Process review feedback

3 years ago · 0fd97124f7
parent d472900efa
commit 0fd97124f7
4 changed files with 15 additions and 136 deletions
--- a/webmails/rainloop/Dockerfile
+++ b/webmails/rainloop/Dockerfile
@ -1,12 +1,14 @@
-ARG DISTRO=nginx:1.21-alpine
+ARG ARCH=""
-FROM $DISTRO
+
 # NOTE: only add file if building for arm
 FROM ${ARCH}alpine:3.14
 ONBUILD COPY --from=balenalib/rpi-alpine:3.14 /usr/bin/qemu-arm-static /usr/bin/qemu-arm-static
 # Shared later between dovecot postfix nginx rspamd rainloop and roundloop
 RUN apk add --no-cache \
    python3 py3-pip \
 && pip3 install socrate==0.2.0
 # Shared layer between rainloop and roundcube
 #  https://www.rainloop.net/docs/system-requirements/
 #  Rainloop:
 #     cURL            Builtin
@ -24,12 +26,15 @@ RUN apk add --no-cache \
 #     php7-pdo        Accessing databases in PHP
 #     php7-pdo_sqlite Access to SQLite 3 databases
 RUN apk add --no-cache \
- && apk add php7 php7-fpm php7-curl php7-iconv php7-json php7-xml php7-dom php7-openssl \
+    nginx \
- && rm /etc/nginx/conf.d/default.conf \
+    php7 php7-fpm php7-curl php7-iconv php7-json php7-xml php7-dom php7-openssl \
- && rm /etc/php7/php-fpm.d/www.conf
+ && rm /etc/nginx/http.d/default.conf \
 && rm /etc/php7/php-fpm.d/www.conf \
 && mkdir -p /run/nginx \
 && mkdir -p /var/www/rainloop
 # nginx / PHP config files
-COPY config/nginx-rainloop.conf /etc/nginx/conf.d/rainloop.conf
+COPY config/nginx-rainloop.conf /etc/nginx/http.d/rainloop.conf
 COPY config/php-rainloop.conf /etc/php7/php-fpm.d/rainloop.conf
 # Rainloop login
@ -45,8 +50,7 @@ COPY defaults/default.ini /defaults/default.ini
 ENV RAINLOOP_URL https://github.com/RainLoop/rainloop-webmail/releases/download/v1.16.0/rainloop-community-1.16.0.zip
 RUN apk add --no-cache \
-      unzip py3-jinja2 \
+      curl unzip \
 && mkdir -p /var/www/rainloop \
 && cd /var/www/rainloop \
 && curl -L -O ${RAINLOOP_URL} \
 && unzip -q *.zip \
@ -55,7 +59,7 @@ RUN apk add --no-cache \
 && find . -type d -exec chmod 755 {} \; \
 && find . -type f -exec chmod 644 {} \; \
 && chown -R nginx:nginx /var/www/rainloop \
- && apk del unzip
+ && apk del curl unzip
 COPY start.py /start.py
--- a/webmails/rainloop/config/nginx-rainloop.conf
+++ b/webmails/rainloop/config/nginx-rainloop.conf
@ -13,7 +13,7 @@ server {
    index index.php;
    location / {
-        try_files $uri $uri/ /index.php?$query_string;
+        try_files $uri /index.php?$query_string;
    }
    location ~ \.php$ {
--- a/webmails/roundcube/config.inc.php
+++ b/webmails/roundcube/config.inc.php
@ -1,66 +0,0 @@
 <?php
 $config = array();
 // Generals
 $config['db_dsnw'] = getenv('DB_DSNW');;
 $config['temp_dir'] = '/tmp/';
 $config['des_key'] = getenv('SECRET_KEY') ? getenv('SECRET_KEY') : trim(file_get_contents(getenv('SECRET_KEY_FILE')));
 $config['cipher_method'] = 'AES-256-CBC';
 $config['identities_level'] = 0;
 $config['reply_all_mode'] = 1;
 // List of active plugins (in plugins/ directory)
 $config['plugins'] = array(
    'archive',
    'zipdownload',
    'markasjunk',
    'managesieve',
    'enigma',
    'carddav'
 );
 $front = getenv('FRONT_ADDRESS') ? getenv('FRONT_ADDRESS') : 'front';
 $imap  = getenv('IMAP_ADDRESS')  ? getenv('IMAP_ADDRESS')  : 'imap';
 // Mail servers
 $config['default_host'] = $front;
 $config['default_port'] = 10143;
 $config['smtp_server'] = $front;
 $config['smtp_port'] = 10025;
 $config['smtp_user'] = '%u';
 $config['smtp_pass'] = '%p';
 // Sieve script management
 $config['managesieve_host'] = $imap;
 $config['managesieve_usetls'] = false;
 // Customization settings
 if (filter_var(getenv('ADMIN'), FILTER_VALIDATE_BOOLEAN, FILTER_NULL_ON_FAILURE)) {
 	array_push($config['plugins'], 'mailu');
 	$config['support_url'] = getenv('WEB_ADMIN') ? '../..' . getenv('WEB_ADMIN') : '';
 	$config['sso_logout_url'] = getenv('WEB_ADMIN').'/ui/logout';
 }
 $config['product_name'] = 'Mailu Webmail';
 // We access the IMAP and SMTP servers locally with internal names, SSL
 // will obviously fail but this sounds better than allowing insecure login
 // from the outter world
 $ssl_no_check = array(
 'ssl' => array(
     'verify_peer' => false,
     'verify_peer_name' => false,
  ),
 );
 $config['imap_conn_options'] = $ssl_no_check;
 $config['smtp_conn_options'] = $ssl_no_check;
 $config['managesieve_conn_options'] = $ssl_no_check;
 // skin name: folder from skins/
 $config['skin'] = 'elastic';
 // Enigma gpg plugin
 $config['enigma_pgp_homedir'] = '/data/gpg';
 // Set From header for DKIM signed message delivery reports
 $config['mdn_use_from'] = true;
--- a/webmails/roundcube/mailu.php
+++ b/webmails/roundcube/mailu.php
@ -1,59 +0,0 @@
 <?php
 class mailu extends rcube_plugin
 {
  function init()
  {
    $this->add_hook('startup', array($this, 'startup'));
    $this->add_hook('authenticate', array($this, 'authenticate'));
    $this->add_hook('login_after', array($this, 'login'));
    $this->add_hook('login_failed', array($this, 'login_failed'));
    $this->add_hook('logout_after', array($this, 'logout'));
  }
  function startup($args)
  {
    if (empty($_SESSION['user_id'])) {
        $args['action'] = 'login';
    }
    return $args;
  }
  function authenticate($args)
  {
    if (!in_array('HTTP_X_REMOTE_USER', $_SERVER) || !in_array('HTTP_X_REMOTE_USER_TOKEN', $_SERVER)) {
        header('HTTP/1.0 403 Forbidden');
        die();
    }
    $args['user'] = $_SERVER['HTTP_X_REMOTE_USER'];
    $args['pass'] = $_SERVER['HTTP_X_REMOTE_USER_TOKEN'];
    $args['cookiecheck'] = false;
    $args['valid'] = true;
    return $args;
  }
  function logout($args) {
    // Redirect to global SSO logout path.
    $this->load_config();
    $sso_logout_url = rcmail::get_instance()->config->get('sso_logout_url');
    header("Location: " . $sso_logout_url, true);
    exit;
  }
  function login($args)
  {
      header('Location: index.php');
      exit();
  }
  function login_failed($args)
  {
      header('Location: sso.php');
      exit();
  }
 }