I'm trying to script creation of an Azure API Management having a Private Endpoint within a VNET Subnet.
I'm able to create it manually no problem in Azure Portal, but can't quite figure out the terraform script.
The VNET and Subnet are created in a separate process, so they are not in the Terraform script but for the API Management piece I have:
resource "azurerm_api_management" "app" {
location = var.the_location
resource_group_name = "${var.the_resource_group}"
name = "${var.the_prefix}-api-mgmt"
publisher_email = var.api_mgmt_publisher_email
publisher_name = var.api_mgmt_publisher_name
sku_name = "${var.api_mgmt_sku}_1"
tags = var.resource_tags }
resource "azurerm_private_endpoint" "endpoint" {
name = "${var.the_prefix}-api-privateendpoint"
location = var.the_location
resource_group_name = var.the_resource_group
subnet_id = var.subnetId
tags = var.resource_tags
private_service_connection {
name = "api-privateserviceconnection"
private_connection_resource_id = azurerm_api_management.app.id
is_manual_connection = false
subresource_names = [] }}
The var.subnetId is the full id of the subnet ie.
/subscriptions/{subscriptionId}/resourceGroups/OpenEHR/providers/Microsoft.Network/virtualNetworks/OpenEHR-VNET/subnets/API-Subnet
The error I get is
Error: creating Private Endpoint "i365sabppdsdevtb-api-privateendpoint" (Resource Group "i365-uks-ehsabppds-devtb-rg"): network.PrivateEndpointsClient#CreateOrUpdate: Failure sending request: StatusCode=400 -- Original Error: Code="MissingParameterOnPrivateLinkServiceConnection" Message="Private link service connection /subscriptions/8cb2b2d3-9411-46e4-926d-22d6378349bc/resourceGroups/i365-uks-ehsabppds-devtb-rg/providers/Microsoft.Network/privateEndpoints/i365sabppdsdevtb-api-privateendpoint/privateLinkServiceConnections/api-privateserviceconnection is missing required parameter 'group Id'." Details=[]
I think the error is something to so with subresource_names but I can't work out what to put in there.
I tried [ "sites" ] but then I get the error:
│ Error: creating Private Endpoint "i365sabppdsdevtb-api-privateendpoint" (Resource Group "i365-uks-ehsabppds-devtb-rg"): network.PrivateEndpointsClient#CreateOrUpdate: Failure sending request: StatusCode=400 -- Original Error: Code="PrivateEndpointBadRequest" Message="Call to Microsoft.ApiManagement/service failed. Error message: The Request has invalid groupId sites." Details=[]
Any ideas, much appreciated.
Thanks.
Issue was caused because of the private service connection resource id and sub resource names. Please use below configuration
private_connection_resource_id = azurerm_api_management.app.id
subresource_names = ["Gateway"]
Find below code snippets for references
Step1:
Copy below code from main tf file.
