tiredofit/docker-postal
1
1
Fork 0
mirror of https://github.com/tiredofit/docker-postal.git synced 2024-09-20 06:55:54 +08:00
Code Issues Packages Projects Releases Wiki Activity

Fast Server initial support

Browse source
This commit is contained in:
Dave Conroy 2021-04-01 22:13:46 -07:00
parent 326e0d149e
commit 3b6278a58e
9 changed files with 468 additions and 54 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

110
.github/workflows/main.yml vendored Normal file
View file

@ -0,0 +1,110 @@
### Application Level Image CI
### Dave Conroy <dave at tiredofit dot ca>
name: 'Build Images'
on:
push:
paths:
- '**'
- '!README.md'
jobs:
docker:
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@v2
- name: Prepare
id: prep
run: |
DOCKER_IMAGE=${GITHUB_REPOSITORY/docker-/}
set -x
if [[ $GITHUB_REF == refs/heads/* ]]; then
if [[ $GITHUB_REF == refs/heads/*/* ]] ; then
BRANCH="${DOCKER_IMAGE}:$(echo $GITHUB_REF | sed "s|refs/heads/||g" | sed "s|/|-|g")"
else
BRANCH=${GITHUB_REF#refs/heads/}
fi
case ${BRANCH} in
"main" | "master" )
BRANCHTAG="${DOCKER_IMAGE}:latest"
;;
"develop" )
BRANCHTAG="${DOCKER_IMAGE}:develop"
;;
* )
if [ -n "${{ secrets.LATEST }}" ] ; then
if [ "${BRANCHTAG}" = "${{ secrets.LATEST }}" ]; then
BRANCHTAG="${DOCKER_IMAGE}:${BRANCH},${DOCKER_IMAGE}:${BRANCH}-latest,${DOCKER_IMAGE}:latest"
else
BRANCHTAG="${DOCKER_IMAGE}:${BRANCH},${DOCKER_IMAGE}:${BRANCH}-latest"
fi
else
BRANCHTAG="${DOCKER_IMAGE}:${BRANCH},${DOCKER_IMAGE}:${BRANCH}-latest"
fi
;;
esac
fi
if [[ $GITHUB_REF == refs/tags/* ]]; then
GITTAG="${DOCKER_IMAGE}:$(echo $GITHUB_REF | sed 's|refs/tags/||g')"
fi
if [ -n "${BRANCHTAG}" ] && [ -n "${GITTAG}" ]; then
TAGS=${BRANCHTAG},${GITTAG}
else
TAGS="${BRANCHTAG}${GITTAG}"
fi
echo ::set-output name=tags::${TAGS}
echo ::set-output name=docker_image::${DOCKER_IMAGE}
- name: Set up QEMU
uses: docker/setup-qemu-action@v1
with:
platforms: all
- name: Set up Docker Buildx
id: buildx
uses: docker/setup-buildx-action@v1
- name: Login to DockerHub
if: github.event_name != 'pull_request'
uses: docker/login-action@v1
with:
username: ${{ secrets.DOCKER_USERNAME }}
password: ${{ secrets.DOCKER_PASSWORD }}
- name: Label
id: Label
run: |
if [ -f "Dockerfile" ] ; then
sed -i "/FROM .*/a LABEL tiredofit.image.git_repository=\"https://github.com/${GITHUB_REPOSITORY}\"" Dockerfile
sed -i "/FROM .*/a LABEL tiredofit.image.git_commit=\"${GITHUB_SHA}\"" Dockerfile
sed -i "/FROM .*/a LABEL tiredofit.image.git_committed_by=\"${GITHUB_ACTOR}\"" Dockerfile
sed -i "/FROM .*/a LABEL tiredofit.image.image_build_date=\"$(date +'%Y-%m-%d %H:%M:%S')\"" Dockerfile
if [ -f "CHANGELOG.md" ] ; then
sed -i "/FROM .*/a LABEL tiredofit.image.git_changelog_version=\"$(head -n1 ./CHANGELOG.md | awk '{print $2}')\"" Dockerfile
fi
if [[ $GITHUB_REF == refs/tags/* ]]; then
sed -i "/FROM .*/a LABEL tiredofit.image.git_tag=\"${GITHUB_REF#refs/tags/v}\"" Dockerfile
fi
if [[ $GITHUB_REF == refs/heads/* ]]; then
sed -i "/FROM .*/a LABEL tiredofit.image.git_branch=\"${GITHUB_REF#refs/heads/}\"" Dockerfile
fi
fi
- name: Build
uses: docker/build-push-action@v2
with:
builder: ${{ steps.buildx.outputs.name }}
context: .
file: ./Dockerfile
platforms: linux/amd64,linux/arm/v6,linux/arm/v7,linux/arm64
push: true
tags: ${{ steps.prep.outputs.tags }}

