From 3b6278a58e427abb65d4ea712244ddb16dbc6222 Mon Sep 17 00:00:00 2001 From: Dave Conroy Date: Thu, 1 Apr 2021 22:13:46 -0700 Subject: [PATCH] Fast Server initial support --- .github/workflows/main.yml | 110 ++++++++++ .github/workflows/manual.yml | 110 ++++++++++ Dockerfile | 14 +- README.md | 204 ++++++++++++++---- .../assets/defaults/{10-postal => 20-postal} | 5 + .../assets/functions/{10-postal => 20-postal} | 27 ++- .../etc/cont-init.d/{10-postal => 20-postal} | 0 .../etc/nginx/conf.available/tracking.conf | 21 ++ install/etc/nginx/conf.d/default.conf | 31 +++ 9 files changed, 468 insertions(+), 54 deletions(-) create mode 100644 .github/workflows/main.yml create mode 100644 .github/workflows/manual.yml rename install/assets/defaults/{10-postal => 20-postal} (89%) rename install/assets/functions/{10-postal => 20-postal} (91%) rename install/etc/cont-init.d/{10-postal => 20-postal} (100%) create mode 100644 install/etc/nginx/conf.available/tracking.conf create mode 100644 install/etc/nginx/conf.d/default.conf diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml new file mode 100644 index 0000000..b1d1ada --- /dev/null +++ b/.github/workflows/main.yml @@ -0,0 +1,110 @@ +### Application Level Image CI +### Dave Conroy + +name: 'Build Images' + +on: + push: + paths: + - '**' + - '!README.md' +jobs: + docker: + runs-on: ubuntu-latest + steps: + - name: Checkout + uses: actions/checkout@v2 + + - name: Prepare + id: prep + run: | + DOCKER_IMAGE=${GITHUB_REPOSITORY/docker-/} + set -x + if [[ $GITHUB_REF == refs/heads/* ]]; then + if [[ $GITHUB_REF == refs/heads/*/* ]] ; then + BRANCH="${DOCKER_IMAGE}:$(echo $GITHUB_REF | sed "s|refs/heads/||g" | sed "s|/|-|g")" + else + BRANCH=${GITHUB_REF#refs/heads/} + fi + + case ${BRANCH} in + "main" | "master" ) + BRANCHTAG="${DOCKER_IMAGE}:latest" + ;; + "develop" ) + BRANCHTAG="${DOCKER_IMAGE}:develop" + ;; + * ) + if [ -n "${{ secrets.LATEST }}" ] ; then + if [ "${BRANCHTAG}" = "${{ secrets.LATEST }}" ]; then + BRANCHTAG="${DOCKER_IMAGE}:${BRANCH},${DOCKER_IMAGE}:${BRANCH}-latest,${DOCKER_IMAGE}:latest" + else + BRANCHTAG="${DOCKER_IMAGE}:${BRANCH},${DOCKER_IMAGE}:${BRANCH}-latest" + fi + else + BRANCHTAG="${DOCKER_IMAGE}:${BRANCH},${DOCKER_IMAGE}:${BRANCH}-latest" + fi + ;; + esac + fi + + + if [[ $GITHUB_REF == refs/tags/* ]]; then + GITTAG="${DOCKER_IMAGE}:$(echo $GITHUB_REF | sed 's|refs/tags/||g')" + fi + + if [ -n "${BRANCHTAG}" ] && [ -n "${GITTAG}" ]; then + TAGS=${BRANCHTAG},${GITTAG} + else + TAGS="${BRANCHTAG}${GITTAG}" + fi + + echo ::set-output name=tags::${TAGS} + echo ::set-output name=docker_image::${DOCKER_IMAGE} + + - name: Set up QEMU + uses: docker/setup-qemu-action@v1 + with: + platforms: all + + - name: Set up Docker Buildx + id: buildx + uses: docker/setup-buildx-action@v1 + + - name: Login to DockerHub + if: github.event_name != 'pull_request' + uses: docker/login-action@v1 + with: + username: ${{ secrets.DOCKER_USERNAME }} + password: ${{ secrets.DOCKER_PASSWORD }} + + - name: Label + id: Label + run: | + if [ -f "Dockerfile" ] ; then + sed -i "/FROM .*/a LABEL tiredofit.image.git_repository=\"https://github.com/${GITHUB_REPOSITORY}\"" Dockerfile + sed -i "/FROM .*/a LABEL tiredofit.image.git_commit=\"${GITHUB_SHA}\"" Dockerfile + sed -i "/FROM .