mosparo/mosparo-unprivileged

By mosparo

Updated 4 days ago

Official Docker Repository for mosparo (unprivileged).

Image
Security
0

5.1K

mosparo/mosparo-unprivileged repository overview

 

mosparo logo contains a bird with the name Mo and the mosparo text

The modern spam protection tool.
It replaces other captcha methods with a simple and easy to use spam protection solution.
FYI: The bird is called Mo (the sparrow).

Unprivileged version



Unprivileged version

This image is the unprivileged version of the mosparo image. It is compatible with the security context "restricted-v2" of OpenShift. The following table shows you the differences between the standard and the unprivileged version:

DifferenceDescription
No cron jobsThe image does not contain any cron jobs. This is because the cron software requires root to start correctly. The official recommendation for Kubernetes is to use Kubernetes cronjobs.
Choose functionalityIn the unprivileged image, you can choose whether to run nginx, PHP, or both in the container. See the environment variables for more information.
Exposed port 8080This image exposes port 8080 for the web server compared to port 80 in the standard image.
VolumesThe unprivileged image uses three different volumes to replace the different writable directories with writeable volumes without linking.
Configuration fileThe path to the configuration file is defined as an environment variable. The image expects a volume for /mosparo-config in which the configuration file is stored.

Description

mosparo is the modern solution to protect your online forms from spam. The protection method is simple: mosparo blocks spam based on rules matching the form's data. The detection method is comparable to an email spam filter. The user does not have to prove it is a real human by solving a puzzle. Instead, the tool scans the entered form data for words or other information that is not allowed. You can add different kinds of rules to catch all possible spam.

How it works

Spam filters are standard on email servers. They scan a whole message to detect a possible spam message. Additionally, many settings can prevent spam mail (or at least make it more visible), like SPF, DKIM, etc. But the hard part is that the email is one message, and the spam filter must check the entire message. Since everything is together in one message, it can lead to false detection.

The solution in web forms is more straightforward: since all fields are separated, we can check all fields separately. In one of the fields, the spam bot has to write, for example, the URL to the website or the message. Because of that, we can execute our checks for the field and detect spam very quickly — if there is a rule to detect spam.

Our target

We don't guarantee that mosparo will catch all your spam messages since the detection is mainly based on your rules. If you set up enough rules, we estimate that mosparo will block more than 80% of the spam messages.

Our main objective is different. Firstly, we wanted to create a solution that you can host on your server or web hosting, which does not collect as much data as possible.

When we looked for ways to do that, we found that there wasn't a real solution for everyone. Many existing solutions require a puzzle that the user must resolve. For people with disabilities, solving puzzles may not be a good way to prove that they are real people.

We have therefore defined our main objective: to collect only data that is necessary, self-hosted, and accessible.

Key features

  • mosparo only uses the data which the user has entered in the form, the IP address of the user, and the user agent of the browser but does not collect other data
    • All user data are encrypted by default
    • All collected data are deleted in a fixed time interval. All data will be deleted after 14 days (maybe 15 days because of cronjob execution and so on)
  • Usable for everybody: the mosparo spam protection method does not use puzzles or obscured images to protect the form.
  • Open-source and self-hosted
  • The checkbox is customizable in size and color

Requirements

To use the Docker image, you need at least

  • Docker version 20.10.20 or newer
  • One MySQL or PostgreSQL database in a Docker container or somewhere else, or an SQLite database as a file

Use the image

There are two ways to use the Docker image. The first and recommended option is to use Docker Compose. With Docker Compose, you can create all the needed containers with one command. However, you can also create your Docker container manually by using the image directly.

Use Docker Compose

To use this method, please install Docker Compose first. You can find the manual here: https://docs.docker.com/compose/install/

Now, you should create a new directory on your server. Please create a new file called docker-compose.yaml in this directory.

