generated from coop-cloud/example
Update README and options
This commit is contained in:
3wc
parent
51ade396c0
commit
2d1bbb41f7
@ -1,4 +1,12 @@
|
|||||||
export SERVICE=postfix_relay
|
export SERVICE=postfix_relay
|
||||||
export DOMAIN=postfix-relay.example.com
|
export DOMAIN=example.com
|
||||||
export STACK_NAME=postfix_relay
|
export STACK_NAME=postfix_relay
|
||||||
export LETS_ENCRYPT_ENV=production
|
export LETS_ENCRYPT_ENV=production
|
||||||
|
|
||||||
|
# Postfix options, see
|
||||||
|
# https://github.com/bokysan/docker-postfix#configuration-options
|
||||||
|
#export TZ=Europe/London
|
||||||
|
#export INBOUND_DEBUGGING=1
|
||||||
|
|
||||||
|
# $DOMAIN will be added by default, specify any more here:
|
||||||
|
#export EXTRA_SENDER_DOMAINS="app.example.com"
|
||||||
|
|||||||
30
README.md
30
README.md
@ -1,6 +1,22 @@
|
|||||||
# Postfix-Relay
|
# Postfix-Relay
|
||||||
|
|
||||||
Simple SMTP server / postfix null relay host • https://github.com/bokysan/docker-postfix
|
Centralised email delivery for all your `compose-stacks` apps using the
|
||||||
|
[`boky/postfix`] outgoing-only mail image.
|
||||||
|
|
||||||
|
The basic idea is to run one instance of this on each swarm, and configure that
|
||||||
|
swarm's apps to send all their email through it.
|
||||||
|
|
||||||
|
By default, this stack will try to deliver e-mail directly (i.e. looking up the
|
||||||
|
recipient's mail server using `MX` records). For this to work, you will need to
|
||||||
|
set up reverse DNS and SPF.
|
||||||
|
|
||||||
|
Alternatively, you can easily route mail through a smarthost / relay host like
|
||||||
|
Mailgun or Gandi -- see [`RELAYHOST` and related parameters][boky-postfix-options].
|
||||||
|
|
||||||
|
FIXME 3wc: Pass `RELAYHOST` etc. from `.envrc` to service
|
||||||
|
|
||||||
|
TODO 3wc: Can you run more than one instance of this on a swarm? How could we handle
|
||||||
|
that in terms of reverse DNS?
|
||||||
|
|
||||||
## Basic usage
|
## Basic usage
|
||||||
|
|
||||||
@ -13,5 +29,17 @@ Simple SMTP server / postfix null relay host • https://github.com/bokysan/dock
|
|||||||
5. `direnv allow` (or `. .envrc`)
|
5. `direnv allow` (or `. .envrc`)
|
||||||
6. `abra deploy`
|
6. `abra deploy`
|
||||||
|
|
||||||
|
## Using this in other stacks
|
||||||
|
|
||||||
|
Add the other service to the (internal) `mail` network, and set whatever options
|
||||||
|
the image supports for auto-configuring SMTP settings.
|
||||||
|
|
||||||
|
For reusable stacks, you probably want to put this configuration in a separate
|
||||||
|
`compose.mailrelay.yml` file, e.g. [the version in
|
||||||
|
`compose-stacks/nextcloud`][nextcloud-compose].
|
||||||
|
|
||||||
|
[`boky-postfix`]: https://hub.docker.com/r/boky/postfix
|
||||||
|
[boky-postfix-options]: https://github.com/bokysan/docker-postfix#postfix-specific-options
|
||||||
[`abra`]: https://git.autonomic.zone/autonomic-cooperative/abra
|
[`abra`]: https://git.autonomic.zone/autonomic-cooperative/abra
|
||||||
[`compose-stacks/traefik`]: https://git.autonomic.zone/compose-stacks/traefik
|
[`compose-stacks/traefik`]: https://git.autonomic.zone/compose-stacks/traefik
|
||||||
|
[nextcloud-compose]: https://git.autonomic.zone/compose-stacks/nextcloud/src/branch/main/compose.mailrelay.yml
|
||||||
|
|||||||
38
compose.yml
38
compose.yml
@ -3,27 +3,41 @@ version: "3.8"
|
|||||||
|
|
||||||
services:
|
services:
|
||||||
app:
|
app:
|
||||||
image: nginx:1.19.2
|
image: "boky/postfix"
|
||||||
networks:
|
networks:
|
||||||
|
- mail
|
||||||
- proxy
|
- proxy
|
||||||
|
healthcheck:
|
||||||
|
test: [ "CMD", "sh", "-c", "netstat -an | fgrep 587 | fgrep -q LISTEN" ]
|
||||||
|
interval: 10s
|
||||||
|
timeout: 5s
|
||||||
|
start_period: 10s
|
||||||
|
retries: 2
|
||||||
|
environment:
|
||||||
|
FORCE_COLOR: "1"
|
||||||
|
TZ: ${TZ}
|
||||||
|
INBOUND_DEBUGGING: "${INBOUND_DEBUGGING:-0}"
|
||||||
|
ALLOWED_SENDER_DOMAINS: "${EXTRA_SENDER_DOMAINS} ${DOMAIN}"
|
||||||
|
POSTFIX_myhostname: "${DOMAIN}"
|
||||||
deploy:
|
deploy:
|
||||||
restart_policy:
|
restart_policy:
|
||||||
condition: on-failure
|
condition: on-failure
|
||||||
labels:
|
labels:
|
||||||
- "traefik.enable=true"
|
- "traefik.enable=true"
|
||||||
- "traefik.docker.network=proxy"
|
- "traefik.docker.network=proxy"
|
||||||
- "traefik.http.routers.${STACK_NAME}.tls=true"
|
- "traefik.tcp.routers.${STACK_NAME}.entrypoints=smtp-submission"
|
||||||
- "traefik.http.services.${STACK_NAME}.loadbalancer.server.port=80"
|
- "traefik.tcp.routers.${STACK_NAME}.rule=HostSNI(`*`)"
|
||||||
- "traefik.http.routers.${STACK_NAME}.rule=Host(`${DOMAIN}`)"
|
# TODO 3wc: we can only route TCP traffic if it uses TLS
|
||||||
- "traefik.http.routers.${STACK_NAME}.tls.certresolver=${LETS_ENCRYPT_ENV}"
|
# https://doc.traefik.io/traefik/v2.0/routing/routers/#rule_1
|
||||||
- "traefik.http.routers.${STACK_NAME}.entrypoints=web-secure"
|
#- "traefik.tcp.routers.${STACK_NAME}.rule=HostSNI(`${DOMAIN}`)"
|
||||||
healthcheck:
|
- "traefik.tcp.routers.${STACK_NAME}.service=${STACK_NAME}"
|
||||||
test: ["CMD", "curl", "-f", "http://localhost"]
|
- "traefik.tcp.services.${STACK_NAME}.loadbalancer.server.port=587"
|
||||||
interval: 30s
|
#- "traefik.tcp.routers.${STACK_NAME}.tls.passthrough=true"
|
||||||
timeout: 10s
|
#- "traefik.tcp.routers.${STACK_NAME}.tls=true"
|
||||||
retries: 10
|
#- "traefik.tcp.routers.${STACK_NAME}.service=mailu_smtp"
|
||||||
start_period: 1m
|
|
||||||
|
|
||||||
networks:
|
networks:
|
||||||
|
mail:
|
||||||
|
external: true
|
||||||
proxy:
|
proxy:
|
||||||
external: true
|
external: true
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user