diff --git a/README.md b/README.md index 91b25e5..6b05d5c 100644 --- a/README.md +++ b/README.md @@ -211,9 +211,17 @@ For bug reports, please file an issue at https://github.com/mjl-/mox/issues/new. ## How do I change my password? Regular users (doing IMAP/SMTP with authentication) can change their password -at the account page, e.g. http://127.0.0.1/. Or you can set a password with "mox +at the account page, e.g. http://localhost/. Or you can set a password with "mox setaccountpassword". +The admin can change the password of any account through the admin page, at +http://localhost/admin/ by default (leave username empty when logging in). + +The account and admin pages are served on localhost on your mail server. +To access these from your browser, run +`ssh -L 8080:localhost:80 you@yourmachine` locally and open +http://localhost:8080/[...]. + The admin password can be changed with "mox setadminpassword". ## How do I configure a second mox instance as a backup MX? diff --git a/http/web.go b/http/web.go index e7511ac..4137d07 100644 --- a/http/web.go +++ b/http/web.go @@ -325,42 +325,42 @@ func Listen() { if l.AccountHTTP.Enabled { port := config.Port(l.AccountHTTP.Port, 80) - srv := ensureServe(false, port, "account-http") path := "/" if l.AccountHTTP.Path != "" { path = l.AccountHTTP.Path } + srv := ensureServe(false, port, "account-http at "+path) handler := safeHeaders(http.StripPrefix(path[:len(path)-1], http.HandlerFunc(accountHandle))) srv.Handle("account", nil, path, handler) } if l.AccountHTTPS.Enabled { port := config.Port(l.AccountHTTPS.Port, 443) - srv := ensureServe(true, port, "account-https") path := "/" if l.AccountHTTPS.Path != "" { path = l.AccountHTTPS.Path } + srv := ensureServe(true, port, "account-https at "+path) handler := safeHeaders(http.StripPrefix(path[:len(path)-1], http.HandlerFunc(accountHandle))) srv.Handle("account", nil, path, handler) } if l.AdminHTTP.Enabled { port := config.Port(l.AdminHTTP.Port, 80) - srv := ensureServe(false, port, "admin-http") path := "/admin/" if l.AdminHTTP.Path != "" { path = l.AdminHTTP.Path } + srv := ensureServe(false, port, "admin-http at "+path) handler := safeHeaders(http.StripPrefix(path[:len(path)-1], http.HandlerFunc(adminHandle))) srv.Handle("admin", nil, path, handler) } if l.AdminHTTPS.Enabled { port := config.Port(l.AdminHTTPS.Port, 443) - srv := ensureServe(true, port, "admin-https") path := "/admin/" if l.AdminHTTPS.Path != "" { path = l.AdminHTTPS.Path } + srv := ensureServe(true, port, "admin-https at "+path) handler := safeHeaders(http.StripPrefix(path[:len(path)-1], http.HandlerFunc(adminHandle))) srv.Handle("admin", nil, path, handler) } diff --git a/quickstart.go b/quickstart.go index ae99514..7d008eb 100644 --- a/quickstart.go +++ b/quickstart.go @@ -650,10 +650,10 @@ listed in more DNS block lists, visit: if err := acc.Close(); err != nil { fatalf("closing account: %s", err) } - fmt.Printf("IMAP and SMTP submission password for %s: %s\n\n", args[0], password) - fmt.Println(`When configuring your email client, use the email address as username. If -autoconfig/autodiscover does not work, use the settings below.`) - fmt.Println("") + fmt.Printf("IMAP, SMTP submission and HTTP account password for %s: %s\n\n", args[0], password) + fmt.Printf(`When configuring your email client, use the email address as username. If +autoconfig/autodiscover does not work, use these settings: +`) printClientConfig(domain) if existingWebserver { @@ -739,11 +739,20 @@ starting up. On linux, you may want to enable mox as a systemd service. sudo systemctl enable $PWD/mox.service sudo systemctl start mox.service sudo journalctl -f -u mox.service # See logs - `) } - fmt.Printf(`For secure email exchange you should have a strictly validating DNSSEC + fmt.Printf(` +After starting mox, the web interfaces are served at: + +http://localhost/ - account (email address as username) +http://localhost/admin/ - admin (empty username) + +To access these from your browser, run +"ssh -L 8080:localhost:80 you@yourmachine" locally and open +http://localhost:8080/[...]. + +For secure email exchange you should have a strictly validating DNSSEC resolver. An easy and the recommended way is to install unbound. If you run into problem, have questions/feedback or found a bug, please let us