databases/dh.pem

This commit is contained in:
Aeris 2018-11-26 22:31:51 +01:00
parent a59784e37e
commit ba11fccaf4
11 changed files with 100 additions and 52 deletions

View file

@ -0,0 +1,11 @@
file_env 'MYSQL_DATABASES'
if [ "$MYSQL_DATABASES" ]; then
for databaseName in $MYSQL_DATABASES; do
echo "CREATE DATABASE IF NOT EXISTS \`$databaseName\` ;" | "${mysql[@]}"
done
fi
if [ "$MYSQL_DATABASES" ]; then
for databaseName in $MYSQL_DATABASES; do
echo "GRANT ALL ON \`$databaseName\`.* TO '$MYSQL_USER'@'%' ;" | "${mysql[@]}"
done
fi

View file

@ -1,7 +1,7 @@
FROM alpine:latest FROM alpine:latest
RUN apk add --no-cache dovecot dovecot-pigeonhole-plugin RUN apk add --no-cache dovecot dovecot-pigeonhole-plugin dovecot-mysql
RUN adduser -u 5000 -g vmail -s /usr/bin/nologin -h /home/vmail -S vmail RUN addgroup -S vmail && adduser -u 5000 -G vmail -s /usr/bin/nologin -h /home/vmail -S vmail
RUN mkdir /etc/dovecot/sieve-filter RUN mkdir /etc/dovecot/sieve-filter
RUN ln -s /usr/bin/vendor_perl/spamc /etc/dovecot/sieve-filter/spamc RUN ln -s /usr/bin/vendor_perl/spamc /etc/dovecot/sieve-filter/spamc
@ -10,7 +10,7 @@ ADD dovecot.conf /etc/dovecot/dovecot.conf
ADD 10-auth.conf /etc/dovecot/conf.d/10-auth.conf ADD 10-auth.conf /etc/dovecot/conf.d/10-auth.conf
ADD 10-master.conf /etc/dovecot/conf.d/10-master.conf ADD 10-master.conf /etc/dovecot/conf.d/10-master.conf
ADD dh.pem /dh.pem
ADD 20-lmtp.conf /etc/dovecot/conf.d/20-lmtp.conf ADD 20-lmtp.conf /etc/dovecot/conf.d/20-lmtp.conf
ADD 90-sieve.conf /etc/dovecot/conf.d/90-sieve.conf ADD 90-sieve.conf /etc/dovecot/conf.d/90-sieve.conf

View file

@ -0,0 +1,13 @@
-----BEGIN DH PARAMETERS-----
MIICCAKCAgEAp8B6nAUjQq4z8Oxx77t29exX+ukVggQJBVlxk3RJJxdZxdaLh9Zy
/Vu+AzrowdhqAjzIOj96r7nS7qK2D6T5FN6OcsQOLCQc1fiP7AuK421IT2ZvFj0B
2nvgT0O06s/yMV0G7wgBb2XbqwCTMHTlukMvHwnmKrEUttZ39tIYWcs/C/i2F4Rs
M/KkAR475gh3tLm89mOe3ROkIs6Z/eWnEWs2+mT6MCfFWSCaY5/aatktt5nKXi1A
LcW0jXug5/i7Ie/LoqjbSSfuuCxaQ8Tm1nQW9Xv7TlwWXD3ccudS6+ggzaX5hPd4
EnX7o6CvgBUZfY1ecb88Id2sm6+WgHaXkEhsv4pDqU5qwbW3aEGR+iSmqW8l9cWE
hPtCiRwM4IJ96pJ1bhwS8pwVO4g7O4vNYl/wsAeWGqY2v1hAdkufUvUk3O7IV7Zb
z1V6XAitG2YWnfOaZlK/XbXmZ7DPRh4L7A8HNswf745jCpHsnk7RnLu3tUTTKshG
Bk9du8bq1Rjexc2IRVDMnxl2HvpSG21qU7VrPNXEpJDADfqbIcwFIajD6FfN7fEN
3H4J3VhYm3lblG5ppx3NogT4rvtMR9wIQAEuHY5GEezZnSAe9AcZLkIeBhXhNZJ0
i2tw3N+k2O0iRYEZs9f0cq/V2F4BUKamilkGEoM7J4CwMvINZoAW1XsCAQI=
-----END DH PARAMETERS-----

View file

@ -9,6 +9,7 @@
#if [ -n "${MAILDOMAIN}" ]; then #if [ -n "${MAILDOMAIN}" ]; then
echo -e "ssl = yes\n \ echo -e "ssl = yes\n \
ssl_dh = </dh.pem\n \
ssl_cert = </certs/${MAILDOMAIN}.crt\n \ ssl_cert = </certs/${MAILDOMAIN}.crt\n \
ssl_key = </certs/${MAILDOMAIN}.key" > /etc/dovecot/conf.d/10-ssl.conf ssl_key = </certs/${MAILDOMAIN}.key" > /etc/dovecot/conf.d/10-ssl.conf
#fi #fi

View file

@ -1,7 +1,7 @@
FROM alpine:latest FROM alpine:latest
RUN adduser -u 5000 -g vmail -s /usr/bin/nologin -h /home/vmail -S vmail RUN adduser -u 5000 -g vmail -s /usr/bin/nologin -h /home/vmail -S vmail
RUN apk add --no-cache postfix ca-certificates RUN apk add --no-cache postfix postfix-mysql ca-certificates
ADD ./main.cf /etc/postfix/main.cf ADD ./main.cf /etc/postfix/main.cf
ADD ./master.cf /etc/postfix/master.cf ADD ./master.cf /etc/postfix/master.cf

View file

@ -79,12 +79,12 @@ virtual_alias_maps = mysql:/etc/postfix/virtual_alias_maps.cf
message_size_limit = 20480000 message_size_limit = 20480000
# Milter setup # Milter setup
smtpd_milters = inet:spam:11332 smtpd_milters = inet:spam:11334
milter_default_action = accept milter_default_action = accept
milter_protocol = 6 milter_protocol = 6
unknown_local_recipient_reject_code = 550 unknown_local_recipient_reject_code = 550
owner_request_special = no owner_request_special = no
transport_maps = hash:/mailman/var/data/postfix_lmtp transport_maps = regexp:/mailman/var/data/postfix_lmtp
local_recipient_maps = hash:/mailman/var/data/postfix_lmtp local_recipient_maps = regexp:/mailman/var/data/postfix_lmtp
relay_domains = hash:/mailman/var/data/postfix_domains relay_domains = regexp:/mailman/var/data/postfix_domains

48
deploy/roles/mailserver/files/smtp/start.sh Executable file → Normal file
View file