provider "azurerm" {
features {}
}
variable "prefix" {
default = "rg_swar"
}
resource "azurerm_resource_group" "example" {
name = "rg_swar-resources"
location = "West Europe"
}
resource "azurerm_virtual_network" "example" {
name = "example-network"
address_space = ["10.0.0.0/16"]
location = azurerm_resource_group.example.location
resource_group_name = azurerm_resource_group.example.name
}
resource "azurerm_subnet" "service" {
name = "service"
resource_group_name = azurerm_resource_group.example.name
virtual_network_name = azurerm_virtual_network.example.name
address_prefixes = ["10.0.1.0/24"]
enforce_private_link_service_network_policies = true
}
resource "azurerm_subnet" "endpoint" {
name = "endpoint"
resource_group_name = azurerm_resource_group.example.name
virtual_network_name = azurerm_virtual_network.example.name
address_prefixes = ["10.0.2.0/24"]
enforce_private_link_endpoint_network_policies = true
}
resource "azurerm_public_ip" "example" {
name = "example-pip"
sku = "Standard"
location = azurerm_resource_group.example.location
resource_group_name = azurerm_resource_group.example.name
allocation_method = "Static"
}
resource "azurerm_lb" "example" {
name = "example-lb"
sku = "Standard"
location = azurerm_resource_group.example.location
resource_group_name = azurerm_resource_group.example.name
frontend_ip_configuration {
name = azurerm_public_ip.example.name
public_ip_address_id = azurerm_public_ip.example.id
}
}
resource "azurerm_private_link_service" "example" {
name = "example-privatelink"
location = azurerm_resource_group.example.location
resource_group_name = azurerm_resource_group.example.name
nat_ip_configuration {
name = azurerm_public_ip.example.name
primary = true
subnet_id = azurerm_subnet.service.id
}
load_balancer_frontend_ip_configuration_ids = [
azurerm_lb.example.frontend_ip_configuration.0.id,
]
}
resource "azurerm_api_management" "app" {
location = azurerm_resource_group.example.location
resource_group_name = azurerm_resource_group.example.name
name = "swar-api-mgmt"
publisher_email = "test#demo.com"
publisher_name = "Swarna Demo"
sku_name = "Developer_1"
//tags = var.resource_tags
}
resource "azurerm_private_endpoint" "example" {
name = "example-endpoint"
location = azurerm_resource_group.example.location
resource_group_name = azurerm_resource_group.example.name
subnet_id = azurerm_subnet.endpoint.id
private_service_connection {
name = "example-privateserviceconnection"
//private_connection_resource_id = azurerm_private_link_service.example.id
private_connection_resource_id = azurerm_api_management.app.id
subresource_names = ["Gateway"]
is_manual_connection = false
}
}
Step2:
run below commands
terraform plan
terraform apply -auto-approve
Review:
Above code snippet will host the services into Azure Portal.
Hope this helps!
Related
In a aws_ssoadmin_permission_set_inline_policy ressource, i'm using a for_each to parse a list of name corresponding to my data source name. It doesn't work when using the each.key but wokring when hard coding the value inline_policy = data.aws_iam_policy_document.emobg-sso-billing-admin.json
data "aws_iam_policy_document" "emobg-sso-billing-admin" {
statement {
sid = "VisualEditor0"
effect = "Allow"
actions = [
"aws-marketplace:*",
"aws-portal:*",
"budgets:*"
]
resources = [
"*",
]
}
}
data "aws_iam_policy_document" "emobg-sso-billing-audit" {
statement {
sid = "VisualEditor0"
effect = "Allow"
actions = [
"support:*",
"tag:*",
"s3:*"
]
resources = [
"*",
]
}
}
resource "aws_ssoadmin_permission_set" "emobg" {
for_each = toset(local.permission_sets_name)
name = each.key
description = each.key
instance_arn = local.sso_instance_arn
session_duration = local.session_duration
}
resource "aws_ssoadmin_permission_set_inline_policy" "emobg" {
for_each = toset(local.permission_sets_name)
inline_policy = format("data.aws_iam_policy_document.%s.json", each.key) # <-- doesn't works
# inline_policy = data.aws_iam_policy_document.emobg-sso-billing-admin.json # <-- works
instance_arn = local.sso_instance_arn
permission_set_arn = aws_ssoadmin_permission_set.emobg[each.key].arn
}
locals {
session_duration = "PT8H"
permission_sets_name = [
"emobg-sso-billing-admin",
"emobg-sso-billing-audit",
]
}
The error message is:
2022-11-01T01:19:43.923+0100 [ERROR] vertex "aws_ssoadmin_permission_set_inline_policy.emobg[\"emobg-sso-billing-admin\"]" error: "inline_policy" contains an invalid JSON policy
2022-11-01T01:19:43.923+0100 [ERROR] vertex "aws_ssoadmin_permission_set_inline_policy.emobg (expand)" error: "inline_policy" contains an invalid JSON policy
╷
│ Error: "inline_policy" contains an invalid JSON policy
│
│ with aws_ssoadmin_permission_set_inline_policy.emobg["emobg-sso-billing-admin"],
│ on permission_set.tf line 13, in resource "aws_ssoadmin_permission_set_inline_policy" "emobg":
│ 13: inline_policy = format("data.aws_iam_policy_document.%s.json", each.value)
I really don't understand what's wrong with the JSON policy because it's the same.
