solve conflict
Dieser Commit ist enthalten in:
Commit
2071d6fec9
20 geänderte Dateien mit 226 neuen und 341 gelöschten Zeilen
4
.github/workflows/gh-pages.yml
gevendort
4
.github/workflows/gh-pages.yml
gevendort
|
@ -14,14 +14,14 @@ jobs:
|
|||
run: |
|
||||
sudo apt-get -y update
|
||||
sudo apt-get -y install python3-pip
|
||||
pip install mkdocs-material==7.1.5 pygments==2.9.0 mkdocs-redirects==1.0.3
|
||||
pip install mkdocs-material==7.2.4 pygments==2.10.0 mkdocs-redirects==1.0.3
|
||||
|
||||
- name: Build site 🔧
|
||||
run: |
|
||||
mkdocs build --verbose --clean
|
||||
|
||||
- name: Deploy 🚀
|
||||
uses: JamesIves/github-pages-deploy-action@4.1.3
|
||||
uses: JamesIves/github-pages-deploy-action@4.1.4
|
||||
with:
|
||||
branch: gh-pages # The branch the action should deploy to.
|
||||
folder: site # The folder the action should deploy.
|
||||
|
|
|
@ -9,6 +9,6 @@ https://mailcow.github.io/mailcow-dockerized-docs
|
|||
To build it locally, you need the [Material theme for MkDocs](https://squidfunk.github.io/mkdocs-material/), [MkDocs](https://www.mkdocs.org/) itself and [Pygments](http://pygments.org/). To install these with [pip](https://pip.pypa.io/en/stable/) and get it up and running, fire up your terminal and enter
|
||||
|
||||
```
|
||||
pip install mkdocs-material==7.1.5 pygments==2.9.0 mkdocs-redirects==1.0.3
|
||||
pip install mkdocs-material==7.2.4 pygments==2.10.0 mkdocs-redirects==1.0.3
|
||||
mkdocs serve
|
||||
```
|
||||
|
|
|
@ -72,3 +72,26 @@ if [ $RESULT -ne 0 ]
|
|||
cat "$OUT"
|
||||
fi
|
||||
```
|
||||
|
||||
# Backup strategy with rsync and mailcow backup script
|
||||
|
||||
Create the destination directory for mailcows helper script:
|
||||
```
|
||||
mkdir -p /external_share/backups/backup_script
|
||||
```
|
||||
|
||||
Create cronjobs:
|
||||
```
|
||||
25 1 * * * rsync -aH --delete /opt/mailcow-dockerized /external_share/backups/mailcow-dockerized
|
||||
40 2 * * * rsync -aH --delete /var/lib/docker/volumes /external_share/backups/var_lib_docker_volumes
|
||||
5 4 * * * cd /opt/mailcow-dockerized/; BACKUP_LOCATION=/external_share/backups/backup_script /opt/mailcow-dockerized/helper-scripts/backup_and_restore.sh backup mysql crypt redis --delete-days 3
|
||||
# If you want to, use the acl util to backup permissions of some/all folders/files: getfacl -Rn /path
|
||||
```
|
||||
|
||||
On the destination (in this case `/external_share/backups`) you may want to have snapshot capabilities (ZFS, Btrfs etc.). Snapshot daily and keep for n days for a consistent backup.
|
||||
Do **not** rsync to a Samba share, you need to keep the correct permissions!
|
||||
|
||||
To restore you'd simply need to run rsync the other way round and restart Docker to re-read the volumes. Run `docker-compose pull` and `docker-compose up -d`.
|
||||
|
||||
If you are lucky Redis and MariaDB can automatically fix the inconsistent databases (if they _are_ inconsistent).
|
||||
In case of a corrupted database you'd need to use the helper script to restore the inconsistent elements. If a restore fails, try to extract the backups and copy the files back manually. Keep the file permissions!
|
||||
|
|
|
@ -1 +0,0 @@
|
|||
# WIP
|
|
@ -1,6 +1,6 @@
|
|||
## mailcow Admin Account
|
||||
|
||||
Reset mailcow admin to `admin:moohoo`. Older mailcow: dockerized installations may find `mailcow-reset-admin.sh` in their mailcow root directory (mailcow_path).
|
||||
Resets the mailcow admin account to a random password. Older mailcow: dockerized installations may find the `mailcow-reset-admin.sh` script in their mailcow root directory (mailcow_path).