110
.github/workflows/manual.yml vendored Normal file
View file

@ -0,0 +1,110 @@
# Manual Workflow (Application)
name: Manual
on:
workflow_dispatch:
inputs:
Manual Build:
description: 'Manual Build'
required: false
jobs:
docker:
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@v2
- name: Prepare
id: prep
run: |
DOCKER_IMAGE=${GITHUB_REPOSITORY/docker-/}
set -x
if [[ $GITHUB_REF == refs/heads/* ]]; then
if [[ $GITHUB_REF == refs/heads/*/* ]] ; then
BRANCH="${DOCKER_IMAGE}:$(echo $GITHUB_REF | sed "s|refs/heads/||g" | sed "s|/|-|g")"
else
BRANCH=${GITHUB_REF#refs/heads/}
fi
case ${BRANCH} in
"main" | "master" )
BRANCHTAG="${DOCKER_IMAGE}:latest"
;;
"develop" )
BRANCHTAG="${DOCKER_IMAGE}:develop"
;;
* )
if [ -n "${{ secrets.LATEST }}" ] ; then
if [ "${BRANCHTAG}" = "${{ secrets.LATEST }}" ]; then
BRANCHTAG="${DOCKER_IMAGE}:${BRANCH},${DOCKER_IMAGE}:${BRANCH}-latest,${DOCKER_IMAGE}:latest"
else
BRANCHTAG="${DOCKER_IMAGE}:${BRANCH},${DOCKER_IMAGE}:${BRANCH}-latest"
fi
else
BRANCHTAG="${DOCKER_IMAGE}:${BRANCH},${DOCKER_IMAGE}:${BRANCH}-latest"
fi
;;
esac
fi
if [[ $GITHUB_REF == refs/tags/* ]]; then
GITTAG="${DOCKER_IMAGE}:$(echo $GITHUB_REF | sed 's|refs/tags/||g')"
fi
if [ -n "${BRANCHTAG}" ] && [ -n "${GITTAG}" ]; then
TAGS=${BRANCHTAG},${GITTAG}
else
TAGS="${BRANCHTAG}${GITTAG}"
fi
echo ::set-output name=tags::${TAGS}
echo ::set-output name=docker_image::${DOCKER_IMAGE}
- name: Set up QEMU
uses: docker/setup-qemu-action@v1
with:
platforms: all
- name: Set up Docker Buildx
id: buildx
uses: docker/setup-buildx-action@v1
- name: Login to DockerHub
if: github.event_name != 'pull_request'
uses: docker/login-action@v1
with:
username: ${{ secrets.DOCKER_USERNAME }}
password: ${{ secrets.DOCKER_PASSWORD }}
- name: Label
id: Label
run: |
if [ -f "Dockerfile" ] ; then
sed -i "/FROM .*/a LABEL tiredofit.image.git_repository=\"https://github.com/${GITHUB_REPOSITORY}\"" Dockerfile
sed -i "/FROM .*/a LABEL tiredofit.image.git_commit=\"${GITHUB_SHA}\"" Dockerfile
sed -i "/FROM .*/a LABEL tiredofit.image.git_committed_by=\"${GITHUB_ACTOR}\"" Dockerfile
sed -i "/FROM .*/a LABEL tiredofit.image_build_date=\"$(date +'%Y-%m-%d %H:%M:%S')\"" Dockerfile
if [ -f "CHANGELOG.md" ] ; then
sed -i "/FROM .*/a LABEL tiredofit.image.git_changelog_version=\"$(head -n1 ./CHANGELOG.md | awk '{print $2}')\"" Dockerfile
fi
if [[ $GITHUB_REF == refs/tags/* ]]; then
sed -i "/FROM .*/a LABEL tiredofit.image.git_tag=\"${GITHUB_REF#refs/tags/v}\"" Dockerfile
fi
if [[ $GITHUB_REF == refs/heads/* ]]; then
sed -i "/FROM .*/a LABEL tiredofit.image.git_branch=\"${GITHUB_REF#refs/heads/}\"" Dockerfile
fi
fi
- name: Build
uses: docker/build-push-action@v2
with:
builder: ${{ steps.buildx.outputs.name }}
context: .
file: ./Dockerfile
platforms: linux/amd64,linux/arm/v6,linux/arm/v7,linux/arm64
push: true
tags: ${{ steps.prep.outputs.tags }}