Maybe I missed something ?
Because you are using format("data.aws_iam_policy_document.%s.json", each.key), the policy will be literal string "data.aws_iam_policy_document.%s.json".
You have only single policy, so you have to use it directly:
inline_policy = data.aws_iam_policy_document.emobg-sso-billing-admin.json
that's why it works. You do not have more then one aws_iam_policy_document in your code.
Thanks to Marcin, who give me the anser in comment: You can't do what you want. TF does not support dynamic references to different resources.
As it was mentioned, it's not allowed from terraform to make a dynamic references, so I finally used a map even if the name of the policy is the same of the base name.
data "aws_iam_policy_document" "emobg-sso-billing-admin" {
statement {
sid = "VisualEditor0"
effect = "Allow"
actions = [
"aws-marketplace:*",
"aws-portal:*",
"budgets:*"
]
resources = [
"*",
]
}
}
data "aws_iam_policy_document" "emobg-sso-billing-audit" {
statement {
sid = "VisualEditor0"
effect = "Allow"
actions = [
"support:*",
"tag:*",
"s3:*"
]
resources = [
"*",
]
}
}
... [ ALL OTHERS DATA SOURCES POLICIES ARE LISTED HERE ]
resource "aws_ssoadmin_permission_set" "emobg" {
for_each = local.permission_set_map
name = each.key
description = each.key
instance_arn = local.sso_instance_arn
session_duration = local.session_duration
}
resource "aws_ssoadmin_permission_set_inline_policy" "emobg" {
for_each = local.inline_policies_map
inline_policy = each.value
instance_arn = local.sso_instance_arn
permission_set_arn = aws_ssoadmin_permission_set.emobg[each.key].arn
}
locals {
session_duration = "PT8H"
permission_set_map = { for ps in local.permission_sets : ps.name => ps }
inline_policies_map = { for ps in local.permission_sets : ps.name => ps.inline_policy if ps.inline_policy != "" }
}
locals {
permission_sets = [
{
name = "emobg-sso-billing-admin",
inline_policy = data.aws_iam_policy_document.emobg-sso-billing-admin.json
},
{
name = "emobg-sso-billing-audit",
inline_policy = data.aws_iam_policy_document.emobg-sso-billing-audit.json
},
{
... [ All MY POLICIES ARE LISTED HERE ]
}
]
}
I am trying to update vnet rules for mysqlserver from app service.