|
||||
|
||||
```
|
||||
cd mailcow_path
|
||||
|
|
|
@ -38,6 +38,7 @@ version: '2.1'
|
|||
services:
|
||||
|
||||
ipv6nat-mailcow:
|
||||
image: bash:latest
|
||||
restart: "no"
|
||||
entrypoint: ["echo", "ipv6nat disabled in compose.override.yml"]
|
||||
```
|
||||
|
|
|
@ -48,13 +48,11 @@ Let's Encrypt will follow our rewrite, certificate requests in mailcow will work
|
|||
|
||||
**Take care of highlighted lines.**
|
||||
|
||||
``` apache hl_lines="2 5 6 12 13 19 22 23 26 27 28 29 34 35"
|
||||
``` apache hl_lines="2 10 11 17 22 23 24 25 30 31"
|
||||
<VirtualHost *:80>
|
||||
ServerName CHANGE_TO_MAILCOW_HOSTNAME
|
||||
ServerAlias autodiscover.*
|
||||
ServerAlias autoconfig.*
|
||||
ServerAlias xmpp_prefix_if_any.domain
|
||||
ServerAlias *.xmpp_prefix_if_any.domain
|
||||
RewriteEngine on
|
||||
|
||||
RewriteCond %{HTTPS} off
|
||||
|
@ -70,8 +68,6 @@ Let's Encrypt will follow our rewrite, certificate requests in mailcow will work
|
|||
ServerName CHANGE_TO_MAILCOW_HOSTNAME
|
||||
ServerAlias autodiscover.*
|
||||
ServerAlias autoconfig.*
|
||||
ServerAlias xmpp_prefix_if_any.domain
|
||||
ServerAlias *.xmpp_prefix_if_any.domain
|
||||
|
||||
# You should proxy to a plain HTTP session to offload SSL processing
|
||||
ProxyPass /Microsoft-Server-ActiveSync http://127.0.0.1:8080/Microsoft-Server-ActiveSync connectiontimeout=4000
|
||||
|
@ -106,13 +102,13 @@ Let's Encrypt will follow our rewrite, certificate requests will work fine.
|
|||
server {
|
||||
listen 80 default_server;
|
||||
listen [::]:80 default_server;
|
||||
server_name CHANGE_TO_MAILCOW_HOSTNAME autodiscover.* autoconfig.* xmpp_prefix_if_any.domain *.xmpp_prefix_if_any.domain;
|
||||
server_name CHANGE_TO_MAILCOW_HOSTNAME autodiscover.* autoconfig.*;
|
||||
return 301 https://$host$request_uri;
|
||||
}
|
||||
server {
|
||||
listen 443 ssl http2;
|
||||
listen [::]:443 ssl http2;
|
||||
server_name CHANGE_TO_MAILCOW_HOSTNAME autodiscover.* autoconfig.* xmpp_prefix_if_any.domain *.xmpp_prefix_if_any.domain;
|
||||
server_name CHANGE_TO_MAILCOW_HOSTNAME autodiscover.* autoconfig.*;
|
||||
|
||||
ssl_certificate MAILCOW_PATH/data/assets/ssl/cert.pem;
|
||||
ssl_certificate_key MAILCOW_PATH/data/assets/ssl/key.pem;
|
||||
|
|
|
@ -3,7 +3,7 @@
|
|||
**We do not recommend** CentOS 8 anymore.
|
||||
|
||||
|
||||
You need Docker and Docker Compose.
|
||||
You need Docker (a version >= `20.10.2` is required) and Docker Compose.
|
||||
|
||||
**1\.** Learn how to install [Docker](https://docs.docker.com/install/) and [Docker Compose](https://docs.docker.com/compose/install/).
|
||||
|
||||
|
@ -13,8 +13,7 @@ Quick installation for most operation systems:
|
|||
```
|
||||
curl -sSL https://get.docker.com/ | CHANNEL=stable sh
|
||||
# After the installation process is finished, you may need to enable the service and make sure it is started (e.g. CentOS 7)
|
||||
systemctl enable docker.service
|
||||
systemctl start docker.service
|
||||
systemctl enable --now docker
|
||||
```
|
||||
|
||||
- Docker-Compose
|
||||
|
|
|
@ -66,6 +66,10 @@ docker-compose pull
|
|||
docker-compose up -d
|
||||
```
|
||||
|
||||
### Hooks
|
||||
|
||||
You can hook into the update mechanism by adding scripts called `pre_commit_hook.sh` and `post_commit_hook.sh` to your mailcows root directory. See [this](./u_e-update-hooks.md) for more details.
|
||||
|
||||
## Footnotes
|
||||
|
||||
- There is no release cycle regarding updates.
|
||||
|
|
Binäre Datei nicht angezeigt.
