mirror of
https://github.com/tiredofit/docker-postal.git
synced 2024-09-20 06:55:54 +08:00
Fast Server initial support
This commit is contained in:
parent
326e0d149e
commit
3b6278a58e
110
.github/workflows/main.yml
vendored
Normal file
110
.github/workflows/main.yml
vendored
Normal file
|
@ -0,0 +1,110 @@
|
|||
### Application Level Image CI
|
||||
### Dave Conroy <dave at tiredofit dot ca>
|
||||
|
||||
name: 'Build Images'
|
||||
|
||||
on:
|
||||
push:
|
||||
paths:
|
||||
- '**'
|
||||
- '!README.md'
|
||||
jobs:
|
||||
docker:
|
||||
runs-on: ubuntu-latest
|
||||
steps:
|
||||
- name: Checkout
|
||||
uses: actions/checkout@v2
|
||||
|
||||
- name: Prepare
|
||||
id: prep
|
||||
run: |
|
||||
DOCKER_IMAGE=${GITHUB_REPOSITORY/docker-/}
|
||||
set -x
|
||||
if [[ $GITHUB_REF == refs/heads/* ]]; then
|
||||
if [[ $GITHUB_REF == refs/heads/*/* ]] ; then
|
||||
BRANCH="${DOCKER_IMAGE}:$(echo $GITHUB_REF | sed "s|refs/heads/||g" | sed "s|/|-|g")"
|
||||
else
|
||||
BRANCH=${GITHUB_REF#refs/heads/}
|
||||
fi
|
||||
|
||||
case ${BRANCH} in
|
||||
"main" | "master" )
|
||||
BRANCHTAG="${DOCKER_IMAGE}:latest"
|
||||
;;
|
||||
"develop" )
|
||||
BRANCHTAG="${DOCKER_IMAGE}:develop"
|
||||
;;
|
||||
* )
|
||||
if [ -n "${{ secrets.LATEST }}" ] ; then
|
||||
if [ "${BRANCHTAG}" = "${{ secrets.LATEST }}" ]; then
|
||||
BRANCHTAG="${DOCKER_IMAGE}:${BRANCH},${DOCKER_IMAGE}:${BRANCH}-latest,${DOCKER_IMAGE}:latest"
|
||||
else
|
||||
BRANCHTAG="${DOCKER_IMAGE}:${BRANCH},${DOCKER_IMAGE}:${BRANCH}-latest"
|
||||
fi
|
||||
else
|
||||
BRANCHTAG="${DOCKER_IMAGE}:${BRANCH},${DOCKER_IMAGE}:${BRANCH}-latest"
|
||||
fi
|
||||
;;
|
||||
esac
|
||||
fi
|
||||
|
||||
|
||||
if [[ $GITHUB_REF == refs/tags/* ]]; then
|
||||
GITTAG="${DOCKER_IMAGE}:$(echo $GITHUB_REF | sed 's|refs/tags/||g')"
|
||||
fi
|
||||
|
||||
if [ -n "${BRANCHTAG}" ] && [ -n "${GITTAG}" ]; then
|
||||
TAGS=${BRANCHTAG},${GITTAG}
|
||||
else
|
||||
TAGS="${BRANCHTAG}${GITTAG}"
|
||||
fi
|
||||
|
||||
echo ::set-output name=tags::${TAGS}
|
||||
echo ::set-output name=docker_image::${DOCKER_IMAGE}
|
||||
|
||||
- name: Set up QEMU
|
||||
uses: docker/setup-qemu-action@v1
|
||||
with:
|
||||
platforms: all
|
||||
|
||||
- name: Set up Docker Buildx
|
||||
id: buildx
|
||||
uses: docker/setup-buildx-action@v1
|
||||
|
||||
- name: Login to DockerHub
|
||||
if: github.event_name != 'pull_request'
|
||||
uses: docker/login-action@v1
|
||||
with:
|
||||
username: ${{ secrets.DOCKER_USERNAME }}
|
||||
password: ${{ secrets.DOCKER_PASSWORD }}
|
||||
|
||||
- name: Label
|
||||
id: Label
|
||||
run: |
|
||||
if [ -f "Dockerfile" ] ; then
|
||||
sed -i "/FROM .*/a LABEL tiredofit.image.git_repository=\"https://github.com/${GITHUB_REPOSITORY}\"" Dockerfile
|
||||
sed -i "/FROM .*/a LABEL tiredofit.image.git_commit=\"${GITHUB_SHA}\"" Dockerfile
|
||||
sed -i "/FROM .*/a LABEL tiredofit.image.git_committed_by=\"${GITHUB_ACTOR}\"" Dockerfile
|
||||
sed -i "/FROM .*/a LABEL tiredofit.image.image_build_date=\"$(date +'%Y-%m-%d %H:%M:%S')\"" Dockerfile
|
||||
if [ -f "CHANGELOG.md" ] ; then
|
||||
sed -i "/FROM .*/a LABEL tiredofit.image.git_changelog_version=\"$(head -n1 ./CHANGELOG.md | awk '{print $2}')\"" Dockerfile
|
||||
fi
|
||||
|
||||
if [[ $GITHUB_REF == refs/tags/* ]]; then
|
||||
sed -i "/FROM .*/a LABEL tiredofit.image.git_tag=\"${GITHUB_REF#refs/tags/v}\"" Dockerfile
|
||||
fi
|
||||
|
||||
if [[ $GITHUB_REF == refs/heads/* ]]; then
|
||||
sed -i "/FROM .*/a LABEL tiredofit.image.git_branch=\"${GITHUB_REF#refs/heads/}\"" Dockerfile
|
||||
fi
|
||||
fi
|
||||
|
||||
- name: Build
|
||||
uses: docker/build-push-action@v2
|
||||
with:
|
||||
builder: ${{ steps.buildx.outputs.name }}
|
||||
context: .
