From 0970ecc655cad8ff31fba611f61b254232657c78 Mon Sep 17 00:00:00 2001 From: mlan Date: Mon, 9 Nov 2020 15:03:06 +0100 Subject: [PATCH] - [docker](Dockerfile) To allow HTTP access to webapp we need `define("SECURE_COOKIES", false)` in `/etc/kopano/webapp/config.php`. Earlier is was `define("INSECURE_COOKIES", --- CHANGELOG.md | 1 + Dockerfile | 2 +- README.md | 6 +++++- demo/Makefile | 16 +++++++++++----- src/docker/bin/docker-config.sh | 4 +++- 5 files changed, 21 insertions(+), 8 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index d4d68de..f348d51 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -7,6 +7,7 @@ - [docker](README.md) Added sections `Mail client configuration` and `Implementation`. - [docker](Dockerfile) Remove the `debugtools` build target. There already exists an `app-debugtools` target in the [`demo/Makefile`](demo/Makefile). - [docker](Dockerfile) Now use an unlock file, which is removed after a virgin container has been configured. This locks the configuration on restarts unless `FORCE_CONFIG` is given. +- [docker](Dockerfile) To allow HTTP access to webapp we need `define("SECURE_COOKIES", false)` in `/etc/kopano/webapp/config.php`. Earlier is was `define("INSECURE_COOKIES", true)`. # 1.2.1 diff --git a/Dockerfile b/Dockerfile index 382b258..c8c339e 100644 --- a/Dockerfile +++ b/Dockerfile @@ -163,7 +163,7 @@ RUN apt-get install --yes --no-install-recommends apache2 libapache2-mod-php \ && dpkg-reconfigure php7-mapi \ && . docker-common.sh \ && . docker-config.sh \ - && dc_replace /etc/kopano/webapp/config.php 'define("INSECURE_COOKIES", false);' 'define("INSECURE_COOKIES", true);' \ + && dc_replace /etc/kopano/webapp/config.php 'define("SECURE_COOKIES", true);' 'define("SECURE_COOKIES", false);' \ # && dc_fixmissing /etc/php/7.?/apache2/conf.d/kopano.ini /etc/php/7.?/mods-available/kopano.ini /etc/php5/conf.d/kopano.ini \ && dc_replace /etc/apache2/sites-available/kopano-webapp.conf 'Alias /webapp /usr/share/kopano-webapp' '\\nDocumentRoot /usr/share/kopano-webapp' \ && echo '' >> /etc/apache2/sites-available/kopano-webapp.conf \ diff --git a/README.md b/README.md index 3e2c27c..118cf5c 100644 --- a/README.md +++ b/README.md @@ -28,7 +28,7 @@ The `mlan/kopano` repository contains a multi staged built. You select which bui The version part of the tag is not based on the version of this repository. It is instead, based on the combined revision numbers of the nightly Kopano core and Kopano WebApp package suits that was available when building the images. For example, `8.7.80-3.5.2` indicates that the image was built using the 8.7.80 version of Kopano core and 3.5.2 version of Kopano WebApp. -The build part of the tag is one of `full` and `core`. The image with tag `full` contain Kopano core components, as well as, the Kopano WebApp and Z-Push. The image with tag `core` contains the Kopano core components proving the server and IMAP, POP3 and ICAL access, but no web access. +The build part of the tag is one of `full` and `core`. The image with tag `full` contain Kopano core components, as well as, the Kopano WebApp and Z-Push. The image with tag `core` contains the Kopano core components proving the server and IMAP, POP3 and ICAL access, but no web access. The tags `latest`, `full`, or `core` all reference the most recent builds. @@ -366,6 +366,10 @@ respectively when a message is placed in either `var/lib/kopano/spamd/spam` or Here some topics relevant for arranging a mail server are presented. +## Kopano WebApp HTTP access + +The distribution installation of `kopano-webapp` only allow HTTPS access. The `mlan/kopano` image updates the configuration to `define("SECURE_COOKIES", false);` in `/etc/kopano/webapp/config.php` also allowing HTTP access. This can be useful when arranging the `mlan/kopano` container behind a reverse proxy, like [traefik](https://doc.traefik.io/traefik/), which then does the enforcement of HTTPS. + ## Mail client configuration ### Microsoft Outlook diff --git a/demo/Makefile b/demo/Makefile index f53ecb7..ee27574 100644 --- a/demo/Makefile +++ b/demo/Makefile @@ -149,6 +149,12 @@ mta-show_doveconf: mta-show_postconf: docker-compose exec mta postconf -n +mta-show_mailq: + docker-compose exec mta mailq + +mta-flush_mailq: + docker-compose exec mta postqueue -f + mta-hostaddr: $(eval myhost := $(call _ip,$(COMPOSE_PROJECT_NAME)_mta_1)) @@ -183,14 +189,14 @@ app-man_server: app-man_ldap: docker-compose exec app man kopano-ldap.cfg -app-test_smtp: mta-test_smtp - -app-test_lmtp: - printf "LHLO mx\nMAIL FROM: \nRCPT TO: <$(LDAP_TEST_USER)@$(MAIL_DOMAIN)>\nDATA\nFrom: A tester \nTo: <$(LDAP_TEST_USER)@$(MAIL_DOMAIN)>\nDate: $$(date)\nSubject: A LMTP test message from me to you\n\nDelete me, please \n.\nQUIT\n" | nc -C $(call _ip,$(COMPOSE_PROJECT_NAME)_app_1) 2003 - app-hostaddr: $(eval myhost := $(call _ip,$(COMPOSE_PROJECT_NAME)_app_1)) +app-test_smtp: mta-test_smtp + +app-test_lmtp: app-hostaddr + printf "LHLO mx\nMAIL FROM: \nRCPT TO: <$(LDAP_TEST_USER)@$(MAIL_DOMAIN)>\nDATA\nFrom: A tester \nTo: <$(LDAP_TEST_USER)@$(MAIL_DOMAIN)>\nDate: $$(date)\nSubject: A LMTP test message from me to you\n\nDelete me, please \n.\nQUIT\n" | nc -C $(myhost) 2003 + app-test_imap: app-hostaddr curl imap://$(myhost) -X CAPABILITY curl imap://$(myhost) -u $(LDAP_TEST_USER):$(LDAP_TEST_PASSWD) diff --git a/src/docker/bin/docker-config.sh b/src/docker/bin/docker-config.sh index 377d66e..471dba4 100644 --- a/src/docker/bin/docker-config.sh +++ b/src/docker/bin/docker-config.sh @@ -230,9 +230,11 @@ dc_tls_setup_selfsigned_cert() { # Configuration Lock # dc_lock_config() { - if dc_is_unlocked; then + if [ -f "$DOCKER_UNLOCK_FILE" ]; then rm $DOCKER_UNLOCK_FILE dc_log 5 "Removing unlock file, locking the configuration." + elif [ -n "$FORCE_CONFIG" ]; then + dc_log 5 "Configuration update was forced, since we got FORCE_CONFIG=$FORCE_CONFIG" else dc_log 5 "No unlock file found, so not touching configuration." fi