App Service and mysqlserver tf code is like below:
module "app_service" {
for_each = coalesce(var.app_service, {})
source = "company/org/app-service/azurerm"
version = "1.1"
location = var.environment_hosting_region
resource_group_name = var.environment_resource_groups
tags = try(each.value.tags, local.tags)
name = try(each.value.name, null)
}
variable "mysqlserver" {
description = "Map of mysqlserver objects"
type = any
default = null
}
module "mysqlserver" {
for_each = coalesce(var.mysqlserver, {})
source = "company/org/mysqlserver/azurerm"
version = "1.1"
administrator_login = try(each.value.administrator_login, null)
administrator_login_password = try(each.value.administrator_login_password, null)
backup_retention_days = try(each.value.backup_retention_days, null)
charset = try(each.value.charset, "utf8")
collation = try(each.value.collation, "utf8_unicode_ci")
create_mode = try(each.value.create_mode, "Default")
creation_source_server_id = try(each.value.creation_source_server_id, null)
database_names = try(each.value.database_names, [])
default_rules = try(each.value.default_rules, true)
enable_account_admins = try(each.value.enable_account_admins, true)
enable_threat_detection_policy = try(each.value.enable_threat_detection_policy, true)
geo_redundant_backup = try(each.value.geo_redundant_backup, false)
identity_type = try(each.value.identity_type, null)
location = var..environment_hosting_region
mysql_version = try(each.value.mysql_version, null)
name = try(each.value.name, null)
resource_group_name = var..environment_resource_groups
restore_point_in_time = try(each.value.restore_point_in_time, null)
sku_name = try(each.value.sku_name, null)
storage_mb = try(each.value.storage_mb, null)
tags = try(each.value.tags, local.tags)
threat_log_retention_days = try(each.value.threat_log_retention_days, 7)
vnet_rules = [for subnet in try(each.value.subnet_ref, []) : data.azurerm_subnet.subnet[subnet].id]
nsg_rules = try(each.value.nsg_rules, [])
firewall_rules = each.value.app_service_ref != null ? module.app_service[each.value.app_service_ref].firewall_rules : null
}
I get multiple errors as like below:
│ Error: waiting for create/update of Firewall Rule: (Name "rule_x.y.z.170" / Server Name "u2zuuhjjsddm002" / Resource Group "mysqlserver-rg"): Code="InvalidParameterValue" Message="Invalid value given for parameter
'{0}'. Specify a valid parameter value."
│
│ with module.mysqlserver["patterns_default_mysqlserver"].azurerm_mysql_firewall_rule.firewall_rules[53],
│ on .terraform/modules/mysqlserver/main.tf line 69, in resource "azurerm_mysql_firewall_rule" "firewall_rules":
│ 69: resource "azurerm_mysql_firewall_rule" "firewall_rules" {
Mysqlserver module code as per below:
main.tf
locals {
firewall_rules = concat(local.tfe_firewall.tfe_servers, local.default_fw_rules, var.firewall_rules)
}
resource "azurerm_mysql_server" "mysql" {
name = var.name
resource_group_name = var.resource_group_name
ssl_enforcement_enabled = true
ssl_minimal_tls_version_enforced = "TLS1_2"
dynamic "identity" {
for_each = var.identity_type != null ? [""] : []
content {
type = var.identity_type
}
}
threat_detection_policy {
enabled = var.enable_threat_detection_policy
email_account_admins = var.enable_account_admins
retention_days = var.threat_log_retention_days
}
tags = var.tags
}
resource "azurerm_mysql_database" "databases" {
count = length(var.database_names)
name = element(var.database_names, count.index)
resource_group_name = var.resource_group_name
server_name = azurerm_mysql_server.mysql.name
charset = var.charset
collation = var.collation
}
resource "azurerm_mysql_virtual_network_rule" "subnets" {
count = length(var.vnet_rules)
name = "subnet-${count.index}"
resource_group_name = var.resource_group_name
server_name = azurerm_mysql_server.mysql.name
subnet_id = element(var.vnet_rules, count.index)
}
resource "azurerm_network_security_rule" "mysql-nsg" {
count = length(var.nsg_rules)
name = "NSG-MYSQL-${count.index}"
priority = 200+count.index
direction = "Outbound"
access = "Allow"
protocol = "Tcp"
source_port_range = "*"
destination_port_range = "3306"
source_address_prefix = var.nsg_rules[count.index]["source_address_prefix"]
destination_address_prefix = "Sql"
resource_group_name = var.resource_group_name
network_security_group_name = var.nsg_rules[count.index]["network_security_group_name"]
}
resource "azurerm_mysql_firewall_rule" "firewall_rules" {
count = local.firewall_rules == [] ? 0 : length(local.firewall_rules)
name = local.firewall_rules[count.index]["name"]
resource_group_name = var.resource_group_name
server_name = azurerm_mysql_server.mysql.name
start_ip_address = local.firewall_rules[count.index]["start_ip_address"]
end_ip_address = local.firewall_rules[count.index]["end_ip_address"]
depends_on = [
azurerm_mysql_server.mysql
]
}
variables.tf
variable "firewall_rules" {
description = "List of firewall rules to be attached to the MySQL server."