*/a LABEL tiredofit.image.git_committed_by=\"${GITHUB_ACTOR}\"" Dockerfile + sed -i "/FROM .*/a LABEL tiredofit.image.image_build_date=\"$(date +'%Y-%m-%d %H:%M:%S')\"" Dockerfile + if [ -f "CHANGELOG.md" ] ; then + sed -i "/FROM .*/a LABEL tiredofit.image.git_changelog_version=\"$(head -n1 ./CHANGELOG.md | awk '{print $2}')\"" Dockerfile + fi + + if [[ $GITHUB_REF == refs/tags/* ]]; then + sed -i "/FROM .*/a LABEL tiredofit.image.git_tag=\"${GITHUB_REF#refs/tags/v}\"" Dockerfile + fi + + if [[ $GITHUB_REF == refs/heads/* ]]; then + sed -i "/FROM .*/a LABEL tiredofit.image.git_branch=\"${GITHUB_REF#refs/heads/}\"" Dockerfile + fi + fi + + - name: Build + uses: docker/build-push-action@v2 + with: + builder: ${{ steps.buildx.outputs.name }} + context: . + file: ./Dockerfile + platforms: linux/amd64,linux/arm/v6,linux/arm/v7,linux/arm64 + push: true + tags: ${{ steps.prep.outputs.tags }} diff --git a/.github/workflows/manual.yml b/.github/workflows/manual.yml new file mode 100644 index 0000000..98914a1 --- /dev/null +++ b/.github/workflows/manual.yml @@ -0,0 +1,110 @@ +# Manual Workflow (Application) + +name: Manual + +on: + workflow_dispatch: + inputs: + Manual Build: + description: 'Manual Build' + required: false +jobs: + docker: + runs-on: ubuntu-latest + steps: + - name: Checkout + uses: actions/checkout@v2 + + - name: Prepare + id: prep + run: | + DOCKER_IMAGE=${GITHUB_REPOSITORY/docker-/} + set -x + if [[ $GITHUB_REF == refs/heads/* ]]; then + if [[ $GITHUB_REF == refs/heads/*/* ]] ; then + BRANCH="${DOCKER_IMAGE}:$(echo $GITHUB_REF | sed "s|refs/heads/||g" | sed "s|/|-|g")" + else + BRANCH=${GITHUB_REF#refs/heads/} + fi + + case ${BRANCH} in + "main" | "master" ) + BRANCHTAG="${DOCKER_IMAGE}:latest" + ;; + "develop" ) + BRANCHTAG="${DOCKER_IMAGE}:develop" + ;; + * ) + if [ -n "${{ secrets.LATEST }}" ] ; then + if [ "${BRANCHTAG}" = "${{ secrets.LATEST }}" ]; then + BRANCHTAG="${DOCKER_IMAGE}:${BRANCH},${DOCKER_IMAGE}:${BRANCH}-latest,${DOCKER_IMAGE}:latest" + else + BRANCHTAG="${DOCKER_IMAGE}:${BRANCH},${DOCKER_IMAGE}:${BRANCH}-latest" + fi + else + BRANCHTAG="${DOCKER_IMAGE}:${BRANCH},${DOCKER_IMAGE}:${BRANCH}-latest" + fi + ;; + esac + fi + + + if [[ $GITHUB_REF == refs/tags/* ]]; then + GITTAG="${DOCKER_IMAGE}:$(echo $GITHUB_REF | sed 's|refs/tags/||g')" + fi + + if [ -n "${BRANCHTAG}" ] && [ -n "${GITTAG}" ]; then + TAGS=${BRANCHTAG},${GITTAG} + else + TAGS="${BRANCHTAG}${GITTAG}" + fi + + echo ::set-output name=tags::${TAGS} + echo ::set-output name=docker_image::${DOCKER_IMAGE} + + - name: Set up QEMU + uses: docker/setup-qemu-action@v1 + with: + platforms: all + + - name: Set up Docker Buildx + id: buildx + uses: docker/setup-buildx-action@v1 + + - name: Login to DockerHub + if: github.event_name != 'pull_request' + uses: docker/login-action@v1 + with: + username: ${{ secrets.DOCKER_USERNAME }} + password: ${{ secrets.DOCKER_PASSWORD }} + + - name: Label + id: Label + run: | + if [ -f "Dockerfile" ] ; then + sed -i "/FROM .*/a LABEL tiredofit.image.git_repository=\"https://github.com/${GITHUB_REPOSITORY}\"" Dockerfile + sed -i "/FROM .*/a LABEL tiredofit.image.git_commit=\"${GITHUB_SHA}\"" Dockerfile + sed -i "/FROM .