Merge pull request #5663 from mailcow/staging

2024-01b
mailcow · Jan 22, 2024 · cb97813 · cb97813
2 parents 76f8a5b + 1159450
commit cb97813
Show file tree

Hide file tree

Showing 9 changed files with 33 additions and 11 deletions.
diff --git a/data/Dockerfiles/acme/Dockerfile b/data/Dockerfiles/acme/Dockerfile
@@ -1,4 +1,4 @@
-FROM alpine:3.19
+FROM alpine:3.18
 
 LABEL maintainer "The Infrastructure Company GmbH GmbH <[email protected]>"
 

diff --git a/data/Dockerfiles/phpfpm/Dockerfile b/data/Dockerfiles/phpfpm/Dockerfile
@@ -1,4 +1,4 @@
-FROM php:8.2-fpm-alpine3.19
+FROM php:8.2-fpm-alpine3.18
 LABEL maintainer "The Infrastructure Company GmbH <[email protected]>"
 
 # renovate: datasource=github-tags depName=krakjoe/apcu versioning=semver-coerced extractVersion=^v(?<version>.*)$

diff --git a/data/Dockerfiles/unbound/Dockerfile b/data/Dockerfiles/unbound/Dockerfile
@@ -1,4 +1,4 @@
-FROM alpine:3.19
+FROM alpine:3.18
 
 LABEL maintainer "The Infrastructure Company GmbH GmbH <[email protected]>"
 

diff --git a/data/Dockerfiles/unbound/healthcheck.sh b/data/Dockerfiles/unbound/healthcheck.sh
@@ -1,5 +1,10 @@
 #!/bin/bash
 
+# Skip Unbound (DNS Resolver) Healthchecks (NOT Recommended!)
+if [[ "${SKIP_UNBOUND_HEALTHCHECK}" =~ ^([yY][eE][sS]|[yY])+$ ]]; then
+ SKIP_UNBOUND_HEALTHCHECK=y
+fi
+
 # Declare log function for logfile inside container
 function log_to_file() {
  echo "$(date +"%Y-%m-%d %H:%M:%S"): $1" > /var/log/healthcheck.log
@@ -66,6 +71,11 @@ function check_netcat() {
 
 }
 
+if [[ ${SKIP_UNBOUND_HEALTHCHECK} == "y" ]]; then
+ log_to_file "Healthcheck: ALL CHECKS WERE SKIPPED! Unbound is healthy!"
+ exit 0
+fi
+
 # run checks, if check is not returning 0 (return value if check is ok), healthcheck will exit with 1 (marked in docker as unhealthy)
 check_ping
 

diff --git a/data/Dockerfiles/watchdog/Dockerfile b/data/Dockerfiles/watchdog/Dockerfile
@@ -1,4 +1,4 @@
-FROM alpine:3.19
+FROM alpine:3.18
 LABEL maintainer "The Infrastructure Company GmbH <[email protected]>"
 
 # Installation

diff --git a/data/Dockerfiles/watchdog/watchdog.sh b/data/Dockerfiles/watchdog/watchdog.sh
@@ -170,7 +170,7 @@ function notify_error() {
  fi
 
  # Replace subject and body placeholders
- WEBHOOK_BODY=$(echo ${WATCHDOG_NOTIFY_WEBHOOK_BODY} | sed "s|\$SUBJECT\|\${SUBJECT}|$SUBJECT|g" | sed "s|\$BODY\|\${BODY}|$BODY|")
+ WEBHOOK_BODY=$(echo ${WATCHDOG_NOTIFY_WEBHOOK_BODY} | sed "s/\$SUBJECT\|\${SUBJECT}/$SUBJECT/g" | sed "s/\$BODY\|\${BODY}/$BODY/g")
 
  # POST to webhook
  curl -X POST -H "Content-Type: application/json" ${CURL_VERBOSE} -d "${WEBHOOK_BODY}" ${WATCHDOG_NOTIFY_WEBHOOK}

diff --git a/docker-compose.yml b/docker-compose.yml
@@ -2,9 +2,10 @@ version: '2.1'
 services:
 
  unbound-mailcow:
- image: mailcow/unbound:1.19.1
+ image: mailcow/unbound:1.20
  environment:
  - TZ=${TZ}
+ - SKIP_UNBOUND_HEALTHCHECK=${SKIP_UNBOUND_HEALTHCHECK:-n}
  volumes:
  - ./data/hooks/unbound:/hooks:Z
  - ./data/conf/unbound/unbound.conf:/etc/unbound/unbound.conf:ro,Z
@@ -107,7 +108,7 @@ services:
  - rspamd
 
  php-fpm-mailcow:
- image: mailcow/phpfpm:1.86
+ image: mailcow/phpfpm:1.87
  command: "php-fpm -d date.timezone=${TZ} -d expose_php=0"
  depends_on:
  - redis-mailcow
@@ -398,7 +399,7 @@ services:
  condition: service_started
  unbound-mailcow:
  condition: service_healthy
- image: mailcow/acme:1.86
+ image: mailcow/acme:1.87
  dns:
  - ${IPV4_NETWORK:-172.22.1}.254
  environment:
@@ -457,7 +458,7 @@ services:
  - /lib/modules:/lib/modules:ro
 
  watchdog-mailcow:
- image: mailcow/watchdog:2.01
+ image: mailcow/watchdog:2.02
  dns:
  - ${IPV4_NETWORK:-172.22.1}.254
  tmpfs:

diff --git a/generate_config.sh b/generate_config.sh
@@ -363,6 +363,10 @@ SKIP_IP_CHECK=n
 
 SKIP_HTTP_VERIFICATION=n
 
+# Skip Unbound (DNS Resolver) Healthchecks (NOT Recommended!) - y/n
+
+SKIP_UNBOUND_HEALTHCHECK=n
+
 # Skip ClamAV (clamd-mailcow) anti-virus (Rspamd will auto-detect a missing ClamAV container) - y/n
 
 SKIP_CLAMD=${SKIP_CLAMD}

diff --git a/update.sh b/update.sh
@@ -116,11 +116,11 @@ migrate_docker_nat() {
  echo "Working on IPv6 NAT, please wait..."
  echo ${NAT_CONFIG} > /etc/docker/daemon.json
  ip6tables -F -t nat
- [[ -e /etc/alpine-release ]] && rc-service docker restart || systemctl restart docker.service
+ [[ -e /etc/rc.conf ]] && rc-service docker restart || systemctl restart docker.service
  if [[ $? -ne 0 ]]; then
  echo -e "\e[31mError:\e[0m Failed to activate IPv6 NAT! Reverting and exiting."
  rm /etc/docker/daemon.json
- if [[ -e /etc/alpine-release ]]; then
+ if [[ -e /etc/rc.conf ]]; then
  rc-service docker restart
  else
  systemctl reset-failed docker.service
@@ -480,6 +480,7 @@ CONFIG_ARRAY=(
  "WATCHDOG_VERBOSE"
  "WEBAUTHN_ONLY_TRUSTED_VENDORS"
  "SPAMHAUS_DQS_KEY"
+ "SKIP_UNBOUND_HEALTHCHECK"
 )
 
 detect_bad_asn
@@ -747,6 +748,12 @@ for option in ${CONFIG_ARRAY[@]}; do
  echo '# Enable watchdog verbose logging' >> mailcow.conf
  echo 'WATCHDOG_VERBOSE=n' >> mailcow.conf
  fi
+ elif [[ ${option} == "SKIP_UNBOUND_HEALTHCHECK" ]]; then
+ if ! grep -q ${option} mailcow.conf; then
+ echo "Adding new option \"${option}\" to mailcow.conf"
+ echo '# Skip Unbound (DNS Resolver) Healthchecks (NOT Recommended!) - y/n' >> mailcow.conf
+ echo 'SKIP_UNBOUND_HEALTHCHECK=n' >> mailcow.conf
+ fi
  elif ! grep -q ${option} mailcow.conf; then
  echo "Adding new option \"${option}\" to mailcow.conf"
  echo "${option}=n" >> mailcow.conf