databases/dh.pem
This commit is contained in:
parent
a59784e37e
commit
ba11fccaf4
11
deploy/roles/mailserver/files/db/databases.sh
Executable file
11
deploy/roles/mailserver/files/db/databases.sh
Executable file
|
@ -0,0 +1,11 @@
|
|||
file_env 'MYSQL_DATABASES'
|
||||
if [ "$MYSQL_DATABASES" ]; then
|
||||
for databaseName in $MYSQL_DATABASES; do
|
||||
echo "CREATE DATABASE IF NOT EXISTS \`$databaseName\` ;" | "${mysql[@]}"
|
||||
done
|
||||
fi
|
||||
if [ "$MYSQL_DATABASES" ]; then
|
||||
for databaseName in $MYSQL_DATABASES; do
|
||||
echo "GRANT ALL ON \`$databaseName\`.* TO '$MYSQL_USER'@'%' ;" | "${mysql[@]}"
|
||||
done
|
||||
fi
|
|
@ -1,7 +1,7 @@
|
|||
FROM alpine:latest
|
||||
RUN apk add --no-cache dovecot dovecot-pigeonhole-plugin
|
||||
RUN apk add --no-cache dovecot dovecot-pigeonhole-plugin dovecot-mysql
|
||||
|
||||
RUN adduser -u 5000 -g vmail -s /usr/bin/nologin -h /home/vmail -S vmail
|
||||
RUN addgroup -S vmail && adduser -u 5000 -G vmail -s /usr/bin/nologin -h /home/vmail -S vmail
|
||||
|
||||
RUN mkdir /etc/dovecot/sieve-filter
|
||||
RUN ln -s /usr/bin/vendor_perl/spamc /etc/dovecot/sieve-filter/spamc
|
||||
|
@ -10,7 +10,7 @@ ADD dovecot.conf /etc/dovecot/dovecot.conf
|
|||
ADD 10-auth.conf /etc/dovecot/conf.d/10-auth.conf
|
||||
ADD 10-master.conf /etc/dovecot/conf.d/10-master.conf
|
||||
|
||||
|
||||
ADD dh.pem /dh.pem
|
||||
ADD 20-lmtp.conf /etc/dovecot/conf.d/20-lmtp.conf
|
||||
ADD 90-sieve.conf /etc/dovecot/conf.d/90-sieve.conf
|
||||
|
||||
|
|
13
deploy/roles/mailserver/files/imap/dh.pem
Normal file
13
deploy/roles/mailserver/files/imap/dh.pem
Normal file
|
@ -0,0 +1,13 @@
|
|||
-----BEGIN DH PARAMETERS-----
|
||||
MIICCAKCAgEAp8B6nAUjQq4z8Oxx77t29exX+ukVggQJBVlxk3RJJxdZxdaLh9Zy
|
||||
/Vu+AzrowdhqAjzIOj96r7nS7qK2D6T5FN6OcsQOLCQc1fiP7AuK421IT2ZvFj0B
|
||||
2nvgT0O06s/yMV0G7wgBb2XbqwCTMHTlukMvHwnmKrEUttZ39tIYWcs/C/i2F4Rs
|
||||
M/KkAR475gh3tLm89mOe3ROkIs6Z/eWnEWs2+mT6MCfFWSCaY5/aatktt5nKXi1A
|
||||
LcW0jXug5/i7Ie/LoqjbSSfuuCxaQ8Tm1nQW9Xv7TlwWXD3ccudS6+ggzaX5hPd4
|
||||
EnX7o6CvgBUZfY1ecb88Id2sm6+WgHaXkEhsv4pDqU5qwbW3aEGR+iSmqW8l9cWE
|
||||
hPtCiRwM4IJ96pJ1bhwS8pwVO4g7O4vNYl/wsAeWGqY2v1hAdkufUvUk3O7IV7Zb
|
||||
z1V6XAitG2YWnfOaZlK/XbXmZ7DPRh4L7A8HNswf745jCpHsnk7RnLu3tUTTKshG
|
||||
Bk9du8bq1Rjexc2IRVDMnxl2HvpSG21qU7VrPNXEpJDADfqbIcwFIajD6FfN7fEN
|
||||
3H4J3VhYm3lblG5ppx3NogT4rvtMR9wIQAEuHY5GEezZnSAe9AcZLkIeBhXhNZJ0
|
||||
i2tw3N+k2O0iRYEZs9f0cq/V2F4BUKamilkGEoM7J4CwMvINZoAW1XsCAQI=
|
||||
-----END DH PARAMETERS-----
|
|
@ -9,6 +9,7 @@
|
|||
|
||||
#if [ -n "${MAILDOMAIN}" ]; then
|
||||
echo -e "ssl = yes\n \
|
||||
ssl_dh = </dh.pem\n \
|
||||
