nginx: allow custom nginx config under sites-enabled

fix 562
feat: Check whether GCC is installed in initenv.sh
2026-05-10 16:04:37 +00:00 · 2025-08-19 09:44:48 +02:00 · 2025-08-16 10:04:44 +02:00 · 2025-08-16 10:04:44 +02:00 · 2025-08-08 12:28:29 +02:00 · 2025-07-28 16:16:14 +02:00
6 changed files with 67 additions and 6 deletions
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -2,6 +2,12 @@

 ## untagged

+- Allow custom nginx config files
+  ([#617](https://github.com/chatmail/relay/pull/617))
+
+- Check whether GCC is installed in initenv.sh
+  ([#608](https://github.com/chatmail/relay/pull/608))
+
 - Expire push notification tokens after 90 days
  ([#583](https://github.com/chatmail/relay/pull/583))

@@ -14,6 +20,9 @@
 - Reconfigure Dovecot imap-login service to high-performance mode
  ([#578](https://github.com/chatmail/relay/pull/578))

+- Set timezone to improve dovecot performance
+  ([#584](https://github.com/chatmail/relay/pull/584))
+
 - Increase nginx connection limits
  ([#576](https://github.com/chatmail/relay/pull/576))

--- a/README.md
+++ b/README.md
@@ -255,6 +255,19 @@ This starts a local live development cycle for chatmail web pages:

 - Starts a browser window automatically where you can "refresh" as needed.

+#### Custom web pages
+
+If you want to include other pages,
+they need their separate nginx config
+under `/etc/nginx/sites-enabled/`.
+Note that they need to listen on port 8443 instead of 443.
+
+To request TLS certificates for the corresponding domains,
+point the DNS records to your Server and run `acmetool want <domain>`.
+You can find the TLS certificates under `/var/lib/acme/live`.
+They will be automatically renewed.
+
+
 ## Mailbox directory layout

 Fresh chatmail addresses have a mailbox directory that contains: 
@@ -541,3 +554,6 @@ Here are some related projects that you may be interested in:
  progress](https://github.com/mjl-/mox/issues/251) to modify it to support all
  of the features and configuration settings required to operate as a chatmail
  relay.
+- [Maddy-Chatmail](https://github.com/sadraiiali/maddy_chatmail): a plugin for the
+  [Maddy email server](https://maddy.email/) which aims to implement the
+  chatmail relay features and configuration options.
--- a/cmdeploy/src/cmdeploy/init.py
+++ b/cmdeploy/src/cmdeploy/init.py
@@ -346,7 +346,7 @@ def _install_dovecot_package(package: str, arch: str):
        src=url,
        dest=deb_filename,
        sha256sum=sha256,
-        cache_time=60 * 60 * 24 * 365,  # cache the .deb for a year,
+        cache_time=60 * 60 * 24 * 365 * 10,  # never redownload the package
    )

    apt.deb(name=f"Install dovecot-{package}", src=deb_filename)
@@ -410,6 +410,13 @@ def _configure_dovecot(config: Config, debug: bool = False) -> bool:
            persist=True,
        )

+    timezone_env = files.line(
+        name="Set TZ environment variable",
+        path="/etc/environment",
+        line="TZ=:/etc/localtime",
+    )
+    need_restart |= timezone_env.changed
+
    return need_restart


@@ -417,6 +424,12 @@ def _configure_nginx(config: Config, debug: bool = False) -> bool:
    """Configures nginx HTTP server."""
    need_restart = False

+    files.link(
+        name="disable nginx default site",
+        path="/etc/nginx/sites-enabled/default",
+        present=False,
+    )
+
    main_config = files.template(
        src=importlib.resources.files(__package__).joinpath("nginx/nginx.conf.j2"),
        dest="/etc/nginx/nginx.conf",
@@ -709,9 +722,10 @@ def deploy_chatmail(config_path: Path, disable_mail: bool) -> None:
        packages="postfix",
    )

-    _install_dovecot_package("core", host.get_fact(facts.server.Arch))
-    _install_dovecot_package("imapd", host.get_fact(facts.server.Arch))
-    _install_dovecot_package("lmtpd", host.get_fact(facts.server.Arch))
+    if not "dovecot.service" in host.get_fact(SystemdEnabled):
+        _install_dovecot_package("core", host.get_fact(facts.server.Arch))
+        _install_dovecot_package("imapd", host.get_fact(facts.server.Arch))
+        _install_dovecot_package("lmtpd", host.get_fact(facts.server.Arch))