*/a LABEL tiredofit.image.git_committed_by=\"${GITHUB_ACTOR}\"" Dockerfile + sed -i "/FROM .*/a LABEL tiredofit.image_build_date=\"$(date +'%Y-%m-%d %H:%M:%S')\"" Dockerfile + if [ -f "CHANGELOG.md" ] ; then + sed -i "/FROM .*/a LABEL tiredofit.image.git_changelog_version=\"$(head -n1 ./CHANGELOG.md | awk '{print $2}')\"" Dockerfile + fi + + if [[ $GITHUB_REF == refs/tags/* ]]; then + sed -i "/FROM .*/a LABEL tiredofit.image.git_tag=\"${GITHUB_REF#refs/tags/v}\"" Dockerfile + fi + + if [[ $GITHUB_REF == refs/heads/* ]]; then + sed -i "/FROM .*/a LABEL tiredofit.image.git_branch=\"${GITHUB_REF#refs/heads/}\"" Dockerfile + fi + fi + + - name: Build + uses: docker/build-push-action@v2 + with: + builder: ${{ steps.buildx.outputs.name }} + context: . + file: ./Dockerfile + platforms: linux/amd64,linux/arm/v6,linux/arm/v7,linux/arm64 + push: true + tags: ${{ steps.prep.outputs.tags }} diff --git a/Dockerfile b/Dockerfile index e324a19..994296d 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,23 +1,24 @@ -FROM tiredofit/ruby:2.6-alpine +FROM tiredofit/nginx:alpine-3.13 LABEL maintainer="Dave Conroy (dave at tiredofit dot ca)" -ENV POSTAL_CONFIG_ROOT=/app/config \ +ENV POSTAL_VERSION=master \ + POSTAL_REPO_URL=https://github.com/postalhq/postal \ + POSTAL_CONFIG_ROOT=/app/config \ ENABLE_SMTP=FALSE \ ZABBIX_HOSTNAME=postal-app RUN set -x && \ -# Create User addgroup -g 2525 postal && \ adduser -S -D -G postal -u 2525 -h /app/ postal && \ \ -# Build Dependencies apk update && \ apk upgrade && \ apk add -t .postal-build-deps \ build-base \ git \ mariadb-dev \ - && \ + ruby-dev \ + && \ \ apk add -t .postal-run-deps \ expect \ @@ -27,10 +28,11 @@ RUN set -x && \ mariadb-client \ mariadb-connector-c \ openssl \ + ruby \ && \ \ ### Fetch Source and install Ruby Dependencies - gem install bundler && \ + gem install bundler -v 1.17.2 && \ gem install procodile && \ git clone https://github.com/postalhq/postal /app/ && \ \ diff --git a/README.md b/README.md index 6769b32..b7ec9cf 100644 --- a/README.md +++ b/README.md @@ -1,6 +1,5 @@ # hub.docker.com/r/tiredofit/postal -[![Build Status](https://img.shields.io/docker/build/tiredofit/postal.svg)](https://hub.docker.com/r/tiredofit/postal) [![Docker Pulls](https://img.shields.io/docker/pulls/tiredofit/postal.svg)](https://hub.docker.com/r/tiredofit/postal) [![Docker Stars](https://img.shields.io/docker/stars/tiredofit/postal.svg)](https://hub.docker.com/r/tiredofit/postal) [![Docker Layers](https://images.microbadger.com/badges/image/tiredofit/postal.svg)] @@ -8,11 +7,12 @@ ## Introduction Dockerfile to build a [Postal](https://github.com/atech/postal) SMTP server for sending and receiving SMTP / HTTP API email. -* This Container uses a [customized Alpine base](https://hub.docker.com/r/tiredofit/debian) which includes [s6 -overlay](https://github.com/just-containers/s6-overlay) enabled for PID 1 Init capabilities, [zabbix-agent](https://zabbix.org) for -individual container monitoring, Cron also installed along with other tools (bash,curl, less, logrotate, nano, vim) for easier -management. +* This Container uses a [customized Alpine base](https://hub.docker.com/r/tiredofit/alpine) which includes [s6 +overlay](https://github.com/just-containers/s6-overlay) enabled for PID 1 Init