From d472900efa5a81cf59b2b91d506b58fe7a1b3d57 Mon Sep 17 00:00:00 2001 From: Erriez Date: Tue, 10 Aug 2021 21:47:14 +0200 Subject: [PATCH 1/9] Optimize Rainloop to NGINX - Reduce build time. - Reduce image size. - Faster user response using CGI. --- webmails/rainloop/Dockerfile | 78 ++++++++++------- webmails/rainloop/config/nginx-rainloop.conf | 38 +++++++++ webmails/rainloop/config/php-rainloop.conf | 83 +++++++++++++++++++ .../rainloop/{ => defaults}/application.ini | 0 webmails/rainloop/{ => defaults}/default.ini | 0 webmails/rainloop/{ => defaults}/php.ini | 0 webmails/rainloop/{ => login}/include.php | 0 webmails/rainloop/{ => login}/sso.php | 2 +- webmails/rainloop/start.py | 13 ++- 9 files changed, 174 insertions(+), 40 deletions(-) create mode 100644 webmails/rainloop/config/nginx-rainloop.conf create mode 100644 webmails/rainloop/config/php-rainloop.conf rename webmails/rainloop/{ => defaults}/application.ini (100%) rename webmails/rainloop/{ => defaults}/default.ini (100%) rename webmails/rainloop/{ => defaults}/php.ini (100%) rename webmails/rainloop/{ => login}/include.php (100%) rename webmails/rainloop/{ => login}/sso.php (89%) diff --git a/webmails/rainloop/Dockerfile b/webmails/rainloop/Dockerfile index 9814413d..95cf9b4a 100644 --- a/webmails/rainloop/Dockerfile +++ b/webmails/rainloop/Dockerfile @@ -1,51 +1,65 @@ -ARG ARCH="" -ARG QEMU=other +ARG DISTRO=nginx:1.21-alpine +FROM $DISTRO -# NOTE: only add file if building for arm -FROM ${ARCH}php:7.4-apache as build_arm -ONBUILD COPY --from=balenalib/rpi-alpine:3.14 /usr/bin/qemu-arm-static /usr/bin/qemu-arm-static +# Shared later between dovecot postfix nginx rspamd rainloop and roundloop +RUN apk add --no-cache \ + python3 py3-pip \ + && pip3 install socrate==0.2.0 -FROM ${ARCH}php:7.4-apache as build_other +# Shared layer between rainloop and roundcube +# https://www.rainloop.net/docs/system-requirements/ +# Rainloop: +# cURL Builtin +# iconv php7-iconv +# json php7-json +# libxml php7-xml +# dom php7-dom +# openssl php7-openssl +# DateTime Builtin +# PCRE Builtin +# SPL Builtin +# Recommended: +# php7-fpm FastCGI Process Manager +# Optional PHP extension (for contacts): +# php7-pdo Accessing databases in PHP +# php7-pdo_sqlite Access to SQLite 3 databases +RUN apk add --no-cache \ + && apk add php7 php7-fpm php7-curl php7-iconv php7-json php7-xml php7-dom php7-openssl \ + && rm /etc/nginx/conf.d/default.conf \ + && rm /etc/php7/php-fpm.d/www.conf -FROM build_${QEMU} -#Shared layer between rainloop and roundcube -RUN apt-get update && apt-get install -y \ - python3 curl python3-pip git python3-multidict \ - && rm -rf /var/lib/apt/lists \ - && echo "ServerSignature Off" >> /etc/apache2/apache2.conf +# nginx / PHP config files +COPY config/nginx-rainloop.conf /etc/nginx/conf.d/rainloop.conf +COPY config/php-rainloop.conf /etc/php7/php-fpm.d/rainloop.conf -# Shared layer between nginx, dovecot, postfix, postgresql, rspamd, unbound, rainloop, roundcube -RUN pip3 install socrate +# Rainloop login +COPY login/include.php /var/www/rainloop/include.php +COPY login/sso.php /var/www/rainloop/sso.php +# Parsed en moved at startup +COPY defaults/php.ini /defaults/php.ini +COPY defaults/application.ini /defaults/application.ini +COPY defaults/default.ini /defaults/default.ini + +# Install Rainloop from source ENV RAINLOOP_URL https://github.com/RainLoop/rainloop-webmail/releases/download/v1.16.0/rainloop-community-1.16.0.zip -RUN apt-get update && apt-get install -y \ - unzip python3-jinja2 \ - && rm -rf /var/www/html/ \ - && mkdir /var/www/html \ - && cd /var/www/html \ +RUN apk add --no-cache \ + unzip py3-jinja2 \ + && mkdir -p /var/www/rainloop \ + && cd /var/www/rainloop \ && curl -L -O ${RAINLOOP_URL} \ && unzip -q *.zip \ && rm -f *.zip \ && rm -rf data/ \ && find . -type d -exec chmod 755 {} \; \ && find . -type f -exec chmod 644 {} \; \ - && chown -R www-data: * \ - && apt-get purge -y unzip \ - && rm -rf /var/lib/apt/lists - -COPY include.php /var/www/html/include.php -COPY sso.php /var/www/html/sso.php -COPY php.ini /php.ini - -COPY application.ini /application.ini -COPY default.ini /default.ini + && chown -R nginx:nginx /var/www/rainloop \ + && apk del unzip COPY start.py /start.py EXPOSE 80/tcp VOLUME ["/data"] -CMD /start.py - -HEALTHCHECK CMD curl -f -L http://localhost/ || exit 1 +CMD php-fpm7 && /start.py diff --git a/webmails/rainloop/config/nginx-rainloop.conf b/webmails/rainloop/config/nginx-rainloop.conf new file mode 100644 index 00000000..3a0ff7fd --- /dev/null +++ b/webmails/rainloop/config/nginx-rainloop.conf @@ -0,0 +1,38 @@ +server { + listen 80 default_server; + listen [::]:80 default_server; + + root /var/www/rainloop; + + # /dev/stdout (Default), , off + access_log off; + + # /dev/stderr (Default), , debug, info, notice, warn, error, crit, alert, emerg + error_log /dev/stderr error; + + index index.php; + + location / { + try_files $uri $uri/ /index.php?$query_string; + } + + location ~ \.php$ { + fastcgi_split_path_info ^(.+\.php)(/.*)$; + + fastcgi_intercept_errors on; + fastcgi_index index.php; + + fastcgi_keep_conn on; + include /etc/nginx/fastcgi_params; + fastcgi_pass unix:/var/run/php7-fpm.sock; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + } + + location ~ /\.ht { + deny all; + } + + location ^~ /data { + deny all; + } +} diff --git a/webmails/rainloop/config/php-rainloop.conf b/webmails/rainloop/config/php-rainloop.conf new file mode 100644 index 00000000..bb2534cc --- /dev/null +++ b/webmails/rainloop/config/php-rainloop.conf @@ -0,0 +1,83 @@ +; Start a new pool named 'rainloop'. +; the variable $pool can be used in any directive and will be replaced by the +; pool name ('rainloop' here) +[rainloop] + +; Unix user/group of processes +; Note: The user is mandatory. If the group is not set, the default user's group +; will be used. +user = nginx +group = nginx + +; The address on which to accept FastCGI requests. +; Valid syntaxes are: +; 'ip.add.re.ss:port' - to listen on a TCP socket to a specific IPv4 address on +; a specific port; +; '[ip:6:addr:ess]:port' - to listen on a TCP socket to a specific IPv6 address on +; a specific port; +; 'port' - to listen on a TCP socket to all addresses +; (IPv6 and IPv4-mapped) on a specific port; +; '/path/to/unix/socket' - to listen on a unix socket. +; Note: This value is mandatory. +listen = /var/run/php7-fpm.sock + +; Set permissions for unix socket, if one is used. In Linux, read/write +; permissions must be set in order to allow connections from a web server. Many +; BSD-derived systems allow connections regardless of permissions. +; Default Values: user and group are set as the running user +; mode is set to 0660 +listen.owner = nginx +listen.group = nginx +listen.mode = 0660 + +; Choose how the process manager will control the number of child processes. +; Possible Values: +; static - a fixed number (pm.max_children) of child processes; +; dynamic - the number of child processes are set dynamically based on the +; following directives. With this process management, there will be +; always at least 1 children. +; pm.max_children - the maximum number of children that can +; be alive at the same time. +; pm.start_servers - the number of children created