snappymail/docker-compose.yml
Leonard Jonathan Oh 25bd3d441e Fix (development): Fix self-signed certs verification in docker-compose.yml
This allows `Require verification of SSL certificate` to work as expected.
2023-11-24 10:47:32 +00:00

151 lines
4.4 KiB
YAML

#
# Note: Before starting, ensure you run gulp once, to generate static assets in ./snappymail/v/0.0.0/static/css and ./snappymail/v/0.0.0/static/js
#
version: '3.0'
services:
# Generate self-signed certs
# See: https://docker-mailserver.github.io/docker-mailserver/latest/config/security/ssl/#self-signed-certificates
step-ca:
image: smallstep/step-ca:latest
working_dir: /certs
volumes:
- certs:/certs
entrypoint:
- /bin/sh
user: 0:0
command:
- -c
- |
set -eu
if [ ! -d demoCA ]; then
mkdir -p demoCA
step certificate create "Smallstep Root CA" "demoCA/cacert.pem" "demoCA/cakey.pem" \
--no-password --insecure \
--profile root-ca \
--not-before "2021-01-01T00:00:00+00:00" \
--not-after "2031-01-01T00:00:00+00:00" \
--san "example.com" \
--san "mail.example.com" \
--kty RSA --size 2048
step certificate create "Smallstep Leaf" mail.example.com-cert.pem mail.example.com-key.pem \
--no-password --insecure \
--profile leaf \
--ca "demoCA/cacert.pem" \
--ca-key "demoCA/cakey.pem" \
--not-before "2021-01-01T00:00:00+00:00" \
--not-after "2031-01-01T00:00:00+00:00" \
--san "example.com" \
--san "mail.example.com" \
--san "imap.example.com" \
--san "smtp.example.com" \
--kty RSA --size 2048
fi
# Mail server
# See: https://docker-mailserver.github.io/docker-mailserver/latest
# Add an account: echo 'test' | docker exec -i $( docker-compose ps -q docker-mailserver ) setup email add test@example.com
docker-mailserver:
image: docker.io/mailserver/docker-mailserver:12
domainname: mail.example.com
environment:
- ENABLE_SPAMASSASSIN=0
- ENABLE_CLAMAV=0
- ENABLE_FAIL2BAN=0
- ENABLE_POSTGREY=0
- ENABLE_MANAGESIEVE=1
- ONE_DIR=1
- DMS_DEBUG=0
- POSTFIX_INET_PROTOCOLS=ipv4
- DOVECOT_INET_PROTOCOLS=ipv4
- SSL_TYPE=manual
- SSL_CERT_PATH=/certs/mail.example.com-cert.pem
- SSL_KEY_PATH=/certs/mail.example.com-key.pem
volumes:
- certs:/certs
- dms-mail-data:/var/mail
- dms-mail-state:/var/mail-state
- dms-mail-logs:/var/log/mail
- dms-config:/tmp/docker-mailserver
networks:
default:
aliases:
- example.com
- mail.example.com
- imap.example.com
- smtp.example.com
depends_on:
step-ca:
condition: service_completed_successfully
entrypoint:
- /bin/sh
command:
- -c
- |
set -eu
echo "Trusting demoCA certificate"
cp -v /certs/demoCA/cacert.pem /usr/local/share/ca-certificates/cacert.crt # Debian expects certs to end with .crt
update-ca-certificates
exec supervisord -c /etc/supervisor/supervisord.conf
# Snappymail: http://localhost:8888
# Admin panel: http://localhost:8888/?admin
# Get the Admin Panel password: docker exec -it $( docker-compose ps -q snappymail ) cat /var/lib/snappymail/_data_/_default_/admin_password.txt
snappymail:
build:
dockerfile: ./.docker/release/Dockerfile
context: .
# environment:
# - DEBUG=true
volumes:
- certs:/certs:ro
- ./snappymail:/snappymail/snappymail:ro
- ./index.php:/snappymail/index.php:ro
- snappymail:/var/lib/snappymail
ports:
- 8888:8888
networks:
- default
depends_on:
step-ca:
condition: service_completed_successfully
db:
condition: service_started
entrypoint:
- /bin/sh
command:
- -c
- |
set -eu
echo "Trusting demoCA certificate"
cp -v /certs/demoCA/cacert.pem /usr/local/share/ca-certificates/
update-ca-certificates
exec /entrypoint.sh
# MySQL database
db:
image: mysql:5.7
restart: always
environment:
- MYSQL_ROOT_PASSWORD=root
- MYSQL_USER=snappymail
- MYSQL_PASSWORD=snappymail
- MYSQL_DATABASE=snappymail
volumes:
- mysql:/var/lib/mysql
networks:
- default
volumes:
certs:
dms-mail-data:
dms-mail-state:
dms-mail-logs:
dms-config:
snappymail:
mysql:
networks:
default: