mirror of
https://github.com/stalwartlabs/mail-server.git
synced 2025-09-10 14:04:14 +08:00
v0.5.2
This commit is contained in:
mdecimus
parent
3a800aff7a
commit
d829b56571
9 changed files with 49 additions and 13 deletions
10
CHANGELOG.md
10
CHANGELOG.md
|
|
@ -2,12 +2,14 @@
|
||||||
|
|
||||||
All notable changes to this project will be documented in this file. This project adheres to [Semantic Versioning](http://semver.org/).
|
All notable changes to this project will be documented in this file. This project adheres to [Semantic Versioning](http://semver.org/).
|
||||||
|
|
||||||
## [0.5.2] - 2024-01-xx
|
## [0.5.2] - 2024-01-07
|
||||||
|
|
||||||
|
Please read the [UPGRADING.md](UPGRADING.md) file for more information on how to upgrade from previous versions.
|
||||||
|
|
||||||
## Added
|
## Added
|
||||||
- ACME support for automatic TLS certificate generation and renewal.
|
- [ACME](https://stalw.art/docs/server/tls/acme) support for automatic TLS certificate generation and renewal (#160).
|
||||||
- TLS certificate hot-reloading.
|
- TLS certificate [hot-reloading](https://stalw.art/docs/management/database/maintenance#tls-certificate-reloading).
|
||||||
- HAProxy protocol support.
|
- [HAProxy protocol](https://stalw.art/docs/server/proxy) support (#36).
|
||||||
|
|
||||||
### Changed
|
### Changed
|
||||||
|
|
||||||
|
|
|
||||||
14
UPGRADING.md
14
UPGRADING.md
|
|
@ -1,4 +1,16 @@
|
||||||
Upgrading from `v0.5.0` to `v0.5.x`
|
Upgrading from `v0.5.1` to `v0.5.2`
|
||||||
|
-----------------------------------
|
||||||
|
|
||||||
|
- Make sure that implicit TLS is enabled for the JMAP [listener](https://stalw.art/docs/server/listener) configured under `ets/jmap/listener.toml`:
|
||||||
|
```toml
|
||||||
|
[server.listener."jmap".tls]
|
||||||
|
implicit = true
|
||||||
|
```
|
||||||
|
- Optional: Enable automatic TLS with [ACME](https://stalw.art/docs/server/tls/acme).
|
||||||
|
- Replace the binary with the new version.
|
||||||
|
- Restart the service.
|
||||||
|
|
||||||
|
Upgrading from `v0.5.0` to `v0.5.1`
|
||||||
-----------------------------------
|
-----------------------------------
|
||||||
|
|
||||||
- Replace the binary with the new version.
|
- Replace the binary with the new version.
|
||||||
|
|
|
||||||
|
|
@ -111,9 +111,10 @@ enum SmtpDirectory {
|
||||||
Imap,
|
Imap,
|
||||||
}
|
}
|
||||||
|
|
||||||
const DIRECTORIES: [[&str; 2]; 6] = [
|
const DIRECTORIES: [[&str; 2]; 7] = [
|
||||||
["bin", ""],
|
["bin", ""],
|
||||||
["etc", "dkim"],
|
["etc", "dkim"],
|
||||||
|
["etc", "acme"],
|
||||||
["data", "blobs"],
|
["data", "blobs"],
|
||||||
["logs", ""],
|
["logs", ""],
|
||||||
["queue", ""],
|
["queue", ""],
|
||||||
|
|
|
||||||
|
|
@ -274,6 +274,7 @@ pub enum DirectoryError {
|
||||||
NoTlsAlpn01Challenge,
|
NoTlsAlpn01Challenge,
|
||||||
}
|
}
|
||||||
|
|
||||||
|
#[allow(unused_mut)]
|
||||||
async fn https(
|
async fn https(
|
||||||
url: impl AsRef<str>,
|
url: impl AsRef<str>,
