From ed493f9c3a63d94ef10b149829fe3a752c3532e3 Mon Sep 17 00:00:00 2001 From: KagurazakaNyaa Date: Thu, 18 Jan 2024 23:28:03 +0800 Subject: [PATCH 01/10] Allow user skip unbound healthcheck --- data/Dockerfiles/unbound/healthcheck.sh | 10 ++++++++++ generate_config.sh | 4 ++++ 2 files changed, 14 insertions(+) diff --git a/data/Dockerfiles/unbound/healthcheck.sh b/data/Dockerfiles/unbound/healthcheck.sh index ea94f63b..760aa02b 100644 --- a/data/Dockerfiles/unbound/healthcheck.sh +++ b/data/Dockerfiles/unbound/healthcheck.sh @@ -1,5 +1,10 @@ #!/bin/bash +# Skipping DNS check +if [[ "${SKIP_DNS_CHECK}" =~ ^([yY][eE][sS]|[yY])+$ ]]; then + SKIP_DNS_CHECK=y +fi + # Declare log function for logfile inside container function log_to_file() { echo "$(date +"%Y-%m-%d %H:%M:%S"): $1" > /var/log/healthcheck.log @@ -66,6 +71,11 @@ function check_netcat() { } +if [[ ${SKIP_DNS_CHECK} == "y" ]]; then + log_to_file "Healthcheck: ALL CHECKS WERE SKIPPED! Unbound is healthy!" + exit 0 +fi + # run checks, if check is not returning 0 (return value if check is ok), healthcheck will exit with 1 (marked in docker as unhealthy) check_ping diff --git a/generate_config.sh b/generate_config.sh index 2986f168..0c8a9bcf 100755 --- a/generate_config.sh +++ b/generate_config.sh @@ -363,6 +363,10 @@ SKIP_IP_CHECK=n SKIP_HTTP_VERIFICATION=n +# Skip DNS check in Unbound container - y/n + +SKIP_DNS_CHECK=n + # Skip ClamAV (clamd-mailcow) anti-virus (Rspamd will auto-detect a missing ClamAV container) - y/n SKIP_CLAMD=${SKIP_CLAMD} From b89d71e6e4d42d1082f92914ff453d1272c67088 Mon Sep 17 00:00:00 2001 From: KagurazakaNyaa Date: Thu, 18 Jan 2024 23:48:59 +0800 Subject: [PATCH 02/10] change variable name --- data/Dockerfiles/unbound/healthcheck.sh | 8 ++++---- generate_config.sh | 2 +- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/data/Dockerfiles/unbound/healthcheck.sh b/data/Dockerfiles/unbound/healthcheck.sh index 760aa02b..a96eaab4 100644 --- a/data/Dockerfiles/unbound/healthcheck.sh +++ b/data/Dockerfiles/unbound/healthcheck.sh @@ -1,8 +1,8 @@ #!/bin/bash -# Skipping DNS check -if [[ "${SKIP_DNS_CHECK}" =~ ^([yY][eE][sS]|[yY])+$ ]]; then - SKIP_DNS_CHECK=y +# Skip Unbound (DNS Resolver) Healthchecks (NOT Recommended!) +if [[ "${SKIP_UNBOUND_HEALTHCHECK}" =~ ^([yY][eE][sS]|[yY])+$ ]]; then + SKIP_UNBOUND_HEALTHCHECK=y fi # Declare log function for logfile inside container @@ -71,7 +71,7 @@ function check_netcat() { } -if [[ ${SKIP_DNS_CHECK} == "y" ]]; then +if [[ ${SKIP_UNBOUND_HEALTHCHECK} == "y" ]]; then log_to_file "Healthcheck: ALL CHECKS WERE SKIPPED! Unbound is healthy!" exit 0 fi diff --git a/generate_config.sh b/generate_config.sh index 0c8a9bcf..e936348e 100755 --- a/generate_config.sh +++ b/generate_config.sh @@ -365,7 +365,7 @@ SKIP_HTTP_VERIFICATION=n # Skip DNS check in Unbound container - y/n -SKIP_DNS_CHECK=n +SKIP_UNBOUND_HEALTHCHECK=n # Skip ClamAV (clamd-mailcow) anti-virus (Rspamd will auto-detect a missing ClamAV container) - y/n From aa1d92dfbbcb555caf5f1a39032b7361254240aa Mon Sep 17 00:00:00 2001 From: KagurazakaNyaa Date: Thu, 18 Jan 2024 23:50:26 +0800 Subject: [PATCH 03/10] add SKIP_UNBOUND_HEALTHCHECK to docker-compose.yml --- docker-compose.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/docker-compose.yml b/docker-compose.yml index 5a0730c7..4f5a4d31 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -5,6 +5,7 @@ services: image: mailcow/unbound:1.19.1 environment: - TZ=${TZ} + - SKIP_UNBOUND_HEALTHCHECK=${SKIP_UNBOUND_HEALTHCHECK:-n} volumes: - ./data/hooks/unbound:/hooks:Z - ./data/conf/unbound/unbound.conf:/etc/unbound/unbound.conf:ro,Z From d2edf359ac3ebdc51d56aab488ffc5dd927db13b Mon Sep 17 00:00:00 2001 From: KagurazakaNyaa Date: Thu, 18 Jan 2024 23:53:08 +0800 Subject: [PATCH 04/10] update config comment --- generate_config.