version: "3.8" x-environment: &default-env - FRONT_ADDRESS=${STACK_NAME}_app - ADMIN - ANTIVIRUS - API - API_TOKEN - AUTH_RATELIMIT_IP - MESSAGE_RATELIMIT - COMPOSE_PROJECT_NAME - COMPRESSION - COMPRESSION_LEVEL - DB_FLAVOR - DISABLE_STATISTICS - DMARC_RUA - DMARC_RUF - DOCKER_CONTEXT - DOMAIN - FETCHMAIL_DELAY - FULL_TEXT_SEARCH - HOSTNAMES - LETS_ENCRYPT_ENV - LOG_DRIVER - LOG_LEVEL - MESSAGE_SIZE_LIMIT - CREDENTIAL_ROUNDS - POSTMASTER - REAL_IP_FROM - REAL_IP_HEADER - RECIPIENT_DELIMITER - REDIS_ADDRESS - REJECT_UNLISTED_RECIPIENT - RELAYHOST - RELAYNETS - SECRET_KEY - SITENAME - SUBNET - TLS_CERT_FILENAME - TLS_FLAVOR - TLS_KEYPAIR_FILENAME - WEB_ADMIN - WEBDAV - WEBMAIL - WEBROOT_REDIRECT - WEBSITE - WEB_WEBMAIL - WEB_API=/api - WELCOME - WELCOME_BODY - WELCOME_SUBJECT - TZ services: app: image: ghcr.io/mailu/nginx:2.0.23 logging: driver: json-file networks: - proxy - default environment: *default-env ports: - target: 25 published: 25 mode: host - target: 465 published: 465 mode: host - target: 587 published: 587 mode: host - target: 110 published: 110 mode: host - target: 995 published: 995 mode: host - target: 143 published: 143 mode: host - target: 993 published: 993 mode: host volumes: - "certs:/certs" deploy: labels: - "traefik.enable=true" - "traefik.docker.network=proxy" - "traefik.http.services.${STACK_NAME}.loadbalancer.server.port=80" - "traefik.http.routers.${STACK_NAME}.rule=Host(`${WEB_DOMAIN}`)" - "traefik.http.routers.${STACK_NAME}.tls.certresolver=${LETS_ENCRYPT_ENV}" - "traefik.http.routers.${STACK_NAME}.entrypoints=web-secure" - "coop-cloud.${STACK_NAME}.version=1.0.2+2.0.23" db: image: redis:7.2.0-alpine volumes: - "redis:/data" admin: image: ghcr.io/mailu/admin:2.0.23 environment: *default-env healthcheck: disable: true volumes: - "dkim:/dkim" - "mailu:/data" networks: - default imap: image: ghcr.io/mailu/dovecot:2.0.23 environment: *default-env volumes: - "mail:/mail" healthcheck: disable: true depends_on: - app networks: - default smtp: image: ghcr.io/mailu/postfix:2.0.23 environment: *default-env volumes: - "mailqueue:/queue" healthcheck: disable: true depends_on: - app antispam: image: ghcr.io/mailu/rspamd:2.0.23 environment: *default-env volumes: - "rspamd:/var/lib/rspamd" - "dkim:/dkim:ro" healthcheck: disable: true webmail: image: ghcr.io/mailu/webmail:2.0.23 environment: *default-env networks: - default volumes: - "webmail:/data" deploy: replicas: 1 healthcheck: disable: true certdumper: image: ldez/traefik-certs-dumper:v2.8.1 entrypoint: sh -c ' apk add jq ; while ! [ -e /traefik/${ACME_JSON} ] || ! [ `jq ".production.Certificates | length" /traefik/${ACME_JSON}` != 0 ]; do sleep 1 ; done && traefik-certs-dumper file --watch --source /traefik/${ACME_JSON} --dest /output --domain-subdir=true --version v2 --post-hook "sh /usr/bin/certdumper_post.sh"' environment: - DOMAIN=$WEB_DOMAIN volumes: # Folder, which contains the acme.json - type: volume read_only: true source: traefik_letsencrypt target: "/traefik" # Folder, where cert.pem and key.pem will be written - "certs:/output" configs: - source: certdumper_post target: /usr/bin/certdumper_post.sh mode: 0555 volumes: mailu: rspamd: dkim: webmail: redis: mail: certs: mailqueue: traefik_letsencrypt: name: "${TRAEFIK_STACK_NAME}_letsencrypt" external: true networks: default: driver: overlay ipam: driver: default config: - subnet: 192.168.203.0/24 proxy: external: true configs: certdumper_post: name: ${STACK_NAME}_certdumper_post_${CERTDUMPER_POST_VERSION} file: certdumper_post.sh