AI is responsible for over half of the coding. Also keep in mind that this software is mostly developed for personal use by myself and thus might not receive all feature requests desired.
###################################################
A Dockerized secure web application for managing email forwarders through the DirectAdmin API. Features a clean web interface with authentication, 2FA support, user management options.
- ๐ Secure Authentication: Built-in user authentication system with session management
- ๐ฑ Two-Factor Authentication: Optional TOTP-based 2FA for enhanced security
- ๐ง Email Forwarder Management:
- Create email forwarders with intuitive interface
- List all existing forwarders
- Delete forwarders with confirmation
- Auto-refresh forwarders list every 60 seconds
- ๐จ Modern Web UI: Clean, responsive interface built with vanilla JavaScript
- ๐ณ Docker Support:
- Multi-architecture images (amd64, arm64)
- Configurable UID/GID for proper file permissions
- Available on GitHub Container Registry
- ๐ DirectAdmin Integration: Direct API integration with DirectAdmin servers
- ๐ Real-time Updates: Automatic refresh of forwarder list
- DirectAdmin Server: Access to a DirectAdmin server with API enabled
- DirectAdmin API Credentials: Username and password with email management permissions
- Docker (recommended): Docker Engine 20.10+ and Docker Compose 2.0+
# Pull and run the Docker image
docker run -d \
--name email-forwarder \
-p 5000:5000 \
-e SECRET_KEY=$(openssl rand -hex 32) \
-v email-forwarder-data:/app/data \
ghcr.io/gittimeraider/directadmin-emailforwarder:mainAccess the application atย http://localhost:5000
- Default username:ย
admin - Default password:ย
changemeย (โ ๏ธ Change immediately!)
| Variable | Description | Required | Default | Example |
|---|---|---|---|---|
SECRET_KEY |
Flask secret key for session encryption | โ | - | your-secret-key-here |
USER_UID |
User ID for container process | โ | 1000 |
1001 |
USER_GID |
Group ID for container process | โ | 1000 |
1001 |
DATABASE_URL |
SQLAlchemy database URL | โ | sqlite:////app/data/users.db |
postgresql://... |
DATA_DIR |
Override data directory (SQLite, uploads) | โ | /app/data |
/data |
SESSION_COOKIE_SECURE |
Force secure cookies (set true in HTTPS) | โ | false |
true |
SESSION_LIFETIME_DAYS |
Session lifetime in days | โ | 1 |
7 |
-
Access the application Navigate toย
http://localhost:5000 -
Login with default credentials
- Username:ย
admin - Password:ย
changeme
- Username:ย
-
Change default password immediately
- This is critical for security
-
Configure additional usersย (if needed)
- Navigate to User Management under Admin
- Create users for team members
-
Enable 2FAย (Recommended)
- Click "Enable 2FA" in the settings
- Scan QR code with authenticator app
- Navigate to the dashboard
- Enter the alias (e.g., "support" forย [email protected])
- Select destination email from dropdown
- Click "Create Forwarder"
- All forwarders are listed with their destinations
- List auto-refreshes every 60 seconds
- Shows alias โ destination mapping
- Find the forwarder in the list
- Click "Delete" button
- Confirm deletion
Only administrators can access user management atย /admin/users
- Click "Add New User"
- Enter username and password
- Optionally generate secure password
- Assign admin privileges if needed
- Click "Save"
- Click "Edit" next to user
- Modify username, password, or privileges
- Reset 2FA if needed
- Click "Save"
- Click "Delete" next to user
- Confirm deletion
- System prevents deleting:
- Your own account
- The last administrator
- Username
- Role (Admin/User)
- 2FA Status
- Creation date
- Last login time
-
Immediate Actions
- Change default admin password
- Enable 2FA for all administrators
- Use strong, unique passwords
-
Password Security
Bash
# Generate secure secret key openssl rand -hex 32 # Generate secure password openssl rand -base64 12 -
Environment Security
- Never commitย
.envย files - Use HTTPS in production
- Restrict database file permissions
- Keep DirectAdmin credentials secure
- Never commitย
-
Container Security
- Run as non-root user
- Use specific UID/GID
- Mount volumes with appropriate permissions
- Password hashing (Werkzeug PBKDF2)
- Session-based authentication
- TOTP 2FA (RFC 6238 compliant)
- CSRF protection
- Admin/user role separation
- Activity logging
Cannot connect to DirectAdmin
- Verify URL format:ย
https://server.com:2222 - Check API credentials
- Ensure API is enabled for user
- Test with curl:ย
curl -u user:pass https://server.com:2222/CMD_API_SHOW_DOMAINS
Permission errors
- Set correct UID/GID:ย
-e USER_UID=$(id -u) -e USER_GID=$(id -g) - Fix data directory:ย
chown -R $(id -u):$(id -g) ./data
2FA not working
- Verify device time is synchronized
- Try adjacent codes (ยฑ30 seconds)
- Ensure using TOTP not HOTP
- Admin can reset user's 2FA
Database errors
- Check data directory permissions
- Ensure volume is mounted correctly
- Verify DATABASE_URL if using external DB