Merge branch 'refactor-nginx'

7 years ago · 9dd4150e7c
parent 3e2dfee431 5786bb3e1b
commit 9dd4150e7c
148 changed files with 496 additions and 429 deletions
--- a/.env.dist
+++ b/.env.dist
@ -23,9 +23,7 @@ BIND_ADDRESS=127.0.0.1
 # Main mail domain
 DOMAIN=mailu.io

-# Main hostname for announces, and list of all available hostnames, separated
-# by comas
-HOSTNAME=mail.mailu.io
+# Hostnames for this server, separated with comas
 HOSTNAMES=mail.mailu.io,alternative.mailu.io,yetanother.mailu.io

 # Postmaster local part (will append the main mail domain)
@ -38,8 +36,8 @@ TLS_FLAVOR=cert
 # Optional features
 ###################################

-# Choose which frontend Web server to run if any (value: traefik, none)
-FRONTEND=none
+# Expose the admin interface (value: true, false)
+ADMIN=false

 # Choose which webmail to run if any (values: roundcube, rainloop, none)
 WEBMAIL=none
@ -76,6 +74,16 @@ RECIPIENT_DELIMITER=+
 DMARC_RUA=admin
 DMARC_RUF=admin

+###################################
+# Web settings
+###################################
+
+# Path to the admin interface if enabled
+WEB_ADMIN=/admin
+
+# Path to the webmail if enabled
+WEB_WEBMAIL=/webmail
+
 ###################################
 # Advanced settings
 ###################################
@ -87,6 +95,3 @@ COMPOSE_PROJECT_NAME=mailu
 # (value: SHA512-CRYPT, SHA256-CRYPT, MD5-CRYPT, CRYPT)
 PASSWORD_SCHEME=SHA512-CRYPT

-# SSL DHPARAM Bits
-NGINX_SSL_DHPARAM_BITS=2048
-
--- a/admin/Dockerfile
+++ b/admin/Dockerfile
@ -5,7 +5,6 @@ WORKDIR /app

 COPY requirements-prod.txt requirements.txt
 RUN apk --update add --virtual build-dep openssl-dev libffi-dev python-dev build-base \
- && apk add openssl \
 && pip install -r requirements.txt \
 && apk del build-dep

--- a/admin/mailu/init.py
+++ b/admin/mailu/init.py
@ -9,18 +9,15 @@ import flask_babel
 import os
 import docker

-from apscheduler.schedulers import background
-
-
 # Create application
-app = flask.Flask(__name__, static_url_path='/admin/app_static')
+app = flask.Flask(__name__)

 default_config = {
    'SQLALCHEMY_DATABASE_URI': 'sqlite:////data/main.db',
    'SQLALCHEMY_TRACK_MODIFICATIONS': False,
    'SECRET_KEY': 'changeMe',
    'DOCKER_SOCKET': 'unix:///var/run/docker.sock',
-    'HOSTNAME': 'mail.mailu.io',
+    'HOSTNAMES': 'mail.mailu.io',
    'DOMAIN': 'mailu.io',
    'POSTMASTER': 'postmaster',
    'DEBUG': False,
@ -50,14 +47,6 @@ migrate = flask_migrate.Migrate(app, db)
 manager = flask_script.Manager(app)
 manager.add_command('db', flask_migrate.MigrateCommand)

-# Task scheduling
-scheduler = background.BackgroundScheduler({
-    'apscheduler.timezone': 'UTC'
-})
-if not app.debug or os.environ.get('WERKZEUG_RUN_MAIN') == 'true':
-    scheduler.start()
-    from mailu import tlstasks
-
 # Babel configuration
 babel = flask_babel.Babel(app)
 translations = list(map(str, babel.list_translations()))
@ -82,7 +71,9 @@ def inject_user():
    return dict(current_user=flask_login.current_user)

 # Import views
-from mailu.views import *
+from mailu import ui, internal
+app.register_blueprint(ui.ui, url_prefix='/ui')
+app.register_blueprint(internal.internal, url_prefix='/internal')