ssl_cert = </certs/${MAILDOMAIN}.crt\n \
|
||||
ssl_key = </certs/${MAILDOMAIN}.key" > /etc/dovecot/conf.d/10-ssl.conf
|
||||
#fi
|
||||
|
|
|
@ -1,7 +1,7 @@
|
|||
FROM alpine:latest
|
||||
|
||||
RUN adduser -u 5000 -g vmail -s /usr/bin/nologin -h /home/vmail -S vmail
|
||||
RUN apk add --no-cache postfix ca-certificates
|
||||
RUN apk add --no-cache postfix postfix-mysql ca-certificates
|
||||
|
||||
ADD ./main.cf /etc/postfix/main.cf
|
||||
ADD ./master.cf /etc/postfix/master.cf
|
||||
|
|
|
@ -79,12 +79,12 @@ virtual_alias_maps = mysql:/etc/postfix/virtual_alias_maps.cf
|
|||
message_size_limit = 20480000
|
||||
|
||||
# Milter setup
|
||||
smtpd_milters = inet:spam:11332
|
||||
smtpd_milters = inet:spam:11334
|
||||
milter_default_action = accept
|
||||
milter_protocol = 6
|
||||
|
||||
unknown_local_recipient_reject_code = 550
|
||||
owner_request_special = no
|
||||
transport_maps = hash:/mailman/var/data/postfix_lmtp
|
||||
local_recipient_maps = hash:/mailman/var/data/postfix_lmtp
|
||||
relay_domains = hash:/mailman/var/data/postfix_domains
|
||||
transport_maps = regexp:/mailman/var/data/postfix_lmtp
|
||||
local_recipient_maps = regexp:/mailman/var/data/postfix_lmtp
|
||||
relay_domains = regexp:/mailman/var/data/postfix_domains
|
||||
|
|
48
deploy/roles/mailserver/files/smtp/start.sh
Executable file → Normal file
48
deploy/roles/mailserver/files/smtp/start.sh
Executable file → Normal file
|
@ -1,36 +1,32 @@
|
|||
#!/bin/sh
|
||||
|
||||
#if [ -n "${MYORIGIN}" -a -n "${MYHOSTNAME}" ]; then
|
||||
echo -e "myorigin = ${MYORIGIN}\n \
|
||||
myhostname = ${MYHOSTNAME} \
|
||||
smtpd_tls_key_file = /certs/${MYHOSTNAME}.key \
|
||||
smtpd_tls_cert_file=/certs/${MYHOSTNAME}.crt" >> /etc/postfix/main_addendum.cf
|
||||
#fi
|
||||
echo "myorigin = ${MYORIGIN}" >> /etc/postfix/main.cf
|
||||
echo "myhostname = ${MYHOSTNAME}" >> /etc/postfix/main.cf
|
||||
echo "smtpd_tls_key_file = /certs/${MYHOSTNAME}.key" >> /etc/postfix/main.cf
|
||||
echo "smtpd_tls_cert_file = /certs/${MYHOSTNAME}.crt" >> /etc/postfix/main.cf
|
||||
|
||||
#if [ -n "${DATABASE_USER}" -a -n "${DATBASE_PASSWORD}" -a -n "${DATABASE_NAME}" ]; then
|
||||
echo -e "user = ${DATABASE_USER}\n \
|
||||
password = ${DATABASE_PASSWORD}\n \
|
||||
hosts = db\n \
|
||||
dbname = ${DATABASE_NAME}\n \
|
||||
table = alias\n \
|
||||
select_field = goto\n \
|
||||
echo "user = ${DATABASE_USER}
|
||||
password = ${DATABASE_PASSWORD}
|
||||
hosts = db
|
||||
dbname = ${DATABASE_NAME}
|
||||
table = alias
|
||||
select_field = goto
|
||||
where_field = address" > /etc/postfix/virtual_alias_maps.cf;
|
||||
|
||||
echo -e "user = ${DATABASE_USER}\n \
|
||||
