1
0
mirror of https://github.com/Mailu/Mailu.git synced 2024-12-28 23:06:37 +02:00
Commit Graph

4220 Commits

Author SHA1 Message Date
Didier 'OdyX' Raboud
2e40467376
nginx with PROXY protocol for mail; only set_real_ip_from in 'all' and 'mail' alternatives 2023-03-28 09:09:11 +02:00
Didier 'OdyX' Raboud
c833ef1a47
nginx behind proxy: attackers are not only men 2023-03-28 09:09:11 +02:00
Didier 'OdyX' Raboud
3877635502
nginx with PROXY protocol; much stronger wording 2023-03-28 09:09:09 +02:00
Dimitri Huisman
991dd647cb
nginx: fix proxy settings when PROXY protocol is used
Tested-By: Didier Raboud <odyx@raksha.ch>
2023-03-28 09:08:39 +02:00
Didier 'OdyX' Raboud
d9ed3cd179
nginx: Allow http and/or mail servers to accept the PROXY protocol
See #2300 for the initial proposal
2023-03-28 09:08:38 +02:00
Didier 'OdyX' Raboud
54b89d1efc
Fix a later/latter typo 2023-03-28 09:08:38 +02:00
bors[bot]
275112cfff
Merge #2721
2721: Fix ci arm buildcache r=mergify[bot] a=Diman0



## What type of PR?

Fix/enhancement CI

## What does this PR do?
Make sure that the arm build also uses build-cache. Remove the step of building the base image. This should not be required. When a main image is build, it will first try to build the base target. This build cache is stored in build cache of the image itself. This cache is re-used on the next workflow.

We can confirm this by doing a second bors try after the first bors try has succeeded.


Co-authored-by: Dimitri Huisman <diman@huisman.xyz>
2023-03-27 16:35:22 +00:00
Dimitri Huisman
30dfdb4072
Make sure that the arm build also uses build-cache.
Remove the step of building the base image. This is not required.
when it is build for the first time for an image, it will be part of
the build cache of that image.
2023-03-27 13:21:12 +00:00
bors[bot]
b243ea084d
Merge #2719
2719: Introduce connection string (database url) for roundcube & simplify setup r=mergify[bot] a=Diman0

## What type of PR?

enhancement

## What does this PR do?
As discussed in earlier Mailu meetings (#1582), we want to simplify configuring Mailu and make it more user-friendly. Especially the last part is an important mission statement of the Mailu project. 

This PR will remove the choice of what DB to use from setup. New users are guided now to make the correct choice of using SQLite.

For simplifying the configuration, all the database environment variables have been removed and replaced with a single connection string environment variable. 

For backwards compatibility, the old *DB_* setting can still be used. This is to make sure that master does not immediately break for all users. After X months after the next Mailu release, we can remove the old settings from the software. This provides a transition period. 

### Related issue(s)
- #2533

## Prerequisites
Before we can consider review and merge, please make sure the following list is done and checked.
If an entry in not applicable, you can check it or remove it from the list.

- [x] In case of feature or enhancement: documentation updated accordingly
- [x] Unless it's docs or a minor change: add [changelog](https://mailu.io/master/contributors/workflow.html#changelog) entry file.


Co-authored-by: Dimitri Huisman <diman@huisman.xyz>
Co-authored-by: Florent Daigniere <nextgens@users.noreply.github.com>
2023-03-26 16:59:12 +00:00
Florent Daigniere
5790b0a84b
Rephrase the doc 2023-03-26 18:55:55 +02:00
Dimitri Huisman
6d31831cf5
Sigh. Forgot to actually save the modified requirements-dev.txt file.
Remove the pinned version for requirements for dev.
The blocking issue is resolved, so no need to pin the old version.
2023-03-26 13:28:40 +00:00
Dimitri Huisman
709edb522b
Introduce connection string (database url) for roundcube.
Remove database choice from setup.
Remove the old *DB_* database env variables from the documentation.
The env vars are deprecated now. They will be removed after the upcoming
Mailu release.
2023-03-26 12:21:00 +00:00
bors[bot]
6f3a01e31c
Merge #2712
2712: Build multi-arch images, retry mechanism for builds, improved releases r=mergify[bot] a=Diman0

## What type of PR?

feature

## What does this PR do?
Switch to building multi-arch images. The images build for pull requests, master and production are now multi-arch images for the architectures:
* linux/amd64
* linux/arm64/v8
* linux/arm/v7

Enhance CI/CD workflow with retry functionality. All steps for building images are now automatically retried. If a build temporarily fails due to a network error, the retried step will still succeed.

