cypht-org / cypht-docker Goto Github PK

I would like to use postgresql as database. For my configuration i get the error message:

Waiting for database connection … (could not find driver)

My compose looks like

  cypht-db:
    image: postgres:15
    container_name: cypht-db
    restart: always
    environment:
      - POSTGRES_USER=cypht
      - POSTGRES_PASSWORD=password
      - POSTGRES_DB=cypht
    volumes:
      - /mnt/user/docker/cypht/backup:/backup
      - /mnt/user/docker/cypht/postgres/15:/var/lib/postgresql/data
    healthcheck:
      test: ["CMD-SHELL", "pg_isready -U cypht"]
      interval: 10s
      timeout: 5s
      retries: 5
    labels:
      - "com.centurylinklabs.watchtower.enable=true"

  cypht-app:
    image: sailfrog/cypht-docker:latest
    container_name: cypht-app
    volumes:
      - ./cypht/users:/var/lib/hm3/users
    ports:
      - 80:80
    environment:
      - CYPHT_AUTH_USERNAME=admin
      - CYPHT_AUTH_PASSWORD=admin_password
      - CYPHT_DB_CONNECTION_TYPE=host
      - CYPHT_DB_HOST=cypht-db
      - CYPHT_DB_NAME=cypht
      - CYPHT_DB_USER=cypht
      - CYPHT_DB_PASS=password
      - CYPHT_DB_DRIVER=pgsql
      - CYPHT_SESSION_TYPE=DB
    labels:
      - "com.centurylinklabs.watchtower.enable=true"

When i take a look at Dockerfile i see, that the pdo driver for postgresql is missing. I think the Pull Request #11 solves this issue.

Following the README instruction creates an installation with a various random errors when trying to read messages.

However, when I downloaded your code and built the docker image from scratch, things ran just fine.
Could you please rebuild the image and update it in dockerhub so we get the current cypht version again?

Using the environment variable CYPHT_MODULE_2FA=enable i get the error "Unable to generate 2 factor authentication QR code"

As per title, the manage sieve module is shipped with cypht, but it's disabled by default and the current scripts do not have a way to re-enable it.

Hello,

Someone can help me to configure Cypht on Synology with Container Manager (ex Docker)

I use the sailfrog-cypht and when i lauch the contener i have this error in log :

Waiting for database connection ... (SQLSTATE[HY000] [2002] Connection refused)

Thanks

Not sure what's up, but seeing no log messages about failure. When using the specified password, it returns to the login screen with no error.

I'm debugging this as well myself but wanted to put a note here.

Hello!
I'm just starting with cypht and face issue to create other users as there's no entries in my menu.

I feel i'm missing something but cant understand what, is there something else to do?

Container started with the default yml suggestion
Log show no errors and looks to load account module:

Thanks for your help!

Regards - JS

Could you trigger a rebuild on docker hub? It's multiple months behind.

Also, would you consider setting a cronjob somewhere (if you have a VPS or another on system) to trigger a rebuild weekly? This will allow it to track latest changes. You can trigger a rebuild with dockerhub by simply curling a URL it gives you in the backend.

I really look forward to using this tool more!

Hello, i had *70 open() "/var/tmp/nginx/fastcgi/3/00/0000000003" failed (13: Permission denied), when i was reading a mail with picture (Server Error);

Resolved with :
chown -R www-data:www-data /var/tmp/nginx

:)

The docker images should be expanded to support also arm architectures.

Is there interest in a helm chart addition to this repo (to ease kubernetes installs using this docker image), or is there a different preferred chart repo location?

I'd be willing to submit a PR if this is an appropriate location.

Let me know and I'll write one up.

Thanks!