password = ${DATABASE_PASSWORD}\n \
|
||||
hosts = db\n \
|
||||
dbname = ${DATABASE_NAME}\n \
|
||||
table = domain\n \
|
||||
select_field = domain\n \
|
||||
echo "user = ${DATABASE_USER}
|
||||
password = ${DATABASE_PASSWORD}
|
||||
hosts = db
|
||||
dbname = ${DATABASE_NAME}
|
||||
table = domain
|
||||
select_field = domain
|
||||
where_field = domain" > /etc/postfix/virtual_mailbox_domains.cf;
|
||||
|
||||
echo -e "user = ${DATABASE_USER}\n \
|
||||
password = ${DATABASE_PASSWORD}\n \
|
||||
hosts = db\n \
|
||||
dbname = ${DATABASE_NAME}\n \
|
||||
table = mailbox\n \
|
||||
select_field = maildir\n \
|
||||
echo "user = ${DATABASE_USER}
|
||||
password = ${DATABASE_PASSWORD}
|
||||
hosts = db
|
||||
dbname = ${DATABASE_NAME}
|
||||
table = mailbox
|
||||
select_field = maildir
|
||||
where_field = username" > /etc/postfix/virtual_mailbox_maps.cf;
|
||||
#fi
|
||||
|
||||
postfix start-fg
|
||||
|
|
7
deploy/roles/mailserver/files/webmail/config.inc.php
Normal file
7
deploy/roles/mailserver/files/webmail/config.inc.php
Normal file
|
@ -0,0 +1,7 @@
|
|||
<?php
|
||||
|
||||
$config['imap_conn_options'] = array( 'ssl' => array( 'verify_peer' => false, 'verify_peer_name' => false ), );
|
||||
$config['smtp_conn_options'] = array('ssl' => array( 'verify_peer' => false, 'verify_peer_name' => false ), );
|
||||
$rcmail_config['managesieve_port'] = 4190;
|
||||
$rcmail_config['managesieve_host'] = 'tls://imap';
|
||||
$config['managesieve_conn_options'] = array( 'ssl' => array( 'verify_peer' => false, 'verify_peer_name' => false ), );
|
|
@ -32,6 +32,11 @@
|
|||
src: smtp
|
||||
dest: "{{ docker_project_folder }}/mailserver"
|
||||
|
||||
- name: Copy webmail Add
|
||||
copy:
|
||||
src: webmail
|
||||
dest: "{{ docker_project_folder }}/mailserver"
|
||||
|
||||
- name: make start executable in traefik
|
||||
shell: chmod +x "{{ docker_project_folder }}/mailserver/smtp/start.sh"
|
||||
|
||||
|
@ -51,6 +56,14 @@
|
|||
- name: make start executable in spam
|
||||
shell: chmod +x "{{ docker_project_folder }}/mailserver/spam/start.sh"
|
||||
|
||||
- name: Copy db
|
||||
copy:
|
||||
src: db
|
||||
dest: "{{ docker_project_folder }}/mailserver"
|
||||
|
||||
- name: make start executable in db
|
||||
shell: chmod +x "{{ docker_project_folder }}/mailserver/db/databases.sh"
|
||||
|
||||
- name: Copy traefik
|
||||
copy:
|
||||
src: traefik
|
||||
|
|
|
@ -15,10 +15,9 @@ services:
|
|||
- db:db
|
||||
- spam:spam
|
||||
volumes:
|
||||
- ./smtp/main.cf:/etc/postfix/main.cf:ro
|
||||
- ./smtp/master.cf:/etc/postfix/master.cf:ro
|
||||
- {{ docker_data_folder }}/mailserver/mailman/data:/mailman
|
||||