 # Create the prefix middleware
 class PrefixMiddleware(object):
--- a/admin/mailu/internal/init.py
+++ b/admin/mailu/internal/init.py
@ -0,0 +1,6 @@
+from flask import Blueprint
+
+
+internal = Blueprint('internal', __name__)
+
+from mailu.internal import views
--- a/admin/mailu/internal/nginx.py
+++ b/admin/mailu/internal/nginx.py
@ -0,0 +1,70 @@
+from mailu import db, models
+
+import socket
+
+
+SUPPORTED_AUTH_METHODS = ["none", "plain"]
+
+STATUSES = {
+    "authentication": ("Authentication credentials invalid", {
+        "imap": "AUTHENTICATIONFAILED",
+        "smtp": "535 5.7.8",
+        "pop3": ""
+    }),
+}
+
+
+SERVER_MAP = {
+    "imap": ("imap", 143),
+    "smtp": ("smtp", 25)
+}
+
+
+def handle_authentication(headers):
+    """ Handle an HTTP nginx authentication request
+    See: http://nginx.org/en/docs/mail/ngx_mail_auth_http_module.html#protocol
+    """
+    method = headers["Auth-Method"]
+    protocol = headers["Auth-Protocol"]
+    server, port = get_server(headers["Auth-Protocol"])
+    # Incoming mail, no authentication
+    if method == "none" and protocol == "smtp":
+        return {
+            "Auth-Status": "OK",
+            "Auth-Server": server,
+            "Auth-Port": port
+        }
+    # Authenticated user
+    elif method == "plain":
+        user_email = headers["Auth-User"]
+        password = headers["Auth-Pass"]
+        user = models.User.query.get(user_email)
+        if user and user.check_password(password):
+            return {
+                "Auth-Status": "OK",
+                "Auth-Server": server,
+                "Auth-Port": port
+            }
+        else:
+            status, code = get_status(protocol, "authentication")
+            return {
+                "Auth-Status": status,
+                "Auth-Error-Code": code,
+                "Auth-Wait": 0
+            }
+    # Unexpected
+    else:
+        return {}
+
+
+def get_status(protocol, status):
+    """ Return the proper error code depending on the protocol
+    """
+    status, codes = STATUSES[status]
+    return status, codes[protocol]
+
+
+def get_server(protocol):
+    hostname, port = SERVER_MAP[protocol]
+    address = socket.gethostbyname(hostname)
+    return address, port
--- a/admin/mailu/internal/views.py
+++ b/admin/mailu/internal/views.py
@ -0,0 +1,13 @@
+from mailu import db, models
+from mailu.internal import internal, nginx
+
+import flask
+
+
+@internal.route("/nginx")
+def nginx_authentication():
+    headers = nginx.handle_authentication(flask.request.headers)
+    response = flask.Response()
+    for key, value in headers.items():
+        response.headers[key] = str(value)
+    return response
--- a/admin/mailu/tlstasks.py
+++ b/admin/mailu/tlstasks.py
@ -1,68 +0,0 @@
-from mailu import app, scheduler, dockercli
-
-import urllib3
-import json
-import os
-import base64
-import subprocess
-
-
-def install_certs(domain):
-    """ Extract certificates from the given domain and install them
-    to the certificate path.
-    """
-    path = app.config["CERTS_PATH"]
-    acme_path = os.path.join(path, "acme.json")
-    key_path = os.path.join(path, "key.pem")
-    cert_path = os.path.join(path, "cert.pem")
-    if not os.path.exists(acme_path):
-        print("Could not find traefik acme configuration")
-        return
-    with open(acme_path, "r") as handler:
-        data = json.loads(handler.read())
-    for item in data["DomainsCertificate"]["Certs"]:
-        if domain == item["Domains"]["Main"]:
-            cert = base64.b64decode(item["Certificate"]["Certificate"])
-            key = base64.b64decode(item["Certificate"]["PrivateKey"])
-            break
-    else:
-        print("Could not find the proper certificate from traefik")
-        return
-    if os.path.exists(cert_path):
-        with open(cert_path, "rb") as handler:
-            if handler.read() == cert:
-                return
-    print("Installing the new certificate from traefik")
-    with open(cert_path, "wb") as handler:
-        handler.write(cert)
-    with open(key_path, "wb") as handler:
-        handler.write(key)
-
-
-def restart_services():
-    print("Reloading services using TLS")
-    dockercli.reload("http", "smtp", "imap")
-
-
-@scheduler.scheduled_job('date')
-def create_dhparam():
-    path = app.config["CERTS_PATH"]
-    dhparam_path = os.path.join(path, "dhparam.pem")
-    if not os.path.exists(dhparam_path):
-        print("Creating DH params")
-        subprocess.call(["openssl", "dhparam", "-out", dhparam_path, "2048"])
-        restart_services()
-
-
-@scheduler.scheduled_job('date')
-@scheduler.scheduled_job('cron', day='*/4', hour=0, minute=0)
-def refresh_certs():
-    if not app.config["TLS_FLAVOR"] == "letsencrypt":
-        return
-    if not app.config["FRONTEND"] == "traefik":
-        print("Letsencrypt certificates are compatible with traefik only")
-        return
-    print("Requesting traefik to make sure the certificate is fresh")
-    hostname = app.config["HOSTNAME"]
-    urllib3.PoolManager().request("GET", "https://{}".format(hostname))
-    install_certs(hostname)
--- a/admin/mailu/ui/init.py
+++ b/admin/mailu/ui/init.py
@ -0,0 +1,6 @@
+from flask import Blueprint
+
+
+ui = Blueprint('ui', __name__, static_folder='static', template_folder='templates')
+
+from mailu.ui.views import *
--- a/admin/mailu/ui/access.py
+++ b/admin/mailu/ui/access.py
@ -1,4 +1,5 @@
-from mailu import db, models, forms
+from mailu import db, models
+from mailu.ui import forms

