docker/mailu
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Move to Docker Compose and multiple containers

Browse Source
This commit is contained in:
Pierre Jaury
2016-02-24 07:44:49 +01:00
parent caab793716
commit d0006dc624
33 changed files with 260 additions and 175 deletions
Download Patch File Download Diff File Expand all files Collapse all files

17
Dockerfile
View File

@@ -1,22 +1,7 @@
FROM python:3
# Install required system packages
RUN export DEBIAN_FRONTEND=noninteractive \
&& apt-get update \
&& apt-get install -y --no-install-recommends \
postfix dovecot-imapd dovecot-sqlite dovecot-lmtpd \
dovecot-sieve dovecot-managesieved \
dovecot-antispam spamassassin spamc clamav \
php5-fpm php5-mysql php5-imap php5-sqlite php5-mcrypt \
supervisor rsyslog nginx sqlite3 \
&& apt-get clean
# Install the Webmail from source # Install the Webmail from source
ENV ROUNDCUBE_VERSION 1.1.4-complete
RUN curl -L -O https://downloads.sourceforge.net/project/roundcubemail/roundcubemail/1.1.4/roundcubemail-${ROUNDCUBE_VERSION}.tar.gz \
&& tar -xf roundcubemail-${ROUNDCUBE_VERSION}.tar.gz \
&& rm -f roundcubemail-${ROUNDCUBE_VERSION}.tar.gz \
&& mv roundcubemail-* /webmail
# Install the Web admin panel # Install the Web admin panel
COPY admin /admin COPY admin /admin

44
README.md
View File

@@ -1,11 +1,10 @@
Freeposte.io Freeposte.io
============ ============
Simple yet functional and full-featured mail server as a single Docker image. Simple yet functional and full-featured mail server as a set of Docker images.
The idea behing Freeposte.io is identical to motivations that led to poste.io: The idea behing Freeposte.io is identical to motivations that led to poste.io:
even though it looks like a Docker anti-pattern, single upgradable image providing a simple and maintainable mail server that is painless to manage and
running a full-featured mail server is a truly amazing advantage for hosting does not require more resources than necessary.
mails on modern cloud services or home-brewed Docker servers.
People from poste.io did an amazing job at accomplishing this ; any company People from poste.io did an amazing job at accomplishing this ; any company
looking for a serious yet simple mail server with professional support should looking for a serious yet simple mail server with professional support should
@@ -19,23 +18,32 @@ able to fine-tune some details if needed.
How-to run your mail server How-to run your mail server
=========================== ===========================
*Please note that this image is still in a very early stage. Do not use for *Please note that this project is still in a very early stage. Do not use for
production!* production!*
The mail server runs as a single Docker container. A volume should be mounted to ``/data`` for persistent storage. Simply setup Docker on your The mail server runs as a set of Docker containers. These containers are managed
server then run a container with the ``kaiyou/freeposte.io`` image: through a ``docker-compose.yml`` configuration file that requires Docker Compose
to run.
First, follow instructions at https://docs.docker.com to setup Docker and Docker
Compose properly for your system. Then download the main configuration file:
``` ```
docker run --name=freeposte -d \ wget https://freeposte.io/docker-compose.yml
-e POSTMASTER_ADDRESS=admin@your.tld \ ```
-e MAIL_HOSTNAME=mail.your.tld \
-e SECRET_KEY=yourflasksecretkey \ This file contains instructions about which containers to run and how they will
-p 25:25 \ interact. You should also create a data directory. Freeposte will use ``/data``
-p 143:143 \ as a sane default:
-p 587:587 \
-p 80:80 \ ```
-v /path/to/your/data:/data \ mkdir -p /data
kaiyou/freeposte.io ```
Finally, you can run your mail server:
```
docker-compose up -d
``` ```
General architecture General architecture
@@ -52,5 +60,3 @@ Additional Web UI :
* Roundcube Webmail (can easily be replaced) ; * Roundcube Webmail (can easily be replaced) ;
* Administration UI based on Flask. * Administration UI based on Flask.
