The docker images should be expanded to support also arm architectures.

https://github.com/jasonmunro/cypht-docker/blob/2a8115a2750ce5aa4c3ece12f2ea914c46116afd/image/docker-entrypoint.sh#L212

Reverse proxying Cypht docker, I need to put it in its own virtualhost (https://webmail.example.org). I'd prefer to use a subpath (https://example.org/webmail/). I believe that customizing the above symlink could do that.

dest="/var/www/$CYPHT_PREFIX_PATH"
mkdir -p "$(dirname "$dest")"
ln -s /usr/local/share/cypht/site "${dest%%/}"

Or in a more hacky way:

docker run \
  ...
  --entrypoint /bin/sh \
  sailfrog/cypht-docker:latest \
  -c "mkdir -p /usr/local/share/cypht/site; ln -s . /usr/local/share/cypht/site/webmail; exec docker-entrypoint.sh"

Hello,

I saw at the cypth git page (cypht-org/cypht#442) that a customized DB port was added. Is this accessible via the docker image provided by dockerhub (https://registry.hub.docker.com/r/sailfrog/cypht-docker/)?

I tried to add a ENV called "CYPHT_DB_PORT" but I still get "Waiting for database connection ... (SQLSTATE[HY000] [2002] Connection refused)".
I am running the sailfrog/cypht-docker on a synology 918+ NAS and want to use a mariadb docker container on a non-standard port als database.

Best
Aradhir

Setup

I am using docker latest version with docker-compose provided here.

Here are my env vars :

      - CYPHT_AUTH_USERNAME=*********
      - CYPHT_AUTH_PASSWORD=*********
      - CYPHT_DB_CONNECTION_TYPE=host
      - CYPHT_DB_HOST=db
      - CYPHT_DB_NAME=cypht
      - CYPHT_DB_USER=********
      - CYPHT_DB_PASS=**********
      - CYPHT_SESSION_TYPE=DB
      - CYPHT_AUTH_TYPE=IMAP
      - CYPHT_IMAP_AUTH_NAME="Mailserver"
      - CYPHT_IMAP_AUTH_SERVER=mail.exemple.com
      - CYPHT_IMAP_AUTH_PORT=993
      - CYPHT_IMAP_AUTH_TLS=true
      - CYPHT_DEFAULT_SMTP_NAME="Mailserver"
      - CYPHT_DEFAULT_SMTP_SERVER=mail.exemple.com
      - CYPHT_DEFAULT_SMTP_PORT=587
      - CYPHT_DEFAULT_SMTP_TLS=true
      - CYPHT_DEFAULT_SMTP_NO_AUTH=false
      - CYPHT_MODULE_DESKTOP_NOTIFICATIONS=enable
      - CYPHT_DEFAULT_SETTING_TIMEZONE=Europe/Paris
      - CYPHT_DEFAULT_SETTING_LANGUAGE=en
      - CYPHT_ADMIN_USERS="********@exemple.com"

I am trying to authenticate against a Dovecot instance which runs well for a couple of years and I never had any issue with any other IMAP client.

Here's dovecot SSL config :

ssl_min_protocol = TLSv1.2
ssl = required
ssl_cipher_list = EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH
ssl_prefer_server_ciphers = yes
disable_plaintext_auth = yes

Issue

When I try to login on Cypht WebUI, I get a "Invalid username or password" message.

When I check Dovecot logs I get this logs:

Feb 17 13:38:06  dovecot: imap-login: Debug: SSL: where=0x10, ret=1: before SSL initialization
Feb 17 13:38:06  dovecot: imap-login: Debug: SSL: where=0x2001, ret=1: before SSL initialization
Feb 17 13:38:06  dovecot: imap-login: Debug: SSL: where=0x2002, ret=-1: before SSL initialization
Feb 17 13:38:06  dovecot: imap-login: Debug: SSL: where=0x2001, ret=1: before SSL initialization
Feb 17 13:38:06  dovecot: imap-login: Debug: SSL alert: where=0x4008, ret=582: fatal protocol version
Feb 17 13:38:06  dovecot: imap-login: Debug: SSL: where=0x2002, ret=-1: error
Feb 17 13:38:06  dovecot: imap-login: Debug: SSL error: SSL_accept() failed: error:14209102:SSL routines:tls_early_post_process_client_hello:unsupported protocol
Feb 17 13:38:06  dovecot: imap-login: Disconnected (no auth attempts in 0 secs): user=<>, rip=X.X.X.X, lip=X.X.X.X, TLS handshaking: SSL_accept() failed: error:14209102:SSL routines:tls_early_post_process_client_hello:unsupported protocol, session=<+IfHleT0ya3BN192>
Feb 17 13:38:06  dovecot: imap-login: Debug: SSL error: SSL_accept() syscall failed: Invalid argument

What I tried

Change CYPHT_IMAP_AUTH_TLS from true to false

I shouldn't do it as my IMAP is secured by SSL, but still. Dovecot logs now says:

Feb 17 13:14:55 mail dovecot: imap-login: Disconnected (no auth attempts in 0 secs): user=<>, rip=X.X.X.X, lip=X.X.X.X, TLS handshaking: SSL_accept() failed: error:1408F10B:SSL routines:ssl3_get_record:wrong version number, session=<BF/lQuT0j23BN192>

I don't know what I'm supposed to think here as no SSL negociation should be attempted, I should have a SSL version number error.

Change SSL config on dovecot

I tried to comment those lines without any success:

# ssl_min_protocol = TLSv1.2
# ssl_cipher_list = EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH
# ssl_prefer_server_ciphers = yes  

I also tried to change ssl_min_protocol from TLSv1.2 to TLSv1.0 : same results.

I changed ssl_cipher_list to ALL with same results as well.

Am I missing something there ?

Not sure what's up, but seeing no log messages about failure. When using the specified password, it returns to the login screen with no error.

I'm debugging this as well myself but wanted to put a note here.

I've just set up Cypht using Docker.

I have everything up and running, and I can add IMAP accounts fine. Now I am trying to add a Gmail account.

I've set up the required project in Google Cloud Console, and added the credentials to my oauth2.ini file. I am running Cypht behind a reverse proxy (SWAG - nginx) as a subdomain (https://cypht.mydomain.com)

When I try to add the Gmail account in Cypht, I hit Enable when it asks about OAuth, then it redirects me to the Google sign-in, I choose my account, select what Cypht can access (mail/contacts), then hit Continue. It then returns me to Cypht as if I had just opened it in a new window, and the account is not added. I'm guessing it has something to do with the reverse proxy not handling the oauth redirect_uri properly? But I'm not sure how to fix it.

Any help would be appreciated!

The good

Cypht currently has a record number of contributors: https://openhub.net/p/cypht/contributors/summary

We have:

• graphic designers
• back-end developers (including some that are developing sysadmin/devops expertise)
• front-end developers

We are building fantastic things on top of the fantastic work that Jason Munro did for many many years.

The bad

• We don't have anyone with Docker expertise available / involved at the moment in the Cypht community.

The ugly

• There has never been Docker expertise in the Cypht community. Jason created what we have, and did the best he could but it is not his area of expertise.
• Many community members want to deploy Cypht via Docker (and we know the standard installation process is not simple)
• Issues and MRs are piling up and we don't know how to deal with them
• https://hub.docker.com/r/sailfrog/cypht-docker has over 100k pulls and we know it's not good.

The ask

So this is a call to Docker experts out there. We need you!

We don't need you to take this on forever. 2 PHP developers will work with you on the project. We need an expert to review the overall situation, chart a plan, and lead/guide/coach our developers.

Thanks!

As per title, the manage sieve module is shipped with cypht, but it's disabled by default and the current scripts do not have a way to re-enable it.

Please build at least with --platform linux/amd64,linux/arm64 if possible.

Thank you

Is there interest in a helm chart addition to this repo (to ease kubernetes installs using this docker image), or is there a different preferred chart repo location?

I'd be willing to submit a PR if this is an appropriate location.

Let me know and I'll write one up.

Thanks!

Could you trigger a rebuild on docker hub? It's multiple months behind.

Also, would you consider setting a cronjob somewhere (if you have a VPS or another on system) to trigger a rebuild weekly? This will allow it to track latest changes. You can trigger a rebuild with dockerhub by simply curling a URL it gives you in the backend.

I really look forward to using this tool more!

Hello,

Someone can help me to configure Cypht on Synology with Container Manager (ex Docker)

I use the sailfrog-cypht and when i lauch the contener i have this error in log :

Waiting for database connection ... (SQLSTATE[HY000] [2002] Connection refused)

Thanks

Cypht can handle JMAP using custom configuration from the UI. It would be great to allow JMAP configuration from environment (same as IMAP and POP3)

Using the environment variable CYPHT_MODULE_2FA=enable i get the error "Unable to generate 2 factor authentication QR code"

Hi,
Trying out Cypht to find a good webmail.
I can't seem to be able to setup the secrets on the docker-compose to hide the passwords.

version: "3.5"
services:
  cypht:
    image: sailfrog/cypht-docker:latest
    container_name: cypht
    restart: unless-stopped
    networks:
      - proxy
    volumes:
      - /etc/localtime:/etc/localtime:ro
      - ${HOME}/cypht/users:/var/lib/hm3/users
      - ${HOME}/cypht/app_data:/var/lib/hm3/app_data
    secrets:
      - cyphtpass
      - cyphtdbpass
    environment:
      - CYPHT_SESSION_TYPE=DB
      - CYPHT_AUTH_USERNAME=myuser
      - CYPHT_AUTH_PASSWORD_FILE=/run/secrets/cyphtpass
      - CYPHT_DB_CONNECTION_TYPE=host
      - CYPHT_DB_HOST=mariadb
      - CYPHT_DB_NAME=cypht
      - CYPHT_DB_USER=cypht
      - CYPHT_DB_PASS_FILE=/run/secrets/cyphtdbpass
      - CYPHT_DB_DRIVER=mysql
      - PUID=1000
      - PGID=1000
networks:
  # proxy network to enable container access to internet
  proxy:
    external: true
secrets:
  cyphtpass:
    file: ${HOME}/.secrets/cyphtpass
  cyphtdbpass:
    file: ${HOME}/.secrets/cyphtdbpass

It works fine without the secrets by putting the passwords (user and database) in clear in the file!

