mirror of
https://github.com/mailcow/mailcow-dockerized.git
synced 2025-12-13 18:06:01 +00:00
Merge pull request #6146 from mailcow/feat/redis-pw
Enable password protection for Redis
This commit is contained in:
FreddleSpl0it
@@ -4,9 +4,9 @@ exec 5>&1
|
|||||||
|
|
||||||
# Do not attempt to write to slave
|
# Do not attempt to write to slave
|
||||||
if [[ ! -z ${REDIS_SLAVEOF_IP} ]]; then
|
if [[ ! -z ${REDIS_SLAVEOF_IP} ]]; then
|
||||||
export REDIS_CMDLINE="redis-cli -h ${REDIS_SLAVEOF_IP} -p ${REDIS_SLAVEOF_PORT}"
|
export REDIS_CMDLINE="redis-cli -h ${REDIS_SLAVEOF_IP} -p ${REDIS_SLAVEOF_PORT} -a ${REDISPASS} --no-auth-warning"
|
||||||
else
|
else
|
||||||
export REDIS_CMDLINE="redis-cli -h redis -p 6379"
|
export REDIS_CMDLINE="redis-cli -h redis -p 6379 -a ${REDISPASS} --no-auth-warning"
|
||||||
fi
|
fi
|
||||||
|
|
||||||
until [[ $(${REDIS_CMDLINE} PING) == "PONG" ]]; do
|
until [[ $(${REDIS_CMDLINE} PING) == "PONG" ]]; do
|
||||||
|
|||||||
@@ -124,7 +124,7 @@ case "$SUCCESS" in
|
|||||||
;;
|
;;
|
||||||
*) # non-zero is non-fun
|
*) # non-zero is non-fun
|
||||||
log_f "Failed to obtain certificate ${CERT} for domains '${CERT_DOMAINS[*]}'"
|
log_f "Failed to obtain certificate ${CERT} for domains '${CERT_DOMAINS[*]}'"
|
||||||
redis-cli -h redis SET ACME_FAIL_TIME "$(date +%s)"
|
redis-cli -h redis -a ${REDISPASS} --no-auth-warning SET ACME_FAIL_TIME "$(date +%s)"
|
||||||
exit 100${SUCCESS}
|
exit 100${SUCCESS}
|
||||||
;;
|
;;
|
||||||
esac
|
esac
|
||||||
|
|||||||
@@ -34,9 +34,9 @@ async def lifespan(app: FastAPI):
|
|||||||
|
|
||||||
# Init redis client
|
# Init redis client
|
||||||
if os.environ['REDIS_SLAVEOF_IP'] != "":
|
if os.environ['REDIS_SLAVEOF_IP'] != "":
|
||||||
redis_client = redis = await aioredis.from_url(f"redis://{os.environ['REDIS_SLAVEOF_IP']}:{os.environ['REDIS_SLAVEOF_PORT']}/0")
|
redis_client = redis = await aioredis.from_url(f"redis://{os.environ['REDIS_SLAVEOF_IP']}:{os.environ['REDIS_SLAVEOF_PORT']}/0", password=os.environ['REDISPASS'])
|
||||||
else:
|
else:
|
||||||
redis_client = redis = await aioredis.from_url("redis://redis-mailcow:6379/0")
|
redis_client = redis = await aioredis.from_url("redis://redis-mailcow:6379/0", password=os.environ['REDISPASS'])
|
||||||
|
|
||||||
# Init docker clients
|
# Init docker clients
|
||||||
sync_docker_client = docker.DockerClient(base_url='unix://var/run/docker.sock', version='auto')
|
sync_docker_client = docker.DockerClient(base_url='unix://var/run/docker.sock', version='auto')
|
||||||
|
|||||||
@@ -2,7 +2,7 @@
|
|||||||
|
|
||||||
source /source_env.sh
|
source /source_env.sh
|
||||||
|
|
||||||
MAX_AGE=$(redis-cli --raw -h redis-mailcow GET Q_MAX_AGE)
|
MAX_AGE=$(redis-cli --raw -h redis-mailcow -a ${REDISPASS} --no-auth-warning GET Q_MAX_AGE)
|
||||||
|
|
||||||
if [[ -z ${MAX_AGE} ]]; then
|
if [[ -z ${MAX_AGE} ]]; then
|
||||||
echo "Max age for quarantine items not defined"
|
echo "Max age for quarantine items not defined"
|
||||||
|
|||||||
@@ -14,9 +14,9 @@ done
|
|||||||
|
|
||||||
# Do not attempt to write to slave
|
# Do not attempt to write to slave
|
||||||
if [[ ! -z ${REDIS_SLAVEOF_IP} ]]; then
|
if [[ ! -z ${REDIS_SLAVEOF_IP} ]]; then
|
||||||
REDIS_CMDLINE="redis-cli -h ${REDIS_SLAVEOF_IP} -p ${REDIS_SLAVEOF_PORT}"
|
REDIS_CMDLINE="redis-cli -h ${REDIS_SLAVEOF_IP} -p ${REDIS_SLAVEOF_PORT} -a ${REDISPASS} --no-auth-warning"
|
||||||
else
|
else
|
||||||
REDIS_CMDLINE="redis-cli -h redis -p 6379"
|
REDIS_CMDLINE="redis-cli -h redis -p 6379 -a ${REDISPASS} --no-auth-warning"
|
||||||
fi
|
fi
|
||||||
|
|
||||||
until [[ $(${REDIS_CMDLINE} PING) == "PONG" ]]; do
|
until [[ $(${REDIS_CMDLINE} PING) == "PONG" ]]; do
|
||||||
|
|||||||
@@ -31,7 +31,7 @@ try:
|
|||||||
|
|
||||||
while True:
|
while True:
|
||||||
try:
|
try:
|
||||||
r = redis.StrictRedis(host='redis', decode_responses=True, port=6379, db=0)
|
r = redis.StrictRedis(host='redis', decode_responses=True, port=6379, db=0, password=os.environ['REDISPASS'])
|
||||||
r.ping()
|
r.ping()
|
||||||
except Exception as ex:
|
except Exception as ex:
|
||||||
print('%s - trying again...' % (ex))
|
print('%s - trying again...' % (ex))
|
||||||
|
|||||||
@@ -23,7 +23,7 @@ else:
|
|||||||
|
|
||||||
while True:
|
while True:
|
||||||
try:
|
try:
|
||||||
r = redis.StrictRedis(host='redis', decode_responses=True, port=6379, db=0)
|
r = redis.StrictRedis(host='redis', decode_responses=True, port=6379, db=0, password=os.environ['REDISPASS'])
|
||||||
r.ping()
|
r.ping()
|
||||||
except Exception as ex:
|
except Exception as ex:
|
||||||
print('%s - trying again...' % (ex))
|
print('%s - trying again...' % (ex))
|
||||||
|
|||||||
@@ -4,9 +4,9 @@ source /source_env.sh
|
|||||||
|
|
||||||
# Do not attempt to write to slave
|
# Do not attempt to write to slave
|
||||||
if [[ ! -z ${REDIS_SLAVEOF_IP} ]]; then
|
if [[ ! -z ${REDIS_SLAVEOF_IP} ]]; then
|
||||||
REDIS_CMDLINE="redis-cli -h ${REDIS_SLAVEOF_IP} -p ${REDIS_SLAVEOF_PORT}"
|
REDIS_CMDLINE="redis-cli -h ${REDIS_SLAVEOF_IP} -p ${REDIS_SLAVEOF_PORT} -a ${REDISPASS} --no-auth-warning"
|
||||||
else
|
else
|
||||||
REDIS_CMDLINE="redis-cli -h redis -p 6379"
|
REDIS_CMDLINE="redis-cli -h redis -p 6379 -a ${REDISPASS} --no-auth-warning"
