131 Commits (238daef6d8b0b853fb38e4d2b4a5d8a4b25c4abd)

Author SHA1 Message Date
bors[bot] e50f6c58c0
Merge #2360
2360: roundcube: disable apache2 access log r=mergify[bot] a=pommi

## What type of PR?

bug-fix

## What does this PR do?

It disables the access log of apache2 in the roundcube webmail container. Requests are already logged by the front container. The requests logged in the roundcube container contained contained the wrong client IP: the IP address of the front container.

----

Original PR:

~~Roundcube webmail is accessed through the nginx reverse proxy in the front container. Each access logline logged by apache2 in the roundcube container did not contain the actual client IP address, but the IP address of the front container, for example:~~

```
192.168.203.3 - - [28/May/2022:12:33:52 +0000] "POST /?_task=mail&_action=refresh HTTP/1.1" 200 677 "https://[REDACTED]/roundcube/?_task=mail&_mbox=INBOX" "Mozilla/5.0 (X11; Linux x86_64; rv:100.0) Gecko/20100101 Firefox/100.0"
^
IP address of the front container
```

~~By enabling the apache2 remoteip module and configuring it to get the actual client IP address from the X-Forwarded-For header, it logs the correct client IP address to the access log.~~

### Related issue(s)
- None

## Prerequisites
Before we can consider review and merge, please make sure the following list is done and checked.
If an entry in not applicable, you can check it or remove it from the list.

**No changelog or documentation necessary for this minor change.**


Co-authored-by: Pim van den Berg <pim@nethuis.nl>
2 years ago
Pim van den Berg 6f884c6c93 roundcube: disable access log
As per discussion in #2360: The front container (nginx reverse proxy) is
already logging all requests, disable the access logs for apache2 in the
roundcube container completely.
2 years ago
Eddy Vervest baea3d4086
Update Dockerfile
missed this one
2 years ago
Eddy Vervest c4c442d000
Update Dockerfile
apt is intended for interactive usage, for scripts use apt-get (https://manpages.debian.org/bullseye/apt/apt.8.en.html) to avoid warnings.
2 years ago
Pim van den Berg e8b7d6afed roundcube: log actual client ip by using apache2 remoteip
Roundcube webmail is accessed through the nginx reverse proxy in the
front container. Each access logline logged by apache2 in the roundcube
container did not contain the actual client IP address, but the IP
address of the front container, for example:

> 192.168.203.3 - - [28/May/2022:12:33:52 +0000] "POST /?_task=mail&_action=refresh HTTP/1.1" 200 677 "https://[REDACTED]/roundcube/?_task=mail&_mbox=INBOX" "Mozilla/5.0 (X11; Linux x86_64; rv:100.0) Gecko/20100101 Firefox/100.0"
  ^
  IP address of the front container

By enabling the apache2 remoteip module and configuring it to get the
actual client IP address from the X-Forwarded-For header, it logs the
correct client IP address to the access log.
3 years ago
bors[bot] bcecbda9de
Merge #2195
2195: roundcube: Add /overrides directory in include r=mergify[bot] a=mnival

Added the /overrides directory in the roundcube config.inc.php file

## What type of PR?

bug-fix

## What does this PR do?

### Related issue(s)
none

Co-authored-by: mnival <1595998+mnival@users.noreply.github.com>
Co-authored-by: Dimitri Huisman <diman@huisman.xyz>
3 years ago
mnival 5695bbb0f6 Configuring pwstore_scheme in carddav plugin with des_key because Mailu is incompatible with encrypted 3 years ago
mnival 4b9781210f Add /overrides directory in include 3 years ago
Alexander Graf 37855153b8
fixed plugin path 3 years ago
willofr 93a94d33ce
update roundcube to 1.5.2 (security fix)
New roundcube release (1.5.2) where a XSS is addressed: https://roundcube.net/news/2021/12/30/update-1.5.2-released
3 years ago
Dimitri Huisman b248026933 Fix #2117. Gpg-agent package was missing for roundcube image. 3 years ago
Florent Daigniere 6d5926ef29 prettify 3 years ago
Dimitri Huisman 385cb28bf2 Correctly calculate and set SESSION_TIMEOUT in roundcube 3 years ago
Dimitri Huisman ab80316df6 Fix error in roundcube config 3 years ago
Florent Daigniere 3a46ee073c Make roundcube use SESSION_TIMEOUT 3 years ago
Alexander Graf 1a41657f90
add documentation, allow overrides, clean plugins 3 years ago
Alexander Graf b3d48cc20f
fixed health check 3 years ago
Alexander Graf e7e283663d
Merge remote-tracking branch 'upstream/master' into update_roundcube 3 years ago
Alexander Graf 64acfacc73
duh. typo 3 years ago
Alexander Graf 547ad253e1
added plugin selection, derive key, clean env 3 years ago
Alexander Graf 7c2c2dc65a
updated to carddav 4.3.0 3 years ago
Alexander Graf 1ebdb26979
updated to rc 1.5.1 3 years ago
Dimitri Huisman f7677543c6 Process code review remarks
- Moved run to bottom of Dockerfile to allow using unmodified / cached states.
- Simplified bash code in deploy.sh.
- Improved the large bash one-liner in CI.yml. It could not handle >9 for 1.x.
3 years ago
Dimitri Huisman 56dd70cf4a Implement versioning for CI/CD workflow (see #1182). 3 years ago
Alexander Graf 423b8a6b9b
Merge branch 'master' into update_roundcube 3 years ago
DjVinnii a6beb234ff Set timezone in roundcube.ini 3 years ago
DjVinnii 225160610b Set default TZ in Dockerfiles 3 years ago
Alexander Graf 6003e11533 duh. add timezone (again) 3 years ago
Alexander Graf 949efcf537 prevent endless redirect loop on nginx failure 3 years ago
Alexander Graf c89045ed03 duh 3 years ago
Alexander Graf 920ac4cd21 updated to php8. fixed login. fixed max_filesize. 3 years ago
Alexander Graf 46d27e48ff Merge remote-tracking branch 'upstream/master' into update_roundcube 3 years ago
DjVinnii a1f0c20583 Add tzdata to webmails 3 years ago
Alexander Graf ee45475567 updated roundcube. added cleanup run at startup 3 years ago
Dimitri Huisman 5232bd38fd Simplify webmail logout. 3 years ago
Dimitri Huisman 44d2448412 Updated SSO logic for webmails. Fixed small bug rate limiting. 3 years ago
Alexander Graf ef9e1ac279 remove health check from log 3 years ago
Alexander Graf 7380b248cf direct logging of php errors to stderr 3 years ago
Alexander Graf cd17aa0c43 repair failing health-check 3 years ago
Alexander Graf 16691e83ad re-enable mod_rewrite in roundcube
moved chown/mkdir/symlink from start.py to Dockerfile
3 years ago
Diman0 7083b3f7c6 Fix roundcube sso header issue
Removed apache rewrite module.
3 years ago
Alexander Graf 6c510e2e86 enabled caching via .htaccess 3 years ago
Florent Daigniere defea3258d update arm builds too 3 years ago
Alexander Graf 14bdeb5e1e Update version of roundcube webmail and carddav plugin.
This is a security update.

- roundcube 1.4.11
- carddav 4.1.2
3 years ago
bors[bot] fc1a663da2
Merge #1754
1754: centralize Webmail authentication behind the admin panel (SSO) r=mergify[bot] a=nextgens

## What type of PR?

Enhancement: it centralizes the authentication of webmails to the admin interface.

## What does this PR do?

It implements the glue required for webmails to do SSO using the admin interface.
One of the main advantages of centralizing things this way is that it reduces significantly the attack surface available to an unauthenticated attacker (no webmail access until there is a valid Flask session).

Others include the ability to implement 2FA down the line and rate-limit things as required.

### Related issue(s)
- #783

## Prerequistes
Before we can consider review and merge, please make sure the following list is done and checked.
If an entry in not applicable, you can check it or remove it from the list.

- [x] In case of feature or enhancement: documentation updated accordingly
- [x] Unless it's docs or a minor change: add [changelog](https://mailu.io/master/contributors/guide.html#changelog) entry file.


Co-authored-by: Florent Daigniere <nextgens@freenetproject.org>
3 years ago
parisni a9548e4cbd Remove mailu/roundcube shared host 3 years ago
parisni 5386e33af3 Reformat python 3 years ago
parisni 49c5c0eba6 Split mailu / roundcube db config
There is no reason to share the flavor since at least the dbname shall be different.
3 years ago
Florent Daigniere dd3d03f06d Merge remote-tracking branch 'upstream/master' into webmail-sso 4 years ago
bors[bot] 0f8d2077a5
Merge #1691
1691: update webmails to PHP 7.4 r=mergify[bot] a=lub

## What type of PR?

update

## What does this PR do?

### Related issue(s)

## Prerequistes
Before we can consider review and merge, please make sure the following list is done and checked.
If an entry in not applicable, you can check it or remove it from the list.

- [ ] In case of feature or enhancement: documentation updated accordingly
- [ ] Unless it's docs or a minor change: add [changelog](https://mailu.io/master/contributors/guide.html#changelog) entry file.



I think it's a minor change, which needs no changelog.

I've tested rainloop, would be great if someone could test roundcube, because I don't use it.

Co-authored-by: lub <git@lubiland.de>
4 years ago