From 05a40871ecc64f6f7b4a2d5ae2892fd03d9681b7 Mon Sep 17 00:00:00 2001 From: Avinash Gusain Date: Mon, 8 Jan 2024 16:22:41 +0530 Subject: [PATCH 01/19] nextcloud 26.0.8 added --- templates/docker-compose/docker-compose.yml | 2 +- upgrade-guides/upgrade-to-26.0.8.15 md | 61 +++++++++++++++++++++ 2 files changed, 62 insertions(+), 1 deletion(-) create mode 100644 upgrade-guides/upgrade-to-26.0.8.15 md diff --git a/templates/docker-compose/docker-compose.yml b/templates/docker-compose/docker-compose.yml index 8a37e6d..5777849 100644 --- a/templates/docker-compose/docker-compose.yml +++ b/templates/docker-compose/docker-compose.yml @@ -127,7 +127,7 @@ services: - "mail.${DOMAIN}:${NC_HOST_IP}" nextcloud: - image: registry.gitlab.e.foundation/e/infra/ecloud/nextcloud/selfhost:25-0-8-19 + image: registry.gitlab.e.foundation/e/infra/ecloud/nextcloud/selfhost:26-0-8 container_name: nextcloud restart: always networks: diff --git a/upgrade-guides/upgrade-to-26.0.8.15 md b/upgrade-guides/upgrade-to-26.0.8.15 md new file mode 100644 index 0000000..425c073 --- /dev/null +++ b/upgrade-guides/upgrade-to-26.0.8.15 md @@ -0,0 +1,61 @@ +# To upgrade from ecloud 25.0.8.19 to 26.0.8.15 + + +- As usual, upgrade your OS with latest patchs, optionally take backup/snapshot + - NB: you may want to filter out incomming email (TCP 25 & 587) during this upgrade, to avoid losing any messages in case of a rollback + +- Go to `/mnt/repo_base`, then run: + - `docker-compose stop` + - `git pull origin master` + +- In your `docker-compose.yml` file update the following: + - Set the nextcloud image to `registry.gitlab.e.foundation/e/infra/ecloud/nextcloud/selfhost:26-0-8` + - Set `OVERWRITEPROTOCOL=https` + - Set the mailserver image to `mailserver2/mailserver:1.1.14` + +- In your config/nginx/sites-enabled/nextcloud.conf file, replace: + - add_header X-Robots-Tag "none" always; with add_header X-Robots-Tag "noindex,nofollow" always; + +- Run `docker-compose pull` +- If pulls are OK, run `docker-compose up -d` + +- Examine `docker-compose logs --tail=500 nextcloud` for the following messages: + - `nextcloud | Upgrading nextcloud from x.x.x.x ...` (x.x.x.x is your previous Nextcloud version) + - `nextcloud | Update successful` + +- Run: + - `docker-compose exec -T --user www-data nextcloud php occ db:add-missing-indices` + - `docker exec -u www-data nextcloud /var/www/html/occ app:remove ecloud-dashboard` + - `docker exec -u www-data nextcloud /var/www/html/occ -f app:enable murena-dashboard` + - `docker exec -u www-data nextcloud /var/www/html/occ -f app:enable bruteforcesettings` + - `docker exec -u www-data nextcloud /var/www/html/occ -f app:enable suspicious_login` + - `docker exec -u www-data nextcloud /var/www/html/occ -f app:enable twofactor_totp` + - `docker exec -u www-data nextcloud /var/www/html/occ -f app:enable user_backend_sql_raw` + - `docker exec -u www-data nextcloud /var/www/html/occ config:system:set defaultapp --value "murena-dashboard,files"` + -`. scripts/base.sh` + -`docker exec -u www-data nextcloud /var/www/html/occ config:system:set main_domain --value $DOMAIN` + -`docker exec -u www-data nextcloud /var/www/html/occ config:system:set legacy_domain --value $DOMAIN` + +- $DOMAIN used above is the main domain where selfhost is installed + +- We added new murena logo in this theme and also added a new helper app-`selfhost-theme-helper` + - Enable the `selfhost-theme-helper` app: + - `docker exec -u www-data nextcloud /var/www/html/occ app:enable selfhost-theme-helper` + +- Videos previews can be enabled in this update, as ffmpeg is bundled in the image. + - if you did not defined any specific preview providers, to respect the default ones listed in [config.sample.php for nextcloud 25](https://github.com/nextcloud/server/blob/stable25/config/config.sample.php#L1220), you can set : + -`docker exec -u www-data nextcloud /var/www/html/occ config:system:set enabledPreviewProviders 0 --value='OC\Preview\PNG'` + -`docker exec -u www-data nextcloud /var/www/html/occ config:system:set enabledPreviewProviders 1 --value='OC\Preview\JPEG'` + -`docker exec -u www-data nextcloud /var/www/html/occ config:system:set enabledPreviewProviders 2 --value='OC\Preview\GIF'` + -`docker exec -u www-data nextcloud /var/www/html/occ config:system:set enabledPreviewProviders 3 --value='OC\Preview\BMP'` + -`docker exec -u www-data nextcloud /var/www/html/occ config:system:set enabledPreviewProviders 4 --value='OC\Preview\XBitmap'` + -`docker exec -u www-data nextcloud /var/www/html/occ config:system:set enabledPreviewProviders 5 --value='OC\Preview\MP3'` + -`docker exec -u www-data nextcloud /var/www/html/occ config:system:set enabledPreviewProviders 6 --value='OC\Preview\TXT'` + -`docker exec -u www-data nextcloud /var/www/html/occ config:system:set enabledPreviewProviders 7 --value='OC\Preview\MarkDown'` + -`docker exec -u www-data nextcloud /var/www/html/occ config:system:set enabledPreviewProviders 8 --value='OC\Preview\OpenDocument'` + -`docker exec -u www-data nextcloud /var/www/html/occ config:system:set enabledPreviewProviders 9 --value='OC\Preview\Krita'` + -`docker exec -u www-data nextcloud /var/www/html/occ config:system:set enabledPreviewProviders 10 --value='OC\Preview\Movie'` + + - if you have a custom list of PreviewProviders, just add the `OC\Preview\Movie` in the list + +- Check all settings subsections starting from `/settings/admin/overview` while logged in with the admin user account to identify any issues found post upgrade -- GitLab From afd4c549ad2f541b5fac54b7745fc4dadb16c213 Mon Sep 17 00:00:00 2001 From: Avinash Gusain Date: Mon, 8 Jan 2024 16:36:53 +0530 Subject: [PATCH 02/19] mail sever update to 1.1.15 --- upgrade-guides/upgrade-to-26.0.8.15 md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/upgrade-guides/upgrade-to-26.0.8.15 md b/upgrade-guides/upgrade-to-26.0.8.15 md index 425c073..55947e0 100644 --- a/upgrade-guides/upgrade-to-26.0.8.15 md +++ b/upgrade-guides/upgrade-to-26.0.8.15 md @@ -11,7 +11,7 @@ - In your `docker-compose.yml` file update the following: - Set the nextcloud image to `registry.gitlab.e.foundation/e/infra/ecloud/nextcloud/selfhost:26-0-8` - Set `OVERWRITEPROTOCOL=https` - - Set the mailserver image to `mailserver2/mailserver:1.1.14` + - Set the mailserver image to `mailserver2/mailserver:1.1.15` - In your config/nginx/sites-enabled/nextcloud.conf file, replace: - add_header X-Robots-Tag "none" always; with add_header X-Robots-Tag "noindex,nofollow" always; -- GitLab From 743fc7ce53601abb3cac002660f1781edcc25fc0 Mon Sep 17 00:00:00 2001 From: Avinash Gusain Date: Mon, 8 Jan 2024 16:53:33 +0530 Subject: [PATCH 03/19] upgrade guide updated --- .../{upgrade-to-26.0.8.15 md => upgrade-to-26.0.8.16.md} | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) rename upgrade-guides/{upgrade-to-26.0.8.15 md => upgrade-to-26.0.8.16.md} (98%) diff --git a/upgrade-guides/upgrade-to-26.0.8.15 md b/upgrade-guides/upgrade-to-26.0.8.16.md similarity index 98% rename from upgrade-guides/upgrade-to-26.0.8.15 md rename to upgrade-guides/upgrade-to-26.0.8.16.md index 55947e0..4623246 100644 --- a/upgrade-guides/upgrade-to-26.0.8.15 md +++ b/upgrade-guides/upgrade-to-26.0.8.16.md @@ -1,4 +1,4 @@ -# To upgrade from ecloud 25.0.8.19 to 26.0.8.15 +# To upgrade from ecloud 25.0.8.19 to 26.0.8.16 - As usual, upgrade your OS with latest patchs, optionally take backup/snapshot -- GitLab From afd793fddc4169ed1edcec26de5b6257065d2b06 Mon Sep 17 00:00:00 2001 From: diroots Date: Tue, 9 Jan 2024 09:41:18 +0100 Subject: [PATCH 04/19] replace automx with autodiscover --- config/automx/.keep | 0 scripts/init-repo.sh | 11 ++-- templates/automx/automx.conf | 56 ------------------- templates/docker-compose/docker-compose.yml | 27 ++++----- templates/nginx/sites-enabled/autoconfig.conf | 2 +- 5 files changed, 22 insertions(+), 74 deletions(-) delete mode 100644 config/automx/.keep delete mode 100644 templates/automx/automx.conf diff --git a/config/automx/.keep b/config/automx/.keep deleted file mode 100644 index e69de29..0000000 diff --git a/scripts/init-repo.sh b/scripts/init-repo.sh index f7005c9..e21460a 100755 --- a/scripts/init-repo.sh +++ b/scripts/init-repo.sh @@ -78,9 +78,12 @@ echo "$DOMAIN,$VIRTUAL_HOST,mail.$DOMAIN,spam.$DOMAIN,welcome.