Insert the following content into this file:

Services:
  DB:
    # We recommend the MariaDB image
    image: mariadb:11.4
    # If you want to use MySQL, uncomment the following line (and comment the one above)
    #image: mysql:8.0.37
    command: '--default-authentication-plugin=mysql_native_password'
    volumes:
      - db_data:/var/lib/mysql
    restart: always
    environment:
      - MYSQL_ROOT_PASSWORD=mosparo_root_pw
      - MYSQL_DATABASE=mosparo
      - MYSQL_USER=mosparo
      - MYSQL_PASSWORD=mosparo_password
    expose:
      - 3306
      - 33060
  mosparo_web:
    image: mosparo/mosparo-unprivileged:latest
    ports:
      - 8080:8080
    restart: always
    environment:
      - MOSPARO_RUN_NGINX=1
      - MOSPARO_RUN_PHP_FPM=1
      - MOSPARO_CONFIG_FILE_PATH=/mosparo-config/env.mosparo.php
      #- MOSPARO_CLEANUP_GRACE_PERIOD_ENABLED=1
    Volumes:
      - mosparo_config:/mosparo-config
      - mosparo_public_resources:/mosparo/public/resources
      - mosparo_var:/mosparo/var
volumes:
  db_data:
  mosparo_config:
  mosparo_public_resources:
  mosparo_var:

After you created the file with the content above, open a terminal. Navigate to your newly created directory and run the following command to create and start the containers:

docker-compose up -d

You should see that the images get downloaded and the containers get created.

After some time, the work should be completed, and the mosparo container should be created. The mosparo container is now installed.

You should be able to access mosparo when you enter 127.0.0.1:8080 in your browser.

For security reasons, you should not make port 8080 of the mosparo image publicly available. Instead, you must set up a reverse proxy. For this, see reverse proxy.

Use the image directly

Instead of using the Docker Compose method, you can create the container directly with the image. For this, run the following command:

docker run -p 127.0.0.1:8080:8080 -d mosparo/mosparo-unprivileged

The image will be downloaded, and the container will be created. If you want to use a dockerized MySQL database, you have to link the mosparo container to this MySQL server.

docker run –link mysql-server -p 127.0.0.1:8080:8080 -d mosparo/mosparo-unprivileged

You should be able to access mosparo when you enter 127.0.0.1:8080 in your browser.

For security reasons, you should not make port 8080 of the mosparo image publicly available. Instead, you must set up a reverse proxy. For this, see reverse proxy.

Environment variables

mosparo stores the configuration of mosparo in a PHP file as if you install it normally, so you cannot set the configuration by using environment variables.

But there are some additional environment variables which you can use to change the behavior of the Docker image:

NameDefaultDescription
MOSPARO_RUN_NGINX1Allows to enable or disable the webserver in the mosparo image
MOSPARO_RUN_PHP_FPM1Allows to enable or disable the cron jobs in the mosparo image
MOSPARO_UPDATES_ENABLED0Enables or disables the updates inside mosparo. This should be disabled all the time in a Docker container since updating mosparo in a Docker environment should be happen by updating the image
TRUSTED_PROXIES127.0.0.1,REMOTE_ADDRDefines which proxies mosparo should trust. The default settings allow all proxies. This is why you need a reverse proxy in front of mosparo and should not expose it to the public directly.
MOSPARO_CONFIG_FILE_PATHundefinedSpecifies the absolute path to the configuration file, for example, /mosparo-config/env.mosparo.php.

Learn more about the environment variables in the official mosparo documentation.

Cron jobs

Since the image does not contain any cron daemon, you must configure the cron job yourself. If you use Kubernetes, you can use Kubernetes cron jobs.

Otherwise, you can use another image to execute the mosparo cron jobs or you can execute them from the host (https://documentation.mosparo.io/docs/installation/configure/cron_jobs).

mosparo also offers a web cron job which you can execute by web request. You can use an external service or an additional image to call the web cron job (https://documentation.mosparo.io/docs/installation/configure/cron_jobs#web-cron-job).

Tag summary

Content type

Image

Digest

sha256:10adc7b84

Size

240.2 MB

Last updated

4 days ago

docker pull mosparo/mosparo-unprivileged