1
0
mirror of https://github.com/mail-in-a-box/mailinabox.git synced 2024-12-18 06:37:06 +00:00
Commit Graph

1482 Commits

Author SHA1 Message Date
Joshua Tauberer
3d4eadd436 the new migration management in c8856f107d left out the part where we actually keep the system's current MIGRATIONID... it was being lost when setup/start.sh was re-run 2014-07-07 11:29:21 +00:00
Joshua Tauberer
cf7053c124 set nginx server_names_hash_bucket_size to 64, fixes #93 2014-07-07 11:23:41 +00:00
Joshua Tauberer
430b2dec11 update default www page to link to the website, fixes #96 2014-07-07 07:07:54 -04:00
Joshua Tauberer
ad3f6f8424 adding externals and .env to gitignore 2014-07-07 07:06:36 -04:00
Joshua Tauberer
65fb65ada7 an mx record may be missing if the A record matches the A record of PRIMARY_HOSTNAME 2014-07-07 02:35:45 +00:00
Joshua Tauberer
28e254fb84 whats_next: Allow the PRIMARY_HOSTNAME to not have an MX because the default value means the domain itself, which is what we want anyway 2014-07-07 02:35:45 +00:00
Joshua Tauberer
e898cd5d2a whats_next: wrap output to the actual width of the terminal 2014-07-07 02:35:45 +00:00
Joshua Tauberer
6a231d4409 clarify that an SSL cert can remain self-signed on the non-primary domains if the domain isn't being used for web 2014-07-07 02:35:45 +00:00
Joshua Tauberer
dcce98f84b and remove the old documentation now that there is documentation on the website 2014-07-06 11:57:57 -04:00
Joshua Tauberer
05664f0a3b have the README refer to the website for details 2014-07-06 11:31:17 -04:00
Joshua Tauberer
49d5561933 when adding/removing mail addresses also update nginx's config 2014-07-06 12:16:50 +00:00
Joshua Tauberer
c8856f107d migrate the SSL certificates path for non-primary certs to a new layout using a new migration script 2014-06-30 20:41:29 +00:00
Joshua Tauberer
06ba25151f get_domain_ssl_files returned the wrong path for the CSR for PRIMARY_HOSTNAME 2014-06-30 19:49:41 +00:00
Joshua Tauberer
b5aa1b0f31 walk the user through choosing the PRIMARY_HOSTNAME by first asking for their email address 2014-06-30 10:20:58 -04:00
Joshua Tauberer
fed5959288 s/PUBLIC_HOSTNAME/PRIMARY_HOSTNAME/ throughout 2014-06-30 09:15:36 -04:00
Joshua Tauberer
573faa2bf5 install the backup script as a daily cron job 2014-06-26 10:46:22 +00:00
Joshua Tauberer
87f001a5d5 some comments 2014-06-24 03:24:41 +00:00
Joshua Tauberer
f8cd2bb805 typo: www/default/index.html would be overwritten if it already exists 2014-06-23 19:43:19 +00:00
Joshua Tauberer
1dec8c65ce move the SSH password login check into whats_next.py (it used to be in start.sh and then moved to an unused script when it became a problem for Vagrant) 2014-06-23 19:39:20 +00:00
Joshua Tauberer
d4ce50de86 new tool to purchase and install a SSL certificate using Gandi.net's API 2014-06-23 10:53:29 +00:00
Joshua Tauberer
30c416ff6e rename the new checklist script to whats_next.py 2014-06-23 00:11:24 +00:00
Joshua Tauberer
5aa09c3f9b let the user override some DNS records in a different way
Moved the configuration to a single YAML file, rather than one per domain, to be clearer.

