This is a small safety precaution to make sure the out of the box
configuration is not world routeable. Bringing this up on a public
interface with a connected database could be a security concern. Any
sysadmin worth their salt is going to test offline or by binding to
localhost only first anyway, but this gets them started on the right
foot and makes sure people don't make mistakes.
Also with the high likelihood that a proxy is going to be used for HTTPS
termination anyway, the decision to move to a public IP should be more
deliberate.
Using localhost instead of some random string is much more likely to
actually work out of the box. Also it's a lot easier for a sysamdmin to
'scan' for things that need changing.
- Configures `max_open` and `max_idle` in default configs to `25`.
This changes the previous behaviour of connection pooling where both the
values were unset (from default config) and causes unbounded connection
limit and no connection reuse.
- Configures `db.SetConnMaxLifetime` which sets the maximum time the
connection can be reused in a pool.
- Sets `max_conn_lifetime` in default config as `5 minutes`.
Closes https://github.com/knadh/listmonk/issues/225
This removes the Nginx dependency for protecting admin pages.
BasicAuth is configured in config.toml. This is a "temporary"
setup until a full fledged auth mechanism is added.
This is a major breaking change that moves away from having the
entire app configuration in external TOML files to settings being
in the database with a UI to update them dynamically.
The app loads all config into memory (app settings, SMTP conf)
on boot. "Hot" replacing them is complex and it's a fair tradeoff
to instead just restart the application as it is practically
instant.
A new `settings` table stores arbitrary string keys with a JSONB
value field which happens to support arbitrary types. After every
settings update, the app gracefully releases all resources
(HTTP server, DB pool, SMTP pool etc.) and restarts itself,
occupying the same PID. If there are any running campaigns, the
auto-restart doesn't happen and the user is prompted to invoke
it manually with a one-click button once all running campaigns
have been paused.
This PR adds `config-demo.toml` to `Dockerfile` which uses the db host
`demo-db`. This is more suited for demo setups. For normal docker installations
the db host is changed back to `db` which is a better sane default.
Reworded `INSTALL.md` and `README.md` for more clarity on docker
installation and configuration.
- Fix path related issues in filesystem and S3.
- Add checks for S3 "/" path prefix.
- Add support for custom S3 domain names.
- Remove obsolete `width` and `height` columns from media table (breaking)
- Add `provider` field to media table (breaking)
This commit introduces a `blobstore` package and refactors the existing
upload mechanism. Upload is now handled by `providers` and the two
bundled providers are `S3` and `Filesystem`. `app.Blobstore` initialises
the correct provider based on the configuration and handles `Put`,
`Delete` and `Get` operations.
- Toggle options to enable self-service data export and wipe
options on the public unsubscription page. Subscribers can get
a copy of all data on them e-mailed to them as JSON, or
instantly wipe all their data.
- Refactor "unsubscribe" pages and URIs to "subscription".
- Add export icon to subscriber admin view.
This is a big commit that involves drastic changes to how static assets
(.sql and template files, the whole frontend bundle) are handled.
listmonk distribution should be a self-contained single binary
distribution, hence all static assets should be bundled. After
evaluating several solutions, srtkkou/zgok seemed like the best bet but
it lacked several fundamental features, namely the ability to fall back
to the local filesystem in the absence of embedded assets (for instance,
in the dev mode). Moreover, there was a lot of room for cleanup.
After a PR went unanswered, github.com/knadh/stuffbin was created. Just
like zgok, this enables arbitrary files and assets to be embedded into a
compiled Go binary that can be read during runtime. These changes
followed:
- Compress and embed all static files into the binary during
the build (Makefile) to make it standalone and distributable
- Refactor static paths (/public/* for public facing assets,
/frontend/* for the frontend app's assets)
- Add 'logo_url' to config
- Remove 'assets_path' from config
- Tweak yarn build to not produce symbol maps and override
the default /static (%PUBLIC_URL%) path to /frontend
- Add notifications for campaign state change
- Add notifications for import state change
Related changes.
- Add a new 'templates' directory with HTML templates
- Move the static campaign template as a .tpl file into it
- Change Messenger.Push() to accept multiple recipients
- Change exhaustCampaign()'s behaviour to pass metadata to admin emails
When a campaign exceeds N number of message send errors, for instance
SMTP errors, it is now auto-paused until there is manual intervention.
For this, the master goroutine in runner.Run() that was synchronising
between the tick based DB scanner and subscriber fetching has been
split into two. A new queue aggregates send errors from workers
again a threshold after which the campaign is paused.
