233 Commits (e166550bd7af4b351106f460faec36127e158ef7)

Author SHA1 Message Date
Dimitri Huisman 3aafecafe7 Merge branch 'master' into feat-switch-buildx 2 years ago
Dimitri Huisman f6de2b2938 Switch from docker build to buildx for CI/CD.
- The main workflow file has been optimised and simplified.
- Images are built in parallel when building locally resulting in faster build times.
- The github action workflow is about 50% faster.
- Arm images are built as well. These images are not tested due to restrictions of github actions (no arm runners). The tags of the images have -arm appended to it.
- Arm images can also be built locally.
- Reusable workflow is introduced for building, testing and deploying the images.
  This allows the workflow to be reused for other purposes in the future.
- Workflow can be manually triggered. This allows forked Mailu projects to also use the workflow for building images.
2 years ago
bors[bot] 238daef6d8
Merge #2295
2295: Switch from Rainloop to SnappyMail r=mergify[bot] a=Diman0

## What type of PR?

Feature

## What does this PR do?
As discussed in the project meeting (#1582), we decided we want to switch from Rainloop to an alternative. Rainloop has multiple open security issues which were not patched for a long time. 

We decided to switch to SnappyMail because it is more secure and based on RainLoop. This means that users using RainLoop will still have a webmail that looks familiar for them.

This PR replaces RainLoop with SnappyMail.

### Related issue(s)
- #2215 
- #1582

## Prerequisites
Before we can consider review and merge, please make sure the following list is done and checked.
If an entry in not applicable, you can check it or remove it from the list.

- [x] In case of feature or enhancement: documentation updated accordingly
- [x] Unless it's docs or a minor change: add [changelog](https://mailu.io/master/contributors/workflow.html#changelog) entry file.


Co-authored-by: Dimitri Huisman <diman@huisman.xyz>
Co-authored-by: Florent Daigniere <nextgens@users.noreply.github.com>
2 years ago
Dimitri Huisman 2a527a38cf Deny access to hidden files for snappymail 2 years ago
bors[bot] e50f6c58c0
Merge #2360
2360: roundcube: disable apache2 access log r=mergify[bot] a=pommi

## What type of PR?

bug-fix

## What does this PR do?

It disables the access log of apache2 in the roundcube webmail container. Requests are already logged by the front container. The requests logged in the roundcube container contained contained the wrong client IP: the IP address of the front container.

----

Original PR:

~~Roundcube webmail is accessed through the nginx reverse proxy in the front container. Each access logline logged by apache2 in the roundcube container did not contain the actual client IP address, but the IP address of the front container, for example:~~

```
192.168.203.3 - - [28/May/2022:12:33:52 +0000] "POST /?_task=mail&_action=refresh HTTP/1.1" 200 677 "https://[REDACTED]/roundcube/?_task=mail&_mbox=INBOX" "Mozilla/5.0 (X11; Linux x86_64; rv:100.0) Gecko/20100101 Firefox/100.0"
^
IP address of the front container
```

~~By enabling the apache2 remoteip module and configuring it to get the actual client IP address from the X-Forwarded-For header, it logs the correct client IP address to the access log.~~

### Related issue(s)
- None

## Prerequisites
Before we can consider review and merge, please make sure the following list is done and checked.
If an entry in not applicable, you can check it or remove it from the list.

**No changelog or documentation necessary for this minor change.**


Co-authored-by: Pim van den Berg <pim@nethuis.nl>
2 years ago
Dimitri Huisman ee78a34da4 Process code review feedback
Remove unneeded IF statement in /admin block in nginx.conf of front.
Fix contributions made to Dockerfile, add missing trailing \ and add back curl
Change healthcheck to monitoring page of fpm. Now we check nginx and fpm.
2 years ago
Pim van den Berg 6f884c6c93 roundcube: disable access log
As per discussion in #2360: The front container (nginx reverse proxy) is
already logging all requests, disable the access logs for apache2 in the
roundcube container completely.
2 years ago
Eddy Vervest baea3d4086
Update Dockerfile
missed this one
3 years ago
Eddy Vervest c4c442d000
Update Dockerfile
apt is intended for interactive usage, for scripts use apt-get (https://manpages.debian.org/bullseye/apt/apt.8.en.html) to avoid warnings.
3 years ago
Pim van den Berg e8b7d6afed roundcube: log actual client ip by using apache2 remoteip
Roundcube webmail is accessed through the nginx reverse proxy in the
front container. Each access logline logged by apache2 in the roundcube
container did not contain the actual client IP address, but the IP
address of the front container, for example:

> 192.168.203.3 - - [28/May/2022:12:33:52 +0000] "POST /?_task=mail&_action=refresh HTTP/1.1" 200 677 "https://[REDACTED]/roundcube/?_task=mail&_mbox=INBOX" "Mozilla/5.0 (X11; Linux x86_64; rv:100.0) Gecko/20100101 Firefox/100.0"
  ^
  IP address of the front container

By enabling the apache2 remoteip module and configuring it to get the
actual client IP address from the X-Forwarded-For header, it logs the
correct client IP address to the access log.
3 years ago
Florent Daigniere c5c2ee9f1c
simplify 3 years ago
Dimitri Huisman dc7613b34a Fix healthcheck 3 years ago
Dimitri Huisman 22010ddb4f fix applications.ini 3 years ago
Dimitri Huisman f2f859280c Merge remote-tracking branch 'origin/master' into feature-switch-snappymail 3 years ago
Dimitri Huisman 9519d07ba2 Switch from RainLoop to SnappyMail 3 years ago
the-djmaze a3c01a2bbf
Update application.ini
`contacts_autosave` is part of `[defaults]`, not `[plugins]`
3 years ago
bors[bot] bcecbda9de
Merge #2195
2195: roundcube: Add /overrides directory in include r=mergify[bot] a=mnival

Added the /overrides directory in the roundcube config.inc.php file

## What type of PR?

bug-fix

## What does this PR do?

### Related issue(s)
none

Co-authored-by: mnival <1595998+mnival@users.noreply.github.com>
Co-authored-by: Dimitri Huisman <diman@huisman.xyz>
3 years ago
bors[bot] b73963aae5
Merge #2207
2207: Update webmail container configuration to support MESSAGE_SIZE_LIMIT r=mergify[bot] a=marioja

## What type of PR?

bug-fix

## What does this PR do?

### Related issue(s)
- Auto close an issue like: closes #2186 

## Prerequisites
Before we can consider review and merge, please make sure the following list is done and checked.
If an entry in not applicable, you can check it or remove it from the list.

- [x] Unless it's docs or a minor change: add [changelog](https://mailu.io/master/contributors/workflow.html#changelog) entry file.


Co-authored-by: Mario Jauvin <marioja@users.noreply.github.com>
3 years ago
Mario Jauvin 490e27e229 Start fastcgi process manager after config files updated 3 years ago
bors[bot] 6d348b1650
Merge #2196
2196: roundcube-carddav : Use des_key for pwstore_scheme  r=nextgens a=mnival

roundcube-carddav: Configuring pwstore_scheme in carddav plugin with des_key because Mailu is incompatible with encrypted

https://github.com/mstilkerich/rcmcarddav/blob/master/doc/ADMIN-SETTINGS.md#password-storing-scheme