14
Dockerfile
View file

@ -1,23 +1,24 @@
FROM tiredofit/ruby:2.6-alpine
FROM tiredofit/nginx:alpine-3.13
LABEL maintainer="Dave Conroy (dave at tiredofit dot ca)"
ENV POSTAL_CONFIG_ROOT=/app/config \
ENV POSTAL_VERSION=master \
POSTAL_REPO_URL=https://github.com/postalhq/postal \
POSTAL_CONFIG_ROOT=/app/config \
ENABLE_SMTP=FALSE \
ZABBIX_HOSTNAME=postal-app
RUN set -x && \
# Create User
addgroup -g 2525 postal && \
adduser -S -D -G postal -u 2525 -h /app/ postal && \
\
# Build Dependencies
apk update && \
apk upgrade && \
apk add -t .postal-build-deps \
build-base \
git \
mariadb-dev \
&& \
ruby-dev \
&& \
\
apk add -t .postal-run-deps \
expect \
@ -27,10 +28,11 @@ RUN set -x && \
mariadb-client \
mariadb-connector-c \
openssl \
ruby \
&& \
\
### Fetch Source and install Ruby Dependencies
gem install bundler && \
gem install bundler -v 1.17.2 && \
gem install procodile && \
git clone https://github.com/postalhq/postal /app/ && \
\

