D2671.1775412639.diff
No OneTemporary
Actions

Authored By

Unknown

Size

11 KB

Referenced Files

None

Subscribers

None

D2671.1775412639.diff
View Options

	diff --git a/bin/quickstart.sh b/bin/quickstart.sh
	--- a/bin/quickstart.sh
	+++ b/bin/quickstart.sh
	@@ -83,7 +83,7 @@
	npm run dev
	popd

	-docker-compose up -d worker
	+docker-compose up -d worker nginx

	pushd ${base_dir}/src/
	rm -rf database/database.sqlite
	diff --git a/bin/regen-certs b/bin/regen-certs
	--- a/bin/regen-certs
	+++ b/bin/regen-certs
	@@ -32,7 +32,7 @@

	export $(cat ${base_dir}/src/.env \| xargs) >/dev/null 2>&1

	-for name in kolab.mgmt.com kolab.hosted.com {{admin,meet}.,}${APP_DOMAIN}; do
	+for name in kolab.mgmt.com kolab.hosted.com imap.hosted.com {{admin,meet}.,}${APP_DOMAIN}; do
	openssl genrsa -out ${cert_dir}/${name}.key 4096

	openssl req \
	diff --git a/docker-compose.yml b/docker-compose.yml
	--- a/docker-compose.yml
	+++ b/docker-compose.yml
	@@ -103,6 +103,29 @@
	tty: true
	volumes:
	- /etc/letsencrypt/:/etc/letsencrypt/:ro
	+ nginx:
	+ build:
	+ context: ./docker/nginx/
	+ args:
	+ NGINX_AUTH_WEBHOOK: ${APP_DOMAIN}/api/webhooks/nginx
	+ container_name: kolab-nginx
	+ depends_on:
	+ kolab:
	+ condition: service_healthy
	+ hostname: nginx.hosted.com
	+ image: kolab-nginx
	+ network_mode: host
	+ tmpfs:
	+ - /run
	+ - /tmp
	+ - /var/run
	+ - /var/tmp
	+ tty: true
	+ volumes:
	+ - /etc/letsencrypt/:/etc/letsencrypt/:ro
	+ - ./docker/certs/imap.hosted.com.cert:/etc/pki/tls/certs/imap.hosted.com.cert
	+ - ./docker/certs/imap.hosted.com.key:/etc/pki/tls/private/imap.hosted.com.key
	+ - /sys/fs/cgroup:/sys/fs/cgroup:ro
	proxy:
	build:
	context: ./docker/proxy/
	diff --git a/docker/kolab/Dockerfile b/docker/kolab/Dockerfile
	--- a/docker/kolab/Dockerfile
	+++ b/docker/kolab/Dockerfile
	@@ -77,4 +77,4 @@

	CMD ["/lib/systemd/systemd"]