type = list(object({
name = string
start_ip_address = string
end_ip_address = string
}))
default = []
}
variable "nsg_rules" {
description = "NSG Rules"
type = list(object({
source_address_prefix = string
network_security_group_name = string
}))
default = []
}
variable "vnet_rules" {
description = "List of subnets to add to vnet_rules"
type = list(string)
default = []
}
variable "charset" {
description = "Specifies the Charset for the MySQL Database, which needs to be a valid MySQL Charset. Available option are (https://dev.mysql.com/doc/refman/5.7/en/charset-charsets.html)."
type = string
default = "utf8"
}
variable "collation" {
description = "Specifies the Collation for the MySQL Database, which needs to be a valid MySQL Collation. Available option are (https://dev.mysql.com/doc/refman/5.7/en/charset-mysql.html)."
type = string
default = "utf8_unicode_ci"
}
variable "default_rules" {
description = "Variable to control whether to turn on default rules"
type = bool
default = true
}
Unable to understand what is the issue and how can it be resolved.
Any guidance shall be much appreciated.
i am trying to create mysql with some default configurations on azure with terraform, following is my code. although "enforce_gtid_consistency" and "time_zone" is working and being created, but "gtid_mode" "ON" isn't working I am getting following error.
resource "azurerm_mysql_server" "main" {
name = var.mysql_server_name != "" ? var.mysql_server_name : "mysql-01-${var.instancesuffix}"
location = azurerm_resource_group.main.location
resource_group_name = azurerm_resource_group.main.name
administrator_login = var.mysql_administrator_login
administrator_login_password = data.mykv.mysql.value
sku_name = var.mysql_sku_name
storage_mb = var.mysql_storage_mb
version = var.mysql_version
auto_grow_enabled = true
backup_retention_days = 7
geo_redundant_backup_enabled = false
infrastructure_encryption_enabled = true
public_network_access_enabled = true
ssl_enforcement_enabled = true
ssl_minimal_tls_version_enforced = "TLS1_2"
lifecycle {
ignore_changes = [tags]
}
threat_detection_policy {
disabled_alerts = []
email_account_admins = false
email_addresses = []
enabled = true
retention_days = 0
}
}
resource "azurerm_mysql_configuration" "time_zone" {
name = "time_zone"
resource_group_name = azurerm_resource_group.main.name
server_name = azurerm_mysql_server.main.name
value = "+00:00"
}
resource "azurerm_mysql_configuration" "enforce_gtid_consistency" {
name = "enforce_gtid_consistency"
resource_group_name = azurerm_resource_group.main.name
server_name = azurerm_mysql_server.main.name
value = "ON"
}
resource "azurerm_mysql_configuration" "gtid_mode" {
name = "gtid_mode"
resource_group_name = azurerm_resource_group.main.name
server_name = azurerm_mysql_server.main.name
value = "ON"
}
Error: waiting for creation of Configuration: (Name "gtid_mode" / Server Name "mysql-01" / Resource Group "myrg-01"): Code="InternalServerError" Message="An unexpected error occured while processing the request. Tracking ID: 'h59fr7f-18uo-90db-tb20-5y65d34btb04'"
on resources.tf line 164, in resource "azurerm_mysql_configuration" "gtid_mode":
164: resource "azurerm_mysql_configuration" "gtid_mode" {
As I have mentioned in comment , The gtid_mode can only be enabled in sequence , directly turning ON will not work evenif the dependency is set with enforce_gtid_consistency.
