Initial import ⬇
This commit is contained in:
commit
e2c495dc8f
|
@ -0,0 +1,151 @@
|
|||
export SERVICE=mailu
|
||||
export STACK_NAME=mailu
|
||||
|
||||
export CERTDUMPER_POST_VERSION=v1
|
||||
|
||||
# Main mail domain, NOT main web domain (if they are different)
|
||||
export DOMAIN=example.com
|
||||
export LETS_ENCRYPT_ENV=production
|
||||
|
||||
# Custom settings used by certdumper_post.sh and Traefik
|
||||
export WEB_DOMAIN=mail.f0x.link
|
||||
export ACME_JSON=${LETS_ENCRYPT_ENV}-acme.json
|
||||
|
||||
# Mailu settings
|
||||
# https://mailu.io
|
||||
|
||||
export TLS_CERT_FILENAME=$WEB_DOMAIN/certificate.crt
|
||||
export TLS_KEYPAIR_FILENAME=$WEB_DOMAIN/privatekey.key
|
||||
|
||||
export REDIS_ADDRESS=db
|
||||
|
||||
# Set to a randomly generated 16 bytes string
|
||||
export SECRET_KEY=XXXXXXXXXXXXXXXX
|
||||
|
||||
# Subnet of the docker network. This should not conflict with any networks to which your system is connected. (Internal and external!)
|
||||
export SUBNET=192.168.203.0/24
|
||||
|
||||
# Hostnames for this server, separated with comas
|
||||
export HOSTNAMES=$WEB_DOMAIN
|
||||
|
||||
# Postmaster local part (will append the main mail domain)
|
||||
export POSTMASTER=admin
|
||||
|
||||
# Choose how secure connections will behave (value: letsencrypt, cert, notls, mail, mail-letsencrypt)
|
||||
export TLS_FLAVOR=mail
|
||||
|
||||
# Authentication rate limit (per source IP address)
|
||||
export AUTH_RATELIMIT=10/minute
|
||||
|
||||
# Opt-out of statistics, replace with "True" to opt out
|
||||
export DISABLE_STATISTICS=False
|
||||
|
||||
###################################
|
||||
# Optional features
|
||||
###################################
|
||||
|
||||
# Expose the admin interface (value: true, false)
|
||||
export ADMIN=true
|
||||
|
||||
# Choose which webmail to run if any (values: roundcube, rainloop, none)
|
||||
export WEBMAIL=rainloop
|
||||
|
||||
# Dav server implementation (value: radicale, none)
|
||||
export WEBDAV=none
|
||||
|
||||
# Antivirus solution (value: clamav, none)
|
||||
export ANTIVIRUS=none
|
||||
|
||||
###################################
|
||||
# Mail settings
|
||||
###################################
|
||||
|
||||
# Message size limit in bytes
|
||||
# Default: accept messages up to 50MB
|
||||
# Max attachment size will be 33% smaller
|
||||
export MESSAGE_SIZE_LIMIT=50000000
|
||||
|
||||
# Networks granted relay permissions
|
||||
# Use this with care, all hosts in this networks will be able to send mail without authentication!
|
||||
export RELAYNETS=
|
||||
|
||||
# Will relay all outgoing mails if configured
|
||||
export RELAYHOST=
|
||||
|
||||
# Fetchmail delay
|
||||
export FETCHMAIL_DELAY=600
|
||||
|
||||
# Recipient delimiter, character used to delimiter localpart from custom address part
|
||||
export RECIPIENT_DELIMITER=+
|
||||
|
||||
# DMARC rua and ruf email
|
||||
export DMARC_RUA=admin
|
||||
export DMARC_RUF=admin
|
||||
|
||||
# Welcome email, enable and set a topic and body if you wish to send welcome
|
||||
# emails to all users.
|
||||
export WELCOME=false
|
||||
export WELCOME_SUBJECT=Welcome to your new email account
|
||||
export WELCOME_BODY="Welcome to your new email account, if you can read this, then it is configured properly!"
