databases/dh.pem
This commit is contained in:
parent
a59784e37e
commit
ba11fccaf4
11
deploy/roles/mailserver/files/db/databases.sh
Executable file
11
deploy/roles/mailserver/files/db/databases.sh
Executable file
|
@ -0,0 +1,11 @@
|
||||||
|
file_env 'MYSQL_DATABASES'
|
||||||
|
if [ "$MYSQL_DATABASES" ]; then
|
||||||
|
for databaseName in $MYSQL_DATABASES; do
|
||||||
|
echo "CREATE DATABASE IF NOT EXISTS \`$databaseName\` ;" | "${mysql[@]}"
|
||||||
|
done
|
||||||
|
fi
|
||||||
|
if [ "$MYSQL_DATABASES" ]; then
|
||||||
|
for databaseName in $MYSQL_DATABASES; do
|
||||||
|
echo "GRANT ALL ON \`$databaseName\`.* TO '$MYSQL_USER'@'%' ;" | "${mysql[@]}"
|
||||||
|
done
|
||||||
|
fi
|
|
@ -1,7 +1,7 @@
|
||||||
FROM alpine:latest
|
FROM alpine:latest
|
||||||
RUN apk add --no-cache dovecot dovecot-pigeonhole-plugin
|
RUN apk add --no-cache dovecot dovecot-pigeonhole-plugin dovecot-mysql
|
||||||
|
|
||||||
RUN adduser -u 5000 -g vmail -s /usr/bin/nologin -h /home/vmail -S vmail
|
RUN addgroup -S vmail && adduser -u 5000 -G vmail -s /usr/bin/nologin -h /home/vmail -S vmail
|
||||||
|
|
||||||
RUN mkdir /etc/dovecot/sieve-filter
|
RUN mkdir /etc/dovecot/sieve-filter
|
||||||
RUN ln -s /usr/bin/vendor_perl/spamc /etc/dovecot/sieve-filter/spamc
|
RUN ln -s /usr/bin/vendor_perl/spamc /etc/dovecot/sieve-filter/spamc
|
||||||
|
@ -10,7 +10,7 @@ ADD dovecot.conf /etc/dovecot/dovecot.conf
|
||||||
ADD 10-auth.conf /etc/dovecot/conf.d/10-auth.conf
|
ADD 10-auth.conf /etc/dovecot/conf.d/10-auth.conf
|
||||||
ADD 10-master.conf /etc/dovecot/conf.d/10-master.conf
|
ADD 10-master.conf /etc/dovecot/conf.d/10-master.conf
|
||||||
|
|
||||||
|
ADD dh.pem /dh.pem
|
||||||
ADD 20-lmtp.conf /etc/dovecot/conf.d/20-lmtp.conf
|
ADD 20-lmtp.conf /etc/dovecot/conf.d/20-lmtp.conf
|
||||||
ADD 90-sieve.conf /etc/dovecot/conf.d/90-sieve.conf
|
ADD 90-sieve.conf /etc/dovecot/conf.d/90-sieve.conf
|
||||||
|
|
||||||
|
|
13
deploy/roles/mailserver/files/imap/dh.pem
Normal file
13
deploy/roles/mailserver/files/imap/dh.pem
Normal file
|
@ -0,0 +1,13 @@
|
||||||
|
-----BEGIN DH PARAMETERS-----
|
||||||
|
MIICCAKCAgEAp8B6nAUjQq4z8Oxx77t29exX+ukVggQJBVlxk3RJJxdZxdaLh9Zy
|
||||||
|
/Vu+AzrowdhqAjzIOj96r7nS7qK2D6T5FN6OcsQOLCQc1fiP7AuK421IT2ZvFj0B
|
||||||
|
2nvgT0O06s/yMV0G7wgBb2XbqwCTMHTlukMvHwnmKrEUttZ39tIYWcs/C/i2F4Rs
|
||||||
|
M/KkAR475gh3tLm89mOe3ROkIs6Z/eWnEWs2+mT6MCfFWSCaY5/aatktt5nKXi1A
|
||||||
|
LcW0jXug5/i7Ie/LoqjbSSfuuCxaQ8Tm1nQW9Xv7TlwWXD3ccudS6+ggzaX5hPd4
|
||||||
|
EnX7o6CvgBUZfY1ecb88Id2sm6+WgHaXkEhsv4pDqU5qwbW3aEGR+iSmqW8l9cWE
|
||||||
|
hPtCiRwM4IJ96pJ1bhwS8pwVO4g7O4vNYl/wsAeWGqY2v1hAdkufUvUk3O7IV7Zb
|
||||||
|
z1V6XAitG2YWnfOaZlK/XbXmZ7DPRh4L7A8HNswf745jCpHsnk7RnLu3tUTTKshG
|