|
||||
file: ./Dockerfile
|
||||
platforms: linux/amd64,linux/arm/v6,linux/arm/v7,linux/arm64
|
||||
push: true
|
||||
tags: ${{ steps.prep.outputs.tags }}
|
110
.github/workflows/manual.yml
vendored
Normal file
110
.github/workflows/manual.yml
vendored
Normal file
|
@ -0,0 +1,110 @@
|
|||
# Manual Workflow (Application)
|
||||
|
||||
name: Manual
|
||||
|
||||
on:
|
||||
workflow_dispatch:
|
||||
inputs:
|
||||
Manual Build:
|
||||
description: 'Manual Build'
|
||||
required: false
|
||||
jobs:
|
||||
docker:
|
||||
runs-on: ubuntu-latest
|
||||
steps:
|
||||
- name: Checkout
|
||||
uses: actions/checkout@v2
|
||||
|
||||
- name: Prepare
|
||||
id: prep
|
||||
run: |
|
||||
DOCKER_IMAGE=${GITHUB_REPOSITORY/docker-/}
|
||||
set -x
|
||||
if [[ $GITHUB_REF == refs/heads/* ]]; then
|
||||
if [[ $GITHUB_REF == refs/heads/*/* ]] ; then
|
||||
BRANCH="${DOCKER_IMAGE}:$(echo $GITHUB_REF | sed "s|refs/heads/||g" | sed "s|/|-|g")"
|
||||
else
|
||||
BRANCH=${GITHUB_REF#refs/heads/}
|
||||
fi
|
||||
|
||||
case ${BRANCH} in
|
||||
"main" | "master" )
|
||||
BRANCHTAG="${DOCKER_IMAGE}:latest"
|
||||
;;
|
||||
"develop" )
|
||||
BRANCHTAG="${DOCKER_IMAGE}:develop"
|
||||
;;
|
||||
* )
|
||||
if [ -n "${{ secrets.LATEST }}" ] ; then
|
||||
if [ "${BRANCHTAG}" = "${{ secrets.LATEST }}" ]; then
|
||||
BRANCHTAG="${DOCKER_IMAGE}:${BRANCH},${DOCKER_IMAGE}:${BRANCH}-latest,${DOCKER_IMAGE}:latest"
|
||||
else
|
||||
BRANCHTAG="${DOCKER_IMAGE}:${BRANCH},${DOCKER_IMAGE}:${BRANCH}-latest"
|
||||
fi
|
||||
else
|
||||
BRANCHTAG="${DOCKER_IMAGE}:${BRANCH},${DOCKER_IMAGE}:${BRANCH}-latest"
|
||||
fi
|
||||
;;
|
||||
esac
|
||||
fi
|
||||
|
||||
|
||||
if [[ $GITHUB_REF == refs/tags/* ]]; then
|
||||
GITTAG="${DOCKER_IMAGE}:$(echo $GITHUB_REF | sed 's|refs/tags/||g')"
|
||||
fi
|
||||
|
||||
if [ -n "${BRANCHTAG}" ] && [ -n "${GITTAG}" ]; then
|
||||
TAGS=${BRANCHTAG},${GITTAG}
|
||||
else
|
||||
TAGS="${BRANCHTAG}${GITTAG}"
|
||||
fi
|
||||
|
||||
echo ::set-output name=tags::${TAGS}
|
||||
echo ::set-output name=docker_image::${DOCKER_IMAGE}
|
||||
|
||||
- name: Set up QEMU
|
||||
uses: docker/setup-qemu-action@v1
|
||||
with:
|
||||
platforms: all
|
||||
|
||||
- name: Set up Docker Buildx
|
||||
id: buildx
|
||||
uses: docker/setup-buildx-action@v1
|
||||
|
||||
- name: Login to DockerHub
|
||||
if: github.event_name != 'pull_request'
|
||||
uses: docker/login-action@v1
|
||||
with:
|
||||
username: ${{ secrets.DOCKER_USERNAME }}
|
||||
password: ${{ secrets.DOCKER_PASSWORD }}
|
||||
|
||||
- name: Label
|
||||
id: Label
|
||||
run: |
|
||||
if [ -f "Dockerfile" ] ; then
|
||||
sed -i "/FROM .*/a LABEL tiredofit.image.git_repository=\"https://github.com/${GITHUB_REPOSITORY}\"" Dockerfile
|
||||
sed -i "/FROM .*/a LABEL tiredofit.image.git_commit=\"${GITHUB_SHA}\"" Dockerfile
|
||||
sed -i "/FROM .*/a LABEL tiredofit.image.git_committed_by=\"${GITHUB_ACTOR}\"" Dockerfile
|
||||