Provide a changelog for minor releases. The github release will now:
* Provide the changelog message from the newsfragment of the PR that triggered the backport.
* Provide a github link to the PR/issue of the PR that was backported.

### Related issue(s)
- #1582
- #1200
- #2215
- closes #2653

## Prerequisites
Before we can consider review and merge, please make sure the following list is done and checked.
If an entry in not applicable, you can check it or remove it from the list.

- [x ] In case of feature or enhancement: documentation updated accordingly
- [x] Unless it's docs or a minor change: add [changelog](https://mailu.io/master/contributors/workflow.html#changelog) entry file.


Co-authored-by: Dimitri Huisman <diman@huisman.xyz>
Co-authored-by: Florent Daigniere <nextgens@users.noreply.github.com>
2023-03-23 14:51:59 +00:00
Florent Daigniere
46e803fdff
Update setup.rst 2023-03-23 15:50:27 +01:00
Florent Daigniere
61a40e203a
Update docs/setup.rst 2023-03-23 15:49:43 +01:00
Florent Daigniere
cb5e0934cb
Update docs/setup.rst 2023-03-23 15:47:43 +01:00
Florent Daigniere
c9df6161ba
Update docs/compose/requirements.rst 2023-03-23 15:45:42 +01:00
Florent Daigniere
8391936dc2
Update docs/compose/requirements.rst 2023-03-23 15:45:31 +01:00
Dimitri Huisman
a2c811d28a
Prevent creation of unknown/unknown arch.
Set more forgiving timeouts for scenario where image is build without cache.
Set better readable tags.
2023-03-23 07:03:24 +00:00
Dimitri Huisman
1d2053204a
Also forgot the --push argument. 2023-03-21 15:22:45 +00:00
Dimitri Huisman
64a132fdd9
Forgot to change the target. 2023-03-21 15:12:43 +00:00
Dimitri Huisman
5bd528319b
Provide a changelog for minor releases. The github release will now:
* Provide the changelog message from the newsfragment of the PR that triggered the backport.
* Provide a github link to the PR/issue of the PR that was backported.

Switch to building multi-arch images. The images build for pull requests, master and production
are now multi-arch images for the architectures:
* linux/amd64
* linux/arm64/v8
* linux/arm/v7

Enhance CI/CD workflow with retry functionality. All steps for building images are now automatically
retried. If a build temporarily fails due to a network error, the retried step will still succeed.
2023-03-21 14:47:37 +00:00
bors[bot]
5044c78740
Merge #2709
2709: Validate proxy ip with PROXY_AUTH_WHITELIST r=mergify[bot] a=Diman0

## What type of PR?

bug fix

## What does this PR do?
The Proxy code validated the real client ip against the proxy auth whitelist. It should be the proxy ip that is checked. That is changed with this PR.

### Related issue(s)
- closes #2708
- #2692

## Prerequisites
Before we can consider review and merge, please make sure the following list is done and checked.
If an entry in not applicable, you can check it or remove it from the list.

- [n/a] In case of feature or enhancement: documentation updated accordingly
- [x] Unless it's docs or a minor change: add [changelog](https://mailu.io/master/contributors/workflow.html#changelog) entry file.


Co-authored-by: Dimitri Huisman <diman@huisman.xyz>
2023-03-18 13:26:59 +00:00
bors[bot]
c15595836a
Merge #2690
2690: Change rspamd override system to use .include with lowest priority. r=mergify[bot] a=Diman0

## What does this PR do?

All override files are used as if they were placed in the rspamd local.d folder.

