search

mail-in-a-box / mailinabox

Mail-in-a-Box helps individuals take back control of their email by defining a one-click, easy-to-deploy SMTP+everything else server: a mail server in a box.
https://mailinabox.email/
Creative Commons Zero v1.0 Universal
14.06k stars 1.44k forks source link

error while installing #1298

Closed theraw closed 6 years ago

theraw commented 6 years ago 
Installing nsd (DNS server)...
Generating DNSSEC signing keys...
Installing Postfix (SMTP server)...
Installing Dovecot (IMAP server)...
Creating new user database: /home/user-data/mail/users.sqlite
Installing OpenDKIM/OpenDMARC...
Installing SpamAssassin...
Installing Nginx (web server)...
Installing Roundcube (webmail)...
Installing Nextcloud (contacts/calendar)...

Upgrading to Nextcloud version 12.0.3

creating sqlite db
Nextcloud is already latest version
Installing Z-Push (Exchange/ActiveSync server)...
Installing Mail-in-a-Box system management daemon...
Installing Munin (system monitoring)...
No module named '_cffi_backend'<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2 Final//EN">
<title>500 Internal Server Error</title>
<h1>Internal Server Error</h1>
<p>The server encountered an internal error and was unable to complete your request.  Either the server is overloaded or there is an error in the application.</p>
Traceback (most recent call last):
  File "management/ssl_certificates.py", line 803, in <module>
    provision_certificates_cmdline()
  File "management/ssl_certificates.py", line 446, in provision_certificates_cmdline
    status = provision_certificates(env, agree_to_tos_url=agree_to_tos_url, logger=my_logger, force_domains=force_domains, show_extended_problems=show_extended_problems)
  File "management/ssl_certificates.py", line 266, in provision_certificates
    import acme.messages
  File "/usr/local/lib/python3.4/dist-packages/acme/messages.py", line 5, in <module>
    from acme import challenges
  File "/usr/local/lib/python3.4/dist-packages/acme/challenges.py", line 9, in <module>
    import OpenSSL
  File "/usr/local/lib/python3.4/dist-packages/OpenSSL/__init__.py", line 8, in <module>
    from OpenSSL import crypto, SSL
  File "/usr/local/lib/python3.4/dist-packages/OpenSSL/crypto.py", line 12, in <module>
    from cryptography import x509
  File "/usr/local/lib/python3.4/dist-packages/cryptography/x509/__init__.py", line 7, in <module>
    from cryptography.x509 import certificate_transparency
ImportError: cannot import name 'certificate_transparency'

Okay. I'm about to set up raw@**** for you. This account will also
have access to the box's control panel.
password: 
 (again): 
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2 Final//EN">
<title>500 Internal Server Error</title>
<h1>Internal Server Error</h1>
<p>The server encountered an internal error and was unable to complete your request.  Either the server is overloaded or there is an error in the application.</p>

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2 Final//EN">
<title>500 Internal Server Error</title>
<h1>Internal Server Error</h1>
<p>The server encountered an internal error and was unable to complete your request.  Either the server is overloaded or there is an error in the application.</p>

-----------------------------------------------

Your Mail-in-a-Box is running.

Please log in to the control panel for further instructions at:

https://***/admin

You will be alerted that the website has an invalid certificate. Check that
the certificate fingerprint matches:

5F:FC:F****

Then you can confirm the security exception and continue.

command used curl -s https://mailinabox.email/setup.sh | sudo bash

Can i have some help please Thank you!

yodax commented 6 years ago

Can you run the same command again on the server?

theraw commented 6 years ago

@yodax well it worked.