re-does 33f06f29c1
2014-06-22 19:33:30 +00:00
Joshua Tauberer
45e93f7dcc strengthen the cyphers and protocols allowed by Dovecot and Postfix submission 2014-06-22 19:03:11 +00:00
Joshua Tauberer
343886d818 add mail alias checks and other cleanup 2014-06-22 16:28:55 +00:00
Joshua Tauberer
deab8974ec if we handle mail for both a domain and any subdomain, only create a zone for the domain and put the subdomain's DNS records in the main domain's zone file 2014-06-22 16:24:15 +00:00
Joshua Tauberer
4668367420 first pass at a management tool for checking what the user must do to finish his configuration: set NS records, DS records, sign his certificates, etc. 2014-06-22 15:54:22 +00:00
Joshua Tauberer
ec6c7d84c1 dont ask for a CSR country code on second runs because the CSR is already generated and any new country code won't be used anyway 2014-06-22 15:36:14 +00:00
Joshua Tauberer
8076ce4ab9 Merge pull request #74 from mkropat/mgmt-auth
Add authentication to mailinabox-daemon; resolves #67
2014-06-22 11:36:04 -04:00
Michael Kropat
9e63ec62fb Cleanup: remove env dependency 2014-06-22 08:55:19 -04:00
Michael Kropat
d100a790a0 Remove API_KEY_FILE setting 2014-06-22 08:45:29 -04:00
Michael Kropat
554a28479f Merge remote-tracking branch 'upstream/master' into mgmt-auth
Conflicts:
	management/daemon.py
2014-06-21 21:29:25 -04:00
Joshua Tauberer
064d75e261 Merge pull request #73 from mkropat/syslog-logging
Tell Flask to log to syslog
2014-06-21 21:22:27 -04:00
Joshua Tauberer
e70bc50432 README parallel sentence structure 2014-06-22 00:34:49 +00:00
Michael Kropat
bb394242ef Update documentation to use API auth
The updated instruction is not very user-friendly. I think the right
solution is to wrap the `/dns` commands in a `tools/dns.py` style
script, along the lines of `tools/mail.py`.
2014-06-22 00:07:14 +00:00
Michael Kropat
88e496eba4 Update setup scripts to auth against the API 2014-06-22 00:02:52 +00:00
Michael Kropat
447399e8cd Update mail tool to pass api key auth 2014-06-21 23:49:09 +00:00
Michael Kropat
067052d4ea Add key-based authentication to management service
Intended to be the simplest auth possible: every time the service
starts, a random key is written to `/var/lib/mailinabox/api.key`. In
order to authenticate to the service, the client must pass the contents
of `api.key` in an HTTP basic auth header. In this way, users who do not
have read access to that file are not able to communicate with the
service.
2014-06-21 23:42:48 +00:00
Michael Kropat
53e15eae15 Tell Flask to log to syslog
- Writes Flask warnings and errors to `/var/log/syslog`
- Helps to debug issues when running in production
2014-06-21 23:25:35 +00:00
Joshua Tauberer
67d31ed998 move the SSL setup into its own bash script since it is used for much more than email now 2014-06-21 22:16:46 +00:00
Joshua Tauberer
0ab43ef4fd have webfinger output a JSON file in STORAGE_ROOT/webfinger/(acct/..) 2014-06-21 17:08:18 +00:00
Joshua Tauberer
326cc2a451 obviously put our stuff in /usr/local and not /usr 2014-06-21 12:35:00 -04:00
Joshua Tauberer
d3cacd4a11 update test_dns
Don't check NS records for now because they will only appear on zones.
If a hostname is a subdomain on a zone and not itself a zone, it will
lack NS records.

Also stop testing for ADSP, which we dropped in 126ea94ccf.
2014-06-21 12:32:20 -04:00
Joshua Tauberer
87b0608f15 test_dns: DNSSEC signing inserts empty text string components 2014-06-21 12:32:20 -04:00
Joshua Tauberer
85169dc960 preliminary support for webfinger
It just echos back the subject given to it.
2014-06-20 01:55:16 +00:00
Joshua Tauberer
5faa1cae71 manage the nginx conf in the management daemon too so we can have nginx operate on all domains that we serve mail for 2014-06-20 01:55:12 +00:00
Joshua Tauberer
a1a80b295e update docs a bit 2014-06-18 23:12:05 -04:00
Joshua Tauberer
94a140a27a linkify README 2014-06-18 23:04:06 -04:00
Joshua Tauberer
126ea94ccf drop support for ADSP which since last November is no longer recommended per http://datatracker.ietf.org/doc/status-change-adsp-rfc5617-to-historic/ 2014-06-18 22:56:55 -04:00
Joshua Tauberer
0f72f78eea add DNSSEC/DANE TLSA to the README 2014-06-19 02:23:07 +00:00
Joshua Tauberer
782ad04b10 use DANE when sending mail: if the recipient MX has a DANE TLSA record in DNS then Postfix will necessarily encrypt the mail in transport 2014-06-19 01:58:14 +00:00