Move the Mailu Docker network to a fixed subnet.

This will make network configuration and host based authentication more robust, across different deployment platforms. The options `RELAYNETS` and`POD_ADDRESS_RANGE` are kept for compatibility. However, their usage have become optional.
2018-12-03 03:16:53 +02:00
parent 3d98124bcd
commit 8172f3eab8
17 changed files with 68 additions and 57 deletions
--- a/setup/flavors/compose/mailu.env
+++ b/setup/flavors/compose/mailu.env
@@ -25,8 +25,8 @@ SECRET_KEY={{ secret(16) }}
 # PUBLIC_IPV4= {{ bind4 }} (default: 127.0.0.1)
 # PUBLIC_IPV6= {{ bind6 }} (default: ::1)

-# Subnet
-SUBNET={{ subnet }}
+# Subnet of the docker network. This should not conflict with any networks to which your system is connected. (Internal and external!)
+SUBNET=192.168.203.0/24

 # Main mail domain
 DOMAIN={{ domain }}
@@ -75,9 +75,9 @@ ANTISPAM={{ antispam_enabled or 'none'}}
 # Default: accept messages up to 50MB
 MESSAGE_SIZE_LIMIT={{ message_size_limit or '50000000' }}

-# Networks granted relay permissions, make sure that you include your Docker
-# internal network (default to 172.17.0.0/16)
-RELAYNETS={{ relaynets or '172.17.0.0/16' }}
+# Networks granted relay permissions
+# Use this with care, all hosts in this networks will be able to send mail without authentication!
+RELAYNETS=

 # Will relay all outgoing mails if configured
 RELAYHOST={{ relayhost }}
--- a/setup/flavors/stack/docker-compose.yml
+++ b/setup/flavors/stack/docker-compose.yml
@@ -29,7 +29,7 @@ services:
      - "{{ root }}/certs:/certs"
    deploy:
      replicas: {{ front_replicas }}
-      
+
  {% if resolver_enabled %}
  resolver:
    image: mailu/unbound:{{ version }}
@@ -56,8 +56,6 @@ services:
    image: ${DOCKER_ORG:-mailu}/dovecot:${MAILU_VERSION:-{{ version }}}
    env_file: {{ env }}
    environment:
-    # Default to 10.0.1.0/24
-      - POD_ADDRESS_RANGE={{ subnet }}
    volumes:
      - "{{ root }}/mail:/mail"
      - "{{ root }}/overrides:/overrides"
@@ -67,8 +65,6 @@ services:
  smtp:
    image: ${DOCKER_ORG:-mailu}/postfix:${MAILU_VERSION:-{{ version }}}
    env_file: {{ env }}
-    environment:
-      - POD_ADDRESS_RANGE={{ subnet }}
    volumes:
      - "{{ root }}/overrides:/overrides"
    deploy:
@@ -81,8 +77,6 @@ services:
  antispam:
    image: ${DOCKER_ORG:-mailu}/rspamd:${MAILU_VERSION:-{{ version }}}
    env_file: {{ env }}
-    environment:
-      - POD_ADDRESS_RANGE={{ subnet }}
    volumes:
      - "{{ root }}/filter:/var/lib/rspamd"
      - "{{ root }}/dkim:/dkim"