204
README.md
View file

@ -1,6 +1,5 @@
# hub.docker.com/r/tiredofit/postal
[![Build Status](https://img.shields.io/docker/build/tiredofit/postal.svg)](https://hub.docker.com/r/tiredofit/postal)
[![Docker Pulls](https://img.shields.io/docker/pulls/tiredofit/postal.svg)](https://hub.docker.com/r/tiredofit/postal)
[![Docker Stars](https://img.shields.io/docker/stars/tiredofit/postal.svg)](https://hub.docker.com/r/tiredofit/postal)
[![Docker Layers](https://images.microbadger.com/badges/image/tiredofit/postal.svg)]
@ -8,11 +7,12 @@
## Introduction
Dockerfile to build a [Postal](https://github.com/atech/postal) SMTP server for sending and receiving SMTP / HTTP API email.
* This Container uses a [customized Alpine base](https://hub.docker.com/r/tiredofit/debian) which includes [s6
overlay](https://github.com/just-containers/s6-overlay) enabled for PID 1 Init capabilities, [zabbix-agent](https://zabbix.org) for
individual container monitoring, Cron also installed along with other tools (bash,curl, less, logrotate, nano, vim) for easier
management.
* This Container uses a [customized Alpine base](https://hub.docker.com/r/tiredofit/alpine) which includes [s6
overlay](https://github.com/just-containers/s6-overlay) enabled for PID 1 Init capabilities, [zabbix-agent](https://zabbix.org) for
individual container monitoring, Cron also installed along with other tools (bash,curl, less, logrotate, nano, vim) for easier
management.
* Contains Fail2Ban for blocking repeat authentication offenders
[Changelog](CHANGELOG.md)
@ -24,16 +24,31 @@ management.
## Table of Contents
- [Introduction](#introduction)
- [Changelog](CHANGELOG.md)
- [Authors](#authors)
- [Table of Contents](#table-of-contents)
- [Prerequisites](#prerequisites)
- [Installation](#installation)
- [Quick Start](#quick-start)
- [Quick Start](#quick-start)
- [Configuration](#configuration)
- [Data Volumes](#data-volumes)
- [Environment Variables](#environmentvariables)
- [Environment Variables](#environment-variables)
- [Application Settings](#application-settings)
- [DNS Settings](#dns-settings)
- [Security Settings](#security-settings)
- [Performance Settings](#performance-settings)
- [Logging Settings](#logging-settings)
- [Database Settings](#database-settings)
- [Anti Spam Settings](#anti-spam-settings)
- [Anti Virus Settings](#anti-virus-settings)
- [SMTP Settings](#smtp-settings)
- [Client](#client)
- [Server](#server)
- [Management System](#management-system)
- [Relay](#relay)
- [Other Settings](#other-settings)
- [Networking](#networking)
- [Maintenance](#maintenance)
- [Shell Access](#shell-access)
- [References](#references)
- [Shell Access](#shell-access)
- [References](#references)
## Prerequisites
@ -44,7 +59,7 @@ management.
## Installation
Automated builds of the image are available on [Docker Hub](https://hub.docker.com/r/tiredofit/postal) and is the recommended method of
Automated builds of the image are available on [Docker Hub](https://hub.docker.com/r/tiredofit/postal) and is the recommended method of
installation.
@ -53,11 +68,11 @@ docker pull hub.docker.com/tiredofit/postal:(imagetag)
```
The following image tags are available:
* `latest` - Most recent release of postal w/Alpine Linux 3.11 + Ruby 2.6
* `latest` - Most recent release of Postal
### Quick Start
* The quickest way to get started is using [docker-compose](https://docs.docker.com/compose/). See the examples folder for a working
* The quickest way to get started is using [docker-compose](https://docs.docker.com/compose/). See the examples folder for a working
[docker-compose.yml](examples/docker-compose.yml) that can be modified for development or production use.
* Set various [environment variables](#environment-variables) to understand the capabilities of this image.
@ -65,48 +80,151 @@ The following image tags are available:
## Configuration
### Environment Variables
Along with the Environment Variables from the [Base image](https://hub.docker.com/r/tiredofit/alpine), below is the complete list of
Along with the Environment Variables from the [Base image](https://hub.docker.com/r/tiredofit/alpine), below is the complete list of
available options that can be used to customize your installation.
| Parameter | Description |
|-----------|-------------|
| `DB_HOST` | Hostname of MariaDB Container |