|
||||||
fi
|
fi
|
||||||
|
|
||||||
# Is replication active?
|
# Is replication active?
|
||||||
|
|||||||
@@ -20,6 +20,7 @@ destination d_redis_ui_log {
|
|||||||
host("`REDIS_SLAVEOF_IP`")
|
host("`REDIS_SLAVEOF_IP`")
|
||||||
persist-name("redis1")
|
persist-name("redis1")
|
||||||
port(`REDIS_SLAVEOF_PORT`)
|
port(`REDIS_SLAVEOF_PORT`)
|
||||||
|
auth("`REDISPASS`")
|
||||||
command("LPUSH" "DOVECOT_MAILLOG" "$(format-json time=\"$S_UNIXTIME\" priority=\"$PRIORITY\" program=\"$PROGRAM\" message=\"$MESSAGE\")\n")
|
command("LPUSH" "DOVECOT_MAILLOG" "$(format-json time=\"$S_UNIXTIME\" priority=\"$PRIORITY\" program=\"$PROGRAM\" message=\"$MESSAGE\")\n")
|
||||||
);
|
);
|
||||||
};
|
};
|
||||||
@@ -28,6 +29,7 @@ destination d_redis_f2b_channel {
|
|||||||
host("`REDIS_SLAVEOF_IP`")
|
host("`REDIS_SLAVEOF_IP`")
|
||||||
persist-name("redis2")
|
persist-name("redis2")
|
||||||
port(`REDIS_SLAVEOF_PORT`)
|
port(`REDIS_SLAVEOF_PORT`)
|
||||||
|
auth("`REDISPASS`")
|
||||||
command("PUBLISH" "F2B_CHANNEL" "$(sanitize $MESSAGE)")
|
command("PUBLISH" "F2B_CHANNEL" "$(sanitize $MESSAGE)")
|
||||||
);
|
);
|
||||||
};
|
};
|
||||||
|
|||||||
@@ -20,6 +20,7 @@ destination d_redis_ui_log {
|
|||||||
host("redis-mailcow")
|
host("redis-mailcow")
|
||||||
persist-name("redis1")
|
persist-name("redis1")
|
||||||
port(6379)
|
port(6379)
|
||||||
|
auth("`REDISPASS`")
|
||||||
command("LPUSH" "DOVECOT_MAILLOG" "$(format-json time=\"$S_UNIXTIME\" priority=\"$PRIORITY\" program=\"$PROGRAM\" message=\"$MESSAGE\")\n")
|
command("LPUSH" "DOVECOT_MAILLOG" "$(format-json time=\"$S_UNIXTIME\" priority=\"$PRIORITY\" program=\"$PROGRAM\" message=\"$MESSAGE\")\n")
|
||||||
);
|
);
|
||||||
};
|
};
|
||||||
@@ -28,6 +29,7 @@ destination d_redis_f2b_channel {
|
|||||||
host("redis-mailcow")
|
host("redis-mailcow")
|
||||||
persist-name("redis2")
|
persist-name("redis2")
|
||||||
port(6379)
|
port(6379)
|
||||||
|
auth("`REDISPASS`")
|
||||||
command("PUBLISH" "F2B_CHANNEL" "$(sanitize $MESSAGE)")
|
command("PUBLISH" "F2B_CHANNEL" "$(sanitize $MESSAGE)")
|
||||||
);
|
);
|
||||||
};
|
};
|
||||||
|
|||||||
@@ -10,9 +10,9 @@ catch_non_zero() {
|
|||||||
source /source_env.sh
|
source /source_env.sh
|
||||||
# Do not attempt to write to slave
|
# Do not attempt to write to slave
|
||||||
if [[ ! -z ${REDIS_SLAVEOF_IP} ]]; then
|
if [[ ! -z ${REDIS_SLAVEOF_IP} ]]; then
|
||||||
REDIS_CMDLINE="redis-cli -h ${REDIS_SLAVEOF_IP} -p ${REDIS_SLAVEOF_PORT}"
|
REDIS_CMDLINE="redis-cli -h ${REDIS_SLAVEOF_IP} -p ${REDIS_SLAVEOF_PORT} -a ${REDISPASS} --no-auth-warning"
|
||||||
else
|
else
|
||||||
REDIS_CMDLINE="redis-cli -h redis -p 6379"
|
REDIS_CMDLINE="redis-cli -h redis -p 6379 -a ${REDISPASS} --no-auth-warning"
|
||||||
fi
|
fi
|
||||||
catch_non_zero "${REDIS_CMDLINE} LTRIM ACME_LOG 0 ${LOG_LINES}"
|
catch_non_zero "${REDIS_CMDLINE} LTRIM ACME_LOG 0 ${LOG_LINES}"
|
||||||
catch_non_zero "${REDIS_CMDLINE} LTRIM POSTFIX_MAILLOG 0 ${LOG_LINES}"
|
catch_non_zero "${REDIS_CMDLINE} LTRIM POSTFIX_MAILLOG 0 ${LOG_LINES}"
|
||||||
|
|||||||
@@ -434,9 +434,9 @@ if __name__ == '__main__':
|
|||||||
redis_slaveof_ip = os.getenv('REDIS_SLAVEOF_IP', '')
|
redis_slaveof_ip = os.getenv('REDIS_SLAVEOF_IP', '')
|
||||||
redis_slaveof_port = os.getenv('REDIS_SLAVEOF_PORT', '')
|
redis_slaveof_port = os.getenv('REDIS_SLAVEOF_PORT', '')
|
||||||
if "".__eq__(redis_slaveof_ip):
|
if "".__eq__(redis_slaveof_ip):
|
||||||
r = redis.StrictRedis(host=os.getenv('IPV4_NETWORK', '172.22.1') + '.249', decode_responses=True, port=6379, db=0)
|
r = redis.StrictRedis(host=os.getenv('IPV4_NETWORK', '172.22.1') + '.249', decode_responses=True, port=6379, db=0, password=os.environ['REDISPASS'])
|
||||||
else:
|
else:
|
||||||
r = redis.StrictRedis(host=redis_slaveof_ip, decode_responses=True, port=redis_slaveof_port, db=0)
|
r = redis.StrictRedis(host=redis_slaveof_ip, decode_responses=True, port=redis_slaveof_port, db=0, password=os.environ['REDISPASS'])
|
||||||
r.ping()
|
r.ping()
|
||||||
pubsub = r.pubsub()
|
pubsub = r.pubsub()
|
||||||
except Exception as ex:
|
except Exception as ex:
|
||||||
|
|||||||
@@ -16,7 +16,7 @@ else
|
|||||||
REDIS_HOST="redis"
|
REDIS_HOST="redis"
|
||||||
REDIS_PORT="6379"
|
REDIS_PORT="6379"
|
||||||
fi
|
fi
|
||||||
REDIS_CMDLINE="redis-cli -h ${REDIS_HOST} -p ${REDIS_PORT}"
|
REDIS_CMDLINE="redis-cli -h ${REDIS_HOST} -p ${REDIS_PORT} -a ${REDISPASS} --no-auth-warning"
|
||||||
|
|
||||||
until [[ $(${REDIS_CMDLINE} PING) == "PONG" ]]; do
|
until [[ $(${REDIS_CMDLINE} PING) == "PONG" ]]; do
|
||||||
echo "Waiting for Redis..."
|
echo "Waiting for Redis..."
