Step1: expose managesieve, make the webmails use it

2024-12-12 10:45:38 +02:00 · 2023-01-04 11:01:50 +01:00 · 2023-01-04 11:01:50 +01:00 · e85a2a7e99
commit e85a2a7e99
parent 92c0016e32
5 changed files with 33 additions and 5 deletions
--- a/core/dovecot/conf/dovecot.conf
+++ b/core/dovecot/conf/dovecot.conf
@ -135,10 +135,16 @@ service lmtp {
 service managesieve-login {
  inet_listener sieve {
    port = 4190
+    haproxy = yes
  }
 }

+protocol sieve {
+  ssl = no
+}
+
 service managesieve {
+  process_limit = 1024
 }

 plugin {
--- a/core/nginx/Dockerfile
+++ b/core/nginx/Dockerfile
@ -17,7 +17,8 @@ ARG VERSION
 LABEL version=$VERSION

 RUN set -euxo pipefail \
-  ; apk add --no-cache certbot nginx nginx-mod-mail openssl
+  ; apk add --no-cache certbot nginx nginx-mod-http-brotli nginx-mod-stream nginx-mod-mail openssl \
+  ; rm /etc/nginx/conf.d/stream.conf

 COPY conf/ /conf/
 COPY --from=static /static/ /static/
@ -25,7 +26,7 @@ COPY *.py /

 RUN echo $VERSION >/version

-EXPOSE 80/tcp 443/tcp 110/tcp 143/tcp 465/tcp 587/tcp 993/tcp 995/tcp 25/tcp 10025/tcp 10143/tcp
+EXPOSE 80/tcp 443/tcp 110/tcp 143/tcp 465/tcp 587/tcp 993/tcp 995/tcp 25/tcp 14190/tcp 10025/tcp 10143/tcp
 HEALTHCHECK --start-period=60s CMD curl -skfLo /dev/null http://localhost/health

 VOLUME ["/certs", "/overrides"]
--- a/core/nginx/conf/nginx.conf
+++ b/core/nginx/conf/nginx.conf
@ -1,9 +1,11 @@
 # Basic configuration
 user nginx;
 worker_processes auto;
+pcre_jit on;
 error_log /dev/stderr notice;
 pid /var/run/nginx.pid;
 load_module "modules/ngx_mail_module.so";
+load_module "modules/ngx_stream_module.so";

 events {
    worker_connections 1024;
@ -275,6 +277,25 @@ http {
    include /etc/nginx/conf.d/*.conf;
 }

+stream {
+    log_format main '$remote_addr [$time_local] '
+    		'$protocol $status $bytes_sent $bytes_received '
+    		'$session_time "$upstream_addr" '
+    		'"$upstream_bytes_sent" "$upstream_bytes_received" "$upstream_connect_time"';
+    access_log /dev/stdout main;
+
+    # managesieve
+    server {
+      listen 14190;
+      resolver {{ RESOLVER }} valid=30s;
+
+      proxy_connect_timeout 1s;
+      proxy_timeout 1m;
+      proxy_protocol on;
+      proxy_pass {{ IMAP_ADDRESS }}:4190;
+    }
+}
+
 mail {
    server_name {{ HOSTNAMES.split(",")[0] }};
    auth_http http://127.0.0.1:8000/auth/email;
--- a/webmails/roundcube/config/config.inc.php
+++ b/webmails/roundcube/config/config.inc.php
@ -28,7 +28,7 @@ $config['default_host']  = '{{ FRONT_ADDRESS or "front" }}';
 $config['default_port'] = '10143';

 // Sieve script management
-$config['managesieve_host'] = '{{ IMAP_ADDRESS or "imap" }}';
+$config['managesieve_host'] = '{{ FRONT_ADDRESS or "front" }}:14190';

 // We access the IMAP and SMTP servers locally with internal names, SSL
 // will obviously fail but this sounds better than allowing insecure login
--- a/webmails/snappymail/defaults/default.json
+++ b/webmails/snappymail/defaults/default.json
@ -32,8 +32,8 @@
        "usePhpMail": false
    },
    "Sieve": {
-        "host": "{{ IMAP_ADDRESS }}",
-        "port": 4190,
+        "host": "{{ FRONT_ADDRESS }}",
+        "port": 14190,
        "secure": 0,
        "shortLogin": false,
        "ssl": {