Mouws/protonmail-bridge-nextcoud-podman
1
0
Fork 1
mirror of https://github.com/shenxn/protonmail-bridge-docker.git synced 2025-12-06 08:27:08 +00:00
Code Issues Actions 1 Packages Projects Releases Wiki Activity

Merge d483aa120b into 044ea2b034

Browse Source
This commit is contained in:
simonfelding 2025-07-23 09:28:43 +00:00 committed by GitHub
commit ed44d64794
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
7 changed files with 118 additions and 74 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
.github/workflows/build.yaml vendored
View File

@ -57,14 +57,14 @@ jobs:
outputs: type=image,"name=${{ env.DOCKER_REPO_DEV }}",push-by-digest=false,name-canonical=true,push=true
context: ./build
file: ./build/Dockerfile
tags: "${{ env.DOCKER_REPO_DEV }}:dev-${{ github.ref_name }}"
tags: "${{ env.DOCKER_REPO_DEV }}:dev-${{ github.sha }}"
build-args: |
version=${{ env.version }}
- name: Run Trivy vulnerability scan
uses: aquasecurity/trivy-action@0.30.0
with:
image-ref: "${{ env.DOCKER_REPO_DEV }}:dev-${{ github.ref_name }}"
image-ref: "${{ env.DOCKER_REPO_DEV }}:dev-${{ github.sha }}"
format: 'sarif'
exit-code: 0
severity: 'CRITICAL,HIGH'

51
README.md
View File

@ -29,41 +29,25 @@ tag | description
`build` | latest `build` image
`[version]-build` | `build` images
## Initialization
## Starting the container
To initialize and add account to the bridge, run the following command.
To initialize and add account to the bridge, run the following steps:
1. Start the container with a named volume (protonmail) for persistent storage.
```
docker run --rm -it -v protonmail:/root shenxn/protonmail-bridge init
docker run -it -v protonmail:/root shenxn/protonmail-bridge
```
2. When you are done, press `CTRL+P` followed by `CTRL+Q`. This detaches the container from your terminal and keeps it running in the background.
If you want to use Docker Compose instead, you can create a copy of the provided example [docker-compose.yml](docker-compose.yml) file, modify it to suit your needs, and then run the following command:
## Setting up the bridge
If you have not set up an account, you need to do the folliwing steps in the protonmail-bridge CLI interface:
1. Connect to the running container by getting it's name using `docker ps` and then running:
```
docker compose run protonmail-bridge init
docker attach <container_name>
```
Wait for the bridge to startup, then you will see a prompt appear for [Proton Mail Bridge interactive shell](https://proton.me/support/bridge-cli-guide). Use the `login` command and follow the instructions to add your account into the bridge. Then use `info` to see the configuration information (username and password). After that, use `exit` to exit the bridge. You may need `CTRL+C` to exit the docker entirely.
## Run
To run the container, use the following command.
```
docker run -d --name=protonmail-bridge -v protonmail:/root -p 1025:25/tcp -p 1143:143/tcp --restart=unless-stopped shenxn/protonmail-bridge
```
Or, if using Docker Compose, use the following command.
```
docker compose up -d
```
## Kubernetes
If you want to run this image in a Kubernetes environment. You can use the [Helm](https://helm.sh/) chart (https://github.com/k8s-at-home/charts/tree/master/charts/stable/protonmail-bridge) created by [@Eagleman7](https://github.com/Eagleman7). More details can be found in [#23](https://github.com/shenxn/protonmail-bridge-docker/issues/23).
If you don't want to use Helm, you can also reference to the guide ([#6](https://github.com/shenxn/protonmail-bridge-docker/issues/6)) written by [@ghudgins](https://github.com/ghudgins).
2. Use the `add` command to add your ProtonMail account. You will be prompted to enter your ProtonMail username and password.
3. After adding your account, use the `info` command to see the configuration information (username and password).
## Security
@ -75,19 +59,6 @@ docker run -d --name=protonmail-bridge -v protonmail:/root -p 127.0.0.1:1025:25/
Besides, you can publish only port 25 (SMTP) if you don't need to receive any email (e.g. as a email notification service).
## Compatibility
The bridge currently only supports some of the email clients. More details can be found on the official website. I've tested this on a Synology DiskStation and it runs well. However, you may need ssh onto it to run the interactive docker command to add your account. The main reason of using this instead of environment variables is that it seems to be the best way to support two-factor authentication.
## Bridge CLI Guide
The initialization step exposes the bridge CLI so you can do things like switch between combined and split mode, change proxy, etc. The [official guide](https://protonmail.com/support/knowledge-base/bridge-cli-guide/) gives more information on to use the CLI.
## Build
For anyone who want to build this container on your own (for development or security concerns), here is the guide to do so. First, you need to `cd` into the directory (`deb` or `build`, depending on which type of image you want). Then just run the docker build command
```
docker build .
```
That's it. The `Dockerfile` and bash scripts handle all the downloading, building, and packing. You can also add tags, push to your favorite docker registry, or use `buildx` to build multi architecture images.