|
||||||
@@ -26,7 +26,7 @@ done
|
|||||||
# Set redis session store
|
# Set redis session store
|
||||||
echo -n '
|
echo -n '
|
||||||
session.save_handler = redis
|
session.save_handler = redis
|
||||||
session.save_path = "tcp://'${REDIS_HOST}':'${REDIS_PORT}'"
|
session.save_path = "tcp://'${REDIS_HOST}':'${REDIS_PORT}'?auth='${REDISPASS}'"
|
||||||
' > /usr/local/etc/php/conf.d/session_store.ini
|
' > /usr/local/etc/php/conf.d/session_store.ini
|
||||||
|
|
||||||
# Check mysql_upgrade (master and slave)
|
# Check mysql_upgrade (master and slave)
|
||||||
|
|||||||
@@ -20,6 +20,7 @@ destination d_redis_ui_log {
|
|||||||
host("`REDIS_SLAVEOF_IP`")
|
host("`REDIS_SLAVEOF_IP`")
|
||||||
persist-name("redis1")
|
persist-name("redis1")
|
||||||
port(`REDIS_SLAVEOF_PORT`)
|
port(`REDIS_SLAVEOF_PORT`)
|
||||||
|
auth("`REDISPASS`")
|
||||||
command("LPUSH" "POSTFIX_MAILLOG" "$(format-json time=\"$S_UNIXTIME\" priority=\"$PRIORITY\" program=\"$PROGRAM\" message=\"$MESSAGE\")\n")
|
command("LPUSH" "POSTFIX_MAILLOG" "$(format-json time=\"$S_UNIXTIME\" priority=\"$PRIORITY\" program=\"$PROGRAM\" message=\"$MESSAGE\")\n")
|
||||||
);
|
);
|
||||||
};
|
};
|
||||||
@@ -28,6 +29,7 @@ destination d_redis_f2b_channel {
|
|||||||
host("`REDIS_SLAVEOF_IP`")
|
host("`REDIS_SLAVEOF_IP`")
|
||||||
persist-name("redis2")
|
persist-name("redis2")
|
||||||
port(`REDIS_SLAVEOF_PORT`)
|
port(`REDIS_SLAVEOF_PORT`)
|
||||||
|
auth("`REDISPASS`")
|
||||||
command("PUBLISH" "F2B_CHANNEL" "$(sanitize $MESSAGE)")
|
command("PUBLISH" "F2B_CHANNEL" "$(sanitize $MESSAGE)")
|
||||||
);
|
);
|
||||||
};
|
};
|
||||||
|
|||||||
@@ -20,6 +20,7 @@ destination d_redis_ui_log {
|
|||||||
host("redis-mailcow")
|
host("redis-mailcow")
|
||||||
persist-name("redis1")
|
persist-name("redis1")
|
||||||
port(6379)
|
port(6379)
|
||||||
|
auth("`REDISPASS`")
|
||||||
command("LPUSH" "POSTFIX_MAILLOG" "$(format-json time=\"$S_UNIXTIME\" priority=\"$PRIORITY\" program=\"$PROGRAM\" message=\"$MESSAGE\")\n")
|
command("LPUSH" "POSTFIX_MAILLOG" "$(format-json time=\"$S_UNIXTIME\" priority=\"$PRIORITY\" program=\"$PROGRAM\" message=\"$MESSAGE\")\n")
|
||||||
);
|
);
|
||||||
};
|
};
|
||||||
@@ -28,6 +29,7 @@ destination d_redis_f2b_channel {
|
|||||||
host("redis-mailcow")
|
host("redis-mailcow")
|
||||||
persist-name("redis2")
|
persist-name("redis2")
|
||||||
port(6379)
|
port(6379)
|
||||||
|
auth("`REDISPASS`")
|
||||||
command("PUBLISH" "F2B_CHANNEL" "$(sanitize $MESSAGE)")
|
command("PUBLISH" "F2B_CHANNEL" "$(sanitize $MESSAGE)")
|
||||||
);
|
);
|
||||||
};
|
};
|
||||||
|
|||||||
@@ -56,27 +56,29 @@ if [[ ! -z ${REDIS_SLAVEOF_IP} ]]; then
|
|||||||
cat <<EOF > /etc/rspamd/local.d/redis.conf
|
cat <<EOF > /etc/rspamd/local.d/redis.conf
|
||||||
read_servers = "redis:6379";
|
read_servers = "redis:6379";
|
||||||
write_servers = "${REDIS_SLAVEOF_IP}:${REDIS_SLAVEOF_PORT}";
|
write_servers = "${REDIS_SLAVEOF_IP}:${REDIS_SLAVEOF_PORT}";
|
||||||
|
password = "${REDISPASS}";
|
||||||
timeout = 10;
|
timeout = 10;
|
||||||
EOF
|
EOF
|
||||||
until [[ $(redis-cli -h redis-mailcow PING) == "PONG" ]]; do
|
until [[ $(redis-cli -h redis-mailcow -a ${REDISPASS} --no-auth-warning PING) == "PONG" ]]; do
|
||||||
echo "Waiting for Redis @redis-mailcow..."
|
echo "Waiting for Redis @redis-mailcow..."
|
||||||
sleep 2
|
sleep 2
|
||||||
done
|
done
|
||||||
until [[ $(redis-cli -h ${REDIS_SLAVEOF_IP} -p ${REDIS_SLAVEOF_PORT} PING) == "PONG" ]]; do
|
until [[ $(redis-cli -h ${REDIS_SLAVEOF_IP} -p ${REDIS_SLAVEOF_PORT} -a ${REDISPASS} --no-auth-warning PING) == "PONG" ]]; do
|
||||||
echo "Waiting for Redis @${REDIS_SLAVEOF_IP}..."
|
echo "Waiting for Redis @${REDIS_SLAVEOF_IP}..."
|
||||||
sleep 2
|
sleep 2
|
||||||
done
|
done
|
||||||
redis-cli -h redis-mailcow SLAVEOF ${REDIS_SLAVEOF_IP} ${REDIS_SLAVEOF_PORT}
|
redis-cli -h redis-mailcow -a ${REDISPASS} --no-auth-warning SLAVEOF ${REDIS_SLAVEOF_IP} ${REDIS_SLAVEOF_PORT}
|
||||||
else
|
else
|
||||||
cat <<EOF > /etc/rspamd/local.d/redis.conf
|
cat <<EOF > /etc/rspamd/local.d/redis.conf
|
||||||
servers = "redis:6379";
|
servers = "redis:6379";
|
||||||
|
password = "${REDISPASS}";
|
||||||
timeout = 10;
|
timeout = 10;
|
||||||
EOF
|
EOF
|
||||||
until [[ $(redis-cli -h redis-mailcow PING) == "PONG" ]]; do
|
until [[ $(redis-cli -h redis-mailcow -a ${REDISPASS} --no-auth-warning PING) == "PONG" ]]; do
|
||||||
echo "Waiting for Redis slave..."
|
echo "Waiting for Redis slave..."
|
||||||
sleep 2
|
sleep 2
|
||||||
done
|
done
|
||||||
redis-cli -h redis-mailcow SLAVEOF NO ONE
|
redis-cli -h redis-mailcow -a ${REDISPASS} --no-auth-warning SLAVEOF NO ONE
|
||||||
fi
|
fi
|
||||||
|
|
||||||
# Provide additional lua modules
|
# Provide additional lua modules
|
||||||
|
|||||||
@@ -22,6 +22,7 @@ destination d_redis_ui_log {
|
|||||||
host("`REDIS_SLAVEOF_IP`")
|
host("`REDIS_SLAVEOF_IP`")
|
||||||
persist-name("redis1")
|
persist-name("redis1")
|
||||||
port(`REDIS_SLAVEOF_PORT`)
|
port(`REDIS_SLAVEOF_PORT`)
|
||||||
|
auth("`REDISPASS`")
|
||||||
command("LPUSH" "SOGO_LOG" "$(format-json time=\"$S_UNIXTIME\" priority=\"$PRIORITY\" program=\"$PROGRAM\" message=\"$MESSAGE\")\n")
|
command("LPUSH" "SOGO_LOG" "$(format-json time=\"$S_UNIXTIME\" priority=\"$PRIORITY\" program=\"$PROGRAM\" message=\"$MESSAGE\")\n")
|
||||||
);
|
);
|
||||||
};
|
};
|
||||||
@@ -30,6 +31,7 @@ destination d_redis_f2b_channel {
|
|||||||
host("`REDIS_SLAVEOF_IP`")
|
host("`REDIS_SLAVEOF_IP`")
|
||||||
persist-name("redis2")
|
persist-name("redis2")
|
||||||
port(`REDIS_SLAVEOF_PORT`)