||||||
|
Bk9du8bq1Rjexc2IRVDMnxl2HvpSG21qU7VrPNXEpJDADfqbIcwFIajD6FfN7fEN
|
||||||
|
3H4J3VhYm3lblG5ppx3NogT4rvtMR9wIQAEuHY5GEezZnSAe9AcZLkIeBhXhNZJ0
|
||||||
|
i2tw3N+k2O0iRYEZs9f0cq/V2F4BUKamilkGEoM7J4CwMvINZoAW1XsCAQI=
|
||||||
|
-----END DH PARAMETERS-----
|
|
@ -9,6 +9,7 @@
|
||||||
|
|
||||||
#if [ -n "${MAILDOMAIN}" ]; then
|
#if [ -n "${MAILDOMAIN}" ]; then
|
||||||
echo -e "ssl = yes\n \
|
echo -e "ssl = yes\n \
|
||||||
|
ssl_dh = </dh.pem\n \
|
||||||
ssl_cert = </certs/${MAILDOMAIN}.crt\n \
|
ssl_cert = </certs/${MAILDOMAIN}.crt\n \
|
||||||
ssl_key = </certs/${MAILDOMAIN}.key" > /etc/dovecot/conf.d/10-ssl.conf
|
ssl_key = </certs/${MAILDOMAIN}.key" > /etc/dovecot/conf.d/10-ssl.conf
|
||||||
#fi
|
#fi
|
||||||
|
|
|
@ -1,7 +1,7 @@
|
||||||
FROM alpine:latest
|
FROM alpine:latest
|
||||||
|
|
||||||
RUN adduser -u 5000 -g vmail -s /usr/bin/nologin -h /home/vmail -S vmail
|
RUN adduser -u 5000 -g vmail -s /usr/bin/nologin -h /home/vmail -S vmail
|
||||||
RUN apk add --no-cache postfix ca-certificates
|
RUN apk add --no-cache postfix postfix-mysql ca-certificates
|
||||||
|
|
||||||
ADD ./main.cf /etc/postfix/main.cf
|
ADD ./main.cf /etc/postfix/main.cf
|
||||||
ADD ./master.cf /etc/postfix/master.cf
|
ADD ./master.cf /etc/postfix/master.cf
|
||||||
|
|
|
@ -79,12 +79,12 @@ virtual_alias_maps = mysql:/etc/postfix/virtual_alias_maps.cf
|
||||||
message_size_limit = 20480000
|
message_size_limit = 20480000
|
||||||
|
|
||||||
# Milter setup
|
# Milter setup
|
||||||
smtpd_milters = inet:spam:11332
|
smtpd_milters = inet:spam:11334
|
||||||
milter_default_action = accept
|
milter_default_action = accept
|
||||||
milter_protocol = 6
|
milter_protocol = 6
|
||||||
|
|
||||||
unknown_local_recipient_reject_code = 550
|
unknown_local_recipient_reject_code = 550
|
||||||
owner_request_special = no
|
owner_request_special = no
|
||||||
transport_maps = hash:/mailman/var/data/postfix_lmtp
|
transport_maps = regexp:/mailman/var/data/postfix_lmtp
|
||||||
local_recipient_maps = hash:/mailman/var/data/postfix_lmtp
|
local_recipient_maps = regexp:/mailman/var/data/postfix_lmtp
|
||||||
relay_domains = hash:/mailman/var/data/postfix_domains
|
relay_domains = regexp:/mailman/var/data/postfix_domains
|
||||||
|
|
48
deploy/roles/mailserver/files/smtp/start.sh
Executable file → Normal file
48
deploy/roles/mailserver/files/smtp/start.sh
Executable file → Normal file
|
@ -1,36 +1,32 @@
|
||||||
#!/bin/sh
|
#!/bin/sh
|
||||||
|
|
||||||
#if [ -n "${MYORIGIN}" -a -n "${MYHOSTNAME}" ]; then
|
echo "myorigin = ${MYORIGIN}" >> /etc/postfix/main.cf
|
||||||
echo -e "myorigin = ${MYORIGIN}\n \
|
echo "myhostname = ${MYHOSTNAME}" >> /etc/postfix/main.cf
|
||||||
myhostname = ${MYHOSTNAME} \