9
build/Dockerfile
View File

@ -14,12 +14,19 @@ RUN make build-nogui vault-editor
FROM debian:sid-slim
LABEL maintainer="Simon Felding <sife@adm.ku.dk>"
# These are only exported if running as root
EXPOSE 25/tcp
EXPOSE 143/tcp
EXPOSE 2025/tcp
EXPOSE 2143/tcp
ENV PROTONMAIL_TelemetryDisabled=false
ENV PROTONMAIL_AutoUpdate=false
# Install dependencies and protonmail bridge
RUN apt-get update \
&& apt-get install -y --no-install-recommends socat pass libsecret-1-0 ca-certificates \
&& apt-get install -y --no-install-recommends procps jq socat pass libsecret-1-0 ca-certificates \
&& rm -rf /var/lib/apt/lists/*
# Copy bash scripts

77
build/entrypoint.sh
View File

@ -2,34 +2,67 @@
set -ex
# Initialize
if [[ $1 == init ]]; then
echo "The init command is deprecated. Go to our github repo for setup instructions."
fi
# Initialize pass
if [[ $HOME == "/" ]] then
echo "When running rootless, you must set a home dir as the HOME env var. We recommend /data. Make sure it is writable by the user running the container (currently id is $(id -u) and HOME is $HOME)."
exit 1
fi
# give friendly error if you don't have protonmail data
if [[ `find $HOME | wc -l` == 1 ]]; then # 1 because find $HOME will always return $HOME
echo 'Protonmail does not seem to have been initialized yet. Enter the container with something like `docker exec -it <container_name>` and type "help" for instructions on how to set up the ProtonMail Bridge'
timeout 10s /protonmail/proton-bridge --noninteractive # this starts the bridge in non-interactive mode and kills it after 20 seconds, so we can populate the vault with default values and override them with the env variables in the later step.
fi
# give friendly error if the user doesn't own the data
if [[ $(id -u) != 0 ]]; then
if [[ `find $HOME/.* -not -user $(id -u) | wc -l` != 0 ]]; then
echo "You do not own the data in $HOME. Please chown it to $(id -u), run the container as the owner of the data or run the container as root."
exit 1
fi
fi
if [[ ! -f $HOME/.gnupg ]]; then
echo "No GPG key found in $HOME/.gnupg. Running gpg --generate-key."
gpg --generate-key --batch /protonmail/gpgparams
pass init pass-key
fi
# delete lock files if they exist - this can happen if the container is restarted forcefully
# Kill the other instance as only one can be running at a time.
# This allows users to run entrypoint init inside a running conainter
# which is useful in a k8s environment.
# || true to make sure this would not fail in case there is no running instance.
pkill protonmail-bridge || true
if [[ `find $HOME -name "*.lock" | wc -l` != 0 ]]; then
echo "Deleting lock files in $HOME. This can happen if the container is restarted forcefully."
find $HOME -name "*.lock" -delete
fi
# Login
/protonmail/proton-bridge --cli $@
else
# socat will make the conn appear to come from 127.0.0.1
# ProtonMail Bridge currently expects that.
# It also allows us to bind to the real ports :)
# socat will make the conn appear to come from 127.0.0.1
# ProtonMail Bridge currently expects that.
# It also allows us to bind to the real ports :)
if [[ $(id -u) == 0 ]]; then
socat TCP-LISTEN:25,fork TCP:127.0.0.1:1025 &
socat TCP-LISTEN:143,fork TCP:127.0.0.1:1143 &
# Start protonmail
# Fake a terminal, so it does not quit because of EOF...
rm -f faketty
mkfifo faketty
cat faketty | /protonmail/proton-bridge --cli $@
else
socat TCP-LISTEN:2025,fork TCP:127.0.0.1:1025 &
socat TCP-LISTEN:2143,fork TCP:127.0.0.1:1143 &
fi
# Broken until https://github.com/ProtonMail/proton-bridge/issues/512 is resolved.
# check if the vault-editor can read the config
/protonmail/vault-editor read 2>&1 1>/dev/null
# Modify the protonmail config with env variables and expected values. Env variables must be converted from string to boolean.
/protonmail/vault-editor read | \
jq '.Settings.AutoUpdate = (env.PROTONMAIL_AutoUpdate | if . == "true" then true else false end)
| .Settings.TelemetryDisabled = (env.PROTONMAIL_TelemetryDisabled | if . == "true" then true else false end)
| .Settings.GluonDir |= "\(env.HOME)/.local/share/protonmail/bridge-v3/gluon"
| .Settings.Autostart = false
| .Settings.SMTPPort = 1025
| .Settings.IMAPPort = 1143 ' \
| /protonmail/vault-editor write
# Start protonmail
echo "Starting ProtonMail Bridge. Connect to the CLI with `docker exec -it <container_name>` and type 'help' for instructions."
/protonmail/proton-bridge --cli $@
echo "ProtonMail bridge stopped. waiting 30 seconds before exiting in order to preserve the logs."
sleep 30 # so we have time to read the logs in case of a crash loop

