Step1: expose managesieve, make the webmails use it

main
Florent Daigniere 2 years ago
parent 92c0016e32
commit e85a2a7e99

@ -135,10 +135,16 @@ service lmtp {
service managesieve-login { service managesieve-login {
inet_listener sieve { inet_listener sieve {
port = 4190 port = 4190
haproxy = yes
} }
} }
protocol sieve {
ssl = no
}
service managesieve { service managesieve {
process_limit = 1024
} }
plugin { plugin {

@ -17,7 +17,8 @@ ARG VERSION
LABEL version=$VERSION LABEL version=$VERSION
RUN set -euxo pipefail \ RUN set -euxo pipefail \
; apk add --no-cache certbot nginx nginx-mod-mail openssl ; apk add --no-cache certbot nginx nginx-mod-http-brotli nginx-mod-stream nginx-mod-mail openssl \
; rm /etc/nginx/conf.d/stream.conf
COPY conf/ /conf/ COPY conf/ /conf/
COPY --from=static /static/ /static/ COPY --from=static /static/ /static/
@ -25,7 +26,7 @@ COPY *.py /
RUN echo $VERSION >/version RUN echo $VERSION >/version
EXPOSE 80/tcp 443/tcp 110/tcp 143/tcp 465/tcp 587/tcp 993/tcp 995/tcp 25/tcp 10025/tcp 10143/tcp EXPOSE 80/tcp 443/tcp 110/tcp 143/tcp 465/tcp 587/tcp 993/tcp 995/tcp 25/tcp 14190/tcp 10025/tcp 10143/tcp
HEALTHCHECK --start-period=60s CMD curl -skfLo /dev/null http://localhost/health HEALTHCHECK --start-period=60s CMD curl -skfLo /dev/null http://localhost/health
VOLUME ["/certs", "/overrides"] VOLUME ["/certs", "/overrides"]

@ -1,9 +1,11 @@
# Basic configuration # Basic configuration
user nginx; user nginx;
worker_processes auto; worker_processes auto;
pcre_jit on;
error_log /dev/stderr notice; error_log /dev/stderr notice;
pid /var/run/nginx.pid; pid /var/run/nginx.pid;
load_module "modules/ngx_mail_module.so"; load_module "modules/ngx_mail_module.so";
load_module "modules/ngx_stream_module.so";
events { events {
worker_connections 1024; worker_connections 1024;
@ -275,6 +277,25 @@ http {
include /etc/nginx/conf.d/*.conf; include /etc/nginx/conf.d/*.conf;
} }
stream {
log_format main '$remote_addr [$time_local] '
'$protocol $status $bytes_sent $bytes_received '
'$session_time "$upstream_addr" '
'"$upstream_bytes_sent" "$upstream_bytes_received" "$upstream_connect_time"';
access_log /dev/stdout main;
# managesieve
server {
listen 14190;
resolver {{ RESOLVER }} valid=30s;
proxy_connect_timeout 1s;
proxy_timeout 1m;
proxy_protocol on;
proxy_pass {{ IMAP_ADDRESS }}:4190;
}
}
mail { mail {
server_name {{ HOSTNAMES.split(",")[0] }}; server_name {{ HOSTNAMES.split(",")[0] }};
auth_http http://127.0.0.1:8000/auth/email; auth_http http://127.0.0.1:8000/auth/email;

@ -28,7 +28,7 @@ $config['default_host'] = '{{ FRONT_ADDRESS or "front" }}';
$config['default_port'] = '10143'; $config['default_port'] = '10143';
// Sieve script management // Sieve script management
$config['managesieve_host'] = '{{ IMAP_ADDRESS or "imap" }}'; $config['managesieve_host'] = '{{ FRONT_ADDRESS or "front" }}:14190';
// We access the IMAP and SMTP servers locally with internal names, SSL // We access the IMAP and SMTP servers locally with internal names, SSL
// will obviously fail but this sounds better than allowing insecure login // will obviously fail but this sounds better than allowing insecure login

@ -32,8 +32,8 @@
"usePhpMail": false "usePhpMail": false
}, },
"Sieve": { "Sieve": {
"host": "{{ IMAP_ADDRESS }}", "host": "{{ FRONT_ADDRESS }}",
"port": 4190, "port": 14190,
"secure": 0, "secure": 0,
"shortLogin": false, "shortLogin": false,
"ssl": { "ssl": {

Loading…
Cancel
Save