|
echo "smtpd_tls_key_file = /certs/${MYHOSTNAME}.key" >> /etc/postfix/main.cf
|
||||||
smtpd_tls_key_file = /certs/${MYHOSTNAME}.key \
|
echo "smtpd_tls_cert_file = /certs/${MYHOSTNAME}.crt" >> /etc/postfix/main.cf
|
||||||
smtpd_tls_cert_file=/certs/${MYHOSTNAME}.crt" >> /etc/postfix/main_addendum.cf
|
|
||||||
#fi
|
|
||||||
|
|
||||||
#if [ -n "${DATABASE_USER}" -a -n "${DATBASE_PASSWORD}" -a -n "${DATABASE_NAME}" ]; then
|
echo "user = ${DATABASE_USER}
|
||||||
echo -e "user = ${DATABASE_USER}\n \
|
password = ${DATABASE_PASSWORD}
|
||||||
password = ${DATABASE_PASSWORD}\n \
|
hosts = db
|
||||||
hosts = db\n \
|
dbname = ${DATABASE_NAME}
|
||||||
dbname = ${DATABASE_NAME}\n \
|
table = alias
|
||||||
table = alias\n \
|
select_field = goto
|
||||||
select_field = goto\n \
|
|
||||||
where_field = address" > /etc/postfix/virtual_alias_maps.cf;
|
where_field = address" > /etc/postfix/virtual_alias_maps.cf;
|
||||||
|
|
||||||
echo -e "user = ${DATABASE_USER}\n \
|
echo "user = ${DATABASE_USER}
|
||||||
password = ${DATABASE_PASSWORD}\n \
|
password = ${DATABASE_PASSWORD}
|
||||||
hosts = db\n \
|
hosts = db
|
||||||
dbname = ${DATABASE_NAME}\n \
|
dbname = ${DATABASE_NAME}
|
||||||
table = domain\n \
|
table = domain
|
||||||
select_field = domain\n \
|
select_field = domain
|
||||||
where_field = domain" > /etc/postfix/virtual_mailbox_domains.cf;
|
where_field = domain" > /etc/postfix/virtual_mailbox_domains.cf;
|
||||||
|
|
||||||
echo -e "user = ${DATABASE_USER}\n \
|
echo "user = ${DATABASE_USER}
|
||||||
password = ${DATABASE_PASSWORD}\n \
|
password = ${DATABASE_PASSWORD}
|
||||||
hosts = db\n \
|
hosts = db
|
||||||
dbname = ${DATABASE_NAME}\n \
|
dbname = ${DATABASE_NAME}
|
||||||
table = mailbox\n \
|
table = mailbox
|
||||||
select_field = maildir\n \
|
select_field = maildir
|
||||||
where_field = username" > /etc/postfix/virtual_mailbox_maps.cf;
|
where_field = username" > /etc/postfix/virtual_mailbox_maps.cf;
|
||||||
#fi
|
|
||||||
|
|
||||||
postfix start-fg
|
postfix start-fg
|
||||||
|
|
7
deploy/roles/mailserver/files/webmail/config.inc.php
Normal file
7
deploy/roles/mailserver/files/webmail/config.inc.php
Normal file
|
@ -0,0 +1,7 @@
|
||||||
|
<?php
|
||||||
|
|
||||||
|
$config['imap_conn_options'] = array( 'ssl' => array( 'verify_peer' => false, 'verify_peer_name' => false ), );
|
||||||
|
$config['smtp_conn_options'] = array('ssl' => array( 'verify_peer' => false, 'verify_peer_name' => false ), );
|
||||||
|
$rcmail_config['managesieve_port'] = 4190;
|
||||||
|
$rcmail_config['managesieve_host'] = 'tls://imap';
|
||||||
|
$config['managesieve_conn_options'] = array( 'ssl' => array( 'verify_peer' => false, 'verify_peer_name' => false ), );
