v0.5.2

stalwartlabs · Jan 7, 2024 · d829b56 · d829b56
1 parent 3a800af
commit d829b56
Show file tree

Hide file tree

Showing 9 changed files with 49 additions and 13 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -2,12 +2,14 @@
 
 All notable changes to this project will be documented in this file. This project adheres to [Semantic Versioning](http://semver.org/).
 
-## [0.5.2] - 2024-01-xx
+## [0.5.2] - 2024-01-07
+
+Please read the [UPGRADING.md](UPGRADING.md) file for more information on how to upgrade from previous versions.
 
 ## Added
-- ACME support for automatic TLS certificate generation and renewal.
-- TLS certificate hot-reloading.
-- HAProxy protocol support.
+- [ACME](https://stalw.art/docs/server/tls/acme) support for automatic TLS certificate generation and renewal (#160).
+- TLS certificate [hot-reloading](https://stalw.art/docs/management/database/maintenance#tls-certificate-reloading).
+- [HAProxy protocol](https://stalw.art/docs/server/proxy) support (#36).
 
 ### Changed
 

diff --git a/UPGRADING.md b/UPGRADING.md
@@ -1,4 +1,16 @@
-Upgrading from `v0.5.0` to `v0.5.x`
+Upgrading from `v0.5.1` to `v0.5.2`
+-----------------------------------
+
+- Make sure that implicit TLS is enabled for the JMAP [listener](https://stalw.art/docs/server/listener) configured under `ets/jmap/listener.toml`:
+  ```toml
+  [server.listener."jmap".tls]
+  implicit = true
+  ```
+- Optional: Enable automatic TLS with [ACME](https://stalw.art/docs/server/tls/acme).
+- Replace the binary with the new version.
+- Restart the service.
+
+Upgrading from `v0.5.0` to `v0.5.1`
 -----------------------------------
 
 - Replace the binary with the new version.

diff --git a/crates/install/src/main.rs b/crates/install/src/main.rs
@@ -111,9 +111,10 @@ enum SmtpDirectory {
     Imap,
 }
 
-const DIRECTORIES: [[&str; 2]; 6] = [
+const DIRECTORIES: [[&str; 2]; 7] = [
     ["bin", ""],
     ["etc", "dkim"],
+    ["etc", "acme"],
     ["data", "blobs"],
     ["logs", ""],
     ["queue", ""],

diff --git a/crates/utils/src/acme/directory.rs b/crates/utils/src/acme/directory.rs
@@ -274,6 +274,7 @@ pub enum DirectoryError {
     NoTlsAlpn01Challenge,
 }
 
+#[allow(unused_mut)]
 async fn https(
     url: impl AsRef<str>,
     method: Method,

diff --git a/crates/utils/src/config/tls.rs b/crates/utils/src/config/tls.rs
@@ -93,12 +93,6 @@ impl Config {
                 })
                 .collect::<Vec<_>>();
             let cache = PathBuf::from(self.value_require(("acme", acme_id, "cache"))?);
-            if !cache.exists() {
-                std::fs::create_dir_all(&cache).map_err(|err| {
-                    format!("Failed to create ACME cache directory {:?}: {}", cache, err)
-                })?;
-            }
-
             let renew_before: Duration =
                 self.property_or_static(("acme", acme_id, "renew-before"), "30d")?;
 

diff --git a/crates/utils/src/listener/mod.rs b/crates/utils/src/listener/mod.rs
@@ -115,6 +115,8 @@ pub trait SessionManager: Sync + Send + 'static + Clone {
                             tracing::debug!(
                                 context = "tls",
                                 event = "error",
+                                instance = session.instance.id,
+                                protocol = ?session.instance.protocol,
                                 remote.ip = session.remote_ip.to_string(),
                                 "Failed to accept TLS connection: {}",
                                 err

diff --git a/resources/config/common/server.toml b/resources/config/common/server.toml
@@ -5,7 +5,7 @@
 [server]
 hostname = "%{HOST}%"
 max-connections = 8192
-#proxy-trusted-networks = ["10.0.0.0/8", "127.0.0.0/8"]
+#proxy-trusted-networks = ["127.0.0.0/8", "::1", "10.0.0.0/8"]
 
 [server.run-as]
 user = "stalwart-mail"

diff --git a/tests/resources/docker/Docker.haproxy b/tests/resources/docker/Docker.haproxy
@@ -0,0 +1,6 @@
+# docker build -t test-haproxy -f Docker.haproxy .
+# docker run -it --rm --name haproxy-syntax-check test-haproxy haproxy -c -f /usr/local/etc/haproxy/haproxy.cfg
+# docker run -d -p 1111:1111 --name some-haproxy --sysctl net.ipv4.ip_unprivileged_port_start=0 test-haproxy
+
+FROM haproxy:2.3
+COPY haproxy.cfg /usr/local/etc/haproxy/haproxy.cfg
diff --git a/tests/resources/docker/haproxy.cfg b/tests/resources/docker/haproxy.cfg
@@ -0,0 +1,18 @@
+global
+    log stdout format raw local0
+
+defaults
+    log     global
+    timeout connect 5000ms
+    timeout client  50000ms
+    timeout server  50000ms
+
+frontend tcp_in
+    bind *:1111
+    mode tcp
+    option tcplog
+    default_backend tcp_out
+
+backend tcp_out
+    mode tcp
+    server docker_server host.docker.internal:143 send-proxy