|
||||||
method: Method,
|
method: Method,
|
||||||
|
|
|
||||||
|
|
@ -93,12 +93,6 @@ impl Config {
|
||||||
})
|
})
|
||||||
.collect::<Vec<_>>();
|
.collect::<Vec<_>>();
|
||||||
let cache = PathBuf::from(self.value_require(("acme", acme_id, "cache"))?);
|
let cache = PathBuf::from(self.value_require(("acme", acme_id, "cache"))?);
|
||||||
if !cache.exists() {
|
|
||||||
std::fs::create_dir_all(&cache).map_err(|err| {
|
|
||||||
format!("Failed to create ACME cache directory {:?}: {}", cache, err)
|
|
||||||
})?;
|
|
||||||
}
|
|
||||||
|
|
||||||
let renew_before: Duration =
|
let renew_before: Duration =
|
||||||
self.property_or_static(("acme", acme_id, "renew-before"), "30d")?;
|
self.property_or_static(("acme", acme_id, "renew-before"), "30d")?;
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -115,6 +115,8 @@ pub trait SessionManager: Sync + Send + 'static + Clone {
|
||||||
tracing::debug!(
|
tracing::debug!(
|
||||||
context = "tls",
|
context = "tls",
|
||||||
event = "error",
|
event = "error",
|
||||||
|
instance = session.instance.id,
|
||||||
|
protocol = ?session.instance.protocol,
|
||||||
remote.ip = session.remote_ip.to_string(),
|
remote.ip = session.remote_ip.to_string(),
|
||||||
"Failed to accept TLS connection: {}",
|
"Failed to accept TLS connection: {}",
|
||||||
err
|
err
|
||||||
|
|
|
||||||
|
|
@ -5,7 +5,7 @@
|
||||||
[server]
|
[server]
|
||||||
hostname = "%{HOST}%"
|
hostname = "%{HOST}%"
|
||||||
max-connections = 8192
|
max-connections = 8192
|
||||||
#proxy-trusted-networks = ["10.0.0.0/8", "127.0.0.0/8"]
|
#proxy-trusted-networks = ["127.0.0.0/8", "::1", "10.0.0.0/8"]
|
||||||
|
|
||||||
[server.run-as]
|
[server.run-as]
|
||||||
user = "stalwart-mail"
|
user = "stalwart-mail"
|
||||||
|
|
|
||||||
6
tests/resources/docker/Docker.haproxy
Normal file
6
tests/resources/docker/Docker.haproxy
Normal file
|
|
@ -0,0 +1,6 @@
|
||||||
|
# docker build -t test-haproxy -f Docker.haproxy .
|
||||||
|
# docker run -it --rm --name haproxy-syntax-check test-haproxy haproxy -c -f /usr/local/etc/haproxy/haproxy.cfg
|
||||||
|
# docker run -d -p 1111:1111 --name some-haproxy --sysctl net.ipv4.ip_unprivileged_port_start=0 test-haproxy
|
||||||
|
|
||||||
|
FROM haproxy:2.3
|
||||||
|
COPY haproxy.cfg /usr/local/etc/haproxy/haproxy.cfg
|
||||||
18
tests/resources/docker/haproxy.cfg
Normal file
18
tests/resources/docker/haproxy.cfg
Normal file
|
|
@ -0,0 +1,18 @@
|
||||||
|
global
|
||||||
|
log stdout format raw local0
|
||||||
|
|
||||||
|
defaults
|
||||||
|
log global
|
||||||
|
timeout connect 5000ms
|
||||||
|
timeout client 50000ms
|
||||||
|
timeout server 50000ms
|
||||||
|
|
||||||
|
frontend tcp_in
|
||||||
|
bind *:1111
|
||||||
|
mode tcp
|
||||||
|
option tcplog
|
||||||
|
default_backend tcp_out
|
||||||
|
|
||||||
|
backend tcp_out
|
||||||
|
mode tcp
|
||||||
|
server docker_server host.docker.internal:143 send-proxy
|
||||||
Loading…
Add table
Reference in a new issue