190 Commits (7ce7f2096b530376af4944a98bd6edc276cd648e)

Author SHA1 Message Date
bladeswords b13d143b34
Update to address issue #1178 (HTTP headers)
This change should remove the duplicate `x-xss-protection` header and also the `x-powered-by` header.  Hopefully a pull request to main is appropriate, but may be worth back porting to 1.7.

Tested config by modifying live 1.7 nginx config and reloading.  Has had the desired outcome of removing the headers.

```/etc/nginx # nginx -t -c /etc/nginx/nginx.conf 
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful
/etc/nginx # nginx -s reload
```

These steps were based on:
- https://serverfault.com/questions/928912/how-do-i-remove-a-server-added-header-from-proxied-location
- https://serverfault.com/questions/929571/overwrite-http-headers-comming-back-from-a-web-application-server-proxied-in-ngi
- http://nginx.org/en/docs/http/ngx_http_proxy_module.html#proxy_hide_header
6 years ago
bors[bot] e46153c0b1
Merge #1114
1114: Resolve HOST to ADDRESS only if ADDRESS is not already set r=mergify[bot] a=micw

## What type of PR?

bug-fix

## What does this PR do?

~Makes the rsolving from hosts to ips at startup configurable~

I rewrote the pull request after #940 was merged. Now it resolves HOSTs to ADDRESSes only of ADDRESSes are not already set. So on kubernetes we can jsut set the address and have working service discovery.

### Related issue(s)
- closes #1113

## Prerequistes

~Minor change, backward compatible~
Changelog will be added

Co-authored-by: Michael Wyraz <michael@wyraz.de>
6 years ago
Thomas Sänger 5fa87fbdf7
front: advertise real capabilites of mail-backends 6 years ago
Michael Wyraz 92645bcd4a Use nginx for kubernetes ingress 6 years ago
Michael Wyraz de2f166bd1 Resolve HOST_* to *_ADDRESS only if *_ADDRESS is not already set 6 years ago
kaiyou 4afbc09d6e Remove unnecessary host variable assignments 6 years ago
Tim Möhlmann ed0fb77a01
Catch empty WEBMAIL and WEBDAV address 6 years ago
Ionut Filip 075417bf90 Merged master and fixed conflicts 6 years ago
Aurélien Bondis 124b1d4c71 rebase and update for 3.10, avoid adding qemu file to x86 images 6 years ago
hoellen 9de5dc2592 Use python package socrate instead of Mailustart 6 years ago
Dario Ernst 1dbda71401 Adapt shared layer conf to now really-missing mailustart in admin (after merging webpack) 6 years ago
Dario Ernst 0306be1eed Re-add missing MailuStar in admin
It turns out we were all blind and admin *does* use MailuStart
6 years ago
Dario Ernst ce0c24e076 Merge branch 'master' into HorayNarea-feat-upgrade-alpine 6 years ago
Dario Ernst 53f754f5ac Remove MailuStart from admin and correct layer-sharing comments 6 years ago
Thomas Sänger 2c7d1d2f71
use HTTP/1.1 for proxyied connections 6 years ago
Dario Ernst bb2edb6eb6 Revert "Move alpine version definition out to variable"
This reverts commit c787e4bdbd.
6 years ago
Dario Ernst c787e4bdbd Move alpine version definition out to variable 6 years ago
Dario Ernst a253ca47fe Use official Mailu/MailuStart 6 years ago
Dario Ernst d1f80cca99 Update Dockerfiles to most recent alpine 3.10 6 years ago
Thomas Sänger ef3c6c407a upgrade alpine base-image 6 years ago
Ionut Filip 4c25c83419 HOST_* and *_ADDRESS variables cleanup 7 years ago
Abel Alfonso Fírvida Donéstevez 39444c794e Install bash in alpine based images.
This fix https://github.com/Mailu/Mailu/issues/918

