Merge pull request #5663 from mailcow/staging

2024-01b

data/Dockerfiles/acme/Dockerfile

@@ -1,4 +1,4 @@
-FROM alpine:3.19
+FROM alpine:3.18
 
 LABEL maintainer "The Infrastructure Company GmbH GmbH <info@servercow.de>"
 

data/Dockerfiles/phpfpm/Dockerfile

@@ -1,4 +1,4 @@
-FROM php:8.2-fpm-alpine3.19
+FROM php:8.2-fpm-alpine3.18
 LABEL maintainer "The Infrastructure Company GmbH <info@servercow.de>"
 
 # renovate: datasource=github-tags depName=krakjoe/apcu versioning=semver-coerced extractVersion=^v(?<version>.*)$

data/Dockerfiles/unbound/Dockerfile

@@ -1,4 +1,4 @@
-FROM alpine:3.19
+FROM alpine:3.18
 
 LABEL maintainer "The Infrastructure Company GmbH GmbH <info@servercow.de>"
 

data/Dockerfiles/unbound/healthcheck.sh

@@ -1,5 +1,10 @@
 #!/bin/bash
 
+# Skip Unbound (DNS Resolver) Healthchecks (NOT Recommended!)
+if [[ "${SKIP_UNBOUND_HEALTHCHECK}" =~ ^([yY][eE][sS]|[yY])+$ ]]; then
+    SKIP_UNBOUND_HEALTHCHECK=y
+fi
+
 # Declare log function for logfile inside container
 function log_to_file() {
     echo "$(date +"%Y-%m-%d %H:%M:%S"): $1" > /var/log/healthcheck.log
@@ -66,6 +71,11 @@ function check_netcat() {
 
 }
 
+if [[ ${SKIP_UNBOUND_HEALTHCHECK} == "y" ]]; then
+    log_to_file "Healthcheck: ALL CHECKS WERE SKIPPED! Unbound is healthy!"
+    exit 0
+fi
+
 # run checks, if check is not returning 0 (return value if check is ok), healthcheck will exit with 1 (marked in docker as unhealthy)
 check_ping
 

data/Dockerfiles/watchdog/Dockerfile

@@ -1,4 +1,4 @@
-FROM alpine:3.19
+FROM alpine:3.18
 LABEL maintainer "The Infrastructure Company GmbH <info@servercow.de>"
 
 # Installation

data/Dockerfiles/watchdog/watchdog.sh

@@ -170,7 +170,7 @@ function notify_error() {
     fi
 
     # Replace subject and body placeholders
-    WEBHOOK_BODY=$(echo ${WATCHDOG_NOTIFY_WEBHOOK_BODY} | sed "s|\$SUBJECT\|\${SUBJECT}|$SUBJECT|g" | sed "s|\$BODY\|\${BODY}|$BODY|")
+    WEBHOOK_BODY=$(echo ${WATCHDOG_NOTIFY_WEBHOOK_BODY} | sed "s/\$SUBJECT\|\${SUBJECT}/$SUBJECT/g" | sed "s/\$BODY\|\${BODY}/$BODY/g")
     
     # POST to webhook
     curl -X POST -H "Content-Type: application/json" ${CURL_VERBOSE} -d "${WEBHOOK_BODY}" ${WATCHDOG_NOTIFY_WEBHOOK}

docker-compose.yml

@@ -2,9 +2,10 @@ version: '2.1'
 services:
 
     unbound-mailcow:
-      image: mailcow/unbound:1.19.1
+      image: mailcow/unbound:1.20
       environment:
         - TZ=${TZ}
+        - SKIP_UNBOUND_HEALTHCHECK=${SKIP_UNBOUND_HEALTHCHECK:-n}
       volumes:
         - ./data/hooks/unbound:/hooks:Z
         - ./data/conf/unbound/unbound.conf:/etc/unbound/unbound.conf:ro,Z
@@ -107,7 +108,7 @@ services:
             - rspamd
 
     php-fpm-mailcow:
-      image: mailcow/phpfpm:1.86
+      image: mailcow/phpfpm:1.87
       command: "php-fpm -d date.timezone=${TZ} -d expose_php=0"
       depends_on:
         - redis-mailcow
@@ -398,7 +399,7 @@ services:
           condition: service_started
         unbound-mailcow:
           condition: service_healthy
-      image: mailcow/acme:1.86
+      image: mailcow/acme:1.87
       dns:
         - ${IPV4_NETWORK:-172.22.1}.254
       environment:
@@ -457,7 +458,7 @@ services:
         - /lib/modules:/lib/modules:ro
 
     watchdog-mailcow:
-      image: mailcow/watchdog:2.01
+      image: mailcow/watchdog:2.02
       dns:
         - ${IPV4_NETWORK:-172.22.1}.254
       tmpfs:

generate_config.sh

@@ -363,6 +363,10 @@ SKIP_IP_CHECK=n
 
 SKIP_HTTP_VERIFICATION=n
 
+# Skip Unbound (DNS Resolver) Healthchecks (NOT Recommended!) - y/n
+
+SKIP_UNBOUND_HEALTHCHECK=n
+
 # Skip ClamAV (clamd-mailcow) anti-virus (Rspamd will auto-detect a missing ClamAV container) - y/n
 
 SKIP_CLAMD=${SKIP_CLAMD}

update.sh

@@ -116,11 +116,11 @@ migrate_docker_nat() {
       echo "Working on IPv6 NAT, please wait..."
       echo ${NAT_CONFIG} > /etc/docker/daemon.json
       ip6tables -F -t nat
-      [[ -e /etc/alpine-release ]] && rc-service docker restart || systemctl restart docker.service
+      [[ -e /etc/rc.conf ]] && rc-service docker restart || systemctl restart docker.service
       if [[ $? -ne 0 ]]; then
         echo -e "\e[31mError:\e[0m Failed to activate IPv6 NAT! Reverting and exiting."
         rm /etc/docker/daemon.json
-        if [[ -e /etc/alpine-release ]]; then
+        if [[ -e /etc/rc.conf ]]; then
           rc-service docker restart
         else
           systemctl reset-failed docker.service
@@ -480,6 +480,7 @@ CONFIG_ARRAY=(
   "WATCHDOG_VERBOSE"
   "WEBAUTHN_ONLY_TRUSTED_VENDORS"
   "SPAMHAUS_DQS_KEY"
+  "SKIP_UNBOUND_HEALTHCHECK"
 )
 
 detect_bad_asn
@@ -747,6 +748,12 @@ for option in ${CONFIG_ARRAY[@]}; do
       echo '# Enable watchdog verbose logging' >> mailcow.conf
       echo 'WATCHDOG_VERBOSE=n' >> mailcow.conf
     fi
+  elif [[ ${option} == "SKIP_UNBOUND_HEALTHCHECK" ]]; then
+    if ! grep -q ${option} mailcow.conf; then
+      echo "Adding new option \"${option}\" to mailcow.conf"
+      echo '# Skip Unbound (DNS Resolver) Healthchecks (NOT Recommended!) - y/n' >> mailcow.conf
+      echo 'SKIP_UNBOUND_HEALTHCHECK=n' >> mailcow.conf
+    fi
   elif ! grep -q ${option} mailcow.conf; then
     echo "Adding new option \"${option}\" to mailcow.conf"
     echo "${option}=n" >> mailcow.conf