$DOMAIN" | tr "," :; done -# Configure automx -cat templates/automx/automx.conf | sed "s/@@@DOMAIN@@@/$DOMAIN/g" > "config/automx/automx.conf" -chown www-data:www-data "config/automx/automx.conf" +# Configure autodiscover +#Generate 2 random UUIDs +UUID1=$(cat /proc/sys/kernel/random/uuid) +UUID2=$(cat /proc/sys/kernel/random/uuid) +echo "AUTODISCOVER_AM_UUID=$UUID1" >> "$ENVFILE" +echo "AUTODISCOVER_AP_UUID=$UUID2" >> "$ENVFILE" # Configure rspamd whitelist cat templates/mail/rspamd/ecloud/whitelist.sender.domain.map | sed "s/@@@DOMAIN@@@/$DOMAIN/g" > "config/mail/rspamd/ecloud/whitelist.sender.domain.map" @@ -91,7 +94,7 @@ chown -R 107:109 "config/mail/rspamd/ecloud/" # Configure nginx vhost -# automx +# autodiscover echo "$DOMAIN,$ADD_DOMAINS" | tr "," "\n" | while read CURDOMAIN; do cat "templates/nginx/sites-enabled/autoconfig.conf" | sed "s/@@@DOMAIN@@@/$CURDOMAIN/g" | sed "s/@@@SERVICE@@@/autoconfig/g" > "config/nginx/sites-enabled/autoconfig.$CURDOMAIN.conf" cat "templates/nginx/sites-enabled/autoconfig.conf" | sed "s/@@@DOMAIN@@@/$CURDOMAIN/g" | sed "s/@@@SERVICE@@@/autodiscover/g" > "config/nginx/sites-enabled/autodiscover.$CURDOMAIN.conf" diff --git a/templates/automx/automx.conf b/templates/automx/automx.conf deleted file mode 100644 index 8c69952..0000000 --- a/templates/automx/automx.conf +++ /dev/null @@ -1,56 +0,0 @@ -# file: /etc/automx.conf - -[automx] -provider = @@@DOMAIN@@@ -domains = * - -#debug = yes -#logfile = /var/log/automx/automx.log - -# Protect against DoS -#memcache = 127.0.0.1:11211 -#memcache_ttl = 600 -#client_error_limit = 20 -#rate_limit_exception_networks = 127.0.0.0/8, ::1/128 - -# The DEFAULT section is always merged into each other section. Each section -# can overwrite settings done here. -[DEFAULT] -account_type = email -account_name = %s -account_name_short = %s - - -# If a domain is listed in the automx section, it may have its own section. If -# none is found here, the global section is used. -[global] -backend = static -action = settings - - -# If you want to sign mobileconfig profiles, enable these options. Make sure -# that your webserver has proper privileges to read the key. The cert file -# must contain the server certificate and all intermediate certificates. You -# can simply concatenate these certificates. -#sign_mobileconfig = yes -#sign_cert = /certs/autodiscover.eelo.io.crt -#sign_key = /certs/autodiscover.eelo.io.key - -smtp = yes -smtp_server = mail.@@@DOMAIN@@@ -smtp_port = 587 -smtp_encryption = starttls -smtp_auth = plaintext -smtp_auth_identity = %s -smtp_refresh_ttl = 6 -smtp_default = yes - -imap = yes -imap_server = mail.@@@DOMAIN@@@ -imap_port = 993 -imap_encryption = ssl -imap_auth = plaintext -imap_auth_identity = %s -imap_refresh_ttl = 6 - -pop = no diff --git a/templates/docker-compose/docker-compose.yml b/templates/docker-compose/docker-compose.yml index 5777849..e096e8b 100644 --- a/templates/docker-compose/docker-compose.yml +++ b/templates/docker-compose/docker-compose.yml @@ -153,19 +153,20 @@ services: - mariadb - redis - automx: - image: registry.gitlab.e.foundation/e/infra/docker-mailstack:automx-0.1.0 - container_name: automx - hostname: automx + mail-autodiscover-autoconfig: + image: wdes/mail-autodiscover-autoconfig:latest + name: mail-autodiscover-autoconfig + mem_limit: 120M + mem_reservation: 50M + restart: on-failure:40 environment: - - VIRTUAL_HOST=${VIRTUAL_HOST} - - DOMAIN=${DOMAIN} - - HOSTNAME=automx - restart: always - networks: - - default - volumes: - - /mnt/repo-base/config/automx/automx.conf:/etc/automx.conf + ROCKET_PROFILE: production + ROCKET_ADDRESS: "0.0.0.0" + ROCKET_PORT: "80" + APPLE_MAIL_UUID: ${AUTODISCOVER_AM_UUID} + APPLE_PROFILE_UUID: ${AUTODISCOVER_AP_UUID} + IMAP_HOSTNAME: ${SMTP_HOST} + SMTP_HOSTNAME: ${SMTP_HOST} nginx: image: nginx:stable-alpine @@ -185,7 +186,7 @@ services: - /mnt/repo-base/volumes/nextcloud/html:/var/www/html depends_on: - nextcloud - - automx + - mail-autodiscover-autoconfig - postfixadmin - welcome - mailserver diff --git a/templates/nginx/sites-enabled/autoconfig.conf b/templates/nginx/sites-enabled/autoconfig.conf index 9be5652..a590f52 100644 --- a/templates/nginx/sites-enabled/autoconfig.conf +++ b/templates/nginx/sites-enabled/autoconfig.conf @@ -26,7 +26,7 @@ server { #auth_basic_user_file /passwds/.htpasswd; location / { - proxy_pass http://automx:80; + proxy_pass http://mail-autodiscover-autoconfig:80; include /etc/nginx/params/proxy_params; } } -- GitLab From 6f707c9e0b20a9d6cddbc7b3ecbdb762de513dda Mon Sep 17 00:00:00 2001 From: diroots Date: Tue, 9 Jan 2024 10:02:53 +0100 Subject: [PATCH 05/19] autodiscover fixes --- templates/docker-compose/docker-compose.yml | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) diff --git a/templates/docker-compose/docker-compose.yml b/templates/docker-compose/docker-compose.yml index e096e8b..1256077 100644 --- a/templates/docker-compose/docker-compose.yml +++ b/templates/docker-compose/docker-compose.yml @@ -155,10 +155,8 @@ services: mail-autodiscover-autoconfig: image: wdes/mail-autodiscover-autoconfig:latest - name: mail-autodiscover-autoconfig - mem_limit: 120M - mem_reservation: 50M - restart: on-failure:40 + container_name: mail-autodiscover-autoconfig + restart: always environment: ROCKET_PROFILE: production ROCKET_ADDRESS: "0.0.0.0" -- GitLab From 2ca5f0c758a984a9e37ce0aa728e9a3bdef6ef9f Mon Sep 17 00:00:00 2001 From: Avinash Gusain Date: Tue, 9 Jan 2024 14:49:11 +0530 Subject: [PATCH 06/19] updated mailserver in docker --- templates/docker-compose/docker-compose.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/templates/docker-compose/docker-compose.yml b/templates/docker-compose/docker-compose.yml index 5777849..0c73a52 100644 --- a/templates/docker-compose/docker-compose.yml +++ b/templates/docker-compose/docker-compose.yml @@ -2,7 +2,7 @@ version: '3' services: mailserver: - image: mailserver2/mailserver:1.1.14 + image: mailserver2/mailserver:1.1.15 container_name: mailserver domainname: ${DOMAIN} # Mail server A/MX/FQDN & reverse PTR = mail.${DOMAIN}. hostname: mail -- GitLab From ae828d260cee53c6a58580e9eb0b694649ff75bf Mon Sep 17 00:00:00 2001 From: Sylvain Manceau Date: Tue, 9 Jan 2024 17:17:46 +0000 Subject: [PATCH 07/19] Update file upgrade-to-26.0.8.16 smu.md --- upgrade-guides/upgrade-to-26.0.8.16 smu.md | 33 ++++++++++++++++++++++ 1 file changed, 33 insertions(+) create mode 100644 upgrade-guides/upgrade-to-26.0.8.16 smu.md diff --git a/upgrade-guides/upgrade-to-26.0.8.16 smu.md b/upgrade-guides/upgrade-to-26.0.8.16 smu.md new file mode 100644 index 0000000..edf7863 --- /dev/null +++ b/upgrade-guides/upgrade-to-26.0.8.16 smu.md @@ -0,0 +1,33 @@ +# To upgrade from ecloud 25.0.8.19 to 26.0.8.16 + + +- As usual, upgrade your OS with latest patchs, optionally take backup/snapshot + - NB: you may want to filter out incomming email (TCP 25 & 587) during this upgrade, to avoid losing any messages in case of a rollback + +- Go to `/mnt/repo_base`, then run: + - `docker-compose stop` + - `git pull origin master` + +- In your `docker-compose.yml` file update the following: + - Set the nextcloud image to `registry.gitlab.e.foundation/e/infra/ecloud/nextcloud/selfhost:26-0-8` + - Set the mailserver image to `mailserver2/mailserver:1.1.15` + +- In your `config/nginx/sites-enabled/nextcloud.conf` change the following: + - replace all occurences of `oc[ms]-provider` with `ocs-provider` (2 occurences, lines 83 & 98) (reference: https://github.com/nextcloud/server/issues/40803#issuecomment-1751717926) + +- Run `docker-compose pull` +- If pulls are OK, run `docker-compose up -d` + +- Examine `docker-compose logs --tail=500 nextcloud` for the following messages: + - `nextcloud | Upgrading nextcloud from x.x.x.x ...