So, as a solution you have to set it up in sequence:
OFF_PERMISSIVE
ON_PERMISSIVE
ON
I tested with your code doing some changes as below:
main.tf
provider "azurerm"{
features{}
}
data "azurerm_resource_group" "main"{
name = "resourcegroup"
}
data "azurerm_key_vault" "kv"{
name = "ansumantestkv1234"
resource_group_name = "resourcegroup"
}
data "azurerm_key_vault_secret" "name" {
name = "mysqlpassword"
key_vault_id = data.azurerm_key_vault.kv.id
}
resource "azurerm_mysql_server" "main" {
name = var.mysql_server_name
location = data.azurerm_resource_group.main.location
resource_group_name = data.azurerm_resource_group.main.name
administrator_login = var.mysql_administrator_login
administrator_login_password = data.azurerm_key_vault_secret.name.value
sku_name = var.mysql_sku_name
storage_mb = var.mysql_storage_mb
version = var.mysql_version
auto_grow_enabled = true
backup_retention_days = 7
geo_redundant_backup_enabled = false
infrastructure_encryption_enabled = true
public_network_access_enabled = true
ssl_enforcement_enabled = true
ssl_minimal_tls_version_enforced = "TLS1_2"
threat_detection_policy {
disabled_alerts = []
email_account_admins = false
email_addresses = []
enabled = true
retention_days = 0
}
}
resource "azurerm_mysql_configuration" "time_zone" {
name = "time_zone"
resource_group_name = data.azurerm_resource_group.main.name
server_name = azurerm_mysql_server.main.name
value = "+00:00"
}
resource "azurerm_mysql_configuration" "enforce_gtid_consistency" {
name = "enforce_gtid_consistency"
resource_group_name = data.azurerm_resource_group.main.name
server_name = azurerm_mysql_server.main.name
value = "ON"
depends_on = [
azurerm_mysql_configuration.time_zone
]
}
resource "azurerm_mysql_configuration" "gtid_mode_OFF_permissive" {
name = "gtid_mode"
resource_group_name = data.azurerm_resource_group.main.name
server_name = azurerm_mysql_server.main.name
value = "OFF_PERMISSIVE"
depends_on = [
azurerm_mysql_configuration.enforce_gtid_consistency,
]
}
resource "azurerm_mysql_configuration" "gtid_mode_ON_Permissive" {
name = "gtid_mode"
resource_group_name = data.azurerm_resource_group.main.name
server_name = azurerm_mysql_server.main.name
value = "ON_PERMISSIVE"
depends_on = [
azurerm_mysql_configuration.gtid_mode_OFF_permissive
]
}
resource "azurerm_mysql_configuration" "gtid_mode_ON" {
name = "gtid_mode"
resource_group_name = data.azurerm_resource_group.main.name
server_name = azurerm_mysql_server.main.name
value = "ON"
depends_on = [
azurerm_mysql_configuration.gtid_mode_ON_Permissive
]
}
variable.tf:
variable "mysql_server_name" {
default = "ansumanmysqlserver"
}
variable "mysql_administrator_login" {
default = "ansuman"
}
variable "mysql_sku_name" {
default = "GP_Gen5_2"
}
variable "mysql_storage_mb" {
default = "5120"
}
variable "mysql_version" {
default = "5.7"
}
Outputs:
Reference:
MySQL :: MySQL 8.0 Reference Manual :: 17.1.4.2 Enabling GTID Transactions Online
How to point to custom DNS IP using terraform IP Configuration block, sample code show below, is this valid?
resource "azurerm_network_interface" "example" {
name = "example-nic"
location = azurerm_resource_group.example.location
resource_group_name = azurerm_resource_group.example.name
ip_configuration {
name = "internal"
subnet_id = azurerm_subnet.example.id
private_ip_address_allocation = "Dynamic"
dns_servers = 8.8.8.8,8.8,8.8
}
}
as per terraform documentation
resource "azurerm_network_interface" "example" {
name = "example-nic"
location = azurerm_resource_group.example.location
resource_group_name = azurerm_resource_group.example.name
dns_servers = ["8.8.8.8","1.1.1.1"]
ip_configuration {
name = "internal"
subnet_id = azurerm_subnet.example.id
private_ip_address_allocation = "Dynamic"
}
}
I'm trying to set up one mailbox to be shared with another one using steps described here but for some reason I do not see that option in my mailbox (logged as an admin) even I have set ACL as a true in the IMP configuration.