 import flask
 import flask_login
--- a/admin/mailu/ui/forms.py
+++ b/admin/mailu/ui/forms.py
--- a/admin/mailu/ui/static/adminlte/css/AdminLTE.min.css
+++ b/admin/mailu/ui/static/adminlte/css/AdminLTE.min.css
--- a/admin/mailu/ui/static/adminlte/css/skin-blue.min.css
+++ b/admin/mailu/ui/static/adminlte/css/skin-blue.min.css
--- a/admin/mailu/ui/static/adminlte/js/app.min.js
+++ b/admin/mailu/ui/static/adminlte/js/app.min.js
--- a/admin/mailu/ui/static/app.css
+++ b/admin/mailu/ui/static/app.css
--- a/admin/mailu/ui/static/bootstrap/css/bootstrap.css.map
+++ b/admin/mailu/ui/static/bootstrap/css/bootstrap.css.map
--- a/admin/mailu/ui/static/bootstrap/css/bootstrap.min.css
+++ b/admin/mailu/ui/static/bootstrap/css/bootstrap.min.css
--- a/admin/mailu/ui/static/bootstrap/fonts/glyphicons-halflings-regular.eot
+++ b/admin/mailu/ui/static/bootstrap/fonts/glyphicons-halflings-regular.eot
--- a/admin/mailu/ui/static/bootstrap/fonts/glyphicons-halflings-regular.svg
+++ b/admin/mailu/ui/static/bootstrap/fonts/glyphicons-halflings-regular.svg
--- a/admin/mailu/ui/static/bootstrap/fonts/glyphicons-halflings-regular.ttf
+++ b/admin/mailu/ui/static/bootstrap/fonts/glyphicons-halflings-regular.ttf
--- a/admin/mailu/ui/static/bootstrap/fonts/glyphicons-halflings-regular.woff
+++ b/admin/mailu/ui/static/bootstrap/fonts/glyphicons-halflings-regular.woff
--- a/admin/mailu/ui/static/bootstrap/fonts/glyphicons-halflings-regular.woff2
+++ b/admin/mailu/ui/static/bootstrap/fonts/glyphicons-halflings-regular.woff2
--- a/admin/mailu/ui/static/bootstrap/js/bootstrap.min.js
+++ b/admin/mailu/ui/static/bootstrap/js/bootstrap.min.js
--- a/admin/mailu/ui/static/jquery/js/jquery-2.2.2.min.js
+++ b/admin/mailu/ui/static/jquery/js/jquery-2.2.2.min.js
--- a/admin/mailu/ui/static/select2/css/select2.min.css
+++ b/admin/mailu/ui/static/select2/css/select2.min.css
--- a/admin/mailu/ui/static/select2/js/i18n/ar.js
+++ b/admin/mailu/ui/static/select2/js/i18n/ar.js
--- a/admin/mailu/ui/static/select2/js/i18n/az.js
+++ b/admin/mailu/ui/static/select2/js/i18n/az.js
--- a/admin/mailu/ui/static/select2/js/i18n/bg.js
+++ b/admin/mailu/ui/static/select2/js/i18n/bg.js
--- a/admin/mailu/ui/static/select2/js/i18n/ca.js
+++ b/admin/mailu/ui/static/select2/js/i18n/ca.js
--- a/admin/mailu/ui/static/select2/js/i18n/cs.js
+++ b/admin/mailu/ui/static/select2/js/i18n/cs.js
--- a/admin/mailu/ui/static/select2/js/i18n/da.js
+++ b/admin/mailu/ui/static/select2/js/i18n/da.js
--- a/admin/mailu/ui/static/select2/js/i18n/de.js
+++ b/admin/mailu/ui/static/select2/js/i18n/de.js
--- a/admin/mailu/ui/static/select2/js/i18n/el.js
+++ b/admin/mailu/ui/static/select2/js/i18n/el.js
--- a/admin/mailu/ui/static/select2/js/i18n/en.js
