diff --git a/ct/aliasvault.sh b/ct/aliasvault.sh index 2f716b27..8b2d5342 100644 --- a/ct/aliasvault.sh +++ b/ct/aliasvault.sh @@ -7,12 +7,12 @@ source <(curl -fsSL https://raw.githubusercontent.com/community-scripts/ProxmoxV APP="AliasVault" var_tags="${var_tags:-security;passwords;privacy}" -var_cpu="${var_cpu:-2}" -var_ram="${var_ram:-2048}" -var_disk="${var_disk:-16}" +var_cpu="${var_cpu:-4}" +var_ram="${var_ram:-4096}" +var_disk="${var_disk:-20}" var_os="${var_os:-debian}" var_version="${var_version:-12}" -var_unprivileged="${var_unprivileged:-0}" +var_unprivileged="${var_unprivileged:-1}" header_info "$APP" variables @@ -24,7 +24,7 @@ function update_script() { check_container_storage check_container_resources - if [[ ! -d /opt/aliasvault ]]; then + if [[ ! -f /opt/aliasvault/.env ]]; then msg_error "No ${APP} Installation Found!" exit fi @@ -33,27 +33,60 @@ function update_script() { RELEASE=$(get_latest_github_release "aliasvault/aliasvault") msg_info "Stopping Services" - cd /opt/aliasvault - $STD docker compose down + systemctl stop aliasvault-api aliasvault-admin aliasvault-smtp aliasvault-taskrunner msg_ok "Stopped Services" - msg_info "Updating Compose Configuration" - curl -fsSL "https://raw.githubusercontent.com/aliasvault/aliasvault/${RELEASE}/docker-compose.yml" | - sed "s/:latest/:${RELEASE}/g" >/opt/aliasvault/docker-compose.yml - curl -fsSL "https://raw.githubusercontent.com/aliasvault/aliasvault/${RELEASE}/docker-compose.letsencrypt.yml" \ - >/opt/aliasvault/docker-compose.letsencrypt.yml - msg_ok "Updated Compose Configuration" + msg_info "Backing up Configuration" + cp /opt/aliasvault/.env /opt/aliasvault_env.bak + cp -r /opt/aliasvault/certificates /opt/aliasvault_certs.bak + msg_ok "Backed up Configuration" - msg_info "Pulling Updated Images" - $STD docker compose -f /opt/aliasvault/docker-compose.yml pull - msg_ok "Pulled Updated Images" + CLEAN_INSTALL=1 fetch_and_deploy_gh_release "aliasvault" "aliasvault/aliasvault" "tarball" + + msg_info "Building Core Libraries (Patience)" + source "$HOME/.cargo/env" + $STD rustup target add wasm32-unknown-unknown + cd /opt/aliasvault/core + $STD bash build-and-distribute.sh --browser + msg_ok "Built Core Libraries" + + msg_info "Copying Core Artifacts" + mkdir -p /opt/aliasvault/apps/server/AliasVault.Client/wwwroot/wasm + cp /opt/aliasvault/core/rust/dist/wasm/aliasvault_core_bg.wasm \ + /opt/aliasvault/apps/server/AliasVault.Client/wwwroot/wasm/ + cp /opt/aliasvault/core/rust/dist/wasm/aliasvault_core.js \ + /opt/aliasvault/apps/server/AliasVault.Client/wwwroot/wasm/ + mkdir -p /opt/aliasvault/apps/server/AliasVault.Client/wwwroot/js/dist/core/{identity-generator,password-generator,vault} + cp -r /opt/aliasvault/core/typescript/identity-generator/dist/. \ + /opt/aliasvault/apps/server/AliasVault.Client/wwwroot/js/dist/core/identity-generator/ + cp -r /opt/aliasvault/core/typescript/password-generator/dist/. \ + /opt/aliasvault/apps/server/AliasVault.Client/wwwroot/js/dist/core/password-generator/ + cp -r /opt/aliasvault/core/vault/dist/. \ + /opt/aliasvault/apps/server/AliasVault.Client/wwwroot/js/dist/core/vault/ + msg_ok "Copied Core Artifacts" + + msg_info "Building AliasVault Applications (Patience)" + cd /opt/aliasvault/apps/server + $STD dotnet workload install wasm-tools + $STD dotnet restore aliasvault.sln + $STD dotnet publish AliasVault.Api/AliasVault.Api.csproj -c Release -o /opt/aliasvault/api --no-restore + $STD dotnet build AliasVault.Client/AliasVault.Client.csproj -c Release --no-restore + $STD dotnet publish AliasVault.Client/AliasVault.Client.csproj -c Release -o /opt/aliasvault/client --no-restore + $STD dotnet publish AliasVault.Admin/AliasVault.Admin.csproj -c Release -o /opt/aliasvault/admin --no-restore + $STD dotnet publish Services/AliasVault.SmtpService/AliasVault.SmtpService.csproj -c Release -o /opt/aliasvault/smtp --no-restore + $STD dotnet publish Services/AliasVault.TaskRunner/AliasVault.TaskRunner.csproj -c Release -o /opt/aliasvault/taskrunner --no-restore + msg_ok "Built AliasVault Applications" + + msg_info "Restoring Configuration" + cp /opt/aliasvault_env.bak /opt/aliasvault/.env + cp -r /opt/aliasvault_certs.bak/. /opt/aliasvault/certificates/ + rm -f /opt/aliasvault_env.bak + rm -rf /opt/aliasvault_certs.bak + msg_ok "Restored Configuration" msg_info "Starting Services" - $STD docker compose -f /opt/aliasvault/docker-compose.yml up -d --force-recreate + systemctl start aliasvault-api aliasvault-admin aliasvault-smtp aliasvault-taskrunner msg_ok "Started Services" - - echo "${RELEASE}" >~/.aliasvault - sed -i "s/^ALIASVAULT_VERSION=.*/ALIASVAULT_VERSION=${RELEASE}/" /opt/aliasvault/.env msg_ok "Updated successfully to ${RELEASE}!" fi exit diff --git a/install/aliasvault-install.sh b/install/aliasvault-install.sh index 81470f10..0875e8b2 100644 --- a/install/aliasvault-install.sh +++ b/install/aliasvault-install.sh @@ -13,66 +13,281 @@ setting_up_container network_check update_os -msg_info "Installing Docker" -install -m 0755 -d /etc/apt/keyrings -curl -fsSL https://download.docker.com/linux/debian/gpg -o /etc/apt/keyrings/docker.asc -chmod a+r /etc/apt/keyrings/docker.asc -echo "deb [arch=$(dpkg --print-architecture) signed-by=/etc/apt/keyrings/docker.asc] https://download.docker.com/linux/debian $(. /etc/os-release && echo "${VERSION_CODENAME}") stable" \ - >/etc/apt/sources.list.d/docker.list +msg_info "Installing Dependencies" +$STD apt install -y \ + nginx \ + python3 \ + gettext-base \ + inotify-tools \ + libkrb5-3 \ + libgssapi-krb5-2 \ + openssl +msg_ok "Installed Dependencies" + +RUST_CRATES="wasm-pack" setup_rust + +NODE_VERSION="20" setup_nodejs + +msg_info "Installing .NET SDK 10.0" +curl -fsSL "https://packages.microsoft.com/config/debian/12/packages-microsoft-prod.deb" \ + -o /tmp/packages-microsoft-prod.deb +$STD dpkg -i /tmp/packages-microsoft-prod.deb +rm -f /tmp/packages-microsoft-prod.deb $STD apt update -$STD apt install -y docker-ce docker-ce-cli containerd.io docker-compose-plugin -systemctl enable -q --now docker -msg_ok "Installed Docker" +$STD apt install -y dotnet-sdk-10.0 +msg_ok "Installed .NET SDK 10.0" -RELEASE=$(get_latest_github_release "aliasvault/aliasvault") -msg_info "Setting up AliasVault ${RELEASE}" -mkdir -p /opt/aliasvault/{database/postgres,logs/msbuild,secrets,certificates/{ssl,smtp,letsencrypt/www}} -curl -fsSL "https://raw.githubusercontent.com/aliasvault/aliasvault/${RELEASE}/docker-compose.yml" | - sed "s/:latest/:${RELEASE}/g" >/opt/aliasvault/docker-compose.yml -curl -fsSL "https://raw.githubusercontent.com/aliasvault/aliasvault/${RELEASE}/docker-compose.letsencrypt.yml" \ - >/opt/aliasvault/docker-compose.letsencrypt.yml -msg_ok "Set up AliasVault ${RELEASE}" +PG_VERSION="16" setup_postgresql +PG_DB_NAME="aliasvault" PG_DB_USER="aliasvault" setup_postgresql_db -msg_info "Generating Secrets" -chmod 