public/mailcow-dockerized
1
0
Fork 0
mirror of https://github.com/mailcow/mailcow-dockerized.git synced 2025-12-23 23:01:34 +00:00
Code Issues Releases Wiki Activity

[SOGo][Web] Enable SOGo URL Encryption

Browse Source
This commit is contained in:
FreddleSpl0it
2025-09-22 12:28:09 +02:00
parent 2891bbf82a
commit 260906e350
4 changed files with 8 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
data/Dockerfiles/sogo/bootstrap-sogo.sh
View File

@@ -50,6 +50,10 @@ cat <<EOF > /var/lib/sogo/GNUstep/Defaults/sogod.plist
<string>YES</string> <string>YES</string>
<key>SOGoEncryptionKey</key> <key>SOGoEncryptionKey</key>
<string>${RAND_PASS}</string> <string>${RAND_PASS}</string>
<key>SOGoURLEncryptionEnabled</key>
<string>YES</string>
<key>SOGoURLEncryptionPassphrase</key>
<string>${RAND_PASS}</string>
<key>OCSAdminURL</key> <key>OCSAdminURL</key>
<string>mysql://${DBUSER}:${DBPASS}@%2Fvar%2Frun%2Fmysqld%2Fmysqld.sock/${DBNAME}/sogo_admin</string> <string>mysql://${DBUSER}:${DBPASS}@%2Fvar%2Frun%2Fmysqld%2Fmysqld.sock/${DBNAME}/sogo_admin</string>
<key>OCSCacheFolderURL</key> <key>OCSCacheFolderURL</key>

4
data/web/inc/triggers.user.inc.php
View File

@@ -80,7 +80,7 @@ if (isset($_POST["verify_tfa_login"])) {
intval($user_details['attributes']['force_pw_update']) != 1 && intval($user_details['attributes']['force_pw_update']) != 1 &&
getenv('SKIP_SOGO') != "y" && getenv('SKIP_SOGO') != "y" &&
!$is_dual) { !$is_dual) {
header("Location: /SOGo/so/{$_SESSION['mailcow_cc_username']}"); header("Location: /SOGo/so/");
die(); die();
} else { } else {
header("Location: /user"); header("Location: /user");
@@ -146,7 +146,7 @@ if (isset($_POST["login_user"]) && isset($_POST["pass_user"])) {
intval($user_details['attributes']['force_pw_update']) != 1 && intval($user_details['attributes']['force_pw_update']) != 1 &&
getenv('SKIP_SOGO') != "y" && getenv('SKIP_SOGO') != "y" &&
!$is_dual) { !$is_dual) {
header("Location: /SOGo/so/{$login_user}"); header("Location: /SOGo/so/");
die(); die();
} else { } else {
header("Location: /user"); header("Location: /user");

5
data/web/sogo-auth.php
View File

@@ -64,7 +64,7 @@ elseif (isset($_GET['login'])) {
':remote_addr' => ($_SERVER['HTTP_X_REAL_IP'] ?? $_SERVER['REMOTE_ADDR']) ':remote_addr' => ($_SERVER['HTTP_X_REAL_IP'] ?? $_SERVER['REMOTE_ADDR'])
)); ));
// redirect to sogo (sogo will get the correct credentials via nginx auth_request // redirect to sogo (sogo will get the correct credentials via nginx auth_request
header("Location: /SOGo/so/{$login}"); header("Location: /SOGo/so/");
exit; exit;
} }
} }
@@ -81,10 +81,7 @@ elseif (isset($_SERVER['HTTP_X_ORIGINAL_URI']) && strcasecmp(substr($_SERVER['HT
} }
require_once $_SERVER['DOCUMENT_ROOT'] . '/inc/sessions.inc.php'; require_once $_SERVER['DOCUMENT_ROOT'] . '/inc/sessions.inc.php';
// extract email address from "/SOGo/so/user@domain/xy"
$url_parts = explode("/", $_SERVER['HTTP_X_ORIGINAL_URI']);
$email_list = array( $email_list = array(
$url_parts[3], // Requested mailbox
($_SESSION['mailcow_cc_username'] ?? ''), // Current user ($_SESSION['mailcow_cc_username'] ?? ''), // Current user
($_SESSION["dual-login"]["username"] ?? ''), // Dual login user ($_SESSION["dual-login"]["username"] ?? ''), // Dual login user
); );

2
docker-compose.yml
View File

@@ -200,7 +200,7 @@ services:
- phpfpm - phpfpm
sogo-mailcow: sogo-mailcow:
image: ghcr.io/mailcow/sogo:1.135 image: ghcr.io/mailcow/sogo:1.136
environment: environment:
- DBNAME=${DBNAME} - DBNAME=${DBNAME}
- DBUSER=${DBUSER} - DBUSER=${DBUSER}