3.0.0e

1. add docker image kindleear/mailfix
2. add caddyfile

application/templates/base.html

@@ -172,9 +172,9 @@
     {% endblock -%}
   </div>
 
-<!--<script src="https://code.jquery.com/jquery-3.7.1.min.js" integrity="sha256-/JqT3SQfawRcv/BIHPThkBvs0OEvtFFmqPF/lYI/Cxo=" crossorigin="anonymous"></script>
-<script>window.jQuery || document.write('<script src="/static/jquery-3.7.1.min.js"></script>');</script>-->
-<script type="text/javascript" src="/static/jquery-3.7.1.min.js"></script>
+<script src="https://code.jquery.com/jquery-3.7.1.min.js" integrity="sha256-/JqT3SQfawRcv/BIHPThkBvs0OEvtFFmqPF/lYI/Cxo=" crossorigin="anonymous"></script>
+<script>window.jQuery || document.write('<script src="/static/jquery-3.7.1.min.js"></script>');</script>
+<!--<script type="text/javascript" src="/static/jquery-3.7.1.min.js"></script>-->
 <script type="text/javascript" src="/static/tingle.min.js"></script>
 <script type="text/javascript" src="/static/base.js" charset="utf-8"></script>
 {% block jsfiles %}{% endblock -%}

docker/Caddyfile

@@ -0,0 +1,8 @@
+{$DOMAIN} {
+  log {
+    output stdout
+    format console
+    level  ERROR
+  }
+  reverse_proxy kindleear:8000
+}

docker/Dockerfile

@@ -1,32 +1,20 @@
-#step 1
-#FROM python:3.10.14-slim AS req_builder
-FROM python:3.9.19-alpine AS req_builder
-ENV PYTHONDONTWRITEBYTECODE 1
-ENV PYTHONUNBUFFERED 1
-
-WORKDIR /usr/site/
-COPY ./config.py .
-COPY ./tools/update_req.py .
-RUN python update_req.py docker
-
-#step 2
 #FROM python:3.10.14-slim
 FROM python:3.9.19-alpine
 ENV PYTHONDONTWRITEBYTECODE 1
 ENV PYTHONUNBUFFERED 1
 
 USER root
-RUN mkdir -p /usr/site /data
-WORKDIR /usr/site
-RUN pip install --upgrade pip
-COPY --from=req_builder /usr/site/requirements.txt .
-RUN pip install --no-cache-dir -r requirements.txt
+RUN mkdir -p /usr/kindleear /data
+WORKDIR /usr/kindleear
+COPY ./config.py ./tools/update_req.py ./docker/gunicorn.conf.py ./main.py ./
+
+#RUN python update_req.py docker-all
+RUN python update_req.py docker && \
+    pip install --upgrade pip && \
+    pip install --no-cache-dir -r requirements.txt
 
-COPY ./docker/gunicorn.conf.py .
-COPY ./main.py .
-COPY --from=req_builder /usr/site/config.py .
 COPY ./application/ ./application/
 
 EXPOSE 8000
 
-CMD ["/usr/local/bin/gunicorn", "-c", "/usr/site/gunicorn.conf.py", "main:app"]
+CMD ["/usr/local/bin/gunicorn", "-c", "/usr/kindleear/gunicorn.conf.py", "main:app"]

docker/default.conf

@@ -1,48 +1,23 @@
 server {
-	listen 80 default_server;
-	listen [::]:80 default_server;
-	charset utf-8;
-	client_max_body_size 32M;
+    listen 80 default_server;
+    listen [::]:80 default_server;
+    charset utf-8;
+    client_max_body_size 32M;
+    server_name localhost;
 
