fix: start webmail

2022-02-24 10:57:05 +01:00
5 changed files with 40 additions and 54 deletions
--- a/.drone.yml
+++ b/.drone.yml
@ -1,16 +0,0 @@
-
-kind: pipeline
-name: generate recipe catalogue
-steps:
-  - name: release a new version
-    image: plugins/downstream
-    settings:
-      server: https://build.coopcloud.tech
-      token:
-        from_secret: drone_abra-bot_token
-      fork: true
-      repositories:
-        - coop-cloud/auto-recipes-catalogue-json
-
-trigger:
-  event: tag
--- a/.env.sample
+++ b/.env.sample
@ -31,11 +31,11 @@ POSTMASTER=admin
 # Choose how secure connections will behave (value: letsencrypt, cert, notls, mail, mail-letsencrypt)
 TLS_FLAVOR=mail

-# Authentication rate limit per IP (per /24 on ipv4 and /56 on ipv6)
-AUTH_RATELIMIT_IP=60/hour
+# Authentication rate limit (per source IP address)
+AUTH_RATELIMIT=10/minute

 # Opt-out of statistics, replace with "True" to opt out
-DISABLE_STATISTICS=True
+DISABLE_STATISTICS=False

 ###################################
 # Optional features
@ -62,9 +62,6 @@ ANTIVIRUS=none
 # Max attachment size will be 33% smaller
 MESSAGE_SIZE_LIMIT=50000000

-# Message rate limit (per user)
-MESSAGE_RATELIMIT=200/day
-
 # Networks granted relay permissions
 # Use this with care, all hosts in this networks will be able to send mail without authentication!
 RELAYNETS=
@ -89,7 +86,7 @@ WELCOME_SUBJECT="Welcome to your new email account"
 WELCOME_BODY="Welcome to your new email account, if you can read this, then it is configured properly!"

 # Maildir Compression
-# choose compression-method, default: none (value: gz, bz2, lz4, zstd)
+# choose compression-method, default: none (value: bz2, gz)
 COMPRESSION=
 # change compression-level, default: 6 (value: 1-9)
 COMPRESSION_LEVEL=
@ -129,8 +126,9 @@ WEBSITE=https://$DOMAIN
 # Docker-compose project name, this will prepended to containers names.
 COMPOSE_PROJECT_NAME=mailu

-# Number of rounds used by the password hashing scheme
-CREDENTIAL_ROUNDS=12
+# Default password scheme used for newly created accounts and changed passwords
+# (value: PBKDF2, BLF-CRYPT, SHA512-CRYPT, SHA256-CRYPT)
+PASSWORD_SCHEME=PBKDF2

 # Header to take the real ip from
 REAL_IP_HEADER=
@ -144,9 +142,6 @@ REJECT_UNLISTED_RECIPIENT=
 # Log level threshold in start.py (value: CRITICAL, ERROR, WARNING, INFO, DEBUG, NOTSET)
 LOG_LEVEL=WARNING