Any options to be able to hide those passwords would be welcome.

Is it possible to merge the Redis conf PR ( #10 ) and rebuild and update the dockerhub?

Hello!
I'm just starting with cypht and face issue to create other users as there's no entries in my menu.

I feel i'm missing something but cant understand what, is there something else to do?

Container started with the default yml suggestion
Log show no errors and looks to load account module:

Thanks for your help!

Regards - JS

Following the README instruction creates an installation with a various random errors when trying to read messages.

However, when I downloaded your code and built the docker image from scratch, things ran just fine.
Could you please rebuild the image and update it in dockerhub so we get the current cypht version again?

💬 Question

During the installation through Unraid compose, the log reported the following warnings:

Warning: Use of undefined constant DB - assumed 'DB' (this will throw an Error in a future version of PHP) in /tmp/cypht_setup_database.php on line 3

Warning: Use of undefined constant DB - assumed 'DB' (this will throw an Error in a future version of PHP) in /tmp/cypht_setup_database.php on line 4

Warning: Use of undefined constant file - assumed 'file' (this will throw an Error in a future version of PHP) in /tmp/cypht_setup_database.php on line 5

Warning: Use of undefined constant mysql - assumed 'mysql' (this will throw an Error in a future version of PHP) in /tmp/cypht_setup_database.php on line 6
Waiting for database connection ... (SQLSTATE[HY000] [1045] Access denied for user 'cypht'@'172.17.0.1' (using password: YES))

My configuration on Unraid compose is as follows:

version: '3'
services:
  cypht:
    image: sailfrog/cypht-docker:latest
    container_name: cypht
    network_mode: bridge
    restart: always
    #privileged: true
    volumes:
      - /mnt/user/Personal/cypht:/var/lib/hm3/users
    ports:
      - "8280:80"
    environment:
      - CYPHT_AUTH_USERNAME=admin
      - CYPHT_AUTH_PASSWORD=admin_password
      - CYPHT_DB_CONNECTION_TYPE=host
      - CYPHT_DB_HOST=192.168.3.10
      - CYPHT_DB_DRIVER=mysql
      - CYPHT_DB_NAME=cypht
      - CYPHT_DB_USER=cypht
      - CYPHT_DB_PASS=Z
      - CYPHT_SESSION_TYPE=DB
      - CYPHT_DEFAULT_SETTING_TIMEZONE=Asia/Shanghai
      - CYPHT_MODULE_POP3=disable
      - CYPHT_MODULE_IMAP=enable
    labels:
      net.unraid.docker.webui: https://mail.domain.com/
      net.unraid.docker.icon: https://raw.githubusercontent.com/cypht-org/cypht/6d0e50a1778cd63a77130e44f4b46bb9c2a1cb82/modules/core/assets/images/logo.svg
      traefik.enable: true
      traefik.http.routers.cypht.rule: Host(`mail.domain.com`)
      traefik.http.services.cypht.loadbalancer.server.port: 80

networks:
  default:
    name: bridge
    external: true

I would like to use postgresql as database. For my configuration i get the error message:

Waiting for database connection … (could not find driver)

My compose looks like

  cypht-db:
    image: postgres:15
    container_name: cypht-db
    restart: always
    environment:
      - POSTGRES_USER=cypht
      - POSTGRES_PASSWORD=password
      - POSTGRES_DB=cypht
    volumes:
      - /mnt/user/docker/cypht/backup:/backup
      - /mnt/user/docker/cypht/postgres/15:/var/lib/postgresql/data
    healthcheck:
      test: ["CMD-SHELL", "pg_isready -U cypht"]
      interval: 10s
      timeout: 5s
      retries: 5
    labels:
      - "com.centurylinklabs.watchtower.enable=true"

  cypht-app:
    image: sailfrog/cypht-docker:latest
    container_name: cypht-app
    volumes:
      - ./cypht/users:/var/lib/hm3/users
    ports:
      - 80:80
    environment:
      - CYPHT_AUTH_USERNAME=admin
      - CYPHT_AUTH_PASSWORD=admin_password
      - CYPHT_DB_CONNECTION_TYPE=host
      - CYPHT_DB_HOST=cypht-db
      - CYPHT_DB_NAME=cypht
      - CYPHT_DB_USER=cypht
      - CYPHT_DB_PASS=password
      - CYPHT_DB_DRIVER=pgsql
      - CYPHT_SESSION_TYPE=DB
    labels:
      - "com.centurylinklabs.watchtower.enable=true"

When i take a look at Dockerfile i see, that the pdo driver for postgresql is missing. I think the Pull Request #11 solves this issue.

I'm new to cypht. It appears you can run cypht using sqlite without mysql. But I dont think this setup is supported in docker.

Hello, i had *70 open() "/var/tmp/nginx/fastcgi/3/00/0000000003" failed (13: Permission denied), when i was reading a mail with picture (Server Error);

Resolved with :
chown -R www-data:www-data /var/tmp/nginx

:)