mifi-holdings/mail-autoconfig
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Harden autoconfig and sanitize input
All checks were successful
continuous-integration/drone/push Build is passing
Details

Browse Source
This commit is contained in:
Mike Fitzpatrick
2025-09-28 12:42:26 -03:00
parent f643efb220
commit a0f148c3ef
4 changed files with 318 additions and 31 deletions
Download Patch File Download Diff File Expand all files Collapse all files

50
docker-compose.yml
View File

@@ -3,8 +3,24 @@ services:
image: git.mifi.dev/mifi-holdings/mail-autoconfig:latest
container_name: mifi-mail-autoconfig
restart: unless-stopped
# Security configurations
security_opt:
- no-new-privileges:true
read_only: true
tmpfs:
- /tmp
# Limit resources to prevent resource exhaustion attacks
deploy:
resources:
limits:
memory: 256M
cpus: '0.5'
reservations:
memory: 128M
cpus: '0.25'
# Update healthcheck to use new port
healthcheck:
test: ["CMD", "python", "-c", "import urllib.request; urllib.request.urlopen('http://localhost:80/ping')"]
test: ["CMD", "python", "-c", "import urllib.request; urllib.request.urlopen('http://localhost:8080/ping')"]
interval: 30s
timeout: 10s
retries: 3
@@ -21,7 +37,7 @@ services:
- "traefik.http.routers.mailconfig-mifi-holdings.tls=true"
- "traefik.http.routers.mailconfig-mifi-holdings.tls.certresolver=letsencrypt"
- "traefik.http.routers.mailconfig-mifi-holdings.service=mailconfig-mifi-holdings"
- "traefik.http.services.mailconfig-mifi-holdings.loadbalancer.server.port=80"
- "traefik.http.services.mailconfig-mifi-holdings.loadbalancer.server.port=808080"
# mifi.com.br
- "traefik.http.routers.mailconfig-mifi-com-br.rule=Host(`autoconfig.mifi.com.br`) || Host(`autodiscover.mifi.com.br`)"
@@ -29,7 +45,7 @@ services:
- "traefik.http.routers.mailconfig-mifi-com-br.tls=true"
- "traefik.http.routers.mailconfig-mifi-com-br.tls.certresolver=letsencrypt"
- "traefik.http.routers.mailconfig-mifi-com-br.service=mailconfig-mifi-com-br"
- "traefik.http.services.mailconfig-mifi-com-br.loadbalancer.server.port=80"
- "traefik.http.services.mailconfig-mifi-com-br.loadbalancer.server.port=808080"
# mifi.dev
- "traefik.http.routers.mailconfig-mifi-dev.rule=Host(`autoconfig.mifi.dev`) || Host(`autodiscover.mifi.dev`)"
@@ -37,7 +53,7 @@ services:
- "traefik.http.routers.mailconfig-mifi-dev.tls=true"
- "traefik.http.routers.mailconfig-mifi-dev.tls.certresolver=letsencrypt"
- "traefik.http.routers.mailconfig-mifi-dev.service=mailconfig-mifi-dev"
- "traefik.http.services.mailconfig-mifi-dev.loadbalancer.server.port=80"
- "traefik.http.services.mailconfig-mifi-dev.loadbalancer.server.port=808080"
# mifi.ventures
- "traefik.http.routers.mailconfig-mifi-ventures.rule=Host(`autoconfig.mifi.ventures`) || Host(`autodiscover.mifi.ventures`)"
@@ -45,7 +61,7 @@ services:
- "traefik.http.routers.mailconfig-mifi-ventures.tls=true"
- "traefik.http.routers.mailconfig-mifi-ventures.tls.certresolver=letsencrypt"
- "traefik.http.routers.mailconfig-mifi-ventures.service=mailconfig-mifi-ventures"
- "traefik.http.services.mailconfig-mifi-ventures.loadbalancer.server.port=80"
- "traefik.http.services.mailconfig-mifi-ventures.loadbalancer.server.port=808080"
# mifi.vix.br
- "traefik.http.routers.mailconfig-mifi-vix-br.rule=Host(`autoconfig.mifi.vix.br`) || Host(`autodiscover.mifi.vix.br`)"
@@ -53,7 +69,7 @@ services:
- "traefik.http.routers.mailconfig-mifi-vix-br.tls=true"
- "traefik.http.routers.mailconfig-mifi-vix-br.tls.certresolver=letsencrypt"
- "traefik.http.routers.mailconfig-mifi-vix-br.service=mailconfig-mifi-vix-br"
- "traefik.http.services.mailconfig-mifi-vix-br.loadbalancer.server.port=80"
- "traefik.http.services.mailconfig-mifi-vix-br.loadbalancer.server.port=808080"
# mifi.me
- "traefik.http.routers.mailconfig-mifi-me.rule=Host(`autoconfig.mifi.me`) || Host(`autodiscover.mifi.me`)"
@@ -61,7 +77,7 @@ services:
- "traefik.http.routers.mailconfig-mifi-me.tls=true"
- "traefik.http.routers.mailconfig-mifi-me.tls.certresolver=letsencrypt"
- "traefik.http.routers.mailconfig-mifi-me.service=mailconfig-mifi-me"
- "traefik.http.services.mailconfig-mifi-me.loadbalancer.server.port=80"
- "traefik.http.services.mailconfig-mifi-me.loadbalancer.server.port=808080"
# blackice.vix.br
- "traefik.http.routers.mailconfig-blackice-vix-br.rule=Host(`autoconfig.blackice.vix.br`) || Host(`autodiscover.blackice.vix.br`)"
@@ -69,7 +85,7 @@ services:
- "traefik.http.routers.mailconfig-blackice-vix-br.tls=true"
- "traefik.http.routers.mailconfig-blackice-vix-br.tls.certresolver=letsencrypt"
- "traefik.http.routers.mailconfig-blackice-vix-br.service=mailconfig-blackice-vix-br"
- "traefik.http.services.mailconfig-blackice-vix-br.loadbalancer.server.port=80"
- "traefik.http.services.mailconfig-blackice-vix-br.loadbalancer.server.port=8080"
# fitz.guru
- "traefik.http.routers.mailconfig-fitz-guru.rule=Host(`autoconfig.fitz.guru`) || Host(`autodiscover.fitz.guru`)"
@@ -77,7 +93,7 @@ services:
- "traefik.http.routers.mailconfig-fitz-guru.tls=true"
- "traefik.http.routers.mailconfig-fitz-guru.tls.certresolver=letsencrypt"
- "traefik.http.routers.mailconfig-fitz-guru.service=mailconfig-fitz-guru"
- "traefik.http.services.mailconfig-fitz-guru.loadbalancer.server.port=80"
- "traefik.http.services.mailconfig-fitz-guru.loadbalancer.server.port=8080"
# umlautpress.com
- "traefik.http.routers.mailconfig-umlautpress-com.rule=Host(`autoconfig.umlautpress.com`) || Host(`autodiscover.umlautpress.com`)"
@@ -85,7 +101,7 @@ services:
- "traefik.http.routers.mailconfig-umlautpress-com.tls=true"
- "traefik.http.routers.mailconfig-umlautpress-com.tls.certresolver=letsencrypt"
- "traefik.http.routers.mailconfig-umlautpress-com.service=mailconfig-umlautpress-com"
- "traefik.http.services.mailconfig-umlautpress-com.loadbalancer.server.port=80"
- "traefik.http.services.mailconfig-umlautpress-com.loadbalancer.server.port=8080"
# camilla-rena.com
- "traefik.http.routers.mailconfig-camilla-rena-com.rule=Host(`autoconfig.camilla-rena.com`) || Host(`autodiscover.camilla-rena.com`)"
@@ -93,7 +109,7 @@ services:
- "traefik.http.routers.mailconfig-camilla-rena-com.tls=true"
- "traefik.http.routers.mailconfig-camilla-rena-com.tls.certresolver=letsencrypt"
- "traefik.http.routers.mailconfig-camilla-rena-com.service=mailconfig-camilla-rena-com"
- "traefik.http.services.mailconfig-camilla-rena-com.loadbalancer.server.port=80"
- "traefik.http.services.mailconfig-camilla-rena-com.loadbalancer.server.port=8080"
# officelift.net
- "traefik.http.routers.mailconfig-officelift-net.rule=Host(`autoconfig.officelift.net`) || Host(`autodiscover.officelift.net`)"
@@ -101,7 +117,7 @@ services:
- "traefik.http.routers.mailconfig-officelift-net.tls=true"
- "traefik.http.routers.mailconfig-officelift-net.tls.certresolver=letsencrypt"
- "traefik.http.routers.mailconfig-officelift-net.service=mailconfig-officelift-net"
- "traefik.http.services.mailconfig-officelift-net.loadbalancer.server.port=80"
- "traefik.http.services.mailconfig-officelift-net.loadbalancer.server.port=8080"
# mylocalpro.biz
- "traefik.http.routers.mailconfig-mylocalpro-biz.rule=Host(`autoconfig.mylocalpro.biz`) || Host(`autodiscover.mylocalpro.biz`)"
@@ -109,7 +125,7 @@ services:
- "traefik.http.routers.mailconfig-mylocalpro-biz.tls=true"
- "traefik.http.routers.mailconfig-mylocalpro-biz.tls.certresolver=letsencrypt"
- "traefik.http.routers.mailconfig-mylocalpro-biz.service=mailconfig-mylocalpro-biz"
- "traefik.http.services.mailconfig-mylocalpro-biz.loadbalancer.server.port=80"
- "traefik.http.services.mailconfig-mylocalpro-biz.loadbalancer.server.port=8080"
# mylocalpro.online
- "traefik.http.routers.mailconfig-mylocalpro-online.rule=Host(`autoconfig.mylocalpro.online`) || Host(`autodiscover.mylocalpro.online`)"
@@ -117,7 +133,7 @@ services:
- "traefik.http.routers.mailconfig-mylocalpro-online.tls=true"
- "traefik.http.routers.mailconfig-mylocalpro-online.tls.certresolver=letsencrypt"
- "traefik.http.routers.mailconfig-mylocalpro-online.service=mailconfig-mylocalpro-online"
- "traefik.http.services.mailconfig-mylocalpro-online.loadbalancer.server.port=80"
- "traefik.http.services.mailconfig-mylocalpro-online.loadbalancer.server.port=8080"
# happybeardedcarpenter.com
- "traefik.http.routers.mailconfig-happybeardedcarpenter-com.rule=Host(`autoconfig.happybeardedcarpenter.com`) || Host(`autodiscover.happybeardedcarpenter.com`)"
@@ -125,7 +141,7 @@ services:
- "traefik.http.routers.mailconfig-happybeardedcarpenter-com.tls=true"
- "traefik.http.routers.mailconfig-happybeardedcarpenter-com.tls.certresolver=letsencrypt"
- "traefik.http.routers.mailconfig-happybeardedcarpenter-com.service=mailconfig-happybeardedcarpenter-com"
- "traefik.http.services.mailconfig-happybeardedcarpenter-com.loadbalancer.server.port=80"
- "traefik.http.services.mailconfig-happybeardedcarpenter-com.loadbalancer.server.port=8080"
# thenewenglandpalletguy.com
- "traefik.http.routers.mailconfig-thenewenglandpalletguy-com.rule=Host(`autoconfig.thenewenglandpalletguy.com`) || Host(`autodiscover.thenewenglandpalletguy.com`)"
@@ -133,7 +149,7 @@ services:
- "traefik.http.routers.mailconfig-thenewenglandpalletguy-com.tls=true"
- "traefik.http.routers.mailconfig-thenewenglandpalletguy-com.tls.certresolver=letsencrypt"
- "traefik.http.routers.mailconfig-thenewenglandpalletguy-com.service=mailconfig-thenewenglandpalletguy-com"
- "traefik.http.services.mailconfig-thenewenglandpalletguy-com.loadbalancer.server.port=80"
- "traefik.http.services.mailconfig-thenewenglandpalletguy-com.loadbalancer.server.port=8080"
# dining-it.com
- "traefik.http.routers.mailconfig-dining-it-com.rule=Host(`autoconfig.dining-it.com`) || Host(`autodiscover.dining-it.com`)"
@@ -141,7 +157,7 @@ services:
- "traefik.http.routers.mailconfig-dining-it-com.tls=true"
- "traefik.http.routers.mailconfig-dining-it-com.tls.certresolver=letsencrypt"
- "traefik.http.routers.mailconfig-dining-it-com.service=mailconfig-dining-it-com"
- "traefik.http.services.mailconfig-dining-it-com.loadbalancer.server.port=80"
- "traefik.http.services.mailconfig-dining-it-com.loadbalancer.server.port=8080"
networks:
traefik: