Merge branch 'master' into test-alpine-3.12

master
ofthesun9 4 years ago committed by GitHub
commit 539114a3d6
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23

@ -40,7 +40,7 @@ class PrefixMiddleware(object):
return self.app(environ, start_response)
def init_app(self, app):
self.app = fixers.ProxyFix(app.wsgi_app)
self.app = fixers.ProxyFix(app.wsgi_app, x_for=1, x_proto=1)
app.wsgi_app = self
proxy = PrefixMiddleware()

@ -21,7 +21,10 @@ mail_access_groups = mail
maildir_stat_dirs = yes
mailbox_list_index = yes
mail_vsize_bg_after_count = 100
mail_plugins = $mail_plugins quota quota_clone zlib fts fts_xapian
mail_plugins = $mail_plugins quota quota_clone zlib{{ ' ' }}
{%- if (FULL_TEXT_SEARCH or '').lower() not in ['off', 'false', '0'] -%}
fts fts_xapian
{%- endif %}
default_vsz_limit = 2GB
namespace inbox {
@ -39,11 +42,13 @@ plugin {
quota_vsizes = yes
quota_clone_dict = proxy:/tmp/podop.socket:quota
{% if (FULL_TEXT_SEARCH or '').lower() not in ['off', 'false', '0'] %}
fts = xapian
fts_xapian = partial=2 full=30
fts_autoindex = yes
fts_enforced = yes
fts_autoindex_exclude = \Trash
{% endif %}
{% if COMPRESSION in [ 'gz', 'bz2' ] %}
zlib_save = {{ COMPRESSION }}

@ -21,13 +21,9 @@ def start_podop():
])
# Actual startup script
os.environ["FRONT_ADDRESS"] = system.get_host_address_from_environment("FRONT", "front")
os.environ["REDIS_ADDRESS"] = system.get_host_address_from_environment("REDIS", "redis")
os.environ["ADMIN_ADDRESS"] = system.get_host_address_from_environment("ADMIN", "admin")
os.environ["ANTISPAM_WEBUI_ADDRESS"] = system.get_host_address_from_environment("ANTISPAM_WEBUI", "antispam:11334")
if os.environ["WEBMAIL"] != "none":
os.environ["WEBMAIL_ADDRESS"] = system.get_host_address_from_environment("WEBMAIL", "webmail")
for dovecot_file in glob.glob("/conf/*.conf"):
conf.jinja(dovecot_file, os.environ, os.path.join("/etc/dovecot", os.path.basename(dovecot_file)))

@ -52,9 +52,10 @@ tls_high_cipherlist = EDH+CAMELLIA:EDH+aRSA:EECDH+aRSA+AESGCM:EECDH+aRSA+SHA256:
tls_preempt_cipherlist = yes
tls_ssl_options = NO_COMPRESSION
# Outgoing TLS is more flexible because 1. not all receiving servers will
# support TLS, 2. not all will have and up-to-date TLS stack.
smtp_tls_security_level = may
# By default, outgoing TLS is more flexible because
# 1. not all receiving servers will support TLS,
# 2. not all will have and up-to-date TLS stack.
smtp_tls_security_level = {{ OUTBOUND_TLS_LEVEL|default('may') }}
smtp_tls_mandatory_protocols = !SSLv2, !SSLv3
smtp_tls_protocols =!SSLv2,!SSLv3
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache

@ -102,6 +102,9 @@ COMPRESSION=
# change compression-level, default: 6 (value: 1-9)
COMPRESSION_LEVEL=
# IMAP full-text search is enabled by default. Set the following variable to off in order to disable the feature.
# FULL_TEXT_SEARCH=off
###################################
# Web settings
###################################

@ -31,7 +31,7 @@ services:
- "$BIND_ADDRESS6:587:587"
volumes:
- "$ROOT/certs:/certs"
- "$ROOT/overrides/nginx:/overrides"
- "$ROOT/overrides/nginx:/overrides:ro"
redis:
image: redis:alpine
@ -45,7 +45,7 @@ services:
env_file: .env
volumes:
- "$ROOT/mail:/mail"
- "$ROOT/overrides:/overrides"
- "$ROOT/overrides/dovecot:/overrides:ro"
depends_on:
- front
@ -54,7 +54,8 @@ services:
restart: always
env_file: .env
volumes:
- "$ROOT/overrides:/overrides"
- "$ROOT/mailqueue:/queue"
- "$ROOT/overrides/postfix:/overrides:ro"
depends_on:
- front
@ -64,8 +65,8 @@ services:
env_file: .env
volumes:
- "$ROOT/filter:/var/lib/rspamd"
- "$ROOT/dkim:/dkim"
- "$ROOT/overrides/rspamd:/etc/rspamd/override.d"
- "$ROOT/dkim:/dkim:ro"
- "$ROOT/overrides/rspamd:/etc/rspamd/override.d:ro"
depends_on:
- front