New override system for Rspamd. In the old system, all files were placed in the Rspamd overrides folder. These overrides would override everything, including the Mailu Rspamd config.

Now overrides are placed in /overrides.
If you use your own map files, change the location to /override/myMapFile.map in the corresponding conf file. It works as following.
* If the override file overrides a Mailu defined config file, it will be included in the Mailu config file with lowest priority. It will merge with existing sections.
* If the override file does not override a Mailu defined config file, then the file will be placed in the rspamd local.d folder. It will merge with existing sections.

For more information, see the description of the local.d folder on the rspamd website: https://www.rspamd.com/doc/faq.html#what-are-the-locald-and-overrided-directories

## What type of PR?

enhancement

### Related issue(s)
- closes #2555 

## Prerequisites
Before we can consider review and merge, please make sure the following list is done and checked.
If an entry in not applicable, you can check it or remove it from the list.

- [x] In case of feature or enhancement: documentation updated accordingly
- [x] Unless it's docs or a minor change: add [changelog](https://mailu.io/master/contributors/workflow.html#changelog) entry file.


Co-authored-by: Dimitri Huisman <diman@huisman.xyz>
2023-03-18 10:01:23 +00:00
Dimitri Huisman
ee1f0f94a3
Don't use the header when we don't need it. 2023-03-18 09:17:21 +00:00
Dimitri Huisman
f20208fb4b
Fix error in check for proxy scenario 2023-03-18 09:05:18 +00:00
Dimitri Huisman
4912fa1dff
Fix a typo. 2023-03-18 08:55:32 +00:00
Dimitri Huisman
20bf0e8a65
Add fix for wrong redirect in proxy scenario and accessing WEBROOT_REDIRECT 2023-03-18 08:40:45 +00:00
Dimitri Huisman
29bfc9dd9d
Add fallback just in case X-Forwarded-By is empty. 2023-03-18 08:16:30 +00:00
Dimitri Huisman
25b9db4b00
Proxy endpoint was checking real client ip instead of proxy ip
for validating PROXY_AUTH_WHITELIST
2023-03-18 08:14:46 +00:00
bors[bot]
1d9791ceaa
Merge #2703
2703: Paranoia: drop the headers we don't use r=mergify[bot] a=nextgens

## What type of PR?

enhancement

## What does this PR do?

Paranoia: drop the headers we don't use. This ensures there is no misunderstanding in between front and the other containers.

### Related issue(s)


## Prerequisites
Before we can consider review and merge, please make sure the following list is done and checked.
If an entry in not applicable, you can check it or remove it from the list.

- [ ] In case of feature or enhancement: documentation updated accordingly
- [x] Unless it's docs or a minor change: add [changelog](https://mailu.io/master/contributors/workflow.html#changelog) entry file.


Co-authored-by: Florent Daigniere <nextgens@freenetproject.org>
2023-03-17 15:38:25 +00:00
bors[bot]
00533d9eea
Merge #2707
2707: Fix build.hcl / CI.yml regarding labels r=mergify[bot] a=Diman0

## What type of PR?

bug-fix

## What does this PR do?
The version label and versions passed to the docs image were based on the tag. Now we first build the images with -build appended to the tag, we cannot use the tag as version label anymore. 

E.g. the docs image now has the version master-build. This causes any requests to https://mailu.io/master to fail now. Due to the label master-build, it expects https://mailu.io/master-build

Two new env vars are introduced to pass the version to the build.hcl file. This will be used to set the VERSION label in the image, and pass as build arguments to the docs image. 



Co-authored-by: Dimitri Huisman <diman@huisman.xyz>
2023-03-17 14:42:03 +00:00
Dimitri Huisman
0d048d24d3
Fix build.hcl / CI.yml regarding labels
The version label and versions passed to docs image were based on
the tag. Now we first build the images with -build appended to the
tag, we cannot use the tag as version label.