sed -i "/FROM .*/a LABEL tiredofit.image_build_date=\"$(date +'%Y-%m-%d %H:%M:%S')\"" Dockerfile
|
||||
if [ -f "CHANGELOG.md" ] ; then
|
||||
sed -i "/FROM .*/a LABEL tiredofit.image.git_changelog_version=\"$(head -n1 ./CHANGELOG.md | awk '{print $2}')\"" Dockerfile
|
||||
fi
|
||||
|
||||
if [[ $GITHUB_REF == refs/tags/* ]]; then
|
||||
sed -i "/FROM .*/a LABEL tiredofit.image.git_tag=\"${GITHUB_REF#refs/tags/v}\"" Dockerfile
|
||||
fi
|
||||
|
||||
if [[ $GITHUB_REF == refs/heads/* ]]; then
|
||||
sed -i "/FROM .*/a LABEL tiredofit.image.git_branch=\"${GITHUB_REF#refs/heads/}\"" Dockerfile
|
||||
fi
|
||||
fi
|
||||
|
||||
- name: Build
|
||||
uses: docker/build-push-action@v2
|
||||
with:
|
||||
builder: ${{ steps.buildx.outputs.name }}
|
||||
context: .
|
||||
file: ./Dockerfile
|
||||
platforms: linux/amd64,linux/arm/v6,linux/arm/v7,linux/arm64
|
||||
push: true
|
||||
tags: ${{ steps.prep.outputs.tags }}
|
14
Dockerfile
14
Dockerfile
|
@ -1,23 +1,24 @@
|
|||
FROM tiredofit/ruby:2.6-alpine
|
||||
FROM tiredofit/nginx:alpine-3.13
|
||||
LABEL maintainer="Dave Conroy (dave at tiredofit dot ca)"
|
||||
|
||||
ENV POSTAL_CONFIG_ROOT=/app/config \
|
||||
ENV POSTAL_VERSION=master \
|
||||
POSTAL_REPO_URL=https://github.com/postalhq/postal \
|
||||
POSTAL_CONFIG_ROOT=/app/config \
|
||||
ENABLE_SMTP=FALSE \
|
||||
ZABBIX_HOSTNAME=postal-app
|
||||
|
||||
RUN set -x && \
|
||||
# Create User
|
||||
addgroup -g 2525 postal && \
|
||||
adduser -S -D -G postal -u 2525 -h /app/ postal && \
|
||||
\
|
||||
# Build Dependencies
|
||||
apk update && \
|
||||
apk upgrade && \
|
||||
apk add -t .postal-build-deps \
|
||||
build-base \
|
||||
git \
|
||||
mariadb-dev \
|
||||
&& \
|
||||
ruby-dev \
|
||||
&& \
|
||||
\
|
||||
apk add -t .postal-run-deps \
|
||||
expect \
|
||||
|
@ -27,10 +28,11 @@ RUN set -x && \
|
|||
mariadb-client \
|
||||
mariadb-connector-c \
|
||||
openssl \
|
||||
ruby \
|
||||
&& \
|
||||
\
|
||||
### Fetch Source and install Ruby Dependencies
|
||||
gem install bundler && \
|
||||
gem install bundler -v 1.17.2 && \
|
||||
gem install procodile && \
|
||||
git clone https://github.com/postalhq/postal /app/ && \
|
||||
\
|
||||
|
|
204
README.md
204
README.md
|
@ -1,6 +1,5 @@
|
|||
# hub.docker.com/r/tiredofit/postal
|
||||
|
||||
[![Build Status](https://img.shields.io/docker/build/tiredofit/postal.svg)](https://hub.docker.com/r/tiredofit/postal)
|
||||
[![Docker Pulls](https://img.shields.io/docker/pulls/tiredofit/postal.svg)](https://hub.docker.com/r/tiredofit/postal)
|
||||
[![Docker Stars](https://img.shields.io/docker/stars/tiredofit/postal.svg)](https://hub.docker.com/r/tiredofit/postal)
|
||||
[![Docker Layers](https://images.microbadger.com/badges/image/tiredofit/postal.svg)]
|
||||
|
@ -8,11 +7,12 @@
|
|||
## Introduction
|
||||
|
||||
Dockerfile to build a [Postal](https://github.com/atech/postal) SMTP server for sending and receiving SMTP / HTTP API email.