Vorher Breite: | Höhe: | Größe: 6,7 KiB Nachher Breite: | Höhe: | Größe: 10 KiB |
|
@ -67,7 +67,6 @@ Each container represents a single application.
|
|||
- [ACME](https://letsencrypt.org/)
|
||||
- [ClamAV](https://www.clamav.net/) (optional)
|
||||
- [Dovecot](https://www.dovecot.org/)
|
||||
- [ejabberd](https://www.ejabberd.im/)
|
||||
- [MariaDB](https://mariadb.org/)
|
||||
- [Memcached](https://www.memcached.org/)
|
||||
- [Netfilter](https://www.netfilter.org/) (Fail2ban-like integration by [@mkuron](https://github.com/mkuron))
|
||||
|
@ -78,7 +77,7 @@ Each container represents a single application.
|
|||
- [Redis](https://redis.io/)
|
||||
- [Rspamd](https://www.rspamd.com/)
|
||||
- [SOGo](https://sogo.nu/)
|
||||
- [Solr](http://lucene.apache.org/solr/) (optional)
|
||||
- [Solr](https://solr.apache.org/) (optional)
|
||||
- [Unbound](https://unbound.net/)
|
||||
- A Watchdog to provide basic monitoring
|
||||
|
||||
|
@ -95,5 +94,3 @@ Each container represents a single application.
|
|||
- solr-vol-1
|
||||
- vmail-index-vol-1
|
||||
- vmail-vol-1
|
||||
- xmpp-upload-vol-1
|
||||
- xmpp-vol-1
|
||||
|
|
|
@ -60,7 +60,7 @@ _dmarc IN TXT "v=DMARC1; p=reject; rua=mailto:mailauth-reports@
|
|||
_autodiscover._tcp IN SRV 0 1 443 mail.example.org. (your ${MAILCOW_HOSTNAME})
|
||||
_caldavs._tcp IN SRV 0 1 443 mail.example.org. (your ${MAILCOW_HOSTNAME})
|
||||
_caldavs._tcp IN TXT "path=/SOGo/dav/"
|
||||
_carddavs._tcp IN SRV 0 1 443 Mail.example.org. (your ${MAILCOW_HOSTNAME})
|
||||
_carddavs._tcp IN SRV 0 1 443 mail.example.org. (your ${MAILCOW_HOSTNAME})
|
||||
_carddavs._tcp IN TXT "path=/SOGo/dav/"
|
||||
_imap._tcp IN SRV 0 1 143 mail.example.org. (your ${MAILCOW_HOSTNAME})
|
||||
_imaps._tcp IN SRV 0 1 993 mail.example.org. (your ${MAILCOW_HOSTNAME})
|
||||
|
@ -90,7 +90,7 @@ If you are interested in statistics, you can additionally register with some of
|
|||
!!! Tip
|
||||
It is worth considering that if you request DMARC statistic reports to your mailcow server and your mailcow server is not configured correctly to receive these reports, you may not get accurate and complete results. Please consider using an alternative email domain for receiving DMARC reports.
|
||||
|
||||
It is worth mentioning, that the following suggestions are not a comprehensive list of all services and tools avaialble, but only a small few of the many choices.
|
||||
It is worth mentioning, that the following suggestions are not a comprehensive list of all services and tools available, but only a small few of the many choices.
|
||||
|
||||
- [Postmaster Tool](https://gmail.com/postmaster)
|
||||
- [parsedmarc](https://github.com/domainaware/parsedmarc) (self-hosted)
|
||||
|
@ -100,7 +100,7 @@ It is worth mentioning, that the following suggestions are not a comprehensive l
|
|||
|
||||
!!! Tip
|
||||
|
||||
These services may provide you with a TXT record you need to insert into your DNS records as the provider specifies. Please ensure to read the providers documentation from the service you choose as this process may vary.
