##"
hostnamectl set-hostname $SUBDOMAIN.$DOMAIN

echo "## CREATE USERS AND GROUPS ##"
useradd -r gromox
useradd -r system-user-groweb
useradd -r grommunio-web
groupadd -r grommunio
groupadd -r nginx

echo "## CREATE PHP-FPM RUN FOLDER ##"
echo "d /run/php-fpm 0755 www-data gromox - -" > /etc/tmpfiles.d/run-php-fpm.conf && systemd-tmpfiles --create

echo "## INSTALL GROMMUNIO PACKAGES ##"
apt install -y grommunio-common gromox grommunio-admin-api grommunio-admin-web system-user-groweb system-user-grosync system-user-grodav grommunio-web grommunio-admin-common

echo "## ACTIVATE PHP7.4-FPM ##"
systemctl enable --now php7.4-fpm

echo "## ENABLE GROMMUNIO-WEB ##"
#ln -s /etc/php/7.4/fpm/php-fpm.d/pool-grommunio-web.conf /etc/php/7.4/fpm/pool.d/
systemctl restart php7.4-fpm.service
systemctl restart nginx.service

echo "## CREATE DB AND USER ##"
mysql -h $DBHOST -e "CREATE DATABASE IF NOT EXISTS grommunio;"
mysql -h $DBHOST -e "GRANT ALL ON $DBNAME.* TO '$DBUSER'@'localhost' IDENTIFIED BY '$DBPASSWD';"

echo "## FIX SSL FOLDER RIGHTS ##"
chmod 755 /etc/ssl/private
chmod 644 /etc/ssl/private/*

echo "## CREATE NGINX SSL CONFIG ##"
echo "ssl_certificate $SSL_CERT_FILE_PATH;" > /etc/grommunio-common/nginx/ssl_certificate.conf
echo "ssl_certificate_key $SSL_KEY_FILE_PATH;" >> /etc/grommunio-common/nginx/ssl_certificate.conf

echo "## REMOVE DEFAULT NGINX HOST ##"
rm -f /etc/nginx/sites-enabled/default

echo "## CREATE GROMOX DB CONFIG ##"
echo "mysql_username=$DBUSER" > /etc/gromox/mysql_adaptor.cfg
echo "mysql_password=$DBPASSWD" >> /etc/gromox/mysql_adaptor.cfg
echo "mysql_dbname=$DBNAME" >> /etc/gromox/mysql_adaptor.cfg
echo "schema_upgrade=host:$DBHOST" >> /etc/gromox/mysql_adaptor.cfg

echo "## CREATE GROMOX TABLES ##"
gromox-dbop -C

echo "## ACTIVATE GROMOX EVENT AND TIMER ##"
systemctl enable --now gromox-event gromox-timer

echo "## CREATE GROMOX HTTP CONFIG ##"
echo "listen_port=$GROMOX_HTTP_PORT" > /etc/gromox/http.cfg
echo "listen_ssl_port=$GROMOX_HTTP_SSL_PORT" >> /etc/gromox/http.cfg
echo "http_support_ssl=yes" >> /etc/gromox/http.cfg
echo "http_certificate_path=$SSL_CERT_FILE_PATH" >> /etc/gromox/http.cfg
echo "http_private_key_path=$SSL_KEY_FILE_PATH" >> /etc/gromox/http.cfg

echo "## CREATE GROMOX AUTODISCOVER CONFIG ##"
echo "[database]" > /etc/gromox/autodiscover.ini
echo "host=$DBHOST" >> /etc/gromox/autodiscover.ini
echo "username=$DBUSER" >> /etc/gromox/autodiscover.ini
echo "password=$DBPASSWD" >> /etc/gromox/autodiscover.ini
echo "dbname=$DBNAME" >> /etc/gromox/autodiscover.ini
echo "[exchange]" >> /etc/gromox/autodiscover.ini
echo "hostname=$SUBDOMAIN.$DOMAIN" >> /etc/gromox/autodiscover.ini

echo "## ACTIVATE GROMOX HTTP SERVICE ##"
systemctl enable --now gromox-http

echo "## ACTIVATE GROMOX MIDB AND ZCORE ##"
systemctl enable --now gromox-midb gromox-zcore

echo "## CONFIGURE GROMOX IMAP ##"
echo "listen_ssl_port=993" > /etc/gromox/imap.cfg
echo "imap_support_starttls=true" >> /etc/gromox/imap.cfg
echo "imap_certificate_path=$SSL_CERT_FILE_PATH" >> /etc/gromox/imap.cfg
echo "imap_private_key_path=$SSL_KEY_FILE_PATH" >> /etc/gromox/imap.cfg
echo "imap_force_starttls=true" >> /etc/gromox/imap.cfg