All components are monitored by supervisord.

12
admin/Dockerfile Normal file
View File

@@ -0,0 +1,12 @@
FROM python:3
RUN mkdir -p /app
WORKDIR /app
COPY freeposte ./freeposte
COPY initdb.py .
COPY requirements.txt .
RUN pip install -r requirements.txt
CMD gunicorn -w 4 -b 0.0.0.0:80 --access-logfile - --error-logfile - freeposte:app

10
admin/freeposte/__init__.py
View File

@@ -10,7 +10,8 @@ app = Flask(__name__)
default_config = { default_config = {
'SQLALCHEMY_DATABASE_URI': 'sqlite:////data/freeposte.db', 'SQLALCHEMY_DATABASE_URI': 'sqlite:////data/freeposte.db',
'SQLALCHEMY_TRACK_MODIFICATIONS': False, 'SQLALCHEMY_TRACK_MODIFICATIONS': False,
'SECRET_KEY': None 'SECRET_KEY': None,
'DEBUG': False
} }
# Load configuration from the environment if available # Load configuration from the environment if available
@@ -21,4 +22,9 @@ for key, value in default_config.items():
# Create the database # Create the database
db = SQLAlchemy(app) db = SQLAlchemy(app)
from freeposte import views # Import views and models
from freeposte import models, views
# Manage database upgrades if necessary
db.create_all()
db.session.commit()

4
admin/freeposte/views.py
View File

@@ -3,9 +3,11 @@ from flask_admin.contrib import sqla
from freeposte import app, db, models from freeposte import app, db, models
import os
# Flask admin # Flask admin
admin = admin.Admin(app, name='Freeposte.io', template_mode='bootstrap3') app_name = os.environ.get('APP_NAME', 'Freeposte.io')
admin = admin.Admin(app, name=app_name, template_mode='bootstrap3')
class BaseModelView(sqla.ModelView): class BaseModelView(sqla.ModelView):

2
admin/requirements.txt
View File

@@ -1,4 +1,4 @@
Flask Flask
Flask-Admin Flask-Admin
Flask-SQLAlchemy Flask-SQLAlchemy
uwsgi gunicorn

3
amavis/Dockerfile Normal file
View File

@@ -0,0 +1,3 @@
FROM alpine
RUN apk add --update amavis spamassassin clamav && rm -rf /var/cache/apk/*

0
config/clamav/empty
View File

39
config/postfix/master.cf
View File

@@ -1,39 +0,0 @@
# service type private unpriv chroot wakeup maxproc command + args
# (yes) (yes) (yes) (never) (100)
# Exposed SMTP services
smtp inet n - - - - smtpd
-o content_filter=spamassassin
submission inet n - - - - smtpd
-o smtpd_enforce_tls=yes
-o smtpd_sasl_auth_enable=yes
-o smtpd_client_restrictions=permit_sasl_authenticated,reject
smtps inet n - - - - smtpd
-o smtpd_enforce_tls=yes
-o smtpd_sasl_auth_enable=yes
-o smtpd_client_restrictions=permit_sasl_authenticated,reject
# Internal postfix services
pickup fifo n - n 60 1 pickup
cleanup unix n - - - 0 cleanup
qmgr unix n - n 300 1 qmgr
tlsmgr unix - - - 1000? 1 tlsmgr
rewrite unix - - - - - trivial-rewrite
bounce unix - - - - 0 bounce
defer unix - - - - 0 bounce
trace unix - - - - 0 bounce
proxymap unix - - - - - proxymap
verify unix - - - - 1 verify
flush unix n - - 1000? 0 flush
smtp unix - - - - - smtp
relay unix - - - - - smtp
error unix - - - - - error
retry unix - - - - - error
discard unix - - - - - discard
lmtp unix - - - - - lmtp
anvil unix - - - - 1 anvil
scache unix - - - - 1 scache
# Utility services
spamassassin unix - n n - - pipe
