1
0
mirror of https://github.com/Mailu/Mailu.git synced 2024-12-12 10:45:38 +02:00
Commit Graph

303 Commits

Author SHA1 Message Date
ofthesun9
cff2e76269 Switching to alpine:3.12 2020-06-15 17:32:56 +02:00
bors[bot]
8844dc67fa
Merge #1392
1392: Use environment variables for cert paths/names in nginx certwatcher r=mergify[bot] a=Nebukadneza

## What type of PR?
bug-fix

## What does this PR do?
Previously, nginx certwatcher would only react to the hardcoded paths. It should have
honored the enviroment variables that are used by config.py too for this.
 
### Related issue(s)
closes #903

## Prerequistes
- [x] no feature or enhancement
- [x] minor/internal change


Co-authored-by: Dario Ernst <github@kanojo.de>
2020-03-27 07:56:35 +00:00
bladeswords
2ddf46ad2b
Update crypto to be modern and inline with tls.conf
Updated to match tls.conf and be aligned to more modern cryptographic standards and only use currently secure protocols and ciphers.
2020-03-09 23:12:02 +11:00
Dario Ernst
09024c8008 Use environment variables for cert paths/names in nginx certwatcher
Previously, nginx certwatcher would only react to the hardcoded paths. It should have
honored the enviroment variables that are used by config.py too for this.

closes #903
2020-03-07 17:17:17 +00:00
Tom Radtke
4f973f63e6
Upgrading nginx TLS configuration 2020-01-20 10:09:11 +01:00
Michael Wyraz
ace475d23c Certwatcher: Use polling observer to workaround some symlink limitations 2020-01-04 14:39:31 +01:00
Michael Wyraz
09ee3ce95c Install py3-multidict from repository before installing socrate to avoid the need of gcc during build 2019-12-04 19:05:14 +01:00
bors[bot]
0417c791ff
Merge #985
985: Permit raspberry pi (and other architectures) builds r=mergify[bot] a=abondis

## What type of PR?

Enhancement

## What does this PR do?

Add an option to select base images and permit building for different CPU architectures.

### Related issue(s)
N/A

## Prerequistes

- [X] documentation updated accordingly
- [x] Unless it's docs or a minor change: add [changelog](https://mailu.io/master/contributors/guide.html#changelog) entry file.


Co-authored-by: Aurélien Bondis <aurelien.bondis@gmail.com>
Co-authored-by: Aurelien <aurelien.bondis@gmail.com>
2019-10-20 20:41:03 +00:00
bors[bot]
dcda412b99
Merge #1211
1211: Split HOST_ANTISPAM in HOST_ANTISPAM_MILTER and HOST_ANTISPAM_WEBUI r=mergify[bot] a=micw

## What type of PR?

bug-fix

## What does this PR do?

Fixes #1190 by separating HOST_ANTISPAM into HOST_ANTISPAM_MILTER and HOST_ANTISPAM_WEBUI

### Related issue(s)
- closes #1190
- closes #1150

## Prerequistes
Before we can consider review and merge, please make sure the following list is done and checked.
If an entry in not applicable, you can check it or remove it from the list.

- [ ] In case of feature or enhancement: documentation updated accordingly
- [x] Unless it's docs or a minor change: add [changelog](https://mailu.io/master/contributors/guide.html#changelog) entry file.


Co-authored-by: Michael Wyraz <michael@wyraz.de>
2019-10-13 19:44:25 +00:00
bors[bot]
b668eccc17
Merge #1181
1181: Update to address issue #1178 (HTTP headers) r=muhlemmer a=bladeswords

This change should remove the duplicate `x-xss-protection` header and also the `x-powered-by` header.  Hopefully a pull request to main is appropriate, but may be worth back porting to 1.7.

