This is an automated email from the ASF dual-hosted git repository.
btellier pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/james-project.git
The following commit(s) were added to refs/heads/master by this push:
new 1ca0b2b JAMES-3187 Document webadmin port binding to loopback
interface
1ca0b2b is described below
commit 1ca0b2b3d5f3fa99a0bc84733c7790043b2c4e69
Author: Benoit Tellier <[email protected]>
AuthorDate: Mon May 18 19:01:35 2020 +0700
JAMES-3187 Document webadmin port binding to loopback interface
This provides a ready to use command line while mitigating security risks
---
README.adoc | 15 +++++++++------
1 file changed, 9 insertions(+), 6 deletions(-)
diff --git a/README.adoc b/README.adoc
index 7fc1c38..3db0f3c 100644
--- a/README.adoc
+++ b/README.adoc
@@ -252,14 +252,15 @@ Then we need to build james container :
To run this container :
- $ docker run --hostname HOSTNAME -p "25:25" -p 80:80 -p "110:110" -p
"143:143" -p "465:465" -p "587:587" -p "993:993" --link cassandra:cassandra
--link rabbitmq:rabbitmq
+ $ docker run --hostname HOSTNAME -p "25:25" -p 80:80 -p "110:110" -p
"143:143" -p "465:465" -p "587:587" -p "993:993" -p "127.0.0.1:8000:8000"
--link cassandra:cassandra --link rabbitmq:rabbitmq
--link elasticsearch:elasticsearch --link tika:tika --link swift:swift
--name james_run -t james_run
Where :
- HOSTNAME: is the hostname you want to give to your James container. This DNS
entry will be used to send mail to your James server.
-You can add an optional port binding to port 8000, to expose the webadmin
server. Please note that users are not authenticated on webadmin server, thus
you should avoid exposing it in production.
+Webadmin port binding is restricted to loopback as users are not authenticated
by default on webadmin server. Thus you should avoid exposing it in production.
+Note that the above example assumes `127.0.0.1` is your loopback interface for
convenience but you should change it if this is not the case on your machine.
If you want to pass additional options to the underlying java command, you can
configure a _JVM_OPTIONS_ env variable, for example add:
@@ -334,13 +335,14 @@ Then we need to build james container :
To run this container :
- $ docker run --hostname HOSTNAME -p "25:25" -p 80:80 -p "110:110" -p
"143:143" -p "465:465" -p "587:587" -p "993:993" --link cassandra:cassandra
--link elasticsearch:elasticsearch --link tika:tika --name james_run -t
james_run
+ $ docker run --hostname HOSTNAME -p "25:25" -p 80:80 -p "110:110" -p
"143:143" -p "465:465" -p "587:587" -p "993:993" -p "127.0.0.1:8000:8000"
--link cassandra:cassandra --link elasticsearch:elasticsearch --link tika:tika
--name james_run -t james_run
Where :
- HOSTNAME: is the hostname you want to give to your James container. This DNS
entry will be used to send mail to your James server.
-You can add an optional port binding to port 8000, to expose the webadmin
server. Please note that webadmin is not secured by default, unless you
configure JWT authentication.
+Webadmin port binding is restricted to loopback as users are not authenticated
by default on webadmin server. Thus you should avoid exposing it in production.
+Note that the above example assumes `127.0.0.1` is your loopback interface for
convenience but you should change it if this is not the case on your machine.
To have log file accessible on a volume, add *-v $PWD/logs:/logs* option to
the above command line, where *$PWD/logs* is your local directory to put files
in.
@@ -382,11 +384,12 @@ Then we need to build james container :
To run this container :
- $ docker run --hostname HOSTNAME -p "25:25" -p 80:80 -p "110:110" -p
"143:143" -p "465:465" -p "587:587" -p "993:993" --name james_run -t james_run
+ $ docker run --hostname HOSTNAME -p "25:25" -p 80:80 -p "110:110" -p
"143:143" -p "465:465" -p "587:587" -p "993:993" -p "127.0.0.1:8000:8000"
--name james_run -t james_run
HOSTNAME is the hostname you want to give to your James container. This DNS
entry will be used to send mail to your James server.
-You can add an optional port binding to port 8000, to expose the webadmin
server. Please note that webadmin is not secured by default, unless you
configure JWT authentication.
+Webadmin port binding is restricted to loopback as users are not authenticated
by default on webadmin server. Thus you should avoid exposing it in production.
+Note that the above example assumes `127.0.0.1` is your loopback interface for
convenience but you should change it if this is not the case on your machine.
To have log file accessible on a volume, add *-v $PWD/logs:/logs* option to
the above command line, where *$PWD/logs* is your local directory to put files
in.
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
