1
0
mirror of https://github.com/Mailu/Mailu.git synced 2025-06-15 00:05:11 +02:00
Commit Graph

277 Commits

Author SHA1 Message Date
a9c92f19ef Add this endpoint back too 2023-05-09 09:54:52 +02:00
2e26c7ad80 change healtcheck again 2023-05-09 09:51:53 +02:00
88f7ab48f7 Deal with certwatcher too 2023-04-27 09:26:24 +02:00
1d0c4e67aa noticket 2023-04-23 09:11:58 +02:00
5d93ae205e Simplify the health-check 2023-04-21 17:36:24 +02:00
e6b9285f86 Send rport too 2023-04-21 11:04:08 +02:00
d4bc99626f Ensure we log rport 2023-04-21 10:29:28 +02:00
0025d06c4e maybe fix healthcheck 2023-04-21 10:08:32 +02:00
915c1a75f1 Make it generic. Should we implement TARPIT? 2023-04-21 09:21:11 +02:00
2d8b2b15fe tweak-logs 2023-04-21 09:13:11 +02:00
4b02b2bd65 Add health-check 2023-04-21 08:59:42 +02:00
86ff5f7b71 Merge remote-tracking branch 'upstream/master' into managesieve-proxy 2023-04-20 18:53:17 +02:00
107b0ab5ff Implement managesieve support 2023-04-20 15:36:17 +02:00
7b08232049 Sanitize logs as appropriate 2023-04-13 14:46:12 +02:00
8686e5154f Fix #2720 2023-04-12 12:33:33 +02:00
36069e3e06 Fix access to radicale 2023-03-28 20:01:43 +00:00
cd7dc7baea nginx behind proxy: provide a healthcheck for localhost over port 10204 2023-03-28 14:13:59 +02:00
2e40467376 nginx with PROXY protocol for mail; only set_real_ip_from in 'all' and 'mail' alternatives 2023-03-28 09:09:11 +02:00
991dd647cb nginx: fix proxy settings when PROXY protocol is used
Tested-By: Didier Raboud <odyx@raksha.ch>
2023-03-28 09:08:39 +02:00
d9ed3cd179 nginx: Allow http and/or mail servers to accept the PROXY protocol
See #2300 for the initial proposal
2023-03-28 09:08:38 +02:00
ee1f0f94a3 Don't use the header when we don't need it. 2023-03-18 09:17:21 +00:00
4912fa1dff Fix a typo. 2023-03-18 08:55:32 +00:00
25b9db4b00 Proxy endpoint was checking real client ip instead of proxy ip
for validating PROXY_AUTH_WHITELIST
2023-03-18 08:14:46 +00:00
1d9791ceaa Merge #2703
2703: Paranoia: drop the headers we don't use r=mergify[bot] a=nextgens

## What type of PR?

enhancement

## What does this PR do?

Paranoia: drop the headers we don't use. This ensures there is no misunderstanding in between front and the other containers.

### Related issue(s)


## Prerequisites
Before we can consider review and merge, please make sure the following list is done and checked.
If an entry in not applicable, you can check it or remove it from the list.

- [ ] In case of feature or enhancement: documentation updated accordingly
- [x] Unless it's docs or a minor change: add [changelog](https://mailu.io/master/contributors/workflow.html#changelog) entry file.


Co-authored-by: Florent Daigniere <nextgens@freenetproject.org>
2023-03-17 15:38:25 +00:00
698f1f377c Check https://attackshipsonfi.re/p/exploiting-cors-misconfigurations out 2023-03-16 08:12:46 +01:00
8eb1542f64 Paranoia: drop the headers we don't use 2023-03-16 08:07:57 +01:00
1831ca3b1e Handle WEBROOT_REDIRECT better 2023-03-14 09:40:43 +01:00
e1739befc0 Make it work for /admin/antispam too 2023-03-13 08:40:29 +01:00
dd912169fb Make the login page guess where to redirect 2023-03-12 18:07:25 +01:00
44ad14811d Missed some IF statements that must be modified for normalized config. 2023-02-01 11:12:05 +00:00
d9a6777d9d Forgot to adapt some IF statements. All config is normalized now for front.
So true/false now matches the boolean value True/False.
Instead if {% IF X == 'true' %} we should now use {% IF X %}
2023-02-01 08:51:53 +00:00
7bcac3bbaa Get the value from the correct dict (args) 2023-01-31 17:26:32 +00:00
75afe1092d Use server-side password generator for generating token.
Fix setup correctly writing the value for API to mailu.env
Normalize env vars for front container.
Update reverse proxy with API information.
2023-01-31 12:37:25 +00:00
0673d32306 Fix setup utility setting correct value to env var API
Fix IF statement for enabling API in nginx.conf
Use safer command for regenerating example API token.
2023-01-30 13:16:07 +00:00
842be9b7c3 Skip listen to v6 when SUBNET6 is not set 2023-01-28 19:40:23 +01:00
7e60ba4e98 Merge #2613
2613: Enhance network segregation r=nextgens a=nextgens

## What type of PR?

enhancement

## What does this PR do?

- put radicale and webmail on their own network: this is done for security: that way they have no privileged access anywhere (no access to redis, no access to XCLIENT, ...)
- remove the EXPOSE statements from the dockerfiles. These ports are for internal comms and are not meant to be exposed in any way to the outside world.

### Related issue(s)
- #2611

## Prerequisites
Before we can consider review and merge, please make sure the following list is done and checked.
If an entry in not applicable, you can check it or remove it from the list.

- [ ] In case of feature or enhancement: documentation updated accordingly
- [ ] Unless it's docs or a minor change: add [changelog](https://mailu.io/master/contributors/workflow.html#changelog) entry file.


Co-authored-by: Florent Daigniere <nextgens@freenetproject.org>
2023-01-24 09:28:29 +00:00
bcceac359d Merge branch 'apiv1' of https://github.com/ghostwheel42/Mailu into feature-445-restful-api-ghostwheel 2023-01-05 10:18:02 +00:00
9d555b0eec Don't expose any port (suggestion from ghost) 2023-01-04 19:19:43 +01:00
e85a2a7e99 Step1: expose managesieve, make the webmails use it 2023-01-04 14:51:15 +01:00
4d80c95c41 Fix authentication submission
Don't talk haproxy to postfix; it's more headaches than it is currently
worth.
2023-01-03 15:57:57 +01:00
bba6c5bb88 Merge #2603
2603: Enable HAPROXY protocol on SUBNET r=mergify[bot] a=nextgens

## What type of PR?

bug-fix

## What does this PR do?

- Enable HAPROXY in between front and imap: With this we avoid running into the limitations of  ``mail_max_userip_connections`` and the logfiles reflect the real IP.
- Enable HAPROXY in between front and smtp: with this postfix and rspamd are aware of whether TLS was used or not on the last hop. In practice this won't work as nginx doesn't send PROTO yet.
- Discard redundant log messages from postfix

With all of this, not only are the logs easier to understand but ``doveadm who`` also works as one would expect.

### Related issue(s)
- closes #894
- #1328
- closes #1364
- #1705

## Prerequisites
Before we can consider review and merge, please make sure the following list is done and checked.
If an entry in not applicable, you can check it or remove it from the list.

- [ ] In case of feature or enhancement: documentation updated accordingly
- [x] Unless it's docs or a minor change: add [changelog](https://mailu.io/master/contributors/workflow.html#changelog) entry file.


Co-authored-by: Florent Daigniere <nextgens@freenetproject.org>
2022-12-31 16:53:52 +00:00
cd107182c1 comment 2022-12-29 11:04:16 +01:00
8539344331 Reduce nginx ssl_session_cache to 3m each 2022-12-29 11:03:55 +01:00
55c1e55529 Same for front-smtp
This should enable postfix to have visibility on TLS usage and fix the
following: #1705
2022-12-28 15:40:35 +01:00
4ae0d7d768 Enable HAPROXY protocol in between front and imap
With this we avoid running into the limitations of
 mail_max_userip_connections (see #894 amd #1364) and the
 logfiles as well as ``doveadm who`` give an accurate picture.
2022-12-28 14:17:00 +01:00
be40781394 Add default for WEB_API, re-add flask-restx to deps, remove whitespace 2022-12-27 14:28:25 +01:00
3cb8358090 Process review comments PR#2464
- When visiting root of WEB_API, the swaggerui is shown
- simplify the condition for endpoint WEB_API
2022-12-27 11:32:58 +01:00
5c9cdfe1de Introduction of the Mailu RESTful API.
Anything that can be configured in the web administration interface,
can also be configured via the Mailu RESTful API.
See the section Advanced configuration in the configuration reference
for the relevant settings in mailu.env for enabling the API.
(API, WEB_API, API_TOKEN).
2022-12-27 11:32:54 +01:00
4e3874b0c1 Enable dynamic resolution of hostnames 2022-12-08 13:00:50 +01:00
5703e97c73 Merge #2460
2460: Switch to a base image containing base tools and the podop and socrate libs r=mergify[bot] a=ghostwheel42

## What type of PR?

enhancement of build process

## What does this PR do?

Changes build.hcl to build core images using a base image.
Also adds a "assets" base image for the admin container.


Co-authored-by: Alexander Graf <ghostwheel42@users.noreply.github.com>
Co-authored-by: Pierre Jaury <pierre@jaury.eu>
Co-authored-by: kaiyou <pierre@jaury.eu>
Co-authored-by: Dimitri Huisman <52963853+Diman0@users.noreply.github.com>
2022-10-28 15:21:56 +00:00