Primary Hostname: *******
Public IP Address: xx.xx.xx.xx
Mail-in-a-Box Version:  v0.25

Updating system packages...
Installing system packages...
Initializing system random number generator...
Firewall is active and enabled on system startup
Installing nsd (DNS server)...
Installing Postfix (SMTP server)...
Installing Dovecot (IMAP server)...
Installing OpenDKIM/OpenDMARC...
Installing SpamAssassin...
Removing apache...
Installing Nginx (web server)...
Installing Roundcube (webmail)...
Installing Nextcloud (contacts/calendar)...
Nextcloud is already latest version
Installing Z-Push (Exchange/ActiveSync server)...
Installing Mail-in-a-Box system management daemon...
Installing Munin (system monitoring)...
updated DNS: ******
web updated

I'm going to provision a TLS certificate (formerly called a SSL certificate)
for you from Let's Encrypt (letsencrypt.org).

TLS certificates are cryptographic keys that ensure communication between
you and this box are secure when getting and sending mail and visiting
websites hosted on this box. Let's Encrypt is a free provider of TLS
certificates.

Please open this document in your web browser:

https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf

It is Let's Encrypt's terms of service agreement. If you agree, I can
provision that TLS certificate. If you don't agree, you will have an
opportunity to install your own TLS certificate from the Mail-in-a-Box
control panel.

Do you agree to the agreement? Type Y or N and press <ENTER>: 
You didn't agree. Quitting.

-----------------------------------------------

Your Mail-in-a-Box is running.

Please log in to the control panel for further instructions at:

https://*****/admin

You will be alerted that the website has an invalid certificate. Check that
the certificate fingerprint matches:

5F:FC:**

Then you can confirm the security exception and continue.

I tried to send some mails everything seems ok thank you

yodax commented 6 years ago

There’s still an open task to fix this in a more permanent way. It shouldn’t happen again on this machine.

theraw commented 6 years ago

maybe can i know why was it happening or how to check any log about it? my machine was very new fresh installation of ubuntu 14.04 from ubuntu iso http://releases.ubuntu.com/14.04/

right after installation all what i used was

apt-get update; apt-get upgrade -y; apt-get dist-upgrade -y; apt-get autoremove -y; reboot
apt-get install build-essential libssl-dev curl nano wget zip unzip dnsutils git -y
curl -s https://mailinabox.email/setup.sh | sudo bash

Then i got that error and apache was somehow installed and in port :80 i was able to see just apache default page. i was looking around /tmp/ or /var/log to find logs about it but i didn't found..

or was it just because of apache?

the problem happen twice first time after Ubuntu installation i tried to use 

$ git clone https://github.com/mail-in-a-box/mailinabox
$ cd mailinabox
$ git checkout v0.25
$ sudo setup/start.sh

and i got the same error as those are just some bash scripts and project is open source i can look into them and to try to find why. but when i saw that error which was about python i asked because i haven't work with python i have no idea about it..

podguzovvasily commented 6 years ago

This issue reproduces on fresh Digital Ocean Ubuntu 14.04.5 x64 droplet. After installation NGINX does not listen any ports. "NGINX -t" say OK. I tried "service NGINX restart" but it was unsuccessful.

Running the same command again helps me.

meglio commented 6 years ago

Installed by git-cloning master and running bash setup/start.sh, getting 500 Internal Server in console and /admin is not accessible, the browse says This site can’t be reached.

Restarting nginx does not help.

The valid work-around is to run the same setup installation script.

hachre commented 6 years ago

My previous comment was invalid, thus removed.

Could somebody with the necessary rights reopen this bug? It shouldn't be closed before it's been fixed.

ali3seven commented 6 years ago

i'm afraid that second installation can not solve the issue. I tried mailinabox with root privilege. here is the log, but also the same as last four line seems repeated for more than 100 other files too (like cffi, urllib3 and ...): Installing Mail-in-a-Box system management daemon...

FAILED: pip3 install --upgrade rtyaml email_validator>=1.0.0 free_tls_certificat es>=0.1.3 exclusiveprocess idna>=2.0.0 cryptography>=1.0.2 acme boto psutil

Retrying (Retry(total=4, connect=None, read=None, redirect=None)) after connecti on broken by 'NewConnectionError('<pip._vendor.requests.packages.urllib3.connect ion.VerifiedHTTPSConnection object at 0x7f6a7a56be80>: Failed to establish a new connection: [Errno -2] Name or service not known',)': /simple/rtyaml/`

any hint or solution?

hachre commented 6 years ago

This looks like another problem - are you sure you started with a fresh Ubuntu 14.04?

ali3seven commented 6 years ago

Thanks for reply. Yes, Tried with 14.04.3. but did sudo apt-get update & upgrade before run the command. But I will try again with bash start.sh scrip instead of mailinabox command. I hope it will be solved.

hachre commented 6 years ago

Yes, upgrading before running it is fine.

ali3seven commented 6 years ago

Finally Successful! I have been busy with this since 2 days ago. running again bash script after full upgrade. Thanks. @hachre

JoshData commented 6 years ago

The problems in this issue should be fixed by the above two commits on master. Would appreciate it if folks could give the master branch a try. Thanks.

theraw commented 6 years ago

For me everything went well.

Primary Hostname: ********
Public IP Address: *******
Private IPv6 Address: fe80::ff:fe69:51f3%eth0
Mail-in-a-Box Version:  v0.25

Installing add-apt-repository...
Updating system packages...
Installing system packages...

Current default time zone: 'Europe/Paris'
Local time is now:      Mon Jan 15 20:27:26 CET 2018.
Universal Time is now:  Mon Jan 15 19:27:26 UTC 2018.

Initializing system random number generator...
Creating SSH key for backup…
Firewall is active and enabled on system startup
Archiving old resolv.conf (was /etc/resolvconf/resolv.conf.d/original, now /etc/resolvconf/resolv.conf.original).
Creating initial SSL certificate and perfect forward secrecy Diffie-Hellman parameters...
Generating DH parameters, 2048 bit long safe prime, generator 2
This is going to take a long time
.........+........+...+.............................................................................+......................................................................................................................................................+............................+.....................................+....................................................................................+........................+.............................................................................+..........................................++*++*
Installing nsd (DNS server)...
Generating DNSSEC signing keys...
Installing Postfix (SMTP server)...
Installing Dovecot (IMAP server)...
Creating new user database: /home/user-data/mail/users.sqlite
Installing OpenDKIM/OpenDMARC...
Installing SpamAssassin...
Installing Nginx (web server)...
Installing Roundcube (webmail)...
Installing Nextcloud (contacts/calendar)...

Upgrading to Nextcloud version 12.0.3

creating sqlite db
Nextcloud is already latest version
Installing Z-Push (Exchange/ActiveSync server)...
sha1sum: WARNING: 1 computed checksum did NOT match
------------------------------------------------------------
Download of http://download.z-push.org/final/2.3/z-push-2.3.8.tar.gz did not match expected checksum.
Found:
66b1613faef61590836682ff1a43d559827fe08b  /tmp/z-push.tar.gz

Expected:
aae5093212ac0b7d8bf2d79fd5b87ca5bbf091cb  /tmp/z-push.tar.gz
theraw commented 6 years ago

wait no! it didn't. i cannot see that error anymore in installation steps but apache is installed again.

root@dop3:~/mailinabox# nginx -t
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful
root@dop3:~/mailinabox# service apache2 status
 * apache2 is running
root@dop3:~/mailinabox# lsof -i :80
COMMAND   PID     USER   FD   TYPE DEVICE SIZE/OFF NODE NAME
apache2  4617 www-data    4u  IPv6  90911      0t0  TCP *:http (LISTEN)
apache2 21153     root    4u  IPv6  90911      0t0  TCP *:http (LISTEN)
apache2 21156 www-data    4u  IPv6  90911      0t0  TCP *:http (LISTEN)
apache2 21157 www-data    4u  IPv6  90911      0t0  TCP *:http (LISTEN)
apache2 21158 www-data    4u  IPv6  90911      0t0  TCP *:http (LISTEN)
apache2 21159 www-data    4u  IPv6  90911      0t0  TCP *:http (LISTEN)
apache2 21160 www-data    4u  IPv6  90911      0t0  TCP *:http (LISTEN)
root@dop3:~/mailinabox# lsof -i :443
root@dop3:~/mailinabox#

also WARNING: 1 computed checksum did NOT match reason which installation stopped.

yodax commented 6 years ago

Are you sure you ran on master? This can’t be done via the curl pipe bash install yet.

I installed it on 1 box. Works fine. Reviewed the changes. Thanks for the changes @joshdata. Great work.

Tomorrow I’ll do some more boxes. I don’t expect any issues.

theraw commented 6 years ago

@yodax yes you are right it works. not totally fine but problem with apache is gone. it didn't worked for me 2h ago because i tried too fast and i hit github caches and i didn't got last changes of JoshData.

But i got different errors now ..

Mail-in-a-Box Version:  v0.25

Installing add-apt-repository...
Updating system packages...
Installing system packages...

Current default time zone: 'Europe/Tirane'
Local time is now:      Mon Jan 15 22:54:21 CET 2018.
Universal Time is now:  Mon Jan 15 21:54:21 UTC 2018.

Initializing system random number generator...
Creating SSH key for backup…
Firewall is active and enabled on system startup
Archiving old resolv.conf (was /etc/resolvconf/resolv.conf.d/original, now /etc/resolvconf/resolv.conf.original).
Creating initial SSL certificate and perfect forward secrecy Diffie-Hellman parameters...
Generating DH parameters, 2048 bit long safe prime, generator 2
This is going to take a long time
........................................+.....................................................................................................................+......................................................................................................................................................................................................................................................................................................................................................................................................................................................................+..................+.......................++*++*
Installing nsd (DNS server)...
Generating DNSSEC signing keys...
Installing Postfix (SMTP server)...
Installing Dovecot (IMAP server)...
Creating new user database: /home/user-data/mail/users.sqlite
Installing OpenDKIM/OpenDMARC...
Installing SpamAssassin...
Installing Nginx (web server)...
Installing Roundcube (webmail)...
Installing Nextcloud (contacts/calendar)...

Upgrading to Nextcloud version 12.0.3

creating sqlite db
Nextcloud is already latest version
Installing Z-Push (Exchange/ActiveSync server)...
sha1sum: WARNING: 1 computed checksum did NOT match
------------------------------------------------------------
Download of http://download.z-push.org/final/2.3/z-push-2.3.8.tar.gz did not match expected checksum.
Found:
66b1613faef61590836682ff1a43d559827fe08b  /tmp/z-push.tar.gz

Expected:
aae5093212ac0b7d8bf2d79fd5b87ca5bbf091cb  /tmp/z-push.tar.gz
Installing Mail-in-a-Box system management daemon...
Installing Munin (system monitoring)...
No module named '_cffi_backend'<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2 Final//EN">
<title>500 Internal Server Error</title>
<h1>Internal Server Error</h1>
<p>The server encountered an internal error and was unable to complete your request.  Either the server is overloaded or there is an error in the application.</p>
Traceback (most recent call last):
  File "management/ssl_certificates.py", line 803, in <module>
    provision_certificates_cmdline()
  File "management/ssl_certificates.py", line 446, in provision_certificates_cmdline
    status = provision_certificates(env, agree_to_tos_url=agree_to_tos_url, logger=my_logger, force_domains=force_domains, show_extended_problems=show_extended_problems)
  File "management/ssl_certificates.py", line 266, in provision_certificates
    import acme.messages
  File "/usr/local/lib/python3.4/dist-packages/acme/messages.py", line 5, in <module>
    from acme import challenges
  File "/usr/local/lib/python3.4/dist-packages/acme/challenges.py", line 9, in <module>
    import OpenSSL
  File "/usr/local/lib/python3.4/dist-packages/OpenSSL/__init__.py", line 8, in <module>
    from OpenSSL import crypto, SSL
  File "/usr/local/lib/python3.4/dist-packages/OpenSSL/crypto.py", line 12, in <module>
    from cryptography import x509
  File "/usr/local/lib/python3.4/dist-packages/cryptography/x509/__init__.py", line 7, in <module>
    from cryptography.x509 import certificate_transparency
ImportError: cannot import name 'certificate_transparency'