	-EXPOSE 21/tcp 22/tcp 25/tcp 53/tcp 53/udp 80/tcp 110/tcp 143/tcp 389/tcp 443/tcp 465/tcp 587/tcp 993/tcp 995/tcp 5353/udp 8880/tcp 8443/tcp 8447/tcp
	+EXPOSE 21/tcp 22/tcp 25/tcp 53/tcp 53/udp 80/tcp 110/tcp 389/tcp 443/tcp 995/tcp 5353/udp 8880/tcp 8443/tcp 8447/tcp 10143/tcp 10465/tcp 10587/tcp 11143/tcp 11993/tcp
	diff --git a/docker/kolab/kolab-init.sh b/docker/kolab/kolab-init.sh
	--- a/docker/kolab/kolab-init.sh
	+++ b/docker/kolab/kolab-init.sh
	@@ -17,6 +17,7 @@
	./07-adjust-base-dns.sh && echo "07 done"
	./08-disable-amavisd.sh && echo "08 done"
	./09-enable-debugging.sh && echo "09 done"
	+./10-change-port-numbers.sh && echo "10 done"
	./10-reset-kolab-service-password.sh && echo "10 done"
	./11-reset-cyrus-admin-password.sh && echo "11 done"
	./12-create-hosted-kolab-service.sh && echo "12 done"
	diff --git a/docker/kolab/utils/10-change-port-numbers.sh b/docker/kolab/utils/10-change-port-numbers.sh
	new file mode 100755
	--- /dev/null
	+++ b/docker/kolab/utils/10-change-port-numbers.sh
	@@ -0,0 +1,143 @@
	+#!/bin/bash
	+
	+sed -i -r \
	+ -e '/allowplaintext/ a\
	+guam_allowplaintext: yes' \
	+ -e '/allowplaintext/ a\
	+nginx_allowplaintext: yes' \
	+ /etc/imapd.conf
	+
	+sed -i \
	+ -e '/SERVICES/ a\
	+ nginx cmd="imapd" listen=127.0.0.1:12143 prefork=1' \
	+ -e '/SERVICES/ a\
	+ guam cmd="imapd" listen=127.0.0.1:13143 prefork=1' \
	+ -e '/SERVICES/ a\
	+ imap cmd="imapd" listen=127.0.0.1:11143 prefork=1' \
	+ -e 's/listen="127.0.0.1:9993"/listen=127.0.0.1:11993/g' \
	+ /etc/cyrus.conf
	+
	+systemctl restart cyrus-imapd
	+
	+sed -i -e '/submission/,10d' /etc/postfix/master.cf
	+
	+cat >> /etc/postfix/master.cf << EOF
	+127.0.0.1:10587 inet n - n - - smtpd
	+ -o cleanup_service_name=cleanup_submission
	+ -o syslog_name=postfix/submission
	+ #-o smtpd_tls_security_level=encrypt
	+ -o smtpd_sasl_auth_enable=yes
	+ -o smtpd_sasl_authenticated_header=yes
	+ -o smtpd_client_restrictions=permit_sasl_authenticated,reject
	+ -o smtpd_data_restrictions=\$submission_data_restrictions
	+ -o smtpd_recipient_restrictions=\$submission_recipient_restrictions
	+ -o smtpd_sender_restrictions=\$submission_sender_restrictions
	+
	+127.0.0.1:10465 inet n - n - - smtpd
	+ -o cleanup_service_name=cleanup_submission
	+ -o rewrite_service_name=rewrite_submission
	+ -o syslog_name=postfix/smtps
	+ -o mydestination=