|
||||
These services may provide you with a TXT record you need to insert into your DNS records as the provider specifies. Please ensure you read the provider's documentation from the service you choose as this process may vary.
|
||||
|
||||
### Email test for SPF, DKIM and DMARC:
|
||||
|
||||
|
@ -127,4 +127,4 @@ The full report will contain more technical details.
|
|||
|
||||
### Fully Qualified Domain Name (FQDN)
|
||||
|
||||
[^1]: A **Fully Qualified Domain Name** (**FQDN**) is the complete (absolute) domain name for a specific computer or host, on the Internet. The FQDN consists of at least three parts divided by a dot: the hostname (myhost), the domain name (mydomain) and the top level domain in short **tld** (com). In the example of `mx.mailcow.email` the hostname would be `mx`, the domain name `mailcow` and the tld `email`.
|
||||
[^1]: A **Fully Qualified Domain Name** (**FQDN**) is the complete (absolute) domain name for a specific computer or host, on the Internet. The FQDN consists of at least three parts divided by a dot: the hostname, the domain name, and the Top Level Domain (**TLD** for short). In the example of `mx.mailcow.email` the hostname would be `mx`, the domain name `mailcow` and the TLD `email`.
|
||||
|
|
|
@ -70,9 +70,6 @@ If you have a firewall in front of mailcow, please make sure that these ports ar
|
|||
| Dovecot POP3S | TCP | 995 | dovecot-mailcow | `${POPS_PORT}` |
|
||||
| Dovecot ManageSieve | TCP | 4190 | dovecot-mailcow | `${SIEVE_PORT}` |
|
||||
| HTTP(S) | TCP | 80/443 | nginx-mailcow | `${HTTP_PORT}` / `${HTTPS_PORT}` |
|
||||
| XMPP (c2s) | TCP | 5222 | ejabberd-mailcow | `${XMPP_C2S_PORT}` |
|
||||
| XMPP (s2s) | TCP | 5269 | ejabberd-mailcow | `${XMPP_C2S_PORT}` |
|
||||
| XMPP (upload) | TCP | 5443 | ejabberd-mailcow | `${XMPP_HTTPS_PORT}` |
|
||||
|
||||
To bind a service to an IP address, you can prepend the IP like this: `SMTP_PORT=1.2.3.4:25`
|
||||
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
So far three methods for *Two-Factor Authentication* are implemented: U2F, Yubi OTP, and TOTP
|
||||
So far three methods for _Two-Factor Authentication_ are implemented: U2F, Yubi OTP, and TOTP
|
||||
|
||||
- For U2F to work, you need an encrypted connection to the server (HTTPS) as well as a FIDO security key.
|
||||
- Both U2F and Yubi OTP work well with the fantastic [Yubikey](https://www.yubico.com).
|
||||
|
@ -19,8 +19,22 @@ The API ID, API key and the first 12 characters (your YubiKeys ID in modhex) are
|
|||
|
||||
### U2F
|
||||
|
||||
Only Google Chrome (+derivatives) and Opera support U2F authentication to this day natively.
|
||||
Since version 67 Mozilla Firefox can handle U2F natively. ([Source](https://support.yubico.com/support/solutions/articles/15000017511-enabling-u2f-support-in-mozilla-firefox))
|
||||
To use U2F, the browser must support this standard.
|
||||
|
||||
The following desktop browsers support this authentication type:
|
||||
|
||||
- Edge (>=79)
|
||||
- Firefox (>=47, enabled by default since version 67)
|
||||
- Chrome (>=41)
|
||||
- Safari (>=13)
|
||||
- Opera (40, >=42, not 41)
|
||||
|
||||
The following mobile browsers support this authentication type:
|
||||
|
||||
- Safari on iOS (>=13.3)
|
||||
- Firefox on Android (>=68)
|
||||
|
||||
Sources: [caniuse.com](https://caniuse.com/u2f), [blog.mozilla.org](https://blog.mozilla.org/security/2019/08/05/web-authentication-in-firefox-for-android/)
|
||||
|
||||
U2F works without an internet connection.
|
||||
|
||||
|
|
|
@ -1,11 +1,19 @@
|
|||
## SSL
|
||||
|
||||
Please see [Advanced SSL](https://mailcow.github.io/mailcow-dockerized-docs/firststeps-ssl/) and explicitly check `ADDITIONAL_SERVER_NAMES` for SSL configuration.
|
||||
|
||||
Please do not add ADDITIONAL_SERVER_NAMES when you plan to use a different web root.
|
||||
|
||||
## New site
|
||||
|
||||
To create persistent (over updates) sites hosted by mailcow: dockerized, a new site configuration must be placed inside `data/conf/nginx/`:
|
||||
|
||||
A good template to begin with:
|
||||
|
||||
```
|
||||
nano data/conf/nginx/my_custom_site.conf
|
||||
```
|
||||
|
||||
A good template to begin with:
|
||||
|
||||
``` hl_lines="16"
|
||||
server {
|
||||
ssl_certificate /etc/ssl/mail/cert.pem;
|
||||
|
@ -19,15 +27,20 @@ server {
|
|||
ssl_session_tickets off;
|
||||
index index.php index.html;
|
||||
client_max_body_size 0;
|
||||
# Location: data/web
|
||||
root /web;
|
||||
# Location: data/web/mysite.com
|
||||
#root /web/mysite.com
|
||||
include /etc/nginx/conf.d/listen_plain.active;
|
||||
include /etc/nginx/conf.d/listen_ssl.active;
|
||||
server_name mysite.example.org;
|
||||
server_tokens off;
|
||||
|
||||
# This allows acme to be validated even with a different web root
|
||||
location ^~ /.well-known/acme-challenge/ {
|
||||
allow all;
|
||||
default_type "text/plain";
|
||||
rewrite /.well-known/acme-challenge/(.*) /$1 break;
|
||||
root /web/.well-known/acme-challenge/;
|
||||
}
|
||||
|
||||
if ($scheme = http) {
|
||||
|
@ -36,8 +49,14 @@ server {
|
|||
}
|
||||
```
|
||||
|
||||
## New site with proxy to a remote location
|
||||
|
||||
Another example with a reverse proxy configuration:
|
||||
|
||||
```
|
||||
nano data/conf/nginx/my_custom_site.conf
|
||||
```
|
||||
|
||||
``` hl_lines="16 28"
|
||||
server {
|
||||
ssl_certificate /etc/ssl/mail/cert.pem;
|
||||
|
@ -77,8 +96,9 @@ server {
|
|||
}
|
||||
```
|
||||
|
||||
## Config expansion in mailcows Nginx
|
||||
|
||||
The filename is not important, as long as the filename carries a .conf extension.
|
||||
The filename used for a new site is not important, as long as the filename carries a .conf extension.
|
||||
|
||||
It is also possible to extend the configuration of the default file `site.conf` file:
|
||||
|
||||
|
@ -86,7 +106,7 @@ It is also possible to extend the configuration of the default file `site.conf`
|
|||
nano data/conf/nginx/site.my_content.custom
|
||||
```
|
||||
|
||||
This filename does not need to have a ".conf" extension, but follows the pattern `site.*.custom`, where `*` is a custom name.
|
||||
This filename does not need to have a ".conf" extension but follows the pattern `site.*.custom`, where `*` is a custom name.
|
||||
|
||||
If PHP is to be included in a custom site, please use the PHP-FPM listener on phpfpm:9002 or create a new listener in `data/conf/phpfpm/php-fpm.d/pools.conf`.
|
||||
|
||||
|
@ -96,3 +116,4 @@ Restart Nginx (and PHP-FPM, if a new listener was created):
|
|||
docker-compose restart nginx-mailcow
|
||||
docker-compose restart php-fpm-mailcow
|
||||
```
|
||||
|
||||
|
|
10
docs/u_e-update-hooks.md
Normale Datei
10
docs/u_e-update-hooks.md
Normale Datei
|
@ -0,0 +1,10 @@
|
|||
It is possible to add pre- and post-update-hooks to the `update.sh` script that upgrades your whole mailcow installation.
|
||||
|
||||
To do so, just add the corresponding bash script into your mailcows root directory:
|
||||
|
||||
* `pre_update_hook.sh` for commands that should run before the update
|
||||
* `post_uddate_hook.sh` for commands that should run after the update is completed
|
||||
|
||||
Keep in mind that `pre_update_hook.sh` runs every time you call `update.sh` and `post_update_hook.sh` will only run if the update was successful and the script doesn't have to be re-run.