|
||||
* This Container uses a [customized Alpine base](https://hub.docker.com/r/tiredofit/debian) which includes [s6
|
||||
overlay](https://github.com/just-containers/s6-overlay) enabled for PID 1 Init capabilities, [zabbix-agent](https://zabbix.org) for
|
||||
individual container monitoring, Cron also installed along with other tools (bash,curl, less, logrotate, nano, vim) for easier
|
||||
management.
|
||||
* This Container uses a [customized Alpine base](https://hub.docker.com/r/tiredofit/alpine) which includes [s6
|
||||
overlay](https://github.com/just-containers/s6-overlay) enabled for PID 1 Init capabilities, [zabbix-agent](https://zabbix.org) for
|
||||
individual container monitoring, Cron also installed along with other tools (bash,curl, less, logrotate, nano, vim) for easier
|
||||
management.
|
||||
|
||||
* Contains Fail2Ban for blocking repeat authentication offenders
|
||||
|
||||
|
||||
[Changelog](CHANGELOG.md)
|
||||
|
@ -24,16 +24,31 @@ management.
|
|||
## Table of Contents
|
||||
|
||||
- [Introduction](#introduction)
|
||||
- [Changelog](CHANGELOG.md)
|
||||
- [Authors](#authors)
|
||||
- [Table of Contents](#table-of-contents)
|
||||
- [Prerequisites](#prerequisites)
|
||||
- [Installation](#installation)
|
||||
- [Quick Start](#quick-start)
|
||||
- [Quick Start](#quick-start)
|
||||
- [Configuration](#configuration)
|
||||
- [Data Volumes](#data-volumes)
|
||||
- [Environment Variables](#environmentvariables)
|
||||
- [Environment Variables](#environment-variables)
|
||||
- [Application Settings](#application-settings)
|
||||
- [DNS Settings](#dns-settings)
|
||||
- [Security Settings](#security-settings)
|
||||
- [Performance Settings](#performance-settings)
|
||||
- [Logging Settings](#logging-settings)
|
||||
- [Database Settings](#database-settings)
|
||||
- [Anti Spam Settings](#anti-spam-settings)
|
||||
- [Anti Virus Settings](#anti-virus-settings)
|
||||
- [SMTP Settings](#smtp-settings)
|
||||
- [Client](#client)
|
||||
- [Server](#server)
|
||||
- [Management System](#management-system)
|
||||
- [Relay](#relay)
|
||||
- [Other Settings](#other-settings)
|
||||
- [Networking](#networking)
|
||||
- [Maintenance](#maintenance)
|
||||
- [Shell Access](#shell-access)
|
||||
- [References](#references)
|
||||
- [Shell Access](#shell-access)
|
||||
- [References](#references)
|
||||
|
||||
## Prerequisites
|
||||
|
||||
|
@ -44,7 +59,7 @@ management.
|
|||
|
||||
## Installation
|
||||
|
||||
Automated builds of the image are available on [Docker Hub](https://hub.docker.com/r/tiredofit/postal) and is the recommended method of
|
||||
Automated builds of the image are available on [Docker Hub](https://hub.docker.com/r/tiredofit/postal) and is the recommended method of
|
||||
installation.
|
||||
|
||||
|
||||
|
@ -53,11 +68,11 @@ docker pull hub.docker.com/tiredofit/postal:(imagetag)
|
|||
```
|
||||
|
||||
The following image tags are available:
|
||||
* `latest` - Most recent release of postal w/Alpine Linux 3.11 + Ruby 2.6
|
||||
* `latest` - Most recent release of Postal
|
||||
|
||||
### Quick Start
|
||||
|
||||
* The quickest way to get started is using [docker-compose](https://docs.docker.com/compose/). See the examples folder for a working
|
||||
* The quickest way to get started is using [docker-compose](https://docs.docker.com/compose/). See the examples folder for a working
|
||||
[docker-compose.yml](examples/docker-compose.yml) that can be modified for development or production use.
|
||||
|
||||
* Set various [environment variables](#environment-variables) to understand the capabilities of this image.
|
||||
|
@ -65,48 +80,151 @@ The following image tags are available:
|
|||
|
||||
|
||||
## Configuration
|
||||
|
||||
### Environment Variables
|
||||
|
||||
Along with the Environment Variables from the [Base image](https://hub.docker.com/r/tiredofit/alpine), below is the complete list of
|
||||
Along with the Environment Variables from the [Base image](https://hub.docker.com/r/tiredofit/alpine), below is the complete list of
|
||||
available options that can be used to customize your installation.
|
||||
|
||||
| Parameter | Description |
|
||||
|-----------|-------------|
|
||||
| `DB_HOST` | Hostname of MariaDB Container |
|
||||
| `DB_NAME` | Name of MariaDB Database |
|
||||
| `DB_USER` | Database Username |
|
||||
| `DB_PASS` | Password for Above User |
|
||||
| `DB_PORT` | MariaDB Server Port - Default `3306`
|
||||
| `DB_ROOT_PASS` | Needed for first boot - Assigns privileges to $DB_USER. MySQL Root Pass |
|
||||
| `RABBITMQ_HOST` | RabbitMQ Hostname or Container |
|
||||
| `RABBITMQ_VHOST` | RabbitMQ VHost shard |
|
||||
| `RABBITMQ_USER` | RabbitMQ Username |
|
||||
| `RABBITMQ_PASS` | RabbitMQ Password |
|
||||
| `RABBITMQ_PORT` | RabbitMQ Port - Default `5672` |
|
||||
| `ENABLE_CLAMAV` | Enable ClamAV `true` or `false` - Default `false` |
|
||||
| `ENABLE_SPAMASSASSIN` | Enable Spamassassin `true` or `false` - Default `false` |
|
||||
| `CLAMAV_HOST` | Hostname of Clamd Server |
|
||||
| `SPAMASSASSIN_HOST` | Hostname of Spamassassin Server |
|
||||
| `CLAMAV_PORT` | TCP Port of Clamd Server - Default `3310` |
|
||||
| `SPAMASSASSIN_PORT` | TCP Port of Spamassassin Process - Default `737` |
|
||||
| `LOG_CONSOLE` | Log to Stdout Console `true` or `false` - Default `true` |
|
||||
| `WEB_HOST` | Hostname of Webhost for SMTP Invites - Default `postal.example.com` |
|
||||
| `WEB_PROTOCOL | Protocol of Webhost for SMTP Invites `http` or `https` - Default `http`
|
||||
#### Application Settings
|
||||
| Parameter | Description | Default |
|
||||
| ------------------------- | ---------------------------------------- | ------- |
|
||||
| `ENABLE_TRACKING` | Enable Click Tracking `true` or `false` | `true` |
|
||||
| `MAX_DELIVERY_ATTEMPTS` | Maximum Delivery Attempts before failing | `18` |
|
||||
| `MAX_HOLD_EXPIRY_DAYS` | Maximum Holding days before expiring | `7` |
|
||||
| `SUPPRESSION_LIST_EXPIRY` | Suppression List expiry in days | `30` |
|
||||
|
||||
#### DNS Settings
|
||||
| Parameter | Description | Default |
|
||||
| -------------------------- | --------------------------------------------------- | ---------------------- |
|
||||
| `DNS_HOSTNAME` | Domain Name Mail Server | `example.com` |
|
||||
| `DNS_MX` | MX Record Hostnames - Seperate multiple with commas | |
|
||||
| `DNS_SPF` | SPF Hostname | `spf.$DNS_HOSTNAME` |
|
||||
| `DNS_RETURN_PATH` | Return path Hostname | `rp.$DNS_HOSTNAME` |
|
||||
| `DNS_ROUTE_DOMAIN` | `Routing Domain` | `routes.$DNS_HOSTNAME` |
|
||||
| `DNS_TRACK_DOMAIN` | `Tracking Domain` | `track.$DNS_HOSTNAME` |
|
||||
| `DNS_DKIM_IDENTIFIER` | DKIM Identifier | `postal` |
|
||||
| `DNS_DOMAIN_VERIFY_PREFIX` | Domain verification prefix | `postal-verification` |
|
||||
| `DNS_RETURN_PATH_PREFIX` | Custom Return Path Prefix | `psrp` |
|
||||
|
||||
#### Security Settings
|
||||
| Parameter | Description | Default |
|
||||
| -------------------- | ------------------------------------------------------- | ------- |
|
||||
| `ENABLE_FAIL2BAN` | Block hsots that repeatedly fail authentication | `TRUE` |
|
||||
| `FAIL2BAN_LOG_FILE` | Log Location for Fail2ban `/logs/fail2ban/fail2ban.log` |
|
||||
| `FAIL2BAN_TIME_FIND` | Track failures for this time period | `10m` |
|
||||
| `FAIL2BAN_TIME_BAN` | Time to ban repeat offenders | `10m` |
|
||||
| `FAIL2BAN_MAX_RETRY` | Ban after how many tries during time period | `5` |
|
||||
|
||||
|
||||
#### Performance Settings
|
||||
| Parameter | Description | Default |
|
||||
| ----------------- | ---------------------------- | ------- |
|
||||
| `WORKERS_AMOUNT` | Amount of Workers | `1` |