` (x.x.x.x is your previous Nextcloud version) + - `nextcloud | Update successful` + +- Run: + - `docker-compose exec -T --user www-data nextcloud php occ db:add-missing-indices` + - `docker exec -u www-data nextcloud /var/www/html/occ -f app:enable bruteforcesettings` + - `docker exec -u www-data nextcloud /var/www/html/occ -f app:enable suspicious_login` + - `docker exec -u www-data nextcloud /var/www/html/occ -f app:enable twofactor_totp` + - `docker exec -u www-data nextcloud /var/www/html/occ -f app:enable user_backend_sql_raw` + - `docker exec -u www-data nextcloud /var/www/html/occ config:system:set main_domain` + +- Check all settings subsections starting from `/settings/admin/overview` while logged in with the admin user account to identify any issues found post upgrade -- GitLab From 62fdb1ecb58e6b9014975e5342554507540100db Mon Sep 17 00:00:00 2001 From: Sylvain Manceau Date: Wed, 10 Jan 2024 08:17:54 +0000 Subject: [PATCH 08/19] See https://github.com/nextcloud/server/issues/40803#issuecomment-1751717926 --- templates/nginx/sites-enabled/nextcloud.conf | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/templates/nginx/sites-enabled/nextcloud.conf b/templates/nginx/sites-enabled/nextcloud.conf index ab4d31d..2252509 100644 --- a/templates/nginx/sites-enabled/nextcloud.conf +++ b/templates/nginx/sites-enabled/nextcloud.conf @@ -80,7 +80,7 @@ server { deny all; } - location ~ ^/(?:index|remote|public|cron|core/ajax/update|status|ocs/v[12]|updater/.+|oc[ms]-provider/.+|.+/richdocumentscode/proxy)\.php(?:$|/) { + location ~ ^/(?:index|remote|public|cron|core/ajax/update|status|ocs/v[12]|updater/.+|ocs-provider/.+|.+/richdocumentscode/proxy)\.php(?:$|/) { fastcgi_split_path_info ^(.+?\.php)(/.*|)$; set $path_info $fastcgi_path_info; try_files $fastcgi_script_name =404; @@ -95,7 +95,7 @@ server { fastcgi_request_buffering off; } - location ~ ^/(?:updater|oc[ms]-provider)(?:$|/) { + location ~ ^/(?:updater|ocs-provider)(?:$|/) { try_files $uri/ =404; index index.php; } -- GitLab From 22fecda656e838796ec6ad7635266c4a1e3daabb Mon Sep 17 00:00:00 2001 From: Sylvain Manceau Date: Wed, 10 Jan 2024 10:48:20 +0000 Subject: [PATCH 09/19] Add autoconfig from MR96 --- upgrade-guides/upgrade-to-26.0.8.16 smu.md | 35 +++++++++++++++++++++- 1 file changed, 34 insertions(+), 1 deletion(-) diff --git a/upgrade-guides/upgrade-to-26.0.8.16 smu.md b/upgrade-guides/upgrade-to-26.0.8.16 smu.md index edf7863..1e92d71 100644 --- a/upgrade-guides/upgrade-to-26.0.8.16 smu.md +++ b/upgrade-guides/upgrade-to-26.0.8.16 smu.md @@ -11,10 +11,39 @@ - In your `docker-compose.yml` file update the following: - Set the nextcloud image to `registry.gitlab.e.foundation/e/infra/ecloud/nextcloud/selfhost:26-0-8` - Set the mailserver image to `mailserver2/mailserver:1.1.15` + - In the `nginx:` service, `depends_on:` section, replace `- automx` with `- mail-autodiscover-autoconfig` + - In the `mailserver:` service, `ports:` section, enable port 465 (remove the `#` at beginning) + - Replace the whole `automx:` service with: +``` + mail-autodiscover-autoconfig: + image: wdes/mail-autodiscover-autoconfig:latest + container_name: mail-autodiscover-autoconfig + restart: always + networks: + - default + environment: + ROCKET_PROFILE: production + ROCKET_ADDRESS: "0.0.0.0" + ROCKET_PORT: "80" + APPLE_MAIL_UUID: ${AUTODISCOVER_AM_UUID} + APPLE_PROFILE_UUID: ${AUTODISCOVER_AP_UUID} + IMAP_HOSTNAME: ${SMTP_HOST} + POP_HOSTNAME: ${SMTP_HOST} + SMTP_HOSTNAME: ${SMTP_HOST} +``` -- In your `config/nginx/sites-enabled/nextcloud.conf` change the following: +- Run: + - `. scripts/base.sh` + - `echo "AUTODISCOVER_AM_UUID=$(cat /proc/sys/kernel/random/uuid)" >> "$ENVFILE"` + - `echo "AUTODISCOVER_AP_UUID=$(cat /proc/sys/kernel/random/uuid)" >> "$ENVFILE"` + - `rm -rf config/automx/` + +- In your `config/nginx/sites-enabled/nextcloud.conf` file change the following: - replace all occurences of `oc[ms]-provider` with `ocs-provider` (2 occurences, lines 83 & 98) (reference: https://github.com/nextcloud/server/issues/40803#issuecomment-1751717926) +- In your `config/nginx/sites-enabled/autoconfig.$DOMAIN.conf` and `config/nginx/sites-enabled/autodiscover.$DOMAIN.conf` files change the following: + - replace `proxy_pass http://automx:80;` with `proxy_pass http://mail-autodiscover-autoconfig:80;` + - Run `docker-compose pull` - If pulls are OK, run `docker-compose up -d` @@ -31,3 +60,7 @@ - `docker exec -u www-data nextcloud /var/www/html/occ config:system:set main_domain` - Check all settings subsections starting from `/settings/admin/overview` while logged in with the admin user account to identify any issues found post upgrade + +- Examine Docker situation with `docker ps` and `docker images` + - If everything is OK (all needed containers running), you can cleanup with `docker system prune -a` + -- GitLab From 8eb0634c658a5e5df8854f192fbe513a92610284 Mon Sep 17 00:00:00 2001 From: Sylvain Manceau Date: Wed, 10 Jan 2024 10:54:38 +0000 Subject: [PATCH 10/19] Remove NC main_domain (issue #7338) --- scripts/postinstall.sh | 1 - 1 file changed, 1 deletion(-) diff --git a/scripts/postinstall.sh b/scripts/postinstall.sh index 115235e..470b233 100755 --- a/scripts/postinstall.sh +++ b/scripts/postinstall.sh @@ -71,7 +71,6 @@ echo "Performing some Nextcloud administrative tasks" docker-compose exec -T --user www-data nextcloud php /var/www/html/occ db:add-missing-indices # Set default domain -docker exec -u www-data nextcloud /var/www/html/occ config:system:set main_domain --value $DOMAIN docker exec -u www-data nextcloud /var/www/html/occ config:system:set legacy_domain --value $DOMAIN docker-compose exec -T --user www-data nextcloud php occ maintenance:mode --off -- GitLab From 3b3e24f02fa6f95bbce9011eb30a2c21192cbf10 Mon Sep 17 00:00:00 2001 From: Sylvain Manceau Date: Wed, 10 Jan 2024 10:58:36 +0000 Subject: [PATCH 11/19] Add mandatorry POP_HOSTNAME and 465/TCP for SMTP --- templates/docker-compose/docker-compose.yml | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/templates/docker-compose/docker-compose.yml b/templates/docker-compose/docker-compose.yml index 1256077..d846234 100644 --- a/templates/docker-compose/docker-compose.yml +++ b/templates/docker-compose/docker-compose.yml @@ -13,7 +13,7 @@ services: - "25:25" # SMTP - Required - "110:110" # POP3 STARTTLS - Optional - For webmails/desktop clients - "143:143" # IMAP STARTTLS - Optional - For webmails/desktop clients - # - "465:465" # SMTPS SSL/TLS - Optional - Enabled for compatibility reason, otherwise disabled + - "465:465" # SMTPS SSL/TLS - Optional - Enabled for compatibility reason, otherwise disabled - "587:587" # Submission STARTTLS - Optional - For webmails/desktop clients - "993:993" # IMAPS SSL/TLS - Optional - For webmails/desktop clients - "995:995" # POP3S SSL/TLS - Optional - For webmails/desktop clients @@ -157,6 +157,8 @@ services: image: wdes/mail-autodiscover-autoconfig:latest container_name: mail-autodiscover-autoconfig restart: always + networks: + - default environment: ROCKET_PROFILE: production ROCKET_ADDRESS: "0.0.0.0" @@ -164,6 +166,7 @@ services: APPLE_MAIL_UUID: ${AUTODISCOVER_AM_UUID} APPLE_PROFILE_UUID: ${AUTODISCOVER_AP_UUID} IMAP_HOSTNAME: ${SMTP_HOST} + POP_HOSTNAME: ${SMTP_HOST} SMTP_HOSTNAME: ${SMTP_HOST} nginx: -- GitLab From 5d7564255481c7a4318185a138e444e5eeba400c Mon Sep 17 00:00:00 2001 From: diroots Date: Thu, 11 Jan 2024 13:49:19 +0100 Subject: [PATCH 12/19] changed templates for autodiscover from @smu44 --- .../xml/autodiscover-error.xml.tera | 10 +++ .../xml/autodiscover-mobilesync.xml.tera | 19 +++++ config/autodiscover/xml/autodiscover.xml.tera | 32 ++++++++ config/autodiscover/xml/config-v1.1.xml.tera | 33 ++++++++ .../autodiscover/xml/email_mobileconfig.tera | 77 +++++++++++++++++++ templates/docker-compose/docker-compose.yml | 4 +- 6 files changed, 174 insertions(+), 1 deletion(-) create mode 100644 config/autodiscover/xml/autodiscover-error.xml.tera create mode 100644 config/autodiscover/xml/autodiscover-mobilesync.xml.tera create mode 100644 config/autodiscover/xml/autodiscover.xml.tera create mode 100644 config/autodiscover/xml/config-v1.1.xml.tera create mode 100644 config/autodiscover/xml/email_mobileconfig.tera diff --git a/config/autodiscover/xml/autodiscover-error.xml.tera b/config/autodiscover/xml/autodiscover-error.xml.tera new file mode 100644 index 0000000..c72a8b7 --- /dev/null +++ b/config/autodiscover/xml/autodiscover-error.xml.tera @@ -0,0 +1,10 @@ + + + + + 601 + Provider is not available + + + + diff --git a/config/autodiscover/xml/autodiscover-mobilesync.xml.tera b/config/autodiscover/xml/autodiscover-mobilesync.xml.tera new file mode 100644 index 0000000..2578513 --- /dev/null +++ b/config/autodiscover/xml/autodiscover-mobilesync.xml.tera @@ -0,0 +1,19 @@ + + + + en:en + + {{ display_name }} + {{ email_address }} + + + + + MobileSync + https://example.org/TODOmobilesyncURL + TODO: Mobile sync name + + + + + diff --git a/config/autodiscover/xml/autodiscover.xml.tera b/config/autodiscover/xml/autodiscover.xml.tera new file mode 100644 index 0000000..a865d5d --- /dev/null +++ b/config/autodiscover/xml/autodiscover.xml.tera @@ -0,0 +1,32 @@ + + + + + email + settings + + + IMAP + {{ imap_hostname }} + 993 + on + {{ domain }} + off + on + on + + + + SMTP + {{ smtp_hostname }} + 587 + on + {{ domain }} + off + on + on + + + + + diff --git a/config/autodiscover/xml/config-v1.1.xml.tera b/config/autodiscover/xml/config-v1.1.xml.tera new file mode 100644 index 0000000..654db27 --- /dev/null +++ b/config/autodiscover/xml/config-v1.1.xml.tera @@ -0,0 +1,33 @@ + + + + + {{ domain }} + {{ display_name }} + %EMAILLOCALPART% + + + {{ imap_hostname }} + 993 + SSL + password-cleartext + %EMAILADDRESS% + + + {{ imap_hostname }} + 143 + STARTTLS + password-cleartext + %EMAILADDRESS% + + + + {{ smtp_hostname }} + 587 + STARTTLS + password-cleartext + %EMAILADDRESS% + + + + diff --git a/config/autodiscover/xml/email_mobileconfig.tera b/config/autodiscover/xml/email_mobileconfig.tera new file mode 100644 index 0000000..038d76c --- /dev/null +++ b/config/autodiscover/xml/email_mobileconfig.tera @@ -0,0 +1,77 @@ + + + + + PayloadContent + + + EmailAccountDescription + {{ display_name }} + EmailAccountName + {{ display_name }} + EmailAccountType + EmailTypeIMAP + EmailAddress + {{ email_address }} + IncomingMailServerAuthentication + EmailAuthPassword + IncomingMailServerHostName + {{ imap_hostname }} + IncomingMailServerPortNumber + 993 + IncomingMailServerUseSSL + + IncomingMailServerUsername + {{ username }} + OutgoingMailServerAuthentication + EmailAuthPassword + OutgoingMailServerHostName + {{ smtp_hostname }} + OutgoingMailServerPortNumber + 587 + OutgoingMailServerUseSSL + + OutgoingMailServerUsername + {{ username }} + OutgoingPasswordSameAsIncomingPassword + + PayloadDescription + Email account configuration for {{ email_address }} + PayloadDisplayName + {{ display_name }} + PayloadIdentifier + {{ domain }}.autoconfig.{{ profile_uuid }} + PayloadType + com.apple.mail.managed + PayloadUUID + {{ profile_uuid }} + PayloadVersion + 1 + SMIMEEnablePerMessageSwitch + + SMIMEEnabled + + SMIMESigningEnabled + + disableMailRecentsSyncing + + + + PayloadDescription + Email account configuration for {{ email_address }} + PayloadDisplayName + {{ display_name }} + PayloadIdentifier + {{ domain }}.autoconfig.{{ mail_uuid }} + PayloadOrganization + {{ domain }} + PayloadRemovalDisallowed + + PayloadType + Configuration + PayloadUUID + {{ mail_uuid }} + PayloadVersion + 1 + + diff --git a/templates/docker-compose/docker-compose.yml b/templates/docker-compose/docker-compose.yml index d846234..d284fdf 100644 --- a/templates/docker-compose/docker-compose.yml +++ b/templates/docker-compose/docker-compose.yml @@ -13,7 +13,7 @@ services: - "25:25" # SMTP - Required - "110:110" # POP3 STARTTLS - Optional - For webmails/desktop clients - "143:143" # IMAP STARTTLS - Optional - For webmails/desktop clients - - "465:465" # SMTPS SSL/TLS - Optional - Enabled for compatibility reason, otherwise disabled + # - "465:465" # SMTPS SSL/TLS - Optional - Enabled for compatibility reason, otherwise disabled - "587:587" # Submission STARTTLS - Optional - For webmails/desktop clients - "993:993" # IMAPS SSL/TLS - Optional - For webmails/desktop clients - "995:995" # POP3S SSL/TLS - Optional - For webmails/desktop clients @@ -168,6 +168,8 @@ services: IMAP_HOSTNAME: ${SMTP_HOST} POP_HOSTNAME: ${SMTP_HOST} SMTP_HOSTNAME: ${SMTP_HOST} + volumes: + - /mnt/repo-base/config/autodiscover/xml:/usr/lib/mail-autodiscover-autoconfig/templates/xml nginx: image: nginx:stable-alpine -- GitLab From c91067cacc35981b5f45904bfda8dd281f2be7ee Mon Sep 17 00:00:00 2001 From: Sylvain Manceau Date: Fri, 12 Jan 2024 06:19:40 +0000 Subject: [PATCH 13/19] Add autoconfig from MR96, #2 --- .../xml/autodiscover-error.xml.tera | 10 +++ .../xml/autodiscover-mobilesync.xml.tera | 19 +++++ config/autodiscover/xml/autodiscover.xml.tera | 32 ++++++++ config/autodiscover/xml/config-v1.1.xml.tera | 33 ++++++++ .../autodiscover/xml/email_mobileconfig.tera | 77 +++++++++++++++++++ config/automx/.keep | 0 scripts/init-repo.sh | 11 ++- templates/docker-compose/docker-compose.yml | 22 +++--- templates/nginx/sites-enabled/autoconfig.conf | 2 +- upgrade-guides/upgrade-to-26.0.8.16 smu.md | 12 ++- 10 files changed, 200 insertions(+), 18 deletions(-) create mode 100644 config/autodiscover/xml/autodiscover-error.xml.tera create mode 100644 config/autodiscover/xml/autodiscover-mobilesync.xml.tera create mode 100644 config/autodiscover/xml/autodiscover.xml.tera create mode 100644 config/autodiscover/xml/config-v1.1.xml.tera create mode 100644 config/autodiscover/xml/email_mobileconfig.tera delete mode 100644 config/automx/.keep diff --git a/config/autodiscover/xml/autodiscover-error.xml.tera b/config/autodiscover/xml/autodiscover-error.xml.tera new file mode 100644 index 0000000..c72a8b7 --- /dev/null +++ b/config/autodiscover/xml/autodiscover-error.xml.tera @@ -0,0 +1,10 @@ + + + + + 601 + Provider is not available + + + + diff --git a/config/autodiscover/xml/autodiscover-mobilesync.xml.tera b/config/autodiscover/xml/autodiscover-mobilesync.xml.tera new file mode 100644 index 0000000..2578513 --- /dev/null +++ b/config/autodiscover/xml/autodiscover-mobilesync.xml.tera @@ -0,0 +1,19 @@ + + + + en:en + + {{ display_name }} + {{ email_address }} + + + + + MobileSync + https://example.org/TODOmobilesyncURL + TODO: Mobile sync name + + + + + diff --git a/config/autodiscover/xml/autodiscover.xml.tera b/config/autodiscover/xml/autodiscover.xml.tera new file mode 100644 index 0000000..a865d5d --- /dev/null +++ b/config/autodiscover/xml/autodiscover.xml.tera @@ -0,0 +1,32 @@ + + + + + email + settings + + + IMAP + {{ imap_hostname }} + 993 + on + {{ domain }} + off + on + on + + + + SMTP + {{ smtp_hostname }} + 587 + on + {{ domain }} + off + on + on + + + + + diff --git a/config/autodiscover/xml/config-v1.1.xml.tera b/config/autodiscover/xml/config-v1.1.xml.tera new file mode 100644 index 0000000..654db27 --- /dev/null +++ b/config/autodiscover/xml/config-v1.1.xml.tera @@ -0,0 +1,33 @@ + + + + + {{ domain }} + {{ display_name }} + %EMAILLOCALPART% + + + {{ imap_hostname }} + 993 + SSL + password-cleartext + %EMAILADDRESS% + + + {{ imap_hostname }} + 143 + STARTTLS + password-cleartext + %EMAILADDRESS% + + + + {{ smtp_hostname }} + 587 + STARTTLS + password-cleartext + %EMAILADDRESS% + + + + diff --git a/config/autodiscover/xml/email_mobileconfig.tera b/config/autodiscover/xml/email_mobileconfig.tera new file mode 100644 index 0000000..038d76c --- /dev/null +++ b/config/autodiscover/xml/email_mobileconfig.tera @@ -0,0 +1,77 @@ + + + + + PayloadContent + + + EmailAccountDescription + {{ display_name }} + EmailAccountName + {{ display_name }} + EmailAccountType + EmailTypeIMAP + EmailAddress + {{ email_address }} + IncomingMailServerAuthentication + EmailAuthPassword + IncomingMailServerHostName + {{ imap_hostname }} + IncomingMailServerPortNumber + 993 + IncomingMailServerUseSSL + + IncomingMailServerUsername + {{ username }} + OutgoingMailServerAuthentication + EmailAuthPassword + OutgoingMailServerHostName + {{ smtp_hostname }} + OutgoingMailServerPortNumber + 587 + OutgoingMailServerUseSSL + + OutgoingMailServerUsername + {{ username }} + OutgoingPasswordSameAsIncomingPassword + + PayloadDescription + Email account configuration for {{ email_address }} + PayloadDisplayName + {{ display_name }} + PayloadIdentifier + {{ domain }}.autoconfig.{{ profile_uuid }} + PayloadType + com.apple.mail.managed + PayloadUUID + {{ profile_uuid }} + PayloadVersion + 1 + SMIMEEnablePerMessageSwitch + + SMIMEEnabled + + SMIMESigningEnabled + + disableMailRecentsSyncing + + + + PayloadDescription + Email account configuration for {{ email_address }} + PayloadDisplayName + {{ display_name }} + PayloadIdentifier + {{ domain }}.autoconfig.