|
port(`REDIS_SLAVEOF_PORT`)
|
||||||
|
auth("`REDISPASS`")
|
||||||
command("PUBLISH" "F2B_CHANNEL" "$(sanitize $MESSAGE)")
|
command("PUBLISH" "F2B_CHANNEL" "$(sanitize $MESSAGE)")
|
||||||
);
|
);
|
||||||
};
|
};
|
||||||
|
|||||||
@@ -22,6 +22,7 @@ destination d_redis_ui_log {
|
|||||||
host("redis-mailcow")
|
host("redis-mailcow")
|
||||||
persist-name("redis1")
|
persist-name("redis1")
|
||||||
port(6379)
|
port(6379)
|
||||||
|
auth("`REDISPASS`")
|
||||||
command("LPUSH" "SOGO_LOG" "$(format-json time=\"$S_UNIXTIME\" priority=\"$PRIORITY\" program=\"$PROGRAM\" message=\"$MESSAGE\")\n")
|
command("LPUSH" "SOGO_LOG" "$(format-json time=\"$S_UNIXTIME\" priority=\"$PRIORITY\" program=\"$PROGRAM\" message=\"$MESSAGE\")\n")
|
||||||
);
|
);
|
||||||
};
|
};
|
||||||
@@ -30,6 +31,7 @@ destination d_redis_f2b_channel {
|
|||||||
host("redis-mailcow")
|
host("redis-mailcow")
|
||||||
persist-name("redis2")
|
persist-name("redis2")
|
||||||
port(6379)
|
port(6379)
|
||||||
|
auth("`REDISPASS`")
|
||||||
command("PUBLISH" "F2B_CHANNEL" "$(sanitize $MESSAGE)")
|
command("PUBLISH" "F2B_CHANNEL" "$(sanitize $MESSAGE)")
|
||||||
);
|
);
|
||||||
};
|
};
|
||||||
|
|||||||
@@ -40,9 +40,9 @@ done
|
|||||||
|
|
||||||
# Do not attempt to write to slave
|
# Do not attempt to write to slave
|
||||||
if [[ ! -z ${REDIS_SLAVEOF_IP} ]]; then
|
if [[ ! -z ${REDIS_SLAVEOF_IP} ]]; then
|
||||||
REDIS_CMDLINE="redis-cli -h ${REDIS_SLAVEOF_IP} -p ${REDIS_SLAVEOF_PORT}"
|
REDIS_CMDLINE="redis-cli -h ${REDIS_SLAVEOF_IP} -p ${REDIS_SLAVEOF_PORT} -a ${REDISPASS} --no-auth-warning"
|
||||||
else
|
else
|
||||||
REDIS_CMDLINE="redis-cli -h redis -p 6379"
|
REDIS_CMDLINE="redis-cli -h redis -p 6379 -a ${REDISPASS} --no-auth-warning"
|
||||||
fi
|
fi
|
||||||
|
|
||||||
until [[ $(${REDIS_CMDLINE} PING) == "PONG" ]]; do
|
until [[ $(${REDIS_CMDLINE} PING) == "PONG" ]]; do
|
||||||
@@ -330,7 +330,7 @@ redis_checks() {
|
|||||||
touch /tmp/redis-mailcow; echo "$(tail -50 /tmp/redis-mailcow)" > /tmp/redis-mailcow
|
touch /tmp/redis-mailcow; echo "$(tail -50 /tmp/redis-mailcow)" > /tmp/redis-mailcow
|
||||||
host_ip=$(get_container_ip redis-mailcow)
|
host_ip=$(get_container_ip redis-mailcow)
|
||||||
err_c_cur=${err_count}
|
err_c_cur=${err_count}
|
||||||
/usr/lib/nagios/plugins/check_tcp -4 -H redis-mailcow -p 6379 -E -s "PING\n" -q "QUIT" -e "PONG" 2>> /tmp/redis-mailcow 1>&2; err_count=$(( ${err_count} + $? ))
|
/usr/lib/nagios/plugins/check_tcp -4 -H redis-mailcow -p 6379 -E -s "AUTH ${REDISPASS}\nPING\n" -q "QUIT" -e "PONG" 2>> /tmp/redis-mailcow 1>&2; err_count=$(( ${err_count} + $? ))
|
||||||
[ ${err_c_cur} -eq ${err_count} ] && [ ! $((${err_count} - 1)) -lt 0 ] && err_count=$((${err_count} - 1)) diff_c=1
|
[ ${err_c_cur} -eq ${err_count} ] && [ ! $((${err_count} - 1)) -lt 0 ] && err_count=$((${err_count} - 1)) diff_c=1
|
||||||
[ ${err_c_cur} -ne ${err_count} ] && diff_c=$(( ${err_c_cur} - ${err_count} ))
|
[ ${err_c_cur} -ne ${err_count} ] && diff_c=$(( ${err_c_cur} - ${err_count} ))
|
||||||
progress "Redis" ${THRESHOLD} $(( ${THRESHOLD} - ${err_count} )) ${diff_c}
|
progress "Redis" ${THRESHOLD} $(( ${THRESHOLD} - ${err_count} )) ${diff_c}
|
||||||
@@ -503,12 +503,12 @@ dovecot_repl_checks() {
|
|||||||
err_count=0
|
err_count=0
|
||||||
diff_c=0
|
diff_c=0
|
||||||
THRESHOLD=${DOVECOT_REPL_THRESHOLD}
|
THRESHOLD=${DOVECOT_REPL_THRESHOLD}
|
||||||
D_REPL_STATUS=$(redis-cli -h redis -r GET DOVECOT_REPL_HEALTH)
|
D_REPL_STATUS=$(redis-cli -h redis -a ${REDISPASS} --no-auth-warning -r GET DOVECOT_REPL_HEALTH)
|
||||||
# Reduce error count by 2 after restarting an unhealthy container
|
# Reduce error count by 2 after restarting an unhealthy container
|
||||||
trap "[ ${err_count} -gt 1 ] && err_count=$(( ${err_count} - 2 ))" USR1
|
trap "[ ${err_count} -gt 1 ] && err_count=$(( ${err_count} - 2 ))" USR1
|
||||||
while [ ${err_count} -lt ${THRESHOLD} ]; do
|
while [ ${err_count} -lt ${THRESHOLD} ]; do
|
||||||
err_c_cur=${err_count}
|
err_c_cur=${err_count}
|
||||||
D_REPL_STATUS=$(redis-cli --raw -h redis GET DOVECOT_REPL_HEALTH)
|
D_REPL_STATUS=$(redis-cli --raw -h redis -a ${REDISPASS} --no-auth-warning GET DOVECOT_REPL_HEALTH)
|
||||||
if [[ "${D_REPL_STATUS}" != "1" ]]; then
|
if [[ "${D_REPL_STATUS}" != "1" ]]; then
|
||||||
err_count=$(( ${err_count} + 1 ))
|
err_count=$(( ${err_count} + 1 ))
|
||||||
fi
|
fi
|
||||||
@@ -578,19 +578,19 @@ ratelimit_checks() {
|
|||||||
err_count=0
|
err_count=0
|
||||||
diff_c=0
|
diff_c=0
|
||||||
THRESHOLD=${RATELIMIT_THRESHOLD}
|
THRESHOLD=${RATELIMIT_THRESHOLD}
|
||||||
RL_LOG_STATUS=$(redis-cli -h redis LRANGE RL_LOG 0 0 | jq .qid)
|
RL_LOG_STATUS=$(redis-cli -h redis -a ${REDISPASS} --no-auth-warning LRANGE RL_LOG 0 0 | jq .qid)
|
||||||
# Reduce error count by 2 after restarting an unhealthy container
|
# Reduce error count by 2 after restarting an unhealthy container
|
||||||
trap "[ ${err_count} -gt 1 ] && err_count=$(( ${err_count} - 2 ))" USR1
|
trap "[ ${err_count} -gt 1 ] && err_count=$(( ${err_count} - 2 ))" USR1
|
||||||
while [ ${err_count} -lt ${THRESHOLD} ]; do
|
while [ ${err_count} -lt ${THRESHOLD} ]; do
|
||||||
err_c_cur=${err_count}
|
err_c_cur=${err_count}
|
||||||
RL_LOG_STATUS_PREV=${RL_LOG_STATUS}
|
RL_LOG_STATUS_PREV=${RL_LOG_STATUS}
|
||||||
RL_LOG_STATUS=$(redis-cli -h redis LRANGE RL_LOG 0 0 | jq .qid)
|
RL_LOG_STATUS=$(redis-cli -h redis -a ${REDISPASS} --no-auth-warning LRANGE RL_LOG 0 0 | jq .qid)
|
||||||
if [[ ${RL_LOG_STATUS_PREV} != ${RL_LOG_STATUS} ]]; then
|
if [[ ${RL_LOG_STATUS_PREV} != ${RL_LOG_STATUS} ]]; then