|
||||
| `WORKERS_THREADS` | Amount of Threads per worker | `4` |
|
||||
|
||||
|
||||
#### Logging Settings
|
||||
| Parameter | Description | Default |
|
||||
| ------------------ | -------------------------------------------------------- | -------- |
|
||||
| `LOG_AUTH_FAILURE` | Log Authentication Failures (Used for Fail2ban blocking) | `TRUE` |
|
||||
| `LOG_CONSOLE` | Log to Stdout Console `true` or `false` | `true` |
|
||||
| `LOG_LOCATION` | Log Location | `/logs/` |
|
||||
| `LOG_SIZE_MAX` | Maximum Log Size in KB | `9999` |
|
||||
|
||||
#### Database Settings
|
||||
| Parameter | Description | Default |
|
||||
| ---------------- | -------------------------------------------------------------------------------------- | ------- |
|
||||
| `DB_HOST` | Hostname of MariaDB Container e.g. `postal-db` | |
|
||||
| `DB_NAME` | Name of MariaDB Database e.g. `postal` | |
|
||||
| `DB_USER` | Database Username e.g. `postal` | |
|
||||
| `DB_PASS` | Password for Above User e.g. `password` | |
|
||||
| `DB_PORT` | MariaDB Server Port | `3306` |
|
||||
| `DB_ROOT_PASS` | Needed for first boot - Assigns privileges to $DB_USER. This is your MariaDB Root Pass | |
|
||||
| `RABBITMQ_HOST` | RabbitMQ Hostname or Container | |
|
||||
| `RABBITMQ_VHOST` | RabbitMQ VHost shard | |
|
||||
| `RABBITMQ_USER` | RabbitMQ Username | |
|
||||
| `RABBITMQ_PASS` | RabbitMQ Password | |
|
||||
| `RABBITMQ_PORT` | RabbitMQ Port | `5672` |
|
||||
|
||||
#### Anti Spam Settings
|
||||
| Parameter | Description | Default |
|
||||
| --------------------- | ------------------------------------- | ------- |
|
||||
| `ENABLE_SPAMASSASSIN` | Enable Spamassassin `true` or `false` | `false` |
|
||||
| `SPAMASSASSIN_HOST` | Hostname of Spamassassin daemon | |
|
||||
| `SPAMASSASSIN_PORT` | TCP Port of spamassassin daemon | `737` |
|
||||
|
||||
#### Anti Virus Settings
|
||||
| Parameter | Description | Default |
|
||||
| --------------- | ------------------------------- | ------- |
|
||||
| `ENABLE_CLAMAV` | Enable ClamAV `true` or `false` | `false` |
|
||||
| `CLAMAV_HOST` | Hostname of Clamd Server | |
|
||||
| `CLAMAV_PORT` | TCP Port of Clamd Server | `3310` |
|
||||
|
||||
#### SMTP Settings
|
||||
##### Client
|
||||
| `SMTP_CLIENT_OPEN_TIMEOUT` | Timeout for an Open Connection in seconds | `30` |
|
||||
| `SMTP_CLIENT_READ_TIMEOUT` | Timeout for Reading Data in seconds | `60` |
|
||||
|
||||
##### Server
|
||||
| Parameter | Description | Default |
|
||||
| ------------------------------------ | -------------------------------------------------- | ----------------- |
|
||||
| `SMTP_SERVER_ENABLE_TLS` | Enable TLS | `false` |
|
||||
| `SMTP_SERVER_HELO_HOSTNAME` | What Hostname to send for HELO | `$DNS_HOSTNAME` |
|
||||
| `SMTP_SERVER_LOG_CONNECTIONS` | Log SMTP Connections | `true` |
|
||||
| `SMTP_SERVER_MAX_MESSAGE_SIZE` | Max message size in Megabytes | `50` |
|
||||
| `SMTP_SERVER_PORT` | Listening Port for Postal Main SMTP Server | `25` |
|
||||
| `SMTP_SERVER_PROXY_PROTOCOL` | Utilize Proxy Protocol | `false` |
|
||||
| `SMTP_SERVER_SSL_VERSION` | SSL Versions | `SSLv23` |
|
||||
| `SMTP_SERVER_STRIP_RECEIVED_HEADERS` | Strip Recieved Headers | `false` |
|
||||
| `SMTP_SERVER_TLS_CERT` | TLS Cert Location (Will authgenerate if not exist) | `/certs/cert.pem` |
|
||||
| `SMTP_SERVER_TLS_CIPHERS` | TLS Ciphers to use | |
|
||||
| `SMTP_SERVER_TLS_KEY` | TLS Key Location (Will autogenerate if not exist) | `/certs/key.pem` |
|
||||
|
||||
##### Management System
|
||||
