192 Commits (f6cdfb3392961c072d14927efa65f541266a776d)

Author SHA1 Message Date
Dimitri Huisman f6cdfb3392
Allow Healthcheck requests over IPv6 2 years ago
Dimitri Huisman 2a894cb15d
Process nextgens review remarks 2 years ago
Dimitri Huisman 92f270c94e
Update the webmail images:
Roundcube
  - Switch to base image (alpine)
  - Switch to php-fpm
SnappyMail
  - Switch to base image
  - Upgrade php7 to php8.
2 years ago
Vincent Kling 23d06a5761 Fix a bunch of typos 2 years ago
bors[bot] 04a932bf66
Merge #2423
2423: Correct the extension of files used for Roundcube overrides r=mergify[bot] a=DannyDaemonic

This adds ".inc.php" files to the included overrides while maintaining support for existing ".inc" files previously included via overrides. It also updates the corresponding documentation.

Roundcube itself uses "inc.php" files and these overrides are expected to match that format. Switching to "inc.php" both tells the user that these need to be proper php files and conveys they are used for changing the same settings that Roundcube's inc.php files modify.

## What type of PR?

bug-fix, documentation

## What does this PR do?

- Adds ".inc.php" to the list of include files being built in roundcube's start.py
- Updates override information in the faq section: [How can I override settings?](https://github.com/Mailu/Mailu/blob/master/docs/faq.rst#how-can-i-override-settings)
- Includes changelog recommends using .inc.php moving forward

## Related issue(s)
- This addresses confusion seen in issues like: #2388

## Prerequisites
Before we can consider review and merge, please make sure the following list is done and checked.
If an entry in not applicable, you can check it or remove it from the list.

- [x] In case of feature or enhancement: documentation updated accordingly
- [x] Unless it's docs or a minor change: add [changelog](https://mailu.io/master/contributors/workflow.html#changelog) entry file.


Co-authored-by: Danny Daemonic <DannyDaemonic@gmail.com>
2 years ago
Dimitri Huisman dd3f1a3376 Switch to mode=min for GHA cache for docker buildx to prevent ratelimiting in GHA workflow 2 years ago
Danny Daemonic 3eeb7962c2 Correct the extension used for Roundcube overrides
This adds ".inc.php" files to the included overrides while maintaining
support for existing ".inc" files previously included via overrides.

Roundcube itself uses "inc.php" files and these overrides are expected
to match that format. Switching to "inc.php" both tells the user that
these need to be proper php files and conveys they are used for changing
the same settings that Roundcube's inc.php files modify.
2 years ago
bors[bot] 53de7b7d60
Merge #2403
2403: Feature: switch CI/CD from build to buildx r=mergify[bot] a=Diman0

## What type of PR?

Feature and enhancement

## What does this PR do?

Switch from docker build to buildx for CI/CD.
    - The main workflow file has been optimised and simplified.
    - Images are built in parallel when building locally resulting in much faster build times.
    - The github action workflow is about 50% faster.
    - Arm images are built as well. These images are not tested due to restrictions of github actions (no arm runners). The tags of the images have -arm appended to it. The arm images are built on merge on master and release branch (x.y). They do not influence the normal CI/CD workflow used for bors (for PR) and real releases (merge on master and branch x.y for x86_64). 
    - Arm images (and normal x86_64 images) can also be built locally.
    - Reusable workflow is introduced for building, testing and deploying the images. This allows the workflow to be reused for other purposes in the future.
    - Workflow can be manually triggered. This allows forked Mailu projects to also use the workflow for building images.

The main workflow makes use of github actions cache to store the cache layer. This layer is used to quickly rebuilt the images in the testing step and deploy step.

Unfortunately the building the arm images fails sometimes due to timeouts. Sometimes the connection to github actions cache is very slow. Restarting the workflow from the last failed step resolves this. I have not observed this with the normal build.

Just as previous time, you can use a forked project for testing the changes (https://github.com/Diman0/Mailu_Fork). You should still have owner access. I have created branch 1.11 for testing. You can see I already push 4 times to branch 1.11 (current version is 1.11.3).

### Related issue(s)
- Mention an issue like: #001
- closes #2383 
- closes #1830
- closes #1200

## Prerequisites
Before we can consider review and merge, please make sure the following list is done and checked.
If an entry in not applicable, you can check it or remove it from the list.

- [x] In case of feature or enhancement: documentation updated accordingly
- [x] Unless it's docs or a minor change: add [changelog](https://mailu.io/master/contributors/workflow.html#changelog) entry file.