capabilities, [zabbix-agent](https://zabbix.org) for +individual container monitoring, Cron also installed along with other tools (bash,curl, less, logrotate, nano, vim) for easier +management. +* Contains Fail2Ban for blocking repeat authentication offenders [Changelog](CHANGELOG.md) @@ -24,16 +24,31 @@ management. ## Table of Contents - [Introduction](#introduction) - - [Changelog](CHANGELOG.md) +- [Authors](#authors) +- [Table of Contents](#table-of-contents) - [Prerequisites](#prerequisites) - [Installation](#installation) -- [Quick Start](#quick-start) + - [Quick Start](#quick-start) - [Configuration](#configuration) - - [Data Volumes](#data-volumes) - - [Environment Variables](#environmentvariables) + - [Environment Variables](#environment-variables) + - [Application Settings](#application-settings) + - [DNS Settings](#dns-settings) + - [Security Settings](#security-settings) + - [Performance Settings](#performance-settings) + - [Logging Settings](#logging-settings) + - [Database Settings](#database-settings) + - [Anti Spam Settings](#anti-spam-settings) + - [Anti Virus Settings](#anti-virus-settings) + - [SMTP Settings](#smtp-settings) + - [Client](#client) + - [Server](#server) + - [Management System](#management-system) + - [Relay](#relay) + - [Other Settings](#other-settings) + - [Networking](#networking) - [Maintenance](#maintenance) - - [Shell Access](#shell-access) - - [References](#references) + - [Shell Access](#shell-access) +- [References](#references) ## Prerequisites @@ -44,7 +59,7 @@ management. ## Installation -Automated builds of the image are available on [Docker Hub](https://hub.docker.com/r/tiredofit/postal) and is the recommended method of +Automated builds of the image are available on [Docker Hub](https://hub.docker.com/r/tiredofit/postal) and is the recommended method of installation. @@ -53,11 +68,11 @@ docker pull hub.docker.com/tiredofit/postal:(imagetag) ``` The following image tags are available: -* `latest` - Most recent release of postal w/Alpine Linux 3.11 + Ruby 2.6 +* `latest` - Most recent release of Postal ### Quick Start -* The quickest way to get started is using [docker-compose](https://docs.docker.com/compose/). See the examples folder for a working +* The quickest way to get started is using [docker-compose](https://docs.docker.com/compose/). See the examples folder for a working [docker-compose.yml](examples/docker-compose.yml) that can be modified for development or production use. * Set various [environment variables](#environment-variables) to understand the capabilities of this image. @@ -65,48 +80,151 @@ The following image tags are available: ## Configuration - ### Environment Variables -Along with the Environment Variables from the [Base image](https://hub.docker.com/r/tiredofit/alpine), below is the complete list of +Along with the Environment Variables from the [Base image](https://hub.docker.com/r/tiredofit/alpine), below is the complete list of available options that can be used to customize your installation. -| Parameter | Description | -|-----------|-------------| -| `DB_HOST` | Hostname of MariaDB Container | -| `DB_NAME` | Name of MariaDB Database | -| `DB_USER` | Database Username | -| `DB_PASS` | Password for Above User | -| `DB_PORT` | MariaDB