|
||||||
err_count=$(( ${err_count} + 1 ))
|
err_count=$(( ${err_count} + 1 ))
|
||||||
echo 'Last 10 applied ratelimits (may overlap with previous reports).' > /tmp/ratelimit
|
echo 'Last 10 applied ratelimits (may overlap with previous reports).' > /tmp/ratelimit
|
||||||
echo 'Full ratelimit buckets can be emptied by deleting the ratelimit hash from within mailcow UI (see /debug -> Protocols -> Ratelimit):' >> /tmp/ratelimit
|
echo 'Full ratelimit buckets can be emptied by deleting the ratelimit hash from within mailcow UI (see /debug -> Protocols -> Ratelimit):' >> /tmp/ratelimit
|
||||||
echo >> /tmp/ratelimit
|
echo >> /tmp/ratelimit
|
||||||
redis-cli --raw -h redis LRANGE RL_LOG 0 10 | jq . >> /tmp/ratelimit
|
redis-cli --raw -h redis -a ${REDISPASS} --no-auth-warning LRANGE RL_LOG 0 10 | jq . >> /tmp/ratelimit
|
||||||
fi
|
fi
|
||||||
[ ${err_c_cur} -eq ${err_count} ] && [ ! $((${err_count} - 1)) -lt 0 ] && err_count=$((${err_count} - 1)) diff_c=1
|
[ ${err_c_cur} -eq ${err_count} ] && [ ! $((${err_count} - 1)) -lt 0 ] && err_count=$((${err_count} - 1)) diff_c=1
|
||||||
[ ${err_c_cur} -ne ${err_count} ] && diff_c=$(( ${err_c_cur} - ${err_count} ))
|
[ ${err_c_cur} -ne ${err_count} ] && diff_c=$(( ${err_c_cur} - ${err_count} ))
|
||||||
@@ -673,7 +673,7 @@ acme_checks() {
|
|||||||
err_count=0
|
err_count=0
|
||||||
diff_c=0
|
diff_c=0
|
||||||
THRESHOLD=${ACME_THRESHOLD}
|
THRESHOLD=${ACME_THRESHOLD}
|
||||||
ACME_LOG_STATUS=$(redis-cli -h redis GET ACME_FAIL_TIME)
|
ACME_LOG_STATUS=$(redis-cli -h redis -a ${REDISPASS} --no-auth-warning GET ACME_FAIL_TIME)
|
||||||
if [[ -z "${ACME_LOG_STATUS}" ]]; then
|
if [[ -z "${ACME_LOG_STATUS}" ]]; then
|
||||||
${REDIS_CMDLINE} SET ACME_FAIL_TIME 0
|
${REDIS_CMDLINE} SET ACME_FAIL_TIME 0
|
||||||
ACME_LOG_STATUS=0
|
ACME_LOG_STATUS=0
|
||||||
@@ -685,7 +685,7 @@ acme_checks() {
|
|||||||
ACME_LOG_STATUS_PREV=${ACME_LOG_STATUS}
|
ACME_LOG_STATUS_PREV=${ACME_LOG_STATUS}
|
||||||
ACME_LC=0
|
ACME_LC=0
|
||||||
until [[ ! -z ${ACME_LOG_STATUS} ]] || [ ${ACME_LC} -ge 3 ]; do
|
until [[ ! -z ${ACME_LOG_STATUS} ]] || [ ${ACME_LC} -ge 3 ]; do
|
||||||
ACME_LOG_STATUS=$(redis-cli -h redis GET ACME_FAIL_TIME 2> /dev/null)
|
ACME_LOG_STATUS=$(redis-cli -h redis -a ${REDISPASS} --no-auth-warning GET ACME_FAIL_TIME 2> /dev/null)
|
||||||
sleep 3
|
sleep 3
|
||||||
ACME_LC=$((ACME_LC+1))
|
ACME_LC=$((ACME_LC+1))
|
||||||
done
|
done
|
||||||
|
|||||||
7
data/conf/redis/redis-conf.sh
Executable file
7
data/conf/redis/redis-conf.sh
Executable file
@@ -0,0 +1,7 @@
|
|||||||
|
#!/bin/sh
|
||||||
|
|
||||||
|
cat <<EOF > /redis.conf
|
||||||
|
requirepass $REDISPASS
|
||||||
|
EOF
|
||||||
|
|
||||||
|
exec redis-server /redis.conf
|
||||||
@@ -25,6 +25,7 @@ catch (PDOException $e) {
|
|||||||
// Init Redis
|
// Init Redis
|
||||||
$redis = new Redis();
|
$redis = new Redis();
|
||||||
$redis->connect('redis-mailcow', 6379);
|
$redis->connect('redis-mailcow', 6379);
|
||||||
|
$redis->auth(getenv("REDISPASS"));
|
||||||
|
|
||||||
function parse_email($email) {
|
function parse_email($email) {
|
||||||
if(!filter_var($email, FILTER_VALIDATE_EMAIL)) return false;
|
if(!filter_var($email, FILTER_VALIDATE_EMAIL)) return false;
|
||||||
|
|||||||
@@ -4,6 +4,7 @@ ini_set('error_reporting', 0);
|
|||||||
|
|
||||||
$redis = new Redis();
|
$redis = new Redis();
|
||||||
$redis->connect('redis-mailcow', 6379);
|
$redis->connect('redis-mailcow', 6379);
|
||||||
|
$redis->auth(getenv("REDISPASS"));
|
||||||
|
|
||||||
function in_net($addr, $net) {
|
function in_net($addr, $net) {
|
||||||
$net = explode('/', $net);
|
$net = explode('/', $net);
|
||||||
|
|||||||
@@ -24,6 +24,7 @@ catch (PDOException $e) {
|
|||||||
// Init Redis
|
// Init Redis
|
||||||
$redis = new Redis();
|
$redis = new Redis();
|
||||||
$redis->connect('redis-mailcow', 6379);
|
$redis->connect('redis-mailcow', 6379);
|
||||||
|
$redis->auth(getenv("REDISPASS"));
|
||||||
|
|
||||||
// Functions
|
// Functions
|
||||||
function parse_email($email) {
|
function parse_email($email) {
|
||||||
|
|||||||
@@ -14,6 +14,7 @@ try {
|
|||||||
else {
|
else {
|
||||||
$redis->connect('redis-mailcow', 6379);
|
$redis->connect('redis-mailcow', 6379);
|
||||||
}
|
}
|
||||||
|
$redis->auth(getenv("REDISPASS"));
|
||||||
}
|
}
|
||||||
catch (Exception $e) {
|
catch (Exception $e) {
|
||||||
exit;
|
exit;
|
||||||
|
|||||||
@@ -24,6 +24,7 @@ catch (PDOException $e) {
|
|||||||
// Init Redis
|
// Init Redis
|
||||||
$redis = new Redis();
|
$redis = new Redis();
|
||||||
$redis->connect('redis-mailcow', 6379);
|
$redis->connect('redis-mailcow', 6379);
|
||||||
|
$redis->auth(getenv("REDISPASS"));
|
||||||
|
|
||||||
// Functions
|
// Functions
|
||||||
function parse_email($email) {
|
function parse_email($email) {
|
||||||
|
|||||||
@@ -7,6 +7,7 @@ try {
|
|||||||
else {
|
else {
|
||||||
$redis->connect('redis-mailcow', 6379);
|
$redis->connect('redis-mailcow', 6379);
|
||||||
}
|
}
|
||||||
|
$redis->auth(getenv("REDISPASS"));
|
||||||
}
|
}
|
||||||
catch (Exception $e) {
|
catch (Exception $e) {
|
||||||
exit;
|
exit;
|
||||||
|
|||||||
@@ -16,6 +16,7 @@ try {
|
|||||||
else {
|
else {
|
||||||
$redis->connect('redis-mailcow', 6379);
|
$redis->connect('redis-mailcow', 6379);
|
||||||
}
|
}
|
||||||
|
$redis->auth(getenv("REDISPASS"));
|
||||||
}
|
}
|
||||||
catch (Exception $e) {
|
catch (Exception $e) {
|
||||||
exit;
|
exit;
|
||||||
|
|||||||
@@ -68,6 +68,7 @@ try {
|
|||||||
else {
|
else {
|
||||||
$redis->connect('redis-mailcow', 6379);
|