Co-authored-by: Dimitri Huisman <diman@huisman.xyz>
2 years ago
Will 72a5bbf53d Update roundcube to 1.5.3 and rcmcarddav plugin 2 years ago
Dimitri Huisman 3aafecafe7 Merge branch 'master' into feat-switch-buildx 2 years ago
Dimitri Huisman f6de2b2938 Switch from docker build to buildx for CI/CD.
- The main workflow file has been optimised and simplified.
- Images are built in parallel when building locally resulting in faster build times.
- The github action workflow is about 50% faster.
- Arm images are built as well. These images are not tested due to restrictions of github actions (no arm runners). The tags of the images have -arm appended to it.
- Arm images can also be built locally.
- Reusable workflow is introduced for building, testing and deploying the images.
  This allows the workflow to be reused for other purposes in the future.
- Workflow can be manually triggered. This allows forked Mailu projects to also use the workflow for building images.
2 years ago
bors[bot] 238daef6d8
Merge #2295
2295: Switch from Rainloop to SnappyMail r=mergify[bot] a=Diman0

## What type of PR?

Feature

## What does this PR do?
As discussed in the project meeting (#1582), we decided we want to switch from Rainloop to an alternative. Rainloop has multiple open security issues which were not patched for a long time. 

We decided to switch to SnappyMail because it is more secure and based on RainLoop. This means that users using RainLoop will still have a webmail that looks familiar for them.

This PR replaces RainLoop with SnappyMail.

### Related issue(s)
- #2215 
- #1582

## Prerequisites
Before we can consider review and merge, please make sure the following list is done and checked.
If an entry in not applicable, you can check it or remove it from the list.

- [x] In case of feature or enhancement: documentation updated accordingly
- [x] Unless it's docs or a minor change: add [changelog](https://mailu.io/master/contributors/workflow.html#changelog) entry file.


Co-authored-by: Dimitri Huisman <diman@huisman.xyz>
Co-authored-by: Florent Daigniere <nextgens@users.noreply.github.com>
2 years ago
Dimitri Huisman 2a527a38cf Deny access to hidden files for snappymail 2 years ago
bors[bot] e50f6c58c0
Merge #2360
2360: roundcube: disable apache2 access log r=mergify[bot] a=pommi

## What type of PR?

bug-fix

## What does this PR do?

It disables the access log of apache2 in the roundcube webmail container. Requests are already logged by the front container. The requests logged in the roundcube container contained contained the wrong client IP: the IP address of the front container.

----

Original PR:

~~Roundcube webmail is accessed through the nginx reverse proxy in the front container. Each access logline logged by apache2 in the roundcube container did not contain the actual client IP address, but the IP address of the front container, for example:~~

```
192.168.203.3 - - [28/May/2022:12:33:52 +0000] "POST /?_task=mail&_action=refresh HTTP/1.1" 200 677 "https://[REDACTED]/roundcube/?_task=mail&_mbox=INBOX" "Mozilla/5.0 (X11; Linux x86_64; rv:100.0) Gecko/20100101 Firefox/100.0"
^
IP address of the front container
```

~~By enabling the apache2 remoteip module and configuring it to get the actual client IP address from the X-Forwarded-For header, it logs the correct client IP address to the access log.~~

### Related issue(s)
- None

## Prerequisites
Before we can consider review and merge, please make sure the following list is done and checked.
If an entry in not applicable, you can check it or remove it from the list.

**No changelog or documentation necessary for this minor change.**


Co-authored-by: Pim van den Berg <pim@nethuis.nl>
2 years ago
Dimitri Huisman ee78a34da4 Process code review feedback
Remove unneeded IF statement in /admin block in nginx.conf of front.
Fix contributions made to Dockerfile, add missing trailing \ and add back curl
Change healthcheck to monitoring page of fpm. Now we check nginx and fpm.
2 years ago
Pim van den Berg 6f884c6c93 roundcube: disable access log
As per discussion in #2360: The front container (nginx reverse proxy) is
already logging all requests, disable the access logs for apache2 in the
roundcube container completely.
2 years ago
Eddy Vervest baea3d4086
Update Dockerfile
missed this one
3 years ago
Eddy Vervest c4c442d000
Update Dockerfile
apt is intended for interactive usage, for scripts use apt-get (https://manpages.debian.org/bullseye/apt/apt.8.en.html) to avoid warnings.
3 years ago
Pim van den Berg e8b7d6afed roundcube: log actual client ip by using apache2 remoteip
Roundcube webmail is accessed through the nginx reverse proxy in the
front container. Each access logline logged by apache2 in the roundcube
container did not contain the actual client IP address, but the IP
address of the front container, for example:

> 192.168.203.3 - - [28/May/2022:12:33:52 +0000] "POST /?_task=mail&_action=refresh HTTP/1.1" 200 677 "https://[REDACTED]/roundcube/?_task=mail&_mbox=INBOX" "Mozilla/5.0 (X11; Linux x86_64; rv:100.0) Gecko/20100101 Firefox/100.0"
  ^
  IP address of the front container

