mauro/docker-image-roundcube
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Define des_key option in Roudcube config

Browse Source 
Use Docker secrets if available and otherwise generate a random key. Fixes issue #59.

Also consider secrets for database credentials as suggested in issue #46.
This commit is contained in:
Thomas Bruederli 2019-08-22 21:57:31 +02:00
parent 742d4eb3de
commit 2b17a05a97
4 changed files with 36 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
README.md
View File

@ -57,6 +57,15 @@ Run it with a link to the MySQL host and the username/password variables:
docker run --link=mysql:mysql -d roundcube/roundcubemail docker run --link=mysql:mysql -d roundcube/roundcubemail
``` ```
## Docker Secrets
When running the Roundcube container in a Docker Swarm, you can use [Docker Secrets](https://docs.docker.com/engine/swarm/secrets/)
to share credentials accross all instances. The following secrets are currently supported by Roundcube:
* `roundcube_des_key`: Unique and random key for encryption purposes
* `roundcube_db_user`: Database connection username (mappend to `ROUNDCUBEMAIL_DB_USER`)
* `roundcube_db_password`: Database connection password (mappend to `ROUNDCUBEMAIL_DB_PASSWORD`)
### Advanced configuration ### Advanced configuration
Apart from the above described environment variables, the Docker image also allows to add custom config files Apart from the above described environment variables, the Docker image also allows to add custom config files

9
apache/docker-entrypoint.sh
View File

@ -14,6 +14,13 @@ if [[ "$1" == apache2* ]] || [ "$1" == php-fpm ]; then
echo >&2 "Complete! ROUNDCUBEMAIL has been successfully copied to $PWD" echo >&2 "Complete! ROUNDCUBEMAIL has been successfully copied to $PWD"
fi fi
if [ -f /run/secrets/roundcube_db_user]; then
ROUNDCUBEMAIL_DB_USER=`cat /run/secrets/roundcube_db_user`
fi
if [ -f /run/secrets/roundcube_db_password]; then
ROUNDCUBEMAIL_DB_PASSWORD=`cat /run/secrets/roundcube_db_password`
fi
if [ ! -z "${!POSTGRES_ENV_POSTGRES_*}" ] || [ "$ROUNDCUBEMAIL_DB_TYPE" == "pgsql" ]; then if [ ! -z "${!POSTGRES_ENV_POSTGRES_*}" ] || [ "$ROUNDCUBEMAIL_DB_TYPE" == "pgsql" ]; then
: "${ROUNDCUBEMAIL_DB_TYPE:=pgsql}" : "${ROUNDCUBEMAIL_DB_TYPE:=pgsql}"
: "${ROUNDCUBEMAIL_DB_HOST:=postgres}" : "${ROUNDCUBEMAIL_DB_HOST:=postgres}"
@ -58,6 +65,7 @@ if [[ "$1" == apache2* ]] || [ "$1" == php-fpm ]; then
if [ ! -e config/config.inc.php ]; then if [ ! -e config/config.inc.php ]; then
ROUNDCUBEMAIL_PLUGINS_PHP=`echo "${ROUNDCUBEMAIL_PLUGINS}" | sed -E "s/[, ]+/', '/g"` ROUNDCUBEMAIL_PLUGINS_PHP=`echo "${ROUNDCUBEMAIL_PLUGINS}" | sed -E "s/[, ]+/', '/g"`
ROUNDCUBEMAIL_DES_KEY=`test -f /run/secrets/roundcube_des_key && cat /run/secrets/roundcube_des_key || head /dev/urandom | base64 | head -c 24`
touch config/config.inc.php touch config/config.inc.php
echo "Write config to $PWD/config/config.inc.php" echo "Write config to $PWD/config/config.inc.php"
@ -70,6 +78,7 @@ if [[ "$1" == apache2* ]] || [ "$1" == php-fpm ]; then
\$config['smtp_port'] = '${ROUNDCUBEMAIL_SMTP_PORT}'; \$config['smtp_port'] = '${ROUNDCUBEMAIL_SMTP_PORT}';
\$config['smtp_user'] = '%u'; \$config['smtp_user'] = '%u';
\$config['smtp_pass'] = '%p'; \$config['smtp_pass'] = '%p';
\$config['des_key'] = '${ROUNDCUBEMAIL_DES_KEY}';
\$config['temp_dir'] = '${ROUNDCUBEMAIL_TEMP_DIR}'; \$config['temp_dir'] = '${ROUNDCUBEMAIL_TEMP_DIR}';
\$config['plugins'] = ['${ROUNDCUBEMAIL_PLUGINS_PHP}']; \$config['plugins'] = ['${ROUNDCUBEMAIL_PLUGINS_PHP}'];
\$config['zipdownload_selection'] = true; \$config['zipdownload_selection'] = true;

9
fpm-alpine/docker-entrypoint.sh
View File

@ -14,6 +14,13 @@ if [[ "$1" == apache2* ]] || [ "$1" == php-fpm ]; then
echo >&2 "Complete! ROUNDCUBEMAIL has been successfully copied to $PWD" echo >&2 "Complete! ROUNDCUBEMAIL has been successfully copied to $PWD"
fi fi
if [ -f /run/secrets/roundcube_db_user]; then
ROUNDCUBEMAIL_DB_USER=`cat /run/secrets/roundcube_db_user`
fi
if [ -f /run/secrets/roundcube_db_password]; then
ROUNDCUBEMAIL_DB_PASSWORD=`cat /run/secrets/roundcube_db_password`
fi
if [ ! -z "${!POSTGRES_ENV_POSTGRES_*}" ] || [ "$ROUNDCUBEMAIL_DB_TYPE" == "pgsql" ]; then if [ ! -z "${!POSTGRES_ENV_POSTGRES_*}" ] || [ "$ROUNDCUBEMAIL_DB_TYPE" == "pgsql" ]; then
: "${ROUNDCUBEMAIL_DB_TYPE:=pgsql}" : "${ROUNDCUBEMAIL_DB_TYPE:=pgsql}"
: "${ROUNDCUBEMAIL_DB_HOST:=postgres}" : "${ROUNDCUBEMAIL_DB_HOST:=postgres}"
@ -58,6 +65,7 @@ if [[ "$1" == apache2* ]] || [ "$1" == php-fpm ]; then
if [ ! -e config/config.inc.php ]; then if [ ! -e config/config.inc.php ]; then
ROUNDCUBEMAIL_PLUGINS_PHP=`echo "${ROUNDCUBEMAIL_PLUGINS}" | sed -E "s/[, ]+/', '/g"` ROUNDCUBEMAIL_PLUGINS_PHP=`echo "${ROUNDCUBEMAIL_PLUGINS}" | sed -E "s/[, ]+/', '/g"`
ROUNDCUBEMAIL_DES_KEY=`test -f /run/secrets/roundcube_des_key && cat /run/secrets/roundcube_des_key || head /dev/urandom | base64 | head -c 24`
touch config/config.inc.php touch config/config.inc.php
echo "Write config to $PWD/config/config.inc.php" echo "Write config to $PWD/config/config.inc.php"
@ -70,6 +78,7 @@ if [[ "$1" == apache2* ]] || [ "$1" == php-fpm ]; then
\$config['smtp_port'] = '${ROUNDCUBEMAIL_SMTP_PORT}'; \$config['smtp_port'] = '${ROUNDCUBEMAIL_SMTP_PORT}';
