101 Commits (9d474f32a6f9eade5a312dea7e509e86ac0653d4)

Author SHA1 Message Date
Alexander Graf 3141ffe791 removed some whitespace 3 years ago
Dimitri Huisman 6b16756d92 Fix acessing antispam via sidebar. 3 years ago
Dimitri Huisman 3449b67c86 Process code review remarks PR2023 3 years ago
Dimitri Huisman 503044ef6e Reintroduce ProxyFix. Use two buttons for logging in. 3 years ago
Dimitri Huisman fb0f005343 Get rid of complicated prefix logic. Further simplify /static handling and nginx config. 3 years ago
Dimitri Huisman da788ddee3 Merge branch 'fix-sso-1929' of github.com:Diman0/Mailu into fix-sso-1929 3 years ago
Dimitri Huisman bdcc183165 Redirect to configured ENV VAR for Admin/Webmail, further simplify nginx config. 3 years ago
Dimitri Huisman f1a60aa6ea Remove unneeded auth_request_set 3 years ago
Florent Daigniere d3f07a0882 Simplify the handling of /static 3 years ago
Dimitri Huisman 48764f0400 Ensure all requests from the page sso go through the page sso. 3 years ago
Dimitri Huisman 5232bd38fd Simplify webmail logout. 3 years ago
Dimitri Huisman 5d81846c5d Introduce the shared stub /static for providing all static files 3 years ago
Dimitri Huisman eb74a72a52 Moved locations to correct area in nginx.conf. 3 years ago
Dimitri Huisman aa7380ffba Doh! 3 years ago
Dimitri Huisman 44d2448412 Updated SSO logic for webmails. Fixed small bug rate limiting. 3 years ago
Dimitri Huisman ed7adf52a6 Merge branch 'master' of github.com:Diman0/Mailu into fix-sso-1929 3 years ago
Dimitri Huisman 913a6304a7 Finishing touches. Introduce /static stub for handling all static files. 3 years ago
Diman0 41f5b43b38 Set nginx logging to level info again. 3 years ago
Diman0 f4cde61148 Make header translatable. More finishing touches. 3 years ago
Diman0 9894b49cbd Merge/Update with changes from master 3 years ago
Florent Daigniere 89ea51d570 Implement rate-limits 3 years ago
Diman0 bf0aad9820 Merge branch 'master' of github.com:Mailu/Mailu into fix-sso-1929 3 years ago
Alexander Graf 1e8b41f731 Merge remote-tracking branch 'upstream/master' into adminlte3_fixes 3 years ago
Alexander Graf b445d9ddd1 set expire headers only for mailu content
also moved robots.txt from config to static folder.
3 years ago
Alexander Graf 698ee4e521 added tiff and webp to list of cached content 3 years ago
Florent Daigniere 72ba5ca3f9 fix 1789: ensure that nginx resolves ipv4 addresses 3 years ago
Diman0 b148e41d9b Fix nginx config 3 years ago
Alexander Graf f4e7ce0990 enabled caching, gzip and robots.txt 3 years ago
Diman0 960033525d configure sso in nginx 3 years ago
Diman0 8868aec0dc Merge master. Make sso login working for admin. 3 years ago
Florent Daigniere 974bcba5ab Restore LOGIN as tests assume it's there 3 years ago
Florent Daigniere 5e7d5adf17 AUTH shouldn't happen on port 25 3 years ago
Florent Daigniere 7285c6bfd9 admin won't understand LOGIN 3 years ago
bors[bot] 48f3b1fd49
Merge #1656
1656: Add ability to set no WEBROOT_REDIRECT to Nginx r=mergify[bot] a=DavidFair

## What type of PR?

Enhancement / Documentation

## What does this PR do?

From commit:

---

Adds a 'none' env option to WEBROOT_REDIRECT so that no `location /`
configuration is written to nginx.conf.

This is useful for setting up Mailu and Mailman where we override the
root to proxy to the mailing list server instead. Without this change
the nginx container will not start, or for 1.7 users can set their
WEBMAIL_PATH to / with no webmail to get the same results.