    apt.packages(
        name="Install nginx",
@@ -808,8 +822,14 @@ def deploy_chatmail(config_path: Path, disable_mail: bool) -> None:
        name="Ensure cron is installed",
        packages=["cron"],
    )
-    git_hash = subprocess.check_output(["git", "rev-parse", "HEAD"]).decode()
-    git_diff = subprocess.check_output(["git", "diff"]).decode()
+    try:
+        git_hash = subprocess.check_output(["git", "rev-parse", "HEAD"]).decode()
+    except Exception:
+        git_hash = "unknown\n"
+    try:
+        git_diff = subprocess.check_output(["git", "diff"]).decode()
+    except Exception:
+        git_diff = ""
    files.put(
        name="Upload chatmail relay git commiit hash",
        src=StringIO(git_hash + git_diff),
--- a/cmdeploy/src/cmdeploy/nginx/nginx.conf.j2
+++ b/cmdeploy/src/cmdeploy/nginx/nginx.conf.j2
@@ -136,4 +136,7 @@ http {
 		return 301 $scheme://{{ config.domain_name }}$request_uri;
 		access_log syslog:server=unix:/dev/log,facility=local7;
 	}
+
+    # Include custom pages; they need to listen on port 8443 instead of port 443
+	include /etc/nginx/sites-enabled/*;
 }
--- a/cmdeploy/src/cmdeploy/tests/online/test_1_basic.py
+++ b/cmdeploy/src/cmdeploy/tests/online/test_1_basic.py
@@ -65,6 +65,14 @@ class TestSSHExecutor:
        assert (now - since_date).total_seconds() < 60 * 60 * 51


+def test_timezone_env(remote):
+    for line in remote.iter_output("env"):
+        print(line)
+        if line == "tz=:/etc/localtime":
+            return True
+    pytest.fail("TZ is not set")
+
+
 def test_remote(remote, imap_or_smtp):
    lineproducer = remote.iter_output(imap_or_smtp.logcmd)
    imap_or_smtp.connect()
--- a/scripts/initenv.sh
+++ b/scripts/initenv.sh
@@ -9,6 +9,11 @@ if command -v lsb_release 2>&1 >/dev/null; then
        echo "You need to install python3-dev for installing the other dependencies."
        exit 1
      fi
+      if ! gcc --version 2>&1 >/dev/null
+      then
+        echo "You need to install gcc for building Python dependencies."
+        exit 1
+      fi
      ;;
  esac
 fi
Author	SHA1	Message	Date
missytake	bedfc09e8e	nginx: allow custom nginx config under sites-enabled fix 562	2025-08-19 09:44:48 +02:00
cliffmccarthy	3ce350de9e	feat: Check whether GCC is installed in initenv.sh - Before proceeding with installation of Python dependencies, check whether the 'gcc' command is available by running it with the --version argument. If it is not available, print a helpful message and exit. - For the current set of Python dependencies, without GCC, the build process fails when building the crypt-r package. According to the error message, on my system the exact command it tries to run is 'x86_64-linux-gnu-gcc', but rather than depend on this variant specifically, the script checks for the generic 'gcc' command, so as to avoid coupling the check to an architecture or operating system. Similar problems arise if we attempt to check for packages by name; the compiler binary is provided by 'gcc-11', but the symlinks that provide the unversioned commands (as used by the Python build) come from a package named 'gcc'. Trying to be too precise in what we check for could lead to unnecessary failures in some environments, or become a maintenance challenge in the future. For that reason, this change simply attempts to run 'gcc' and uses that as a probably-sufficient proxy for having what the Python package install will need.	2025-08-16 10:04:44 +02:00
cliffmccarthy	1e05974970	feat: Make sure build-essential is installed - The Python modules installed by initenv.sh require a compiler to build. - Revised initenv.sh to check whether build-essential is installed before proceeding, if the system is based on Debian or Ubuntu.	2025-08-16 10:04:44 +02:00
cliffmccarthy	577c04d537	feat: Add try blocks around Git commands in cmdeploy/__init__.py - Added 'try' blocks around the 'git rev-parse' and 'git diff' commands that are run in deploy_chatmail(). If there is an error running rev-parse, git_hash is set to "unknown". If there is an error running diff, git_diff is set to the null string. - This allows the deployment process work in two scenarios that would otherwise fail with an exception: - Systems where the 'git' command is not available. - When running with a copy of the tree content of chatmail/relay, but without a copy of the .git directory.	2025-08-08 12:28:29 +02:00
missytake	d880937d44	doc: added maddy-chatmail to README (#605 ) * doc: added maddy-chatmail to README * Update README.md Co-authored-by: holger krekel <holger@merlinux.eu> --------- Co-authored-by: holger krekel <holger@merlinux.eu>	2025-07-28 16:16:14 +02:00
missytake	46d2334e9c	add changelog	2025-07-09 08:42:25 +02:00
missytake	0ba94dc613	dovecot: set TZ=:/etc/localtime to improve performance	2025-07-09 08:42:25 +02:00
missytake	d379feea4f	dovecot: only install if it isn't installed already	2025-07-08 19:41:19 +00:00
missytake	e82abee1b9	dovecot: fix errors on re-deployment	2025-07-08 19:41:19 +00:00