+++ b/admin/mailu/ui/static/select2/js/i18n/en.js
--- a/admin/mailu/ui/static/select2/js/i18n/es.js
+++ b/admin/mailu/ui/static/select2/js/i18n/es.js
--- a/admin/mailu/ui/static/select2/js/i18n/et.js
+++ b/admin/mailu/ui/static/select2/js/i18n/et.js
--- a/admin/mailu/ui/static/select2/js/i18n/eu.js
+++ b/admin/mailu/ui/static/select2/js/i18n/eu.js
--- a/admin/mailu/ui/static/select2/js/i18n/fa.js
+++ b/admin/mailu/ui/static/select2/js/i18n/fa.js
--- a/admin/mailu/ui/static/select2/js/i18n/fi.js
+++ b/admin/mailu/ui/static/select2/js/i18n/fi.js
--- a/admin/mailu/ui/static/select2/js/i18n/fr.js
+++ b/admin/mailu/ui/static/select2/js/i18n/fr.js
--- a/admin/mailu/ui/static/select2/js/i18n/gl.js
+++ b/admin/mailu/ui/static/select2/js/i18n/gl.js
--- a/admin/mailu/ui/static/select2/js/i18n/he.js
+++ b/admin/mailu/ui/static/select2/js/i18n/he.js
--- a/admin/mailu/ui/static/select2/js/i18n/hi.js
+++ b/admin/mailu/ui/static/select2/js/i18n/hi.js
--- a/admin/mailu/ui/static/select2/js/i18n/hr.js
+++ b/admin/mailu/ui/static/select2/js/i18n/hr.js
--- a/admin/mailu/ui/static/select2/js/i18n/hu.js
+++ b/admin/mailu/ui/static/select2/js/i18n/hu.js
--- a/admin/mailu/ui/static/select2/js/i18n/id.js
+++ b/admin/mailu/ui/static/select2/js/i18n/id.js
--- a/admin/mailu/ui/static/select2/js/i18n/is.js
+++ b/admin/mailu/ui/static/select2/js/i18n/is.js
--- a/admin/mailu/ui/static/select2/js/i18n/it.js
+++ b/admin/mailu/ui/static/select2/js/i18n/it.js
--- a/admin/mailu/ui/static/select2/js/i18n/ja.js
+++ b/admin/mailu/ui/static/select2/js/i18n/ja.js
--- a/admin/mailu/ui/static/select2/js/i18n/km.js
+++ b/admin/mailu/ui/static/select2/js/i18n/km.js
--- a/admin/mailu/ui/static/select2/js/i18n/ko.js
+++ b/admin/mailu/ui/static/select2/js/i18n/ko.js
--- a/admin/mailu/ui/static/select2/js/i18n/lt.js
+++ b/admin/mailu/ui/static/select2/js/i18n/lt.js
--- a/admin/mailu/ui/static/select2/js/i18n/lv.js
+++ b/admin/mailu/ui/static/select2/js/i18n/lv.js
--- a/admin/mailu/ui/static/select2/js/i18n/mk.js
+++ b/admin/mailu/ui/static/select2/js/i18n/mk.js
--- a/admin/mailu/ui/static/select2/js/i18n/ms.js
+++ b/admin/mailu/ui/static/select2/js/i18n/ms.js
--- a/admin/mailu/ui/static/select2/js/i18n/nb.js
+++ b/admin/mailu/ui/static/select2/js/i18n/nb.js
--- a/admin/mailu/ui/static/select2/js/i18n/nl.js
+++ b/admin/mailu/ui/static/select2/js/i18n/nl.js
--- a/admin/mailu/ui/static/select2/js/i18n/pl.js
+++ b/admin/mailu/ui/static/select2/js/i18n/pl.js
--- a/admin/mailu/ui/static/select2/js/i18n/pt-BR.js
+++ b/admin/mailu/ui/static/select2/js/i18n/pt-BR.js
--- a/admin/mailu/ui/static/select2/js/i18n/pt.js
+++ b/admin/mailu/ui/static/select2/js/i18n/pt.js
--- a/admin/mailu/ui/static/select2/js/i18n/ro.js
