1
0
mirror of https://github.com/Mailu/Mailu.git synced 2024-12-16 10:59:53 +02:00
Commit Graph

295 Commits

Author SHA1 Message Date
Dimitri Huisman
60b9ff0090
Fixed log filter not filtering out log messages for dovecot/nginx/postfix.
Fixed postfix not logging to standard out.
Fixed not all containers logging to journald.
Removed POSTFIX_LOG_FILE functionality. Added documentation on how to achieve the same (log to file) via journald & rsyslogd (see new FAQ entry 'How can I view and export the logs of a Mailu container?').
2023-10-27 14:10:13 +00:00
Florent Daigniere
055b216627 log.critical() where useful 2023-10-17 14:05:08 +02:00
Florent Daigniere
9f93ed6593 Fix letsencrypt on master 2023-10-17 13:58:38 +02:00
Florent Daigniere
eb44783eb2 we need this in front too 2023-10-09 17:41:04 +02:00
Florent Daigniere
5230c28713 Fix letsencrypt on master 2023-10-06 13:48:09 +02:00
bors[bot]
585549ce92
Merge #2924
2924: Remove the usage of capabilities, use port 8080 for admin r=nextgens a=nextgens

## What type of PR?

bug-fix

## What does this PR do?

In the real world users can't get them to work... I wonder if they use patched-up kernels or if xattrs are lost somehow... in any case, we can do without capabilities so let's do that.

Ensure that dovecot doesn't attempt to bind a v6 socket if SUBNET6 is not configured

Also, document that systemd-resolve may cause trouble with DNSSEC.

### Related issue(s)
- closes #2906
- closes #2913

## Prerequisites
Before we can consider review and merge, please make sure the following list is done and checked.
If an entry in not applicable, you can check it or remove it from the list.

- [x] In case of feature or enhancement: documentation updated accordingly
- [x] Unless it's docs or a minor change: add [changelog](https://mailu.io/master/contributors/workflow.html#changelog) entry file.


Co-authored-by: Florent Daigniere <nextgens@freenetproject.org>
2023-08-29 06:19:42 +00:00
Florent Daigniere
8d4abe55ed doh 2023-08-29 08:18:45 +02:00
Florent Daigniere
45ef205887 Serve actual content as requested in review 2023-08-28 17:43:20 +02:00
Florent Daigniere
b2a5a80e12 Ensure that dovecot doesn't bind v6 if not required 2023-08-28 11:56:25 +02:00
Florent Daigniere
562cd8c135 Remove the usage of capabilities use port 8080
In the real world users can't get them to work...
2023-08-28 11:34:51 +02:00
Florent Daigniere
e7e169f1c1 Fix the obvious issue 2023-08-09 19:10:07 +02:00
Florent Daigniere
f3cd401450 PROXY_PROTOCOL=all-but-http for traefik 2023-08-09 15:31:14 +02:00
Florent Daigniere
64ce3d1c96 Implement a busy loop for letsencrypt 2023-08-09 15:28:07 +02:00
Florent Daigniere
f143aa3dc8 Use dovecot-proxy where appropriate 2023-06-05 10:23:30 +02:00
bors[bot]
589c426601
Merge #2818
2818: Improve auth-related logging r=mergify[bot] a=nextgens

## What type of PR?

enhancement

## What does this PR do?

Improve auth-related logging

### Related issue(s)
- closes #2803 

## Prerequisites
Before we can consider review and merge, please make sure the following list is done and checked.
If an entry in not applicable, you can check it or remove it from the list.

- [ ] In case of feature or enhancement: documentation updated accordingly
- [x] Unless it's docs or a minor change: add [changelog](https://mailu.io/master/contributors/workflow.html#changelog) entry file.