|
||||
|
||||
# Maildir Compression
|
||||
# choose compression-method, default: none (value: bz2, gz)
|
||||
export COMPRESSION=
|
||||
# change compression-level, default: 6 (value: 1-9)
|
||||
export COMPRESSION_LEVEL=
|
||||
|
||||
# IMAP full-text search is enabled by default. Set the following variable to off in order to disable the feature.
|
||||
# FULL_TEXT_SEARCH=off
|
||||
|
||||
###################################
|
||||
# Web settings
|
||||
###################################
|
||||
|
||||
# Path to redirect / to
|
||||
export WEBROOT_REDIRECT=/webmail
|
||||
|
||||
# Path to the admin interface if enabled
|
||||
export WEB_ADMIN=/admin
|
||||
|
||||
# Path to the webmail if enabled
|
||||
export WEB_WEBMAIL=/webmail
|
||||
|
||||
# Website name
|
||||
export SITENAME=mymail
|
||||
|
||||
# Linked Website URL
|
||||
export WEBSITE=https://$DOMAIN
|
||||
|
||||
###################################
|
||||
# Advanced settings
|
||||
###################################
|
||||
|
||||
# Log driver for front service. Possible values:
|
||||
# json-file (default)
|
||||
# journald (On systemd platforms, useful for Fail2Ban integration)
|
||||
# syslog (Non systemd platforms, Fail2Ban integration. Disables `docker-compose log` for front!)
|
||||
# LOG_DRIVER=json-file
|
||||
|
||||
# Docker-compose project name, this will prepended to containers names.
|
||||
export COMPOSE_PROJECT_NAME=mailu
|
||||
|
||||
# Default password scheme used for newly created accounts and changed passwords
|
||||
# (value: PBKDF2, BLF-CRYPT, SHA512-CRYPT, SHA256-CRYPT)
|
||||
export PASSWORD_SCHEME=PBKDF2
|
||||
|
||||
# Header to take the real ip from
|
||||
export REAL_IP_HEADER=
|
||||
|
||||
# IPs for nginx set_real_ip_from (CIDR list separated by commas)
|
||||
export REAL_IP_FROM=
|
||||
|
||||
# choose wether mailu bounces (no) or rejects (yes) mail when recipient is unknown (value: yes, no)
|
||||
export REJECT_UNLISTED_RECIPIENT=
|
||||
|
||||
# Log level threshold in start.py (value: CRITICAL, ERROR, WARNING, INFO, DEBUG, NOTSET)
|
||||
export LOG_LEVEL=WARNING
|
||||
|
||||
###################################
|
||||
# Database settings
|
||||
###################################
|
||||
export DB_FLAVOR=sqlite
|
|
@ -0,0 +1,6 @@
|
|||
#!/bin/sh
|
||||
|
||||
cd /output || exit
|
||||
|
||||
# shellcheck disable=SC2010
|
||||
ls | grep -v private | grep -v "$DOMAIN" | xargs -r rm -r
|
|
@ -0,0 +1,211 @@
|
|||
version: '3.6'
|
||||
|
||||
x-environment:
|
||||
&default-env
|
||||
- ADMIN
|
||||
- ANTIVIRUS
|
||||
- AUTH_RATELIMIT
|
||||
- COMPOSE_PROJECT_NAME
|
||||
- COMPRESSION
|
||||
- COMPRESSION_LEVEL
|
||||
- DB_FLAVOR
|
||||
- DISABLE_STATISTICS