|
||||
|
||||
The scripts will be run by bash, an interpreter (e.g. `#!/bin/bash`) as well as an execute permission flag ("+x") are not required.
|
|
@ -1,98 +0,0 @@
|
|||
XMPP is provided by ejabberd, which describes itself as robust, scalable and extensible XMPP Server.
|
||||
|
||||
So first of all, thanks to ejabberd and its contributers!
|
||||
|
||||
## Enable XMPP in mailcow
|
||||
|
||||
To enable XMPP for a domain, you need to edit the given domain in mailcow UI:
|
||||
|
||||
![Screen1](https://i.imgur.com/oLyHBke.png)
|
||||
|
||||
The chosen prefix will be used to derive your XMPP login.
|
||||
|
||||
A prefix **xmpp_prefix** for the mailbox user `cowboy@develcow.de` would equal to the JID `cowboy@xmpp_prefix.develcow.de`.
|
||||
|
||||
!!! info
|
||||
The login passwords for mail and XMPP are the same. XMPP users are authenticated against mailcow.
|
||||
|
||||
Before enabling XMPP for a domain, you should create two CNAME records in DNS:
|
||||
|
||||
```
|
||||
# CNAMES
|
||||
# Name Type Value
|
||||
xmpp_prefix IN CNAME mail.example.org. (your ${MAILCOW_HOSTNAME})
|
||||
*.xmpp_prefix IN CNAME mail.example.org. (your ${MAILCOW_HOSTNAME})
|
||||
```
|
||||
|
||||
These two CNAMEs are essential for acquiring a certificate. Please **do not** add "xmpp_prefix.domain.tld" as name to `ADDITIONAL_SAN`.
|
||||
|
||||
Make sure your CNAMEs are correct. Enable XMPP for your domain now.
|
||||
|
||||
If you enabled XMPP first and then added your DNS records there is no need to worry. You will just need to wait for ejabberd to automatically acquire the certificates or
|
||||
simply restart ejabberd-mailcow to trigger the process immediately: `docker-compose restart ejabberd-mailcow`.
|
||||
|
||||
Once ejabberd is enabled, you may want to re-run the DNS check in the mailcow UI where you will find two more SRV records:
|
||||
|
||||
![Screen2](https://i.imgur.com/IxlUZ7y.png)
|
||||
|
||||
```
|
||||
# SRV records
|
||||
# Name Type Value
|
||||
_xmpp-client._tcp.xmpp_prefix IN SRV 10 1 5222 mail.example.org. (your ${MAILCOW_HOSTNAME})
|
||||
_xmpp-server._tcp.xmpp_prefix IN SRV 10 1 5269 mail.example.org. (your ${MAILCOW_HOSTNAME})
|
||||
```
|
||||
|
||||
There is no need to restart ejabberd, add these SRV records whenever you like. These records are crucial for autoconfiguration of XMPP clients and server-to-server connections.
|
||||
|
||||
## ACL
|
||||
|
||||
A domain administrator can be given the right to toggle XMPP access for domains and mailboxes, promoting users to XMPP administrators (WIP) and to change the prefix:
|
||||
|
||||
![Screen3](https://i.imgur.com/OxKuDFU.png)
|
||||
|
||||
## Verify certificates
|
||||
|
||||
Once everything is setup, make sure ejabberd was able to acquire certificates:
|
||||
|
||||
If you see a message similar to...
|
||||
|
||||
```
|
||||
ejabberd-mailcow_1 | 2021-02-13 14:40:19.507956+01:00 [error] Failed to request certificate for im.example.org, pubsub.im.example.org and 3 more hosts: Challenge failed for domain conference.im.example.org: ACME server reported: DNS problem: NXDOMAIN looking up A for conference.im.example.org - check that a DNS record exists for this domain (error type: dns)
|
||||
```
|
||||
|
||||
...you may need to recheck your DNS configuration or restart ejabberd-mailcow to restart the process in case of slow DNS propagation.
|
||||
|
||||
Opening `https://xmpp_prefix.domain.tld:5443/upload` should point you to a 404 page with a valid certificate.
|
||||
|
||||
## Why can't we use no prefix?
|
||||
|
||||
It does not matter which server name we point our SRV to, Jabber will always rely on the domain given in a JID. We would need to acquire a certificate for the SLD `domain.tld`, which hardly anyone wants to point to its mail system.