| Parameter | Description | Default |
|
||||
| ------------------- | ------------------------------------------------------------------------------ | ----------------------- |
|
||||
| `SMTP_FROM_ADDRESS` | From Address for Postam Management System | `postal@yourdomain.com` |
|
||||
| `SMTP_FROM_NAME` | From Name for Postal Management System | `Postal` |
|
||||
| `SMTP_HOST` | SMTP Server to be used to send messages from Postal Management System to users | `127.0.0.1` |
|
||||
| `SMTP_PORT` | SMTP Port to be used to send messages from Postal Management System to Users | `25` |
|
||||
| `SMTP_USER` | Username to authenticate to SMTP Server | |
|
||||
| `SMTP_PASS` | Password to authenticate to SMTP Server | |
|
||||
##### Relay
|
||||
| Parameter | Description | Default |
|
||||
| --------------------- | -------------------------------------------- | ------- |
|
||||
| `SMTP_RELAY_HOST` | Relay all outbound messages to this hostname | |
|
||||
| `SMTP_RELAY_PORT` | SMTP Relay Port | `25` |
|
||||
| `SMTP_RELAY_SSL_MODE` | Relay SSL / TLS Mode | `Auto` |
|
||||
|
||||
#### Other Settings
|
||||
| Parameter | Description | Default |
|
||||
| --------------------------- | ---------------------------------------------------------------------------- | ------------------------ |
|
||||
| `CONFIG_LOCATION` | Configuration File | `/app/config/postal.yml` |
|
||||
| `SETUP_TYPE` | Choose `AUTO` or `MANUAL` Setup type - Auto uses these environment variables | `AUTO` |
|
||||
| `FAST_SERVER_BIND_IP` | Bind IP for the Web Interface | `0.0.0.0` |
|
||||
| `FAST_SERVER_BIND_PORT_TLS` | Bind Port for the TLS Tracking Service | `8443` |
|
||||
| `FAST_SERVER_BIND_PORT` | Bind Port for the Tracking Server | `8080` |
|
||||
| `WEB_BIND_IP` | Bind IP for the Web Interface | `0.0.0.0` |
|
||||
| `WEB_BIND_PORT` | Bind Port for the Web Interface | `5000` |
|
||||
| `WEB_HOSTNAME` | Hostname for Web Interface | `postal.example.com` |
|
||||
| `WEB_MAX_THREADS` | Max Threads for Web Interface | `5` |
|
||||
| `WEB_PROTOCOL` | Protocol for Web Interface `http` or `https` | `http` |
|
||||
|
||||
### Networking
|
||||
|
||||
| Port | Description |
|
||||
|-----------|---------------|
|
||||
| `25` | SMTP |
|
||||
| `5000` | Procodile |
|
||||
| Port | Description |
|
||||
| ------ | ---------------------- |
|
||||
| `25` | SMTP |
|
||||
| `80` | Web Interface |
|
||||
| `8080` | Fast Server /Tracking |
|
||||
| `8443` | Fast Server / Tracking |
|
||||
| `5000` | Puma` |
|
||||
|
||||
## Maintenance
|
||||
|
||||
### Shell Access
|
||||
|
||||
For debugging and maintenance purposes you may want access the containers shell.
|
||||
For debugging and maintenance purposes you may want access the containers shell.
|
||||
|
||||
```bash
|
||||
docker exec -it (whatever your container name is e.g. postal) bash
|
||||
|
|
|
@ -14,6 +14,11 @@ DNS_SPF=${DNS_SPF:-"spf."$DNS_HOSTNAME}
|
|||
DNS_TRACK_DOMAIN=${DNS_TRACK_DOMAIN:-"track."$DNS_HOSTNAME}
|
||||
ENABLE_CLAMAV=${ENABLE_CLAMAV:-false}
|
||||
ENABLE_SPAMASSASSIN=${ENABLE_SPAMASSASSIN:-false}
|
||||
ENABLE_FAST_SERVER=${ENABLE_FAST_SERVER:-true}
|
||||
FAST_SERVER_BIND_IP=${FAST_SERVER_BIND_IP:-0.0.0.0}
|
||||
FAST_SERVER_BIND_PORT=${FAST_SERVER_BIND_PORT:-8080}
|
||||
FAST_SERVER_BIND_PORT_TLS=${FAST_SERVER_BIND_PORT_TLS:-8443}
|
||||
FAST_SERVER_ENABLE_PROXY_PROTOCOL=${FAST_SERVER_ENABLE_PROXY_PROTOCOL:-false}
|
||||
LOG_AUTH_FAILURE=${LOG_AUTH_FAILURE:-"TRUE"}
|
||||
LOG_CONSOLE=${LOG_CONSOLE:-true}
|
||||
LOG_LOCATION=${LOG_LOCATION:-"/logs/"}
|
|