on startup. +; pm.min_spare_servers - the minimum number of children in 'idle' +; state (waiting to process). If the number +; of 'idle' processes is less than this +; number then some children will be created. +; pm.max_spare_servers - the maximum number of children in 'idle' +; state (waiting to process). If the number +; of 'idle' processes is greater than this +; number then some children will be killed. +; ondemand - no children are created at startup. Children will be forked when +; new requests will connect. The following parameter are used: +; pm.max_children - the maximum number of children that +; can be alive at the same time. +; pm.process_idle_timeout - The number of seconds after which +; an idle process will be killed. +; Note: This value is mandatory. +pm = dynamic + +; The number of child processes to be created when pm is set to 'static' and the +; maximum number of child processes when pm is set to 'dynamic' or 'ondemand'. +; This value sets the limit on the number of simultaneous requests that will be +; served. Equivalent to the ApacheMaxClients directive with mpm_prefork. +; Equivalent to the PHP_FCGI_CHILDREN environment variable in the original PHP +; CGI. The below defaults are based on a server without much resources. Don't +; forget to tweak pm.* to fit your needs. +; Note: Used when pm is set to 'static', 'dynamic' or 'ondemand' +; Note: This value is mandatory. +pm.max_children = 5 + +; The number of child processes created on startup. +; Note: Used only when pm is set to 'dynamic' +; Default Value: min_spare_servers + (max_spare_servers - min_spare_servers) / 2 +pm.start_servers = 2 + +; The desired minimum number of idle server processes. +; Note: Used only when pm is set to 'dynamic' +; Note: Mandatory when pm is set to 'dynamic' +pm.min_spare_servers = 1 + +; The desired maximum number of idle server processes. +; Note: Used only when pm is set to 'dynamic' +; Note: Mandatory when pm is set to 'dynamic' +pm.max_spare_servers = 3 diff --git a/webmails/rainloop/application.ini b/webmails/rainloop/defaults/application.ini similarity index 100% rename from webmails/rainloop/application.ini rename to webmails/rainloop/defaults/application.ini diff --git a/webmails/rainloop/default.ini b/webmails/rainloop/defaults/default.ini similarity index 100% rename from webmails/rainloop/default.ini rename to webmails/rainloop/defaults/default.ini diff --git a/webmails/rainloop/php.ini b/webmails/rainloop/defaults/php.ini similarity index 100% rename from webmails/rainloop/php.ini rename to webmails/rainloop/defaults/php.ini diff --git a/webmails/rainloop/include.php b/webmails/rainloop/login/include.php similarity index 100% rename from webmails/rainloop/include.php rename to webmails/rainloop/login/include.php diff --git a/webmails/rainloop/sso.php b/webmails/rainloop/login/sso.php similarity index 89% rename from webmails/rainloop/sso.php rename to webmails/rainloop/login/sso.php index 2415f45c..0bfbe263 100644 --- a/webmails/rainloop/sso.php +++ b/webmails/rainloop/login/sso.php @@ -18,7 +18,7 @@ if (file_exists(APP_INDEX_ROOT_PATH.'rainloop/v/'.APP_VERSION.'