|
|
@ -32,6 +32,11 @@
|
||||||
src: smtp
|
src: smtp
|
||||||
dest: "{{ docker_project_folder }}/mailserver"
|
dest: "{{ docker_project_folder }}/mailserver"
|
||||||
|
|
||||||
|
- name: Copy webmail Add
|
||||||
|
copy:
|
||||||
|
src: webmail
|
||||||
|
dest: "{{ docker_project_folder }}/mailserver"
|
||||||
|
|
||||||
- name: make start executable in traefik
|
- name: make start executable in traefik
|
||||||
shell: chmod +x "{{ docker_project_folder }}/mailserver/smtp/start.sh"
|
shell: chmod +x "{{ docker_project_folder }}/mailserver/smtp/start.sh"
|
||||||
|
|
||||||
|
@ -51,6 +56,14 @@
|
||||||
- name: make start executable in spam
|
- name: make start executable in spam
|
||||||
shell: chmod +x "{{ docker_project_folder }}/mailserver/spam/start.sh"
|
shell: chmod +x "{{ docker_project_folder }}/mailserver/spam/start.sh"
|
||||||
|
|
||||||
|
- name: Copy db
|
||||||
|
copy:
|
||||||
|
src: db
|
||||||
|
dest: "{{ docker_project_folder }}/mailserver"
|
||||||
|
|
||||||
|
- name: make start executable in db
|
||||||
|
shell: chmod +x "{{ docker_project_folder }}/mailserver/db/databases.sh"
|
||||||
|
|
||||||
- name: Copy traefik
|
- name: Copy traefik
|
||||||
copy:
|
copy:
|
||||||
src: traefik
|
src: traefik
|
||||||
|
|
|
@ -15,10 +15,9 @@ services:
|
||||||
- db:db
|
- db:db
|
||||||
- spam:spam
|
- spam:spam
|
||||||
volumes:
|
volumes:
|
||||||
- ./smtp/main.cf:/etc/postfix/main.cf:ro
|
- {{ docker_data_folder }}/mailserver/mailman/core:/mailman
|
||||||
- ./smtp/master.cf:/etc/postfix/master.cf:ro
|
|
||||||
- {{ docker_data_folder }}/mailserver/mailman/data:/mailman
|
|
||||||
- mails:/home/vmail
|
- mails:/home/vmail
|
||||||
|
- /dev/log:/dev/log
|
||||||
- certs:/certs
|
- certs:/certs
|
||||||
environment:
|
environment:
|
||||||
- DATABASE_USER=mail
|
- DATABASE_USER=mail
|
||||||
|
@ -42,6 +41,7 @@ services:
|
||||||
expose:
|
expose:
|
||||||
- '24'
|
- '24'
|
||||||
- '8472'
|
- '8472'
|
||||||
|
- '993'
|
||||||
links:
|
links:
|
||||||
- db
|
- db
|
||||||
- spam
|
- spam
|
||||||
|
@ -84,15 +84,19 @@ services:
|
||||||
- imap:imap
|
- imap:imap
|
||||||
- smtp:smtp
|
- smtp:smtp
|
||||||
environment:
|
environment:
|
||||||
ROUNDCUBEMAIL_DEFAULT_HOST: imap
|
ROUNDCUBEMAIL_DEFAULT_HOST: "ssl://imap"
|
||||||
ROUNDCUBEMAIL_SMTP_SERVER: smtp
|
ROUNDCUBEMAIL_DEFAULT_PORT: "993"
|
||||||
|
ROUNDCUBEMAIL_SMTP_SERVER: "tls://smtp"
|
||||||
|
ROUNDCUBEMAIL_SMTP_PORT: 587
|
||||||
ROUNDCUBEMAIL_PLUGINS: archive,zipdownload,managesieve,password
|
ROUNDCUBEMAIL_PLUGINS: archive,zipdownload,managesieve,password
|
||||||
ROUNDCUBEMAIL_UPLOAD_MAX_FILESIZE: 100M
|
ROUNDCUBEMAIL_UPLOAD_MAX_FILESIZE: 100M
|
||||||
ROUNDCUBEMAIL_DB_TYPE: mysql
