diff --git a/data/Dockerfiles/acme/Dockerfile b/data/Dockerfiles/acme/Dockerfile index 08271bdd..254b5b33 100644 --- a/data/Dockerfiles/acme/Dockerfile +++ b/data/Dockerfiles/acme/Dockerfile @@ -1,4 +1,4 @@ -FROM alpine:3.19 +FROM alpine:3.18 LABEL maintainer "The Infrastructure Company GmbH GmbH " diff --git a/data/Dockerfiles/phpfpm/Dockerfile b/data/Dockerfiles/phpfpm/Dockerfile index c1a35f4d..22036b9b 100644 --- a/data/Dockerfiles/phpfpm/Dockerfile +++ b/data/Dockerfiles/phpfpm/Dockerfile @@ -1,4 +1,4 @@ -FROM php:8.2-fpm-alpine3.19 +FROM php:8.2-fpm-alpine3.18 LABEL maintainer "The Infrastructure Company GmbH " # renovate: datasource=github-tags depName=krakjoe/apcu versioning=semver-coerced extractVersion=^v(?.*)$ diff --git a/data/Dockerfiles/unbound/Dockerfile b/data/Dockerfiles/unbound/Dockerfile index 4411a1d2..f56cbc6e 100644 --- a/data/Dockerfiles/unbound/Dockerfile +++ b/data/Dockerfiles/unbound/Dockerfile @@ -1,4 +1,4 @@ -FROM alpine:3.19 +FROM alpine:3.18 LABEL maintainer "The Infrastructure Company GmbH GmbH " diff --git a/data/Dockerfiles/unbound/healthcheck.sh b/data/Dockerfiles/unbound/healthcheck.sh index ea94f63b..a96eaab4 100644 --- a/data/Dockerfiles/unbound/healthcheck.sh +++ b/data/Dockerfiles/unbound/healthcheck.sh @@ -1,5 +1,10 @@ #!/bin/bash +# Skip Unbound (DNS Resolver) Healthchecks (NOT Recommended!) +if [[ "${SKIP_UNBOUND_HEALTHCHECK}" =~ ^([yY][eE][sS]|[yY])+$ ]]; then + SKIP_UNBOUND_HEALTHCHECK=y +fi + # Declare log function for logfile inside container function log_to_file() { echo "$(date +"%Y-%m-%d %H:%M:%S"): $1" > /var/log/healthcheck.log @@ -66,6 +71,11 @@ function check_netcat() { } +if [[ ${SKIP_UNBOUND_HEALTHCHECK} == "y" ]]; then + log_to_file "Healthcheck: ALL CHECKS WERE SKIPPED! Unbound is healthy!" + exit 0 +fi + # run checks, if check is not returning 0 (return value if check is ok), healthcheck will exit with 1 (marked in docker as unhealthy) check_ping diff --git a/data/Dockerfiles/watchdog/Dockerfile b/data/Dockerfiles/watchdog/Dockerfile index b94789aa..73acde68 100644 --- a/data/Dockerfiles/watchdog/Dockerfile +++ b/data/Dockerfiles/watchdog/Dockerfile @@ -1,4 +1,4 @@ -FROM alpine:3.19 +FROM alpine:3.18 LABEL maintainer "The Infrastructure Company GmbH " # Installation diff --git a/data/Dockerfiles/watchdog/watchdog.sh b/data/Dockerfiles/watchdog/watchdog.sh index d43cb38a..cb342c13 100755 --- a/data/Dockerfiles/watchdog/watchdog.sh +++ b/data/Dockerfiles/watchdog/watchdog.sh @@ -170,7 +170,7 @@ function notify_error() { fi # Replace subject and body placeholders - WEBHOOK_BODY=$(echo ${WATCHDOG_NOTIFY_WEBHOOK_BODY} | sed "s|\$SUBJECT\|\${SUBJECT}|$SUBJECT|g" | sed "s|\$BODY\|\${BODY}|$BODY|") + WEBHOOK_BODY=$(echo ${WATCHDOG_NOTIFY_WEBHOOK_BODY} | sed "s/\$SUBJECT\|\${SUBJECT}/$SUBJECT/g" | sed "s/\$BODY\|\${BODY}/$BODY/g") # POST to webhook curl -X POST -H "Content-Type: application/json" ${CURL_VERBOSE} -d "${WEBHOOK_BODY}" ${WATCHDOG_NOTIFY_WEBHOOK} diff --git a/docker-compose.yml b/docker-compose.yml index 5a0730c7..c1883f90 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -2,9 +2,10 @@ version: '2.1' services: unbound-mailcow: - image: mailcow/unbound:1.19.1 + image: mailcow/unbound:1.20 environment: - TZ=${TZ} + - SKIP_UNBOUND_HEALTHCHECK=${SKIP_UNBOUND_HEALTHCHECK:-n} volumes: - ./data/hooks/unbound:/hooks:Z - ./data/conf/unbound/unbound.conf:/etc/unbound/unbound.conf:ro,Z @@ -107,7 +108,7 @@ services: - rspamd php-fpm-mailcow: - image: mailcow/phpfpm:1.86 + image: mailcow/phpfpm:1.87 command: "php-fpm -d date.timezone=${TZ} -d expose_php=0" depends_on: - redis-mailcow @@ -398,7 +399,7 @@ services: condition: service_started unbound-mailcow: condition: service_healthy - image: mailcow/acme:1.86 + image: mailcow/acme:1.87 dns: - ${IPV4_NETWORK:-172.22.1}.254 environment: @@ -457,7 +458,7 @@ services: - /lib/modules:/lib/modules:ro watchdog-mailcow: - image: mailcow/watchdog:2.01 + image: mailcow/watchdog:2.02 dns: - ${IPV4_NETWORK:-172.22.1}.254 tmpfs: diff --git a/generate_config.sh b/generate_config.sh index 2986f168..e62d1689 100755 --- a/generate_config.sh +++ b/generate_config.sh @@ -363,6 +363,10 @@ SKIP_IP_CHECK=n SKIP_HTTP_VERIFICATION=n +# Skip Unbound (DNS Resolver) Healthchecks (NOT Recommended!) - y/n + +SKIP_UNBOUND_HEALTHCHECK=n + # Skip ClamAV (clamd-mailcow) anti-virus (Rspamd will auto-detect a missing ClamAV container) - y/n SKIP_CLAMD=${SKIP_CLAMD} diff --git a/update.sh b/update.sh index 623242d5..5df32e00 100755 --- a/update.sh +++ b/update.sh @@ -116,11 +116,11 @@ migrate_docker_nat() { echo "Working on IPv6 NAT, please wait..." echo ${NAT_CONFIG} > /etc/docker/daemon.json ip6tables -F -t nat - [[ -e /etc/alpine-release ]] && rc-service docker restart || systemctl restart docker.service + [[ -e /etc/rc.conf ]] && rc-service docker restart || systemctl restart docker.service if [[ $? -ne 0 ]]; then echo -e "\e[31mError:\e[0m Failed to activate IPv6 NAT! Reverting and exiting." rm /etc/docker/daemon.json - if [[ -e /etc/alpine-release ]]; then + if [[ -e /etc/rc.conf ]]; then rc-service docker restart else systemctl reset-failed docker.service @@ -480,6 +480,7 @@ CONFIG_ARRAY=( "WATCHDOG_VERBOSE" "WEBAUTHN_ONLY_TRUSTED_VENDORS" "SPAMHAUS_DQS_KEY" + "SKIP_UNBOUND_HEALTHCHECK" ) detect_bad_asn @@ -747,6 +748,12 @@ for option in ${CONFIG_ARRAY[@]}; do echo '# Enable watchdog verbose logging' >> mailcow.conf echo 'WATCHDOG_VERBOSE=n' >> mailcow.conf fi + elif [[ ${option} == "SKIP_UNBOUND_HEALTHCHECK" ]]; then + if ! grep -q ${option} mailcow.conf; then + echo "Adding new option \"${option}\" to mailcow.conf" + echo '# Skip Unbound (DNS Resolver) Healthchecks (NOT Recommended!) - y/n' >> mailcow.conf + echo 'SKIP_UNBOUND_HEALTHCHECK=n' >> mailcow.conf + fi elif ! grep -q ${option} mailcow.conf; then echo "Adding new option \"${option}\" to mailcow.conf" echo "${option}=n" >> mailcow.conf