/include.php')) { } // Retrieve email and password -if (in_array('HTTP_X_REMOTE_USER', $_SERVER) && in_array('HTTP_X_REMOTE_USER_TOKEN', $_SERVER)) { +if (isset($_SERVER['HTTP_X_REMOTE_USER']) && isset($_SERVER['HTTP_X_REMOTE_USER_TOKEN'])) { $email = $_SERVER['HTTP_X_REMOTE_USER']; $password = $_SERVER['HTTP_X_REMOTE_USER_TOKEN']; $ssoHash = \RainLoop\Api::GetUserSsoHash($email, $password); diff --git a/webmails/rainloop/start.py b/webmails/rainloop/start.py index 2d537284..a52b70e9 100755 --- a/webmails/rainloop/start.py +++ b/webmails/rainloop/start.py @@ -19,12 +19,11 @@ shutil.rmtree(base + "domains/", ignore_errors=True) os.makedirs(base + "domains", exist_ok=True) os.makedirs(base + "configs", exist_ok=True) -conf.jinja("/default.ini", os.environ, "/data/_data_/_default_/domains/default.ini") -conf.jinja("/application.ini", os.environ, "/data/_data_/_default_/configs/application.ini") -conf.jinja("/php.ini", os.environ, "/usr/local/etc/php/conf.d/rainloop.ini") +conf.jinja("/defaults/default.ini", os.environ, "/data/_data_/_default_/domains/default.ini") +conf.jinja("/defaults/application.ini", os.environ, "/data/_data_/_default_/configs/application.ini") +conf.jinja("/defaults/php.ini", os.environ, "/etc/php7/php.ini") -os.system("chown -R www-data:www-data /data") -os.system("chmod -R a+rX /var/www/html/") - -os.execv("/usr/local/bin/apache2-foreground", ["apache2-foreground"]) +os.system("chown -R nginx:nginx /data") +os.system("chmod -R a+rX /var/www/rainloop/") +os.execv("/usr/sbin/nginx", ["nginx", "-g", "daemon off;"]) From 0fd97124f78abe4bcfec48ea730509d378ff595f Mon Sep 17 00:00:00 2001 From: Erriez Date: Thu, 12 Aug 2021 17:23:24 +0200 Subject: [PATCH 2/9] Process review feedback --- webmails/rainloop/Dockerfile | 24 ++++--- webmails/rainloop/config/nginx-rainloop.conf | 2 +- webmails/roundcube/config.inc.php | 66 -------------------- webmails/roundcube/mailu.php | 59 ----------------- 4 files changed, 15 insertions(+), 136 deletions(-) delete mode 100644 webmails/roundcube/config.inc.php delete mode 100644 webmails/roundcube/mailu.php diff --git a/webmails/rainloop/Dockerfile b/webmails/rainloop/Dockerfile index 95cf9b4a..e6c3d63c 100644 --- a/webmails/rainloop/Dockerfile +++ b/webmails/rainloop/Dockerfile @@ -1,12 +1,14 @@ -ARG DISTRO=nginx:1.21-alpine -FROM $DISTRO +ARG ARCH="" + +# NOTE: only add file if building for arm +FROM ${ARCH}alpine:3.14 +ONBUILD COPY --from=balenalib/rpi-alpine:3.14 /usr/bin/qemu-arm-static /usr/bin/qemu-arm-static # Shared later between dovecot postfix nginx rspamd rainloop and roundloop RUN apk add --no-cache \ python3 py3-pip \ && pip3 install socrate==0.2.0 -# Shared layer between rainloop and roundcube # https://www.rainloop.net/docs/system-requirements/ # Rainloop: # cURL Builtin @@ -24,12 +26,15 @@ RUN apk add --no-cache \ # php7-pdo Accessing databases in PHP # php7-pdo_sqlite Access to SQLite 3 databases RUN apk add --no-cache \ - && apk add php7 php7-fpm php7-curl php7-iconv php7-json php7-xml php7-dom php7-openssl \ - && rm /etc/nginx/conf.d/default.conf \ - && rm /etc/php7/php-fpm.d/www.conf + nginx \ + php7 php7-fpm php7-curl php7-iconv php7-json php7-xml php7-dom php7-openssl \ + && rm /etc/nginx/http.d/default.conf \ + && rm /etc/php7/php-fpm.d/www.conf \ + && mkdir -p /run/nginx \ + && mkdir -p /var/www/rainloop # nginx / PHP config files -COPY config/nginx-rainloop.conf /etc/nginx/conf.d/rainloop.conf +COPY config/nginx-rainloop.conf /etc/nginx/http.d/rainloop.conf COPY config/php-rainloop.conf /etc/php7/php-fpm.d/rainloop.conf # Rainloop login @@ -45,8 +50,7 @@ COPY defaults/default.ini /defaults/default.ini ENV RAINLOOP_URL https://github.com/RainLoop/rainloop-webmail/releases/download/v1.16.0/rainloop-community-1.16.0.zip RUN apk add --no-cache \ - unzip py3-jinja2 \ - && mkdir -p /var/www/rainloop \ + curl unzip \ && cd /var/www/rainloop \ && curl -L -O ${RAINLOOP_URL} \ && unzip -q *.zip \ @@ -55,7 +59,7 @@ RUN apk add --no-cache \ && find . -type d -exec chmod 755 {} \; \ && find . -type f -exec chmod 644 {} \; \ && chown -R nginx:nginx /var/www/rainloop \ - && apk del unzip + && apk del curl unzip COPY start.py /start.py diff --git a/webmails/rainloop/config/nginx-rainloop.conf b/webmails/rainloop/config/nginx-rainloop.conf index 3a0ff7fd..0f9f3122 100644 --- a/webmails/rainloop/config/nginx-rainloop.conf +++ b/webmails/rainloop/config/nginx-rainloop.conf @@ -13,7 +13,7 @@ server { index index.php; location / { - try_files $uri $uri/ /index.php?