From dovecot -n:
auth_debug = yes
auth_debug_passwords = yes
auth_master_user_separator = *
auth_mechanisms = plain login
auth_verbose = yes
auth_verbose_passwords = yes
dict {
acl = mysql:/usr/etc/dovecot/dovecot-dict-sql.conf.ext
}
disable_plaintext_auth = no
lda_mailbox_autosubscribe = yes
log_path = /var/log/dovecot.log
mail_home = mdbox:/mnt/homedirs/%2Mu/%2.2Mu/%u
mail_location = mdbox:/mnt/mailboxes/%2Mu/%2.2Mu/%u
mail_plugins = acl
mail_shared_explicit_inbox = yes
managesieve_notify_capability = mailto
managesieve_sieve_capability = fileinto reject envelope encoded-character vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy include variables body enotify environment mailbox date index ihave duplicate mime foreverypart extracttext vnd.dovecot.pipe vnd.dovecot.filter vnd.dovecot.execute
namespace {
list = children
location = mdbox:/mnt/mailboxes/%%2Mu/%%2.2Mu/%%u
prefix = shared/%%u/
separator = /
subscriptions = yes
type = shared
}
namespace inbox {
inbox = yes
location =
mailbox Drafts {
auto = subscribe
special_use = \Drafts
}
mailbox INBOX {
auto = subscribe
}
mailbox Junk {
special_use = \Junk
}
mailbox Sent {
auto = subscribe
special_use = \Sent
}
mailbox "Sent Messages" {
special_use = \Sent
}
mailbox Trash {
auto = subscribe
special_use = \Trash
}
prefix =
separator = /
subscriptions = yes
}
passdb {
args = /usr/etc/dovecot/mastership-sql.conf
driver = sql
master = yes
pass = yes
}
passdb {
args = /usr/etc/dovecot/dovecot-sql.conf.ext
driver = sql
}
plugin {
acl = vfile
acl_defaults_from_inbox = yes
acl_shared_dict = proxy::acl
sieve_execute_socket_dir = sieve-execute
sieve_extensions = +vnd.dovecot.execute +vnd.dovecot.filter +vnd.dovecot.pipe
sieve_filter_socket_dir = sieve-filter
sieve_pipe_socket_dir = sieve-pipe
sieve_plugins = sieve_extprograms
}
service dict {
unix_listener dict {
user = dovecot
}
}
service imap-postlogin {
executable = script-login /usr/etc/dovecot/imappostlogin
user = $default_internal_user
}
service imap {
executable = imap imap-postlogin
}
ssl = no
ssl_cert = </etc/pki/tls/certs/hostname.bundle
userdb {
args = uid=dovecot gid=dovecot home=/mnt/mailboxes/%%2Mu/%%2.2Mu/%%u
driver = static
}
protocol lmtp {
mail_plugins = acl sieve
}
protocol lda {
mail_plugins = acl sieve
}
protocol imap {
mail_plugins = acl imap_acl
}
Any tips on that?
It came up that for some reason backends.local.php shouldn't be a modified copy of backends.php. Simple - avoid default array notification for config but rather to set it as
<?php
$servers['imap']['disabled'] = true;
$servers['advanced']['disabled'] = false;
$servers['advanced']['secure'] = 'tls';
$servers['advanced']['debug'] = '/tmp/imp_imap.log';
$servers['advanced']['debug_raw'] = true;