Update to v2.2.1

docker/Dockerfile

@@ -1,8 +1,8 @@
 FROM webdevops/php-nginx:8.2-alpine
 
-ARG VERSION="v1.8"
+ARG VERSION="v2.2.1"
 
-ARG DIST_URL="https://github.com/liuch/dmarc-srg/archive/refs/tags/v1.8.tar.gz"
+ARG DIST_URL="https://github.com/liuch/dmarc-srg/archive/refs/tags/v2.2.1.tar.gz"
 ARG BUILD_DATE
 ARG VCS_REF
 ENV PHP_DISMOD=amqp,apcu,bcmath,bz2,calendar,exif,ffi,gd,gettext,gmp,imagick,intl,ldap,memcached,mongodb,pcntl,mysqli,pdo_pgsql,pgsql,redis,shmop,soap,sockets,sysvmsg,sysvsem,sysvshm,vips,xmlrpc,xsl,yaml,ioncube
@@ -21,16 +21,19 @@ COPY nginx-vhost.conf /opt/docker/etc/nginx/vhost.conf
 USER application
 WORKDIR $WEB_DOCUMENT_ROOT
 
-RUN curl -# -L -o dmarc-srg.tar.gz ${DIST_URL} && \
-    tar -xzf dmarc-srg.tar.gz -C $WEB_DOCUMENT_ROOT --strip-components=1 && \
-    rm dmarc-srg.tar.gz && \
-    cd $WEB_DOCUMENT_ROOT && \
-    curl -# -L -o - https://patch-diff.githubusercontent.com/raw/liuch/dmarc-srg/pull/80.diff | patch -p1 && \
-    rm -vr *.md && \
+RUN set -eux; \
+    curl -# -L -o dmarc-srg.tar.gz ${DIST_URL}; \
+    tar -xzf dmarc-srg.tar.gz -C $WEB_DOCUMENT_ROOT --strip-components=1; \
+    rm dmarc-srg.tar.gz; \
+    cd $WEB_DOCUMENT_ROOT; \
+    # curl -# -L -o - https://patch-diff.githubusercontent.com/raw/liuch/dmarc-srg/pull/<pr-id>.diff | patch -p1; \
+    rm -vr *.md; \
     tree
 
 COPY config.php /var/www/html/config/conf.php
 
+RUN diff -u $WEB_DOCUMENT_ROOT/config/conf.sample.php /var/www/html/config/conf.php
+
 # Metadata
 LABEL org.label-schema.vendor="liuch" \
     org.label-schema.url="https://github.com/liuch/dmarc-srg#readme" \

docker/config.php

@@ -10,7 +10,7 @@
     'user'         => getenv('DB_USER'),
     'password'     => getenv('DB_PASSWORD'),
     /**
-     * This parameter can be usefull if the database is shared with other applications
+     * This parameter can be useful if the database is shared with other applications
      * to avoid conflicting table names. You do not need to specify this parameter
      * if you use a dedicated database.
      * Example value: dmarc_
@@ -45,19 +45,20 @@
     'password'        => getenv('IMAP_PASSWORD'),
     // Mailbox name
     'mailbox'         => getenv('MAILBOX_NAME'),
-    // IMAP authorization methods to be excluded.
+    // IMAP authentication methods to be excluded.
     // For example: 'auth_exclude' => [ 'GSSAPI', 'NTLM' ]
     'auth_exclude'    => []
 ];
 
 /**
- * It is only required if you want to get reports from a server directory.
- * In order to collect report from several directories, you should put each
+ * This option is NOT INTENDED for direct access to MAILBOX directories.
+ * It is only required if you want to get reports files (xml, zip, gz) from a server directory.
+ * In order to collect reports from several directories, you should put each
  * directory settings in an array. Processing of the directories is not recursive.
  * It is recommended to use atomic methods for adding files to these directories.
  * Attention! All successfully processed files will be deleted from the directories
  * and all others will be moved to subdirectory `failed`, that will be created
- * automatically if it does not exist.
+ * automatically if it does not exist. You can change this behavior under fetcher->directories.
  */
 //$directories = [
 //    // Just for displaying in the web-admin and utilities. Not necessary.
@@ -66,12 +67,69 @@
 //    'location' => '/var/spool/dmarc-srg/rua'
 //];
 
+/**
+ * It is only required if you want to get reports from a remote filesystem.
+ * In order to collect reports from several filesystems, you should put each
+ * filesystem settings in an array. Processing of remote filesystems is not recursive.
+ * It uses the flysystem library to access remote file systems. Make sure this library is installed.
+ */
+//$remote_filesystems = [
+//    // Just for displaying in the web-admin and utilities. Not necessary.
+//    'name' => 'AWS-S3',
+//
+//    /**
+//     * Type of remote filesystem. Required. Only 's3' is supported at this time.
+//     * Before using the S3 filesystem, you will need to install the Flysystem S3 package
+//     * via the Composer package manager or your OS package manager.
+//     * For the Composer package manager run:
+//     * composer require league/flysystem-aws-s3-v3
+//     */
+//    'type' => 's3',
+//
+//    // Bucket name. Required.
+//    'bucket' => 'your-bucket-name',
+//
+//    // Path where the reports are located. Required.
+//    'path' => '/',
+//
+//    /**
+//     * They do not recommend to add AWS access keys directly to configuration files. Use credentials provider or
+//     * environment variables for that. However, you can list your credentials in the following options instead.
+//     */
+//    //'key'    => 'YEpoT...',
+//    //'secret' => 'uyASUDf...',
+//    //'token'  => '...',
+//
+//    // The full URI of the webservice. This is only required when connecting to a custom endpoint.
+//    //'endpoint' => 'http://localhost:9000',
+//
+//    // Region to connect to. Required.
+//    // See http://docs.aws.amazon.com/general/latest/gr/rande.html for a list of available regions.
+//    'region' => 'us-east-1'
+//];
+
 $admin = [
     // Set this value to null or remove this parameter to disable authentication
-    // Note: The authentication always fails with an empty string password. Change it if you want to use the web ui.
+    // Note: The authentication always fails with an empty string password. Change it if you want to use the web UI.
     'password' => getenv('UI_PASSWORD'),
 ];
 
+$users = [
+    // Enables the use of multiple users in the web interface. The authentication dialog will ask for a username and
+    // password. Use `admin` as the username for the above password. To add new users, use Administration -> Users.
+    // The default value is false.
+    'user_management' => false,
+
+    /**
+     * Domain ownership verification method for users who are authorized to add domains.
+     * This option has no effect on the admin. The valid values are:
+     * 'none' - There is no verification.
+     * 'dns'  - Verification by adding DNS TXT record like dmarcsrg-verification=...
+     * The default value is 'none'.
+     */
+    'domain_verification' => 'none'
+];
+
 //
 $fetcher = [
     'mailboxes' => [
@@ -104,7 +162,7 @@
 
         /**
          * What to do with the report file when it has been successfully processed.
-         * The folowing actions are available: 'delete', 'move_to'. See the when_done for mailboxes
+         * The following actions are available: 'delete', 'move_to'. See the when_done for mailboxes
          * for detailed description.
          * The default value is 'delete'.
          */
@@ -118,6 +176,16 @@
          */
         'when_failed'      => 'move_to:' . getenv('DIRECTORIES_WHEN_FAILED_MOVE_TO'),
     ],
+    'remote_filesystems' => [
+        // See directories/files_maximum
+        'files_maximum' => 50,
+
+        // See directories/when_done
+        'when_done'        => 'delete',
+
+        // See directories/when_failed
+        'when_failed'      => 'move_to:failed'
+    ],
     /**
      * Domains matching this regular expression will be automatically added to the database from processed
      * reports. This option does not affect domains that have already been added to the database.
@@ -134,8 +202,67 @@
 // Settings for sending summary reports if it is necessary.
 // It uses in utils/summary_report.php
 $mailer = [
+    /**
+     * The library used to send e-mails. The following values are currently supported:
+     * 'internal'  - use the PHP internal functions. Default value.
+     * 'phpmailer' - use the PHPMailer library. You can install it with composer.
+     */
+    'library' => 'internal',
+
+    /**
+     * The method used to send email. Note: The 'smtp' method requires the PHPMailer library. Make sure it is installed.
+     * 'mail' - use the standard PHP mail() function. Default value.
+     * 'smtp' - sent via SMTP. This method required the PHPMailer library. See below for required parameters.
+     */
+    'method' => 'mail',
+
+    /**
+     * Sender's e-mail address
+     */
     'from'    => getenv('MAILER_FROM'),
+
+    /**
+     * Recepient's default e-mail address
+     */
     'default' => getenv('MAILER_DEFAULT'),
+
+    /*
+     * For method 'smtp' the following parameters must be specified:
+     */
+
+    /**
+     * SMTP host to connect to.
+     */
+    'host' => getenv('IMAP_HOST'),
+
+    /**
+     * TCP port to connect to.
+     * Typically it is 465 for SSL/TLS, 587 for STARTTLS, or 25.
+     */
+    'port' => 465,
+
+    /**
+     * Connection encryption method. The valid values are:
+     * 'none'     - without encryption (strongly not recommend).
+     * 'ssl'      - SSL/TLS on a separate port, for SMTP it is usually port 465. Default value.
+     * 'starttls' - STARTTLS method, usually on the standard SMTP port 587.
+     */
+    'encryption' => 'ssl',
+
+    /**
+     * Set true if you want to connect to the SMTP server without certificate validation
+     */
+    'novalidate-cert' => false,
+
+    /**
+     * User name. Specify an empty string if authentication is not required.
+     */
+    'username' => getenv('IMAP_USER'),
+
+    /**
+     * User password. Specify an empty string if authentication is not required.
+     */
+    'password'  => getenv('IMAP_PASSWORD'),
 ];
 
 //
@@ -179,3 +306,9 @@
         'leave_minimum'  => 100
     ]
 ];
+
+/**
+ * Path to a custom CSS file to add it to the HTML header in order to use custom styles.
+ * The file must be a regular CSS file and end with ".css".
+ */
+//$custom_css = 'css/custom.css';

docker/nginx-host.conf

@@ -35,7 +35,3 @@ location ~ ^/(css|js)/ {
     access_log off;
     expires 1d;
 }
-
-location ~ ^/(utils|classes|config)/ {
-    deny all;
-}

docker/nginx-vhost.conf

@@ -4,7 +4,7 @@ server {
 
     server_name  _ docker;
 
-    root "/var/www/html";
+    root "/var/www/html/public";
     index index.php;
 
     server_tokens off;