## What type of PR?

bug-fix

## What does this PR do?

### Related issue(s)
- closes #2230

Co-authored-by: mnival <1595998+mnival@users.noreply.github.com>
3 years ago
Mario Jauvin e47d9bf9be Revert "Set client_max_body_size in default nginx config file"
This reverts commit db39d6b1e2.
3 years ago
Mario Jauvin db39d6b1e2 Set client_max_body_size in default nginx config file 3 years ago
Mario Jauvin 53a8543772 update permission 3 years ago
Mario Jauvin 5a909bd45d Add config.py and set permissions 3 years ago
Mario Jauvin 7dc9802447 Added subprocess import 3 years ago
Mario Jauvin a9f4fc1b3c Use MESSAGE_SIZE_LIMIT in webmail container also
The webmail container should use the same value as the front container.
3 years ago
mnival 5695bbb0f6 Configuring pwstore_scheme in carddav plugin with des_key because Mailu is incompatible with encrypted 3 years ago
Eric d9ea9f7009
Update php.ini
matching rainloop php to roundcube's: timezone is a parameter in mailu.env
3 years ago
mnival 4b9781210f Add /overrides directory in include 3 years ago
Alexander Graf 37855153b8
fixed plugin path 3 years ago
willofr 93a94d33ce
update roundcube to 1.5.2 (security fix)
New roundcube release (1.5.2) where a XSS is addressed: https://roundcube.net/news/2021/12/30/update-1.5.2-released
3 years ago
bkraul d494dd7d2a Fixes #2131 3 years ago
Dimitri Huisman b248026933 Fix #2117. Gpg-agent package was missing for roundcube image. 3 years ago
Florent Daigniere 6d5926ef29 prettify 3 years ago
Dimitri Huisman 385cb28bf2 Correctly calculate and set SESSION_TIMEOUT in roundcube 3 years ago
Dimitri Huisman ab80316df6 Fix error in roundcube config 3 years ago
Florent Daigniere 3a46ee073c Make roundcube use SESSION_TIMEOUT 3 years ago
Alexander Graf 1a41657f90
add documentation, allow overrides, clean plugins 3 years ago
Alexander Graf b3d48cc20f
fixed health check 3 years ago
Alexander Graf e7e283663d
Merge remote-tracking branch 'upstream/master' into update_roundcube 3 years ago
Alexander Graf 64acfacc73
duh. typo 3 years ago
Alexander Graf 547ad253e1
added plugin selection, derive key, clean env 3 years ago
Alexander Graf 7c2c2dc65a
updated to carddav 4.3.0 3 years ago
Alexander Graf 1ebdb26979
updated to rc 1.5.1 3 years ago
Dimitri Huisman f7677543c6 Process code review remarks
- Moved run to bottom of Dockerfile to allow using unmodified / cached states.
- Simplified bash code in deploy.sh.
- Improved the large bash one-liner in CI.yml. It could not handle >9 for 1.x.
3 years ago
Dimitri Huisman 56dd70cf4a Implement versioning for CI/CD workflow (see #1182). 3 years ago
Alexander Graf 423b8a6b9b
Merge branch 'master' into update_roundcube 3 years ago
DjVinnii a6beb234ff Set timezone in roundcube.ini 3 years ago
DjVinnii 225160610b Set default TZ in Dockerfiles 3 years ago
Alexander Graf 6003e11533 duh. add timezone (again) 3 years ago
Alexander Graf 949efcf537 prevent endless redirect loop on nginx failure 3 years ago
Alexander Graf c89045ed03 duh 3 years ago
Alexander Graf 920ac4cd21 updated to php8. fixed login. fixed max_filesize. 3 years ago
Alexander Graf 46d27e48ff Merge remote-tracking branch 'upstream/master' into update_roundcube 3 years ago
DjVinnii a1f0c20583 Add tzdata to webmails 3 years ago
Alexander Graf ee45475567 updated roundcube. added cleanup run at startup 3 years ago
Dimitri Huisman 5232bd38fd Simplify webmail logout. 3 years ago
Dimitri Huisman 44d2448412 Updated SSO logic for webmails. Fixed small bug rate limiting. 3 years ago
Alexander Graf ef9e1ac279 remove health check from log 3 years ago
Alexander Graf 7380b248cf direct logging of php errors to stderr 3 years ago
Alexander Graf cd17aa0c43 repair failing health-check 3 years ago
Alexander Graf 16691e83ad re-enable mod_rewrite in roundcube
moved chown/mkdir/symlink from start.py to Dockerfile
3 years ago
Diman0 7083b3f7c6 Fix roundcube sso header issue
Removed apache rewrite module.
3 years ago
Alexander Graf 6c510e2e86 enabled caching via .htaccess 3 years ago
Erriez 6cecacb6da Add catch_workers_output to php-rainloop.conf 3 years ago
Erriez 6437540704 Change error_log to warn 3 years ago
Erriez 5adc4f08f6 Restore curl 3 years ago
Erriez 10f2c17979 Restore Roundcube PHP files 3 years ago
Erriez 5a1d89aaac Restore Rainloop Dockerfile HEALTHCHECK 3 years ago
Erriez 556a5897d1 Install php7-pdo and php7-pdo_sqlite for contacts 3 years ago
Erriez d0a0ba6727 Optimize PHP pm setting to ondemand
The ondemand setting results in lower memory consumption in idle.
3 years ago
Erriez 0fd97124f7 Process review feedback 3 years ago
Erriez d472900efa Optimize Rainloop to NGINX
- Reduce build time.
- Reduce image size.
- Faster user response using CGI.
3 years ago
Florent Daigniere defea3258d update arm builds too 3 years ago
bors[bot] 66ea28b50a
Merge #1845
1845: Update rainloop to 1.16.0 r=mergify[bot] a=nextgens

## What type of PR?

Security-update for rainloop.

## What does this PR do?

Upgrade to rainloop v1.16

### Related issue(s)
- #1829

## Prerequistes
Before we can consider review and merge, please make sure the following list is done and checked.
If an entry in not applicable, you can check it or remove it from the list.

- [x] In case of feature or enhancement: documentation updated accordingly
- [x] Unless it's docs or a minor change: add [changelog](https://mailu.io/master/contributors/guide.html#changelog) entry file.


Co-authored-by: Florent Daigniere <nextgens@freenetproject.org>
3 years ago
Florent Daigniere d75c8469d3 Update rainloop to 1.16.0 3 years ago
Alexander Graf 14bdeb5e1e Update version of roundcube webmail and carddav plugin.
This is a security update.

- roundcube 1.4.11
- carddav 4.1.2
3 years ago
bors[bot] fc1a663da2
Merge #1754
1754: centralize Webmail authentication behind the admin panel (SSO) r=mergify[bot] a=nextgens

## What type of PR?

Enhancement: it centralizes the authentication of webmails to the admin interface.

## What does this PR do?

It implements the glue required for webmails to do SSO using the admin interface.
One of the main advantages of centralizing things this way is that it reduces significantly the attack surface available to an unauthenticated attacker (no webmail access until there is a valid Flask session).

Others include the ability to implement 2FA down the line and rate-limit things as required.

### Related issue(s)
- #783

## Prerequistes
Before we can consider review and merge, please make sure the following list is done and checked.
If an entry in not applicable, you can check it or remove it from the list.

- [x] In case of feature or enhancement: documentation updated accordingly
- [x] Unless it's docs or a minor change: add [changelog](https://mailu.io/master/contributors/guide.html#changelog) entry file.


Co-authored-by: Florent Daigniere <nextgens@freenetproject.org>
3 years ago
parisni a9548e4cbd Remove mailu/roundcube shared host 4 years ago
parisni 5386e33af3 Reformat python 4 years ago
parisni 49c5c0eba6 Split mailu / roundcube db config
There is no reason to share the flavor since at least the dbname shall be different.
4 years ago
Florent Daigniere dd3d03f06d Merge remote-tracking branch 'upstream/master' into webmail-sso 4 years ago
bors[bot] 0f8d2077a5
Merge #1691
1691: update webmails to PHP 7.4 r=mergify[bot] a=lub

## What type of PR?

update

## What does this PR do?

### Related issue(s)

## Prerequistes
Before we can consider review and merge, please make sure the following list is done and checked.
If an entry in not applicable, you can check it or remove it from the list.

- [ ] In case of feature or enhancement: documentation updated accordingly
- [ ] Unless it's docs or a minor change: add [changelog](https://mailu.io/master/contributors/guide.html#changelog) entry file.



I think it's a minor change, which needs no changelog.

I've tested rainloop, would be great if someone could test roundcube, because I don't use it.

