Merge branch 'master' into refactor-repo

7 years ago · edbea372e9
parent 2d22e9cabe b0eadadc5c
commit edbea372e9
4 changed files with 28 additions and 7 deletions
--- a/.gitignore
+++ b/.gitignore
@ -1,13 +1,15 @@
 *.pyc
 *.mo
 __pycache__
-/core/admin/lib
+pip-selfcheck.json
+/core/admin/lib*
 /core/admin/bin
 /core/admin/include
-pip-selfcheck.json
+/docs/lib*
+/docs/bin
+/docs/include
+/docs/_build
 /.env
-/data
-/docker-compose.mac.yml
 /docker-compose.yml
 /.idea
 /.vscode
--- a/core/admin/mailu/init.py
+++ b/core/admin/mailu/init.py
@ -9,6 +9,8 @@ import flask_limiter

 import os
 import docker
+import socket
+import uuid

 # Create application
 app = flask.Flask(__name__)
@ -16,6 +18,8 @@ app = flask.Flask(__name__)
 default_config = {
    'SQLALCHEMY_DATABASE_URI': 'sqlite:////data/main.db',
    'SQLALCHEMY_TRACK_MODIFICATIONS': False,
+    'INSTANCE_ID_PATH': '/data/instance',
+    'STATS_ENDPOINT': '0.{}.stats.mailu.io',
    'SECRET_KEY': 'changeMe',
    'DOCKER_SOCKET': 'unix:///var/run/docker.sock',
    'HOSTNAMES': 'mail.mailu.io',
@ -50,6 +54,19 @@ db = flask_sqlalchemy.SQLAlchemy(app)
 migrate = flask_migrate.Migrate(app, db)
 limiter = flask_limiter.Limiter(app, key_func=lambda: current_user.username)

+# Run statistics
+if os.path.isfile(app.config["INSTANCE_ID_PATH"]):
+    with open(app.config["INSTANCE_ID_PATH"], "r") as handle:
+        instance_id = handle.read()
+else:
+    instance_id = str(uuid.uuid4())
+    with open(app.config["INSTANCE_ID_PATH"], "w") as handle:
+        handle.write(instance_id)
+try:
+    socket.gethostbyname(app.config["STATS_ENDPOINT"].format(instance_id))
+except:
+    pass
+
 # Debugging toolbar
 if app.config.get("DEBUG"):
    import flask_debugtoolbar
--- a/core/nginx/conf/nginx.conf
+++ b/core/nginx/conf/nginx.conf
@ -124,6 +124,8 @@ mail {
      listen 25;
      listen [::]:25;
      {% if TLS and not TLS_ERROR %}
+      ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
+      ssl_ciphers "EECDH+AESGCM:EDH+AESGCM:ECDHE-RSA-AES128-GCM-SHA256:AES256+EECDH:DHE-RSA-AES128-GCM-SHA256:AES256+EDH:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA:DES-CBC3-SHA:HIGH:!aNULL:!eNULL:!EXPORT:!DES:!MD5:!PSK:!RC4";
      starttls on;
      {% endif %}
      protocol smtp;
--- a/core/nginx/conf/tls.conf
+++ b/core/nginx/conf/tls.conf
@ -1,7 +1,7 @@
 ssl_protocols TLSv1.1 TLSv1.2;
-ssl_ciphers 'EDH+CAMELLIA:EDH+aRSA:EECDH+aRSA+AESGCM:EECDH+aRSA+SHA256:EECDH:+CAMELLIA128:+AES128:+SSLv3:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!DSS:!RC4:!SEED:!IDEA:!ECDSA:kEDH:CAMELLIA128-SHA:AES128-SHA';
+ssl_ciphers 'ECDHE-RSA-AES256-GCM-SHA512:DHE-RSA-AES256-GCM-SHA512:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384';
 ssl_prefer_server_ciphers on;
-ssl_session_timeout 5m;
+ssl_session_timeout 10m;
 ssl_certificate {{ TLS[0] }};
 ssl_certificate_key {{ TLS[1] }};
-
+ssl_dhparam /certs/dhparam.pem;