{{ mail_uuid }} + PayloadOrganization + {{ domain }} + PayloadRemovalDisallowed + + PayloadType + Configuration + PayloadUUID + {{ mail_uuid }} + PayloadVersion + 1 + + diff --git a/config/automx/.keep b/config/automx/.keep deleted file mode 100644 index e69de29..0000000 diff --git a/scripts/init-repo.sh b/scripts/init-repo.sh index f7005c9..e21460a 100755 --- a/scripts/init-repo.sh +++ b/scripts/init-repo.sh @@ -78,9 +78,12 @@ echo "$DOMAIN,$VIRTUAL_HOST,mail.$DOMAIN,spam.$DOMAIN,welcome.$DOMAIN" | tr "," :; done -# Configure automx -cat templates/automx/automx.conf | sed "s/@@@DOMAIN@@@/$DOMAIN/g" > "config/automx/automx.conf" -chown www-data:www-data "config/automx/automx.conf" +# Configure autodiscover +#Generate 2 random UUIDs +UUID1=$(cat /proc/sys/kernel/random/uuid) +UUID2=$(cat /proc/sys/kernel/random/uuid) +echo "AUTODISCOVER_AM_UUID=$UUID1" >> "$ENVFILE" +echo "AUTODISCOVER_AP_UUID=$UUID2" >> "$ENVFILE" # Configure rspamd whitelist cat templates/mail/rspamd/ecloud/whitelist.sender.domain.map | sed "s/@@@DOMAIN@@@/$DOMAIN/g" > "config/mail/rspamd/ecloud/whitelist.sender.domain.map" @@ -91,7 +94,7 @@ chown -R 107:109 "config/mail/rspamd/ecloud/" # Configure nginx vhost -# automx +# autodiscover echo "$DOMAIN,$ADD_DOMAINS" | tr "," "\n" | while read CURDOMAIN; do cat "templates/nginx/sites-enabled/autoconfig.conf" | sed "s/@@@DOMAIN@@@/$CURDOMAIN/g" | sed "s/@@@SERVICE@@@/autoconfig/g" > "config/nginx/sites-enabled/autoconfig.$CURDOMAIN.conf" cat "templates/nginx/sites-enabled/autoconfig.conf" | sed "s/@@@DOMAIN@@@/$CURDOMAIN/g" | sed "s/@@@SERVICE@@@/autodiscover/g" > "config/nginx/sites-enabled/autodiscover.$CURDOMAIN.conf" diff --git a/templates/docker-compose/docker-compose.yml b/templates/docker-compose/docker-compose.yml index 0c73a52..6396a5d 100644 --- a/templates/docker-compose/docker-compose.yml +++ b/templates/docker-compose/docker-compose.yml @@ -153,19 +153,23 @@ services: - mariadb - redis - automx: - image: registry.gitlab.e.foundation/e/infra/docker-mailstack:automx-0.1.0 - container_name: automx - hostname: automx - environment: - - VIRTUAL_HOST=${VIRTUAL_HOST} - - DOMAIN=${DOMAIN} - - HOSTNAME=automx + mail-autodiscover-autoconfig: + image: wdes/mail-autodiscover-autoconfig:latest + container_name: mail-autodiscover-autoconfig restart: always networks: - default + environment: + ROCKET_PROFILE: production + ROCKET_ADDRESS: "0.0.0.0" + ROCKET_PORT: "80" + APPLE_MAIL_UUID: ${AUTODISCOVER_AM_UUID} + APPLE_PROFILE_UUID: ${AUTODISCOVER_AP_UUID} + IMAP_HOSTNAME: ${SMTP_HOST} + POP_HOSTNAME: ${SMTP_HOST} + SMTP_HOSTNAME: ${SMTP_HOST} volumes: - - /mnt/repo-base/config/automx/automx.conf:/etc/automx.conf + - /mnt/repo-base/config/autodiscover/xml:/usr/lib/mail-autodiscover-autoconfig/templates/xml nginx: image: nginx:stable-alpine diff --git a/templates/nginx/sites-enabled/autoconfig.conf b/templates/nginx/sites-enabled/autoconfig.conf index 9be5652..a590f52 100644 --- a/templates/nginx/sites-enabled/autoconfig.conf +++ b/templates/nginx/sites-enabled/autoconfig.conf @@ -26,7 +26,7 @@ server { #auth_basic_user_file /passwds/.htpasswd; location / { - proxy_pass http://automx:80; + proxy_pass http://mail-autodiscover-autoconfig:80; include /etc/nginx/params/proxy_params; } } diff --git a/upgrade-guides/upgrade-to-26.0.8.16 smu.md b/upgrade-guides/upgrade-to-26.0.8.16 smu.md index 1e92d71..f8ace17 100644 --- a/upgrade-guides/upgrade-to-26.0.8.16 smu.md +++ b/upgrade-guides/upgrade-to-26.0.8.16 smu.md @@ -6,13 +6,14 @@ - Go to `/mnt/repo_base`, then run: - `docker-compose stop` - - `git pull origin master` + - `git pull origin master` + +- Please make sure that all changes from https://gitlab.e.foundation/e/infra/ecloud-selfhosting/-/merge_requests/95/diffs are pulled. - In your `docker-compose.yml` file update the following: - Set the nextcloud image to `registry.gitlab.e.foundation/e/infra/ecloud/nextcloud/selfhost:26-0-8` - Set the mailserver image to `mailserver2/mailserver:1.1.15` - In the `nginx:` service, `depends_on:` section, replace `- automx` with `- mail-autodiscover-autoconfig` - - In the `mailserver:` service, `ports:` section, enable port 465 (remove the `#` at beginning) - Replace the whole `automx:` service with: ``` mail-autodiscover-autoconfig: @@ -30,13 +31,16 @@ IMAP_HOSTNAME: ${SMTP_HOST} POP_HOSTNAME: ${SMTP_HOST} SMTP_HOSTNAME: ${SMTP_HOST} + volumes: + - /mnt/repo-base/config/autodiscover/xml:/usr/lib/mail-autodiscover-autoconfig/templates/xml + ``` - Run: - - `. scripts/base.sh` + - `rm -rf config/automx/` - `echo "AUTODISCOVER_AM_UUID=$(cat /proc/sys/kernel/random/uuid)" >> "$ENVFILE"` - `echo "AUTODISCOVER_AP_UUID=$(cat /proc/sys/kernel/random/uuid)" >> "$ENVFILE"` - - `rm -rf config/automx/` + - `. scripts/base.sh` - In your `config/nginx/sites-enabled/nextcloud.conf` file change the following: - replace all occurences of `oc[ms]-provider` with `ocs-provider` (2 occurences, lines 83 & 98) (reference: https://github.com/nextcloud/server/issues/40803#issuecomment-1751717926) -- GitLab From 9466da551bae8ab2d95945ac033d42b3e0740f10 Mon Sep 17 00:00:00 2001 From: Sylvain Manceau Date: Sun, 14 Jan 2024 10:17:21 +0000 Subject: [PATCH 14/19] MTA-STS, attempt 1 --- README.md | 1 + config/mta-sts/.well-known/.keep | 0 scripts/init-repo.sh | 12 ++++++---- scripts/postinstall.sh | 4 ++++ templates/docker-compose/docker-compose.yml | 4 +++- templates/mta-sts/mta-sts.txt | 4 ++++ templates/nginx/sites-enabled/mta-sts.conf | 12 ++++++++++ templates/rainloop/application.ini | 7 ------ templates/rainloop/domain-config.ini | 16 ------------- upgrade-guides/upgrade-to-26.0.8.16 smu.md | 25 ++++++++++++++++++++- 10 files changed, 56 insertions(+), 29 deletions(-) create mode 100644 config/mta-sts/.well-known/.keep create mode 100644 templates/mta-sts/mta-sts.txt create mode 100644 templates/nginx/sites-enabled/mta-sts.conf delete mode 100644 templates/rainloop/application.ini delete mode 100644 templates/rainloop/domain-config.ini diff --git a/README.md b/README.md index 09a44b3..91f5232 100644 --- a/README.md +++ b/README.md @@ -125,6 +125,7 @@ CNAME | autoconfig.yourdomain.com | mail.yourdomain.com | CNAME | autodiscover.yourdomain.com | mail.yourdomain.com | - CNAME | spam.yourdomain.com | mail.yourdomain.com | - CNAME | welcome.yourdomain.com | mail.yourdomain.com | - +CNAME | mta-sts.yourdomain.com | mail.yourdomain.com | - ================================================================================================================================= ================================================================================================================================= diff --git a/config/mta-sts/.well-known/.keep b/config/mta-sts/.well-known/.keep new file mode 100644 index 0000000..e69de29 diff --git a/scripts/init-repo.sh b/scripts/init-repo.sh index e21460a..2e4ae34 100755 --- a/scripts/init-repo.sh +++ b/scripts/init-repo.sh @@ -58,7 +58,7 @@ source /mnt/repo-base/scripts/base.sh DC_DIR="templates/docker-compose/" cat "${DC_DIR}docker-compose.yml" > docker-compose.yml -NUM_CERTIFICATES="3" +NUM_CERTIFICATES="4" # To be constructed repo specific echo "VHOSTS_ACCOUNTS=welcome.$DOMAIN" >> "$ENVFILE" @@ -73,11 +73,10 @@ echo "VIRTUAL_HOST=$VIRTUAL_HOST" >> "$ENVFILE" # fill autorenew config rm -f "/mnt/repo-base/config/letsencrypt/autorenew/ssl-domains.dat" -echo "$DOMAIN,$VIRTUAL_HOST,mail.$DOMAIN,spam.$DOMAIN,welcome.$DOMAIN" | tr "," "\n" | while read CURDOMAIN; do +echo "$DOMAIN,$VIRTUAL_HOST,mail.$DOMAIN,spam.$DOMAIN,welcome.$DOMAIN,mta-sts.$DOMAIN" | tr "," "\n" | while read CURDOMAIN; do echo "$CURDOMAIN" >> config/letsencrypt/autorenew/ssl-domains.dat :; done - # Configure autodiscover #Generate 2 random UUIDs UUID1=$(cat /proc/sys/kernel/random/uuid) @@ -85,6 +84,10 @@ UUID2=$(cat /proc/sys/kernel/random/uuid) echo "AUTODISCOVER_AM_UUID=$UUID1" >> "$ENVFILE" echo "AUTODISCOVER_AP_UUID=$UUID2" >> "$ENVFILE" +# Configure MTA-STS +cat templates/mta-sts/mta-sts.txt | sed "s/@@@SMTP_HOST@@@/$SMTP_HOST/g" > "config/mta-sts/.well-known/mta-sts.txt" +chown -R www-data:www-data "config/mta-sts/" + # Configure rspamd whitelist cat templates/mail/rspamd/ecloud/whitelist.sender.domain.map | sed "s/@@@DOMAIN@@@/$DOMAIN/g" > "config/mail/rspamd/ecloud/whitelist.sender.domain.map" @@ -105,6 +108,7 @@ cat "templates/nginx/sites-enabled/nextcloud.conf" | sed "s/@@@DOMAIN@@@/$DOMAIN cat "templates/nginx/sites-enabled/postfixadmin.conf" | sed "s/@@@DOMAIN@@@/$DOMAIN/g" > "config/nginx/sites-enabled/postfixadmin.conf" cat "templates/nginx/sites-enabled/rspamd.conf" | sed "s/@@@DOMAIN@@@/$DOMAIN/g" > "config/nginx/sites-enabled/rspamd.conf" cat "templates/nginx/sites-enabled/welcome.conf" | sed "s/@@@DOMAIN@@@/$DOMAIN/g" > "config/nginx/sites-enabled/welcome.conf" +cat "templates/nginx/sites-enabled/mta-sts.conf" | sed "s/@@@DOMAIN@@@/$DOMAIN/g" > "config/nginx/sites-enabled/mta-sts.conf" # confirm DNS is ready echo "" @@ -124,7 +128,7 @@ echo "$ADD_DOMAINS" | tr "," "\n" | while read CURDOMAIN; do :; done echo "PTR(For reverse DNS),|,,|,mail.