Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Better PROXY_PROTOCOL #3221

Merged
merged 7 commits into from
Jun 9, 2024
Merged

Better PROXY_PROTOCOL #3221

merged 7 commits into from
Jun 9, 2024

Conversation

nextgens
Copy link
Contributor

@nextgens nextgens commented Apr 8, 2024

What type of PR?

Feature

What does this PR do?

  • Disable IMAP, POP3 and Submission by default; see https://nostarttls.secvuln.info/ on why explicit TLS is going away.
  • Change the semantic of PROXY_PROTOCOL to make it configurable per port
  • fix TLS_FLAVOR=notls not working with snappymail
  • fix TLS_PERMISSIVE
  • remove KUBERNETES_INGRESS; shouldn't be needed anymore
  • update the documentation and the reverse proxy example

Related issue(s)

Prerequisites

Before we can consider review and merge, please make sure the following list is done and checked.
If an entry in not applicable, you can check it or remove it from the list.

  • In case of feature or enhancement: documentation updated accordingly
  • Unless it's docs or a minor change: add changelog entry file.

@nextgens nextgens added priority/p2 Minor bug / Could have type/feature Introduces a new feature labels Apr 8, 2024
@mergify Mergify
Copy link
Contributor

mergify bot commented Apr 8, 2024

Thanks for submitting this pull request.
Bors-ng will now build test images. When it succeeds, we will continue to review and test your PR.

bors try

Note: if this build fails, read this.

bors-mailu bot added a commit that referenced this pull request Apr 8, 2024
@bors-mailu
Try #3221:
55bb024
@bors-mailu
Copy link
Contributor

bors-mailu bot commented Apr 8, 2024

try

Build succeeded:

@Diman0 Diman0 added this to the 2024.x milestone Apr 17, 2024
Diman0
Diman0 previously requested changes Jun 9, 2024
View reviewed changes
Copy link
Member

@Diman0 Diman0 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It looks good to me. My current setup with proxy_protocol still works fine with this PR.
There are only two typo's that must be addressed. See in-line comments.

core/nginx/conf/nginx.conf Outdated Show resolved Hide resolved
core/nginx/dovecot/proxy.conf Outdated Show resolved Hide resolved
nextgens and others added 2 commits June 9, 2024 11:59
@nextgens @Diman0
Update core/nginx/conf/nginx.conf
c63bd0c 
Co-authored-by: Dimitri Huisman <52963853+Diman0@users.noreply.github.com>
@nextgens @Diman0
Update core/nginx/dovecot/proxy.conf
52e02d4 
Co-authored-by: Dimitri Huisman <52963853+Diman0@users.noreply.github.com>
@mergify mergify bot dismissed Diman0’s stale review June 9, 2024 09:59

Pull request has been modified.

@nextgens
Copy link
Contributor Author

nextgens commented Jun 9, 2024

Great catch; not sure how I have managed to typo that.

@nextgens nextgens requested a review from Diman0 June 9, 2024 10:00
Diman0
Diman0 approved these changes Jun 9, 2024
View reviewed changes
Copy link
Member

@Diman0 Diman0 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@mergify Mergify
Copy link
Contributor

mergify bot commented Jun 9, 2024

bors r+

@bors-mailu
Copy link
Contributor

bors-mailu bot commented Jun 9, 2024

Build succeeded:

@bors-mailu bors-mailu bot merged commit d91a04d into Mailu:master Jun 9, 2024
2 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@Diman0 Diman0 Diman0 approved these changes

@ghostwheel42 ghostwheel42 Awaiting requested review from ghostwheel42

Assignees
No one assigned
Labels
priority/p2 Minor bug / Could have type/feature Introduces a new feature
Projects
None yet
Milestone
2024.x
Development

Successfully merging this pull request may close these issues.

snappymail integration broken with TLS_FLAVOR=notls in master
2 participants
@nextgens @Diman0