This fix means that future users don't have to choose between webmail
and a root override and makes the configuration intention clear.

---

I've also added bullet points to break up a long flowing sentence in `configuration.rst` - it should be a bit easier to read now

### Related issue(s)
No Related Issue - I just jumped to a PR

## Prerequistes
Before we can consider review and merge, please make sure the following list is done and checked.
If an entry in not applicable, you can check it or remove it from the list.

- [x] In case of feature or enhancement: documentation updated accordingly

@ Maintainers - Is this worthy of the changelog, it's useful to know about but I imagine the number of people it affects is equally minimal?
- [ ] Unless it's docs or a minor change: add [changelog](https://mailu.io/master/contributors/guide.html#changelog) entry file.


Co-authored-by: David Fairbrother <DavidFair@users.noreply.github.com>
3 years ago
Florent Daigniere dd3d03f06d Merge remote-tracking branch 'upstream/master' into webmail-sso 4 years ago
bors[bot] ce0c93a681
Merge #1618
1618: add OCSP stapling to nginx.conf r=mergify[bot] a=lub

It's not added in tls.conf, because apparently the mail ssl module
doesnt' support OCSP stapling.

https://nginx.org/en/docs/http/ngx_http_ssl_module.html#ssl_stapling
^ exists

https://nginx.org/en/docs/mail/ngx_mail_ssl_module.html#ssl_stapling
^ missing

When the configured certificate doesn't have OCSP information, it'll
just log a warning during startup.

## What type of PR?

enhancement

## What does this PR do?

It enables OCSP stapling for the http server. OCSP stapling reduces roundtrips for the client and reduces load on OCSP responders.

### Related issue(s)
- fixes  #1616

## Prerequistes
Before we can consider review and merge, please make sure the following list is done and checked.
If an entry in not applicable, you can check it or remove it from the list.

- [x] Unless it's docs or a minor change: add [changelog](https://mailu.io/master/contributors/guide.html#changelog) entry file.


Co-authored-by: lub <git@lubiland.de>
4 years ago
Dario Ernst b6716f0d74 Remove "CHUNKING" capability from nginx-smtp
With `CHUNKING`set as a capability, nginx advertises this capability to
clients at a stage where the SMTP dialog does not seem to be forwarded
to the proxy-target (postfix) yet. Nginx' SMTP parser itself does not
support the `BDAT` command issued as part of a chunke-d dialog. This makes
Nginx respond with a `250 2.0.0 OK` and close the connection, after the
mail-data got sent by the client — without forwarding this to the
proxy-target.

With this, users mail can be lost.

Furthermore, when a user uses a sieve filter to forward mail, dovecot
sometimes chunks the forwarded mail when sending it through `front`.
These forwards then fail.

Removing `CHUNKING` from the capabilities fixes this behavior.
4 years ago
Florent Daigniere 80f939cf1a Revert to the old behaviour when ADMIN=false 4 years ago
Florent Daigniere 906a051925 Make rainloop use internal auth 4 years ago
ofthesun9 d32e73c5bc Fix letsencrypt access to certbot for the mail-letsencrypt flavour 4 years ago
David Fairbrother e7caff9811 Add ability to set no WEBROOT_REDIRECT to Nginx
Adds a 'none' env option to WEBROOT_REDIRECT so that no `location /`
configuration is written to nginx.conf.

This is useful for setting up Mailu and Mailman where we override the
root to proxy to the mailing list server instead. Without this change
the nginx container will not start, or for 1.7 users can set their
WEBMAIL_PATH to / with no webmail to get the same results.

This fix means that future users don't have to choose between webmail
and a root override and makes the configuration intention clear.
4 years ago
bors[bot] 5c36dc4f54
Merge #1611
1611: Adds own server on port 80 for letsencrypt and redirect r=mergify[bot] a=elektro-wolle

## What type of PR?

Bugfix

## What does this PR do?

Handle letsencrypt route to `.well-known` by own server configuration within nginx.

### Related issue(s)
closes #1564

## Prerequistes
Before we can consider review and merge, please make sure the following list is done and checked.
If an entry in not applicable, you can check it or remove it from the list.