$DOMAIN,|,-" >> "$tempfile" echo "" -echo "$VIRTUAL_HOST,spam.$DOMAIN,welcome.$DOMAIN" | tr "," "\n" | while read CURDOMAIN; do +echo "$VIRTUAL_HOST,spam.$DOMAIN,welcome.$DOMAIN,mta-sts.$DOMAIN" | tr "," "\n" | while read CURDOMAIN; do echo "CNAME,|,$CURDOMAIN,|,mail.$DOMAIN,|,-" >> "$tempfile" :; done column "$tempfile" -t -s "," diff --git a/scripts/postinstall.sh b/scripts/postinstall.sh index 470b233..307e3e5 100755 --- a/scripts/postinstall.sh +++ b/scripts/postinstall.sh @@ -172,6 +172,10 @@ find /mnt/repo-base/volumes/mail/dkim/ -maxdepth 1 -mindepth 1 -type d | while r echo "_dmarc IN TXT 'v=DMARC1;p=reject;sp=reject;pct=100;rua=mailto:postmaster@$DOMAIN;ri=86400;aspf=r;adkim=r;fo=1'" echo " - SPF record (TXT) for $DOMAIN:" echo "@ IN TXT 'v=spf1 a ip4:$IP ~all'" + echo " - MTA-STS records (TXT) for $DOMAIN:" + echo "_smtp._tls IN TXT 'v=TLSRPTv1; rua=mailto:postmaster@'$DOMAIN'" + echo "_mta-sts IN TXT 'v=STSv1;id='$(date +%Y%m%d%H)'" + done echo "=================================================================================================================================" diff --git a/templates/docker-compose/docker-compose.yml b/templates/docker-compose/docker-compose.yml index 6396a5d..1915694 100644 --- a/templates/docker-compose/docker-compose.yml +++ b/templates/docker-compose/docker-compose.yml @@ -80,6 +80,7 @@ services: volumes: - /mnt/repo-base/volumes/mysql/db/data:/var/lib/mysql - /mnt/repo-base/config/mariadb/:/etc/mysql/conf.d/:ro + redis: image: redis:6.2-alpine container_name: redis @@ -187,9 +188,10 @@ services: - /mnt/repo-base/config/nginx/passwds:/passwds - /mnt/repo-base/config/letsencrypt/acme-challenge:/etc/letsencrypt/acme-challenge - /mnt/repo-base/volumes/nextcloud/html:/var/www/html + - /mnt/repo-base/config/mta-sts:/var/www/mta-sts depends_on: - nextcloud - - automx + - mail-autodiscover-autoconfig - postfixadmin - welcome - mailserver diff --git a/templates/mta-sts/mta-sts.txt b/templates/mta-sts/mta-sts.txt new file mode 100644 index 0000000..fd83580 --- /dev/null +++ b/templates/mta-sts/mta-sts.txt @@ -0,0 +1,4 @@ +version: STSv1 +mode: enforce +max_age: 10368000 +mx: @@@SMTP_HOST@@@ diff --git a/templates/nginx/sites-enabled/mta-sts.conf b/templates/nginx/sites-enabled/mta-sts.conf new file mode 100644 index 0000000..a3110a7 --- /dev/null +++ b/templates/nginx/sites-enabled/mta-sts.conf @@ -0,0 +1,12 @@ +server { + listen 4430 ssl http2; + server_name mta-sts.@@@DOMAIN@@@; + + ssl_certificate /certs/live/mta-sts.@@@DOMAIN@@@/fullchain.pem; + ssl_certificate_key /certs/live/mta-sts.@@@DOMAIN@@@/privkey.pem; + + include /etc/nginx/params/ssl_params; + include /etc/nginx/params/headers_params; + + root /var/www/mta-sts; +} diff --git a/templates/rainloop/application.ini b/templates/rainloop/application.ini deleted file mode 100644 index 486ec0c..0000000 --- a/templates/rainloop/application.ini +++ /dev/null @@ -1,7 +0,0 @@ -[webmail] -title = "Email - /e/" -theme = "Clear" - -[login] -default_domain = "@@@DOMAIN@@@" - diff --git a/templates/rainloop/domain-config.ini b/templates/rainloop/domain-config.ini deleted file mode 100644 index 179cbc3..0000000 --- a/templates/rainloop/domain-config.ini +++ /dev/null @@ -1,16 +0,0 @@ -imap_host = "mailserver" -imap_port = 993 -imap_secure = "SSL" -imap_short_login = Off -sieve_use = Off -sieve_allow_raw = Off -sieve_host = "mailserver" -sieve_port = 4190 -sieve_secure = "TLS" -smtp_host = "mailserver" -smtp_port = 587 -smtp_secure = "TLS" -smtp_short_login = Off -smtp_auth = On -smtp_php_mail = Off -white_list = "" diff --git a/upgrade-guides/upgrade-to-26.0.8.16 smu.md b/upgrade-guides/upgrade-to-26.0.8.16 smu.md index f8ace17..68929d4 100644 --- a/upgrade-guides/upgrade-to-26.0.8.16 smu.md +++ b/upgrade-guides/upgrade-to-26.0.8.16 smu.md @@ -35,12 +35,28 @@ - /mnt/repo-base/config/autodiscover/xml:/usr/lib/mail-autodiscover-autoconfig/templates/xml ``` + - Add this line to `nginx:` service, `volumes:` section: +``` + - /mnt/repo-base/config/mta-sts:/var/www/mta-sts +``` + +- Run: + - `. scripts/base.sh` + +- In you DNS zone, add the records generated by the following commands: + - `echo "_smtp._tls.$DOMAIN TXT" '"v=TLSRPTv1; rua=mailto:postmaster@'$DOMAIN'"'` + - `echo "_mta-sts.$DOMAIN" TXT '"v=STSv1;id='$(date +%Y%m%d%H)'"'` + - `echo "mta-sts.$DOMAIN CNAME mail.$DOMAIN"` - Run: - `rm -rf config/automx/` - `echo "AUTODISCOVER_AM_UUID=$(cat /proc/sys/kernel/random/uuid)" >> "$ENVFILE"` - `echo "AUTODISCOVER_AP_UUID=$(cat /proc/sys/kernel/random/uuid)" >> "$ENVFILE"` - - `. scripts/base.sh` + - `cat templates/mta-sts/mta-sts.txt | sed "s/@@@SMTP_HOST@@@/$SMTP_HOST/g" > "config/mta-sts/.well-known/mta-sts.txt"` + - `chown -R www-data:www-data "config/mta-sts/"` + - `cat templates/nginx/sites-enabled/mta-sts.conf | sed "s/@@@DOMAIN@@@/$DOMAIN/g" > "config/nginx/sites-enabled/mta-sts.conf"` + - `echo "mta-sts.$DOMAIN" >> config/letsencrypt/autorenew/ssl-domains.dat` + - `bash scripts/ssl-renew.sh` - In your `config/nginx/sites-enabled/nextcloud.conf` file change the following: - replace all occurences of `oc[ms]-provider` with `ocs-provider` (2 occurences, lines 83 & 98) (reference: https://github.com/nextcloud/server/issues/40803#issuecomment-1751717926) @@ -65,6 +81,13 @@ - Check all settings subsections starting from `/settings/admin/overview` while logged in with the admin user account to identify any issues found post upgrade +- Check your new MTA-STS: + - On your server, launch: `docker logs --details --timestamps --since 10m --follow nginx` + - Check you server with: https://www.hardenize.com/ + - You should see a line like `GET /.well-known/mta-sts.txt HTTP/1.1" 200 65 "-" "curl/7.54" "-"` in your log + - Check Hardenize report about MTA-STS + - Exit log viewer with Ctrl+C + - Examine Docker situation with `docker ps` and `docker images` - If everything is OK (all needed containers running), you can cleanup with `docker system prune -a` -- GitLab From 58adfa528b3f7233b13f6600b6468a642893c4d9 Mon Sep 17 00:00:00 2001 From: Sylvain Manceau Date: Tue, 16 Jan 2024 13:58:57 +0000 Subject: [PATCH 15/19] Upgrade guide, final commit --- upgrade-guides/upgrade-to-26.0.8.16 smu.md | 93 --------------------- upgrade-guides/upgrade-to-26.0.8.16.md | 96 ++++++++++++++-------- 2 files changed, 64 insertions(+), 125 deletions(-) delete mode 100644 upgrade-guides/upgrade-to-26.0.8.16 smu.md diff --git a/upgrade-guides/upgrade-to-26.0.8.16 smu.md b/upgrade-guides/upgrade-to-26.0.8.16 smu.md deleted file mode 100644 index 68929d4..0000000 --- a/upgrade-guides/upgrade-to-26.0.8.16 smu.md +++ /dev/null @@ -1,93 +0,0 @@ -# To upgrade from ecloud 25.0.8.19 to 26.0.8.16 - - -- As usual, upgrade your OS with latest patchs, optionally take backup/snapshot - - NB: you may want to filter out incomming email (TCP 25 & 587) during this upgrade, to avoid losing any messages in case of a rollback - -- Go to `/mnt/repo_base`, then run: - - `docker-compose stop` - - `git pull origin master` - -- Please make sure that all changes from https://gitlab.e.foundation/e/infra/ecloud-selfhosting/-/merge_requests/95/diffs are pulled. - -- In your `docker-compose.yml` file update the following: - - Set the nextcloud image to `registry.gitlab.e.foundation/e/infra/ecloud/nextcloud/selfhost:26-0-8` - - Set the mailserver image to `mailserver2/mailserver:1.1.15` - - In the `nginx:` service, `depends_on:` section, replace `- automx` with `- mail-autodiscover-autoconfig` - - Replace the whole `automx:` service with: -``` - mail-autodiscover-autoconfig: - image: wdes/mail-autodiscover-autoconfig:latest - container_name: mail-autodiscover-autoconfig - restart: always - networks: - - default - environment: - ROCKET_PROFILE: production - ROCKET_ADDRESS: "0.0.0.0" - ROCKET_PORT: "80" - APPLE_MAIL_UUID: ${AUTODISCOVER_AM_UUID} - APPLE_PROFILE_UUID: ${AUTODISCOVER_AP_UUID} - IMAP_HOSTNAME: ${SMTP_HOST} - POP_HOSTNAME: ${SMTP_HOST} - SMTP_HOSTNAME: ${SMTP_HOST} - volumes: - - /mnt/repo-base/config/autodiscover/xml:/usr/lib/mail-autodiscover-autoconfig/templates/xml - -``` - - Add this line to `nginx:` service, `volumes:` section: -``` - - /mnt/repo-base/config/mta-sts:/var/www/mta-sts -``` - -- Run: - - `. scripts/base.sh` - -- In you DNS zone, add the records generated by the following commands: - - `echo "_smtp._tls.