From 98b5a27fd273ef02887300a9b1e9fe764b0103c6 Mon Sep 17 00:00:00 2001
From: Mechiel Lukkien <mechiel@ueber.net>
Date: Mon, 20 Mar 2023 12:49:40 +0100
Subject: [PATCH] mention where the admin interface can be accessed

at the end of the quickstart. also hint at it during startup, when printing the
listener. and mention it in the FAQ.

another recent commit make the admin and account http path configurable, and
that expanded the config docs with a mention of the default path.

based on feedback from stroyselmash in issue #20, thanks!
---
 README.md     | 10 +++++++++-
 http/web.go   |  8 ++++----
 quickstart.go | 21 +++++++++++++++------
 3 files changed, 28 insertions(+), 11 deletions(-)

diff --git a/README.md b/README.md
index 91b25e5..6b05d5c 100644
--- a/README.md
+++ b/README.md
@@ -211,9 +211,17 @@ For bug reports, please file an issue at https://github.com/mjl-/mox/issues/new.
 ## How do I change my password?
 
 Regular users (doing IMAP/SMTP with authentication) can change their password
-at the account page, e.g. http://127.0.0.1/. Or you can set a password with "mox
+at the account page, e.g. http://localhost/. Or you can set a password with "mox
 setaccountpassword".
 
+The admin can change the password of any account through the admin page, at
+http://localhost/admin/ by default (leave username empty when logging in).
+
+The account and admin pages are served on localhost on your mail server.
+To access these from your browser, run
+`ssh -L 8080:localhost:80 you@yourmachine` locally and open
+http://localhost:8080/[...].
+
 The admin password can be changed with "mox setadminpassword".
 
 ## How do I configure a second mox instance as a backup MX?
diff --git a/http/web.go b/http/web.go
index e7511ac..4137d07 100644
--- a/http/web.go
+++ b/http/web.go
@@ -325,42 +325,42 @@ func Listen() {
 
 		if l.AccountHTTP.Enabled {
 			port := config.Port(l.AccountHTTP.Port, 80)
-			srv := ensureServe(false, port, "account-http")
 			path := "/"
 			if l.AccountHTTP.Path != "" {
 				path = l.AccountHTTP.Path
 			}
+			srv := ensureServe(false, port, "account-http at "+path)
 			handler := safeHeaders(http.StripPrefix(path[:len(path)-1], http.HandlerFunc(accountHandle)))
 			srv.Handle("account", nil, path, handler)
 		}
 		if l.AccountHTTPS.Enabled {
 			port := config.Port(l.AccountHTTPS.Port, 443)
-			srv := ensureServe(true, port, "account-https")
 			path := "/"
 			if l.AccountHTTPS.Path != "" {
 				path = l.AccountHTTPS.Path
 			}
+			srv := ensureServe(true, port, "account-https at "+path)
 			handler := safeHeaders(http.StripPrefix(path[:len(path)-1], http.HandlerFunc(accountHandle)))
 			srv.Handle("account", nil, path, handler)
 		}
 
 		if l.AdminHTTP.Enabled {
 			port := config.Port(l.AdminHTTP.Port, 80)
-			srv := ensureServe(false, port, "admin-http")
 			path := "/admin/"
 			if l.AdminHTTP.Path != "" {
 				path = l.AdminHTTP.Path
 			}
+			srv := ensureServe(false, port, "admin-http at "+path)
 			handler := safeHeaders(http.StripPrefix(path[:len(path)-1], http.HandlerFunc(adminHandle)))
 			srv.Handle("admin", nil, path, handler)
 		}
 		if l.AdminHTTPS.Enabled {
 			port := config.Port(l.AdminHTTPS.Port, 443)
-			srv := ensureServe(true, port, "admin-https")
 			path := "/admin/"
 			if l.AdminHTTPS.Path != "" {
 				path = l.AdminHTTPS.Path
 			}
+			srv := ensureServe(true, port, "admin-https at "+path)
 			handler := safeHeaders(http.StripPrefix(path[:len(path)-1], http.HandlerFunc(adminHandle)))
 			srv.Handle("admin", nil, path, handler)
 		}
diff --git a/quickstart.go b/quickstart.go
index ae99514..7d008eb 100644
--- a/quickstart.go
+++ b/quickstart.go
@@ -650,10 +650,10 @@ listed in more DNS block lists, visit:
 	if err := acc.Close(); err != nil {
 		fatalf("closing account: %s", err)
 	}
-	fmt.Printf("IMAP and SMTP submission password for %s: %s\n\n", args[0], password)
-	fmt.Println(`When configuring your email client, use the email address as username. If
-autoconfig/autodiscover does not work, use the settings below.`)
-	fmt.Println("")
+	fmt.Printf("IMAP, SMTP submission and HTTP account password for %s: %s\n\n", args[0], password)
+	fmt.Printf(`When configuring your email client, use the email address as username. If
+autoconfig/autodiscover does not work, use these settings:
+`)
 	printClientConfig(domain)
 
 	if existingWebserver {
@@ -739,11 +739,20 @@ starting up. On linux, you may want to enable mox as a systemd service.
 	sudo systemctl enable $PWD/mox.service
 	sudo systemctl start mox.service
 	sudo journalctl -f -u mox.service # See logs
-
 `)
 	}
 
-	fmt.Printf(`For secure email exchange you should have a strictly validating DNSSEC
+	fmt.Printf(`
+After starting mox, the web interfaces are served at:
+
+http://localhost/       - account (email address as username)
+http://localhost/admin/ - admin (empty username)
+
+To access these from your browser, run
+"ssh -L 8080:localhost:80 you@yourmachine" locally and open
+http://localhost:8080/[...].
+
+For secure email exchange you should have a strictly validating DNSSEC
 resolver. An easy and the recommended way is to install unbound.
 
 If you run into problem, have questions/feedback or found a bug, please let us