Tested config by modifying live 1.7 nginx config and reloading.  Has had the desired outcome of removing the headers.

```/etc/nginx # nginx -t -c /etc/nginx/nginx.conf 
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful
/etc/nginx # nginx -s reload
```

These steps were based on:
- https://serverfault.com/questions/928912/how-do-i-remove-a-server-added-header-from-proxied-location
- https://serverfault.com/questions/929571/overwrite-http-headers-comming-back-from-a-web-application-server-proxied-in-ngi
- http://nginx.org/en/docs/http/ngx_http_proxy_module.html#proxy_hide_header

## What type of PR?

Enhancement

## What does this PR do?
Removes duplicate and unneeded headers.  See issue #1178 

### Related issue(s)
- issue: #1178 

## Prerequistes
Before we can consider review and merge, please make sure the following list is done and checked.
If an entry in not applicable, you can check it or remove it from the list.

- [ X ] In case of feature or enhancement: documentation updated accordingly
- [ X ] Unless it's docs or a minor change: add [changelog](https://mailu.io/master/contributors/guide.html#changelog) entry file.


Co-authored-by: bladeswords <bladeswords@users.noreply.github.com>
2019-10-13 18:32:51 +00:00
Michael Wyraz
a907fe4cac Split HOST_ANTISPAM in HOST_ANTISPAM_MILTER and HOST_ANTISPAM_WEBUI 2019-10-13 20:13:02 +02:00
Michael Wyraz
c20976f071 Allow smtp auth login for TLS port (similar to SSL port) 2019-10-10 10:20:14 +02:00
bors[bot]
20e00ac0c4
Merge #1158
1158: Use nginx for kubernetes ingress r=kaiyou a=micw

## What type of PR?

enhancement

## What does this PR do?

Currently, kubernetes uses a complex ingress setting which is not portable across different ingress controllers. This PR simplifies the ingress and delegates everythins special to Mailu to the front container,

### Related issue(s)
- closes #1121
- closes #1117
- closes #1021
- closes #1045

## Prerequistes

- [x] In case of feature or enhancement: documentation updated accordingly
- [x] Unless it's docs or a minor change: add [changelog]

Co-authored-by: Michael Wyraz <michael@wyraz.de>
2019-10-07 19:36:45 +00:00
bladeswords
b13d143b34
Update to address issue #1178 (HTTP headers)
This change should remove the duplicate `x-xss-protection` header and also the `x-powered-by` header.  Hopefully a pull request to main is appropriate, but may be worth back porting to 1.7.

Tested config by modifying live 1.7 nginx config and reloading.  Has had the desired outcome of removing the headers.

```/etc/nginx # nginx -t -c /etc/nginx/nginx.conf 
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful
/etc/nginx # nginx -s reload
```

These steps were based on:
- https://serverfault.com/questions/928912/how-do-i-remove-a-server-added-header-from-proxied-location
- https://serverfault.com/questions/929571/overwrite-http-headers-comming-back-from-a-web-application-server-proxied-in-ngi
- http://nginx.org/en/docs/http/ngx_http_proxy_module.html#proxy_hide_header
2019-09-26 19:43:29 +10:00
bors[bot]
e46153c0b1
Merge #1114
1114: Resolve HOST to ADDRESS only if ADDRESS is not already set r=mergify[bot] a=micw

## What type of PR?

bug-fix

## What does this PR do?

~Makes the rsolving from hosts to ips at startup configurable~

I rewrote the pull request after #940 was merged. Now it resolves HOSTs to ADDRESSes only of ADDRESSes are not already set. So on kubernetes we can jsut set the address and have working service discovery.