Co-authored-by: Florent Daigniere <nextgens@freenetproject.org>
Co-authored-by: Florent Daigniere <nextgens@users.noreply.github.com>
2023-05-30 09:01:42 +00:00
Florent Daigniere
632fe1908a Rename as requested by reviewer 2023-05-10 09:54:56 +02:00
Florent Daigniere
7d39741c47 Make webmails use a different port without proxy protocol 2023-05-09 12:06:04 +02:00
Florent Daigniere
a9c92f19ef Add this endpoint back too 2023-05-09 09:54:52 +02:00
Florent Daigniere
2e26c7ad80 change healtcheck again 2023-05-09 09:51:53 +02:00
Florent Daigniere
6ee913502e Improve auth-related logging 2023-05-06 17:37:16 +02:00
Florent Daigniere
88f7ab48f7 Deal with certwatcher too 2023-04-27 09:26:24 +02:00
Florent Daigniere
1d0c4e67aa noticket 2023-04-23 09:11:58 +02:00
Florent Daigniere
5d93ae205e Simplify the health-check 2023-04-21 17:36:24 +02:00
Florent Daigniere
e6b9285f86 Send rport too 2023-04-21 11:04:08 +02:00
Florent Daigniere
d4bc99626f Ensure we log rport 2023-04-21 10:29:28 +02:00
Florent Daigniere
0025d06c4e maybe fix healthcheck 2023-04-21 10:08:32 +02:00
Florent Daigniere
915c1a75f1 Make it generic. Should we implement TARPIT? 2023-04-21 09:21:11 +02:00
Florent Daigniere
2d8b2b15fe tweak-logs 2023-04-21 09:13:11 +02:00
Florent Daigniere
4b02b2bd65 Add health-check 2023-04-21 08:59:42 +02:00
Florent Daigniere
86ff5f7b71 Merge remote-tracking branch 'upstream/master' into managesieve-proxy 2023-04-20 18:53:17 +02:00
Florent Daigniere
107b0ab5ff Implement managesieve support 2023-04-20 15:36:17 +02:00
Florent Daigniere
7b08232049 Sanitize logs as appropriate 2023-04-13 14:46:12 +02:00
Florent Daigniere
8686e5154f Fix #2720 2023-04-12 12:33:33 +02:00
Dimitri Huisman
36069e3e06
Fix access to radicale 2023-03-28 20:01:43 +00:00
Didier 'OdyX' Raboud
cd7dc7baea
nginx behind proxy: provide a healthcheck for localhost over port 10204 2023-03-28 14:13:59 +02:00
Didier 'OdyX' Raboud
2e40467376
nginx with PROXY protocol for mail; only set_real_ip_from in 'all' and 'mail' alternatives 2023-03-28 09:09:11 +02:00
Dimitri Huisman
991dd647cb
nginx: fix proxy settings when PROXY protocol is used
Tested-By: Didier Raboud <odyx@raksha.ch>
2023-03-28 09:08:39 +02:00
Didier 'OdyX' Raboud
d9ed3cd179
nginx: Allow http and/or mail servers to accept the PROXY protocol
See #2300 for the initial proposal
2023-03-28 09:08:38 +02:00
Dimitri Huisman
ee1f0f94a3
Don't use the header when we don't need it. 2023-03-18 09:17:21 +00:00
Dimitri Huisman
4912fa1dff
Fix a typo. 2023-03-18 08:55:32 +00:00
Dimitri Huisman
25b9db4b00
Proxy endpoint was checking real client ip instead of proxy ip
for validating PROXY_AUTH_WHITELIST
2023-03-18 08:14:46 +00:00
bors[bot]
1d9791ceaa
Merge #2703
2703: Paranoia: drop the headers we don't use r=mergify[bot] a=nextgens

## What type of PR?

enhancement

## What does this PR do?

Paranoia: drop the headers we don't use. This ensures there is no misunderstanding in between front and the other containers.

### Related issue(s)


## Prerequisites
Before we can consider review and merge, please make sure the following list is done and checked.
If an entry in not applicable, you can check it or remove it from the list.

- [ ] In case of feature or enhancement: documentation updated accordingly
- [x] Unless it's docs or a minor change: add [changelog](https://mailu.io/master/contributors/workflow.html#changelog) entry file.


Co-authored-by: Florent Daigniere <nextgens@freenetproject.org>
2023-03-17 15:38:25 +00:00
Florent Daigniere
698f1f377c Check https://attackshipsonfi.re/p/exploiting-cors-misconfigurations out 2023-03-16 08:12:46 +01:00
Florent Daigniere
8eb1542f64 Paranoia: drop the headers we don't use 2023-03-16 08:07:57 +01:00
Florent Daigniere
1831ca3b1e Handle WEBROOT_REDIRECT better 2023-03-14 09:40:43 +01:00
Florent Daigniere
e1739befc0 Make it work for /admin/antispam too 2023-03-13 08:40:29 +01:00
Florent Daigniere
dd912169fb Make the login page guess where to redirect 2023-03-12 18:07:25 +01:00
Dimitri Huisman
44ad14811d
Missed some IF statements that must be modified for normalized config. 2023-02-01 11:12:05 +00:00
Dimitri Huisman
d9a6777d9d
Forgot to adapt some IF statements. All config is normalized now for front.
So true/false now matches the boolean value True/False.
Instead if {% IF X == 'true' %} we should now use {% IF X %}
2023-02-01 08:51:53 +00:00
Dimitri Huisman
7bcac3bbaa
Get the value from the correct dict (args) 2023-01-31 17:26:32 +00:00