A new env var is introduced to pass the version to the build.hcl file.
This will be used to set the VERSION label in the image, and pass
as build arguments to the docs image.
2023-03-17 13:05:33 +00:00
bors[bot]
04a1868a5e
Merge #2706
2706: Extend roundcube's session lifetime r=mergify[bot] a=nextgens

## What type of PR?

bug-fix

## What does this PR do?

Extend roundcube's session lifetime

### Related issue(s)
- #2682

## Prerequisites
Before we can consider review and merge, please make sure the following list is done and checked.
If an entry in not applicable, you can check it or remove it from the list.

- [ ] In case of feature or enhancement: documentation updated accordingly
- [x] Unless it's docs or a minor change: add [changelog](https://mailu.io/master/contributors/workflow.html#changelog) entry file.


Co-authored-by: Florent Daigniere <nextgens@freenetproject.org>
2023-03-17 12:02:13 +00:00
bors[bot]
5fbfb3cb1c
Merge #2566
2566: Make it clear that we don't delete users r=mergify[bot] a=nextgens

## What type of PR?

bug-fix

## What does this PR do?

Make it clear that we don't delete users. Users can and should be disabled when not in use anymore.

### Related issue(s)
- closes #1820

## Prerequisites
Before we can consider review and merge, please make sure the following list is done and checked.
If an entry in not applicable, you can check it or remove it from the list.

- [x] In case of feature or enhancement: documentation updated accordingly
- [ ] Unless it's docs or a minor change: add [changelog](https://mailu.io/master/contributors/workflow.html#changelog) entry file.


Co-authored-by: Florent Daigniere <nextgens@freenetproject.org>
Co-authored-by: Alexander Graf <ghostwheel42@users.noreply.github.com>
Co-authored-by: Dimitri Huisman <diman@huisman.xyz>
Co-authored-by: Dimitri Huisman <52963853+Diman0@users.noreply.github.com>
2023-03-17 11:55:11 +00:00
Dimitri Huisman
c6c2805196
Update changelog with extra info. 2023-03-17 12:54:18 +01:00
Dimitri Huisman
da4934847f
Fix typo and wording in faq.rst 2023-03-17 11:52:46 +01:00
Florent Daigniere
459694f4a2 Extend roundcube's session lifetime 2023-03-17 11:37:46 +01:00
bors[bot]
1d360055b7
Merge #2705
2705: Switch from docker.io to ghcr.io for deploying images r=nextgens a=Diman0

## What type of PR?

enhancement

## What does this PR do?
As we all know, docker has announced that they will stop with free docker organisations. The Mailu project used this. In about a month, the mailu docker org stops to exist and all images will be deleted.

This PR modifies the CI/CD workflow (github actions) to use ghcr.io as the container registry for deployed images. The images are first build with `-build` appended to the tag. These images are also used in the test step. Only in the deploy phase, are the final tags added (as it should be). This makes sure new images are only available after the deployment step.

The setup utility is updated to use `ghcr.io/mailu` as the docker_org.

All references to the docker org `mailu` have been replaced with `ghcr.io/mailu` in the documentation.

I confirmed via my Mailu_Fork repo that the github workflow works fine. 
https://github.com/Diman0/Mailu_Fork/actions/runs/4440118095

### Related issue(s)
- closes #2704 

## Prerequisites
Before we can consider review and merge, please make sure the following list is done and checked.
If an entry in not applicable, you can check it or remove it from the list.

- [x] In case of feature or enhancement: documentation updated accordingly
- [x] Unless it's docs or a minor change: add [changelog](https://mailu.io/master/contributors/workflow.html#changelog) entry file.


Co-authored-by: Dimitri Huisman <diman@huisman.xyz>
2023-03-17 08:01:41 +00:00
bors[bot]
86ad4c93a9
Merge #2697
2697: Make the login page guess where to redirect r=mergify[bot] a=nextgens

## What type of PR?

enhancement

## What does this PR do?

Make the login page guess where to redirect.