By enabling the apache2 remoteip module and configuring it to get the
actual client IP address from the X-Forwarded-For header, it logs the
correct client IP address to the access log.
3 years ago
Florent Daigniere c5c2ee9f1c
simplify 3 years ago
Dimitri Huisman dc7613b34a Fix healthcheck 3 years ago
Dimitri Huisman 22010ddb4f fix applications.ini 3 years ago
Dimitri Huisman f2f859280c Merge remote-tracking branch 'origin/master' into feature-switch-snappymail 3 years ago
Dimitri Huisman 9519d07ba2 Switch from RainLoop to SnappyMail 3 years ago
the-djmaze a3c01a2bbf
Update application.ini
`contacts_autosave` is part of `[defaults]`, not `[plugins]`
3 years ago
bors[bot] bcecbda9de
Merge #2195
2195: roundcube: Add /overrides directory in include r=mergify[bot] a=mnival

Added the /overrides directory in the roundcube config.inc.php file

## What type of PR?

bug-fix

## What does this PR do?

### Related issue(s)
none

Co-authored-by: mnival <1595998+mnival@users.noreply.github.com>
Co-authored-by: Dimitri Huisman <diman@huisman.xyz>
3 years ago
bors[bot] b73963aae5
Merge #2207
2207: Update webmail container configuration to support MESSAGE_SIZE_LIMIT r=mergify[bot] a=marioja

## What type of PR?

bug-fix

## What does this PR do?

### Related issue(s)
- Auto close an issue like: closes #2186 

## Prerequisites
Before we can consider review and merge, please make sure the following list is done and checked.
If an entry in not applicable, you can check it or remove it from the list.

- [x] Unless it's docs or a minor change: add [changelog](https://mailu.io/master/contributors/workflow.html#changelog) entry file.


Co-authored-by: Mario Jauvin <marioja@users.noreply.github.com>
3 years ago
Mario Jauvin 490e27e229 Start fastcgi process manager after config files updated 3 years ago
bors[bot] 6d348b1650
Merge #2196
2196: roundcube-carddav : Use des_key for pwstore_scheme  r=nextgens a=mnival

roundcube-carddav: Configuring pwstore_scheme in carddav plugin with des_key because Mailu is incompatible with encrypted

https://github.com/mstilkerich/rcmcarddav/blob/master/doc/ADMIN-SETTINGS.md#password-storing-scheme

## What type of PR?

bug-fix

## What does this PR do?

### Related issue(s)
- closes #2230

Co-authored-by: mnival <1595998+mnival@users.noreply.github.com>
3 years ago
Mario Jauvin e47d9bf9be Revert "Set client_max_body_size in default nginx config file"
This reverts commit db39d6b1e2.
3 years ago
Mario Jauvin db39d6b1e2 Set client_max_body_size in default nginx config file 3 years ago
Mario Jauvin 53a8543772 update permission 3 years ago
Mario Jauvin 5a909bd45d Add config.py and set permissions 3 years ago
Mario Jauvin 7dc9802447 Added subprocess import 3 years ago
Mario Jauvin a9f4fc1b3c Use MESSAGE_SIZE_LIMIT in webmail container also
The webmail container should use the same value as the front container.
3 years ago
mnival 5695bbb0f6 Configuring pwstore_scheme in carddav plugin with des_key because Mailu is incompatible with encrypted 3 years ago
Eric d9ea9f7009
Update php.ini
matching rainloop php to roundcube's: timezone is a parameter in mailu.env
3 years ago
mnival 4b9781210f Add /overrides directory in include 3 years ago
Alexander Graf 37855153b8
fixed plugin path 3 years ago
willofr 93a94d33ce
update roundcube to 1.5.2 (security fix)
New roundcube release (1.5.2) where a XSS is addressed: https://roundcube.net/news/2021/12/30/update-1.5.2-released
3 years ago
bkraul d494dd7d2a Fixes #2131 3 years ago
Dimitri Huisman b248026933 Fix #2117. Gpg-agent package was missing for roundcube image. 3 years ago
Florent Daigniere 6d5926ef29 prettify 3 years ago
Dimitri Huisman 385cb28bf2 Correctly calculate and set SESSION_TIMEOUT in roundcube 3 years ago
Dimitri Huisman ab80316df6 Fix error in roundcube config 3 years ago
Florent Daigniere 3a46ee073c Make roundcube use SESSION_TIMEOUT 3 years ago
Alexander Graf 1a41657f90
add documentation, allow overrides, clean plugins 3 years ago
Alexander Graf b3d48cc20f
fixed health check 3 years ago
Alexander Graf e7e283663d
Merge remote-tracking branch 'upstream/master' into update_roundcube 3 years ago
Alexander Graf 64acfacc73
duh. typo 3 years ago