$query_string; + try_files $uri /index.php?$query_string; } location ~ \.php$ { diff --git a/webmails/roundcube/config.inc.php b/webmails/roundcube/config.inc.php deleted file mode 100644 index 797f229c..00000000 --- a/webmails/roundcube/config.inc.php +++ /dev/null @@ -1,66 +0,0 @@ - array( - 'verify_peer' => false, - 'verify_peer_name' => false, - ), -); -$config['imap_conn_options'] = $ssl_no_check; -$config['smtp_conn_options'] = $ssl_no_check; -$config['managesieve_conn_options'] = $ssl_no_check; - -// skin name: folder from skins/ -$config['skin'] = 'elastic'; - -// Enigma gpg plugin -$config['enigma_pgp_homedir'] = '/data/gpg'; - -// Set From header for DKIM signed message delivery reports -$config['mdn_use_from'] = true; diff --git a/webmails/roundcube/mailu.php b/webmails/roundcube/mailu.php deleted file mode 100644 index bb4d65e9..00000000 --- a/webmails/roundcube/mailu.php +++ /dev/null @@ -1,59 +0,0 @@ -add_hook('startup', array($this, 'startup')); - $this->add_hook('authenticate', array($this, 'authenticate')); - $this->add_hook('login_after', array($this, 'login')); - $this->add_hook('login_failed', array($this, 'login_failed')); - $this->add_hook('logout_after', array($this, 'logout')); - } - - function startup($args) - { - if (empty($_SESSION['user_id'])) { - $args['action'] = 'login'; - } - - return $args; - } - - function authenticate($args) - { - if (!in_array('HTTP_X_REMOTE_USER', $_SERVER) || !in_array('HTTP_X_REMOTE_USER_TOKEN', $_SERVER)) { - header('HTTP/1.0 403 Forbidden'); - die(); - } - $args['user'] = $_SERVER['HTTP_X_REMOTE_USER']; - $args['pass'] = $_SERVER['HTTP_X_REMOTE_USER_TOKEN']; - - $args['cookiecheck'] = false; - $args['valid'] = true; - - return $args; - } - - function logout($args) { - // Redirect to global SSO logout path. - $this->load_config(); - - $sso_logout_url = rcmail::get_instance()->config->get('sso_logout_url'); - header("Location: " . $sso_logout_url, true); - exit; - } - - function login($args) - { - header('Location: index.php'); - exit(); - } - function login_failed($args) - { - header('Location: sso.php'); - exit(); - } - -} From d0a0ba6727b5883048253ef098207ff8879fd6ee Mon Sep 17 00:00:00 2001 From: Erriez Date: Thu, 12 Aug 2021 20:49:58 +0200 Subject: [PATCH 3/9] Optimize PHP pm setting to ondemand The ondemand setting results in lower memory consumption in idle. --- webmails/rainloop/config/php-rainloop.conf | 21 +++++++++++++++++---- 1 file changed, 17 insertions(+), 4 deletions(-) diff --git a/webmails/rainloop/config/php-rainloop.conf b/webmails/rainloop/config/php-rainloop.conf index bb2534cc..fae0d81e 100644 --- a/webmails/rainloop/config/php-rainloop.conf +++ b/webmails/rainloop/config/php-rainloop.conf @@ -54,7 +54,7 @@ listen.mode = 0660 ; pm.process_idle_timeout - The number of seconds after which ; an idle process will be killed. ; Note: This value is mandatory. -pm = dynamic +pm = ondemand ; The number of child processes to be created when pm is set to 'static' and the ; maximum number of child processes when pm is set to 'dynamic' or 'ondemand'. @@ -70,14 +70,27 @@ pm.max_children = 5 ; The number of child processes created on startup. ; Note: Used only when pm is set to 'dynamic' ; Default