-# Timezone for the Mailu containers. See this link for all possible values https://en.wikipedia.org/wiki/List_of_tz_database_time_zones
-TZ=Etc/UTC
-
 ###################################
 # Database settings
 ###################################
--- a/README.md
+++ b/README.md
@ -22,9 +22,9 @@ host.
 1. Set up Docker Swarm and [`abra`][abra]
 2. Deploy [`coop-cloud/traefik`][compose-traefik]
 3. `abra app new mailu`
-4. `abra app config YOURAPPDOMAIN` - be sure to change `$WEB_DOMAIN` to something that resolves to
+4. `abra app YOURAPPDOMAIN config` - be sure to change `$WEB_DOMAIN` to something that resolves to
   your Docker swarm box
-5. `abra app deploy YOURAPPDOMAIN`
+5. `abra app YOURAPPDOMAIN deploy`
 9. Create initial user:
 ```
 abra app YOURAPPDOMAIN run admin flask mailu admin admin YOURDOMAIN YOURPASSWORD
--- a/compose.yml
+++ b/compose.yml
@ -5,8 +5,7 @@ x-environment:
  - HOST_FRONT=${STACK_NAME}_app
  - ADMIN
  - ANTIVIRUS
-  - AUTH_RATELIMIT_IP
-  - MESSAGE_RATELIMIT
+  - AUTH_RATELIMIT
  - COMPOSE_PROJECT_NAME
  - COMPRESSION
  - COMPRESSION_LEVEL
@ -23,7 +22,7 @@ x-environment:
  - LOG_DRIVER
  - LOG_LEVEL
  - MESSAGE_SIZE_LIMIT
-  - CREDENTIAL_ROUNDS
+  - PASSWORD_SCHEME
  - POSTMASTER
  - REAL_IP_FROM
  - REAL_IP_HEADER
@ -47,11 +46,10 @@ x-environment:
  - WELCOME
  - WELCOME_BODY
  - WELCOME_SUBJECT
-  - TZ

 services:
  app:
-    image: ghcr.io/mailu/nginx:1.9
+    image: mailu/nginx:1.8
    logging:
      driver: json-file
    networks:
@ -90,7 +88,6 @@ services:
        - "traefik.http.routers.${STACK_NAME}.rule=Host(`${WEB_DOMAIN}`)"
        - "traefik.http.routers.${STACK_NAME}.tls.certresolver=${LETS_ENCRYPT_ENV}"
        - "traefik.http.routers.${STACK_NAME}.entrypoints=web-secure"
-        - "coop-cloud.${STACK_NAME}.version=0.2.1+1.9"

  db:
    image: redis:alpine
@ -98,7 +95,7 @@ services:
      - "redis:/data"

  admin:
-    image: ${DOCKER_ORG:-ghcr.io/mailu}/${DOCKER_PREFIX:-}admin:1.9
+    image: ${DOCKER_ORG:-mailu}/${DOCKER_PREFIX:-}admin:1.8
    environment: *default-env
    healthcheck:
      disable: true
@ -107,7 +104,7 @@ services:
      - "mailu:/data"

  imap:
-    image: ${DOCKER_ORG:-ghcr.io/mailu}/${DOCKER_PREFIX:-}dovecot:1.9
+    image: ${DOCKER_ORG:-mailu}/${DOCKER_PREFIX:-}dovecot:1.8
    environment: *default-env
    volumes:
      - "mail:/mail"
@ -115,7 +112,7 @@ services:
      disable: true

  smtp:
-    image: ${DOCKER_ORG:-ghcr.io/mailu}/${DOCKER_PREFIX:-}postfix:1.9
+    image: ${DOCKER_ORG:-mailu}/${DOCKER_PREFIX:-}postfix:1.8
    environment: *default-env
    volumes:
      - "mailqueue:/queue"
@ -123,7 +120,7 @@ services:
      disable: true

  antispam:
-    image: ${DOCKER_ORG:-ghcr.io/mailu}/${DOCKER_PREFIX:-}rspamd:1.9
+    image: ${DOCKER_ORG:-mailu}/${DOCKER_PREFIX:-}rspamd:1.8
    environment: *default-env
    volumes:
      - "rspamd:/var/lib/rspamd"
@ -132,10 +129,8 @@ services:
      disable: true

  webmail:
-    image: ${DOCKER_ORG:-ghcr.io/mailu}/${DOCKER_PREFIX:-}rainloop:1.9
+    image: ${DOCKER_ORG:-mailu}/${DOCKER_PREFIX:-}rainloop:1.8
    environment: *default-env
-    networks:
-      - default
    volumes:
      - "webmail:/data"
    deploy:
@ -143,6 +138,21 @@ services:
    healthcheck:
      disable: true

+  #certdumper:
+  #  restart: always
+  #  image: ${DOCKER_ORG:-mailu}/${DOCKER_PREFIX:-}traefik-certdumper:master
+  #  environment:
+  #    - DOMAIN=$DOMAIN
+  #    # Set TRAEFIK_VERSION to v2 in your .env if you're using Traefik v2
+  #    - TRAEFIK_VERSION=${TRAEFIK_VERSION:-v2}
+  #  volumes:
+  #    - "/docker/traefik/letsencrypt/acme.json:/traefik/acme.json"
+  #    - "/docker/traefik/letsencrypt/certs:/tmp/work"
+  #    - "/docker/mailu/certs:/output"
+  #  labels:
+  #    # Set watchtower label
+  #    - "com.centurylinklabs.watchtower.enable=true"
+
  certdumper:
    image: ldez/traefik-certs-dumper:v2.7.4
    entrypoint: sh -c '
@ -165,6 +175,14 @@ services:
      - source: certdumper_post
        target: /usr/bin/certdumper_post.sh
        mode: 0555
+  
+  #certdumper:
+  #  image: humenius/traefik-certs-dumper:latest
+  #  volumes:
+  #   - traefik_letsencrypt:/traefik:ro
+  #   - certs:/output:rw
+  #  environment:
+  #   - DOMAIN=$WEB_DOMAIN

 volumes:
  mailu:
--- a/releases/0.2.0+1.9
+++ b/releases/0.2.0+1.9
@ -1,11 +0,0 @@
-When upgrading to 1.9, you'll need to update your app(s') configuration(s) for
-new settings names:
-
- Rename `AUTH_RATELIMIT` to `AUTH_RATELIMIT_IP`
- Add MESSAGE_RATELIMIT (default `200/day`)
- Add `TZ` to specify server timezone, e.g. `TZ=Etc/UTC`
- Remove `PASSWORD_SCHEME`
- Add `CREDENTIAL_ROUNDS` (default `12`)
-
-If you haven't made these changes already, it's best to bail on this upgrade
-FIRST (i.e. Ctrl+C) and run `abra app config` first.