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/generate_config.sh b/generate_config.sh index e936348e..e62d1689 100755 --- a/generate_config.sh +++ b/generate_config.sh @@ -363,7 +363,7 @@ SKIP_IP_CHECK=n SKIP_HTTP_VERIFICATION=n -# Skip DNS check in Unbound container - y/n +# Skip Unbound (DNS Resolver) Healthchecks (NOT Recommended!) - y/n SKIP_UNBOUND_HEALTHCHECK=n From 9d4055fc4d3a67221160f0d8342f41f77e28dd8e Mon Sep 17 00:00:00 2001 From: KagurazakaNyaa Date: Fri, 19 Jan 2024 00:07:51 +0800 Subject: [PATCH 05/10] add parameter SKIP_UNBOUND_HEALTHCHECK to old installations --- update.sh | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/update.sh b/update.sh index 623242d5..ad77beac 100755 --- a/update.sh +++ b/update.sh @@ -480,6 +480,7 @@ CONFIG_ARRAY=( "WATCHDOG_VERBOSE" "WEBAUTHN_ONLY_TRUSTED_VENDORS" "SPAMHAUS_DQS_KEY" + "SKIP_UNBOUND_HEALTHCHECK" ) detect_bad_asn @@ -747,6 +748,12 @@ for option in ${CONFIG_ARRAY[@]}; do echo '# Enable watchdog verbose logging' >> mailcow.conf echo 'WATCHDOG_VERBOSE=n' >> mailcow.conf fi + elif [[ ${option} == "SKIP_UNBOUND_HEALTHCHECK" ]]; then + if ! grep -q ${option} mailcow.conf; then + echo "Adding new option \"${option}\" to mailcow.conf" + echo '# Skip Unbound (DNS Resolver) Healthchecks (NOT Recommended!) - y/n' >> mailcow.conf + echo 'SKIP_UNBOUND_HEALTHCHECK=n' >> mailcow.conf + fi elif ! grep -q ${option} mailcow.conf; then echo "Adding new option \"${option}\" to mailcow.conf" echo "${option}=n" >> mailcow.conf From 25bdc4c9ed93392e71ee0b32bcdb51572bd75172 Mon Sep 17 00:00:00 2001 From: Luca Barbato Date: Mon, 22 Jan 2024 09:50:24 +0100 Subject: [PATCH 06/10] Test for openrc configuration file instead of alpine This way other distro using openrc can be supported. --- update.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/update.sh b/update.sh index 623242d5..4e16f119 100755 --- a/update.sh +++ b/update.sh @@ -116,11 +116,11 @@ migrate_docker_nat() { echo "Working on IPv6 NAT, please wait..." echo ${NAT_CONFIG} > /etc/docker/daemon.json ip6tables -F -t nat - [[ -e /etc/alpine-release ]] && rc-service docker restart || systemctl restart docker.service + [[ -e /etc/rc.conf ]] && rc-service docker restart || systemctl restart docker.service if [[ $? -ne 0 ]]; then echo -e "\e[31mError:\e[0m Failed to activate IPv6 NAT! Reverting and exiting." rm /etc/docker/daemon.json - if [[ -e /etc/alpine-release ]]; then + if [[ -e /etc/rc.conf ]]; then rc-service docker restart else systemctl reset-failed docker.service From 53be119e39b0db25c45bb0f058f5259e6b9d1347 Mon Sep 17 00:00:00 2001 From: DerLinkman Date: Mon, 22 Jan 2024 10:22:24 +0100 Subject: [PATCH 07/10] compose: bump unbound version --- docker-compose.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docker-compose.yml b/docker-compose.yml index 4f5a4d31..4e742056 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -2,7 +2,7 @@ version: '2.1' services: unbound-mailcow: - image: mailcow/unbound:1.19.1 + image: mailcow/unbound:1.20 environment: - TZ=${TZ} - SKIP_UNBOUND_HEALTHCHECK=${SKIP_UNBOUND_HEALTHCHECK:-n} From 6e7a0eb66222e52d8144802c132c2131d1badd45 Mon Sep 17 00:00:00 2001 From: Nya Candy Date: Thu, 18 Jan 2024 15:00:54 +0800 Subject: [PATCH 08/10] fix: watchdog webhook body variables injector --- data/Dockerfiles/watchdog/watchdog.