Server Port - Default `3306` -| `DB_ROOT_PASS` | Needed for first boot - Assigns privileges to $DB_USER. MySQL Root Pass | -| `RABBITMQ_HOST` | RabbitMQ Hostname or Container | -| `RABBITMQ_VHOST` | RabbitMQ VHost shard | -| `RABBITMQ_USER` | RabbitMQ Username | -| `RABBITMQ_PASS` | RabbitMQ Password | -| `RABBITMQ_PORT` | RabbitMQ Port - Default `5672` | -| `ENABLE_CLAMAV` | Enable ClamAV `true` or `false` - Default `false` | -| `ENABLE_SPAMASSASSIN` | Enable Spamassassin `true` or `false` - Default `false` | -| `CLAMAV_HOST` | Hostname of Clamd Server | -| `SPAMASSASSIN_HOST` | Hostname of Spamassassin Server | -| `CLAMAV_PORT` | TCP Port of Clamd Server - Default `3310` | -| `SPAMASSASSIN_PORT` | TCP Port of Spamassassin Process - Default `737` | -| `LOG_CONSOLE` | Log to Stdout Console `true` or `false` - Default `true` | -| `WEB_HOST` | Hostname of Webhost for SMTP Invites - Default `postal.example.com` | -| `WEB_PROTOCOL | Protocol of Webhost for SMTP Invites `http` or `https` - Default `http` +#### Application Settings +| Parameter | Description | Default | +| ------------------------- | ---------------------------------------- | ------- | +| `ENABLE_TRACKING` | Enable Click Tracking `true` or `false` | `true` | +| `MAX_DELIVERY_ATTEMPTS` | Maximum Delivery Attempts before failing | `18` | +| `MAX_HOLD_EXPIRY_DAYS` | Maximum Holding days before expiring | `7` | +| `SUPPRESSION_LIST_EXPIRY` | Suppression List expiry in days | `30` | +#### DNS Settings +| Parameter | Description | Default | +| -------------------------- | --------------------------------------------------- | ---------------------- | +| `DNS_HOSTNAME` | Domain Name Mail Server | `example.com` | +| `DNS_MX` | MX Record Hostnames - Seperate multiple with commas | | +| `DNS_SPF` | SPF Hostname | `spf.$DNS_HOSTNAME` | +| `DNS_RETURN_PATH` | Return path Hostname | `rp.$DNS_HOSTNAME` | +| `DNS_ROUTE_DOMAIN` | `Routing Domain` | `routes.$DNS_HOSTNAME` | +| `DNS_TRACK_DOMAIN` | `Tracking Domain` | `track.$DNS_HOSTNAME` | +| `DNS_DKIM_IDENTIFIER` | DKIM Identifier | `postal` | +| `DNS_DOMAIN_VERIFY_PREFIX` | Domain verification prefix | `postal-verification` | +| `DNS_RETURN_PATH_PREFIX` | Custom Return Path Prefix | `psrp` | + +#### Security Settings +| Parameter | Description | Default | +| -------------------- | ------------------------------------------------------- | ------- | +| `ENABLE_FAIL2BAN` | Block hsots that repeatedly fail authentication | `TRUE` | +| `FAIL2BAN_LOG_FILE` | Log Location for Fail2ban `/logs/fail2ban/fail2ban.log` | +| `FAIL2BAN_TIME_FIND` | Track failures for this time period | `10m` | +| `FAIL2BAN_TIME_BAN` | Time to ban repeat offenders | `10m` | +| `FAIL2BAN_MAX_RETRY` | Ban after how many tries during time period | `5` | + + +#### Performance Settings +| Parameter | Description | Default | +| ----------------- | ---------------------------- | ------- | +| `WORKERS_AMOUNT` | Amount of Workers | `1` | +| `WORKERS_THREADS` | Amount of Threads per worker | `4` | + + +#### Logging Settings +| Parameter | Description | Default | +| ------------------ | -------------------------------------------------------- | -------- | +| `LOG_AUTH_FAILURE` | Log Authentication Failures (Used for Fail2ban blocking) | `TRUE` | +| `LOG_CONSOLE` | Log to Stdout Console `true` or `false` | `true` | +| `LOG_LOCATION` | Log Location | `/logs/` | +| `LOG_SIZE_MAX` | Maximum Log Size in KB | `9999` | + +#### Database Settings +| Parameter | Description | Default | +| ---------------- | -------------------------------------------------------------------------------------- | ------- | +| `DB_HOST` | Hostname of MariaDB Container e.g. `postal-db` | | +| `DB_NAME` | Name of MariaDB Database e.g. `postal` | | +| `DB_USER` | Database Username e.g. `postal` | | +| `DB_PASS` | Password for Above User e.g. `password` | | +| `DB_PORT` | MariaDB Server Port | `3306` | +| `DB_ROOT_PASS` | Needed for first boot - Assigns privileges to $DB_USER. This is your MariaDB Root Pass | | +| `RABBITMQ_HOST` | RabbitMQ Hostname or Container | | +| `RABBITMQ_VHOST` | RabbitMQ VHost shard | | +| `RABBITMQ_USER` | RabbitMQ Username | | +| `RABBITMQ_PASS` | RabbitMQ Password | | +| `RABBITMQ_PORT` | RabbitMQ Port | `5672` | + +#### Anti Spam Settings +| Parameter | Description | Default | +| --------------------- | ------------------------------------- | ------- | +| `ENABLE_SPAMASSASSIN` | Enable Spamassassin `true` or `false` | `false` | +| `SPAMASSASSIN_HOST` | Hostname of Spamassassin daemon | | +| `SPAMASSASSIN_PORT` | TCP Port of spamassassin daemon | `737` | + +#### Anti Virus Settings +| Parameter | Description | Default | +| --------------- | ------------------------------- | ------- | +| `ENABLE_CLAMAV` | Enable ClamAV `true` or `false` | `false` | +| `CLAMAV_HOST` | Hostname of Clamd Server | | +| `CLAMAV_PORT` | TCP Port of Clamd Server | `3310` | + +#### SMTP Settings +##### Client +| `SMTP_CLIENT_OPEN_TIMEOUT` | Timeout for an Open Connection in seconds | `30` | +| `SMTP_CLIENT_READ_TIMEOUT` | Timeout for Reading Data in seconds | `60` | + +##### Server +| Parameter | Description | Default | +| ------------------------------------ | -------------------------------------------------- | ----------------- | +| `SMTP_SERVER_ENABLE_TLS` | Enable TLS | `false` | +| `SMTP_SERVER_HELO_HOSTNAME` | What Hostname to send for HELO | `$DNS_HOSTNAME` | +| `SMTP_SERVER_LOG_CONNECTIONS` | Log SMTP Connections | `true` | +| `SMTP_SERVER_MAX_MESSAGE_SIZE` | Max message size in Megabytes | `50` | +| `SMTP_SERVER_PORT` | Listening Port for Postal Main SMTP Server | `25` | +| `SMTP_SERVER_PROXY_PROTOCOL` | Utilize Proxy Protocol | `false` | +| `SMTP_SERVER_SSL_VERSION` | SSL Versions | `SSLv23` | +| `SMTP_SERVER_STRIP_RECEIVED_HEADERS` | Strip Recieved Headers | `false` | +| `SMTP_SERVER_TLS_CERT` | TLS Cert Location (Will authgenerate if not exist) | `/certs/cert.pem` | +| `SMTP_SERVER_TLS_CIPHERS` | TLS Ciphers to use | | +| `SMTP_SERVER_TLS_KEY` | TLS Key Location (Will autogenerate if not exist) | `/certs/key.pem` | + +##### Management System +| Parameter | Description | Default | +| ------------------- | ------------------------------------------------------------------------------ | ----------------------- | +| `SMTP_FROM_ADDRESS` | From Address for Postam Management System | `postal@yourdomain.com` | +| `SMTP_FROM_NAME` | From Name for Postal Management System | `Postal` | +| `SMTP_HOST` | SMTP Server to be used to send messages from