diff --git a/docker/Dockerfile b/docker/Dockerfile index 2927e9c..966d69b 100644 --- a/docker/Dockerfile +++ b/docker/Dockerfile @@ -1,8 +1,8 @@ FROM webdevops/php-nginx:8.2-alpine -ARG VERSION="v1.8" +ARG VERSION="v2.2.1" -ARG DIST_URL="https://github.com/liuch/dmarc-srg/archive/refs/tags/v1.8.tar.gz" +ARG DIST_URL="https://github.com/liuch/dmarc-srg/archive/refs/tags/v2.2.1.tar.gz" ARG BUILD_DATE ARG VCS_REF ENV PHP_DISMOD=amqp,apcu,bcmath,bz2,calendar,exif,ffi,gd,gettext,gmp,imagick,intl,ldap,memcached,mongodb,pcntl,mysqli,pdo_pgsql,pgsql,redis,shmop,soap,sockets,sysvmsg,sysvsem,sysvshm,vips,xmlrpc,xsl,yaml,ioncube @@ -21,16 +21,19 @@ COPY nginx-vhost.conf /opt/docker/etc/nginx/vhost.conf USER application WORKDIR $WEB_DOCUMENT_ROOT -RUN curl -# -L -o dmarc-srg.tar.gz ${DIST_URL} && \ - tar -xzf dmarc-srg.tar.gz -C $WEB_DOCUMENT_ROOT --strip-components=1 && \ - rm dmarc-srg.tar.gz && \ - cd $WEB_DOCUMENT_ROOT && \ - curl -# -L -o - https://patch-diff.githubusercontent.com/raw/liuch/dmarc-srg/pull/80.diff | patch -p1 && \ - rm -vr *.md && \ +RUN set -eux; \ + curl -# -L -o dmarc-srg.tar.gz ${DIST_URL}; \ + tar -xzf dmarc-srg.tar.gz -C $WEB_DOCUMENT_ROOT --strip-components=1; \ + rm dmarc-srg.tar.gz; \ + cd $WEB_DOCUMENT_ROOT; \ + # curl -# -L -o - https://patch-diff.githubusercontent.com/raw/liuch/dmarc-srg/pull/.diff | patch -p1; \ + rm -vr *.md; \ tree COPY config.php /var/www/html/config/conf.php +RUN diff -u $WEB_DOCUMENT_ROOT/config/conf.sample.php /var/www/html/config/conf.php + # Metadata LABEL org.label-schema.vendor="liuch" \ org.label-schema.url="https://github.com/liuch/dmarc-srg#readme" \ diff --git a/docker/config.php b/docker/config.php index 6f4d295..83a100f 100644 --- a/docker/config.php +++ b/docker/config.php @@ -10,7 +10,7 @@ 'user' => getenv('DB_USER'), 'password' => getenv('DB_PASSWORD'), /** - * This parameter can be usefull if the database is shared with other applications + * This parameter can be useful if the database is shared with other applications * to avoid conflicting table names. You do not need to specify this parameter * if you use a dedicated database. * Example value: dmarc_ @@ -45,19 +45,20 @@ 'password' => getenv('IMAP_PASSWORD'), // Mailbox name 'mailbox' => getenv('MAILBOX_NAME'), - // IMAP authorization methods to be excluded. + // IMAP authentication methods to be excluded. // For example: 'auth_exclude' => [ 'GSSAPI', 'NTLM' ] 'auth_exclude' => [] ]; /** - * It is only required if you want to get reports from a server directory. - * In order to collect report from several directories, you should put each + * This option is NOT INTENDED for direct access to MAILBOX directories. + * It is only required if you want to get reports files (xml, zip, gz) from a server directory. + * In order to collect reports from several directories, you should put each * directory settings in an array. Processing of the directories is not recursive. * It is recommended to use atomic methods for adding files to these directories. * Attention! All successfully processed files will be deleted from the directories * and all others will be moved to subdirectory `failed`, that will be created - * automatically if it does not exist. + * automatically if it does not exist. You can change this behavior under fetcher->directories. */ //$directories = [ // // Just for displaying in the web-admin and utilities. Not necessary. @@ -66,12 +67,69 @@ // 'location' => '/var/spool/dmarc-srg/rua' //]; +/** + * It is only required if you want to get reports from a remote filesystem. + * In order to collect reports from several filesystems, you should put each + * filesystem settings in an array. Processing of remote filesystems is not recursive. + * It uses the flysystem library to access remote file systems. Make sure this library is installed. + */ +//$remote_filesystems = [ +// // Just for displaying in the web-admin and utilities. Not necessary. +// 'name' => 'AWS-S3', +// +// /** +// * Type of remote filesystem. Required. Only 's3' is supported at this time. +// * Before using the S3 filesystem, you will need to install the Flysystem S3 package +// * via the Composer package manager or your OS package manager. +// * For the Composer package manager run: +// * composer require league/flysystem-aws-s3-v3 +// */ +// 'type' => 's3', +// +// // Bucket name. Required. +// 'bucket' => 'your-bucket-name', +// +// // Path where the reports are located. Required. +// 'path' => '/', +// +// /** +// * They do not recommend to add AWS access keys directly to configuration files. Use credentials provider or +// * environment variables for that. However, you can list your credentials in the following options instead. +// */ +// //'key' => 'YEpoT...', +// //'secret' => 'uyASUDf...', +// //'token' => '...', +// +// // The full URI of the webservice. This is only required when connecting to a custom endpoint. +// //'endpoint' => 'http://localhost:9000', +// +// // Region to connect to. Required. +// // See http://docs.aws.amazon.com/general/latest/gr/rande.html for a list of available regions. +// 'region' => 'us-east-1' +//]; + $admin = [ // Set this value to null or remove this parameter to disable authentication - // Note: The authentication always fails with an empty string password. Change it if you want to use the web ui. + // Note: The authentication always fails with an empty string password. Change it if you want to use the web UI. 'password' => getenv('UI_PASSWORD'), ]; +$users = [ + // Enables the use of multiple users in the web interface. The authentication dialog will ask for a username and + // password. Use `admin` as the username for the above password. To add new users, use Administration -> Users. + // The default value is false. + 'user_management' => false, + + /** + * Domain ownership verification method for users who are authorized to add domains. + * This option has no effect on the admin. The valid values are: + * 'none' - There is no verification. + * 'dns' - Verification by adding DNS TXT record like dmarcsrg-verification=... + * The default value is 'none'. + */ + 'domain_verification' => 'none' +]; + // $fetcher = [ 'mailboxes' => [ @@ -104,7 +162,7 @@ /** * What to do with the report file when it has been successfully processed. - * The folowing actions are available: 'delete', 'move_to'. See the when_done for mailboxes + * The following actions are available: 'delete', 'move_to'. See the when_done for mailboxes * for detailed description. * The default value is 'delete'. */ @@ -118,6 +176,16 @@ */ 'when_failed' => 'move_to:' . getenv('DIRECTORIES_WHEN_FAILED_MOVE_TO'), ], + 'remote_filesystems' => [ + // See directories/files_maximum + 'files_maximum' => 50, + + // See directories/when_done + 'when_done' => 'delete', + + // See directories/when_failed + 'when_failed' => 'move_to:failed' + ], /** * Domains matching this regular expression will be automatically added to the database from processed * reports. This option does not affect domains that have already been added to the database. @@ -134,8 +202,67 @@ // Settings for sending summary reports if it is necessary. // It uses in utils/summary_report.php $mailer = [ + /** + * The library used to send e-mails. The following values are currently supported: + * 'internal' - use the PHP internal functions. Default value. + * 'phpmailer' - use the PHPMailer library. You can install it with composer. + */ + 'library' => 'internal', + + /** + * The method used to send email. Note: The 'smtp' method requires the PHPMailer library. Make sure it is installed. + * 'mail' - use the standard PHP mail() function. Default value. + * 'smtp' - sent via SMTP. This method required the PHPMailer library. See below for required parameters. + */ + 'method' => 'mail', + + /** + * Sender's e-mail address + */ 'from' => getenv('MAILER_FROM'), + + /** + * Recepient's default e-mail address + */ 'default' => getenv('MAILER_DEFAULT'), + + /* + * For method 'smtp' the following parameters must be specified: + */ + + /** + * SMTP host to connect to. + */ + 'host' => getenv('IMAP_HOST'), + + /** + * TCP port to connect to. + * Typically it is 465 for SSL/TLS, 587 for STARTTLS, or 25. + */ + 'port' => 465, + + /** + * Connection encryption method. The valid values are: + * 'none' - without encryption (strongly not recommend). + * 'ssl' - SSL/TLS on a separate port, for SMTP it is usually port 465. Default value. + * 'starttls' - STARTTLS method, usually on the standard SMTP port 587. + */ + 'encryption' => 'ssl', + + /** + * Set true if you want to connect to the SMTP server without certificate validation + */ + 'novalidate-cert' => false, + + /** + * User name. Specify an empty string if authentication is not required. + */ + 'username' => getenv('IMAP_USER'), + + /** + * User password. Specify an empty string if authentication is not required. + */ + 'password' => getenv('IMAP_PASSWORD'), ]; // @@ -179,3 +306,9 @@ 'leave_minimum' => 100 ] ]; + +/** + * Path to a custom CSS file to add it to the HTML header in order to use custom styles. + * The file must be a regular CSS file and end with ".css". + */ +//$custom_css = 'css/custom.css'; diff --git a/docker/nginx-host.conf b/docker/nginx-host.conf index 0066a69..6e4152a 100644 --- a/docker/nginx-host.conf +++ b/docker/nginx-host.conf @@ -35,7 +35,3 @@ location ~ ^/(css|js)/ { access_log off; expires 1d; } - -location ~ ^/(utils|classes|config)/ { - deny all; -} diff --git a/docker/nginx-vhost.conf b/docker/nginx-vhost.conf index af03700..8cf60da 100644 --- a/docker/nginx-vhost.conf +++ b/docker/nginx-vhost.conf @@ -4,7 +4,7 @@ server { server_name _ docker; - root "/var/www/html"; + root "/var/www/html/public"; index index.php; server_tokens off;