echo "## CONFIGURE GROMOX POP3 ##"
echo "listen_ssl_port=995" > /etc/gromox/pop3.cfg
echo "pop3_support_stls=true" >> /etc/gromox/pop3.cfg
echo "pop3_certificate_path=$SSL_CERT_FILE_PATH" >> /etc/gromox/pop3.cfg
echo "pop3_private_key_path=$SSL_KEY_FILE_PATH" >> /etc/gromox/pop3.cfg
echo "pop3_force_stls=true" >> /etc/gromox/pop3.cfg

echo "## ACTIVATE GROMOX IMAP AND POP3 ##"
systemctl enable --now gromox-imap gromox-pop3

echo "## CONFIGURE GROMMUNIO ADMIN API ##"
echo "DB:" > /etc/grommunio-admin-api/conf.d/database.yaml
echo "  host: '$DBHOST'" >> /etc/grommunio-admin-api/conf.d/database.yaml
echo "  user: '$DBUSER'" >> /etc/grommunio-admin-api/conf.d/database.yaml
echo "  pass: '$DBPASSWD'" >> /etc/grommunio-admin-api/conf.d/database.yaml
echo "  database: '$DBNAME'" >> /etc/grommunio-admin-api/conf.d/database.yaml

echo "## SET GROMMUNIO ADMIN PASSWORD ##"
grommunio-admin passwd -p $ADMINPASSWD

echo "## SET CORRECT FOLDER RIGHTS FOR GROMMUNIO ADMIN API ##"
chown root:gromox /etc/gromox
chmod 755 /etc/gromox
chmod 666 /etc/gromox/*

echo "## ACTIVATE GROMMUNIO ADMIN API ##"
systemctl enable --now grommunio-admin-api

echo "## LINK NGINX SSL CONFIG FOR GROMMUNIO ADMIN ##"
if [ ! -f /etc/grommunio-admin-common/nginx-ssl.conf ]; then
  ln -s /etc/grommunio-common/nginx/ssl_certificate.conf /etc/grommunio-admin-common/nginx-ssl.conf
fi

echo "## RELOAD NGINX ##"
systemctl reload nginx

echo "## STOP POSTFIX AND ENABLE GROMOX DELIVERY AND DELIVERY QUEUE ##"
systemctl stop postfix
systemctl enable --now gromox-delivery gromox-delivery-queue

echo "## CONFIGURE GROMOX DELIVERY QUEUE ##"
echo "listen_port = 24" > /etc/gromox/smtp.cfg

echo "## CONFIGURE POSTFIX ##"
postconf -e virtual_alias_maps=mysql:/etc/postfix/g-alias.cf
postconf -e virtual_mailbox_domains=mysql:/etc/postfix/g-virt.cf
postconf -e virtual_transport="smtp:[localhost]:24"

echo "## CREATE GROMOX POSTFIX CONFIGS ##"
echo "user = $DBUSER" > /etc/postfix/g-alias.cf
echo "password = $DBPASSWD" >> /etc/postfix/g-alias.cf
echo "hosts = 127.0.0.1" >> /etc/postfix/g-alias.cf
echo "dbname = $DBNAME" >> /etc/postfix/g-alias.cf
echo "query = SELECT mainname FROM aliases WHERE aliasname='%s'" >> /etc/postfix/g-alias.cf

echo "user = $DBUSER" > /etc/postfix/g-virt.cf
echo "password = $DBPASSWD" >> /etc/postfix/g-virt.cf
echo "hosts = 127.0.0.1" >> /etc/postfix/g-virt.cf
echo "dbname = $DBNAME" >> /etc/postfix/g-virt.cf
echo "query = SELECT 1 FROM domains WHERE domain_status=0 AND domainname='%s'" >> /etc/postfix/g-virt.cf

echo "## ACTIVATE AND RESTART POSTFIX AND GROMOX DELIVERY AND GROMOX DELIVERY QUEUE ##"
systemctl enable --now gromox-delivery gromox-delivery-queue postfix
systemctl restart gromox-delivery-queue postfix

echo "## CONFIGURE AND ENABLE REDIS ##"
mkdir -p /var/lib/redis/default
chown redis.redis -R /var/lib/redis
systemctl disable --now redis-server.service