\$config['smtp_user'] = '%u'; \$config['smtp_user'] = '%u';
\$config['smtp_pass'] = '%p'; \$config['smtp_pass'] = '%p';
\$config['des_key'] = '${ROUNDCUBEMAIL_DES_KEY}';
\$config['temp_dir'] = '${ROUNDCUBEMAIL_TEMP_DIR}'; \$config['temp_dir'] = '${ROUNDCUBEMAIL_TEMP_DIR}';
\$config['plugins'] = ['${ROUNDCUBEMAIL_PLUGINS_PHP}']; \$config['plugins'] = ['${ROUNDCUBEMAIL_PLUGINS_PHP}'];
\$config['zipdownload_selection'] = true; \$config['zipdownload_selection'] = true;

9
fpm/docker-entrypoint.sh
View File

@ -14,6 +14,13 @@ if [[ "$1" == apache2* ]] || [ "$1" == php-fpm ]; then
echo >&2 "Complete! ROUNDCUBEMAIL has been successfully copied to $PWD" echo >&2 "Complete! ROUNDCUBEMAIL has been successfully copied to $PWD"
fi fi
if [ -f /run/secrets/roundcube_db_user]; then
ROUNDCUBEMAIL_DB_USER=`cat /run/secrets/roundcube_db_user`
fi
if [ -f /run/secrets/roundcube_db_password]; then
ROUNDCUBEMAIL_DB_PASSWORD=`cat /run/secrets/roundcube_db_password`
fi
if [ ! -z "${!POSTGRES_ENV_POSTGRES_*}" ] || [ "$ROUNDCUBEMAIL_DB_TYPE" == "pgsql" ]; then if [ ! -z "${!POSTGRES_ENV_POSTGRES_*}" ] || [ "$ROUNDCUBEMAIL_DB_TYPE" == "pgsql" ]; then
: "${ROUNDCUBEMAIL_DB_TYPE:=pgsql}" : "${ROUNDCUBEMAIL_DB_TYPE:=pgsql}"
: "${ROUNDCUBEMAIL_DB_HOST:=postgres}" : "${ROUNDCUBEMAIL_DB_HOST:=postgres}"
@ -58,6 +65,7 @@ if [[ "$1" == apache2* ]] || [ "$1" == php-fpm ]; then
if [ ! -e config/config.inc.php ]; then if [ ! -e config/config.inc.php ]; then
ROUNDCUBEMAIL_PLUGINS_PHP=`echo "${ROUNDCUBEMAIL_PLUGINS}" | sed -E "s/[, ]+/', '/g"` ROUNDCUBEMAIL_PLUGINS_PHP=`echo "${ROUNDCUBEMAIL_PLUGINS}" | sed -E "s/[, ]+/', '/g"`
ROUNDCUBEMAIL_DES_KEY=`test -f /run/secrets/roundcube_des_key && cat /run/secrets/roundcube_des_key || head /dev/urandom | base64 | head -c 24`
touch config/config.inc.php touch config/config.inc.php
echo "Write config to $PWD/config/config.inc.php" echo "Write config to $PWD/config/config.inc.php"
@ -70,6 +78,7 @@ if [[ "$1" == apache2* ]] || [ "$1" == php-fpm ]; then
\$config['smtp_port'] = '${ROUNDCUBEMAIL_SMTP_PORT}'; \$config['smtp_port'] = '${ROUNDCUBEMAIL_SMTP_PORT}';
\$config['smtp_user'] = '%u'; \$config['smtp_user'] = '%u';
\$config['smtp_pass'] = '%p'; \$config['smtp_pass'] = '%p';
\$config['des_key'] = '${ROUNDCUBEMAIL_DES_KEY}';
\$config['temp_dir'] = '${ROUNDCUBEMAIL_TEMP_DIR}'; \$config['temp_dir'] = '${ROUNDCUBEMAIL_TEMP_DIR}';
\$config['plugins'] = ['${ROUNDCUBEMAIL_PLUGINS_PHP}']; \$config['plugins'] = ['${ROUNDCUBEMAIL_PLUGINS_PHP}'];
\$config['zipdownload_selection'] = true; \$config['zipdownload_selection'] = true;