Co-authored-by: lub <git@lubiland.de>
4 years ago
bors[bot] cca4b50915
Merge #1607
1607: _FILE variables for Docker swarm secrets r=mergify[bot] a=lub

## What type of PR?

enhancement

## What does this PR do?

This PR enables usage of DB_PW_FILE and SECRET_KEY_FILE instead of DB_PW and SECRET_KEY to load these values from files instead of supplying them directly. That way it's possible to use Docker secrets.

### Related issue(s)


## Prerequistes
Before we can consider review and merge, please make sure the following list is done and checked.
If an entry in not applicable, you can check it or remove it from the list.

- [x] In case of feature or enhancement: documentation updated accordingly
- [x] Unless it's docs or a minor change: add [changelog](https://mailu.io/master/contributors/guide.html#changelog) entry file.


Co-authored-by: lub <git@lubiland.de>
4 years ago
Florent Daigniere e8f70c12dc avoid a warning 4 years ago
Florent Daigniere 80f939cf1a Revert to the old behaviour when ADMIN=false 4 years ago
Florent Daigniere 2cdee8d18e Make roundcube use internal auth 4 years ago
Florent Daigniere 906a051925 Make rainloop use internal auth 4 years ago
ronivay eb0dc7f90a disable php version expose 4 years ago
lub 8dd5dac3ed update roundcube to php 7.4 4 years ago
lub d63ca857b4 update rainloop to php 7.4 4 years ago
lub 02cfe326d3 support using files for SECRET_KEY and DB_PW
this enables usage of e.g. docker swarm secrets instead of exposing the
passwords directly via environment variables

just use DB_PW_FILE and SECRET_KEY_FILE instead of DB_PW and SECRET_KEY
4 years ago
Thomas Sänger e8eaad6c88
update roundcube 5 years ago
bors[bot] ddac2672fc
Merge #1338
1338: Add GPG to Roundcube r=mergify[bot] a=PhilRW

The web UI was complaining that it couldn't find the GPG binary. Turns out it wasn't installed.

## What type of PR?

bug fix

## What does this PR do?

Adds GPG binary to Roundcube

Co-authored-by: Philip Rosenberg-Watt <PhilRW@users.noreply.github.com>
Co-authored-by: Dario Ernst <github@kanojo.de>
5 years ago
bors[bot] 0469e96f8e
Merge #1298
1298: Added carddav-plugin for roundcube webmail r=ofthesun9 a=sholl

## Feature

This PR enables the carddav contacts plugin for integration remote contact-repositories based on CardDAV.

## What does this PR do?

This PR enables the carddav contacts plugin for integration remote contact-repositories based on CardDAV.

### Related issue(s)
- Related #1230, at least for CardDAV.


## Prerequistes
Before we can consider review and merge, please make sure the following list is done and checked.
If an entry in not applicable, you can check it or remove it from the list.

- [x] In case of feature or enhancement: documentation updated accordingly (not needed since the plugins of webmail is not mentioned in the docs.)
- [x] Changelog-entry added


Co-authored-by: Stephan Holl <stephan@holl-land.de>
5 years ago
TheLegend875 519600a78b Set From header for delivery reports
closes #1381
5 years ago
Michael Wyraz 12667c70f6 Fix roundcube permissions, tail correct log 5 years ago
Dario Ernst 4d475f4e69
Merge branch 'master' into patch-1 5 years ago
bors[bot] e41b072938
Merge #1268
1268: Roundcube db r=Nebukadneza a=micw

## What type of PR?

feature

## What does this PR do?

- makes roundcube work with mysql
- runs db init/upgrade scripts on startup
- redirects roundcube logs to stdout

### Related issue(s)
- preparations to solve #1226
- closes #1157 (side effect ;-) )

## Prerequistes

- [x] Unless it's docs or a minor change: add [changelog](https://mailu.io/master/contributors/guide.html#changelog) entry file.


Co-authored-by: Michael Wyraz <michael@wyraz.de>
Co-authored-by: micw <michael@wyraz.de>
5 years ago
Thomas Sänger 5e2d0b78b6
Update Roundcube to 1.4.3 5 years ago