$redis->connect('redis-mailcow', 6379);
|
||||||
}
|
}
|
||||||
|
$redis->auth(getenv("REDISPASS"));
|
||||||
}
|
}
|
||||||
catch (Exception $e) {
|
catch (Exception $e) {
|
||||||
// Stop when redis is not available
|
// Stop when redis is not available
|
||||||
|
|||||||
@@ -43,8 +43,10 @@ services:
|
|||||||
|
|
||||||
redis-mailcow:
|
redis-mailcow:
|
||||||
image: redis:7-alpine
|
image: redis:7-alpine
|
||||||
|
entrypoint: /redis-conf.sh
|
||||||
volumes:
|
volumes:
|
||||||
- redis-vol-1:/data/
|
- redis-vol-1:/data/
|
||||||
|
- ./data/conf/redis/redis-conf.sh:/redis-conf.sh:z
|
||||||
restart: always
|
restart: always
|
||||||
depends_on:
|
depends_on:
|
||||||
- netfilter-mailcow
|
- netfilter-mailcow
|
||||||
@@ -52,6 +54,7 @@ services:
|
|||||||
- "${REDIS_PORT:-127.0.0.1:7654}:6379"
|
- "${REDIS_PORT:-127.0.0.1:7654}:6379"
|
||||||
environment:
|
environment:
|
||||||
- TZ=${TZ}
|
- TZ=${TZ}
|
||||||
|
- REDISPASS=${REDISPASS}
|
||||||
sysctls:
|
sysctls:
|
||||||
- net.core.somaxconn=4096
|
- net.core.somaxconn=4096
|
||||||
networks:
|
networks:
|
||||||
@@ -80,7 +83,7 @@ services:
|
|||||||
- clamd
|
- clamd
|
||||||
|
|
||||||
rspamd-mailcow:
|
rspamd-mailcow:
|
||||||
image: mailcow/rspamd:1.98
|
image: mailcow/rspamd:1.99
|
||||||
stop_grace_period: 30s
|
stop_grace_period: 30s
|
||||||
depends_on:
|
depends_on:
|
||||||
- dovecot-mailcow
|
- dovecot-mailcow
|
||||||
@@ -91,6 +94,7 @@ services:
|
|||||||
- IPV6_NETWORK=${IPV6_NETWORK:-fd4d:6169:6c63:6f77::/64}
|
- IPV6_NETWORK=${IPV6_NETWORK:-fd4d:6169:6c63:6f77::/64}
|
||||||
- REDIS_SLAVEOF_IP=${REDIS_SLAVEOF_IP:-}
|
- REDIS_SLAVEOF_IP=${REDIS_SLAVEOF_IP:-}
|
||||||
- REDIS_SLAVEOF_PORT=${REDIS_SLAVEOF_PORT:-}
|
- REDIS_SLAVEOF_PORT=${REDIS_SLAVEOF_PORT:-}
|
||||||
|
- REDISPASS=${REDISPASS}
|
||||||
- SPAMHAUS_DQS_KEY=${SPAMHAUS_DQS_KEY:-}
|
- SPAMHAUS_DQS_KEY=${SPAMHAUS_DQS_KEY:-}
|
||||||
volumes:
|
volumes:
|
||||||
- ./data/hooks/rspamd:/hooks:Z
|
- ./data/hooks/rspamd:/hooks:Z
|
||||||
@@ -112,7 +116,7 @@ services:
|
|||||||
- rspamd
|
- rspamd
|
||||||
|
|
||||||
php-fpm-mailcow:
|
php-fpm-mailcow:
|
||||||
image: mailcow/phpfpm:1.91.1
|
image: mailcow/phpfpm:1.92
|
||||||
command: "php-fpm -d date.timezone=${TZ} -d expose_php=0"
|
command: "php-fpm -d date.timezone=${TZ} -d expose_php=0"
|
||||||
depends_on:
|
depends_on:
|
||||||
- redis-mailcow
|
- redis-mailcow
|
||||||
@@ -139,6 +143,7 @@ services:
|
|||||||
environment:
|
environment:
|
||||||
- REDIS_SLAVEOF_IP=${REDIS_SLAVEOF_IP:-}
|
- REDIS_SLAVEOF_IP=${REDIS_SLAVEOF_IP:-}
|
||||||
- REDIS_SLAVEOF_PORT=${REDIS_SLAVEOF_PORT:-}
|
- REDIS_SLAVEOF_PORT=${REDIS_SLAVEOF_PORT:-}
|
||||||
|
- REDISPASS=${REDISPASS}
|
||||||
- LOG_LINES=${LOG_LINES:-9999}
|
- LOG_LINES=${LOG_LINES:-9999}
|
||||||
- TZ=${TZ}
|
- TZ=${TZ}
|
||||||
- DBNAME=${DBNAME}
|
- DBNAME=${DBNAME}
|
||||||
@@ -177,7 +182,7 @@ services:
|
|||||||
- phpfpm
|
- phpfpm
|
||||||
|
|
||||||
sogo-mailcow:
|
sogo-mailcow:
|
||||||
image: mailcow/sogo:1.127.1
|
image: mailcow/sogo:1.128
|
||||||
environment:
|
environment:
|
||||||
- DBNAME=${DBNAME}
|
- DBNAME=${DBNAME}
|
||||||
- DBUSER=${DBUSER}
|
- DBUSER=${DBUSER}
|
||||||
@@ -194,6 +199,7 @@ services:
|
|||||||
- MASTER=${MASTER:-y}
|
- MASTER=${MASTER:-y}
|
||||||
- REDIS_SLAVEOF_IP=${REDIS_SLAVEOF_IP:-}
|
- REDIS_SLAVEOF_IP=${REDIS_SLAVEOF_IP:-}
|
||||||
- REDIS_SLAVEOF_PORT=${REDIS_SLAVEOF_PORT:-}
|
- REDIS_SLAVEOF_PORT=${REDIS_SLAVEOF_PORT:-}
|
||||||
|
- REDISPASS=${REDISPASS}
|
||||||
dns:
|
dns:
|
||||||
- ${IPV4_NETWORK:-172.22.1}.254
|
- ${IPV4_NETWORK:-172.22.1}.254
|
||||||
volumes:
|
volumes:
|
||||||
@@ -224,7 +230,7 @@ services:
|
|||||||
- sogo
|
- sogo
|
||||||
|
|
||||||
dovecot-mailcow:
|
dovecot-mailcow:
|
||||||
image: mailcow/dovecot:2.2
|
image: mailcow/dovecot:2.21
|
||||||
depends_on:
|
depends_on:
|
||||||
- mysql-mailcow
|
- mysql-mailcow
|
||||||
- netfilter-mailcow
|
- netfilter-mailcow
|
||||||
@@ -266,6 +272,7 @@ services:
|
|||||||
- MASTER=${MASTER:-y}
|
- MASTER=${MASTER:-y}
|
||||||
- REDIS_SLAVEOF_IP=${REDIS_SLAVEOF_IP:-}
|
- REDIS_SLAVEOF_IP=${REDIS_SLAVEOF_IP:-}
|
||||||
- REDIS_SLAVEOF_PORT=${REDIS_SLAVEOF_PORT:-}
|
- REDIS_SLAVEOF_PORT=${REDIS_SLAVEOF_PORT:-}
|
||||||
|
- REDISPASS=${REDISPASS}
|
||||||
- COMPOSE_PROJECT_NAME=${COMPOSE_PROJECT_NAME:-mailcow-dockerized}
|
- COMPOSE_PROJECT_NAME=${COMPOSE_PROJECT_NAME:-mailcow-dockerized}
|
||||||
- FLATCURVE_EXPERIMENTAL=${FLATCURVE_EXPERIMENTAL:-n}
|
- FLATCURVE_EXPERIMENTAL=${FLATCURVE_EXPERIMENTAL:-n}
|
||||||
ports:
|
ports:
|
||||||
@@ -308,7 +315,7 @@ services:
|
|||||||
- dovecot
|
- dovecot
|
||||||
|
|
||||||
postfix-mailcow:
|
postfix-mailcow:
|
||||||
image: mailcow/postfix:1.77
|
image: mailcow/postfix:1.78
|
||||||
depends_on:
|
depends_on:
|
||||||
mysql-mailcow:
|
mysql-mailcow:
|
||||||
condition: service_started
|
condition: service_started
|
||||||
@@ -330,6 +337,7 @@ services:
|
|||||||
- DBPASS=${DBPASS}
|
- DBPASS=${DBPASS}
|
||||||
- REDIS_SLAVEOF_IP=${REDIS_SLAVEOF_IP:-}
|
- REDIS_SLAVEOF_IP=${REDIS_SLAVEOF_IP:-}
|
||||||
- REDIS_SLAVEOF_PORT=${REDIS_SLAVEOF_PORT:-}
|
- REDIS_SLAVEOF_PORT=${REDIS_SLAVEOF_PORT:-}
|
||||||
|
- REDISPASS=${REDISPASS}
|
||||||
- MAILCOW_HOSTNAME=${MAILCOW_HOSTNAME}
|
- MAILCOW_HOSTNAME=${MAILCOW_HOSTNAME}
|
||||||
- SPAMHAUS_DQS_KEY=${SPAMHAUS_DQS_KEY:-}
|
- SPAMHAUS_DQS_KEY=${SPAMHAUS_DQS_KEY:-}
|
||||||
cap_add:
|
cap_add:
|
||||||
@@ -401,7 +409,7 @@ services:
|
|||||||
condition: service_started
|
condition: service_started
|
||||||
unbound-mailcow:
|
unbound-mailcow:
|
||||||
condition: service_healthy
|
condition: service_healthy
|
||||||
image: mailcow/acme:1.90
|
image: mailcow/acme:1.91
|
||||||
dns:
|
dns:
|
||||||
- ${IPV4_NETWORK:-172.22.1}.254
|
- ${IPV4_NETWORK:-172.22.1}.254
|
||||||
environment:
|
environment:
|
||||||
@@ -424,6 +432,7 @@ services:
|
|||||||
- TZ=${TZ}
|
- TZ=${TZ}
|
||||||
- REDIS_SLAVEOF_IP=${REDIS_SLAVEOF_IP:-}
|
- REDIS_SLAVEOF_IP=${REDIS_SLAVEOF_IP:-}
|
||||||
- REDIS_SLAVEOF_PORT=${REDIS_SLAVEOF_PORT:-}
|
- REDIS_SLAVEOF_PORT=${REDIS_SLAVEOF_PORT:-}
|
||||||
|
- REDISPASS=${REDISPASS}
|
||||||
- SNAT_TO_SOURCE=${SNAT_TO_SOURCE:-n}
|
- SNAT_TO_SOURCE=${SNAT_TO_SOURCE:-n}
|
||||||
- SNAT6_TO_SOURCE=${SNAT6_TO_SOURCE:-n}
|
- SNAT6_TO_SOURCE=${SNAT6_TO_SOURCE:-n}
|
||||||
volumes:
|
volumes:
|
||||||
@@ -438,7 +447,7 @@ services:
|
|||||||
- acme
|
- acme
|
||||||
|
|
||||||
netfilter-mailcow:
|
netfilter-mailcow:
|
||||||
image: mailcow/netfilter:1.59
|
image: mailcow/netfilter:1.60
|
||||||
stop_grace_period: 30s
|
stop_grace_period: 30s
|
||||||
restart: always
|
restart: always
|
||||||
privileged: true
|
privileged: true
|
||||||
@@ -450,6 +459,7 @@ services:
|
|||||||
- SNAT6_TO_SOURCE=${SNAT6_TO_SOURCE:-n}
|
- SNAT6_TO_SOURCE=${SNAT6_TO_SOURCE:-n}
|
||||||
- REDIS_SLAVEOF_IP=${REDIS_SLAVEOF_IP:-}
|
- REDIS_SLAVEOF_IP=${REDIS_SLAVEOF_IP:-}
|
||||||
- REDIS_SLAVEOF_PORT=${REDIS_SLAVEOF_PORT:-}
|
- REDIS_SLAVEOF_PORT=${REDIS_SLAVEOF_PORT:-}
|
||||||
|
- REDISPASS=${REDISPASS}
|
||||||
- MAILCOW_REPLICA_IP=${MAILCOW_REPLICA_IP:-}
|
- MAILCOW_REPLICA_IP=${MAILCOW_REPLICA_IP:-}
|
||||||
- DISABLE_NETFILTER_ISOLATION_RULE=${DISABLE_NETFILTER_ISOLATION_RULE:-n}
|
- DISABLE_NETFILTER_ISOLATION_RULE=${DISABLE_NETFILTER_ISOLATION_RULE:-n}
|
||||||
network_mode: "host"
|
network_mode: "host"
|
||||||
@@ -457,7 +467,7 @@ services:
|
|||||||
- /lib/modules:/lib/modules:ro
|
- /lib/modules:/lib/modules:ro
|
||||||
|
|
||||||
watchdog-mailcow:
|
watchdog-mailcow:
|
||||||
image: mailcow/watchdog:2.05
|
image: mailcow/watchdog:2.06
|
||||||
dns:
|
dns:
|
||||||
- ${IPV4_NETWORK:-172.22.1}.254
|
- ${IPV4_NETWORK:-172.22.1}.254
|
||||||
tmpfs:
|
tmpfs:
|
||||||
@@ -503,6 +513,7 @@ services:
|
|||||||
- HTTPS_PORT=${HTTPS_PORT:-443}
|
- HTTPS_PORT=${HTTPS_PORT:-443}
|
||||||
- REDIS_SLAVEOF_IP=${REDIS_SLAVEOF_IP:-}
|
- REDIS_SLAVEOF_IP=${REDIS_SLAVEOF_IP:-}
|
||||||
- REDIS_SLAVEOF_PORT=${REDIS_SLAVEOF_PORT:-}
|
- REDIS_SLAVEOF_PORT=${REDIS_SLAVEOF_PORT:-}
|
||||||
|
- REDISPASS=${REDISPASS}
|
||||||
- EXTERNAL_CHECKS_THRESHOLD=${EXTERNAL_CHECKS_THRESHOLD:-1}
|
- EXTERNAL_CHECKS_THRESHOLD=${EXTERNAL_CHECKS_THRESHOLD:-1}
|
||||||
- NGINX_THRESHOLD=${NGINX_THRESHOLD:-5}
|
- NGINX_THRESHOLD=${NGINX_THRESHOLD:-5}
|
||||||
- UNBOUND_THRESHOLD=${UNBOUND_THRESHOLD:-5}
|
- UNBOUND_THRESHOLD=${UNBOUND_THRESHOLD:-5}
|
||||||
@@ -528,7 +539,7 @@ services:
|
|||||||
- watchdog
|
- watchdog
|
||||||
|
|
||||||
dockerapi-mailcow:
|
dockerapi-mailcow:
|
||||||
image: mailcow/dockerapi:2.09
|
image: mailcow/dockerapi:2.10
|
||||||
security_opt:
|
security_opt:
|
||||||
- label=disable
|
- label=disable
|
||||||
restart: always
|
restart: always
|
||||||
@@ -539,6 +550,7 @@ services:
|
|||||||
- TZ=${TZ}
|
- TZ=${TZ}
|
||||||
- REDIS_SLAVEOF_IP=${REDIS_SLAVEOF_IP:-}
|
- REDIS_SLAVEOF_IP=${REDIS_SLAVEOF_IP:-}
|
||||||
- REDIS_SLAVEOF_PORT=${REDIS_SLAVEOF_PORT:-}
|
- REDIS_SLAVEOF_PORT=${REDIS_SLAVEOF_PORT:-}
|
||||||
|
- REDISPASS=${REDISPASS}
|
||||||
volumes:
|
volumes:
|
||||||
- /var/run/docker.sock:/var/run/docker.sock:ro
|
- /var/run/docker.sock:/var/run/docker.sock:ro
|
||||||
networks:
|
networks:
|
||||||
|
|||||||
@@ -264,6 +264,12 @@ DBUSER=mailcow
|
|||||||
DBPASS=$(LC_ALL=C </dev/urandom tr -dc A-Za-z0-9 2> /dev/null | head -c 28)
|
DBPASS=$(LC_ALL=C </dev/urandom tr -dc A-Za-z0-9 2> /dev/null | head -c 28)
|
||||||
DBROOT=$(LC_ALL=C </dev/urandom tr -dc A-Za-z0-9 2> /dev/null | head -c 28)
|
DBROOT=$(LC_ALL=C </dev/urandom tr -dc A-Za-z0-9 2> /dev/null | head -c 28)
|
||||||
|
|
||||||
|
# ------------------------------
|
||||||
|
# REDIS configuration
|
||||||
|
# ------------------------------
|
||||||
|
|
||||||
|
REDISPASS=$(LC_ALL=C </dev/urandom tr -dc A-Za-z0-9 2> /dev/null | head -c 28)
|
||||||
|
|
||||||
# ------------------------------
|
# ------------------------------
|
||||||
# HTTP/S Bindings
|
# HTTP/S Bindings
|
||||||
# ------------------------------
|
# ------------------------------
|
||||||
|
|||||||
@@ -204,7 +204,7 @@ fi
|
|||||||
|
|
||||||
# Trigger a Redis save for a consistent Redis copy
|
# Trigger a Redis save for a consistent Redis copy
|
||||||
echo -ne "\033[1mRunning redis-cli save... \033[0m"
|
echo -ne "\033[1mRunning redis-cli save... \033[0m"
|
||||||
docker exec $(docker ps -qf name=redis-mailcow) redis-cli save
|
docker exec $(docker ps -qf name=redis-mailcow) redis-cli -a ${REDISPASS} --no-auth-warning save
|
||||||
|
|
||||||
# Syncing volumes related to compose project
|
# Syncing volumes related to compose project
|
||||||
# Same here: make sure destination exists
|
# Same here: make sure destination exists
|
||||||
|
|||||||
@@ -119,7 +119,7 @@ function backup() {
|
|||||||
${DEBIAN_DOCKER_IMAGE} /bin/tar --warning='no-file-ignored' --use-compress-program="pigz --rsyncable -p ${THREADS}" -Pcvpf /backup/backup_crypt.tar.gz /crypt
|
${DEBIAN_DOCKER_IMAGE} /bin/tar --warning='no-file-ignored' --use-compress-program="pigz --rsyncable -p ${THREADS}" -Pcvpf /backup/backup_crypt.tar.gz /crypt
|
||||||
;;&
|
;;&
|
||||||
redis|all)
|
redis|all)
|
||||||
