You are viewing a plain text version of this content. The canonical link for it is here.
Posted to server-dev@james.apache.org by bt...@apache.org on 2020/05/27 07:51:20 UTC
[james-project] branch master updated: JAMES-3187 Document webadmin
port binding to loopback interface
This is an automated email from the ASF dual-hosted git repository.
btellier pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/james-project.git
The following commit(s) were added to refs/heads/master by this push:
new 1ca0b2b JAMES-3187 Document webadmin port binding to loopback interface
1ca0b2b is described below
commit 1ca0b2b3d5f3fa99a0bc84733c7790043b2c4e69
Author: Benoit Tellier <bt...@linagora.com>
AuthorDate: Mon May 18 19:01:35 2020 +0700
JAMES-3187 Document webadmin port binding to loopback interface
This provides a ready to use command line while mitigating security risks
---
README.adoc | 15 +++++++++------
1 file changed, 9 insertions(+), 6 deletions(-)
diff --git a/README.adoc b/README.adoc
index 7fc1c38..3db0f3c 100644
--- a/README.adoc
+++ b/README.adoc
@@ -252,14 +252,15 @@ Then we need to build james container :
To run this container :
- $ docker run --hostname HOSTNAME -p "25:25" -p 80:80 -p "110:110" -p "143:143" -p "465:465" -p "587:587" -p "993:993" --link cassandra:cassandra --link rabbitmq:rabbitmq
+ $ docker run --hostname HOSTNAME -p "25:25" -p 80:80 -p "110:110" -p "143:143" -p "465:465" -p "587:587" -p "993:993" -p "127.0.0.1:8000:8000" --link cassandra:cassandra --link rabbitmq:rabbitmq
--link elasticsearch:elasticsearch --link tika:tika --link swift:swift --name james_run -t james_run
Where :
- HOSTNAME: is the hostname you want to give to your James container. This DNS entry will be used to send mail to your James server.
-You can add an optional port binding to port 8000, to expose the webadmin server. Please note that users are not authenticated on webadmin server, thus you should avoid exposing it in production.
+Webadmin port binding is restricted to loopback as users are not authenticated by default on webadmin server. Thus you should avoid exposing it in production.
+Note that the above example assumes `127.0.0.1` is your loopback interface for convenience but you should change it if this is not the case on your machine.
If you want to pass additional options to the underlying java command, you can configure a _JVM_OPTIONS_ env variable, for example add:
@@ -334,13 +335,14 @@ Then we need to build james container :
To run this container :
- $ docker run --hostname HOSTNAME -p "25:25" -p 80:80 -p "110:110" -p "143:143" -p "465:465" -p "587:587" -p "993:993" --link cassandra:cassandra --link elasticsearch:elasticsearch --link tika:tika --name james_run -t james_run
+ $ docker run --hostname HOSTNAME -p "25:25" -p 80:80 -p "110:110" -p "143:143" -p "465:465" -p "587:587" -p "993:993" -p "127.0.0.1:8000:8000" --link cassandra:cassandra --link elasticsearch:elasticsearch --link tika:tika --name james_run -t james_run
Where :
- HOSTNAME: is the hostname you want to give to your James container. This DNS entry will be used to send mail to your James server.
-You can add an optional port binding to port 8000, to expose the webadmin server. Please note that webadmin is not secured by default, unless you configure JWT authentication.
+Webadmin port binding is restricted to loopback as users are not authenticated by default on webadmin server. Thus you should avoid exposing it in production.
+Note that the above example assumes `127.0.0.1` is your loopback interface for convenience but you should change it if this is not the case on your machine.
To have log file accessible on a volume, add *-v $PWD/logs:/logs* option to the above command line, where *$PWD/logs* is your local directory to put files in.
@@ -382,11 +384,12 @@ Then we need to build james container :
To run this container :
- $ docker run --hostname HOSTNAME -p "25:25" -p 80:80 -p "110:110" -p "143:143" -p "465:465" -p "587:587" -p "993:993" --name james_run -t james_run
+ $ docker run --hostname HOSTNAME -p "25:25" -p 80:80 -p "110:110" -p "143:143" -p "465:465" -p "587:587" -p "993:993" -p "127.0.0.1:8000:8000" --name james_run -t james_run
HOSTNAME is the hostname you want to give to your James container. This DNS entry will be used to send mail to your James server.
-You can add an optional port binding to port 8000, to expose the webadmin server. Please note that webadmin is not secured by default, unless you configure JWT authentication.
+Webadmin port binding is restricted to loopback as users are not authenticated by default on webadmin server. Thus you should avoid exposing it in production.
+Note that the above example assumes `127.0.0.1` is your loopback interface for convenience but you should change it if this is not the case on your machine.
To have log file accessible on a volume, add *-v $PWD/logs:/logs* option to the above command line, where *$PWD/logs* is your local directory to put files in.
---------------------------------------------------------------------
To unsubscribe, e-mail: server-dev-unsubscribe@james.apache.org
For additional commands, e-mail: server-dev-help@james.apache.org