feat: rediseño UI completo + infra email + stats
This commit is contained in:
hacklab
parent
93d75ddafe
commit
24401c0ee5
37 changed files with 2162 additions and 412 deletions
183
infra/setup-mail.sh
Executable file
183
infra/setup-mail.sh
Executable file
|
|
@ -0,0 +1,183 @@
|
|||
#!/bin/bash
|
||||
# =================================================================
|
||||
# setup-mail.sh — Postfix (relay Brevo) + opendkim para resetea.net
|
||||
# Uso: sudo bash /var/www/resetea.net/infra/setup-mail.sh
|
||||
# =================================================================
|
||||
set -e
|
||||
|
||||
DOMAIN="resetea.net"
|
||||
SELECTOR="mail"
|
||||
DKIM_DIR="/etc/opendkim/keys/${DOMAIN}"
|
||||
NODE_BIN="/home/capitansito/.nvm/versions/node/v18.20.8/bin/node"
|
||||
APP_DIR="/var/www/resetea.net/api"
|
||||
APP_USER="capitansito"
|
||||
|
||||
# ── Verificaciones previas ────────────────────────────────────────
|
||||
if [[ $EUID -ne 0 ]]; then
|
||||
echo "ERROR: Ejecuta como root: sudo bash $0"
|
||||
exit 1
|
||||
fi
|
||||
|
||||
if [[ ! -f "${NODE_BIN}" ]]; then
|
||||
echo "ERROR: node no encontrado en ${NODE_BIN}"
|
||||
echo "Ajusta NODE_BIN al inicio del script."
|
||||
exit 1
|
||||
fi
|
||||
|
||||
echo ""
|
||||
echo "╔══════════════════════════════════════════════╗"
|
||||
echo "║ SETUP MAIL — resetea.net ║"
|
||||
echo "╚══════════════════════════════════════════════╝"
|
||||
|
||||
# ── [1/6] Instalar paquetes ───────────────────────────────────────
|
||||
echo ""
|
||||
echo "[1/6] Instalando postfix, opendkim, opendkim-tools..."
|
||||
DEBIAN_FRONTEND=noninteractive apt-get install -y \
|
||||
postfix libsasl2-modules opendkim opendkim-tools
|
||||
|
||||
# ── [2/6] Configurar Postfix ──────────────────────────────────────
|
||||
echo ""
|
||||
echo "[2/6] Configurando Postfix..."
|
||||
|
||||
postconf -e "myhostname = ${DOMAIN}"
|
||||
postconf -e "myorigin = ${DOMAIN}"
|
||||
postconf -e "inet_interfaces = loopback-only"
|
||||
postconf -e "mydestination = localhost"
|
||||
postconf -e "mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128"
|
||||
|
||||
# Relay Brevo — credenciales se añaden con set-relay-credentials.sh
|
||||
postconf -e "relayhost = [smtp-relay.brevo.com]:587"
|
||||
postconf -e "smtp_sasl_auth_enable = yes"
|
||||
postconf -e "smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd"
|
||||
postconf -e "smtp_sasl_security_options = noanonymous"
|
||||
postconf -e "smtp_tls_security_level = encrypt"
|
||||
postconf -e "smtp_tls_CAfile = /etc/ssl/certs/ca-certificates.crt"
|
||||
postconf -e "smtp_use_tls = yes"
|
||||
|
||||
# Integración opendkim via milter
|
||||
postconf -e "milter_protocol = 6"
|
||||
postconf -e "milter_default_action = accept"
|
||||
postconf -e "smtpd_milters = inet:localhost:12301"
|
||||
postconf -e "non_smtpd_milters = inet:localhost:12301"
|
||||
|
||||
# Placeholder de credenciales (vacío hasta ejecutar set-relay-credentials.sh)
|
||||
if [[ ! -f /etc/postfix/sasl_passwd ]]; then
|
||||
echo "[smtp-relay.brevo.com]:587 BREVO_LOGIN:BREVO_SMTP_KEY" > /etc/postfix/sasl_passwd
|
||||
chmod 600 /etc/postfix/sasl_passwd
|
||||
postmap /etc/postfix/sasl_passwd
|
||||
fi
|
||||
|
||||
# ── [3/6] Generar claves DKIM ─────────────────────────────────────
|
||||
echo ""
|
||||
echo "[3/6] Generando claves DKIM (2048 bits)..."
|
||||
|
||||
mkdir -p "${DKIM_DIR}"
|
||||
|
||||
if [[ -f "${DKIM_DIR}/${SELECTOR}.private" ]]; then
|
||||
echo " → Clave ya existente, se mantiene (no se regenera)."
|
||||
else
|
||||
opendkim-genkey -b 2048 -d "${DOMAIN}" -D "${DKIM_DIR}" -s "${SELECTOR}" -v
|
||||
echo " → Clave generada en ${DKIM_DIR}/"
|
||||
fi
|
||||
|
||||
chown -R opendkim:opendkim /etc/opendkim/
|
||||
chmod 711 "${DKIM_DIR}" # traversable pero no listable por otros
|
||||
chmod 600 "${DKIM_DIR}/${SELECTOR}.private"
|
||||
chmod 644 "${DKIM_DIR}/${SELECTOR}.txt" # clave pública — legible por el script
|
||||
|
||||
# ── [4/6] Configurar opendkim ─────────────────────────────────────
|
||||
echo ""
|
||||
echo "[4/6] Configurando opendkim..."
|
||||
|
||||
cat > /etc/opendkim.conf << EOF
|
||||
AutoRestart Yes
|
||||
AutoRestartRate 10/1h
|
||||
UMask 002
|
||||
Syslog yes
|
||||
SyslogSuccess Yes
|
||||
LogWhy Yes
|
||||
Canonicalization relaxed/simple
|
||||
ExternalIgnoreList refile:/etc/opendkim/TrustedHosts
|
||||
InternalHosts refile:/etc/opendkim/TrustedHosts
|
||||
KeyTable refile:/etc/opendkim/KeyTable
|
||||
SigningTable refile:/etc/opendkim/SigningTable
|
||||
Mode sv
|
||||
PidFile /run/opendkim/opendkim.pid
|
||||
SignatureAlgorithm rsa-sha256
|
||||
UserID opendkim
|
||||
Socket inet:12301@localhost
|
||||
EOF
|
||||
|
||||
cat > /etc/opendkim/TrustedHosts << EOF
|
||||
127.0.0.1
|
||||
localhost
|
||||
${DOMAIN}
|
||||
EOF
|
||||
|
||||
cat > /etc/opendkim/KeyTable << EOF
|
||||
${SELECTOR}._domainkey.${DOMAIN} ${DOMAIN}:${SELECTOR}:${DKIM_DIR}/${SELECTOR}.private
|
||||
EOF
|
||||
|
||||
cat > /etc/opendkim/SigningTable << EOF
|
||||
*@${DOMAIN} ${SELECTOR}._domainkey.${DOMAIN}
|
||||
EOF
|
||||
|
||||
# ── [5/6] Servicio systemd para resetea backend ───────────────────
|
||||
echo ""
|
||||
echo "[5/6] Creando servicio systemd resetea..."
|
||||
|
||||
cat > /etc/systemd/system/resetea.service << EOF
|
||||
[Unit]
|
||||
Description=RESETEA.NET backend Node.js
|
||||
After=network.target
|
||||
|
||||
[Service]
|
||||
Type=simple
|
||||
User=${APP_USER}
|
||||
WorkingDirectory=${APP_DIR}
|
||||
ExecStart=${NODE_BIN} app.js
|
||||
Restart=on-failure
|
||||
RestartSec=5
|
||||
EnvironmentFile=${APP_DIR}/.env
|
||||
|
||||
[Install]
|
||||
WantedBy=multi-user.target
|
||||
EOF
|
||||
|
||||
systemctl daemon-reload
|
||||
systemctl enable resetea
|
||||
systemctl start resetea && echo " → resetea backend arrancado" || echo " ⚠ Error arrancando resetea — revisa: journalctl -u resetea -n 20"
|
||||
|
||||
# ── [6/6] Arrancar opendkim y postfix ─────────────────────────────
|
||||
echo ""
|
||||
echo "[6/6] Arrancando opendkim y postfix..."
|
||||
|
||||
systemctl enable opendkim
|
||||
systemctl restart opendkim && echo " → opendkim OK" || echo " ⚠ Error en opendkim"
|
||||
sleep 1
|
||||
|
||||
# Postfix NO se arranca hasta que haya credenciales reales en sasl_passwd
|
||||
echo " → Postfix: esperando credenciales Brevo antes de arrancar."
|
||||
echo " Ejecuta set-relay-credentials.sh cuando tengas las credenciales."
|
||||
|
||||
# ── Resumen final ─────────────────────────────────────────────────
|
||||
echo ""
|
||||
echo "════════════════════════════════════════════════════════"
|
||||
echo " REGISTRO DKIM — añadir en DNS de Gandi:"
|
||||
echo "────────────────────────────────────────────────────────"
|
||||
echo " Nombre: ${SELECTOR}._domainkey"
|
||||
echo " Tipo: TXT"
|
||||
DKIM_P=$(cat "${DKIM_DIR}/${SELECTOR}.txt" | grep -o '"p=.*"' | tr -d '"' | tr -d ' ')
|
||||
echo " Valor: v=DKIM1; k=rsa; ${DKIM_P}"
|
||||
echo ""
|
||||
echo " (archivo completo en ${DKIM_DIR}/${SELECTOR}.txt)"
|
||||
echo "════════════════════════════════════════════════════════"
|
||||
echo ""
|
||||
echo "SIGUIENTE PASO:"
|
||||
echo " 1. Crea cuenta gratis en https://app.brevo.com"
|
||||
echo " 2. Ve a: SMTP & API → SMTP → 'Generate a new SMTP Key'"
|
||||
echo " 3. Ejecuta:"
|
||||
echo " sudo bash /var/www/resetea.net/infra/set-relay-credentials.sh TU_EMAIL_BREVO TU_SMTP_KEY"
|
||||
echo " 4. Añade el registro DKIM de arriba en Gandi"
|
||||
echo " 5. Ejecuta el managedns.sh setup-mail-dns para SPF y DMARC"
|
||||
echo ""
|
||||
Loading…
Add table
Add a link
Reference in a new issue