Value: min_spare_servers + (max_spare_servers - min_spare_servers) / 2 -pm.start_servers = 2 +; pm.start_servers = 2 ; The desired minimum number of idle server processes. ; Note: Used only when pm is set to 'dynamic' ; Note: Mandatory when pm is set to 'dynamic' -pm.min_spare_servers = 1 +; pm.min_spare_servers = 1 ; The desired maximum number of idle server processes. ; Note: Used only when pm is set to 'dynamic' ; Note: Mandatory when pm is set to 'dynamic' -pm.max_spare_servers = 3 +; pm.max_spare_servers = 3 + +; This sets the maximum time in seconds a script is allowed to run before it is +; terminated by the parser. This helps prevent poorly written scripts from tying up +; the server. The default setting is 30s. +; Note: Used only when pm is set to 'ondemand' +pm.process_idle_timeout = 10s + +; The number of requests each child process should execute before respawning. +; This can be useful to work around memory leaks in 3rd party libraries. For endless +; request processing specify '0'. +; Equivalent to PHP_FCGI_MAX_REQUESTS. Default value: 0. +; Noted: Used only when pm is set to 'ondemand' +pm.max_requests = 200 From 556a5897d1aa33a3c83a55f227db63709b12521d Mon Sep 17 00:00:00 2001 From: Erriez Date: Thu, 12 Aug 2021 21:10:06 +0200 Subject: [PATCH 4/9] Install php7-pdo and php7-pdo_sqlite for contacts --- webmails/rainloop/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/webmails/rainloop/Dockerfile b/webmails/rainloop/Dockerfile index e6c3d63c..77b7a4a2 100644 --- a/webmails/rainloop/Dockerfile +++ b/webmails/rainloop/Dockerfile @@ -27,7 +27,7 @@ RUN apk add --no-cache \ # php7-pdo_sqlite Access to SQLite 3 databases RUN apk add --no-cache \ nginx \ - php7 php7-fpm php7-curl php7-iconv php7-json php7-xml php7-dom php7-openssl \ + php7 php7-fpm php7-curl php7-iconv php7-json php7-xml php7-dom php7-openssl php7-pdo php7-pdo_sqlite \ && rm /etc/nginx/http.d/default.conf \ && rm /etc/php7/php-fpm.d/www.conf \ && mkdir -p /run/nginx \ From 5a1d89aaac3a28a5647c562645fa8e82543dd885 Mon Sep 17 00:00:00 2001 From: Erriez Date: Fri, 13 Aug 2021 23:20:41 +0200 Subject: [PATCH 5/9] Restore Rainloop Dockerfile HEALTHCHECK --- webmails/rainloop/Dockerfile | 2 ++ 1 file changed, 2 insertions(+) diff --git a/webmails/rainloop/Dockerfile b/webmails/rainloop/Dockerfile index 77b7a4a2..0e7f317e 100644 --- a/webmails/rainloop/Dockerfile +++ b/webmails/rainloop/Dockerfile @@ -67,3 +67,5 @@ EXPOSE 80/tcp VOLUME ["/data"] CMD php-fpm7 && /start.py + +HEALTHCHECK CMD curl -f -L http://localhost/ || exit 1 From 10f2c179797f86e29f3e1e0901c1c2e60b728701 Mon Sep 17 00:00:00 2001 From: Erriez Date: Fri, 13 Aug 2021 23:21:12 +0200 Subject: [PATCH 6/9] Restore Roundcube PHP files --- webmails/roundcube/config.inc.php | 66 +++++++++++++++++++++++++++++++ webmails/roundcube/mailu.php | 59 +++++++++++++++++++++++++++ 2 files changed, 125 insertions(+) create mode 100644 webmails/roundcube/config.inc.php create mode 100644 webmails/roundcube/mailu.php diff --git a/webmails/roundcube/config.inc.php b/webmails/roundcube/config.inc.php new file mode 100644 index 00000000..797f229c --- /dev/null +++ b/webmails/roundcube/config.inc.php @@ -0,0 +1,66 @@ + array( + 'verify_peer' => false, + 'verify_peer_name' => false, + ), +); +$config['imap_conn_options'] = $ssl_no_check; +$config['smtp_conn_options'] = $ssl_no_check; +$config['managesieve_conn_options'] = $ssl_no_check; + +// skin name: folder from skins/ +$config['skin'] = 'elastic'; + +// Enigma gpg plugin +$config['enigma_pgp_homedir'] = '/data/gpg'; + +// Set From header for DKIM signed message delivery reports +$config['mdn_use_from'] = true; diff --git a/webmails/roundcube/mailu.php b/webmails/roundcube/mailu.php new file mode 100644 index 00000000..bb4d65e9 --- /dev/null +++ b/webmails/roundcube/mailu.php @@ -0,0 +1,59 @@ +add_hook('startup', array($this, 'startup')); + $this->add_hook('authenticate', array($this, 'authenticate')); + $this->add_hook('login_after', array($this, 'login')); + $this->add_hook('login_failed', array($this, 'login_failed')); + $this->add_hook('logout_after', array($this, 'logout')); + } + + function startup($args) + { + if (empty($_SESSION['user_id'])) { + $args['action'] = 'login'; + } + + return $args; + } + + function authenticate($args) + { + if (!in_array('HTTP_X_REMOTE_USER', $_SERVER) || !in_array('HTTP_X_REMOTE_USER_TOKEN', $_SERVER)) { + header('HTTP/1.0 403 Forbidden'); + die(); + } + $args['user'] = $_SERVER['HTTP_X_REMOTE_USER']; + $args['pass'] = $_SERVER['HTTP_X_REMOTE_USER_TOKEN']; + + $args['cookiecheck'] = false; + $args['valid'] = true; + + return $args; + } + + function logout($args) { + // Redirect to global SSO logout path. + $this->load_config(); + + $sso_logout_url = rcmail::get_instance()->config->get('sso_logout_url'); + header("Location: " . $sso_logout_url, true); + exit; + } + + function login($args) + { + header('Location: index.php'); + exit(); + } + function login_failed($args) + { + header('Location: sso.php'); + exit(); + } + +} From 5adc4f08f632e1fd4e66488a070ecb382b95d8d1 Mon Sep 17 00:00:00 2001 From: Erriez Date: Mon, 16 Aug 2021 17:41:36 +0200 Subject: [PATCH 7/9] Restore curl --- webmails/rainloop/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/webmails/rainloop/Dockerfile b/webmails/rainloop/Dockerfile index 0e7f317e..f1394d64 100644 --- a/webmails/rainloop/Dockerfile +++ b/webmails/rainloop/Dockerfile @@ -59,7 +59,7 @@ RUN apk add --no-cache \ && find . -type d -exec chmod 755 {} \; \ && find . -type f -exec chmod 644 {} \; \ && chown -R nginx:nginx /var/www/rainloop \ - && apk del curl unzip + && apk del unzip COPY start.py /start.py From 6437540704bb9a957844830d6b7a4981aa4a4355 Mon Sep 17 00:00:00 2001 From: Erriez Date: Wed, 18 Aug 2021 19:00:32 +0200 Subject: [PATCH 8/9] Change error_log to warn --- webmails/rainloop/config/nginx-rainloop.conf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/webmails/rainloop/config/nginx-rainloop.conf b/webmails/rainloop/config/nginx-rainloop.conf index 0f9f3122..dfdbf8f7 100644 --- a/webmails/rainloop/config/nginx-rainloop.conf +++ b/webmails/rainloop/config/nginx-rainloop.conf @@ -8,7 +8,7 @@ server { access_log off; # /dev/stderr (Default), , debug, info, notice, warn, error, crit, alert, emerg - error_log /dev/stderr error; + error_log /dev/stderr warn; index index.php; From 6cecacb6da4c5ef05229d9010a61c2c8d6b1bc2d Mon Sep 17 00:00:00 2001 From: Erriez Date: Wed, 18 Aug 2021 21:50:13 +0200 Subject: [PATCH 9/9] Add catch_workers_output to php-rainloop.conf --- webmails/rainloop/config/php-rainloop.conf | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/webmails/rainloop/config/php-rainloop.conf b/webmails/rainloop/config/php-rainloop.conf index fae0d81e..e9906505 100644 --- a/webmails/rainloop/config/php-rainloop.conf +++ b/webmails/rainloop/config/php-rainloop.conf @@ -3,6 +3,11 @@ ; pool name ('rainloop' here) [rainloop] +; Redirect worker stdout and stderr into main error log. If not set, stdout and +; stderr will be redirected to /dev/null according to FastCGI specs. +; Default value: no. +catch_workers_output = 1 + ; Unix user/group of processes ; Note: The user is mandatory. If the group is not set, the default user's group ; will be used.