If you access /admin/ and get redirected to /sso/login, it's only fair that it redirects you back to /admin afterwards.

This is also changing the interface for external proxy authentication, making it simpler to configure.

### Related issue(s)
- close #2692
- #1972

## Prerequisites
Before we can consider review and merge, please make sure the following list is done and checked.
If an entry in not applicable, you can check it or remove it from the list.

- [ ] In case of feature or enhancement: documentation updated accordingly
- [x] Unless it's docs or a minor change: add [changelog](https://mailu.io/master/contributors/workflow.html#changelog) entry file.


Co-authored-by: Florent Daigniere <nextgens@freenetproject.org>
Co-authored-by: Dimitri Huisman <diman@huisman.xyz>
Co-authored-by: Dimitri Huisman <52963853+Diman0@users.noreply.github.com>
2023-03-16 22:29:53 +00:00
Dimitri Huisman
c482c71f6c
Add missing () 2023-03-16 22:49:07 +01:00
Dimitri Huisman
06ac7f507d
Add changelog entry. 2023-03-16 18:27:20 +00:00
Dimitri Huisman
120cd34989
Switch the container registry used for deploying images from docker
to ghcr.io (github). Images are now first build with '-build'
appended to the tag. E.g. ghcr.io/mailu/admin:master-build.
This is to prevent the image being available before automatic testing has completed.
In the deploy job, the final image is pushed (this still works the same).

Update setup & documentation for switch to ghcr.io
2023-03-16 17:38:25 +00:00
Florent Daigniere
698f1f377c Check https://attackshipsonfi.re/p/exploiting-cors-misconfigurations out 2023-03-16 08:12:46 +01:00
Florent Daigniere
8eb1542f64 Paranoia: drop the headers we don't use 2023-03-16 08:07:57 +01:00
Dimitri Huisman
31faee4218
Merge branch 'master' into delete-disable 2023-03-15 18:16:46 +01:00
bors[bot]
03ff2f2132
Merge #2702
2702: Upgrade snappymail to v2.26.4 r=nextgens a=nextgens

## What type of PR?

enhancement

## What does this PR do?

Upgrade snappymail to v2.26.4

### Related issue(s)

## Prerequisites
Before we can consider review and merge, please make sure the following list is done and checked.
If an entry in not applicable, you can check it or remove it from the list.

- [ ] In case of feature or enhancement: documentation updated accordingly
- [x] Unless it's docs or a minor change: add [changelog](https://mailu.io/master/contributors/workflow.html#changelog) entry file.


Co-authored-by: Florent Daigniere <nextgens@freenetproject.org>
2023-03-15 16:23:40 +00:00
Dimitri Huisman
b99828c4f6
Fix broken link. Add extra clarification for login targets. 2023-03-15 16:04:30 +00:00
Florent Daigniere
22bb0594da Upgrade snappymail to v2.26.4 2023-03-15 08:43:39 +01:00
bors[bot]
b30540c074
Merge #2682
2682: Set snappymail autologout time according to SESSION_TIMEOUT r=mergify[bot] a=Nebukadneza

## What type of PR?
bug-fix

## What does this PR do?
Set the autologout variable in snappymail according with systemwide session configuration so that autologout does not trigger too early or too late, which confuses and unnerves users.

!!!!! Please note that I currently (due to very limited time resources) cannot test on snappymail yet, so this is a "blind" flight PR !!!!!
I know it’s a bit insolent to open PRs with untested code, deferring the testing work to somebody else, but that’s the best I can do ATM. Sorry!

### Related issue(s)
- closes #2680 
- 1.9 backport siebling: #

## Prerequisites
Before we can consider review and merge, please make sure the following list is done and checked.
If an entry in not applicable, you can check it or remove it from the list.

- [x] In case of feature or enhancement: documentation updated accordingly
- [x] Unless it's docs or a minor change: add [changelog](https://mailu.io/master/contributors/workflow.html#changelog) entry file.

 

Co-authored-by: Dario Ernst <dario@kanojo.de>
2023-03-15 07:39:30 +00:00