@ -1,36 +1,32 @@
#!/bin/sh #!/bin/sh
#if [ -n "${MYORIGIN}" -a -n "${MYHOSTNAME}" ]; then echo "myorigin = ${MYORIGIN}" >> /etc/postfix/main.cf
echo -e "myorigin = ${MYORIGIN}\n \ echo "myhostname = ${MYHOSTNAME}" >> /etc/postfix/main.cf
myhostname = ${MYHOSTNAME} \ echo "smtpd_tls_key_file = /certs/${MYHOSTNAME}.key" >> /etc/postfix/main.cf
smtpd_tls_key_file = /certs/${MYHOSTNAME}.key \ echo "smtpd_tls_cert_file = /certs/${MYHOSTNAME}.crt" >> /etc/postfix/main.cf
smtpd_tls_cert_file=/certs/${MYHOSTNAME}.crt" >> /etc/postfix/main_addendum.cf
#fi
#if [ -n "${DATABASE_USER}" -a -n "${DATBASE_PASSWORD}" -a -n "${DATABASE_NAME}" ]; then echo "user = ${DATABASE_USER}
echo -e "user = ${DATABASE_USER}\n \ password = ${DATABASE_PASSWORD}
password = ${DATABASE_PASSWORD}\n \ hosts = db
hosts = db\n \ dbname = ${DATABASE_NAME}
dbname = ${DATABASE_NAME}\n \ table = alias
table = alias\n \ select_field = goto
select_field = goto\n \
where_field = address" > /etc/postfix/virtual_alias_maps.cf; where_field = address" > /etc/postfix/virtual_alias_maps.cf;
echo -e "user = ${DATABASE_USER}\n \ echo "user = ${DATABASE_USER}
password = ${DATABASE_PASSWORD}\n \ password = ${DATABASE_PASSWORD}
hosts = db\n \ hosts = db
dbname = ${DATABASE_NAME}\n \ dbname = ${DATABASE_NAME}
table = domain\n \ table = domain
select_field = domain\n \ select_field = domain
where_field = domain" > /etc/postfix/virtual_mailbox_domains.cf; where_field = domain" > /etc/postfix/virtual_mailbox_domains.cf;
echo -e "user = ${DATABASE_USER}\n \ echo "user = ${DATABASE_USER}
password = ${DATABASE_PASSWORD}\n \ password = ${DATABASE_PASSWORD}
hosts = db\n \ hosts = db
dbname = ${DATABASE_NAME}\n \ dbname = ${DATABASE_NAME}
table = mailbox\n \ table = mailbox
select_field = maildir\n \ select_field = maildir
where_field = username" > /etc/postfix/virtual_mailbox_maps.cf; where_field = username" > /etc/postfix/virtual_mailbox_maps.cf;
#fi
postfix start-fg postfix start-fg

View file

@ -0,0 +1,7 @@
<?php
$config['imap_conn_options'] = array( 'ssl' => array( 'verify_peer' => false, 'verify_peer_name' => false ), );
$config['smtp_conn_options'] = array('ssl' => array( 'verify_peer' => false, 'verify_peer_name' => false ), );
$rcmail_config['managesieve_port'] = 4190;
$rcmail_config['managesieve_host'] = 'tls://imap';
$config['managesieve_conn_options'] = array( 'ssl' => array( 'verify_peer' => false, 'verify_peer_name' => false ), );

View file

@ -32,6 +32,11 @@
src: smtp src: smtp
dest: "{{ docker_project_folder }}/mailserver" dest: "{{ docker_project_folder }}/mailserver"
- name: Copy webmail Add
copy:
src: webmail
dest: "{{ docker_project_folder }}/mailserver"
- name: make start executable in traefik - name: make start executable in traefik
shell: chmod +x "{{ docker_project_folder }}/mailserver/smtp/start.sh" shell: chmod +x "{{ docker_project_folder }}/mailserver/smtp/start.sh"
@ -51,6 +56,14 @@
- name: make start executable in spam - name: make start executable in spam
shell: chmod +x "{{ docker_project_folder }}/mailserver/spam/start.sh" shell: chmod +x "{{ docker_project_folder }}/mailserver/spam/start.sh"
- name: Copy db
copy:
src: db
dest: "{{ docker_project_folder }}/mailserver"
- name: make start executable in db
shell: chmod +x "{{ docker_project_folder }}/mailserver/db/databases.sh"
- name: Copy traefik - name: Copy traefik
copy: copy:
src: traefik src: traefik