|
ROUNDCUBEMAIL_DB_TYPE: mysql
|
||||||
ROUNDCUBEMAIL_DB_HOST: db
|
ROUNDCUBEMAIL_DB_HOST: db
|
||||||
ROUNDCUBEMAIL_DB_USER: mail
|
ROUNDCUBEMAIL_DB_USER: mail
|
||||||
ROUNDCUBEMAIL_DB_PASSWORD: {{ DB_PASSWORD }}
|
ROUNDCUBEMAIL_DB_PASSWORD: {{ DB_PASSWORD }}
|
||||||
ROUNDCUBEMAIL_DB_NAME: postfix
|
ROUNDCUBEMAIL_DB_NAME: roundcube
|
||||||
|
volumes:
|
||||||
|
- ./webmail/config.inc.php:/var/roundcube/config/config.inc.php
|
||||||
labels:
|
labels:
|
||||||
- "traefik.frontend.rule=Host:mail.{{ DOMAIN }}"
|
- "traefik.frontend.rule=Host:mail.{{ DOMAIN }}"
|
||||||
- "traefik.port=80"
|
- "traefik.port=80"
|
||||||
|
@ -125,12 +129,13 @@ services:
|
||||||
restart: always
|
restart: always
|
||||||
environment:
|
environment:
|
||||||
MYSQL_ROOT_PASSWORD: {{ DB_ROOT_PASSWORD }}
|
MYSQL_ROOT_PASSWORD: {{ DB_ROOT_PASSWORD }}
|
||||||
MYSQL_DATABASES: "postfix mailman"
|
MYSQL_DATABASES: "postfix mailman roundcube"
|
||||||
MYSQL_USER: mail
|
MYSQL_USER: mail
|
||||||
MYSQL_PASSWORD: {{ DB_PASSWORD }}
|
MYSQL_PASSWORD: {{ DB_PASSWORD }}
|
||||||
volumes:
|
volumes:
|
||||||
- {{ docker_data_fodler }}:/var/lib/mysql
|
- {{ docker_data_folder }}/mailserver/db:/var/lib/mysql
|
||||||
- ./docker-entrypoint.sh:/docker-entrypoint.sh
|
#- ./docker-entrypoint.sh:/docker-entrypoint.sh
|
||||||
|
- {{ docker_project_folder }}/mailserver/db:/docker-entrypoint-initdb.d
|
||||||
labels:
|
labels:
|
||||||
- "traefik.enable=false"
|
- "traefik.enable=false"
|
||||||
|
|
||||||
|
@ -152,6 +157,10 @@ services:
|
||||||
- DATABASE_TYPE=mysql
|
- DATABASE_TYPE=mysql
|
||||||
- DATABASE_CLASS=mailman.database.mysql.MySQLDatabase
|
- DATABASE_CLASS=mailman.database.mysql.MySQLDatabase
|
||||||
- HYPERKITTY_API_KEY=someapikey
|
- HYPERKITTY_API_KEY=someapikey
|
||||||
|
- MM_HOSTNAME=mailman-core
|
||||||
|
- SMTP_PORT=587
|
||||||
|
- SMTP_HOST=smtp
|
||||||
|
- MTA=postfix
|
||||||
labels:
|
labels:
|
||||||
- "traefik.enable=false"
|
- "traefik.enable=false"
|
||||||
|
|
||||||
|
@ -202,8 +211,6 @@ services:
|
||||||
- "traefik.port=80"
|
- "traefik.port=80"
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
traefik:
|
traefik:
|
||||||
container_name: traefik
|
container_name: traefik
|
||||||
image: traefik
|
image: traefik
|
||||||
|
|
|
@ -1,7 +1,7 @@
|
||||||
---
|
---
|
||||||
become_method: sudo
|
become_method: sudo
|
||||||
ansible_ask_become_pass: yes
|
ansible_ask_become_pass: yes
|
||||||
docker_data_folder: /data_ansible
|
docker_data_folder: /data_test
|
||||||
docker_project_folder: /var/docker
|
docker_project_folder: /var/docker
|
||||||
DOMAIN: creditcards.bayern
|
DOMAIN: creditcards.bayern
|
||||||
|
|
||||||
|
|
Loading…
Reference in a new issue