Bash shell is used by default in Kubernetes' dashboard console, which is very
useful for admins.
7 years ago
Ionut Filip f8dffe5a19
Resolve hosts in admin 7 years ago
Ionut Filip 004a431e97
Change to mailustart functions 7 years ago
Tim Möhlmann 049ca9941f
Cleanup syntax and fix typo 7 years ago
Tim Möhlmann 71cda7983e
Merge branch 'master' into feat-logging 7 years ago
Tim Möhlmann 7d01bb2a4d
LOG_LEVEL docs and changelog entry 7 years ago
Tim Möhlmann b04a9d1c28
Implement debug logging for template rendering 7 years ago
Tim Möhlmann 5636e7f5a7
Remove to avoid matching webroot 7 years ago
Tim Möhlmann 4f93e09028
Implement favicon package
Credit to:
- https://stackoverflow.com/a/19590415/1816774
- https://realfavicongenerator.net/
7 years ago
Tim Möhlmann 24828615cf
Webmail on root, fixes #757 7 years ago
Tim Möhlmann c7dcfee882
Merge pull request #713 from pgeorgi/extend-nginx
nginx: Allow extending config with overrides
7 years ago
Tim Möhlmann 6ca8ed437d
Merge pull request #732 from Nebukadneza/add_front_certificate_reload
Add certificate watcher for external certs to reload nginx
7 years ago
Dario Ernst 1aa97c9914 Add certificate watcher for external certs to reload nginx
In case of TLS_FLAVOR=[mail,cert], the user supplies their own certificates.
However, since nginx is not aware of changes to these files, it cannot
reload itself e.g. when the certs get renewed.

To solve this, let’s add a small daemon in the place of
`letsencrypt.py`, which uses a flexible file-watching framework and
reloads nginx in the case the certificates change ….
7 years ago
Tim Möhlmann c00910ca4b
Merge remote-tracking branch 'upstream/master' into extend-nginx 7 years ago
Tim Möhlmann 97d338e68a
Rectify 'endif' placement 7 years ago
Tim Möhlmann 425cdd5e77
Fix syntax errors 7 years ago
Tim Möhlmann 20f1faf6d0
Send 404 when nothing server at '/'
Prevents Nginx welcome screen
7 years ago
Tim Möhlmann 2de4995fec
Don't redirect when webmail is served on '/' 7 years ago
Tim Möhlmann 9dd447e23b
Add login method to smtp_auth under ssl
Fixes #704
7 years ago
Patrick Georgi eac4d553a9 nginx: Allow extending config with overrides
To facilitate this, the default redirect at / can be disabled, even if
the default remains at redirecting to the webmailer.

The extensions are within the host scope and are read from
$ROOT/overrides/nginx/*.conf.
7 years ago
Tim Möhlmann 42e2dbe35d
Standarize image by using shared / similair layers 7 years ago
Thomas Sänger 603b6e7390
Merge pull request #2 from usrpro/fix-nginx-healthcheck
Fix nginx healthcheck
7 years ago
Tim Möhlmann 81b24f61e8
Merge branch 'master' into feat-healthchecks 7 years ago
Tim Möhlmann c3e89967fb
Fix front health checking
- Specified seperated /health path in order to allow for healthcheck even if webmail and admin are not seletectd. This also allows healthchecking fom external services like DNS load balancers;
- Make curl not to fail on TLS because localhost is not included in the certificates.
7 years ago
mergify[bot] bce1487338
Merge pull request #576 from hacor/master
Kubernetes fixed for production
7 years ago
Paul Williams 78bd5aea1c enable http2, because it's that easy 7 years ago
hoellen d4f32c3e7d remove rewrite if webmail is on root 7 years ago
Hans Cornelis 3098343360 Merged conflicts 7 years ago
hacor 4ea12deae7 Added kubernetes to Mailu 7 years ago
Thomas Sänger 39272ab05c
add healthcheck for http services 7 years ago
Tim Möhlmann de43060ef8
Move to Alpine:3.8 and fixing #522 7 years ago
kaiyou 2cba045013 Explicitely declare required volumes, fixes #568 7 years ago
Pierre Jaury 3dca1a834c Pin alpine 3.7 until we fix the certbot issue, see #522 7 years ago
kaiyou 75a1bf967c
Merge pull request #502 from hoellen/webmail-messagesize
Use message_size_limit variable from env for webmail client_max_body_size
7 years ago
hoellen c51e1b9eef webmail client_max_body_size with message_size_limit and 8M tolerance 7 years ago
hoellen 81a6a7cbf6 Use message_size variable from env for webmail 7 years ago
hoellen a1fb8442e3 Add posibilty to run webmail on root '/' 7 years ago
Pierre Jaury 6828231c28 Fix the path of the nginx pid in startup scripts, fixes #483 8 years ago
Dennis Twardowsky 50f9f379e9 Flexible filenames for TLS via envvars (flavours 'cert' and 'mail' only) 8 years ago
kaiyou d1dbba2d3a Add expose instructions in Dockerfiles, fixes #392 8 years ago
Scott b9e67635f4 Use HOST_ADMIN in "Forwarding authentication server". Fixes #436. 8 years ago
kaiyou dfb5463c94 Relax the frame filtering to allow roundcube to display previews 8 years ago
kaiyou 04278b6cbf Pass the full host to the backend, fixes #372 8 years ago
kaiyou 6c56c8e298 Specify the client max body size in the front, related to #371 8 years ago
Mildred Ki'Lya f538e33dcf Parametrize hosts
Allows to use mailu without docker-compose when hostnames are not set up
by docker itself but provided via a separate resolver.