|
||||
|
||||
We are sorry for this circumstance. As soon as we implemented Servercows DNS API, this may be reconsidered.
|
||||
|
||||
## My reverse proxy does not work anymore
|
||||
|
||||
If your reverse proxy is configured to point to a site like `webmail.domain.tld` **which mailcow is not aware of** (as in MAILCOW_HOSTNAME does **not** match `webmail.domain.tld`), you may now be redirected to the default ejabberd Nginx site.
|
||||
|
||||
That's because mailcow does not know it should respond to `webmail.domain.tld` with mailcow UI.
|
||||
|
||||
### Method 1
|
||||
|
||||
A more simple approach is defining `ADDITIONAL_SERVER_NAMES` in `mailcow.conf`:
|
||||
|
||||
```
|
||||
ADDITIONAL_SERVER_NAMES=webmail.domain.tld
|
||||
```
|
||||
|
||||
Run `docker-compose up -d` to apply.
|
||||
|
||||
### Method 2
|
||||
|
||||
In your reverse proxy configuration, make sure you set a "Host" header that mailcow actually services, similar to this (Nginx example):
|
||||
|
||||
```
|
||||
proxy_set_header Host MAILCOW_HOSTNAME;
|
||||
# Instead of proxy_set_header Host $http_host;
|
||||
```
|
||||
|
||||
Now you can use whatever name you like, as long mailcow receives a known "Host" header.
|
|
@ -1,76 +0,0 @@
|
|||
## FAQ
|
||||
|
||||
Please find the most frequently asked questions with their corresponding configuration in `data/conf/ejabberd/ejabberd.yml` (if any).
|
||||
|
||||
- **I do not want to run ejabberd, is there a `SKIP_XMPP` variable?**
|
||||
|
||||
No, there is not. But you don't need one either.
|
||||
|
||||
The xmppd behaves the same way as SOGo or Solr do when disabled. A shell will be idling and ejabberd will **not** be started (but open unconnected ports).
|
||||
|
||||
As soon as a domain is enabled for XMPP, the container will be restarted and ejabberd bootstrapped.
|
||||
|
||||
ejabberd is **very** light on resources, you may want to give it a try.
|
||||
|
||||
- **Are messages stored on the server?**
|
||||
|
||||
Not by default. The default setting is to disable the message archive via mod_mam but allow users to enable the function if they want to:
|
||||
|
||||
```
|
||||
mod_mam:
|
||||
clear_archive_on_room_destroy: true
|
||||
default: never
|
||||
compress_xml: true
|
||||
request_activates_archiving: true
|
||||
```
|
||||
|
||||
- **Are uploaded files stored on the server?**
|
||||
|
||||
Yes, uploaded files are stored in the volume `xmpp-uploads-vol-1`.
|
||||
|
||||
The retention policy saves them for 30 days:
|
||||
|
||||
```
|
||||
mod_http_upload_quota:
|
||||
max_days: 30
|
||||
```
|
||||
|
||||
- **Are messages stored when a JID is offline?**
|
||||
|
||||
Yes, up to 1000 messages are stored for "normal" users and administrators:
|
||||
|
||||
```
|
||||
shaper_rules:
|
||||
max_user_offline_messages:
|
||||
1000: admin
|
||||
1000: all
|
||||
```
|
||||
|
||||
- **Are messages written in group chats stored?**
|
||||
|
||||
No, messages are not stored:
|
||||
|
||||
```
|
||||
mod_muc:
|
||||
default_room_options:
|
||||
mam: false
|
||||
```
|
||||
|
||||
- **Are group chats persistent when the last participant leaves?**
|
||||
|
||||
No, they will vanish:
|
||||
|
||||
```
|
||||
mod_muc:
|
||||
default_room_options:
|
||||
persistent: false
|
||||
```
|
||||
|
||||
- **How many client sessions can be open at the same time?**
|
||||
|
||||
10 sessions are allowed per user.
