Use server-side password generator for generating token.

Fix setup correctly writing the value for API to mailu.env
Normalize env vars for front container.
Update reverse proxy with API information.
main
Dimitri Huisman 2 years ago
parent 0673d32306
commit 75afe1092d
No known key found for this signature in database

@ -252,7 +252,7 @@ http {
{% endif %} {% endif %}
{% endif %} {% endif %}
{% if API == 'true' %} {% if API %}
location ~ {{ WEB_API or '/api' }} { location ~ {{ WEB_API or '/api' }} {
include /etc/nginx/proxy.conf; include /etc/nginx/proxy.conf;
proxy_pass http://$admin; proxy_pass http://$admin;

@ -5,8 +5,7 @@ import logging as log
import sys import sys
from socrate import system, conf from socrate import system, conf
system.set_env() args = system.set_env()
args = os.environ.copy()
log.basicConfig(stream=sys.stderr, level=args.get("LOG_LEVEL", "WARNING")) log.basicConfig(stream=sys.stderr, level=args.get("LOG_LEVEL", "WARNING"))
args['TLS_PERMISSIVE'] = str(args.get('TLS_PERMISSIVE')).lower() not in ('false', 'no') args['TLS_PERMISSIVE'] = str(args.get('TLS_PERMISSIVE')).lower() not in ('false', 'no')

@ -70,14 +70,14 @@ Then on your own frontend, point to these local ports. In practice, you only nee
REAL_IP_FROM=x.x.x.x,y.y.y.y.y REAL_IP_FROM=x.x.x.x,y.y.y.y.y
#x.x.x.x,y.y.y.y.y is the static IP address your reverse proxy uses for connecting to Mailu. #x.x.x.x,y.y.y.y.y is the static IP address your reverse proxy uses for connecting to Mailu.
Because the admin interface is served as ``/admin``, the Webmail as ``/webmail``, the single sign on page as ``/sso``, webdav as ``/webdav``, the client-autoconfiguration and the static files endpoint as ``/static``, you may also want to use a single virtual host and serve other applications (still Nginx): Because the admin interface is served as ``/admin``, the RESTful API as ``/api``, the Webmail as ``/webmail``, the single sign on page as ``/sso``, webdav as ``/webdav``, the client-autoconfiguration and the static files endpoint as ``/static``, you may also want to use a single virtual host and serve other applications (still Nginx):
.. code-block:: nginx .. code-block:: nginx
server { server {
# [...] here goes your standard configuration # [...] here goes your standard configuration
location ~* ^/(admin|sso|static|webdav|webmail|(apple\.)?mobileconfig|(\.well\-known/autoconfig/)?mail/|Autodiscover/Autodiscover) { location ~* ^/(admin|api|sso|static|webdav|webmail|(apple\.)?mobileconfig|(\.well\-known/autoconfig/)?mail/|Autodiscover/Autodiscover) {
proxy_set_header Host $host; proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Real-IP $remote_addr;
proxy_pass https://localhost:8443; proxy_pass https://localhost:8443;

@ -1,7 +1,5 @@
//API_TOKEN generator //Store API token in variable.
var random_array = new Uint32Array(2); var token = $("#api_token").val();
crypto.getRandomValues(random_array);
var token = random_array[0].toString() + random_array[1].toString();
$(document).ready(function() { $(document).ready(function() {
if ($("#webmail").val() == 'none') { if ($("#webmail").val() == 'none') {
@ -39,7 +37,7 @@ $(document).ready(function() {
}); });
$(document).ready(function() { $(document).ready(function() {
if ($('#api').prop('checked')) { if ($('#api_enabled').prop('checked')) {
$("#api_path").show(); $("#api_path").show();
$("#api_path").val("/api") $("#api_path").val("/api")
$("#api_token").show(); $("#api_token").show();
@ -54,7 +52,7 @@ $(document).ready(function() {
$("#api_token").val(""); $("#api_token").val("");
$("#api_token_label").hide(); $("#api_token_label").hide();
} }
$("#api").change(function() { $("#api_enabled").change(function() {
if ($(this).is(":checked")) { if ($(this).is(":checked")) {
$("#api_path").show(); $("#api_path").show();
$("#api_path").val("/api"); $("#api_path").val("/api");

@ -93,11 +93,11 @@ manage your email domains, users, etc.</p>
It is not possible to use the API without an API token.</p> It is not possible to use the API without an API token.</p>
<div class="form-group"> <div class="form-group">
<input type="checkbox" name="api_enabled" value="true" id="api" > <input type="checkbox" name="api_enabled" value="true" id="api_enabled" >
<label>Enable the API (and path to the API)</label> <label>Enable the API (and path to the API)</label>
<input class="form-control" type="text" name="api_path" id="api_path" style="display: none"> <input class="form-control" type="text" name="api_path" id="api_path" style="display: none">
<label name="api_token_label" id="api_token_label">API token</label> <label name="api_token_label" id="api_token_label">API token</label>
<input class="form-control" type="text" name="api_token" id="api_token" style="display: none"> <input class="form-control" type="text" name="api_token" id="api_token" style="display: none" value="{{ secret(32) }}">
</div> </div>
<script src="https://ajax.googleapis.com/ajax/libs/jquery/3.6.0/jquery.min.js"></script> <script src="https://ajax.googleapis.com/ajax/libs/jquery/3.6.0/jquery.min.js"></script>

Loading…
Cancel
Save