+++ b/admin/mailu/ui/static/select2/js/i18n/ro.js
--- a/admin/mailu/ui/static/select2/js/i18n/ru.js
+++ b/admin/mailu/ui/static/select2/js/i18n/ru.js
--- a/admin/mailu/ui/static/select2/js/i18n/sk.js
+++ b/admin/mailu/ui/static/select2/js/i18n/sk.js
--- a/admin/mailu/ui/static/select2/js/i18n/sr-Cyrl.js
+++ b/admin/mailu/ui/static/select2/js/i18n/sr-Cyrl.js
--- a/admin/mailu/ui/static/select2/js/i18n/sr.js
+++ b/admin/mailu/ui/static/select2/js/i18n/sr.js
--- a/admin/mailu/ui/static/select2/js/i18n/sv.js
+++ b/admin/mailu/ui/static/select2/js/i18n/sv.js
--- a/admin/mailu/ui/static/select2/js/i18n/th.js
+++ b/admin/mailu/ui/static/select2/js/i18n/th.js
--- a/admin/mailu/ui/static/select2/js/i18n/tr.js
+++ b/admin/mailu/ui/static/select2/js/i18n/tr.js
--- a/admin/mailu/ui/static/select2/js/i18n/uk.js
+++ b/admin/mailu/ui/static/select2/js/i18n/uk.js
--- a/admin/mailu/ui/static/select2/js/i18n/vi.js
+++ b/admin/mailu/ui/static/select2/js/i18n/vi.js
--- a/admin/mailu/ui/static/select2/js/i18n/zh-CN.js
+++ b/admin/mailu/ui/static/select2/js/i18n/zh-CN.js
--- a/admin/mailu/ui/static/select2/js/i18n/zh-TW.js
+++ b/admin/mailu/ui/static/select2/js/i18n/zh-TW.js
--- a/admin/mailu/ui/static/select2/js/select2.full.min.js
+++ b/admin/mailu/ui/static/select2/js/select2.full.min.js
--- a/admin/mailu/ui/static/select2/js/select2.min.js
+++ b/admin/mailu/ui/static/select2/js/select2.min.js
--- a/admin/mailu/ui/templates/admin/create.html
+++ b/admin/mailu/ui/templates/admin/create.html
--- a/admin/mailu/ui/templates/admin/list.html
+++ b/admin/mailu/ui/templates/admin/list.html
--- a/admin/mailu/ui/templates/alias/create.html
+++ b/admin/mailu/ui/templates/alias/create.html
--- a/admin/mailu/ui/templates/alias/edit.html
+++ b/admin/mailu/ui/templates/alias/edit.html
--- a/admin/mailu/ui/templates/alias/list.html
+++ b/admin/mailu/ui/templates/alias/list.html
--- a/admin/mailu/ui/templates/alternative/create.html
+++ b/admin/mailu/ui/templates/alternative/create.html
--- a/admin/mailu/ui/templates/alternative/list.html
+++ b/admin/mailu/ui/templates/alternative/list.html
--- a/admin/mailu/ui/templates/announcement.html
+++ b/admin/mailu/ui/templates/announcement.html
--- a/admin/mailu/ui/templates/base.html
+++ b/admin/mailu/ui/templates/base.html
--- a/admin/mailu/ui/templates/confirm.html
+++ b/admin/mailu/ui/templates/confirm.html
--- a/admin/mailu/ui/templates/docker-error.html
+++ b/admin/mailu/ui/templates/docker-error.html
--- a/admin/mailu/ui/templates/domain/create.html
+++ b/admin/mailu/ui/templates/domain/create.html
--- a/admin/mailu/ui/templates/domain/details.html
+++ b/admin/mailu/ui/templates/domain/details.html
@ -15,6 +15,7 @@
 {% endblock %}