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/data/Dockerfiles/watchdog/watchdog.sh b/data/Dockerfiles/watchdog/watchdog.sh index d43cb38a..cb342c13 100755 --- a/data/Dockerfiles/watchdog/watchdog.sh +++ b/data/Dockerfiles/watchdog/watchdog.sh @@ -170,7 +170,7 @@ function notify_error() { fi # Replace subject and body placeholders - WEBHOOK_BODY=$(echo ${WATCHDOG_NOTIFY_WEBHOOK_BODY} | sed "s|\$SUBJECT\|\${SUBJECT}|$SUBJECT|g" | sed "s|\$BODY\|\${BODY}|$BODY|") + WEBHOOK_BODY=$(echo ${WATCHDOG_NOTIFY_WEBHOOK_BODY} | sed "s/\$SUBJECT\|\${SUBJECT}/$SUBJECT/g" | sed "s/\$BODY\|\${BODY}/$BODY/g") # POST to webhook curl -X POST -H "Content-Type: application/json" ${CURL_VERBOSE} -d "${WEBHOOK_BODY}" ${WATCHDOG_NOTIFY_WEBHOOK} From 7da5e3697e4373fb8220bbc5bcfa79aa98793743 Mon Sep 17 00:00:00 2001 From: DerLinkman Date: Mon, 22 Jan 2024 10:31:27 +0100 Subject: [PATCH 09/10] compose: bump watchdog version --- docker-compose.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docker-compose.yml b/docker-compose.yml index 5a0730c7..7dbfe0e5 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -457,7 +457,7 @@ services: - /lib/modules:/lib/modules:ro watchdog-mailcow: - image: mailcow/watchdog:2.01 + image: mailcow/watchdog:2.02 dns: - ${IPV4_NETWORK:-172.22.1}.254 tmpfs: From a0613e4b1085d3a4de8f5872b0a6deeed8efc066 Mon Sep 17 00:00:00 2001 From: DerLinkman Date: Mon, 22 Jan 2024 11:26:26 +0100 Subject: [PATCH 10/10] fix: rollback of Alpine 3.19 were possible --- data/Dockerfiles/acme/Dockerfile | 2 +- data/Dockerfiles/phpfpm/Dockerfile | 2 +- data/Dockerfiles/unbound/Dockerfile | 2 +- data/Dockerfiles/watchdog/Dockerfile | 2 +- docker-compose.yml | 4 ++-- 5 files changed, 6 insertions(+), 6 deletions(-) diff --git a/data/Dockerfiles/acme/Dockerfile b/data/Dockerfiles/acme/Dockerfile index 08271bdd..254b5b33 100644 --- a/data/Dockerfiles/acme/Dockerfile +++ b/data/Dockerfiles/acme/Dockerfile @@ -1,4 +1,4 @@ -FROM alpine:3.19 +FROM alpine:3.18 LABEL maintainer "The Infrastructure Company GmbH GmbH " diff --git a/data/Dockerfiles/phpfpm/Dockerfile b/data/Dockerfiles/phpfpm/Dockerfile index c1a35f4d..22036b9b 100644 --- a/data/Dockerfiles/phpfpm/Dockerfile +++ b/data/Dockerfiles/phpfpm/Dockerfile @@ -1,4 +1,4 @@ -FROM php:8.2-fpm-alpine3.19 +FROM php:8.2-fpm-alpine3.18 LABEL maintainer "The Infrastructure Company GmbH " # renovate: datasource=github-tags depName=krakjoe/apcu versioning=semver-coerced extractVersion=^v(?.*)$ diff --git a/data/Dockerfiles/unbound/Dockerfile b/data/Dockerfiles/unbound/Dockerfile index 4411a1d2..f56cbc6e 100644 --- a/data/Dockerfiles/unbound/Dockerfile +++ b/data/Dockerfiles/unbound/Dockerfile @@ -1,4 +1,4 @@ -FROM alpine:3.19 +FROM alpine:3.18 LABEL maintainer "The Infrastructure Company GmbH GmbH " diff --git a/data/Dockerfiles/watchdog/Dockerfile b/data/Dockerfiles/watchdog/Dockerfile index b94789aa..73acde68 100644 --- a/data/Dockerfiles/watchdog/Dockerfile +++ b/data/Dockerfiles/watchdog/Dockerfile @@ -1,4 +1,4 @@ -FROM alpine:3.19 +FROM alpine:3.18 LABEL maintainer "The Infrastructure Company GmbH " # Installation diff --git a/docker-compose.yml b/docker-compose.yml index 739108bc..c1883f90 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -108,7 +108,7 @@ services: - rspamd php-fpm-mailcow: - image: mailcow/phpfpm:1.86 + image: mailcow/phpfpm:1.87 command: "php-fpm -d date.timezone=${TZ} -d expose_php=0" depends_on: - redis-mailcow @@ -399,7 +399,7 @@ services: condition: service_started unbound-mailcow: condition: service_healthy - image: mailcow/acme:1.86 + image: mailcow/acme:1.87 dns: - ${IPV4_NETWORK:-172.22.1}.254 environment: