diff --git a/README.md b/README.md index 2f58a34d..a0cfbaa6 100644 --- a/README.md +++ b/README.md @@ -5,32 +5,34 @@ Dovecot, Memcached, Redis, MariaDB, PowerDNS Recursor, PHP-FPM, Postfix, Nginx, All configurations were written with security in mind. -### Exposed ports: +### Containers and volumes -| Name | Service | Hostname, Alias | External bindings | Internal bindings | -|:------------------|:-------------|:-------------------------------|:---------------------------------------------|:-------------------------------| -| postfix-mailcow | Postfix | ${MAILCOW_HOSTNAME}, postfix | 25/tcp, 465/tcp, 587/tcp | 588/tcp | -| dovecot-mailcow | Dovecot | ${MAILCOW_HOSTNAME}, dovecot | 110/tcp, 143/tcp, 993/tcp, 995/tcp, 4190/tcp | 24/tcp, 10001/tcp | -| nginx-mailcow | Nginx | nginx | 443/tcp | 80/tcp, 8081/tcp | -| pdns-mailcow | PowerDNS | pdns | - | 53/udp | -| rspamd-mailcow | Rspamd | rspamd | - | 11333/tcp, 11334/tcp | -| mariadb-mailcow | MariaDB | mysql | - | 3306/tcp | -| rmilter-mailcow | Rmilter | rmilter | - | 9000/tcp | -| phpfpm-mailcow | PHP FPM | phpfpm | - | 9000/tcp | -| sogo-mailcow | SOGo | sogo | - | 9000/tcp | -| redis-mailcow | Redis | redis | - | 6379/tcp | -| memcached-mailcow | Memcached | memcached | - | 11211/tcp | +| Type | Object name | Network names | External binding | Internal binding | Volumes | +|-----------|-------------------|------------------------------|----------------------------------------------|----------------------|----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| +| Container | postfix-mailcow | ${MAILCOW_HOSTNAME}, postfix | 25/tcp, 465/tcp, 587/tcp | 588/tcp | ./data/conf/postfix:/opt/postfix/conf, ./data/assets/ssl:/etc/ssl/mail/:ro | +| Container | dovecot-mailcow | ${MAILCOW_HOSTNAME}, dovecot | 110/tcp, 143/tcp, 993/tcp, 995/tcp, 4190/tcp | 24/tcp, 10001/tcp | vmail-vol-1:/var/vmail, ./data/conf/dovecot:/etc/dovecot, ./data/assets/ssl:/etc/ssl/mail/:ro | +| Container | nginx-mailcow | nginx | 443/tcp | 80/tcp, 8081/tcp | Mounts from sogo-mailcow, ./data/web:/web:ro, ./data/conf/rspamd/dynmaps:/dynmaps:ro, ./data/assets/ssl/:/etc/ssl/mail/:ro, ./data/conf/nginx/:/etc/nginx/conf.d/:ro | +| Container | pdns-mailcow | pdns | - | 53/udp | ./data/conf/pdns/:/etc/powerdns/ | +| Container | rspamd-mailcow | rspamd | - | 11333/tcp, 11334/tcp | dkim-vol-1:/data/dkim, ./data/conf/rspamd/override.d/:/etc/rspamd/override.d:ro, ./data/conf/rspamd/local.d/:/etc/rspamd/local.d:ro, ./data/conf/rspamd/lua/:/etc/rspamd/lua/:ro | +| Container | mariadb-mailcow | mysql | - | 3306/tcp | mysql-vol-1:/var/lib/mysql/, ./data/conf/mysql/:/etc/mysql/conf.d/:ro | +| Container | rmilter-mailcow | rmilter | - | 9000/tcp | ./data/conf/rmilter/:/etc/rmilter.conf.d/:ro | +| Container | phpfpm-mailcow | phpfpm | - | 9000/tcp | dkim-vol-1:/data/dkim, ./data/web:/web:ro, ./data/conf/rspamd/dynmaps:/dynmaps:ro | +| Container | sogo-mailcow | sogo | - | 20000/tcp | ./data/conf/sogo/:/etc/sogo/,exposes /usr/lib/GNUstep/SOGo/WebServerResources/ | +| Container | redis-mailcow | redis | - | 6379/tcp | redis-vol-1:/data/ | +| Container | memcached-mailcow | memcached | - | 11211/tcp | - | +| Volume | vmail-vol-1 | - | - | - | Mounts to dovecot | +| Volume | dkim-vol-1 | - | - | - | Mounts to rspamd + phpfpm | +| Volume | redis-vol-1 | - | - | - | Mounts to redis | +| Volume | mysql-vol-1 | - | - | - | Mounts to mysql | All containers share a network "mailcow-network" with the subnet 172.22.1.0/24 - if you want to change it, set it in the composer file. -IPs are dynamic except for PowerDNS resolver which has a static ip address 172.22.1.2. +IPs are dynamic except for PowerDNS resolver which has a static ip address 172.22.1.254. ### **FAQ** - rspamd learns mail as spam or ham when you move a message in or out of the junk folder to any mailbox besides trash. - rspamd auto-learns mail when a high or low score is detected (see https://rspamd.com/doc/configuration/statistic.html#autolearning) -- You can upgrade SOGo by running `docker-compose up -d sogo-mailcow nginx-mailcow`. -- Only Postfix and Rspamd use the PowerDNS resolver for DNSSEC. -- Linking to existing redis and memcached containers will be possible soon +- You can upgrade containers by running `docker-compose pull && docker-compose up -d`. ## Installation diff --git a/data/Dockerfiles/dovecot/docker-entrypoint.sh b/data/Dockerfiles/dovecot/docker-entrypoint.sh index a9b8beef..68197ee4 100755 --- a/data/Dockerfiles/dovecot/docker-entrypoint.sh +++ b/data/Dockerfiles/dovecot/docker-entrypoint.sh @@ -3,4 +3,6 @@ set -e sed -i "/^connect/c\connect = \"host=mysql dbname=${DBNAME} user=${DBUSER} password=${DBPASS}\"" /etc/dovecot/sql/* +if [[ $(stat -c %U /var/vmail/) != "vmail" ]] ; then chown -R vmail:vmail /var/vmail ; fi + exec "$@" diff --git a/data/Dockerfiles/php-fpm/Dockerfile b/data/Dockerfiles/php-fpm/Dockerfile index ee556c49..aa489dbc 100644 --- a/data/Dockerfiles/php-fpm/Dockerfile +++ b/data/Dockerfiles/php-fpm/Dockerfile @@ -9,7 +9,9 @@ RUN apt-get update \ RUN docker-php-ext-configure intl RUN docker-php-ext-install intl pdo pdo_mysql -WORKDIR /var/www/html +COPY ./docker-entrypoint.sh / EXPOSE 9000 + +ENTRYPOINT ["/docker-entrypoint.sh"] CMD ["php-fpm"] diff --git a/data/Dockerfiles/php-fpm/docker-entrypoint.sh b/data/Dockerfiles/php-fpm/docker-entrypoint.sh new file mode 100755 index 00000000..8f57a6d9 --- /dev/null +++ b/data/Dockerfiles/php-fpm/docker-entrypoint.sh @@ -0,0 +1,7 @@ +#!/bin/bash +set -e + +if [[ ! -d "/data/dkim/txt" || ! -d "/data/dkim/keys" ]] ; then mkdir -p /data/dkim/{txt,keys} ; chown -R www-data:www-data /data/dkim; fi +if [[ $(stat -c %U /data/dkim/) != "www-data" ]] ; then chown -R www-data:www-data /data/dkim ; fi + +exec "$@" diff --git a/data/Dockerfiles/sogo/docker-entrypoint.sh b/data/Dockerfiles/sogo/docker-entrypoint.sh index 7360576e..b3c0a211 100755 --- a/data/Dockerfiles/sogo/docker-entrypoint.sh +++ b/data/Dockerfiles/sogo/docker-entrypoint.sh @@ -3,7 +3,7 @@ set -e AS_SOGO="gosu sogo" -${AS_SOGO} sogo defaults write sogod SOGoUserSources "({type = sql;id = directory;viewURL = mysql://${DBUSER}:${DBPASS}@mysql:3306/${DBNAME}/sogo_view;canAuthenticate = YES;isAddressBook = YES;displayName = \"GAL\";MailFieldNames = (aliases, ad_aliases, senderacl);userPasswordAlgorithm = ssha256;})" +${AS_SOGO} defaults write sogod SOGoUserSources "({type = sql;id = directory;viewURL = mysql://${DBUSER}:${DBPASS}@mysql:3306/${DBNAME}/sogo_view;canAuthenticate = YES;isAddressBook = YES;displayName = \"GAL\";MailFieldNames = (aliases, ad_aliases, senderacl);userPasswordAlgorithm = ssha256;})" ${AS_SOGO} defaults write sogod SOGoProfileURL "mysql://${DBUSER}:${DBPASS}@mysql:3306/${DBNAME}/sogo_user_profile" ${AS_SOGO} defaults write sogod OCSFolderInfoURL "mysql://${DBUSER}:${DBPASS}@mysql:3306/${DBNAME}/sogo_folder_info" ${AS_SOGO} defaults write sogod OCSEMailAlarmsFolderURL "mysql://${DBUSER}:${DBPASS}@mysql:3306/${DBNAME}/sogo_alarms_folder" diff --git a/data/db/mysql/.mysql_data b/data/db/mysql/.mysql_data deleted file mode 100644 index e69de29b..00000000 diff --git a/data/db/redis/.redis_data b/data/db/redis/.redis_data deleted file mode 100644 index e69de29b..00000000 diff --git a/docker-compose.yml b/docker-compose.yml index 17fae70c..cb10e22b 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -8,7 +8,7 @@ services: restart: always networks: mailcow-network: - ipv4_address: 172.22.1.2 + ipv4_address: 172.22.1.254 aliases: - pdns @@ -17,10 +17,10 @@ services: depends_on: - pdns-mailcow volumes: - - ./data/db/mysql/:/var/lib/mysql/ + - mysql-vol-1:/var/lib/mysql/ - ./data/conf/mysql/:/etc/mysql/conf.d/:ro dns: - - 172.22.1.2 + - 172.22.1.254 dns_search: mailcow-network environment: - MYSQL_ROOT_PASSWORD=${DBROOT} @@ -38,10 +38,10 @@ services: depends_on: - pdns-mailcow volumes: - - ./data/db/redis/:/data/ + - redis-vol-1:/data/ restart: always dns: - - 172.22.1.2 + - 172.22.1.254 dns_search: mailcow-network networks: mailcow-network: @@ -56,11 +56,10 @@ services: - ./data/conf/rspamd/override.d/:/etc/rspamd/override.d:ro - ./data/conf/rspamd/local.d/:/etc/rspamd/local.d:ro - ./data/conf/rspamd/lua/:/etc/rspamd/lua/:ro - volumes_from: - - data-container-dkim + - dkim-vol-1:/data/dkim restart: always dns: - - 172.22.1.2 + - 172.22.1.254 dns_search: mailcow-network networks: mailcow-network: @@ -74,10 +73,9 @@ services: volumes: - ./data/web:/web:ro - ./data/conf/rspamd/dynmaps:/dynmaps:ro - volumes_from: - - data-container-dkim + - dkim-vol-1:/data/dkim dns: - - 172.22.1.2 + - 172.22.1.254 dns_search: mailcow-network environment: - DBNAME=${DBNAME} @@ -99,7 +97,7 @@ services: - DBUSER=${DBUSER} - DBPASS=${DBPASS} dns: - - 172.22.1.2 + - 172.22.1.254 dns_search: mailcow-network volumes: - ./data/conf/sogo/:/etc/sogo/ @@ -118,7 +116,7 @@ services: - ./data/conf/rmilter/:/etc/rmilter.conf.d/:ro restart: always dns: - - 172.22.1.2 + - 172.22.1.254 dns_search: mailcow-network networks: mailcow-network: @@ -132,8 +130,7 @@ services: volumes: - ./data/conf/dovecot:/etc/dovecot - ./data/assets/ssl:/etc/ssl/mail/:ro - volumes_from: - - data-container-vmail + - vmail-vol-1:/var/vmail environment: - DBNAME=${DBNAME} - DBUSER=${DBUSER} @@ -145,7 +142,7 @@ services: - "${POPS_PORT}:995" - "${SIEVE_PORT}:4190" dns: - - 172.22.1.2 + - 172.22.1.254 dns_search: mailcow-network restart: always hostname: ${MAILCOW_HOSTNAME} @@ -172,7 +169,7 @@ services: restart: always hostname: ${MAILCOW_HOSTNAME} dns: - - 172.22.1.2 + - 172.22.1.254 dns_search: mailcow-network networks: mailcow-network: @@ -185,7 +182,7 @@ services: - pdns-mailcow restart: always dns: - - 172.22.1.2 + - 172.22.1.254 dns_search: mailcow-network networks: mailcow-network: @@ -207,7 +204,7 @@ services: - ./data/assets/ssl/:/etc/ssl/mail/:ro - ./data/conf/nginx/:/etc/nginx/conf.d/:ro dns: - - 172.22.1.2 + - 172.22.1.254 dns_search: mailcow-network ports: - "443:443" @@ -217,20 +214,6 @@ services: aliases: - nginx - data-container-dkim: - build: ./data/Dockerfiles/data-container-dkim - depends_on: - - pdns-mailcow - networks: - mailcow-network: - - data-container-vmail: - build: ./data/Dockerfiles/data-container-vmail - depends_on: - - pdns-mailcow - networks: - mailcow-network: - networks: mailcow-network: driver: bridge @@ -240,3 +223,8 @@ networks: - subnet: 172.22.1.0/24 gateway: 172.22.1.1 +volumes: + vmail-vol-1: + mysql-vol-1: + dkim-vol-1: + redis-vol-1: