~migadu/alps#175: 
Enable encrypted access to webmail via https

I've attached the patch to alps I use to allow https access to the web interface, using auto-fetched Letsencrypt certificates.

I'm new to this project, so I apologize if this is the wrong forum.

Stephen

Status
RESOLVED CLOSED
Submitter
Stephen Uhler
Assigned to
No-one
Submitted
9 months ago
Updated
8 months ago
Labels
No labels applied.

~cnx 8 months ago

FYI todo.sr.ht drops attachments so your patch can't be accessed.

I wonder about your setup motivating this though. It's common for TLS to be handled by a reverse proxy, which is redundant if alps is the only web service, but that's rarely the case.

~emersion REPORTED CLOSED 8 months ago

Yeah, sorry, we're not interested in having LE support in alps. Using a reverse proxy handling all of that complexity (for all HTTP services) is a better design.

Please don't use todo.sr.ht to post patches -- these should be sent on the mailing list.

Stephen Uhler 8 months ago · edit

I've been running the email for my personal domain for decades. For at least the last 10 years it's been a combination of Exim, Dovecot, Roundcube (and all the baggage that comes with it), and some custom "certbot" scripts,  all on a Raspberry PI.  it's ugly and getting harder to maintain and justify.

I've (tentatively) replaced it all with "maddy" and "alps"; it's all the machine runs.  I've made two changes to alps:

  • it fetches and maintains the Letsencrypt certs
  • I can specify SMTP upstream credentials

With these changes, I can easily run alps anywhere standalone; I just point a "mail.mydomain.com" DNS record to it.  I run my web services somewhere else.

I'm fine if you don't want to add this to alps as out of scope. The almost trivial patch in main.go optionally replaces

go e.Start(addr)

with

e.AutoTLSManager.Cache = autocert.DirCache(certCache) go e.StartAutoTLS(addr)

Thanks for the quick response (and making this software available)

S

On 10/21/23 1:10 AM, ~cnx wrote:

FYI todo.sr.ht drops attachments so your patch can't be accessed.

I wonder about your setup motivating this though. It's common for TLS to be handled by a reverse proxy, which is redundant if alps is the only web service, but that's rarely the case.

Register here or Log in to comment, or comment via email.