Hi,
Trying out Cypht to find a good webmail.
I can't seem to be able to setup the secrets on the docker-compose to hide the passwords.

version: "3.5"
services:
  cypht:
    image: sailfrog/cypht-docker:latest
    container_name: cypht
    restart: unless-stopped
    networks:
      - proxy
    volumes:
      - /etc/localtime:/etc/localtime:ro
      - ${HOME}/cypht/users:/var/lib/hm3/users
      - ${HOME}/cypht/app_data:/var/lib/hm3/app_data
    secrets:
      - cyphtpass
      - cyphtdbpass
    environment:
      - CYPHT_SESSION_TYPE=DB
      - CYPHT_AUTH_USERNAME=myuser
      - CYPHT_AUTH_PASSWORD_FILE=/run/secrets/cyphtpass
      - CYPHT_DB_CONNECTION_TYPE=host
      - CYPHT_DB_HOST=mariadb
      - CYPHT_DB_NAME=cypht
      - CYPHT_DB_USER=cypht
      - CYPHT_DB_PASS_FILE=/run/secrets/cyphtdbpass
      - CYPHT_DB_DRIVER=mysql
      - PUID=1000
      - PGID=1000
networks:
  # proxy network to enable container access to internet
  proxy:
    external: true
secrets:
  cyphtpass:
    file: ${HOME}/.secrets/cyphtpass
  cyphtdbpass:
    file: ${HOME}/.secrets/cyphtdbpass

It works fine without the secrets by putting the passwords (user and database) in clear in the file!

Any options to be able to hide those passwords would be welcome.

https://github.com/jasonmunro/cypht-docker/blob/2a8115a2750ce5aa4c3ece12f2ea914c46116afd/image/docker-entrypoint.sh#L212

Reverse proxying Cypht docker, I need to put it in its own virtualhost (https://webmail.example.org). I'd prefer to use a subpath (https://example.org/webmail/). I believe that customizing the above symlink could do that.

dest="/var/www/$CYPHT_PREFIX_PATH"
mkdir -p "$(dirname "$dest")"
ln -s /usr/local/share/cypht/site "${dest%%/}"

Or in a more hacky way:

docker run \
  ...
  --entrypoint /bin/sh \
  sailfrog/cypht-docker:latest \
  -c "mkdir -p /usr/local/share/cypht/site; ln -s . /usr/local/share/cypht/site/webmail; exec docker-entrypoint.sh"

Please build at least with --platform linux/amd64,linux/arm64 if possible.

Thank you

Hello,

I saw at the cypth git page (cypht-org/cypht#442) that a customized DB port was added. Is this accessible via the docker image provided by dockerhub (https://registry.hub.docker.com/r/sailfrog/cypht-docker/)?

I tried to add a ENV called "CYPHT_DB_PORT" but I still get "Waiting for database connection ... (SQLSTATE[HY000] [2002] Connection refused)".
I am running the sailfrog/cypht-docker on a synology 918+ NAS and want to use a mariadb docker container on a non-standard port als database.

Best
Aradhir

Cypht can handle JMAP using custom configuration from the UI. It would be great to allow JMAP configuration from environment (same as IMAP and POP3)

Is it possible to merge the Redis conf PR ( #10 ) and rebuild and update the dockerhub?

Setup

I am using docker latest version with docker-compose provided here.

Here are my env vars :

      - CYPHT_AUTH_USERNAME=*********
      - CYPHT_AUTH_PASSWORD=*********
      - CYPHT_DB_CONNECTION_TYPE=host
      - CYPHT_DB_HOST=db
      - CYPHT_DB_NAME=cypht
      - CYPHT_DB_USER=********
      - CYPHT_DB_PASS=**********
      - CYPHT_SESSION_TYPE=DB
      - CYPHT_AUTH_TYPE=IMAP
      - CYPHT_IMAP_AUTH_NAME="Mailserver"
      - CYPHT_IMAP_AUTH_SERVER=mail.exemple.com
      - CYPHT_IMAP_AUTH_PORT=993
      - CYPHT_IMAP_AUTH_TLS=true
      - CYPHT_DEFAULT_SMTP_NAME="Mailserver"
      - CYPHT_DEFAULT_SMTP_SERVER=mail.exemple.com
      - CYPHT_DEFAULT_SMTP_PORT=587
      - CYPHT_DEFAULT_SMTP_TLS=true
      - CYPHT_DEFAULT_SMTP_NO_AUTH=false
      - CYPHT_MODULE_DESKTOP_NOTIFICATIONS=enable
      - CYPHT_DEFAULT_SETTING_TIMEZONE=Europe/Paris
      - CYPHT_DEFAULT_SETTING_LANGUAGE=en
      - CYPHT_ADMIN_USERS="********@exemple.com"

I am trying to authenticate against a Dovecot instance which runs well for a couple of years and I never had any issue with any other IMAP client.

Here's dovecot SSL config :

ssl_min_protocol = TLSv1.2
ssl = required
ssl_cipher_list = EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH
ssl_prefer_server_ciphers = yes
disable_plaintext_auth = yes

Issue

When I try to login on Cypht WebUI, I get a "Invalid username or password" message.

When I check Dovecot logs I get this logs:

Feb 17 13:38:06  dovecot: imap-login: Debug: SSL: where=0x10, ret=1: before SSL initialization
Feb 17 13:38:06  dovecot: imap-login: Debug: SSL: where=0x2001, ret=1: before SSL initialization
Feb 17 13:38:06  dovecot: imap-login: Debug: SSL: where=0x2002, ret=-1: before SSL initialization
Feb 17 13:38:06  dovecot: imap-login: Debug: SSL: where=0x2001, ret=1: before SSL initialization
Feb 17 13:38:06  dovecot: imap-login: Debug: SSL alert: where=0x4008, ret=582: fatal protocol version
Feb 17 13:38:06  dovecot: imap-login: Debug: SSL: where=0x2002, ret=-1: error
Feb 17 13:38:06  dovecot: imap-login: Debug: SSL error: SSL_accept() failed: error:14209102:SSL routines:tls_early_post_process_client_hello:unsupported protocol
Feb 17 13:38:06  dovecot: imap-login: Disconnected (no auth attempts in 0 secs): user=<>, rip=X.X.X.X, lip=X.X.X.X, TLS handshaking: SSL_accept() failed: error:14209102:SSL routines:tls_early_post_process_client_hello:unsupported protocol, session=<+IfHleT0ya3BN192>
Feb 17 13:38:06  dovecot: imap-login: Debug: SSL error: SSL_accept() syscall failed: Invalid argument

What I tried

Change CYPHT_IMAP_AUTH_TLS from true to false

I shouldn't do it as my IMAP is secured by SSL, but still. Dovecot logs now says:

Feb 17 13:14:55 mail dovecot: imap-login: Disconnected (no auth attempts in 0 secs): user=<>, rip=X.X.X.X, lip=X.X.X.X, TLS handshaking: SSL_accept() failed: error:1408F10B:SSL routines:ssl3_get_record:wrong version number, session=<BF/lQuT0j23BN192>

I don't know what I'm supposed to think here as no SSL negociation should be attempted, I should have a SSL version number error.

Change SSL config on dovecot

I tried to comment those lines without any success:

# ssl_min_protocol = TLSv1.2
# ssl_cipher_list = EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH
# ssl_prefer_server_ciphers = yes  

I also tried to change ssl_min_protocol from TLSv1.2 to TLSv1.0 : same results.

I changed ssl_cipher_list to ALL with same results as well.

Am I missing something there ?

I've just set up Cypht using Docker.

I have everything up and running, and I can add IMAP accounts fine. Now I am trying to add a Gmail account.

I've set up the required project in Google Cloud Console, and added the credentials to my oauth2.ini file. I am running Cypht behind a reverse proxy (SWAG - nginx) as a subdomain (https://cypht.mydomain.com)

When I try to add the Gmail account in Cypht, I hit Enable when it asks about OAuth, then it redirects me to the Google sign-in, I choose my account, select what Cypht can access (mail/contacts), then hit Continue. It then returns me to Cypht as if I had just opened it in a new window, and the account is not added. I'm guessing it has something to do with the reverse proxy not handling the oauth redirect_uri properly? But I'm not sure how to fix it.

Any help would be appreciated!