Set up a production Listmonk instance on a previously Docker-configured Ubuntu Server machine

listmonk-setup.sh

#!/bin/bash

# Production-Ready Listmonk Setup Script
# This script sets up Listmonk with Docker Compose, Nginx reverse proxy, and automatic SSL

set -euo pipefail

# Function to generate a secure random password
generate_password() {
    openssl rand -base64 32 | tr -d /=+ | cut -c -32
}

# Function to prompt for domain name
get_domain_name() {
    read -p "Enter the domain name for Listmonk (e.g., newsletter.example.com): " DOMAIN_NAME
    if [ -z "$DOMAIN_NAME" ]; then
        echo "Domain name cannot be empty. Please try again."
        get_domain_name
    fi
}

# Function to check if a command exists
exists() {
    command -v "$1" >/dev/null 2>&1
}

# Check dependencies
check_dependencies() {
    local deps=("docker" "curl" "openssl")
    for dep in "${deps[@]}"; do
        if ! exists "$dep"; then
            echo "Error: $dep is not installed. Please install it and try again."
            exit 1
        fi
    done

    if ! docker compose version >/dev/null 2>&1; then
        echo "Error: 'docker compose' functionality is not available. Please update to a newer version of Docker."
        exit 1
    fi
}

# Get domain name
get_domain_name

# Create directory for Listmonk
sudo mkdir -p /opt/listmonk
cd /opt/listmonk

# Generate secure passwords
DB_PASSWORD=$(generate_password)
ADMIN_PASSWORD=$(generate_password)

# Create a .env file to store passwords and domain
cat << EOF > .env
DB_PASSWORD=$DB_PASSWORD
ADMIN_PASSWORD=$ADMIN_PASSWORD
DOMAIN_NAME=$DOMAIN_NAME
EOF

# Download and modify config.toml
curl -o config.toml https://raw.githubusercontent.com/knadh/listmonk/master/config.toml.sample
sed -i 's/host = "localhost"/host = "db"/' config.toml
sed -i "s/password = \"listmonk\"/password = \"$DB_PASSWORD\"/" config.toml
sed -i 's/address = "localhost:9000"/address = "0.0.0.0:9000"/' config.toml
sed -i "s/admin_password = \"listmonk\"/admin_password = \"$ADMIN_PASSWORD\"/" config.toml

# Create docker-compose.yml file
cat << EOF > docker-compose.yml
version: "3.7"

services:
  db:
    image: postgres:13-alpine
    environment:
      POSTGRES_PASSWORD: ${DB_PASSWORD}
      POSTGRES_USER: listmonk
      POSTGRES_DB: listmonk
    volumes:
      - listmonk-data:/var/lib/postgresql/data
    restart: unless-stopped
    healthcheck:
      test: ["CMD-SHELL", "pg_isready -U listmonk"]
      interval: 10s
      timeout: 5s
      retries: 5

  app:
    image: listmonk/listmonk:latest
    ports:
      - "127.0.0.1:9000:9000"
    depends_on:
      - db
    volumes:
      - ./config.toml:/listmonk/config.toml
    restart: unless-stopped
    environment:
      - TZ=UTC

volumes:
  listmonk-data:
    driver: local

networks:
  default:
    name: listmonk_network
EOF

# Create update script
cat << EOF > update-listmonk.sh
#!/bin/bash
cd /opt/listmonk
docker compose pull
docker compose up -d
docker compose exec app ./listmonk --upgrade
EOF

chmod +x update-listmonk.sh

# Set up cron job for updates
(crontab -l 2>/dev/null; echo "0 2 * * * /opt/listmonk/update-listmonk.sh") | crontab -

# Install Nginx and Certbot
sudo apt update
sudo apt install -y nginx certbot python3-certbot-nginx

# Create Nginx configuration
sudo tee /etc/nginx/sites-available/listmonk > /dev/null << EOF
server {
    server_name ${DOMAIN_NAME};

    location / {
        proxy_pass http://127.0.0.1:9000;
        proxy_set_header Host \$host;
        proxy_set_header X-Real-IP \$remote_addr;
        proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto \$scheme;
    }

    listen 80;
}
EOF

# Enable the Nginx site
sudo ln -sf /etc/nginx/sites-available/listmonk /etc/nginx/sites-enabled/

# Test Nginx configuration
sudo nginx -t

# Reload Nginx
sudo systemctl reload nginx

# Obtain SSL certificate
sudo certbot --nginx -d ${DOMAIN_NAME} --non-interactive --agree-tos --email admin@${DOMAIN_NAME} --redirect

# Create systemd service file
sudo tee /etc/systemd/system/listmonk.service > /dev/null << EOF
[Unit]
Description=Listmonk Docker Compose Application
Requires=docker.service
After=docker.service

[Service]
WorkingDirectory=/opt/listmonk
ExecStart=/usr/bin/docker compose up
ExecStop=/usr/bin/docker compose down
Restart=always

[Install]
WantedBy=multi-user.target
EOF

# Reload systemd, enable and start Listmonk service
sudo systemctl daemon-reload
sudo systemctl enable listmonk.service

# Run initial setup and start services
docker compose up -d db
sleep 10  # Wait for DB to be ready
docker compose run --rm app ./listmonk --install
docker compose up -d

# Set up automatic renewal for SSL certificate
sudo tee /etc/cron.d/certbot-renew > /dev/null << EOF
0 0,12 * * * root certbot renew --quiet --post-hook "systemctl reload nginx"
EOF

echo "Listmonk setup complete. The service has been started and is accessible at https://${DOMAIN_NAME}"
echo "Admin credentials:"
echo "Username: listmonk"
echo "Password: $(grep admin_password config.toml | cut -d'"' -f2)"
echo "Please make sure to change the admin password after your first login."
echo "All credentials are stored in /opt/listmonk/config.toml and /opt/listmonk/.env"