- [docker](Dockerfile) To allow HTTP access to webapp we need `define("SECURE_COOKIES", false)` in `/etc/kopano/webapp/config.php`. Earlier is was `define("INSECURE_COOKIES",

2020-11-09 15:03:06 +01:00 · 2020-11-09 15:03:06 +01:00 · 0970ecc655
parent 7309eba0e5
commit 0970ecc655
5 changed files with 21 additions and 8 deletions
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@ -7,6 +7,7 @@
 - [docker](README.md) Added sections `Mail client configuration` and `Implementation`.
 - [docker](Dockerfile) Remove the `debugtools` build target. There already exists an `app-debugtools` target in the [`demo/Makefile`](demo/Makefile).
 - [docker](Dockerfile) Now use an unlock file, which is removed after a virgin container has been configured. This locks the configuration on restarts unless `FORCE_CONFIG` is given.
+- [docker](Dockerfile) To allow HTTP access to webapp we need `define("SECURE_COOKIES", false)` in `/etc/kopano/webapp/config.php`. Earlier is was `define("INSECURE_COOKIES", true)`.

 # 1.2.1

--- a/2
+++ b/2
@ -163,7 +163,7 @@ RUN	apt-get install --yes --no-install-recommends apache2 libapache2-mod-php \
 	&& dpkg-reconfigure php7-mapi \
 	&& . docker-common.sh \
 	&& . docker-config.sh \
-	&& dc_replace /etc/kopano/webapp/config.php 'define("INSECURE_COOKIES", false);' 'define("INSECURE_COOKIES", true);' \
+	&& dc_replace /etc/kopano/webapp/config.php 'define("SECURE_COOKIES", true);' 'define("SECURE_COOKIES", false);' \
 #	&& dc_fixmissing /etc/php/7.?/apache2/conf.d/kopano.ini /etc/php/7.?/mods-available/kopano.ini /etc/php5/conf.d/kopano.ini \
 	&& dc_replace /etc/apache2/sites-available/kopano-webapp.conf 'Alias /webapp /usr/share/kopano-webapp' '<VirtualHost *:80>\\nDocumentRoot /usr/share/kopano-webapp' \
 	&& echo '</VirtualHost>' >> /etc/apache2/sites-available/kopano-webapp.conf \
--- a/README.md
+++ b/README.md
@ -28,7 +28,7 @@ The `mlan/kopano` repository contains a multi staged built. You select which bui

 The version part of the tag is not based on the version of this repository. It is instead, based on the combined revision numbers of the nightly Kopano core and Kopano WebApp package suits that was available when building the images. For example, `8.7.80-3.5.2` indicates that the image was built using the 8.7.80 version of Kopano core and 3.5.2 version of Kopano WebApp.

-The build part of the tag is one of `full` and `core`. The image with tag `full` contain Kopano core components, as well as, the Kopano WebApp and Z-Push. The image with tag `core` contains the Kopano core components proving the server and IMAP, POP3 and ICAL access, but no web access.
+The build part of the tag is one of `full` and `core`. The image with tag `full` contain Kopano core components, as well as, the Kopano WebApp and Z-Push. The image with tag `core` contains the Kopano core components proving the server and IMAP, POP3 and ICAL access, but no web access.

 The tags `latest`, `full`, or `core` all reference the most recent builds.

@ -366,6 +366,10 @@ respectively when a message is placed in either `var/lib/kopano/spamd/spam` or

 Here some topics relevant for arranging a mail server are presented.

+## Kopano WebApp HTTP access
+
+The distribution installation of `kopano-webapp` only allow HTTPS access. The `mlan/kopano` image updates the configuration to `define("SECURE_COOKIES", false);` in `/etc/kopano/webapp/config.php` also allowing HTTP access. This can be useful when arranging the `mlan/kopano` container behind a reverse proxy, like [traefik](https://doc.traefik.io/traefik/), which then does the enforcement of HTTPS.
+
 ## Mail client configuration

 ### Microsoft Outlook
--- a/demo/Makefile
+++ b/demo/Makefile
@ -149,6 +149,12 @@ mta-show_doveconf:
 mta-show_postconf:
 	docker-compose exec mta postconf -n

+mta-show_mailq:
+	docker-compose exec mta mailq
+
+mta-flush_mailq:
+	docker-compose exec mta postqueue -f
+
 mta-hostaddr:
 	$(eval myhost := $(call _ip,$(COMPOSE_PROJECT_NAME)_mta_1))

@ -183,14 +189,14 @@ app-man_server:
 app-man_ldap:
 	docker-compose exec app man kopano-ldap.cfg

-app-test_smtp: mta-test_smtp
-
-app-test_lmtp:
-	printf "LHLO mx\nMAIL FROM: <test@example.biz>\nRCPT TO: <$(LDAP_TEST_USER)@$(MAIL_DOMAIN)>\nDATA\nFrom: A tester <test@example.biz>\nTo: <$(LDAP_TEST_USER)@$(MAIL_DOMAIN)>\nDate: $$(date)\nSubject: A LMTP test message from me to you\n\nDelete me, please \n.\nQUIT\n" | nc -C $(call _ip,$(COMPOSE_PROJECT_NAME)_app_1) 2003
-
 app-hostaddr:
 	$(eval myhost := $(call _ip,$(COMPOSE_PROJECT_NAME)_app_1))

+app-test_smtp: mta-test_smtp
+
+app-test_lmtp: app-hostaddr
+	printf "LHLO mx\nMAIL FROM: <test@example.biz>\nRCPT TO: <$(LDAP_TEST_USER)@$(MAIL_DOMAIN)>\nDATA\nFrom: A tester <test@example.biz>\nTo: <$(LDAP_TEST_USER)@$(MAIL_DOMAIN)>\nDate: $$(date)\nSubject: A LMTP test message from me to you\n\nDelete me, please \n.\nQUIT\n" | nc -C $(myhost) 2003
+
 app-test_imap: app-hostaddr
 	curl imap://$(myhost) -X CAPABILITY
 	curl imap://$(myhost) -u $(LDAP_TEST_USER):$(LDAP_TEST_PASSWD)
--- a/src/docker/bin/docker-config.sh
+++ b/src/docker/bin/docker-config.sh
@ -230,9 +230,11 @@ dc_tls_setup_selfsigned_cert() {
 # Configuration Lock
 #
 dc_lock_config() {
-	if dc_is_unlocked; then
+	if [ -f "$DOCKER_UNLOCK_FILE" ]; then
 		rm $DOCKER_UNLOCK_FILE
 		dc_log 5 "Removing unlock file, locking the configuration."
+	elif [ -n "$FORCE_CONFIG" ]; then
+		dc_log 5 "Configuration update was forced, since we got FORCE_CONFIG=$FORCE_CONFIG"
 	else
 		dc_log 5 "No unlock file found, so not touching configuration."
 	fi