Merge pull request 'Add remote SMTP' (#36) from iexos/mediawiki:remote-smtp into main

Reviewed-on: coop-cloud/mediawiki#36

.env.sample

@@ -1,6 +1,7 @@
 TYPE=mediawiki
 
 DOMAIN=mediawiki.example.com
+COMPOSE_FILE="compose.yml"
 
 #EXTRA_DOMAINS=', `www.wiki.example.com`'
 LETS_ENCRYPT_ENV=production
@@ -19,17 +20,26 @@ MEDIAWIKI_IS_PRIVATE=1
 
 MEDIAWIKI_DEBUG=0
 
-## SMTP
-#SMTP_HOST=postfix_relay_app
-#SMTP_HOST=mailu_front
-
 SECRET_DB_ROOT_PASSWORD_VERSION=v1
 SECRET_DB_PASSWORD_VERSION=v1
 SECRET_MEDIAWIKI_SECRET_KEY_VERSION=v1 # length=64
 
+# SMTP
+
+## via local postfix/mailu
+#SMTP_HOST=postfix_relay_app
+#SMTP_HOST=mailu_front
+
+## via remote email provider
+#COMPOSE_FILE="$COMPOSE_FILE:compose.smtp.yml"
+#SMTP_HOST="mail.example.com"
+#SMTP_PORT=587
+#SMTP_USER="${MEDIAWIKI_EMAIL_FROM}"
+#SECRET_SMTP_PASSWORD_VERSION=v1
+
 # SAML
 
-#COMPOSE_FILE="compose.yml:compose.simplesaml.yml"
+#COMPOSE_FILE="$COMPOSE_FILE:compose.simplesaml.yml"
 
 #SAML_ENABLED=1
 #SAML_CONTACT_NAME="Sam Ell"
@@ -45,7 +55,7 @@ SECRET_MEDIAWIKI_SECRET_KEY_VERSION=v1 # length=64
 
 ## OpenID Connect
 # OPENID_ENABLED=1
-# COMPOSE_FILE="compose.yml:compose.openid.yml"
+# COMPOSE_FILE="$COMPOSE_FILE:compose.openid.yml"
 # OPENID_KEYCLOAK_URL="https://keycloak.local:8080/realms/acme/"
 # OPENID_CLIENT_ID="mediawiki"
 # SECRET_OPENID_CLIENT_SECRET_VERSION=v1

LocalSettings.php.tmpl

@@ -200,11 +200,15 @@ $wgGroupPermissions['*']['createaccount'] = false;
 
 {{ if env "SMTP_HOST" }}
 $wgSMTP = [
-    'host'     => '{{ env "SMTP_HOST" }}', // could also be an IP address. Where the SMTP server is located
-    'port'     => 25,                 // Port to use when connecting to the SMTP server
-    'auth'     => false,               // Should we use SMTP authentication (true or false)
-    #'username' => 'my_user_name',     // Username to use for SMTP authentication (if being used)
-    #'password' => 'my_password'       // Password to use for SMTP authentication (if being used)
+    'host'     => '{{ env "SMTP_HOST" }}',       // could also be an IP address. Where the SMTP server is located
+    'port'     => {{ env "SMTP_PORT" }},         // Port to use when connecting to the SMTP server
+{{ if env "SMTP_USER" }}
+    'auth'     => true,                          // Should we use SMTP authentication (true or false)
+    'username' => '{{ env "SMTP_USER" }}',       // Username to use for SMTP authentication (if being used)
+    'password' => '{{ secret "smtp_password" }}' // Password to use for SMTP authentication (if being used)
+{{ else }}
+    'auth'     => false
+{{ end }}
 ];
 {{ end }}
 

README.md

@@ -27,6 +27,8 @@
 
 ## Email
 
+### Coop Cloud mailu or postfix
+
 1. `abra app config YOURAPPDOMAIN` - edit `.envrc` and uncomment the `SMTP` lines. Set `SMTP_HOST` to
    `postfix_relay` for `coop-cloud/postfix_relay`, or `mailu_front` for
    `coop-cloud/mailu` (assuming default stack names)
@@ -34,6 +36,14 @@
    `postfix_relay`. This doesn't seem to be required for Mailu.
 3. `abra app deploy YOURAPPDOMAIN`
 
+### Remote provider
+
+1. `abra app config YOURAPPDOMAIN` - uncomment `SMTP` under the "remote email provider" section and set values for `SMTP_HOST`, `SMTP_PORT` and `SMTP_USER`
+2. `abra app secret insert YOURAPPDOMAIN smtp_password v1 YOURSMTPPASSWORD`
+3. `abra app deploy YOURAPPDOMAIN`
+
+Note: Only STARTTLS is supported, TLS won't work.
+
 ## Single Sign On
 
 ### SimpleSAMLphp

compose.smtp.yml

@@ -0,0 +1,14 @@
+---
+version: "3.8"
+
+services:
+  app:
+    environment:
+      - SMTP_USER
+    secrets:
+      - smtp_password
+
+secrets:
+  smtp_password:
+    name: ${STACK_NAME}_smtp_password_${SECRET_SMTP_PASSWORD_VERSION}
+    external: true

compose.yml

@@ -21,6 +21,7 @@ services:
       - DB_USER=mediawiki
       - DB_NAME=mediawiki
       - SMTP_HOST
+      - SMTP_PORT=${SMTP_PORT:-25}
     volumes:
       - "mediawiki_images:/var/www/html/images"
     configs: