docker-freescout icon indicating copy to clipboard operation
docker-freescout copied to clipboard
verified publisher icon tiredofit

Mail Signing & Encryption Module with Docker Setup

Open lucollab opened this issue 2 years ago • 4 comments

Hey, i would like to use the Mail Signing and Encryption module in my Docker setup from Freescout, but I can't get it to work at the moment because folders have to be created in the Docker container that are not in the volume area. And keys have to be imported, which probably won't survive the restart of the container either, as they are not persistent either.

Unfortunately, the instructions in the official repository didn't really help me: https://github.com/freescout-helpdesk/freescout/issues/1081

I proceeded as follows:

  1. created a folder "keys" in the volume "data" and gave it the same permissions as the other folders.
  2. I placed a file ".gnupg" in this folder and stored the key (which I created without a passphrase) in it.
  3. I imported the key into the bash of the Docker container with gpg --import /root/cert.asc.
  4. in the Freescout interface, I specified the following folder as the path to the key: /data/keys/.gnupg.

When I now want to send a test e-mail, I get the following message:

Unable to find an active key to sign for [email protected], try importing keys first.

Do you have any ideas how I can fix this error or proceed differently?

Thanks and best regards Lukas

lucollab avatar Oct 11 '23 14:10 lucollab

Sounds like you are close. There is likely a couple other folders that would need to be persisted to survive reboots related to gpg .. I don't have the plugin so I have no way to test sadly. Maybe another user will respond?

tiredofit avatar Oct 11 '23 15:10 tiredofit

i got it to work. i proceeded as follows

On the Host:

Added the Env for GnuOG to my docker-compose.yml:

environment:
- GNUPGHOME=/data/keys/.gnupg

In the Container: 0. docker exec -it freescout-app bash

  1. mkdir /data/keys

  2. mkdir /data/keys/.gnupg

  3. nano /data/keys/.gnupg/key.asc (put in my key)

  4. export GNUPGHOME=/data/keys/.gnupg/. (just for the moment, persistence is in the docker-compose)

  5. cd /data/keys/.gnupg/

  6. gpg --import key.asc

Gnupg is now importing the key and creating the files in the persistent folder /data/keys/.gnupg folder.

In the FreeScout Web Gui at the settings page i put in:

Path to GPG Keys Folder: /data/keys/.gnupg/ Key Email Address: [email protected]

Now i send a test mail but i didnt worked. I thought i cloud be the folder permissions...

I went into the container again:

  1. docker exec -it freescout-app bash
  2. chown -R nginx:www-data /data/keys/.gnupg/

Back in the FreeScout Web Gui:

  1. I tried again to send a test mail and it worked, it reaced me signed.

Buuuut...

Is it safe to have this permissions on this folder?

lucollab avatar Oct 11 '23 15:10 lucollab

If the application somehow has a security issue then someone would have full access to your GPG private key, so it would be a good idea to use a seperate one from your daily driver perhaps.

You may want to ensure that there are only read permissions for that folder.

Perhaps (off the top of my head here):

chown -R root:www-data /data/keys/.gnupg 
chmod -R 640 /data/keys/.gnupg

That should only give read access to the www-group, not the ability to write more keys. I'm not entirely sure if the folder needs to be written to to store other recipients keys, so this may need some adjustment.

tiredofit avatar Oct 11 '23 16:10 tiredofit

these permissions gave me this error while using the Test-Mail-Action at the configuration site in the webgui:

Unable to find an active key to sign for [email protected], try importing keys first.

lucollab avatar Oct 11 '23 16:10 lucollab