700 /opt/aliasvault/secrets -printf '%s' "$(openssl rand -base64 32)" >/opt/aliasvault/secrets/jwt_key -printf '%s' "$(openssl rand -base64 32)" >/opt/aliasvault/secrets/data_protection_cert_pass -printf '%s' "$(openssl rand -base64 32)" >/opt/aliasvault/secrets/postgres_password +fetch_and_deploy_gh_release "aliasvault" "aliasvault/aliasvault" "tarball" + +msg_info "Building Core Libraries (Patience)" +source "$HOME/.cargo/env" +$STD rustup target add wasm32-unknown-unknown +cd /opt/aliasvault/core +$STD bash build-and-distribute.sh --browser +msg_ok "Built Core Libraries" + +msg_info "Copying Core Artifacts" +mkdir -p /opt/aliasvault/apps/server/AliasVault.Client/wwwroot/wasm +cp /opt/aliasvault/core/rust/dist/wasm/aliasvault_core_bg.wasm \ + /opt/aliasvault/apps/server/AliasVault.Client/wwwroot/wasm/ +cp /opt/aliasvault/core/rust/dist/wasm/aliasvault_core.js \ + /opt/aliasvault/apps/server/AliasVault.Client/wwwroot/wasm/ +mkdir -p /opt/aliasvault/apps/server/AliasVault.Client/wwwroot/js/dist/core/{identity-generator,password-generator,vault} +cp -r /opt/aliasvault/core/typescript/identity-generator/dist/. \ + /opt/aliasvault/apps/server/AliasVault.Client/wwwroot/js/dist/core/identity-generator/ +cp -r /opt/aliasvault/core/typescript/password-generator/dist/. \ + /opt/aliasvault/apps/server/AliasVault.Client/wwwroot/js/dist/core/password-generator/ +cp -r /opt/aliasvault/core/vault/dist/. \ + /opt/aliasvault/apps/server/AliasVault.Client/wwwroot/js/dist/core/vault/ +msg_ok "Copied Core Artifacts" + +msg_info "Building AliasVault Applications (Patience)" +cd /opt/aliasvault/apps/server +$STD dotnet workload install wasm-tools +$STD dotnet restore aliasvault.sln +$STD dotnet publish AliasVault.Api/AliasVault.Api.csproj \ + -c Release -o /opt/aliasvault/api --no-restore +$STD dotnet build AliasVault.Client/AliasVault.Client.csproj \ + -c Release --no-restore +$STD dotnet publish AliasVault.Client/AliasVault.Client.csproj \ + -c Release -o /opt/aliasvault/client --no-restore +$STD dotnet publish AliasVault.Admin/AliasVault.Admin.csproj \ + -c Release -o /opt/aliasvault/admin --no-restore +$STD dotnet publish Services/AliasVault.SmtpService/AliasVault.SmtpService.csproj \ + -c Release -o /opt/aliasvault/smtp --no-restore +$STD dotnet publish Services/AliasVault.TaskRunner/AliasVault.TaskRunner.csproj \ + -c Release -o /opt/aliasvault/taskrunner --no-restore +$STD dotnet publish Utilities/AliasVault.InstallCli/AliasVault.InstallCli.csproj \ + -c Release -o /opt/aliasvault/installcli --no-restore +msg_ok "Built AliasVault Applications" + +msg_info "Generating Secrets and Configuration" ADMIN_PASS=$(openssl rand -base64 12 | tr -dc 'a-zA-Z0-9' | head -c 16) -ADMIN_HASH=$(docker run --rm ghcr.io/aliasvault/installcli:latest hash-password "$ADMIN_PASS") -printf '%s' "${ADMIN_HASH}|$(date -u +"%Y-%m-%dT%H:%M:%SZ")" >/opt/aliasvault/secrets/admin_password_hash -chmod 600 /opt/aliasvault/secrets/* -msg_ok "Generated Secrets" - -msg_info "Creating Configuration" +ADMIN_HASH=$(dotnet /opt/aliasvault/installcli/AliasVault.InstallCli.dll hash-password "$ADMIN_PASS") +ADMIN_GENERATED=$(date -u +"%Y-%m-%dT%H:%M:%SZ") +JWT_KEY=$(openssl rand -base64 32) +DATA_PROTECTION_CERT_PASS=$(openssl rand -base64 32) +DB_CONN="Host=localhost;Port=5432;Database=aliasvault;Username=aliasvault;Password=${PG_DB_PASS};Maximum Pool Size=80;Minimum Pool Size=5" cat </opt/aliasvault/.env -HTTP_PORT=80 -HTTPS_PORT=443 -SMTP_PORT=25 -SMTP_TLS_PORT=587 -FORCE_HTTPS_REDIRECT=true -PRIVATE_EMAIL_DOMAINS= -HIDDEN_PRIVATE_EMAIL_DOMAINS= -SMTP_ADVERTISED_HOSTNAME= -SMTP_TLS_ENABLED=false -LETSENCRYPT_ENABLED=false -HOSTNAME=localhost +ConnectionStrings__AliasServerDbContext=${DB_CONN} +JWT_KEY=${JWT_KEY} +DATA_PROTECTION_CERT_PASS=${DATA_PROTECTION_CERT_PASS} +ADMIN_PASSWORD_HASH=${ADMIN_HASH} +ADMIN_PASSWORD_GENERATED=${ADMIN_GENERATED} PUBLIC_REGISTRATION_ENABLED=true IP_LOGGING_ENABLED=true -SUPPORT_EMAIL= +PRIVATE_EMAIL_DOMAINS= +HIDDEN_PRIVATE_EMAIL_DOMAINS= MAX_UPLOAD_SIZE_MB=100 -ADMIN_IP_ALLOWLIST= -TRUSTED_PROXIES= -DEPLOYMENT_MODE=install -ALIASVAULT_VERSION=${RELEASE} +SMTP_TLS_ENABLED=false +Logging__LogLevel__Default=Error +Logging__LogLevel__Microsoft__Hosting__Lifetime=Error +Logging__LogLevel__Microsoft=Error EOF -msg_ok "Created Configuration" +chmod 600 /opt/aliasvault/.env +msg_ok "Generated Secrets and Configuration" -msg_info "Starting Services" -cd /opt/aliasvault -$STD docker compose up -d -echo "${RELEASE}" >~/.aliasvault -msg_ok "Started Services" +msg_info "Generating SSL Certificate" +mkdir -p /opt/aliasvault/certificates/ssl +openssl req -x509 -nodes -days 3650 -newkey rsa:2048 \ + -keyout /opt/aliasvault/certificates/ssl/key.pem \ + -out /opt/aliasvault/certificates/ssl/cert.pem \ + -subj "/C=US/ST=State/L=City/O=AliasVault/CN=${LOCAL_IP}" \ + -addext "subjectAltName=IP:${LOCAL_IP},DNS:localhost,IP:127.0.0.1" \ + 2>/dev/null +chmod 600 /opt/aliasvault/certificates/ssl/key.pem +chmod 644 /opt/aliasvault/certificates/ssl/cert.pem +msg_ok "Generated SSL Certificate" + +msg_info "Configuring Nginx" +rm -f /etc/nginx/sites-enabled/default +cat <<'NGINXEOF' >/etc/nginx/sites-available/aliasvault +upstream aliasvault_api { server 127.0.0.1:3001 max_fails=1 fail_timeout=5s; } +upstream aliasvault_admin { server 127.0.0.1:3002 max_fails=1 fail_timeout=5s; } + +server { + listen 80; + listen [::]:80; + server_name _; + return 301 https://$host$request_uri; +} + +server { + listen 443 ssl; + listen [::]:443 ssl; + server_name _; + + ssl_certificate /opt/aliasvault/certificates/ssl/cert.pem; + ssl_certificate_key /opt/aliasvault/certificates/ssl/key.pem; + ssl_protocols TLSv1.2 TLSv1.3; + + client_max_body_size 100M; + + add_header Referrer-Policy "strict-origin-when-cross-origin" always; + add_header X-Content-Type-Options "nosniff" always; + add_header X-Frame-Options "SAMEORIGIN" always; + + include /etc/nginx/mime.types; + default_type application/octet-stream; + + gzip on; + gzip_vary on; + gzip_proxied any; + gzip_comp_level 6; + gzip_types text/plain text/css application/json application/javascript + text/xml application/xml application/wasm; + + # API + location /api { + proxy_pass http://aliasvault_api; + proxy_set_header Host $http_host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_intercept_errors on; + error_page 502 503 504 =503 @unavailable; + } + + # Admin (Blazor Server — needs WebSocket) + location /admin { + proxy_pass http://aliasvault_admin; + proxy_set_header Host $http_host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Prefix /admin/; + proxy_http_version 1.1; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection "upgrade"; + proxy_read_timeout 86400; + proxy_intercept_errors on; + error_page 502 503 504 =503 @unavailable; + } + + # Blazor WASM client (static files) + root /opt/aliasvault/client/wwwroot; + location / { + gzip_static on; + try_files $uri $uri/ /index.html =404; + } + + location @unavailable { + return 503 "Service temporarily unavailable"; + } +} +NGINXEOF +ln -sf /etc/nginx/sites-available/aliasvault /etc/nginx/sites-enabled/aliasvault +$STD nginx -t +systemctl enable -q --now nginx +$STD nginx -s reload +msg_ok "Configured Nginx" + +msg_info "Creating Services" +cat </etc/systemd/system/aliasvault-api.service +[Unit] +Description=AliasVault API +After=network.target postgresql.service +Requires=postgresql.service + +[Service] +Type=simple +User=root +WorkingDirectory=/opt/aliasvault/api +EnvironmentFile=/opt/aliasvault/.env +Environment=ASPNETCORE_URLS=http://127.0.0.1:3001 +Environment=ASPNETCORE_PATHBASE=/api +ExecStart=/usr/bin/dotnet AliasVault.Api.dll +Restart=on-failure +RestartSec=5 + +[Install] +WantedBy=multi-user.target +EOF + +cat </etc/systemd/system/aliasvault-admin.service +[Unit] +Description=AliasVault Admin +After=network.target aliasvault-api.service +Requires=aliasvault-api.service + +[Service] +Type=simple +User=root +WorkingDirectory=/opt/aliasvault/admin +EnvironmentFile=/opt/aliasvault/.env +Environment=ASPNETCORE_URLS=http://127.0.0.1:3002 +Environment=ASPNETCORE_PATHBASE=/admin +ExecStart=/usr/bin/dotnet AliasVault.Admin.dll +Restart=on-failure +RestartSec=5 + +[Install] +WantedBy=multi-user.target +EOF + +cat </etc/systemd/system/aliasvault-smtp.service +[Unit] +Description=AliasVault SMTP Service +After=network.target aliasvault-api.service +Requires=aliasvault-api.service + +[Service] +Type=simple +User=root +WorkingDirectory=/opt/aliasvault/smtp +EnvironmentFile=/opt/aliasvault/.env +ExecStart=/usr/bin/dotnet AliasVault.SmtpService.dll +Restart=on-failure +RestartSec=5 + +[Install] +WantedBy=multi-user.target +EOF + +cat </etc/systemd/system/aliasvault-taskrunner.service +[Unit] +Description=AliasVault Task Runner +After=network.target aliasvault-api.service +Requires=aliasvault-api.service + +[Service] +Type=simple +User=root +WorkingDirectory=/opt/aliasvault/taskrunner +EnvironmentFile=/opt/aliasvault/.env +ExecStart=/usr/bin/dotnet AliasVault.TaskRunner.dll +Restart=on-failure +RestartSec=5 + +[Install] +WantedBy=multi-user.target +EOF + +systemctl enable -q --now aliasvault-api aliasvault-admin aliasvault-smtp aliasvault-taskrunner +msg_ok "Created Services" echo "" echo "================================================================" diff --git a/json/aliasvault.json b/json/aliasvault.json index d582f73b..2aed829c 100644 --- a/json/aliasvault.json +++ b/json/aliasvault.json @@ -7,7 +7,7 @@ "date_created": "2026-05-16", "type": "ct", "updateable": true, - "privileged": true, + "privileged": false, "interface_port": 443, "documentation": "https://docs.aliasvault.net/", "website": "https://aliasvault.net/", @@ -19,9 +19,9 @@ "script": "ct/aliasvault.sh", "config_path": "/opt/aliasvault/.env", "resources": { - "cpu": 2, - "ram": 2048, - "hdd": 16, + "cpu": 4, + "ram": 4096, + "hdd": 20, "os": "Debian", "version": "12" } @@ -33,8 +33,8 @@ }, "notes": [ { - "text": "A privileged LXC container is required because AliasVault runs via Docker Compose internally.", - "type": "info" + "text": "The initial installation builds AliasVault from source and takes 15–30 minutes. Do not interrupt the process.", + "type": "warning" }, { "text": "The admin password is auto-generated during installation and displayed in the installation output. Save it immediately.",