D3749.1775431420.diff
No OneTemporary
Actions

Authored By

Unknown

Size

2 KB

Referenced Files

None

Subscribers

None

D3749.1775431420.diff
View Options

	diff --git a/docker/kolab/utils/24-roundcubeconfig.sh b/docker/kolab/utils/24-roundcubeconfig.sh
	--- a/docker/kolab/utils/24-roundcubeconfig.sh
	+++ b/docker/kolab/utils/24-roundcubeconfig.sh
	@@ -11,3 +11,24 @@

	echo "\$config['enigma_woat'] = true;" >> /etc/roundcubemail/enigma.inc.php

	+# Run it over nginx for 2fa. We need to use startls because otherwise the proxy protocol doesn't work.
	+sed -i -r -e "s\|$config\['default_host'\] = .*$\|$config['default_host'] = 'tls://127.0.0.1';\|g" /etc/roundcubemail/config.inc.php
	+sed -i -r -e "s\|$config\['default_port'\] = .*$\|$config['default_port'] = 144;\|g" /etc/roundcubemail/config.inc.php
	+
	+# So we can just append
	+sed -i "s/?>//g" /etc/roundcubemail/config.inc.php
	+
	+# Enable the PROXY protocol
	+cat << EOF >> /etc/roundcubemail/config.inc.php
	+ \$config['imap_conn_options'] = Array(
	+ 'ssl' => Array(
	+ 'verify_peer_name' => false,
	+ 'verify_peer' => false,
	+ 'allow_self_signed' => true
	+ ),
	+ 'proxy_protocol' => 2
	+ );
	+ \$config['proxy_whitelist'] = array('127.0.0.1');
	+EOF
	+
	+echo "?>" >> /etc/roundcubemail/config.inc.php
	diff --git a/docker/nginx/nginx.conf b/docker/nginx/nginx.conf
	--- a/docker/nginx/nginx.conf
	+++ b/docker/nginx/nginx.conf
	@@ -31,6 +31,20 @@
	ssl_ciphers HIGH:!aNULL:!MD5;
	}

	+ server {
	+ listen 144 proxy_protocol;
	+ protocol imap;
	+
	+ proxy on;
	+ starttls on;
	+
	+ ssl_certificate SSL_CERTIFICATE_CERT;
	+ ssl_certificate_key SSL_CERTIFICATE_KEY;
	+
	+ ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
	+ ssl_ciphers HIGH:!aNULL:!MD5;
	+ }
	+
	server {
	listen 465 ssl;
	protocol smtp;
	diff --git a/src/app/Http/Controllers/API/V4/NGINXController.php b/src/app/Http/Controllers/API/V4/NGINXController.php
	--- a/src/app/Http/Controllers/API/V4/NGINXController.php
	+++ b/src/app/Http/Controllers/API/V4/NGINXController.php
	@@ -153,12 +153,19 @@
	*/

	$password = $request->headers->get('Auth-Pass', null);
	+ $user = $request->headers->get('Auth-User', null);
	+ $ip = $request->headers->get('Client-Ip', null);
	+ $proxy_ip = $request->headers->get('Proxy-Protocol-Addr', null);
	+ if ($proxy_ip) {
	+ $ip = $proxy_ip;
	+ }
	+ \Log::debug("Authentication attempt: {$user} from : {$ip}");

	try {
	$user = $this->authorizeRequest(
	$request->headers->get('Auth-User', null),
	$password,
	- $request->headers->get('Client-Ip', null),
	+ $ip,
	);
	} catch (\Exception $e) {
	return $this->byebye($request, $e->getMessage());

File Metadata

Mime Type: text/plain
Expires: Sun, Apr 5, 11:23 PM (18 h, 35 m ago)
Storage Engine: blob
Storage Format: Raw Data
Storage Handle: 18822059
Default Alt Text: D3749.1775431420.diff (2 KB)

D3749.1775431420.diffNo OneTemporaryActions

D3749.1775431420.diffView Options

File Metadata

Event Timeline

D3749.1775431420.diff
No OneTemporary
Actions

D3749.1775431420.diff
View Options