docker exec $(docker ps -qf name=redis-mailcow) redis-cli save
|
docker exec $(docker ps -qf name=redis-mailcow) redis-cli -a ${REDISPASS} --no-auth-warning save
|
||||||
docker run --name mailcow-backup --rm \
|
docker run --name mailcow-backup --rm \
|
||||||
-v ${BACKUP_LOCATION}/mailcow-${DATE}:/backup:z \
|
-v ${BACKUP_LOCATION}/mailcow-${DATE}:/backup:z \
|
||||||
-v $(docker volume ls -qf name=^${CMPS_PRJ}_redis-vol-1$):/redis:ro,z \
|
-v $(docker volume ls -qf name=^${CMPS_PRJ}_redis-vol-1$):/redis:ro,z \
|
||||||
|
|||||||
@@ -101,11 +101,11 @@ if [[ ${NC_PURGE} == "y" ]]; then
|
|||||||
echo -e "\033[33mNot purging anything...\033[0m"
|
echo -e "\033[33mNot purging anything...\033[0m"
|
||||||
exit 1
|
exit 1
|
||||||
fi
|
fi
|
||||||
docker exec -it $(docker ps -f name=redis-mailcow -q) /bin/sh -c ' cat <<EOF | redis-cli
|
docker exec -it $(docker ps -f name=redis-mailcow -q) /bin/sh -c "cat <<EOF | redis-cli -a ${REDISPASS} --no-auth-warning
|
||||||
SELECT 10
|
SELECT 10
|
||||||
FLUSHDB
|
FLUSHDB
|
||||||
EOF
|
EOF
|
||||||
'
|
"
|
||||||
if [ -d ./data/web/nextcloud/config ]; then
|
if [ -d ./data/web/nextcloud/config ]; then
|
||||||
mv ./data/web/nextcloud/config/ ./data/conf/nextcloud-config-folder-$(date +%s).bak
|
mv ./data/web/nextcloud/config/ ./data/conf/nextcloud-config-folder-$(date +%s).bak
|
||||||
fi
|
fi
|
||||||
|
|||||||
@@ -15,15 +15,15 @@ if [[ "$response" =~ ^(yes|y)$ ]]; then
|
|||||||
docker stop ${RSPAMD_ID}
|
docker stop ${RSPAMD_ID}
|
||||||
echo "LUA will return nil when it succeeds or print a warning/error when it fails."
|
echo "LUA will return nil when it succeeds or print a warning/error when it fails."
|
||||||
echo "Deleting all RS* keys - if any"
|
echo "Deleting all RS* keys - if any"
|
||||||
docker exec -it ${REDIS_ID} redis-cli EVAL "for _,k in ipairs(redis.call('keys', ARGV[1])) do redis.call('del', k) end" 0 'RS*'
|
docker exec -it ${REDIS_ID} redis-cli -a ${REDISPASS} --no-auth-warning EVAL "for _,k in ipairs(redis.call('keys', ARGV[1])) do redis.call('del', k) end" 0 'RS*'
|
||||||
echo "Deleting all BAYES* keys - if any"
|
echo "Deleting all BAYES* keys - if any"
|
||||||
docker exec -it ${REDIS_ID} redis-cli EVAL "for _,k in ipairs(redis.call('keys', ARGV[1])) do redis.call('del', k) end" 0 'BAYES*'
|
docker exec -it ${REDIS_ID} redis-cli -a ${REDISPASS} --no-auth-warning EVAL "for _,k in ipairs(redis.call('keys', ARGV[1])) do redis.call('del', k) end" 0 'BAYES*'
|
||||||
echo "Deleting all learned* keys - if any"
|
echo "Deleting all learned* keys - if any"
|
||||||
docker exec -it ${REDIS_ID} redis-cli EVAL "for _,k in ipairs(redis.call('keys', ARGV[1])) do redis.call('del', k) end" 0 'learned*'
|
docker exec -it ${REDIS_ID} redis-cli -a ${REDISPASS} --no-auth-warning EVAL "for _,k in ipairs(redis.call('keys', ARGV[1])) do redis.call('del', k) end" 0 'learned*'
|
||||||
echo "Deleting all fuzzy* keys - if any"
|
echo "Deleting all fuzzy* keys - if any"
|
||||||
docker exec -it ${REDIS_ID} redis-cli EVAL "for _,k in ipairs(redis.call('keys', ARGV[1])) do redis.call('del', k) end" 0 'fuzzy*'
|
docker exec -it ${REDIS_ID} redis-cli -a ${REDISPASS} --no-auth-warning EVAL "for _,k in ipairs(redis.call('keys', ARGV[1])) do redis.call('del', k) end" 0 'fuzzy*'
|
||||||
echo "Deleting all tRFANN* keys - if any"
|
echo "Deleting all tRFANN* keys - if any"
|
||||||
docker exec -it ${REDIS_ID} redis-cli EVAL "for _,k in ipairs(redis.call('keys', ARGV[1])) do redis.call('del', k) end" 0 'tRFANN*'
|
docker exec -it ${REDIS_ID} redis-cli -a ${REDISPASS} --no-auth-warning EVAL "for _,k in ipairs(redis.call('keys', ARGV[1])) do redis.call('del', k) end" 0 'tRFANN*'
|
||||||
echo "Starting Rspamd container"
|
echo "Starting Rspamd container"
|
||||||
docker start ${RSPAMD_ID}
|
docker start ${RSPAMD_ID}
|
||||||
fi
|
fi
|
||||||
|
|||||||
@@ -540,6 +540,7 @@ CONFIG_ARRAY=(
|
|||||||
"SPAMHAUS_DQS_KEY"
|
"SPAMHAUS_DQS_KEY"
|
||||||
"SKIP_UNBOUND_HEALTHCHECK"
|
"SKIP_UNBOUND_HEALTHCHECK"
|
||||||
"DISABLE_NETFILTER_ISOLATION_RULE"
|
"DISABLE_NETFILTER_ISOLATION_RULE"
|
||||||
|
"REDISPASS"
|
||||||
)
|
)
|
||||||
|
|
||||||
detect_bad_asn
|
detect_bad_asn
|
||||||
@@ -832,6 +833,14 @@ for option in "${CONFIG_ARRAY[@]}"; do
|
|||||||
echo '# CAUTION: Disabling this may expose container ports to other neighbors on the same subnet, even if the ports are bound to localhost' >> mailcow.conf
|
echo '# CAUTION: Disabling this may expose container ports to other neighbors on the same subnet, even if the ports are bound to localhost' >> mailcow.conf
|
||||||
echo 'DISABLE_NETFILTER_ISOLATION_RULE=n' >> mailcow.conf
|
echo 'DISABLE_NETFILTER_ISOLATION_RULE=n' >> mailcow.conf
|
||||||
fi
|
fi
|
||||||
|
elif [[ "${option}" == "REDISPASS" ]]; then
|
||||||
|
if ! grep -q "${option}" mailcow.conf; then
|
||||||
|
echo "Adding new option \"${option}\" to mailcow.conf"
|
||||||
|
echo -e '\n# ------------------------------' >> mailcow.conf
|
||||||
|
echo '# REDIS configuration' >> mailcow.conf
|
||||||
|
echo -e '# ------------------------------\n' >> mailcow.conf
|
||||||
|
echo "REDISPASS=$(LC_ALL=C </dev/urandom tr -dc A-Za-z0-9 2> /dev/null | head -c 28)" >> mailcow.conf
|
||||||
|
fi
|
||||||
elif ! grep -q "${option}" mailcow.conf; then
|
elif ! grep -q "${option}" mailcow.conf; then
|
||||||
echo "Adding new option \"${option}\" to mailcow.conf"
|
echo "Adding new option \"${option}\" to mailcow.conf"
|
||||||
echo "${option}=n" >> mailcow.conf
|
echo "${option}=n" >> mailcow.conf
|
||||||
|
|||||||
Reference in New Issue
Block a user