@ -193,6 +193,23 @@ configure_logging() {
|
|||
sed -i "s|<LOG_LOCATION>|${LOG_LOCATION}|g" /etc/logrotate.d/postal
|
||||
}
|
||||
|
||||
configure_nginx(){
|
||||
print_debug "Configuring Nginx"
|
||||
sed -i "s|server_name localhost|server_name ${WEB_HOST}|g" /etc/nginx/conf.d/default.conf
|
||||
if var_true "${ENABLE_TRACKING}" ; then
|
||||
sed -i "s|<LISTEN_PORT>|${NGINX_LISTEN_PORT}|g" /etc/nginx/conf.available/tracking.conf
|
||||
sed -i "s|<DNS_TRACK_DOMAIN>|${DNS_TRACK_DOMAIN}|g" /etc/nginx/conf.available/tracking.conf
|
||||
if [ "${FAST_SERVER_BIND_IP}" = "0.0.0.0" ]; then
|
||||
fast_server_bind_ip="127.0.0.1"
|
||||
else
|
||||
fast_server_bind_ip="${FAST_SERVER_BIND_IP}"
|
||||
fi
|
||||
sed -i "s|<FAST_SERVER_BIND_IP>|${fast_server_bind_ip}|g" /etc/nginx/conf.available/tracking.conf
|
||||
sed -i "s|<FAST_SERVER_BIND_PORT>|${FAST_SERVER_BIND_PORT}|g" /etc/nginx/conf.available/tracking.conf
|
||||
ln -s /etc/nginx/conf.available/tracking.conf /etc/nginx/conf.d/
|
||||
fi
|
||||
}
|
||||
|
||||
configure_postal() {
|
||||
|
||||
silent /app/bin/postal initialize-config
|
||||
|
@ -223,11 +240,11 @@ general:
|
|||
use_local_ns_for_domains: false
|
||||
|
||||
fast_server:
|
||||
enabled: false
|
||||
bind_address:
|
||||
port: 80
|
||||
ssl_port: 443
|
||||
proxy_protocol: false
|
||||
enabled: ${ENABLE_FAST_SERVER}
|
||||
bind_address: ${FAST_SERVER_BIND_ADDRESS}
|
||||
port: ${FAST_SERVER_BIND_PORT}
|
||||
ssl_port: ${FAST_SERVER_BIND_PORT_TLS}
|
||||
proxy_protocol: ${FAST_SERVER_ENABLE_PROXY_PROTOCOL}
|
||||
default_private_key_path: # Defaults to config/fast_server.key
|
||||
default_tls_certificate_path: # Defaults to config/fast_server.cert
|
||||
|
21
install/etc/nginx/conf.available/tracking.conf
Normal file
21
install/etc/nginx/conf.available/tracking.conf
Normal file
|
@ -0,0 +1,21 @@
|
|||
server {
|
||||
### Don't Touch This
|
||||
listen <LISTEN_PORT>;
|
||||
server_name ${DNS_TRACK_DOMAIN};
|
||||
###
|
||||
|
||||
### Populate your custom directives here
|
||||
|
||||
location / {
|
||||
proxy_set_header X-Real-IP $remote_addr;
|
||||
proxy_set_header Host $host;
|
||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||
proxy_set_header X-Forwarded-Proto https;
|
||||
proxy_pass http://<FAST_SERVER_BIND_ADDRESS>:<FAST_SERVER_BIND_PORT>;
|
||||
}
|
||||
|
||||
|
||||
### Don't edit past here
|
||||
include /etc/nginx/nginx.conf.d/site_optimization.conf;
|
||||
include /etc/nginx/nginx.conf.d/exploit_protection.conf;
|
||||
}
|
31
install/etc/nginx/conf.d/default.conf
Normal file
31
install/etc/nginx/conf.d/default.conf
Normal file
|
@ -0,0 +1,31 @@
|
|||
server {
|
||||
### Don't Touch This
|
||||
listen <LISTEN_PORT>;
|
||||
server_name localhost;
|
||||
root <WEBROOT>;
|
||||
###
|
||||
|
||||
### Populate your custom directives here
|
||||
index index.html index.htm;
|
||||
|
||||
location / {
|
||||
client_max_body_size 50M;
|
||||
try_files $uri $uri/index.html $uri.html @puma;
|
||||
}
|
||||
|
||||
location /assets {
|
||||
add_header Cache-Control max-age=3600;
|
||||
}
|
||||
|
||||
location @puma {
|
||||
proxy_set_header X-Real-IP $remote_addr;
|
||||
proxy_set_header Host $host;
|
||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||
proxy_set_header X-Forwarded-Proto https;
|
||||
proxy_pass http://127.0.0.1:5000;
|
||||
}
|
||||
|
||||
### Don't edit past here
|
||||
include /etc/nginx/nginx.conf.d/site_optimization.conf;
|
||||
include /etc/nginx/nginx.conf.d/exploit_protection.conf;
|
||||
}
|
Loading…
Reference in a new issue