### Related issue(s)
- closes #1113

## Prerequistes

~Minor change, backward compatible~
Changelog will be added

Co-authored-by: Michael Wyraz <michael@wyraz.de>
2019-09-17 18:30:27 +00:00
Thomas Sänger
5fa87fbdf7
front: advertise real capabilites of mail-backends 2019-09-04 17:37:28 +02:00
Michael Wyraz
92645bcd4a Use nginx for kubernetes ingress 2019-09-03 10:27:10 +02:00
Michael Wyraz
de2f166bd1 Resolve HOST_* to *_ADDRESS only if *_ADDRESS is not already set 2019-08-31 18:18:58 +02:00
kaiyou
4afbc09d6e Remove unnecessary host variable assignments 2019-08-22 22:44:49 +02:00
Tim Möhlmann
ed0fb77a01
Catch empty WEBMAIL and WEBDAV address 2019-08-21 22:54:42 +03:00
Ionut Filip
075417bf90 Merged master and fixed conflicts 2019-08-21 20:35:24 +03:00
Aurélien Bondis
124b1d4c71 rebase and update for 3.10, avoid adding qemu file to x86 images 2019-08-21 12:24:30 -04:00
hoellen
9de5dc2592 Use python package socrate instead of Mailustart 2019-07-25 10:33:57 +02:00
Dario Ernst
1dbda71401 Adapt shared layer conf to now really-missing mailustart in admin (after merging webpack) 2019-07-14 13:12:59 +00:00
Dario Ernst
0306be1eed Re-add missing MailuStar in admin
It turns out we were all blind and admin *does* use MailuStart
2019-07-14 10:27:57 +00:00
Dario Ernst
ce0c24e076 Merge branch 'master' into HorayNarea-feat-upgrade-alpine 2019-07-14 09:40:58 +00:00
Dario Ernst
53f754f5ac Remove MailuStart from admin and correct layer-sharing comments 2019-07-14 09:33:54 +00:00
Thomas Sänger
2c7d1d2f71
use HTTP/1.1 for proxyied connections 2019-07-11 22:38:34 +02:00
Dario Ernst
bb2edb6eb6 Revert "Move alpine version definition out to variable"
This reverts commit c787e4bdbd.
2019-06-30 11:39:48 +00:00
Dario Ernst
c787e4bdbd Move alpine version definition out to variable 2019-06-26 21:14:59 +00:00
Dario Ernst
a253ca47fe Use official Mailu/MailuStart 2019-06-25 19:24:05 +00:00
Dario Ernst
d1f80cca99 Update Dockerfiles to most recent alpine 3.10 2019-06-25 19:24:05 +00:00
Thomas Sänger
ef3c6c407a upgrade alpine base-image 2019-06-25 19:23:40 +00:00
Ionut Filip
4c25c83419 HOST_* and *_ADDRESS variables cleanup 2019-02-18 14:46:48 +02:00
Abel Alfonso Fírvida Donéstevez
39444c794e Install bash in alpine based images.
This fix https://github.com/Mailu/Mailu/issues/918

Bash shell is used by default in Kubernetes' dashboard console, which is very
useful for admins.
2019-02-06 15:01:02 -05:00
Ionut Filip
f8dffe5a19
Resolve hosts in admin 2019-01-25 17:26:45 +02:00
Ionut Filip
004a431e97
Change to mailustart functions 2019-01-25 17:26:45 +02:00
Tim Möhlmann
049ca9941f
Cleanup syntax and fix typo 2019-01-08 05:21:03 +02:00
Tim Möhlmann
71cda7983e
Merge branch 'master' into feat-logging 2019-01-08 01:54:33 +02:00
Tim Möhlmann
7d01bb2a4d
LOG_LEVEL docs and changelog entry 2019-01-08 00:58:01 +02:00
Tim Möhlmann
b04a9d1c28
Implement debug logging for template rendering 2019-01-08 00:38:06 +02:00
Tim Möhlmann
5636e7f5a7
Remove to avoid matching webroot 2019-01-07 14:08:00 +02:00
Tim Möhlmann
4f93e09028
Implement favicon package
Credit to:
- https://stackoverflow.com/a/19590415/1816774
- https://realfavicongenerator.net/
2019-01-06 15:49:40 +02:00
Tim Möhlmann
24828615cf
Webmail on root, fixes #757 2018-12-19 16:20:24 +02:00
Tim Möhlmann
c7dcfee882
Merge pull request #713 from pgeorgi/extend-nginx
nginx: Allow extending config with overrides
2018-12-09 21:44:24 +02:00
Tim Möhlmann
6ca8ed437d
Merge pull request #732 from Nebukadneza/add_front_certificate_reload
Add certificate watcher for external certs to reload nginx
2018-12-08 20:11:09 +02:00
Dario Ernst
1aa97c9914 Add certificate watcher for external certs to reload nginx
In case of TLS_FLAVOR=[mail,cert], the user supplies their own certificates.
However, since nginx is not aware of changes to these files, it cannot
reload itself e.g. when the certs get renewed.

To solve this, let’s add a small daemon in the place of
`letsencrypt.py`, which uses a flexible file-watching framework and
reloads nginx in the case the certificates change ….
2018-12-07 16:20:42 +00:00
Tim Möhlmann
c00910ca4b
Merge remote-tracking branch 'upstream/master' into extend-nginx 2018-12-07 16:48:50 +02:00
Tim Möhlmann
97d338e68a
Rectify 'endif' placement 2018-12-07 16:44:42 +02:00
Tim Möhlmann
425cdd5e77
Fix syntax errors 2018-12-07 16:29:41 +02:00
Tim Möhlmann
20f1faf6d0
Send 404 when nothing server at '/'
Prevents Nginx welcome screen
2018-12-07 16:10:52 +02:00
Tim Möhlmann
2de4995fec
Don't redirect when webmail is served on '/' 2018-12-07 15:17:04 +02:00
Tim Möhlmann
9dd447e23b
Add login method to smtp_auth under ssl
Fixes #704
2018-12-06 01:00:16 +02:00
Patrick Georgi
eac4d553a9 nginx: Allow extending config with overrides
To facilitate this, the default redirect at / can be disabled, even if
the default remains at redirecting to the webmailer.

The extensions are within the host scope and are read from
$ROOT/overrides/nginx/*.conf.
2018-12-05 23:54:52 +01:00
Tim Möhlmann
42e2dbe35d
Standarize image by using shared / similair layers 2018-10-31 19:17:23 +02:00
Thomas Sänger
603b6e7390
Merge pull request #2 from usrpro/fix-nginx-healthcheck
Fix nginx healthcheck
2018-10-21 22:44:44 +02:00
Tim Möhlmann
81b24f61e8
Merge branch 'master' into feat-healthchecks 2018-10-21 20:58:59 +03:00
Tim Möhlmann
c3e89967fb
Fix front health checking
- Specified seperated /health path in order to allow for healthcheck even if webmail and admin are not seletectd. This also allows healthchecking fom external services like DNS load balancers;
- Make curl not to fail on TLS because localhost is not included in the certificates.
2018-10-21 20:45:41 +03:00
mergify[bot]
bce1487338
Merge pull request #576 from hacor/master
Kubernetes fixed for production
2018-10-20 22:30:38 +00:00
Paul Williams
78bd5aea1c enable http2, because it's that easy 2018-10-19 22:46:36 -06:00
hoellen
d4f32c3e7d remove rewrite if webmail is on root 2018-10-18 14:27:28 +02:00
Hans Cornelis
3098343360 Merged conflicts 2018-10-17 07:32:56 +02:00
hacor
4ea12deae7 Added kubernetes to Mailu 2018-10-17 07:22:55 +02:00
Thomas Sänger
39272ab05c
add healthcheck for http services 2018-10-16 21:38:12 +02:00
Tim Möhlmann
de43060ef8
Move to Alpine:3.8 and fixing #522 2018-10-11 14:06:26 +03:00
kaiyou
2cba045013 Explicitely declare required volumes, fixes #568 2018-09-28 17:28:46 +02:00
Pierre Jaury
3dca1a834c Pin alpine 3.7 until we fix the certbot issue, see #522 2018-08-01 21:56:29 +02:00
kaiyou
75a1bf967c
Merge pull request #502 from hoellen/webmail-messagesize
Use message_size_limit variable from env for webmail client_max_body_size
2018-06-28 21:29:30 +02:00
hoellen
c51e1b9eef webmail client_max_body_size with message_size_limit and 8M tolerance 2018-06-28 19:23:08 +02:00
hoellen
81a6a7cbf6 Use message_size variable from env for webmail 2018-06-25 15:51:20 +02:00
hoellen
a1fb8442e3 Add posibilty to run webmail on root '/' 2018-06-25 15:45:43 +02:00
Pierre Jaury
6828231c28 Fix the path of the nginx pid in startup scripts, fixes #483 2018-06-02 10:23:33 +02:00
Dennis Twardowsky
50f9f379e9 Flexible filenames for TLS via envvars (flavours 'cert' and 'mail' only) 2018-05-01 14:04:18 +02:00
kaiyou
d1dbba2d3a Add expose instructions in Dockerfiles, fixes #392 2018-04-21 14:46:01 +02:00
Scott
b9e67635f4 Use HOST_ADMIN in "Forwarding authentication server". Fixes #436. 2018-04-07 12:40:32 -05:00
kaiyou
dfb5463c94 Relax the frame filtering to allow roundcube to display previews 2018-02-11 22:56:26 +01:00
kaiyou
04278b6cbf Pass the full host to the backend, fixes #372 2018-02-06 18:56:41 +01:00
kaiyou
6c56c8e298 Specify the client max body size in the front, related to #371 2018-01-28 10:35:55 +01:00
Mildred Ki'Lya
f538e33dcf Parametrize hosts
Allows to use mailu without docker-compose when hostnames are not set up
by docker itself but provided via a separate resolver.

Use case: use mailu using nomad scheduler and consul resolver instead of
docker-compose. Other servers are provided by the DNS resolver that
resolves names like admin.service.consul or webmail.service.consul.
These names needs to be configurable.
2018-01-24 22:54:41 +01:00
SunMar
6ec0fe7036 Adding options for mail-letsencrypt 2018-01-04 16:23:28 +01:00
kaiyou
d0b8de72e4 Do not deny HTTP access upon TLS error when the flavor is mail 2017-12-17 15:09:10 +01:00
kaiyou
bfc898c2d8 Move dhparam to /conf 2017-12-17 14:47:02 +01:00
Greg Fitzgerald
f1ad2cf4d0 Use a predefined dhparam.pem, This fixes issue #322 2017-12-17 14:47:02 +01:00
kaiyou
acb5d7da38 Use relative redirect for / to the webmail 2017-12-04 22:42:12 +01:00
kaiyou
2dfc91ac4d Use a map for passing x-forwarded-proto along 2017-12-04 22:19:17 +01:00
kaiyou
a4f46ced49 Properly use x-forwarded-proto with redirects in the webui, related to #347 2017-12-04 21:16:08 +01:00
kaiyou
48d736feef Configure a resolver for the mail server to populate xclient hostnames 2017-12-04 20:28:54 +01:00
kaiyou
4761646616 Make sure stale pid files are dealt with, fix #341 2017-12-03 11:28:26 +01:00
kaiyou
743eb81908 Fix the Webdav behavior with Radicale, related to #334 2017-11-30 22:03:42 +01:00
kaiyou
328001a417
Merge pull request #329 from HorayNarea/patch-1
Disable ssl_session_tickets, see https://wiki.mozilla.org/Security/Server_Side_TLS#TLS_tickets_.28RFC_5077.29
2017-11-21 22:16:25 +01:00
kaiyou
f3ae318132 Perform webdav authentication in nginx, fixes #330 2017-11-20 00:09:19 +01:00
kaiyou
8920982213 Properly pass the request uri to the authentication backend 2017-11-18 16:40:01 +01:00
kaiyou
97dd9ed77c Fix a missing variable in the nginx config 2017-11-18 15:22:38 +01:00
Thomas Sänger
d61ba8e651
disable ssl_session_tickets 2017-11-15 12:34:00 +01:00
kaiyou
eb32871904 Force nginx to run dns queries at runtime 2017-11-13 21:40:22 +01:00
Thomas Sänger
ad7c5e48c5
automatically set nginx-worker based on CPU-count 2017-11-12 23:21:00 +01:00
kaiyou
f362ecdb19 Fix the missing trailing space on /webmail, fixes #304 2017-11-10 16:04:40 +01:00
kaiyou
1a3f85fbc2 Make the rspamd webui available, fixes #157 2017-11-10 14:49:36 +01:00
kaiyou
92f2025d7c Enable pop3 on the frontend, fix #313 2017-11-10 10:15:30 +01:00
kaiyou
bfa50c5aa7 Add a new TLS flavor named 'mail' 2017-11-07 16:16:41 +01:00
kaiyou
edbea372e9 Merge branch 'master' into refactor-repo 2017-11-04 18:40:53 +01:00
kaiyou
ac53b3ed97 Merge branch 'master' into refactor-repo 2017-11-01 18:29:25 +01:00
kaiyou
689be5f2d9 Move all directories per theme 2017-11-01 12:11:04 +01:00