- [x] Unless it's docs or a minor change: add [changelog](https://mailu.io/master/contributors/guide.html#changelog) entry file.


Co-authored-by: Wolfgang Jung <w.jung@polyas.de>
4 years ago
lub 66db1f8fd0 add OCSP stapling to nginx.conf
It's not added in tls.conf, because apparently the mail ssl module
doesnt' support OCSP stapling.

https://nginx.org/en/docs/http/ngx_http_ssl_module.html#ssl_stapling
^ exists

https://nginx.org/en/docs/mail/ngx_mail_ssl_module.html#ssl_stapling
^ missing

When the configured certificate doesn't have OCSP information, it'll
just log a warning during startup.
4 years ago
lub 0cb0a26d95 relax TLS settings on port 25
Because basically every MTA out there uses opportunistic TLS _in
the best case_, it's actually counter productive to use such strict
settings.

The alternative to a handshake error is often an unencrypted submission,
which is basically the opposite of what strict ssl_protocols and
ssl_ciphers tries to achieve.

Even big and established providers like Amazon SES are incompatible with the current
settings.

This reverts commit 2ddf46ad2b.
4 years ago
Wolfgang Jung 1f4e9165fa Disables unencrypted http on TLS_ERROR 4 years ago
Wolfgang Jung f999e3de08 Adds own server on port 80 for letsencrypt and redirect 4 years ago
bladeswords 2ddf46ad2b
Update crypto to be modern and inline with tls.conf
Updated to match tls.conf and be aligned to more modern cryptographic standards and only use currently secure protocols and ciphers.
5 years ago
Tom Radtke 4f973f63e6
Upgrading nginx TLS configuration 5 years ago
bors[bot] dcda412b99
Merge #1211
1211: Split HOST_ANTISPAM in HOST_ANTISPAM_MILTER and HOST_ANTISPAM_WEBUI r=mergify[bot] a=micw

## What type of PR?

bug-fix

## What does this PR do?

Fixes #1190 by separating HOST_ANTISPAM into HOST_ANTISPAM_MILTER and HOST_ANTISPAM_WEBUI

### Related issue(s)
- closes #1190
- closes #1150

## Prerequistes
Before we can consider review and merge, please make sure the following list is done and checked.
If an entry in not applicable, you can check it or remove it from the list.

- [ ] In case of feature or enhancement: documentation updated accordingly
- [x] Unless it's docs or a minor change: add [changelog](https://mailu.io/master/contributors/guide.html#changelog) entry file.


Co-authored-by: Michael Wyraz <michael@wyraz.de>
5 years ago
bors[bot] b668eccc17
Merge #1181
1181: Update to address issue #1178 (HTTP headers) r=muhlemmer a=bladeswords

This change should remove the duplicate `x-xss-protection` header and also the `x-powered-by` header.  Hopefully a pull request to main is appropriate, but may be worth back porting to 1.7.

Tested config by modifying live 1.7 nginx config and reloading.  Has had the desired outcome of removing the headers.

```/etc/nginx # nginx -t -c /etc/nginx/nginx.conf 
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful
/etc/nginx # nginx -s reload
```

These steps were based on:
- https://serverfault.com/questions/928912/how-do-i-remove-a-server-added-header-from-proxied-location
- https://serverfault.com/questions/929571/overwrite-http-headers-comming-back-from-a-web-application-server-proxied-in-ngi
- http://nginx.org/en/docs/http/ngx_http_proxy_module.html#proxy_hide_header

## What type of PR?

Enhancement

## What does this PR do?
Removes duplicate and unneeded headers.  See issue #1178 

### Related issue(s)
- issue: #1178 

## Prerequistes
Before we can consider review and merge, please make sure the following list is done and checked.
If an entry in not applicable, you can check it or remove it from the list.

- [ X ] In case of feature or enhancement: documentation updated accordingly
- [ X ] Unless it's docs or a minor change: add [changelog](https://mailu.io/master/contributors/guide.html#changelog) entry file.


Co-authored-by: bladeswords <bladeswords@users.noreply.github.com>
5 years ago