$DOMAIN TXT" '"v=TLSRPTv1; rua=mailto:postmaster@'$DOMAIN'"'` - - `echo "_mta-sts.$DOMAIN" TXT '"v=STSv1;id='$(date +%Y%m%d%H)'"'` - - `echo "mta-sts.$DOMAIN CNAME mail.$DOMAIN"` - -- Run: - - `rm -rf config/automx/` - - `echo "AUTODISCOVER_AM_UUID=$(cat /proc/sys/kernel/random/uuid)" >> "$ENVFILE"` - - `echo "AUTODISCOVER_AP_UUID=$(cat /proc/sys/kernel/random/uuid)" >> "$ENVFILE"` - - `cat templates/mta-sts/mta-sts.txt | sed "s/@@@SMTP_HOST@@@/$SMTP_HOST/g" > "config/mta-sts/.well-known/mta-sts.txt"` - - `chown -R www-data:www-data "config/mta-sts/"` - - `cat templates/nginx/sites-enabled/mta-sts.conf | sed "s/@@@DOMAIN@@@/$DOMAIN/g" > "config/nginx/sites-enabled/mta-sts.conf"` - - `echo "mta-sts.$DOMAIN" >> config/letsencrypt/autorenew/ssl-domains.dat` - - `bash scripts/ssl-renew.sh` - -- In your `config/nginx/sites-enabled/nextcloud.conf` file change the following: - - replace all occurences of `oc[ms]-provider` with `ocs-provider` (2 occurences, lines 83 & 98) (reference: https://github.com/nextcloud/server/issues/40803#issuecomment-1751717926) - -- In your `config/nginx/sites-enabled/autoconfig.$DOMAIN.conf` and `config/nginx/sites-enabled/autodiscover.$DOMAIN.conf` files change the following: - - replace `proxy_pass http://automx:80;` with `proxy_pass http://mail-autodiscover-autoconfig:80;` - -- Run `docker-compose pull` -- If pulls are OK, run `docker-compose up -d` - -- Examine `docker-compose logs --tail=500 nextcloud` for the following messages: - - `nextcloud | Upgrading nextcloud from x.x.x.x ...` (x.x.x.x is your previous Nextcloud version) - - `nextcloud | Update successful` - -- Run: - - `docker-compose exec -T --user www-data nextcloud php occ db:add-missing-indices` - - `docker exec -u www-data nextcloud /var/www/html/occ -f app:enable bruteforcesettings` - - `docker exec -u www-data nextcloud /var/www/html/occ -f app:enable suspicious_login` - - `docker exec -u www-data nextcloud /var/www/html/occ -f app:enable twofactor_totp` - - `docker exec -u www-data nextcloud /var/www/html/occ -f app:enable user_backend_sql_raw` - - `docker exec -u www-data nextcloud /var/www/html/occ config:system:set main_domain` - -- Check all settings subsections starting from `/settings/admin/overview` while logged in with the admin user account to identify any issues found post upgrade - -- Check your new MTA-STS: - - On your server, launch: `docker logs --details --timestamps --since 10m --follow nginx` - - Check you server with: https://www.hardenize.com/ - - You should see a line like `GET /.well-known/mta-sts.txt HTTP/1.1" 200 65 "-" "curl/7.54" "-"` in your log - - Check Hardenize report about MTA-STS - - Exit log viewer with Ctrl+C - -- Examine Docker situation with `docker ps` and `docker images` - - If everything is OK (all needed containers running), you can cleanup with `docker system prune -a` - diff --git a/upgrade-guides/upgrade-to-26.0.8.16.md b/upgrade-guides/upgrade-to-26.0.8.16.md index 4623246..68929d4 100644 --- a/upgrade-guides/upgrade-to-26.0.8.16.md +++ b/upgrade-guides/upgrade-to-26.0.8.16.md @@ -6,15 +6,63 @@ - Go to `/mnt/repo_base`, then run: - `docker-compose stop` - - `git pull origin master` + - `git pull origin master` + +- Please make sure that all changes from https://gitlab.e.foundation/e/infra/ecloud-selfhosting/-/merge_requests/95/diffs are pulled. - In your `docker-compose.yml` file update the following: - Set the nextcloud image to `registry.gitlab.e.foundation/e/infra/ecloud/nextcloud/selfhost:26-0-8` - - Set `OVERWRITEPROTOCOL=https` - Set the mailserver image to `mailserver2/mailserver:1.1.15` + - In the `nginx:` service, `depends_on:` section, replace `- automx` with `- mail-autodiscover-autoconfig` + - Replace the whole `automx:` service with: +``` + mail-autodiscover-autoconfig: + image: wdes/mail-autodiscover-autoconfig:latest + container_name: mail-autodiscover-autoconfig + restart: always + networks: + - default + environment: + ROCKET_PROFILE: production + ROCKET_ADDRESS: "0.0.0.0" + ROCKET_PORT: "80" + APPLE_MAIL_UUID: ${AUTODISCOVER_AM_UUID} + APPLE_PROFILE_UUID: ${AUTODISCOVER_AP_UUID} + IMAP_HOSTNAME: ${SMTP_HOST} + POP_HOSTNAME: ${SMTP_HOST} + SMTP_HOSTNAME: ${SMTP_HOST} + volumes: + - /mnt/repo-base/config/autodiscover/xml:/usr/lib/mail-autodiscover-autoconfig/templates/xml + +``` + - Add this line to `nginx:` service, `volumes:` section: +``` + - /mnt/repo-base/config/mta-sts:/var/www/mta-sts +``` + +- Run: + - `. scripts/base.sh` + +- In you DNS zone, add the records generated by the following commands: + - `echo "_smtp._tls.$DOMAIN TXT" '"v=TLSRPTv1; rua=mailto:postmaster@'$DOMAIN'"'` + - `echo "_mta-sts.$DOMAIN" TXT '"v=STSv1;id='$(date +%Y%m%d%H)'"'` + - `echo "mta-sts.$DOMAIN CNAME mail.$DOMAIN"` -- In your config/nginx/sites-enabled/nextcloud.conf file, replace: - - add_header X-Robots-Tag "none" always; with add_header X-Robots-Tag "noindex,nofollow" always; +- Run: + - `rm -rf config/automx/` + - `echo "AUTODISCOVER_AM_UUID=$(cat /proc/sys/kernel/random/uuid)" >> "$ENVFILE"` + - `echo "AUTODISCOVER_AP_UUID=$(cat /proc/sys/kernel/random/uuid)" >> "$ENVFILE"` + - `cat templates/mta-sts/mta-sts.txt | sed "s/@@@SMTP_HOST@@@/$SMTP_HOST/g" > "config/mta-sts/.well-known/mta-sts.txt"` + - `chown -R www-data:www-data "config/mta-sts/"` + - `cat templates/nginx/sites-enabled/mta-sts.conf | sed "s/@@@DOMAIN@@@/$DOMAIN/g" > "config/nginx/sites-enabled/mta-sts.conf"` + - `echo "mta-sts.$DOMAIN" >> config/letsencrypt/autorenew/ssl-domains.dat` + - `bash scripts/ssl-renew.sh` + +- In your `config/nginx/sites-enabled/nextcloud.conf` file change the following: + - replace all occurences of `oc[ms]-provider` with `ocs-provider` (2 occurences, lines 83 & 98) (reference: https://github.com/nextcloud/server/issues/40803#issuecomment-1751717926) + +- In your `config/nginx/sites-enabled/autoconfig.$DOMAIN.conf` and `config/nginx/sites-enabled/autodiscover.$DOMAIN.conf` files change the following: + - replace `proxy_pass http://automx:80;` with `proxy_pass http://mail-autodiscover-autoconfig:80;` - Run `docker-compose pull` - If pulls are OK, run `docker-compose up -d` @@ -25,37 +73,21 @@ - Run: - `docker-compose exec -T --user www-data nextcloud php occ db:add-missing-indices` - - `docker exec -u www-data nextcloud /var/www/html/occ app:remove ecloud-dashboard` - - `docker exec -u www-data nextcloud /var/www/html/occ -f app:enable murena-dashboard` - `docker exec -u www-data nextcloud /var/www/html/occ -f app:enable bruteforcesettings` - `docker exec -u www-data nextcloud /var/www/html/occ -f app:enable suspicious_login` - `docker exec -u www-data nextcloud /var/www/html/occ -f app:enable twofactor_totp` - `docker exec -u www-data nextcloud /var/www/html/occ -f app:enable user_backend_sql_raw` - - `docker exec -u www-data nextcloud /var/www/html/occ config:system:set defaultapp --value "murena-dashboard,files"` - -`. scripts/base.sh` - -`docker exec -u www-data nextcloud /var/www/html/occ config:system:set main_domain --value $DOMAIN` - -`docker exec -u www-data nextcloud /var/www/html/occ config:system:set legacy_domain --value $DOMAIN` - -- $DOMAIN used above is the main domain where selfhost is installed - -- We added new murena logo in this theme and also added a new helper app-`selfhost-theme-helper` - - Enable the `selfhost-theme-helper` app: - - `docker exec -u www-data nextcloud /var/www/html/occ app:enable selfhost-theme-helper` - -- Videos previews can be enabled in this update, as ffmpeg is bundled in the image. - - if you did not defined any specific preview providers, to respect the default ones listed in [config.sample.php for nextcloud 