user=nobody argv=/usr/bin/spamc -f -e /usr/sbin/sendmail -oi -f ${sender} ${recipient}

5
config/rsyslog.conf
View File

@@ -1,5 +0,0 @@
$ModLoad imuxsock
$ModLoad imklog
*.* /data/logs/mail.log

0
config/spamassassin/empty
View File

28
config/supervisor/supervisord.conf
View File

@@ -1,28 +0,0 @@
[supervisord]
nodaemon = true
logfile = /data/logs/supervisord.log
[program:nginx]
command = nginx -g 'daemon off;'
[program:rsyslog]
command = rsyslogd -n
[program:postfix]
command = /usr/lib/postfix/master -d
[program:dovecot]
command = /usr/sbin/dovecot -c /etc/dovecot/dovecot.conf -F
[program:spamassassin]
command = /usr/sbin/spamd
[program:admin]
command = uwsgi --yaml /etc/uwsgi/apps-enabled/freeposte.yml
stdout_logfile = /data/logs/admin.log
stderr_logfile = /data/logs/admin-error.log
[program:webmail]
command = php5-fpm -F
stdout_logfile = /data/logs/php.log
stderr_logfile = /data/logs/php-error.log

16
config/uwsgi/apps-enabled/freeposte.yml
View File

@@ -1,16 +0,0 @@
uwsgi:
socket: /var/run/freeposte.sock
chown-socket: www-data:www-data
pidfile: /var/run/freeposte.pid
master: true
workers: 2
vacuum: true
plugins: python
wsgi-file: /admin/run.py
callable: app
processes: 1
pythonpath: /usr/lib/python2.7/site-packages
pythonpath: /admin
catch-exceptions: true
post-buffering: 8192

48
docker-compose.yml Normal file
View File

@@ -0,0 +1,48 @@
http:
build: nginx
ports:
- "80:80"
- "443:443"
links:
- admin
- webmail
volumes:
- /tmp/data/certs:/certs
imap:
build: dovecot
ports:
- "143:143"
- "993:993"
volumes:
- /tmp/data/freeposte:/data
- /tmp/data/mail:/mail
- /tmp/data/certs:/certs
smtp:
build: postfix
ports:
- "25:25"
- "465:465"
- "587:587"
links:
- imap
volumes:
- /tmp/data/freeposte:/data
- /tmp/data/logs:/logs
- /tmp/data/certs:/certs
admin:
build: admin
volumes:
- /tmp/data/freeposte:/data
environment:
- DEBUG=True
- SECRET_KEY=mysecretkey
webmail:
build: roundcube
links:
- imap
volumes:
- /tmp/data/webmail:/data

17
dovecot/Dockerfile Normal file
View File

@@ -0,0 +1,17 @@
FROM alpine
RUN echo "@testing http://nl.alpinelinux.org/alpine/edge/testing" >> /etc/apk/repositories \
&& echo "@community http://dl-3.alpinelinux.org/alpine/edge/community/" >> /etc/apk/repositories \
&& apk add --update \
dovecot \
dovecot-sqlite \
dovecot-pigeonhole-plugin@community \
dovecot-antispam-plugin@testing \
&& rm -rf /var/cache/apk/*
COPY conf /etc/dovecot
COPY sieve /var/lib/dovecot
COPY start.sh /start.sh
CMD ["/start.sh"]

0
config/dovecot/after.sieve → dovecot/conf/after.sieve
View File

0
config/dovecot/default.sieve → dovecot/conf/default.sieve
View File

0
config/dovecot/dovecot-sql.conf.ext → dovecot/conf/dovecot-sql.conf.ext
View File

30
config/dovecot/dovecot.conf → dovecot/conf/dovecot.conf
View File

@@ -1,6 +1,7 @@
############### ###############
# General # General
############### ###############
log_path = /dev/stderr
protocols = imap lmtp sieve protocols = imap lmtp sieve
postmaster_address = %{env:POSTMASTER_ADDRESS} postmaster_address = %{env:POSTMASTER_ADDRESS}
hostname = %{env:MAIL_HOSTNAME} hostname = %{env:MAIL_HOSTNAME}
@@ -18,8 +19,8 @@ service dict {
############### ###############
first_valid_gid = 8 first_valid_gid = 8
first_valid_uid = 8 first_valid_uid = 8
mail_location = maildir:/data/mail/%u mail_location = maildir:/mail/%u
mail_home = /data/mail/%u mail_home = /mail/%u
mail_uid = mail mail_uid = mail
mail_gid = mail mail_gid = mail
mail_privileged_group = mail mail_privileged_group = mail
@@ -49,13 +50,13 @@ namespace inbox {
# TLS # TLS
############### ###############
ssl = yes ssl = yes
ssl_cert = </data/ssl/cert.pem ssl_cert = </certs/cert.pem
ssl_key = </data/ssl/key.pem ssl_key = </certs/key.pem
############### ###############
# Authentication # Authentication
############### ###############
auth_mechanisms = plain login cram-md5 auth_mechanisms = plain login
passdb { passdb {
driver = sql driver = sql
@@ -71,10 +72,9 @@ service auth {
user = dovecot user = dovecot
unix_listener auth-userdb { unix_listener auth-userdb {
} }
unix_listener /var/spool/postfix/private/dovecot-auth {
user = postfix inet_listener {
group = postfix port = 2102
mode = 0600
} }
} }
@@ -114,10 +114,8 @@ protocol lmtp {
} }
service lmtp { service lmtp {
unix_listener /var/spool/postfix/private/dovecot-lmtp { inet_listener lmtp {
user = postfix port = 2525
group = postfix
mode = 0600
} }
} }
@@ -139,7 +137,7 @@ service managesieve-login {
plugin { plugin {
sieve = ~/.sieve sieve = ~/.sieve
sieve_dir = ~/sieve sieve_dir = ~/sieve
sieve_before = /etc/dovecot/before.sieve sieve_before = /var/lib/dovecot/before.sieve
sieve_default = /etc/dovecot/default.sieve sieve_default = /var/lib/dovecot/default.sieve
sieve_after = /etc/dovecot/after.sieve sieve_after = /var/lib/dovecot/after.sieve
} }

0
config/dovecot/before.sieve → dovecot/sieve/before.sieve
View File

8
dovecot/start.sh Executable file
View File

@@ -0,0 +1,8 @@
#!/bin/sh
# Fix permissions
chown -R mail:mail /mail
chown -R mail:mail /var/lib/dovecot
# Run dovecot
exec /usr/sbin/dovecot -c /etc/dovecot/dovecot.conf -F

3
nginx/Dockerfile Normal file
View File

@@ -0,0 +1,3 @@
FROM nginx
COPY nginx.conf /etc/nginx/nginx.conf

23
config/nginx/nginx.conf → nginx/nginx.conf
View File

@@ -1,7 +1,7 @@
user www-data; user www-data;
worker_processes 1; worker_processes 1;
error_log /data/logs/nginx-error.log info; error_log /dev/stderr info;
pid /var/run/nginx.pid; pid /var/run/nginx.pid;
events { events {
@@ -11,7 +11,7 @@ events {
http { http {
include /etc/nginx/mime.types; include /etc/nginx/mime.types;
default_type application/octet-stream; default_type application/octet-stream;
access_log /data/logs/nginx.log; access_log /dev/stdout;
sendfile on; sendfile on;
keepalive_timeout 65; keepalive_timeout 65;
server_tokens off; server_tokens off;
@@ -25,28 +25,19 @@ http {
ssl_prefer_server_ciphers on; ssl_prefer_server_ciphers on;
ssl_session_timeout 5m; ssl_session_timeout 5m;
ssl_session_cache shared:SSL:50m; ssl_session_cache shared:SSL:50m;
ssl_certificate /data/ssl/cert.pem; ssl_certificate /certs/cert.pem;
ssl_certificate_key /data/ssl/key.pem; ssl_certificate_key /certs/key.pem;
if ($scheme = http) { if ($scheme = http) {
return 301 https://$host$request_uri; return 301 https://$host$request_uri;
} }
root /webmail; location / {
index index.php; proxy_pass http://webmail;
location ~ \.php$ {
try_files $uri =404;
fastcgi_pass unix:/var/run/php5-fpm.sock;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
} }
location /admin { location /admin {
include uwsgi_params; proxy_pass http://admin;
uwsgi_modifier1 30;
uwsgi_pass unix:/var/run/freeposte.sock;
} }
} }
} }

10
postfix/Dockerfile Normal file
View File

@@ -0,0 +1,10 @@
FROM alpine
RUN apk add --update postfix postfix-sqlite rsyslog && rm -rf /var/cache/apk/*
COPY conf /etc/postfix
COPY rsyslog.conf /etc/rsyslog.conf
COPY start.sh /start.sh
CMD ["/start.sh"]

17
config/postfix/main.cf → postfix/conf/main.cf
View File

@@ -15,8 +15,8 @@ mydestination =
# TLS # TLS
############### ###############
smtpd_use_tls = yes smtpd_use_tls = yes
smtpd_tls_cert_file=/data/ssl/cert.pem smtpd_tls_cert_file=/certs/cert.pem
smtpd_tls_key_file=/data/ssl/key.pem smtpd_tls_key_file=/certs/key.pem
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
@@ -25,7 +25,7 @@ smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
############### ###############
smtpd_sasl_local_domain = $myhostname smtpd_sasl_local_domain = $myhostname
smtpd_sasl_type = dovecot smtpd_sasl_type = dovecot
smtpd_sasl_path = private/dovecot-auth smtpd_sasl_path = inet:imap:2102
smtpd_sasl_auth_enable = yes smtpd_sasl_auth_enable = yes
smtpd_sasl_security_options = noanonymous smtpd_sasl_security_options = noanonymous
@@ -34,12 +34,5 @@ smtpd_sasl_security_options = noanonymous
############### ###############
virtual_mailbox_domains = ${sql}sqlite-virtual_mailbox_domains.cf virtual_mailbox_domains = ${sql}sqlite-virtual_mailbox_domains.cf
virtual_alias_maps = ${sql}sqlite-virtual_alias_maps.cf virtual_alias_maps = ${sql}sqlite-virtual_alias_maps.cf
virtual_transport = lmtp:unix:private/dovecot-lmtp virtual_transport = lmtp:inet:imap:2525
lmtp_host_lookup = native
###############
# Milter
###############
milter_default_action = tempfail
milter_protocol = 6
smtpd_milters =
non_smtpd_milters =

34
postfix/conf/master.cf Normal file
View File

@@ -0,0 +1,34 @@
# service type private unpriv chroot wakeup maxproc command + args
# (yes) (yes) (yes) (never) (100)
# Exposed SMTP services
smtp inet n - n - - smtpd
submission inet n - n - - smtpd
-o smtpd_enforce_tls=yes
-o smtpd_sasl_auth_enable=yes
-o smtpd_client_restrictions=permit_sasl_authenticated,reject
smtps inet n - n - - smtpd
-o smtpd_enforce_tls=yes
-o smtpd_sasl_auth_enable=yes
-o smtpd_client_restrictions=permit_sasl_authenticated,reject
# Internal postfix services
pickup unix n - n 60 1 pickup
cleanup unix n - n - 0 cleanup
qmgr unix n - n 300 1 qmgr
tlsmgr unix - - n 1000? 1 tlsmgr
rewrite unix - - n - - trivial-rewrite
bounce unix - - n - 0 bounce
defer unix - - n - 0 bounce
trace unix - - n - 0 bounce
verify unix - - n - 1 verify
flush unix n - n 1000? 0 flush
proxymap unix - - n - - proxymap
smtp unix - - n - - smtp
