Page Menu
Home
Phorge
Search
Configure Global Search
Log In
Files
F16211916
D3749.diff
No One
Temporary
Actions
View File
Edit File
Delete File
View Transforms
Subscribe
Mute Notifications
Flag For Later
Award Token
Size
2 KB
Referenced Files
None
Subscribers
None
D3749.diff
View Options
diff --git a/docker/kolab/utils/24-roundcubeconfig.sh b/docker/kolab/utils/24-roundcubeconfig.sh
--- a/docker/kolab/utils/24-roundcubeconfig.sh
+++ b/docker/kolab/utils/24-roundcubeconfig.sh
@@ -11,3 +11,24 @@
echo "\$config['enigma_woat'] = true;" >> /etc/roundcubemail/enigma.inc.php
+# Run it over nginx for 2fa. We need to use startls because otherwise the proxy protocol doesn't work.
+sed -i -r -e "s|$config\['default_host'\] = .*$|$config['default_host'] = 'tls://127.0.0.1';|g" /etc/roundcubemail/config.inc.php
+sed -i -r -e "s|$config\['default_port'\] = .*$|$config['default_port'] = 144;|g" /etc/roundcubemail/config.inc.php
+
+# So we can just append
+sed -i "s/?>//g" /etc/roundcubemail/config.inc.php
+
+# Enable the PROXY protocol
+cat << EOF >> /etc/roundcubemail/config.inc.php
+ \$config['imap_conn_options'] = Array(
+ 'ssl' => Array(
+ 'verify_peer_name' => false,
+ 'verify_peer' => false,
+ 'allow_self_signed' => true
+ ),
+ 'proxy_protocol' => 2
+ );
+ \$config['proxy_whitelist'] = array('127.0.0.1');
+EOF
+
+echo "?>" >> /etc/roundcubemail/config.inc.php
diff --git a/docker/nginx/nginx.conf b/docker/nginx/nginx.conf
--- a/docker/nginx/nginx.conf
+++ b/docker/nginx/nginx.conf
@@ -32,6 +32,20 @@
}
server {
+ listen 144 proxy_protocol;
+ protocol imap;
+
+ proxy on;
+ starttls on;
+
+ ssl_certificate SSL_CERTIFICATE_CERT;
+ ssl_certificate_key SSL_CERTIFICATE_KEY;
+
+ ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
+ ssl_ciphers HIGH:!aNULL:!MD5;
+ }
+
+ server {
listen 465 ssl;
protocol smtp;
diff --git a/src/app/Http/Controllers/API/V4/NGINXController.php b/src/app/Http/Controllers/API/V4/NGINXController.php
--- a/src/app/Http/Controllers/API/V4/NGINXController.php
+++ b/src/app/Http/Controllers/API/V4/NGINXController.php
@@ -177,12 +177,18 @@
*/
$password = $request->headers->get('Auth-Pass', null);
+ $username = $request->headers->get('Auth-User', null);
+ $ip = $request->headers->get('Client-Ip', null);
+ $proxy_ip = $request->headers->get('Proxy-Protocol-Addr', null);
+ if ($proxy_ip) {
+ $ip = $proxy_ip;
+ }
try {
$user = $this->authorizeRequest(
- $request->headers->get('Auth-User', null),
+ $username,
$password,
- $request->headers->get('Client-Ip', null),
+ $ip,
);
} catch (\Exception $e) {
return $this->byebye($request, $e->getMessage());
File Metadata
Details
Attached
Mime Type
text/plain
Expires
Sat, Oct 19, 5:07 AM (21 h, 50 m)
Storage Engine
blob
Storage Format
Raw Data
Storage Handle
9879672
Default Alt Text
D3749.diff (2 KB)
Attached To
Mode
D3749: Run rc imap over nginx for 2fa with proxy protocol support
Attached
Detach File
Event Timeline
Log In to Comment