README.md

@@ -25,8 +25,10 @@ After signing in you should run 'Re-check and refresh configuration' (should be
 - The build process should not be sending the entire directory as context, just root would do.
 - The initialisation script will set all notification e-mail addresses to admin@container-domain, this may not be what you want. Refer to root/etc/cont-init.d/50-virtualmin-config for a list of the files where this is set.
 - The initialisation script will also change ownership of a bunch of files and directories in /config to root:root, this might make a mess of existing data and I'm not really sure this is valid any more (feels like an old hack for permissions issues that may or may not still exist or could be handled better).
+- Something (I suspect docker) messes with the permissions in /etc, and that upsets quite a few things. DKIM refuses to work.
 - Running 'passwd' in the container will fail because /etc/shadow is actually a symlink, Webmin can manipulate the file just fine (I'm probably breaking some fundamental *nix concept here).
 - A number of features are installed directly in the container when really they should be separate containers that Virtualmin can link to (e.g. MySQL, ClamAV, SpamAssassin, and so on), and which probably have perfectly good images I could direct you to.
+- The Webmin certificate is generated during image build, this means all containers share the same default certificate which is bad for security.
 
 ## Licence
 

root/etc/cont-init.d/50-virtualmin-config

@@ -69,7 +69,6 @@ chown -R opendkim:opendkim /etc/dkimkeys
 chown -R clamav:clamav /var/lib/clamav
 chown -R mysql:root /var/run/mysqld
 chmod -R go-w /etc/postfix
-chmod go-w /etc
 
 # find the container's IP address (no doubt there are some containers that break this as we assume eth0 is the network device)
 MY_IP=$(ip addr show dev eth0 | grep -Eo 'inet (.*)/' | sed -e 's#inet ##' -e 's#/##')
@@ -91,6 +90,7 @@ MY_NAME=$(hostname)
     sed -i --follow-symlinks -e "s#root: admin@if-this-domain-resolves-someone-is-going-to-be-mad-at-me\.eteoxaoghtrhwfza#root: admin@$MY_DOMAIN#" /etc/aliases && \
     sed -i --follow-symlinks -e "s#sched_email=admin@if-this-domain-resolves-someone-is-going-to-be-mad-at-me\.eteoxaoghtrhwfza#sched_email=admin@$MY_DOMAIN#" /etc/webmin/status/config && \
     sed -i --follow-symlinks -e "s#validate_email=admin@if-this-domain-resolves-someone-is-going-to-be-mad-at-me\.eteoxaoghtrhwfza#validate_email=admin@$MY_DOMAIN#" /etc/webmin/virtual-server/config && \
+    sed -i --follow-symlinks -e "s#script_warn=if-this-domain-resolves-someone-is-going-to-be-mad-at-me\.eteoxaoghtrhwfza#script_warn=$MY_DOMAIN#" /etc/webmin/virtual-server/config && \
     sed -i --follow-symlinks -e "s#feedback_to=admin@if-this-domain-resolves-someone-is-going-to-be-mad-at-me\.eteoxaoghtrhwfza#feedback_to=admin@$MY_DOMAIN#" /etc/webmin/config && \
     sed -i --follow-symlinks -e "s#upemail=admin@if-this-domain-resolves-someone-is-going-to-be-mad-at-me\.eteoxaoghtrhwfza#upemail=admin@$MY_DOMAIN#" /etc/webmin/usermin/config && \
     sed -i --follow-symlinks -e "s#sched_email=admin@if-this-domain-resolves-someone-is-going-to-be-mad-at-me\.eteoxaoghtrhwfza#sched_email=admin@$MY_DOMAIN#" /etc/webmin/package-updates/config && \

root/etc/webmin/virtual-server/config

@@ -5,12 +5,9 @@ all_namevirtual=0
 allow_subdoms=0
 allow_symlinks=0
 allow_upper=0
-always_ssl=0
 apache_config=ServerName ${DOM}	ServerAlias www.${DOM}	ServerAlias mail.${DOM}	DocumentRoot ${HOME}/public_html	ErrorLog /var/log/virtualmin/${DOM}_error_log	CustomLog /var/log/virtualmin/${DOM}_access_log combined	ScriptAlias /cgi-bin/ ${HOME}/cgi-bin/	DirectoryIndex index.php index.php4 index.php5 index.htm index.html	<Directory ${HOME}/public_html>	Options -Indexes +IncludesNOEXEC +SymLinksIfOwnerMatch 	allow from all	AllowOverride All Options=ExecCGI,Includes,IncludesNOEXEC,Indexes,MultiViews,SymLinksIfOwnerMatch	</Directory>	<Directory ${HOME}/cgi-bin>	allow from all	AllowOverride All Options=ExecCGI,Includes,IncludesNOEXEC,Indexes,MultiViews,SymLinksIfOwnerMatch	</Directory>
 apache_ssl_config=
 append=1
-auto_letsencrypt=1
-auto_redirect=0
 avail_at=1
 avail_bind8=1
 avail_change-user=1
@@ -46,7 +43,6 @@ backuplog_days=7
 backup_onebyone=1
 backup_rotated=0
 batch_create=1
-bccs=0
 bccto=none
 bind_cloud=
 bind_config=
@@ -70,7 +66,6 @@ capabilities=none
 cert_type=sha2
 check_ports=1
 clamscan_cmd=clamscan
-collect_restart=0
 compression=0
 dbfnorename=0
 dbgroup=
@@ -141,7 +136,6 @@ gacl_root=${HOME}
 gacl_ugroups=${GROUP}
 gacl_umode=1
 gacl_users=
-generics=0
 ham_trap_white=0
 hide_alias=0
 home_backup=virtualmin-backup
@@ -354,8 +348,11 @@ web_writelogs=
 # customised settings
 alias_post_command=
 alias_pre_command=
+always_ssl=1
 apache_star=2
 append_style=6
+auto_letsencrypt=0
+auto_redirect=1
 avail_dns=0
 avail_file=0
 avail_postgres=0
@@ -366,6 +363,7 @@ avail_webminlog=0
 backup_feature_dns=0
 backup_feature_webalizer=0
 backuplog_age=7
+bccs=1
 bind_dmarcp=reject
 bind_dmarcrua=skip
 bind_dmarcruf=skip
@@ -386,15 +384,17 @@ collect_ifaces=
 collect_interval=30
 collect_noall=1
 collect_notemp=1
+collect_restart=1
 combined_cert=2
 combined_tmpl=
-contact_email=
+contact_email=admin@if-this-domain-resolves-someone-is-going-to-be-mad-at-me.eteoxaoghtrhwfza
 delete_logs=1
 denied_domains=
 dns=0
 dns_check=1
 dns_records=@ www ftp localhost m
 everything_tmpl=
+generics=1
 group_quotas=
 groupsame=1
 gzip_mysql=1
@@ -443,7 +443,7 @@ post_command=
 pre_command=
 quotas=0
 renew_letsencrypt=
-script_warn=
+script_warn=if-this-domain-resolves-someone-is-going-to-be-mad-at-me.eteoxaoghtrhwfza
 spam=1
 spam_client_global=1
 spam_delivery=$HOME/Maildir/.Junk/