	+ -o local_recipient_maps=
	+ -o relay_domains=
	+ -o relay_recipient_maps=
	+ #-o smtpd_tls_wrappermode=yes
	+ -o smtpd_sasl_auth_enable=yes
	+ -o smtpd_sasl_authenticated_header=yes
	+ -o smtpd_client_restrictions=permit_sasl_authenticated,reject
	+ -o smtpd_sender_restrictions=\$submission_sender_restrictions
	+ -o smtpd_recipient_restrictions=\$submission_recipient_restrictions
	+ -o smtpd_data_restrictions=\$submission_data_restrictions
	+EOF
	+
	+systemctl restart postfix
	+
	+cat > /etc/guam/sys.config << EOF
	+%% Example configuration for Guam.
	+[
	+ {
	+ kolab_guam, [
	+ {
	+ imap_servers, [
	+ {
	+ imap, [
	+ { host, "127.0.0.1" },
	+ { port, 13143 },
	+ { tls, no }
	+ ]
	+ },
	+ {
	+ imaps, [
	+ { host, "127.0.0.1" },
	+ { port, 11993 },
	+ { tls, true }
	+ ]
	+ }
	+ ]
	+ },
	+ {
	+ listeners, [
	+ {
	+ imap, [
	+ { port, 9143 },
	+ { imap_server, imap },
	+ {
	+ rules, [
	+ { filter_groupware, [] }
	+ ]
	+ },
	+ {
	+ tls_config, [
	+ { certfile, "/etc/pki/cyrus-imapd/cyrus-imapd.pem" }
	+ ]
	+ }
	+ ]
	+ },
	+ {
	+ imaps, [
	+ { port, 9993 },
	+ { implicit_tls, true },
	+ { imap_server, imaps },
	+ {
	+ rules, [
	+ { filter_groupware, [] }
	+ ]
	+ },
	+ {
	+ tls_config, [
	+ { certfile, "/etc/pki/cyrus-imapd/cyrus-imapd.pem" }
	+ ]
	+ }
	+ ]
	+ }
	+ ]
	+ }
	+ ]
	+ },
	+
	+ {
	+ lager, [
	+ {
	+ handlers, [
	+ { lager_console_backend, warning },
	+ { lager_file_backend, [ { file, "log/error.log"}, { level, error } ] },
	+ { lager_file_backend, [ { file, "log/console.log"}, { level, info } ] }
	+ ]
	+ }
	+ ]
	+ },
	+
	+ %% SASL config
	+ {
	+ sasl, [
	+ { sasl_error_logger, { file, "log/sasl-error.log" } },
	+ { errlog_type, error },
	+ { error_logger_mf_dir, "log/sasl" }, % Log directory
	+ { error_logger_mf_maxbytes, 10485760 }, % 10 MB max file size
	+ { error_logger_mf_maxfiles, 5 } % 5 files max
	+ ]
	+ }
	+].
	+EOF
	+
	+systemctl restart guam
	diff --git a/docker/kolab/utils/18-adjust-kolab-conf.sh b/docker/kolab/utils/18-adjust-kolab-conf.sh
	--- a/docker/kolab/utils/18-adjust-kolab-conf.sh
	+++ b/docker/kolab/utils/18-adjust-kolab-conf.sh
	@@ -16,6 +16,7 @@
	-e "/^\[kolab_wap\]/ a\
	api_url = http://127.0.0.1/kolab-webadmin/api" \
	-e 's/^auth_attributes.*$/auth_attributes = mail, uid/g' \
	+ -e 's\|^uri = imaps.*$\|uri = imaps://127.0.0.1:11993\|g' \
	/etc/kolab/kolab.conf