View file

@ -15,10 +15,9 @@ services:
- db:db - db:db
- spam:spam - spam:spam
volumes: volumes:
- ./smtp/main.cf:/etc/postfix/main.cf:ro - {{ docker_data_folder }}/mailserver/mailman/core:/mailman
- ./smtp/master.cf:/etc/postfix/master.cf:ro
- {{ docker_data_folder }}/mailserver/mailman/data:/mailman
- mails:/home/vmail - mails:/home/vmail
- /dev/log:/dev/log
- certs:/certs - certs:/certs
environment: environment:
- DATABASE_USER=mail - DATABASE_USER=mail
@ -42,6 +41,7 @@ services:
expose: expose:
- '24' - '24'
- '8472' - '8472'
- '993'
links: links:
- db - db
- spam - spam
@ -84,15 +84,19 @@ services:
- imap:imap - imap:imap
- smtp:smtp - smtp:smtp
environment: environment:
ROUNDCUBEMAIL_DEFAULT_HOST: imap ROUNDCUBEMAIL_DEFAULT_HOST: "ssl://imap"
ROUNDCUBEMAIL_SMTP_SERVER: smtp ROUNDCUBEMAIL_DEFAULT_PORT: "993"
ROUNDCUBEMAIL_SMTP_SERVER: "tls://smtp"
ROUNDCUBEMAIL_SMTP_PORT: 587
ROUNDCUBEMAIL_PLUGINS: archive,zipdownload,managesieve,password ROUNDCUBEMAIL_PLUGINS: archive,zipdownload,managesieve,password
ROUNDCUBEMAIL_UPLOAD_MAX_FILESIZE: 100M ROUNDCUBEMAIL_UPLOAD_MAX_FILESIZE: 100M
ROUNDCUBEMAIL_DB_TYPE: mysql ROUNDCUBEMAIL_DB_TYPE: mysql
ROUNDCUBEMAIL_DB_HOST: db ROUNDCUBEMAIL_DB_HOST: db
ROUNDCUBEMAIL_DB_USER: mail ROUNDCUBEMAIL_DB_USER: mail
ROUNDCUBEMAIL_DB_PASSWORD: {{ DB_PASSWORD }} ROUNDCUBEMAIL_DB_PASSWORD: {{ DB_PASSWORD }}
ROUNDCUBEMAIL_DB_NAME: postfix ROUNDCUBEMAIL_DB_NAME: roundcube
volumes:
- ./webmail/config.inc.php:/var/roundcube/config/config.inc.php
labels: labels:
- "traefik.frontend.rule=Host:mail.{{ DOMAIN }}" - "traefik.frontend.rule=Host:mail.{{ DOMAIN }}"
- "traefik.port=80" - "traefik.port=80"
@ -125,12 +129,13 @@ services:
restart: always restart: always
environment: environment:
MYSQL_ROOT_PASSWORD: {{ DB_ROOT_PASSWORD }} MYSQL_ROOT_PASSWORD: {{ DB_ROOT_PASSWORD }}
MYSQL_DATABASES: "postfix mailman" MYSQL_DATABASES: "postfix mailman roundcube"
MYSQL_USER: mail MYSQL_USER: mail
MYSQL_PASSWORD: {{ DB_PASSWORD }} MYSQL_PASSWORD: {{ DB_PASSWORD }}
volumes: volumes:
- {{ docker_data_fodler }}:/var/lib/mysql - {{ docker_data_folder }}/mailserver/db:/var/lib/mysql
- ./docker-entrypoint.sh:/docker-entrypoint.sh #- ./docker-entrypoint.sh:/docker-entrypoint.sh
- {{ docker_project_folder }}/mailserver/db:/docker-entrypoint-initdb.d
labels: labels:
- "traefik.enable=false" - "traefik.enable=false"
@ -152,6 +157,10 @@ services:
- DATABASE_TYPE=mysql - DATABASE_TYPE=mysql
- DATABASE_CLASS=mailman.database.mysql.MySQLDatabase - DATABASE_CLASS=mailman.database.mysql.MySQLDatabase
- HYPERKITTY_API_KEY=someapikey - HYPERKITTY_API_KEY=someapikey
- MM_HOSTNAME=mailman-core
- SMTP_PORT=587
- SMTP_HOST=smtp
- MTA=postfix
labels: labels:
- "traefik.enable=false" - "traefik.enable=false"
@ -202,8 +211,6 @@ services:
- "traefik.port=80" - "traefik.port=80"
traefik: traefik:
container_name: traefik container_name: traefik
image: traefik image: traefik

View file

@ -1,7 +1,7 @@
--- ---
become_method: sudo become_method: sudo
ansible_ask_become_pass: yes ansible_ask_become_pass: yes
docker_data_folder: /data_ansible docker_data_folder: /data_test
docker_project_folder: /var/docker docker_project_folder: /var/docker
DOMAIN: creditcards.bayern DOMAIN: creditcards.bayern