echo "[Unit]" > /etc/systemd/system/redis@grommunio.service
echo "Description=Redis instance: %i" >> /etc/systemd/system/redis@grommunio.service
echo "After=network.target" >> /etc/systemd/system/redis@grommunio.service
echo "PartOf=redis.target" >> /etc/systemd/system/redis@grommunio.service
echo "" >> /etc/systemd/system/redis@grommunio.service
echo "[Service]" >> /etc/systemd/system/redis@grommunio.service
echo "Type=notify" >> /etc/systemd/system/redis@grommunio.service
echo "User=redis" >> /etc/systemd/system/redis@grommunio.service
echo "Group=redis" >> /etc/systemd/system/redis@grommunio.service
echo "PrivateTmp=true" >> /etc/systemd/system/redis@grommunio.service
echo "PIDFile=/run/redis/%i.pid" >> /etc/systemd/system/redis@grommunio.service
echo "ExecStart=/usr/bin/redis-server /etc/redis/%i.conf" >> /etc/systemd/system/redis@grommunio.service
echo "LimitNOFILE=10240" >> /etc/systemd/system/redis@grommunio.service
echo "Restart=on-failure" >> /etc/systemd/system/redis@grommunio.service
echo "" >> /etc/systemd/system/redis@grommunio.service
echo "[Install]" >> /etc/systemd/system/redis@grommunio.service
echo "WantedBy=multi-user.target redis.target" >> /etc/systemd/system/redis@grommunio.service

systemctl daemon-reload
systemctl enable --now redis@grommunio.service

echo "## CONFIGURE GROMUNIO-SYNC TIMEZONE ##"
sed -i s/"define('TIMEZONE', '')"/"define('TIMEZONE', '$GROMMUNIO_TIMEZONE')"/g /etc/grommunio-sync/grommunio-sync.conf.php

echo "## INSTALL GROMMUNIO SYNC+DAV ##"
apt install -y grommunio-sync grommunio-dav
ln -s /etc/php/7.4/fpm/php-fpm.d/pool-grommunio-sync.conf /etc/php/7.4/fpm/pool.d/pool-grommunio-sync.conf
ln -s /etc/php/7.4/fpm/php-fpm.d/pool-grommunio-dav.conf /etc/php/7.4/fpm/pool.d/pool-grommunio-dav.conf
chown -R grodav:root /var/lib/grommunio-dav/
chown -R grodav:grodav /var/log/grommunio-dav/
systemctl restart php7.4-fpm.service
systemctl restart nginx.service

echo "## ENABLE FETCHMAIL ##"
systemctl enable --now fetchmail

########## SHOW LOGINS ##########
echo ""
echo "+------------------------------------+"
echo "| Grommunio Logins URL/User/Password |"
echo "+------------------------------------+"
echo ""
echo "URL:       https://$SUBDOMAIN.$DOMAIN:8443        (SSL-AdminPanel)"
echo "URL:       http://$SUBDOMAIN.$DOMAIN:8080         (NoSSL-AdminPanel)"
echo "User:      admin"
echo "Password:  $ADMINPASSWD"
echo "SQLDB-PW:  $DBPASSWD"
echo ""
echo "URL:       https://$SUBDOMAIN.$DOMAIN             (Webmail)"
echo ""

########## END NOT ROOT ##########
else
USER=`logname`;
echo "You are not ROOT user"
echo ""
echo "Your User is ${USER}"
fi
                • crpb replied to this.

                  big If you like it we can create a PR on Github. Script also fixes some permission errors and more.

                  Please do ---> eryx Otherwise feel free to open an PR ;-)

                  and if i just go through the latest script here..

                  big GROMMUNIO_TIMEZONE="Europe/Zurich"

                  In a perfect world TIMEZONE should have been handled by the Debian-Installer, preseed.cfg, debootstrap... or whatever..

                  And now that i look into the script...
                  This is only necessary if SYSTEM-TIMEZONE isn't the one we want?!

                          // Defines the default time zone, change e.g. to "Europe/London" if necessary
        define('TIMEZONE', '');

                  i double checked on my Suse-Installations.. nothing set in those...

                        I removed the timezone config again and added the fixes for the ssl files. I will try to add the rest later today

                          I've also added the fix for the domain name setting from @crpb and an adjusted option to set the ADMINPASSWD to "" to enable asking for the password on prompt like suggested by @ladas.

                          © 2020-2024 grommunio GmbH. All rights reserved. | https://grommunio.com | Data Protection | Legal notice