25](https://github.com/nextcloud/server/blob/stable25/config/config.sample.php#L1220), you can set : - -`docker exec -u www-data nextcloud /var/www/html/occ config:system:set enabledPreviewProviders 0 --value='OC\Preview\PNG'` - -`docker exec -u www-data nextcloud /var/www/html/occ config:system:set enabledPreviewProviders 1 --value='OC\Preview\JPEG'` - -`docker exec -u www-data nextcloud /var/www/html/occ config:system:set enabledPreviewProviders 2 --value='OC\Preview\GIF'` - -`docker exec -u www-data nextcloud /var/www/html/occ config:system:set enabledPreviewProviders 3 --value='OC\Preview\BMP'` - -`docker exec -u www-data nextcloud /var/www/html/occ config:system:set enabledPreviewProviders 4 --value='OC\Preview\XBitmap'` - -`docker exec -u www-data nextcloud /var/www/html/occ config:system:set enabledPreviewProviders 5 --value='OC\Preview\MP3'` - -`docker exec -u www-data nextcloud /var/www/html/occ config:system:set enabledPreviewProviders 6 --value='OC\Preview\TXT'` - -`docker exec -u www-data nextcloud /var/www/html/occ config:system:set enabledPreviewProviders 7 --value='OC\Preview\MarkDown'` - -`docker exec -u www-data nextcloud /var/www/html/occ config:system:set enabledPreviewProviders 8 --value='OC\Preview\OpenDocument'` - -`docker exec -u www-data nextcloud /var/www/html/occ config:system:set enabledPreviewProviders 9 --value='OC\Preview\Krita'` - -`docker exec -u www-data nextcloud /var/www/html/occ config:system:set enabledPreviewProviders 10 --value='OC\Preview\Movie'` - - - if you have a custom list of PreviewProviders, just add the `OC\Preview\Movie` in the list + - `docker exec -u www-data nextcloud /var/www/html/occ config:system:set main_domain` - Check all settings subsections starting from `/settings/admin/overview` while logged in with the admin user account to identify any issues found post upgrade + +- Check your new MTA-STS: + - On your server, launch: `docker logs --details --timestamps --since 10m --follow nginx` + - Check you server with: https://www.hardenize.com/ + - You should see a line like `GET /.well-known/mta-sts.txt HTTP/1.1" 200 65 "-" "curl/7.54" "-"` in your log + - Check Hardenize report about MTA-STS + - Exit log viewer with Ctrl+C + +- Examine Docker situation with `docker ps` and `docker images` + - If everything is OK (all needed containers running), you can cleanup with `docker system prune -a` + -- GitLab From c2bd1167cb0c5586d381867646425c0a9e694ae5 Mon Sep 17 00:00:00 2001 From: Sylvain Manceau Date: Tue, 16 Jan 2024 15:57:26 +0000 Subject: [PATCH 16/19] NC26 fresh attempt 1 --- scripts/init-repo.sh | 4 ++-- scripts/postinstall.sh | 5 ++++- 2 files changed, 6 insertions(+), 3 deletions(-) diff --git a/scripts/init-repo.sh b/scripts/init-repo.sh index 2e4ae34..c9a865f 100755 --- a/scripts/init-repo.sh +++ b/scripts/init-repo.sh @@ -85,7 +85,7 @@ echo "AUTODISCOVER_AM_UUID=$UUID1" >> "$ENVFILE" echo "AUTODISCOVER_AP_UUID=$UUID2" >> "$ENVFILE" # Configure MTA-STS -cat templates/mta-sts/mta-sts.txt | sed "s/@@@SMTP_HOST@@@/$SMTP_HOST/g" > "config/mta-sts/.well-known/mta-sts.txt" +cat templates/mta-sts/mta-sts.txt | sed "s/@@@SMTP_HOST@@@/mail.$DOMAIN/g" > "config/mta-sts/.well-known/mta-sts.txt" chown -R www-data:www-data "config/mta-sts/" # Configure rspamd whitelist @@ -169,7 +169,7 @@ echo "NC_HOST_IP=$IP" >> "$ENVFILE" bash scripts/ssl-renew.sh # verify LE status -CTR_LE=$(find config/letsencrypt/certstore/live/mail.$DOMAIN/privkey.pem config/letsencrypt/certstore/live/spam.$DOMAIN/privkey.pem config/letsencrypt/certstore/live/welcome.$DOMAIN/privkey.pem 2>/dev/null| wc -l) +CTR_LE=$(find config/letsencrypt/certstore/live/mail.$DOMAIN/privkey.pem config/letsencrypt/certstore/live/spam.$DOMAIN/privkey.pem config/letsencrypt/certstore/live/welcome.$DOMAIN/privkey.pem config/letsencrypt/certstore/live/mta-sts.$DOMAIN/privkey.pem 2>/dev/null| wc -l) CTR_AC_LE=$(echo "$VIRTUAL_HOST" | tr "," "\n" | while read CURDOMAIN; do find config/letsencrypt/certstore/live/$CURDOMAIN/privkey.pem 2>/dev/null | grep $CURDOMAIN && echo found || echo missing; done | grep missing | wc -l) if [ "$CTR_LE$CTR_AC_LE" = "${NUM_CERTIFICATES}0" ] diff --git a/scripts/postinstall.sh b/scripts/postinstall.sh index 307e3e5..8002a8f 100755 --- a/scripts/postinstall.sh +++ b/scripts/postinstall.sh @@ -51,10 +51,13 @@ docker-compose exec -T --user www-data nextcloud php /var/www/html/occ app:enabl docker-compose exec -T --user www-data nextcloud php /var/www/html/occ app:enable selfhost-theme-helper docker-compose exec -T --user www-data nextcloud php /var/www/html/occ app:enable murena-dashboard docker-compose exec -T --user www-data nextcloud php /var/www/html/occ app:enable murena_launcher +docker-compose exec -T --user www-data nextcloud php /var/www/html/occ app:enable drop_account +docker-compose exec -T --user www-data nextcloud php /var/www/html/occ app:enable bruteforcesettings +docker-compose exec -T --user www-data nextcloud php /var/www/html/occ app:enable suspicious_login +docker-compose exec -T --user www-data nextcloud php /var/www/html/occ app:enable twofactor_totp docker-compose exec -T --user www-data nextcloud php /var/www/html/occ app:disable firstrunwizard docker-compose exec -T --user www-data nextcloud php /var/www/html/occ config:app:set snappymail snappymail-autologin-with-email --value 1 docker-compose exec -T --user www-data nextcloud php /var/www/html/occ app:install tasks -docker-compose exec -T --user www-data nextcloud php /var/www/html/occ app:install drop_account docker-compose exec -T --user www-data nextcloud php /var/www/html/occ config:system:set integrity.check.disabled --value='true' --type=boolean -- GitLab From 7bd38239e808b88f3a458aaa44766e2f3eb2a700 Mon Sep 17 00:00:00 2001 From: diroots Date: Fri, 19 Jan 2024 09:26:27 +0100 Subject: [PATCH 17/19] update mailserver to latest 1.1.16 --- templates/docker-compose/docker-compose.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/templates/docker-compose/docker-compose.yml b/templates/docker-compose/docker-compose.yml index 494cb64..15a734e 100644 --- a/templates/docker-compose/docker-compose.yml +++ b/templates/docker-compose/docker-compose.yml @@ -2,7 +2,7 @@ version: '3' services: mailserver: - image: mailserver2/mailserver:1.1.15 + image: mailserver2/mailserver:1.1.16 container_name: mailserver domainname: ${DOMAIN} # Mail server A/MX/FQDN & reverse PTR = mail.${DOMAIN}. hostname: mail -- GitLab From a03ee41f5a1140292a6c875dae9a08cf449ad42c Mon Sep 17 00:00:00 2001 From: Sylvain Manceau Date: Sat, 20 Jan 2024 09:53:14 +0000 Subject: [PATCH 18/19] mailserver 1.1.16 in upgrade guide --- upgrade-guides/upgrade-to-26.0.8.16.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/upgrade-guides/upgrade-to-26.0.8.16.md b/upgrade-guides/upgrade-to-26.0.8.16.md index 68929d4..a262a21 100644 --- a/upgrade-guides/upgrade-to-26.0.8.16.md +++ b/upgrade-guides/upgrade-to-26.0.8.16.md @@ -12,7 +12,7 @@ - In your `docker-compose.yml` file update the following: - Set the nextcloud image to `registry.gitlab.e.foundation/e/infra/ecloud/nextcloud/selfhost:26-0-8` - - Set the mailserver image to `mailserver2/mailserver:1.1.15` + - Set the mailserver image to `mailserver2/mailserver:1.1.16` - In the `nginx:` service, `depends_on:` section, replace `- automx` with `- mail-autodiscover-autoconfig` - Replace the whole `automx:` service with: ``` -- GitLab From 6d86efca5c2c19b17ba2812fb19c1890ba764a37 Mon Sep 17 00:00:00 2001 From: Avinash Gusain Date: Mon, 22 Jan 2024 11:39:52 +0530 Subject: [PATCH 19/19] file name change --- .../{upgrade-to-26.0.8.16.md => upgrade-to-26.0.8.23.md} | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) rename upgrade-guides/{upgrade-to-26.0.8.16.md => upgrade-to-26.0.8.23.md} (98%) diff --git a/upgrade-guides/upgrade-to-26.0.8.16.md b/upgrade-guides/upgrade-to-26.0.8.23.md similarity index 98% rename from upgrade-guides/upgrade-to-26.0.8.16.md rename to upgrade-guides/upgrade-to-26.0.8.23.md index a262a21..65aee63 100644 --- a/upgrade-guides/upgrade-to-26.0.8.16.md +++ b/upgrade-guides/upgrade-to-26.0.8.23.md @@ -1,4 +1,4 @@ -# To upgrade from ecloud 25.0.8.19 to 26.0.8.16 +# To upgrade from ecloud 25.0.8.19 to 26.0.8.23 - As usual, upgrade your OS with latest patchs, optionally take backup/snapshot -- GitLab