|
||||
- DMARC_RUA
|
||||
- DMARC_RUF
|
||||
- DOCKER_CONTEXT
|
||||
- DOMAIN
|
||||
- FETCHMAIL_DELAY
|
||||
- FULL_TEXT_SEARCH
|
||||
- HOSTNAMES
|
||||
- LETS_ENCRYPT_ENV
|
||||
- LOG_DRIVER
|
||||
- LOG_LEVEL
|
||||
- MESSAGE_SIZE_LIMIT
|
||||
- PASSWORD_SCHEME
|
||||
- POSTMASTER
|
||||
- REAL_IP_FROM
|
||||
- REAL_IP_HEADER
|
||||
- RECIPIENT_DELIMITER
|
||||
- REDIS_ADDRESS
|
||||
- REJECT_UNLISTED_RECIPIENT
|
||||
- RELAYHOST
|
||||
- RELAYNETS
|
||||
- SECRET_KEY
|
||||
- SITENAME
|
||||
- SUBNET
|
||||
- TLS_CERT_FILENAME
|
||||
- TLS_FLAVOR
|
||||
- TLS_KEYPAIR_FILENAME
|
||||
- WEB_ADMIN
|
||||
- WEBDAV
|
||||
- WEBMAIL
|
||||
- WEBROOT_REDIRECT
|
||||
- WEBSITE
|
||||
- WEB_WEBMAIL
|
||||
- WELCOME
|
||||
- WELCOME_BODY
|
||||
- WELCOME_SUBJECT
|
||||
|
||||
services:
|
||||
front:
|
||||
image: mailu/nginx:master
|
||||
logging:
|
||||
driver: json-file
|
||||
networks:
|
||||
- default
|
||||
- proxy
|
||||
environment: *default-env
|
||||
ports:
|
||||
- target: 25
|
||||
published: 25
|
||||
mode: overlay
|
||||
- target: 465
|
||||
published: 465
|
||||
mode: overlay
|
||||
#- target: 587
|
||||
# published: 587
|
||||
# mode: overlay
|
||||
- target: 110
|
||||
published: 110
|
||||
mode: overlay
|
||||
- target: 995
|
||||
published: 995
|
||||
mode: overlay
|
||||
- target: 143
|
||||
published: 143
|
||||
mode: overlay
|
||||
- target: 993
|
||||
published: 993
|
||||
mode: overlay
|
||||
volumes:
|
||||
- "certs:/certs"
|
||||
deploy:
|
||||
labels:
|
||||
- "traefik.enable=true"
|
||||
- "traefik.docker.network=proxy"
|
||||
- "traefik.http.services.${STACK_NAME}.loadbalancer.server.port=80"
|
||||
- "traefik.http.routers.${STACK_NAME}.rule=Host(`${WEB_DOMAIN}`)"
|
||||
- "traefik.http.routers.${STACK_NAME}.tls.certresolver=${LETS_ENCRYPT_ENV}"
|
||||
- "traefik.http.routers.${STACK_NAME}.entrypoints=web-secure"
|
||||
|
||||
db:
|
||||
image: redis:alpine
|
||||
volumes:
|
||||
- "redis:/data"
|
||||
|
||||
admin:
|
||||
image: ${DOCKER_ORG:-mailu}/${DOCKER_PREFIX:-}admin:${MAILU_VERSION:-master}
|
||||
environment: *default-env
|
||||
healthcheck:
|
||||
disable: true
|
||||
volumes:
|
||||
- "dkim:/dkim"
|
||||
- "mailu:/data"
|
||||
|
||||
imap:
|
||||
image: ${DOCKER_ORG:-mailu}/${DOCKER_PREFIX:-}dovecot:${MAILU_VERSION:-master}
|
||||
environment: *default-env
|
||||
volumes:
|
||||
- "mail:/mail"
|
||||
healthcheck:
|
||||
disable: true
|
||||
|
||||
smtp:
|
||||
image: ${DOCKER_ORG:-mailu}/${DOCKER_PREFIX:-}postfix:${MAILU_VERSION:-master}
|
||||
environment: *default-env
|
||||
volumes:
|
||||
- "mailqueue:/queue"
|
||||
healthcheck:
|
||||
disable: true
|
||||
|
||||
antispam:
|
||||