-	# SSL configuration
-	#
-	# listen 443 ssl default_server;
-	# listen [::]:443 ssl default_server;
-	#
-	# Note: You should disable gzip for SSL traffic.
-	# See: https://bugs.debian.org/773332
-	#
-	# Read up on ssl_ciphers to ensure a secure configuration.
-	# See: https://bugs.debian.org/765782
-	#
-	# Self signed certs generated by the ssl-cert package
-	# Don't use them in a production server!
-	#
-	# include snippets/snakeoil.conf;
-
-	root /var/www/html;
-
-	# Add index.php to the list if you are using PHP
-	index index.html index.htm index.nginx-debian.html;
-
-	server_name localhost;
-
-	location /static/ {
-		proxy_pass http://kindleear:8000/static/;
-	}
-	location /images/ {
-		proxy_pass http://kindleear:8000/images/;
-	}
-	location = /favicon.ico {
-		proxy_pass http://kindleear:8000/static/favicon.ico;
-	}
-	location = /robots.txt {
-		proxy_pass http://kindleear:8000/static/robots.txt;
-	}
-	location / {
-		proxy_pass http://kindleear:8000;
-		proxy_set_header Host $host;
-		proxy_set_header X-Real-IP $remote_addr;
-		proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
-	}
+    # uncomment this section if https is need
+    listen 443 ssl default_server;
+    listen [::]:443 ssl default_server;
+    ssl_certificate     /etc/nginx/ssl/fullchain.pem;
+    ssl_certificate_key /etc/nginx/ssl/privkey.pem;
+    if ($scheme = http) {
+       return 301 https://$http_host$request_uri;
+    }
+
+    location / {
+        proxy_pass http://kindleear:8000;
+        proxy_set_header Host $host;
+        proxy_set_header X-Real-IP $remote_addr;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+    }
 }

docker/docker-compose-nginx.yml

@@ -0,0 +1,54 @@
+
+services:
+  kindleear:
+    container_name: kindleear
+    image: kindleear/kindleear
+    restart: always
+    volumes:
+      - ./data/:/data/
+    expose:
+      - "8000"
+    networks:
+      - web_network
+    environment:
+       APP_ID: kindleear
+       APP_DOMAIN: http://example.com
+       LOG_LEVEL: warning
+
+  nginx:
+    container_name: nginx
+    image: nginx:stable-alpine3.17-slim
+    restart: always
+    ports:
+      - "80:80"
+      - "443:443"
+    volumes:
+      - ./default.conf:/etc/nginx/conf.d/default.conf:ro
+      - ./data/:/var/log/nginx/
+      # uncomment this two lines if https is need
+      #- ./data/fullchain.pem:/etc/nginx/ssl/fullchain.pem:ro
+      #- ./data/privkey.pem:/etc/nginx/ssl/privkey.pem:ro
+    depends_on:
+      - kindleear
+    networks:
+      - web_network
+
+  mailfix:
+   container_name: mailfix
+   image: kindleear/mailfix
+   restart: unless-stopped
+   ports:
+     - "25:25"
+   depends_on:
+     - kindleear
+     - nginx
+   environment:
+     #change DOMAIN to your email domain, without http and https prefix
+     DOMAIN: example.com
+     URL: http://kindleear:8000/mail
+   networks:
+     - web_network
+
+networks:
+  web_network:
+    driver: bridge

docker/docker-compose.yml

@@ -12,37 +12,43 @@ services:
       - web_network
     environment:
        APP_ID: kindleear
-       APP_DOMAIN: https://kindleear.appspot.com
+       #DOMAIN with http or https prefix
+       APP_DOMAIN: http://example.com
        LOG_LEVEL: warning
 
-  nginx:
-    container_name: nginx
-    image: nginx:stable-alpine3.17-slim
+  caddy:
+    container_name: caddy
+    image: caddy:alpine
     restart: always
     ports:
       - "80:80"
+      - "443:443"
+    environment:
+      #DOMAIN without http and https prefix
+      DOMAIN: example.com
     volumes:
-      - ./default.conf:/etc/nginx/conf.d/default.conf:ro
+      - ./Caddyfile:/etc/caddy/Caddyfile
+      - ./caddy/:/data/caddy/
     depends_on:
       - kindleear
     networks:
       - web_network
 
-  # mailglove:
-  #   container_name: mailglove
-  #   image: thingless/mailglove
-  #   restart: unless-stopped
-  #   ports:
-  #     - "25:25"
-  #   depends_on:
-  #     - kindleear
-  #     - nginx
-  #   environment:
-  #     #change DOMAIN to your email domain
-  #     DOMAIN: local
-  #     URL: http://kindleear:8000/mailglove
-  #   networks:
-  #     - web_network
+  mailfix:
+   container_name: mailfix
+   image: kindleear/mailfix
+   restart: unless-stopped
+   ports:
+     - "25:25"
+   depends_on:
+     - kindleear
+     - nginx
+   environment:
+     #change DOMAIN to your email domain, without http and https prefix
+     DOMAIN: example.com
+     URL: http://kindleear:8000/mail
+   networks:
+     - web_network
 
 networks:
   web_network:

docker/postfix/Dockerfile

@@ -0,0 +1,12 @@
+# Inspired by <https://github.com/thingless/mailglove>
+From alpine:3.19.1
+
+ADD install.sh /etc/postfix/install.sh
+
+RUN apk add --no-cache curl bash postfix && \
+    newaliases && \
+    chmod 755 /etc/postfix/install.sh
+
+EXPOSE 25
+
+CMD ["/etc/postfix/install.sh"]

docker/postfix/install.sh

@@ -0,0 +1,53 @@
+#!/bin/bash
+
+#steal from https://github.com/thingless/mailglove
+postconf -e myhostname=${DOMAIN}
+
+# Add the myhook hook to the end of master.cf
+if ! grep -qF 'myhook unix - n n - - pipe' /etc/postfix/master.cf; then
+tee -a /etc/postfix/master.cf <<EOF
+myhook unix - n n - - pipe
+    flags=F user=nobody argv=curl -X POST --data-binary @- ${URL}
+EOF
+fi
+
+# Enable logging output to stdout with postlog daemon
+if ! grep -qF 'postlog   unix-dgram n  -       n       -       1       postlogd' /etc/postfix/master.cf; then
+tee -a /etc/postfix/master.cf <<'EOF'
+postlog   unix-dgram n  -       n       -       1       postlogd
+EOF
+fi
+
+# Make SMTP use myhook
+postconf -F 'smtp/inet/command = smtpd -o content_filter=myhook:dummy'
+
+# Disable bounces
+postconf -F 'bounce/unix/command = discard'
+
+# Disable local recipient maps so nothing is dropped b/c of non-existent email
+postconf -e 'local_recipient_maps ='
+
+#postconf -e 'mydestination = localhost'
+
+# Enable logging to foreground in postlog
+postconf -e 'maillog_file = /dev/stdout'
+
+#############
+## Enable TLS
+#############
+#if [[ -n "$(find /etc/postfix/certs -iname *.crt)" && -n "$(find /etc/postfix/certs -iname *.key)" ]]; then
+#  # /etc/postfix/main.cf
+#  postconf -e smtpd_tls_cert_file=$(find /etc/postfix/certs -iname *.crt)
+#  postconf -e smtpd_tls_key_file=$(find /etc/postfix/certs -iname *.key)
+#  chmod 400 /etc/postfix/certs/*.*
+#  # /etc/postfix/master.cf
+#  postconf -M submission/inet="submission   inet   n   -   n   -   -   smtpd"
+#  postconf -P "submission/inet/syslog_name=postfix/submission"
+#  postconf -P "submission/inet/smtpd_tls_security_level=encrypt"
+#  postconf -P "submission/inet/smtpd_sasl_auth_enable=yes"
+#  postconf -P "submission/inet/milter_macro_daemon_name=ORIGINATING"
+#  postconf -P "submission/inet/smtpd_recipient_restrictions=permit_sasl_authenticated,reject_unauth_destination"
+#fi
+
+echo "[ Starting Postfix... ]"
+/usr/sbin/postfix start-fg

docker/postfix/readme.md

@@ -0,0 +1,9 @@
+# mailfix介绍
+这个是postfix的镜像，灵感来自 <https://github.com/thingless/mailglove> ，功能完全一样。
+功能是拦截postfix接收到的所有邮件，然后调用通过环境变量传入的URL的webhook。
+
+# 为什么有了mailglove还需要制作mailfix？
+mailglove太大了，解压前124MB，解压后338M，为了这么一个简单的功能消耗那么大的空间实在不值得。
+所以我就使用alpine代替ubuntu，使用sh代替nodejs。
+除了alpine镜像和postfix，实际上只有一个sh文件，镜像解压后只有26.8M。
+

docs/Chinese/changelog.md

@@ -1,5 +1,5 @@
 ---
-sort: 5
+sort: 6
 ---
 
 # Changelog