Okay. I'm about to set up me@dop3**** for you. This account will also
have access to the box's control panel.
password: 
Passwords must be at least eight characters.
password: 
 (again): 
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2 Final//EN">
<title>500 Internal Server Error</title>
<h1>Internal Server Error</h1>
<p>The server encountered an internal error and was unable to complete your request.  Either the server is overloaded or there is an error in the application.</p>

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2 Final//EN">
<title>500 Internal Server Error</title>
<h1>Internal Server Error</h1>
<p>The server encountered an internal error and was unable to complete your request.  Either the server is overloaded or there is an error in the application.</p>

-----------------------------------------------

Your Mail-in-a-Box is running.

Please log in to the control panel for further instructions at:

https://***/admin

You will be alerted that the website has an invalid certificate. Check that
the certificate fingerprint matches:

47:30:3B:F5:46:C4:03:FF:B6:49:21:10:30:7B:AD:4D:84:A6:57:62:02:C0:65:A9:B3:D1:1F:4C:7C:36:81:A2

Then you can confirm the security exception and continue.

root@dop3:~/mailinabox# service apache2 status
apache2: unrecognized service
root@dop3:~/mailinabox# nginx -t
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful
root@dop3:~/mailinabox# service nginx status
 * nginx is running
root@dop3:~/mailinabox# lsof -i :80
root@dop3:~/mailinabox# lsof -i :443
root@dop3:~/mailinabox# curl http://localhost
curl: (7) Failed to connect to localhost port 80: Connection refused
root@dop3:~/mailinabox# 
Installing Z-Push (Exchange/ActiveSync server)...
sha1sum: WARNING: 1 computed checksum did NOT match
------------------------------------------------------------
Download of http://download.z-push.org/final/2.3/z-push-2.3.8.tar.gz did not match expected checksum.
Found:
66b1613faef61590836682ff1a43d559827fe08b  /tmp/z-push.tar.gz

Expected:
aae5093212ac0b7d8bf2d79fd5b87ca5bbf091cb  /tmp/z-push.tar.gz
Installing Mail-in-a-Box system management daemon...
Jan 15 22:57:57 dop3 Mail-in-a-Box Management Daemon: Failed login attempt from ip 127.0.0.1 - timestamp 1516053477.5847049
Jan 15 22:57:57 dop3 Mail-in-a-Box Management Daemon: Failed login attempt from ip 127.0.0.1 - timestamp 1516053477.639296
Jan 15 22:57:57 dop3 Exception on /mail/aliases/add [POST]#012Traceback (most recent call last):#012  File "/usr/lib/python3/dist-packages/flask/app.py", line 1817, in wsgi_app#012    response = self.full_dispatch_request()#012  File "/usr/lib/python3/dist-packages/flask/app.py", line 1477, in full_dispatch_request#012    rv = self.handle_user_exception(e)#012  File "/usr/lib/python3/dist-packages/flask/app.py", line 1381, in handle_user_exception#012    reraise(exc_type, exc_value, tb)#012  File "/usr/lib/python3/dist-packages/flask/_compat.py", line 33, in reraise#012    raise value#012  File "/usr/lib/python3/dist-packages/flask/app.py", line 1475, in full_dispatch_request#012    rv = self.dispatch_request()#012  File "/usr/lib/python3/dist-packages/flask/app.py", line 1461, in dispatch_request#012    return self.view_functions[rule.endpoint](**req.view_args)#012  File "/usr/local/bin/mailinabox-daemon", line 55, in newview#012    return viewfunc(*args, **kwargs)#012  File "/usr/local/bin/mailinabox-daemon", line 211, in mail_aliases_add#012    update_if_exists=(request.form.get('update_if_exists', '') == '1')#012  File "/root/mailinabox/management/mailconfig.py", line 492, in add_mail_alias#012    return kick(env, return_status)#012  File "/root/mailinabox/management/mailconfig.py", line 591, in kick#012    results.append( do_dns_update(env) )#012  File "/root/mailinabox/management/dns_update.py", line 64, in do_dns_update#012    for (domain, zonefile, records) in build_zones(env):#012  File "/root/mailinabox/management/dns_update.py", line 132, in build_zones#012    records = build_zone(domain, domains, additional_records, www_redirect_domains, env)#012  File "/root/mailinabox/management/dns_update.py", line 175, in build_zone#012    records.append(("_25._tcp", "TLSA", build_tlsa_record(env), "Recommended when DNSSEC is enabled. Advertises to mail servers connecting to the box that mandatory encryption should be used."))#012  File "/root/mailinabox/management/dns_update.py", line 322, in build_tlsa_record#012    cert = load_pem(load_cert_chain(fn)[0])#012  File "/root/mailinabox/management/ssl_certificates.py", line 753, in load_pem#012    from cryptography.x509 import load_pem_x509_certificate#012  File "/usr/local/lib/python3.4/dist-packages/cryptography/x509/__init__.py", line 7, in <module>#012    from cryptography.x509 import certificate_transparency#012ImportError: cannot import name 'certificate_transparency'
Jan 15 22:59:00 dop3 kernel: [ 1488.057791] [UFW BLOCK] IN=eth0 OUT= MAC=02:00:00:69:51:f3:00:1e:13:f9:9b:00:08:00 SRC=77.72.85.101 DST=54.37.223.19 LEN=40 TOS=0x00 PREC=0x00 TTL=246 ID=36246 PROTO=TCP SPT=51910 DPT=3391 WINDOW=1024 RES=0x00 SYN URGP=0 
Jan 15 22:59:45 dop3 kernel: [ 1533.272076] [UFW BLOCK] IN=eth0 OUT= MAC=02:00:00:69:51:f3:00:14:f1:a7:24:00:08:00 SRC=77.72.85.10 DST=54.37.223.19 LEN=40 TOS=0x00 PREC=0x00 TTL=246 ID=49777 PROTO=TCP SPT=49782 DPT=3387 WINDOW=1024 RES=0x00 SYN URGP=0 
Jan 15 23:00:01 dop3 CRON[10747]: (root) CMD (if [ -x /etc/munin/plugins/apt_all ]; then munin-run apt_all update 7200 12 >/dev/null; elif [ -x /etc/munin/plugins/apt ]; then munin-run apt update 7200 12 >/dev/null; fi)
Jan 15 23:00:01 dop3 CRON[10748]: (munin) CMD (if [ -x /usr/bin/munin-cron ]; then /usr/bin/munin-cron; fi)

Just to know only vm hostname resolves to vm ip, nameservers aren't resolving vm ip can this be a reason why it fails? i will do another test tomorrow because i don't have too much time rn!

yodax commented 6 years ago 
------------------------------------------------------------
Download of http://download.z-push.org/final/2.3/z-push-2.3.8.tar.gz did not match expected checksum.
Found:
66b1613faef61590836682ff1a43d559827fe08b  /tmp/z-push.tar.gz

Expected:
aae5093212ac0b7d8bf2d79fd5b87ca5bbf091cb  /tmp/z-push.tar.gz

That bit tells be you're not on master, that download location isn't there anymore it fetches from git. Can you run git status on your mailinabox repo. Perhaps a git fetch && git pull.

JoshData commented 6 years ago

Closing because I think this is resolved.