 {% block box %}
+{% let hostname = config["HOSTNAMES"].split(",")[0] %}
 <table class="table table-bordered">
  <tbody>
    <tr>
@ -28,8 +29,8 @@
    <tr>
      <th>{% trans %}DNS SPF entries{% endtrans %}</th>
      <td><pre>
-{{ domain.name }}. 600 IN TXT "v=spf1 mx a:{{ config["HOSTNAME"] }} -all"
-{{ domain.name }}. 600 IN SPF "v=spf1 mx a:{{ config["HOSTNAME"] }} -all"</pre></td>
+{{ domain.name }}. 600 IN TXT "v=spf1 mx a:{{ hostname }} -all"
+{{ domain.name }}. 600 IN SPF "v=spf1 mx a:{{ hostname }} -all"</pre></td>
    </tr>
    {% if domain.dkim_publickey %}
    <tr>
--- a/admin/mailu/ui/templates/domain/edit.html
+++ b/admin/mailu/ui/templates/domain/edit.html
--- a/admin/mailu/ui/templates/domain/list.html
+++ b/admin/mailu/ui/templates/domain/list.html
--- a/admin/mailu/ui/templates/fetch/create.html
+++ b/admin/mailu/ui/templates/fetch/create.html
--- a/admin/mailu/ui/templates/fetch/edit.html
+++ b/admin/mailu/ui/templates/fetch/edit.html
--- a/admin/mailu/ui/templates/fetch/list.html
+++ b/admin/mailu/ui/templates/fetch/list.html
--- a/admin/mailu/ui/templates/form.html
+++ b/admin/mailu/ui/templates/form.html
--- a/admin/mailu/ui/templates/helpers.html
+++ b/admin/mailu/ui/templates/helpers.html
--- a/admin/mailu/ui/templates/index.html
+++ b/admin/mailu/ui/templates/index.html
--- a/admin/mailu/ui/templates/login.html
+++ b/admin/mailu/ui/templates/login.html
--- a/admin/mailu/ui/templates/macros.html
+++ b/admin/mailu/ui/templates/macros.html
--- a/admin/mailu/ui/templates/manager/create.html
+++ b/admin/mailu/ui/templates/manager/create.html
--- a/admin/mailu/ui/templates/manager/list.html
+++ b/admin/mailu/ui/templates/manager/list.html
--- a/admin/mailu/ui/templates/relay/create.html
+++ b/admin/mailu/ui/templates/relay/create.html
--- a/admin/mailu/ui/templates/relay/edit.html
+++ b/admin/mailu/ui/templates/relay/edit.html
--- a/Show More
+++ b/Show More