| `DB_NAME` | Name of MariaDB Database |
| `DB_USER` | Database Username |
| `DB_PASS` | Password for Above User |
| `DB_PORT` | MariaDB Server Port - Default `3306`
| `DB_ROOT_PASS` | Needed for first boot - Assigns privileges to $DB_USER. MySQL Root Pass |
| `RABBITMQ_HOST` | RabbitMQ Hostname or Container |
| `RABBITMQ_VHOST` | RabbitMQ VHost shard |
| `RABBITMQ_USER` | RabbitMQ Username |
| `RABBITMQ_PASS` | RabbitMQ Password |
| `RABBITMQ_PORT` | RabbitMQ Port - Default `5672` |
| `ENABLE_CLAMAV` | Enable ClamAV `true` or `false` - Default `false` |
| `ENABLE_SPAMASSASSIN` | Enable Spamassassin `true` or `false` - Default `false` |
| `CLAMAV_HOST` | Hostname of Clamd Server |
| `SPAMASSASSIN_HOST` | Hostname of Spamassassin Server |
| `CLAMAV_PORT` | TCP Port of Clamd Server - Default `3310` |
| `SPAMASSASSIN_PORT` | TCP Port of Spamassassin Process - Default `737` |
| `LOG_CONSOLE` | Log to Stdout Console `true` or `false` - Default `true` |
| `WEB_HOST` | Hostname of Webhost for SMTP Invites - Default `postal.example.com` |
| `WEB_PROTOCOL | Protocol of Webhost for SMTP Invites `http` or `https` - Default `http`
#### Application Settings
| Parameter | Description | Default |
| ------------------------- | ---------------------------------------- | ------- |
| `ENABLE_TRACKING` | Enable Click Tracking `true` or `false` | `true` |
| `MAX_DELIVERY_ATTEMPTS` | Maximum Delivery Attempts before failing | `18` |
| `MAX_HOLD_EXPIRY_DAYS` | Maximum Holding days before expiring | `7` |
| `SUPPRESSION_LIST_EXPIRY` | Suppression List expiry in days | `30` |
#### DNS Settings
| Parameter | Description | Default |
| -------------------------- | --------------------------------------------------- | ---------------------- |
| `DNS_HOSTNAME` | Domain Name Mail Server | `example.com` |
| `DNS_MX` | MX Record Hostnames - Seperate multiple with commas | |
| `DNS_SPF` | SPF Hostname | `spf.$DNS_HOSTNAME` |
| `DNS_RETURN_PATH` | Return path Hostname | `rp.$DNS_HOSTNAME` |
| `DNS_ROUTE_DOMAIN` | `Routing Domain` | `routes.$DNS_HOSTNAME` |
| `DNS_TRACK_DOMAIN` | `Tracking Domain` | `track.$DNS_HOSTNAME` |
| `DNS_DKIM_IDENTIFIER` | DKIM Identifier | `postal` |
| `DNS_DOMAIN_VERIFY_PREFIX` | Domain verification prefix | `postal-verification` |
| `DNS_RETURN_PATH_PREFIX` | Custom Return Path Prefix | `psrp` |
#### Security Settings
| Parameter | Description | Default |
| -------------------- | ------------------------------------------------------- | ------- |
| `ENABLE_FAIL2BAN` | Block hsots that repeatedly fail authentication | `TRUE` |
| `FAIL2BAN_LOG_FILE` | Log Location for Fail2ban `/logs/fail2ban/fail2ban.log` |
| `FAIL2BAN_TIME_FIND` | Track failures for this time period | `10m` |
| `FAIL2BAN_TIME_BAN` | Time to ban repeat offenders | `10m` |
| `FAIL2BAN_MAX_RETRY` | Ban after how many tries during time period | `5` |
#### Performance Settings
| Parameter | Description | Default |
| ----------------- | ---------------------------- | ------- |
| `WORKERS_AMOUNT` | Amount of Workers | `1` |
| `WORKERS_THREADS` | Amount of Threads per worker | `4` |
#### Logging Settings
| Parameter | Description | Default |
| ------------------ | -------------------------------------------------------- | -------- |
| `LOG_AUTH_FAILURE` | Log Authentication Failures (Used for Fail2ban blocking) | `TRUE` |
| `LOG_CONSOLE` | Log to Stdout Console `true` or `false` | `true` |
| `LOG_LOCATION` | Log Location | `/logs/` |
| `LOG_SIZE_MAX` | Maximum Log Size in KB | `9999` |
#### Database Settings
| Parameter | Description | Default |
| ---------------- | -------------------------------------------------------------------------------------- | ------- |
| `DB_HOST` | Hostname of MariaDB Container e.g. `postal-db` | |
| `DB_NAME` | Name of MariaDB Database e.g. `postal` | |
| `DB_USER` | Database Username e.g. `postal` | |
| `DB_PASS` | Password for Above User e.g. `password` | |
| `DB_PORT` | MariaDB Server Port | `3306` |
| `DB_ROOT_PASS` | Needed for first boot - Assigns privileges to $DB_USER. This is your MariaDB Root Pass | |
| `RABBITMQ_HOST` | RabbitMQ Hostname or Container | |
| `RABBITMQ_VHOST` | RabbitMQ VHost shard | |
| `RABBITMQ_USER` | RabbitMQ Username | |
| `RABBITMQ_PASS` | RabbitMQ Password | |
| `RABBITMQ_PORT` | RabbitMQ Port | `5672` |