relay unix - - n - - smtp
error unix - - n - - error
retry unix - - n - - error
discard unix - - n - - discard
lmtp unix - - n - - lmtp
anvil unix - - n - 1 anvil
scache unix - - n - 1 scache

0
config/postfix/sqlite-virtual_alias_maps.cf → postfix/conf/sqlite-virtual_alias_maps.cf
View File

0
config/postfix/sqlite-virtual_mailbox_domains.cf → postfix/conf/sqlite-virtual_mailbox_domains.cf
View File

4
postfix/rsyslog.conf Normal file
View File

@@ -0,0 +1,4 @@
$ModLoad imuxsock
$template noTimestampFormat,"%syslogtag%%msg%\n"
$ActionFileDefaultTemplate noTimestampFormat
*.*;auth,authpriv.none /dev/stdout

4
postfix/start.sh Executable file
View File

@@ -0,0 +1,4 @@
#!/bin/sh
/usr/lib/postfix/master &
rsyslogd -n

28
roundcube/Dockerfile Normal file
View File

@@ -0,0 +1,28 @@
FROM php:apache
RUN apt-get update && apt-get install -y \
libfreetype6-dev \
libjpeg62-turbo-dev \
libmcrypt-dev \
libpng12-dev \
&& docker-php-ext-install pdo_mysql mcrypt
ENV ROUNDCUBE_URL https://downloads.sourceforge.net/project/roundcubemail/roundcubemail/1.1.4/roundcubemail-1.1.4-complete.tar.gz
RUN echo date.timezone=UTC > /usr/local/etc/php/conf.d/timezone.ini
RUN cd /tmp \
&& curl -L -O ${ROUNDCUBE_URL} \
&& tar -xf *.tar.gz \
&& rm -f *.tar.gz \
&& rm -rf /var/www/html \
&& mv roundcubemail-* /var/www/html \
&& cd /var/www/html \
&& rm -rf CHANGELOG INSTALL LICENSE README.md UPGRADING composer.json-dist installer \
&& chown -R www-data: logs
COPY config.inc.php /var/www/html/config/
COPY start.sh /start.sh
CMD ["/start.sh"]

22
config/roundcube.inc.php → roundcube/config.inc.php
View File

@@ -3,7 +3,7 @@
$config = array(); $config = array();
// Generals // Generals
$config['db_dsnw'] = 'sqlite:////data/webmail/roundcube.db'; $config['db_dsnw'] = 'sqlite:////data/roundcube.db';
$config['des_key'] = 'rcmail-!24ByteDESkey*Str'; $config['des_key'] = 'rcmail-!24ByteDESkey*Str';
$config['identities_level'] = 3; $config['identities_level'] = 3;
$config['reply_all_mode'] = 1; $config['reply_all_mode'] = 1;
@@ -18,10 +18,24 @@ $config['plugins'] = array(
); );
// Mail servers // Mail servers
$config['default_host'] = 'localhost'; $config['default_host'] = 'tls://imap';
$config['default_port'] = 143; $config['default_port'] = 143;
$config['smtp_server'] = 'localhost'; $config['smtp_server'] = 'tls://smtp';
$config['smtp_port'] = 25; $config['smtp_port'] = 587;
$config['smtp_user'] = '%u';
$config['smtp_pass'] = '%p';
// We access the IMAP and SMTP servers locally with internal names, SSL
// will obviously fail but this sounds better than allowing insecure login
// from the outter world
$ssl_no_check = array(
'ssl' => array(
'verify_peer' => false,
'verify_peer_name' => false,
),
);
$config['imap_conn_options'] = $ssl_no_check;
$config['smtp_conn_options'] = $ssl_no_check;
// Password management // Password management
$config['password_driver'] = 'sql'; $config['password_driver'] = 'sql';

7
roundcube/start.sh Executable file
View File

@@ -0,0 +1,7 @@
#!/bin/sh
# Fix some permissions
chown -R www-data:www-data /data
# Run apache
exec apache2-foreground