|
||||
|
||||
```
|
||||
shaper_rules:
|
||||
max_user_sessions: 10
|
||||
```
|
24
mkdocs.yml
24
mkdocs.yml
|
@ -1,11 +1,14 @@
|
|||
site_name: 'mailcow: dockerized documentation'
|
||||
site_name: "mailcow: dockerized documentation"
|
||||
site_url: https://mailcow.github.io/mailcow-dockerized-docs/
|
||||
copyright: 'Copyright © 2021 AndrĂ© Peters'
|
||||
copyright: "Copyright © 2021 AndrĂ© Peters"
|
||||
repo_name: mailcow/mailcow-dockerized
|
||||
repo_url: https://github.com/mailcow/mailcow-dockerized
|
||||
edit_uri: ../mailcow-dockerized-docs/edit/master/docs/
|
||||
remote_branch: gh-pages
|
||||
theme: material
|
||||
theme:
|
||||
name: material
|
||||
logo: images/logo.svg
|
||||
favicon: images/favicon.png
|
||||
markdown_extensions:
|
||||
- codehilite:
|
||||
guess_lang: true
|
||||
|
@ -46,7 +49,7 @@ nav:
|
|||
- 'Password hashing': 'model-passwd.md'
|
||||
- 'Sender and receiver model': 'model-sender_rcv.md'
|
||||
- 'General Troubleshooting':
|
||||
- 'Introduction': debug.md
|
||||
- 'Introduction': 'debug.md'
|
||||
- 'Logs': 'debug-logs.md'
|
||||
- 'Attach a Container': 'debug-attach_service.md'
|
||||
- 'Reset Passwords (incl. SQL)': 'debug-reset_pw.md'
|
||||
|
@ -62,7 +65,7 @@ nav:
|
|||
- 'Manually':
|
||||
- 'Maildir': 'u_e-backup_restore-maildir.md'
|
||||
- 'MySQL': 'u_e-backup_restore-mysql.md'
|
||||
- 'Automatic backups'
|
||||
- 'Automatic backups':
|
||||
- 'Recover accidentally deleted data': 'b_n_r_accidental_deletion.md'
|
||||
- 'Manual/Guides/Examples':
|
||||
- 'mailcow UI':
|
||||
|
@ -101,9 +104,6 @@ nav:
|
|||
- 'Redis': 'u_e-redis.md'
|
||||
- 'Rspamd': 'u_e-rspamd.md'
|
||||
- 'SOGo': 'u_e-sogo.md'
|
||||
- 'XMPP':
|
||||
- 'FAQ': 'u_e-xmpp-faq.md'
|
||||
- 'Enable XMPP': 'u_e-xmpp-enable.md'
|
||||
- 'Docker':
|
||||
- 'Customize Dockerfiles': 'u_e-docker-cust_dockerfiles.md'
|
||||
- 'Docker Compose Bash Completion': 'u_e-docker-dc_bash_compl.md'
|
||||
|
@ -111,12 +111,12 @@ nav:
|
|||
- 'Autodiscover / Autoconfig': 'u_e-autodiscover_config.md'
|
||||
- 'Redirect HTTP to HTTPS': 'u_e-80_to_443.md'
|
||||
- 'Re-enable TLS 1.0 and TLS 1.1': 'u_e-reeanble-weak-protocols.md'
|
||||
- "Run scripts before and after updates": "u_e-update-hooks.md"
|
||||
- 'Client Configuration':
|
||||
- 'Overview': 'client.md'
|
||||
- 'Android': 'client/client-android.md'
|
||||
- 'Apple macOS / iOS': 'client/client-apple.md'
|
||||
- 'eM Client': 'client/client-emclient.md'
|
||||
- 'Gajim XMPP client': 'client/client-gajim_xmpp_client.md'
|
||||
- 'KDE Kontact': 'client/client-kontact.md'
|
||||
- 'Microsoft Outlook': 'client/client-outlook.md'
|
||||
- 'Mozilla Thunderbird': 'client/client-thunderbird.md'
|
||||
|
@ -133,12 +133,10 @@ nav:
|
|||
- 'Portainer': 'third_party-portainer.md'
|
||||
- 'Roundcube': 'third_party-roundcube.md'
|
||||
- 'SOGo Connector for Thunderbird': 'third_party-thunderbird.md'
|
||||
icon:
|
||||
logo: 'images/logo.svg'
|
||||
extra:
|
||||
palette:
|
||||
primary: 'indigo'
|
||||
accent: 'orange'
|
||||
primary: "indigo"
|
||||
accent: "orange"
|
||||
social:
|
||||
- icon: fontawesome/solid/globe-americas
|
||||
link: https://mailcow.email
|
||||
|
|
Laden …
In neuem Issue referenzieren