#### Anti Spam Settings
| Parameter | Description | Default |
| --------------------- | ------------------------------------- | ------- |
| `ENABLE_SPAMASSASSIN` | Enable Spamassassin `true` or `false` | `false` |
| `SPAMASSASSIN_HOST` | Hostname of Spamassassin daemon | |
| `SPAMASSASSIN_PORT` | TCP Port of spamassassin daemon | `737` |
#### Anti Virus Settings
| Parameter | Description | Default |
| --------------- | ------------------------------- | ------- |
| `ENABLE_CLAMAV` | Enable ClamAV `true` or `false` | `false` |
| `CLAMAV_HOST` | Hostname of Clamd Server | |
| `CLAMAV_PORT` | TCP Port of Clamd Server | `3310` |
#### SMTP Settings
##### Client
| `SMTP_CLIENT_OPEN_TIMEOUT` | Timeout for an Open Connection in seconds | `30` |
| `SMTP_CLIENT_READ_TIMEOUT` | Timeout for Reading Data in seconds | `60` |
##### Server
| Parameter | Description | Default |
| ------------------------------------ | -------------------------------------------------- | ----------------- |
| `SMTP_SERVER_ENABLE_TLS` | Enable TLS | `false` |
| `SMTP_SERVER_HELO_HOSTNAME` | What Hostname to send for HELO | `$DNS_HOSTNAME` |
| `SMTP_SERVER_LOG_CONNECTIONS` | Log SMTP Connections | `true` |
| `SMTP_SERVER_MAX_MESSAGE_SIZE` | Max message size in Megabytes | `50` |
| `SMTP_SERVER_PORT` | Listening Port for Postal Main SMTP Server | `25` |
| `SMTP_SERVER_PROXY_PROTOCOL` | Utilize Proxy Protocol | `false` |
| `SMTP_SERVER_SSL_VERSION` | SSL Versions | `SSLv23` |
| `SMTP_SERVER_STRIP_RECEIVED_HEADERS` | Strip Recieved Headers | `false` |
| `SMTP_SERVER_TLS_CERT` | TLS Cert Location (Will authgenerate if not exist) | `/certs/cert.pem` |
| `SMTP_SERVER_TLS_CIPHERS` | TLS Ciphers to use | |
| `SMTP_SERVER_TLS_KEY` | TLS Key Location (Will autogenerate if not exist) | `/certs/key.pem` |
##### Management System
| Parameter | Description | Default |
| ------------------- | ------------------------------------------------------------------------------ | ----------------------- |
| `SMTP_FROM_ADDRESS` | From Address for Postam Management System | `postal@yourdomain.com` |
| `SMTP_FROM_NAME` | From Name for Postal Management System | `Postal` |
| `SMTP_HOST` | SMTP Server to be used to send messages from Postal Management System to users | `127.0.0.1` |
| `SMTP_PORT` | SMTP Port to be used to send messages from Postal Management System to Users | `25` |
| `SMTP_USER` | Username to authenticate to SMTP Server | |
| `SMTP_PASS` | Password to authenticate to SMTP Server | |
##### Relay
| Parameter | Description | Default |
| --------------------- | -------------------------------------------- | ------- |
| `SMTP_RELAY_HOST` | Relay all outbound messages to this hostname | |
| `SMTP_RELAY_PORT` | SMTP Relay Port | `25` |
| `SMTP_RELAY_SSL_MODE` | Relay SSL / TLS Mode | `Auto` |
#### Other Settings
| Parameter | Description | Default |
| --------------------------- | ---------------------------------------------------------------------------- | ------------------------ |
| `CONFIG_LOCATION` | Configuration File | `/app/config/postal.yml` |
| `SETUP_TYPE` | Choose `AUTO` or `MANUAL` Setup type - Auto uses these environment variables | `AUTO` |
| `FAST_SERVER_BIND_IP` | Bind IP for the Web Interface | `0.0.0.0` |
| `FAST_SERVER_BIND_PORT_TLS` | Bind Port for the TLS Tracking Service | `8443` |
| `FAST_SERVER_BIND_PORT` | Bind Port for the Tracking Server | `8080` |
| `WEB_BIND_IP` | Bind IP for the Web Interface | `0.0.0.0` |
| `WEB_BIND_PORT` | Bind Port for the Web Interface | `5000` |
| `WEB_HOSTNAME` | Hostname for Web Interface | `postal.example.com` |
| `WEB_MAX_THREADS` | Max Threads for Web Interface | `5` |
| `WEB_PROTOCOL` | Protocol for Web Interface `http` or `https` | `http` |
### Networking
| Port | Description |
|-----------|---------------|
| `25` | SMTP |
| `5000` | Procodile |
| Port | Description |
| ------ | ---------------------- |
| `25` | SMTP |
| `80` | Web Interface |
| `8080` | Fast Server /Tracking |
| `8443` | Fast Server / Tracking |
| `5000` | Puma` |
## Maintenance
### Shell Access
For debugging and maintenance purposes you may want access the containers shell.
For debugging and maintenance purposes you may want access the containers shell.
```bash
docker exec -it (whatever your container name is e.g. postal) bash

5
install/assets/defaults/10-postal → install/assets/defaults/20-postal
View file

@ -14,6 +14,11 @@ DNS_SPF=${DNS_SPF:-"spf."$DNS_HOSTNAME}
DNS_TRACK_DOMAIN=${DNS_TRACK_DOMAIN:-"track."$DNS_HOSTNAME}
ENABLE_CLAMAV=${ENABLE_CLAMAV:-false}
ENABLE_SPAMASSASSIN=${ENABLE_SPAMASSASSIN:-false}
ENABLE_FAST_SERVER=${ENABLE_FAST_SERVER:-true}
FAST_SERVER_BIND_IP=${FAST_SERVER_BIND_IP:-0.0.0.0}
FAST_SERVER_BIND_PORT=${FAST_SERVER_BIND_PORT:-8080}
FAST_SERVER_BIND_PORT_TLS=${FAST_SERVER_BIND_PORT_TLS:-8443}
FAST_SERVER_ENABLE_PROXY_PROTOCOL=${FAST_SERVER_ENABLE_PROXY_PROTOCOL:-false}
LOG_AUTH_FAILURE=${LOG_AUTH_FAILURE:-"TRUE"}
LOG_CONSOLE=${LOG_CONSOLE:-true}
LOG_LOCATION=${LOG_LOCATION:-"/logs/"}

27
install/assets/functions/10-postal → install/assets/functions/20-postal
View file

@ -193,6 +193,23 @@ configure_logging() {
sed -i "s|<LOG_LOCATION>|${LOG_LOCATION}|g" /etc/logrotate.d/postal
}
configure_nginx(){
print_debug "Configuring Nginx"
sed -i "s|server_name localhost|server_name ${WEB_HOST}|g" /etc/nginx/conf.d/default.conf
if var_true "${ENABLE_TRACKING}" ; then
sed -i "s|<LISTEN_PORT>|${NGINX_LISTEN_PORT}|g" /etc/nginx/conf.available/tracking.conf
sed -i "s|<DNS_TRACK_DOMAIN>|${DNS_TRACK_DOMAIN}|g" /etc/nginx/conf.available/tracking.conf
if [ "${FAST_SERVER_BIND_IP}" = "0.0.0.0" ]; then
fast_server_bind_ip="127.0.0.1"
else
fast_server_bind_ip="${FAST_SERVER_BIND_IP}"
fi
sed -i "s|<FAST_SERVER_BIND_IP>|${fast_server_bind_ip}|g" /etc/nginx/conf.available/tracking.conf
sed -i "s|<FAST_SERVER_BIND_PORT>|${FAST_SERVER_BIND_PORT}|g" /etc/nginx/conf.available/tracking.conf
ln -s /etc/nginx/conf.available/tracking.conf /etc/nginx/conf.d/
fi
}
configure_postal() {
silent /app/bin/postal initialize-config
@ -223,11 +240,11 @@ general:
use_local_ns_for_domains: false
fast_server:
enabled: false
bind_address:
port: 80
ssl_port: 443
proxy_protocol: false
enabled: ${ENABLE_FAST_SERVER}
bind_address: ${FAST_SERVER_BIND_ADDRESS}
port: ${FAST_SERVER_BIND_PORT}
ssl_port: ${FAST_SERVER_BIND_PORT_TLS}
proxy_protocol: ${FAST_SERVER_ENABLE_PROXY_PROTOCOL}
default_private_key_path: # Defaults to config/fast_server.key
default_tls_certificate_path: # Defaults to config/fast_server.cert

0
install/etc/cont-init.d/10-postal → install/etc/cont-init.d/20-postal
View file

21
install/etc/nginx/conf.available/tracking.conf Normal file
View file

@ -0,0 +1,21 @@
server {
### Don't Touch This
listen <LISTEN_PORT>;
server_name ${DNS_TRACK_DOMAIN};
###
### Populate your custom directives here
location / {
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto https;
proxy_pass http://<FAST_SERVER_BIND_ADDRESS>:<FAST_SERVER_BIND_PORT>;
}
### Don't edit past here
include /etc/nginx/nginx.conf.d/site_optimization.conf;
include /etc/nginx/nginx.conf.d/exploit_protection.conf;
}

31
install/etc/nginx/conf.d/default.conf Normal file
View file

@ -0,0 +1,31 @@
server {
### Don't Touch This
listen <LISTEN_PORT>;
server_name localhost;
root <WEBROOT>;
###
### Populate your custom directives here
index index.html index.htm;
location / {
client_max_body_size 50M;
try_files $uri $uri/index.html $uri.html @puma;
}
location /assets {
add_header Cache-Control max-age=3600;
}
location @puma {
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto https;
proxy_pass http://127.0.0.1:5000;
}
### Don't edit past here
include /etc/nginx/nginx.conf.d/site_optimization.conf;
include /etc/nginx/nginx.conf.d/exploit_protection.conf;
}