Postal Management System to users | `127.0.0.1` | +| `SMTP_PORT` | SMTP Port to be used to send messages from Postal Management System to Users | `25` | +| `SMTP_USER` | Username to authenticate to SMTP Server | | +| `SMTP_PASS` | Password to authenticate to SMTP Server | | +##### Relay +| Parameter | Description | Default | +| --------------------- | -------------------------------------------- | ------- | +| `SMTP_RELAY_HOST` | Relay all outbound messages to this hostname | | +| `SMTP_RELAY_PORT` | SMTP Relay Port | `25` | +| `SMTP_RELAY_SSL_MODE` | Relay SSL / TLS Mode | `Auto` | + +#### Other Settings +| Parameter | Description | Default | +| --------------------------- | ---------------------------------------------------------------------------- | ------------------------ | +| `CONFIG_LOCATION` | Configuration File | `/app/config/postal.yml` | +| `SETUP_TYPE` | Choose `AUTO` or `MANUAL` Setup type - Auto uses these environment variables | `AUTO` | +| `FAST_SERVER_BIND_IP` | Bind IP for the Web Interface | `0.0.0.0` | +| `FAST_SERVER_BIND_PORT_TLS` | Bind Port for the TLS Tracking Service | `8443` | +| `FAST_SERVER_BIND_PORT` | Bind Port for the Tracking Server | `8080` | +| `WEB_BIND_IP` | Bind IP for the Web Interface | `0.0.0.0` | +| `WEB_BIND_PORT` | Bind Port for the Web Interface | `5000` | +| `WEB_HOSTNAME` | Hostname for Web Interface | `postal.example.com` | +| `WEB_MAX_THREADS` | Max Threads for Web Interface | `5` | +| `WEB_PROTOCOL` | Protocol for Web Interface `http` or `https` | `http` | ### Networking -| Port | Description | -|-----------|---------------| -| `25` | SMTP | -| `5000` | Procodile | +| Port | Description | +| ------ | ---------------------- | +| `25` | SMTP | +| `80` | Web Interface | +| `8080` | Fast Server /Tracking | +| `8443` | Fast Server / Tracking | +| `5000` | Puma` | ## Maintenance ### Shell Access -For debugging and maintenance purposes you may want access the containers shell. +For debugging and maintenance purposes you may want access the containers shell. ```bash docker exec -it (whatever your container name is e.g. postal) bash diff --git a/install/assets/defaults/10-postal b/install/assets/defaults/20-postal similarity index 89% rename from install/assets/defaults/10-postal rename to install/assets/defaults/20-postal index 1b241a5..3626ba7 100755 --- a/install/assets/defaults/10-postal +++ b/install/assets/defaults/20-postal @@ -14,6 +14,11 @@ DNS_SPF=${DNS_SPF:-"spf."$DNS_HOSTNAME} DNS_TRACK_DOMAIN=${DNS_TRACK_DOMAIN:-"track."$DNS_HOSTNAME} ENABLE_CLAMAV=${ENABLE_CLAMAV:-false} ENABLE_SPAMASSASSIN=${ENABLE_SPAMASSASSIN:-false} +ENABLE_FAST_SERVER=${ENABLE_FAST_SERVER:-true} +FAST_SERVER_BIND_IP=${FAST_SERVER_BIND_IP:-0.0.0.0} +FAST_SERVER_BIND_PORT=${FAST_SERVER_BIND_PORT:-8080} +FAST_SERVER_BIND_PORT_TLS=${FAST_SERVER_BIND_PORT_TLS:-8443} +FAST_SERVER_ENABLE_PROXY_PROTOCOL=${FAST_SERVER_ENABLE_PROXY_PROTOCOL:-false} LOG_AUTH_FAILURE=${LOG_AUTH_FAILURE:-"TRUE"} LOG_CONSOLE=${LOG_CONSOLE:-true} LOG_LOCATION=${LOG_LOCATION:-"/logs/"} diff --git a/install/assets/functions/10-postal b/install/assets/functions/20-postal similarity index 91% rename from install/assets/functions/10-postal rename to install/assets/functions/20-postal index 7c599d1..4a04642 100755 --- a/install/assets/functions/10-postal +++ b/install/assets/functions/20-postal @@ -193,6 +193,23 @@ configure_logging() { sed -i "s||${LOG_LOCATION}|g" /etc/logrotate.d/postal } +configure_nginx(){ + print_debug "Configuring Nginx" + sed -i "s|server_name localhost|server_name ${WEB_HOST}|g" /etc/nginx/conf.d/default.conf + if var_true "${ENABLE_TRACKING}" ; then + sed -i "s||${NGINX_LISTEN_PORT}|g" /etc/nginx/conf.available/tracking.conf + sed -i "s||${DNS_TRACK_DOMAIN}|g" /etc/nginx/conf.available/tracking.conf + if [ "${FAST_SERVER_BIND_IP}" = "0.0.0.0" ]; then + fast_server_bind_ip="127.0.0.1" + else + fast_server_bind_ip="${FAST_SERVER_BIND_IP}" + fi + sed -i "s||${fast_server_bind_ip}|g" /etc/nginx/conf.available/tracking.conf + sed -i "s||${FAST_SERVER_BIND_PORT}|g" /etc/nginx/conf.available/tracking.conf + ln -s /etc/nginx/conf.available/tracking.conf /etc/nginx/conf.d/ + fi +} + configure_postal() { silent /app/bin/postal initialize-config @@ -223,11 +240,11 @@ general: use_local_ns_for_domains: false fast_server: - enabled: false - bind_address: - port: 80 - ssl_port: 443 - proxy_protocol: false + enabled: ${ENABLE_FAST_SERVER} + bind_address: ${FAST_SERVER_BIND_ADDRESS} + port: ${FAST_SERVER_BIND_PORT} + ssl_port: ${FAST_SERVER_BIND_PORT_TLS} + proxy_protocol: ${FAST_SERVER_ENABLE_PROXY_PROTOCOL} default_private_key_path: # Defaults to config/fast_server.key default_tls_certificate_path: # Defaults to config/fast_server.cert diff --git a/install/etc/cont-init.d/10-postal b/install/etc/cont-init.d/20-postal similarity index 100% rename from install/etc/cont-init.d/10-postal rename to install/etc/cont-init.d/20-postal diff --git a/install/etc/nginx/conf.available/tracking.conf b/install/etc/nginx/conf.available/tracking.conf new file mode 100644 index 0000000..8b88ba2 --- /dev/null +++ b/install/etc/nginx/conf.available/tracking.conf @@ -0,0 +1,21 @@ +server { + ### Don't Touch This + listen ; + server_name ${DNS_TRACK_DOMAIN}; + ### + + ### Populate your custom directives here + + location / { + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header Host $host; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto https; + proxy_pass http://:; + } + + + ### Don't edit past here + include /etc/nginx/nginx.conf.d/site_optimization.conf; + include /etc/nginx/nginx.conf.d/exploit_protection.conf; +} diff --git a/install/etc/nginx/conf.d/default.conf b/install/etc/nginx/conf.d/default.conf new file mode 100644 index 0000000..bf34ff1 --- /dev/null +++ b/install/etc/nginx/conf.d/default.conf @@ -0,0 +1,31 @@ + server { + ### Don't Touch This + listen ; + server_name localhost; + root ; + ### + + ### Populate your custom directives here + index index.html index.htm; + + location / { + client_max_body_size 50M; + try_files $uri $uri/index.html $uri.html @puma; + } + + location /assets { + add_header Cache-Control max-age=3600; + } + + location @puma { + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header Host $host; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto https; + proxy_pass http://127.0.0.1:5000; + } + + ### Don't edit past here + include /etc/nginx/nginx.conf.d/site_optimization.conf; + include /etc/nginx/nginx.conf.d/exploit_protection.conf; +}