4
deb/Dockerfile
View File

@ -12,9 +12,13 @@ RUN bash /install.sh
FROM debian:sid-slim
LABEL maintainer="Simon Felding <sife@adm.ku.dk>"
# These are only exported if running as root
EXPOSE 25/tcp
EXPOSE 143/tcp
EXPOSE 2025/tcp
EXPOSE 2143/tcp
WORKDIR /protonmail
# Copy bash scripts

38
deb/entrypoint.sh
View File

@ -30,20 +30,44 @@ if [[ $1 == init ]]; then
pass init pass-key
# Login
protonmail-bridge --cli
protonmail-bridge --cli $@
else
if [[ $HOME == "/" ]] then
echo "When running rootless, you must set a home dir as the HOME env var. We recommend /data. Make sure it is writable by the user running the container (currently id is $(id -u) and HOME is $HOME)."
exit 1
fi
# give friendly error if you don't have protonmail data
if [[ `find $HOME | wc -l` == 1 ]]; then # 1 because find $HOME will always return $HOME
echo "No files found - start the container with the init command, or copy/mount files into it at $HOME first. Sleeping 5 minutes before exiting so you have time to copy the files over."
sleep 300
exit 1
fi
# give friendly error if the user doesn't own the data
if [[ $(id -u) != 0 ]]; then
if [[ `find $HOME/.* -not -user $(id -u) | wc -l` != 0 ]]; then
echo "You do not own the data in $HOME. Please chown it to $(id -u), run the container as the owner of the data or run the container as root."
exit 1
fi
fi
# delete lock files if they exist - this can happen if the container is restarted forcefully
find $HOME -name "*.lock" -delete
# socat will make the conn appear to come from 127.0.0.1
# ProtonMail Bridge currently expects that.
# It also allows us to bind to the real ports :)
socat TCP-LISTEN:25,fork TCP:127.0.0.1:1025 &
socat TCP-LISTEN:143,fork TCP:127.0.0.1:1143 &
if [[ $(id -u) == 0 ]]; then
socat TCP-LISTEN:25,fork TCP:127.0.0.1:1025 &
socat TCP-LISTEN:143,fork TCP:127.0.0.1:1143 &
fi
socat TCP-LISTEN:2025,fork TCP:127.0.0.1:1025 &
socat TCP-LISTEN:2143,fork TCP:127.0.0.1:1143 &
# Start protonmail
# Fake a terminal, so it does not quit because of EOF...
rm -f faketty
mkfifo faketty
cat faketty | protonmail-bridge --cli
/protonmail/proton-bridge --noninteractive $@
fi

9
docker-compose.yml
View File

@ -1,14 +1,19 @@
version: '2.1'
services:
protonmail-bridge:
image: shenxn/protonmail-bridge
container_name: protonmail-bridge
ports:
- 1025:25/tcp
- 1143:143/tcp
restart: unless-stopped
volumes:
- protonmail:/root
stdin_open: true
tty: true
logging:
options:
max-size: "1m"
max-file: "10"
volumes:
protonmail:
name: protonmail