- {{ docker_data_folder }}/mailserver/mailman/core:/mailman
|
||||
- mails:/home/vmail
|
||||
- /dev/log:/dev/log
|
||||
- certs:/certs
|
||||
environment:
|
||||
- DATABASE_USER=mail
|
||||
|
@ -42,6 +41,7 @@ services:
|
|||
expose:
|
||||
- '24'
|
||||
- '8472'
|
||||
- '993'
|
||||
links:
|
||||
- db
|
||||
- spam
|
||||
|
@ -84,15 +84,19 @@ services:
|
|||
- imap:imap
|
||||
- smtp:smtp
|
||||
environment:
|
||||
ROUNDCUBEMAIL_DEFAULT_HOST: imap
|
||||
ROUNDCUBEMAIL_SMTP_SERVER: smtp
|
||||
ROUNDCUBEMAIL_DEFAULT_HOST: "ssl://imap"
|
||||
ROUNDCUBEMAIL_DEFAULT_PORT: "993"
|
||||
ROUNDCUBEMAIL_SMTP_SERVER: "tls://smtp"
|
||||
ROUNDCUBEMAIL_SMTP_PORT: 587
|
||||
ROUNDCUBEMAIL_PLUGINS: archive,zipdownload,managesieve,password
|
||||
ROUNDCUBEMAIL_UPLOAD_MAX_FILESIZE: 100M
|
||||
ROUNDCUBEMAIL_DB_TYPE: mysql
|
||||
ROUNDCUBEMAIL_DB_HOST: db
|
||||
ROUNDCUBEMAIL_DB_USER: mail
|
||||
ROUNDCUBEMAIL_DB_PASSWORD: {{ DB_PASSWORD }}
|
||||
ROUNDCUBEMAIL_DB_NAME: postfix
|
||||
ROUNDCUBEMAIL_DB_NAME: roundcube
|
||||
volumes:
|
||||
- ./webmail/config.inc.php:/var/roundcube/config/config.inc.php
|
||||
labels:
|
||||
- "traefik.frontend.rule=Host:mail.{{ DOMAIN }}"
|
||||
- "traefik.port=80"
|
||||
|
@ -125,12 +129,13 @@ services:
|
|||
restart: always
|
||||
environment:
|
||||
MYSQL_ROOT_PASSWORD: {{ DB_ROOT_PASSWORD }}
|
||||
MYSQL_DATABASES: "postfix mailman"
|
||||
MYSQL_DATABASES: "postfix mailman roundcube"
|
||||
MYSQL_USER: mail
|
||||
MYSQL_PASSWORD: {{ DB_PASSWORD }}
|
||||
volumes:
|
||||
- {{ docker_data_fodler }}:/var/lib/mysql
|
||||
- ./docker-entrypoint.sh:/docker-entrypoint.sh
|
||||
- {{ docker_data_folder }}/mailserver/db:/var/lib/mysql
|
||||
#- ./docker-entrypoint.sh:/docker-entrypoint.sh
|
||||
- {{ docker_project_folder }}/mailserver/db:/docker-entrypoint-initdb.d
|
||||
labels:
|
||||
- "traefik.enable=false"
|
||||
|
||||
|
@ -152,6 +157,10 @@ services:
|
|||
- DATABASE_TYPE=mysql
|
||||
- DATABASE_CLASS=mailman.database.mysql.MySQLDatabase
|
||||
- HYPERKITTY_API_KEY=someapikey
|
||||
- MM_HOSTNAME=mailman-core
|
||||
- SMTP_PORT=587
|
||||
- SMTP_HOST=smtp
|
||||
- MTA=postfix
|
||||
labels:
|
||||
- "traefik.enable=false"
|
||||
|
||||
|
@ -202,8 +211,6 @@ services:
|
|||
- "traefik.port=80"
|
||||
|
||||
|
||||
|
||||
|
||||
traefik:
|
||||
container_name: traefik
|
||||
image: traefik
|
||||
|
|
|
@ -1,7 +1,7 @@
|
|||
---
|
||||
become_method: sudo
|
||||
ansible_ask_become_pass: yes
|
||||
docker_data_folder: /data_ansible
|
||||
docker_data_folder: /data_test
|
||||
docker_project_folder: /var/docker
|
||||
DOMAIN: creditcards.bayern
|
||||
|
||||
|
|
Loading…
Reference in a new issue