image: ${DOCKER_ORG:-mailu}/${DOCKER_PREFIX:-}rspamd:${MAILU_VERSION:-master}
|
||||
environment: *default-env
|
||||
volumes:
|
||||
- "rspamd:/var/lib/rspamd"
|
||||
- "dkim:/dkim:ro"
|
||||
healthcheck:
|
||||
disable: true
|
||||
|
||||
webmail:
|
||||
image: ${DOCKER_ORG:-mailu}/${DOCKER_PREFIX:-}rainloop:${MAILU_VERSION:-master}
|
||||
environment: *default-env
|
||||
volumes:
|
||||
- "webmail:/data"
|
||||
deploy:
|
||||
replicas: 1
|
||||
healthcheck:
|
||||
disable: true
|
||||
|
||||
#certdumper:
|
||||
# restart: always
|
||||
# image: ${DOCKER_ORG:-mailu}/${DOCKER_PREFIX:-}traefik-certdumper:master
|
||||
# environment:
|
||||
# - DOMAIN=$DOMAIN
|
||||
# # Set TRAEFIK_VERSION to v2 in your .env if you're using Traefik v2
|
||||
# - TRAEFIK_VERSION=${TRAEFIK_VERSION:-v2}
|
||||
# volumes:
|
||||
# - "/docker/traefik/letsencrypt/acme.json:/traefik/acme.json"
|
||||
# - "/docker/traefik/letsencrypt/certs:/tmp/work"
|
||||
# - "/docker/mailu/certs:/output"
|
||||
# labels:
|
||||
# # Set watchtower label
|
||||
# - "com.centurylinklabs.watchtower.enable=true"
|
||||
|
||||
certdumper:
|
||||
image: ldez/traefik-certs-dumper:v2.7.0
|
||||
entrypoint: sh -c '
|
||||
apk add jq
|
||||
; while ! [ -e /traefik/production-acme.json ]
|
||||
|| ! [ `jq ".production.Certificates | length" /traefik/production-acme.json` != 0 ]; do
|
||||
sleep 1
|
||||
; done
|
||||
&& traefik-certs-dumper file --watch --source /traefik/production-acme.json
|
||||
--dest /output --domain-subdir=true --version v2'
|
||||
environment:
|
||||
# Make sure this is the same as the main=-domain in traefik.toml
|
||||
- DOMAIN=$WEB_DOMAIN
|
||||
volumes:
|
||||
# Folder, which contains the acme.json
|
||||
- "traefik_letsencrypt:/traefik"
|
||||
# Folder, where cert.pem and key.pem will be written
|
||||
- "certs:/output"
|
||||
configs:
|
||||
- source: certdumper_post
|
||||
target: /usr/bin/certdumper_post.sh
|
||||
mode: 0555
|
||||
|
||||
#certdumper:
|
||||
# image: humenius/traefik-certs-dumper:latest
|
||||
# volumes:
|
||||
# - traefik_letsencrypt:/traefik:ro
|
||||
# - certs:/output:rw
|
||||
# environment:
|
||||
# - DOMAIN=$WEB_DOMAIN
|
||||
|
||||
volumes:
|
||||
mailu:
|
||||
rspamd:
|
||||
dkim:
|
||||
webmail:
|
||||
redis:
|
||||
mail:
|
||||
certs:
|
||||
mailqueue:
|
||||
traefik_letsencrypt:
|
||||
external: true
|
||||
|
||||
networks:
|
||||
default:
|
||||
driver: overlay
|
||||
ipam:
|
||||
driver: default
|
||||
config:
|
||||
- subnet: 192.168.203.0/24
|
||||
proxy:
|
||||
external: true
|
||||
|
||||
configs:
|
||||
certdumper_post:
|
||||
name: ${STACK_NAME}_certdumper_post_${CERTDUMPER_POST_VERSION}
|
||||
file: certdumper_post.sh
|
Loading…
Reference in New Issue