	service kolabd restart
	diff --git a/docker/nginx/Dockerfile b/docker/nginx/Dockerfile
	new file mode 100644
	--- /dev/null
	+++ b/docker/nginx/Dockerfile
	@@ -0,0 +1,54 @@
	+FROM fedora:31
	+
	+MAINTAINER Jeroen van Meeuwen <vanmeeuwen@kolabsys.com>
	+
	+ENV container docker
	+ENV SYSTEMD_PAGER=''
	+
	+ARG NGINX_AUTH_WEBHOOK
	+
	+RUN dnf -y install \
	+ --setopt 'tsflags=nodocs' \
	+ bash-completion \
	+ bind-utils \
	+ certbot \
	+ curl \
	+ dhcp-client \
	+ git \
	+ iproute \
	+ iptraf-ng \
	+ iputils \
	+ less \
	+ lsof \
	+ mtr \
	+ net-tools \
	+ NetworkManager \
	+ NetworkManager-tui \
	+ network-scripts \
	+ nginx \
	+ nginx-mod-mail \
	+ nmap-ncat \
	+ openssh-clients \
	+ openssh-server \
	+ procps-ng \
	+ python3-certbot-nginx \
	+ strace \
	+ systemd-udev \
	+ tcpdump \
	+ telnet \
	+ traceroute \
	+ vim-enhanced \
	+ wget && \
	+ dnf clean all
	+
	+RUN sed -i -r -e 's/^SELINUX=.*$/SELINUX=permissive/g' /etc/selinux/config 2>/dev/null \|\| :
	+
	+COPY nginx.conf /etc/nginx/nginx.conf
	+RUN sed -i -r -e "s\|^.auth_http.$\| auth_http $NGINX_AUTH_WEBHOOK;\|g" /etc/nginx/nginx.conf
	+
	+RUN systemctl enable nginx
	+
	+CMD ["/lib/systemd/systemd", "--system"]
	+ENTRYPOINT "/lib/systemd/systemd"
	+
	+EXPOSE 110/tcp 143/tcp 993/tcp 995/tcp
	diff --git a/docker/nginx/nginx.conf b/docker/nginx/nginx.conf
	new file mode 100644
	--- /dev/null
	+++ b/docker/nginx/nginx.conf
	@@ -0,0 +1,72 @@
	+user nginx;
	+worker_processes auto;
	+error_log /var/log/nginx/error.log debug;
	+pid /run/nginx.pid;
	+
	+# Load dynamic modules. See /usr/share/doc/nginx/README.dynamic.
	+include /usr/share/nginx/modules/*.conf;
	+
	+events {
	+ worker_connections 1024;
	+}
	+
	+mail {
	+ server_name imap.hosted.com;
	+ auth_http 127.0.0.1:8000/api/webhooks/nginx;
	+
	+ proxy_pass_error_message on;
	+
	+ server {
	+ listen 143;
	+ protocol imap;
	+
	+ proxy on;
	+ starttls on;
	+
	+ ssl_certificate /etc/pki/tls/certs/imap.hosted.com.cert;
	+ ssl_certificate_key /etc/pki/tls/private/imap.hosted.com.key;
	+
	+ ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
	+ ssl_ciphers HIGH:!aNULL:!MD5;
	+ }
	+
	+ server {
	+ listen 465 ssl;
	+ protocol smtp;
	+
	+ proxy on;
	+
	+ ssl_certificate /etc/pki/tls/certs/imap.hosted.com.cert;
	+ ssl_certificate_key /etc/pki/tls/private/imap.hosted.com.key;
	+
	+ ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
	+ ssl_ciphers HIGH:!aNULL:!MD5;
	+ }
	+
	+ server {
	+ listen 587;
	+ protocol smtp;
	+
	+ proxy on;
	+ starttls on;
	+
	+ ssl_certificate /etc/pki/tls/certs/imap.hosted.com.cert;
	+ ssl_certificate_key /etc/pki/tls/private/imap.hosted.com.key;
	+
	+ ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
	+ ssl_ciphers HIGH:!aNULL:!MD5;
	+ }
	+
	+ server {
	+ listen 993 ssl;
	+ protocol imap;
	+
	+ proxy on;
	+
	+ ssl_certificate /etc/pki/tls/certs/imap.hosted.com.cert;
	+ ssl_certificate_key /etc/pki/tls/private/imap.hosted.com.key;
	+
	+ ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
	+ ssl_ciphers HIGH:!aNULL:!MD5;
	+ }
	+}
	diff --git a/src/.env.example b/src/.env.example
	--- a/src/.env.example
	+++ b/src/.env.example
	@@ -46,7 +46,7 @@
	MFA_TOTP_INTERVAL=30
	MFA_TOTP_DIGEST=sha1

	-IMAP_URI=ssl://127.0.0.1:993
	+IMAP_URI=ssl://127.0.0.1:11993
	IMAP_ADMIN_LOGIN=cyrus-admin
	IMAP_ADMIN_PASSWORD=Welcome2KolabSystems
	IMAP_VERIFY_HOST=false

File Metadata

Mime Type: text/plain
Expires: Sun, Apr 5, 6:10 PM (6 h, 12 m)
Storage Engine: blob
Storage Format: Raw Data
Storage Handle: 18823747
Default Alt Text: D2671.1775412639.diff (11 KB)

D2671.1775412639.diffNo OneTemporaryActions

D2671.1775412639.diffView Options

File Metadata

Event Timeline

D2671.1775412639.diff
No OneTemporary
Actions

D2671.1775412639.diff
View Options