Use case: use mailu using nomad scheduler and consul resolver instead of
docker-compose. Other servers are provided by the DNS resolver that
resolves names like admin.service.consul or webmail.service.consul.
These names needs to be configurable.
8 years ago
SunMar 6ec0fe7036 Adding options for mail-letsencrypt 8 years ago
kaiyou d0b8de72e4 Do not deny HTTP access upon TLS error when the flavor is mail 8 years ago
kaiyou bfc898c2d8 Move dhparam to /conf 8 years ago
Greg Fitzgerald f1ad2cf4d0 Use a predefined dhparam.pem, This fixes issue #322 8 years ago
kaiyou acb5d7da38 Use relative redirect for / to the webmail 8 years ago
kaiyou 2dfc91ac4d Use a map for passing x-forwarded-proto along 8 years ago
kaiyou a4f46ced49 Properly use x-forwarded-proto with redirects in the webui, related to #347 8 years ago
kaiyou 48d736feef Configure a resolver for the mail server to populate xclient hostnames 8 years ago
kaiyou 4761646616 Make sure stale pid files are dealt with, fix #341 8 years ago
kaiyou 743eb81908 Fix the Webdav behavior with Radicale, related to #334 8 years ago
kaiyou 328001a417
Merge pull request #329 from HorayNarea/patch-1
Disable ssl_session_tickets, see https://wiki.mozilla.org/Security/Server_Side_TLS#TLS_tickets_.28RFC_5077.29
8 years ago
kaiyou f3ae318132 Perform webdav authentication in nginx, fixes #330 8 years ago
kaiyou 8920982213 Properly pass the request uri to the authentication backend 8 years ago
kaiyou 97dd9ed77c Fix a missing variable in the nginx config 8 years ago
Thomas Sänger d61ba8e651
disable ssl_session_tickets 8 years ago
kaiyou eb32871904 Force nginx to run dns queries at runtime 8 years ago
Thomas Sänger ad7c5e48c5
automatically set nginx-worker based on CPU-count 8 years ago
kaiyou f362ecdb19 Fix the missing trailing space on /webmail, fixes #304 8 years ago
kaiyou 1a3f85fbc2 Make the rspamd webui available, fixes #157 8 years ago
kaiyou 92f2025d7c Enable pop3 on the frontend, fix #313 8 years ago
kaiyou bfa50c5aa7 Add a new TLS flavor named 'mail' 8 years ago
kaiyou edbea372e9 Merge branch 'master' into refactor-repo 8 years ago
kaiyou ac53b3ed97 Merge branch 'master' into refactor-repo 8 years ago
kaiyou 689be5f2d9 Move all directories per theme 8 years ago