@ -69,6 +69,10 @@ The ``RELAYHOST`` is an optional address of a mail server relaying all outgoing
mail in following format: ``[HOST]:PORT``.
``RELAYUSER`` and ``RELAYPASSWORD`` can be used when authentication is needed.
By default postfix uses "opportunistic TLS" for outbound mail. This can be changed
by setting ``OUTBOUND_TLS_LEVEL`` to ``encrypt``. This setting is highly recommended
if you are a relayhost that supports TLS.
The ``FETCHMAIL_DELAY`` is a delay (in seconds) for the fetchmail service to
go and fetch new email if available. Do not use too short delays if you do not
want to be blacklisted by external services, but not too long delays if you
@ -83,6 +87,9 @@ later classify incoming mail based on the custom part.
The ``DMARC_RUA`` and ``DMARC_RUF`` are DMARC protocol specific values. They hold
the localpart for DMARC rua and ruf email addresses.
Full-text search is enabled for IMAP is enabled by default. This feature can be disabled
(e.g. for performance reasons) by setting the optional variable ``FULL_TEXT_SEARCH`` to ``off``.
Web settings
------------

@ -8,13 +8,14 @@ RUN apk add --no-cache \
# Image specific layers under this line
RUN apk add --no-cache curl \
&& pip3 install radicale==2.1.12
&& pip3 install radicale~=3.0
COPY radicale.conf /radicale.conf
EXPOSE 5232/tcp
VOLUME ["/data"]
CMD radicale -f -S -C /radicale.conf
CMD radicale -S -C /radicale.conf
HEALTHCHECK CMD curl -f -L http://localhost:5232/ || exit 1

@ -1,15 +1,13 @@
[server]
hosts = 0.0.0.0:5232, [::]:5232
daemon = False
ssl = False
dns_lookup = False
realm = Radicale - Password Required
[encoding]
request = utf-8
stock = utf-8
[auth]
realm = Radicale - Password Required
type = http_x_remote_user
[rights]

@ -76,8 +76,8 @@ FETCHMAIL_DELAY={{ fetchmail_delay or '600' }}
RECIPIENT_DELIMITER={{ recipient_delimiter or '+' }}
# DMARC rua and ruf email
DMARC_RUA={{ dmarc_rua or 'admin' }}
DMARC_RUF={{ dmarc_ruf or 'admin' }}
DMARC_RUA={{ dmarc_rua or postmaster }}
DMARC_RUF={{ dmarc_ruf or postmaster }}
# Welcome email, enable and set a topic and body if you wish to send welcome
# emails to all users.
@ -91,6 +91,9 @@ COMPRESSION={{ compression }}
# change compression-level, default: 6 (value: 1-9)
COMPRESSION_LEVEL={{ compression_level }}
# IMAP full-text search is enabled by default. Set the following variable to off in order to disable the feature.
# FULL_TEXT_SEARCH=off
###################################
# Web settings
###################################

@ -27,7 +27,7 @@ services:
{% endfor %}
volumes:
- "{{ root }}/certs:/certs"
- "{{ root }}/overrides/nginx:/overrides"
- "{{ root }}/overrides/nginx:/overrides:ro"
deploy:
replicas: {{ front_replicas }}
@ -43,34 +43,42 @@ services:
- "{{ root }}/dkim:/dkim"
deploy:
replicas: {{ admin_replicas }}
healthcheck:
disable: true
imap:
image: ${DOCKER_ORG:-mailu}/${DOCKER_PREFIX:-}dovecot:${MAILU_VERSION:-{{ version }}}
env_file: {{ env }}
volumes:
- "{{ root }}/mail:/mail"
- "{{ root }}/overrides:/overrides"
- "{{ root }}/overrides/dovecot:/overrides:ro"
deploy:
replicas: {{ imap_replicas }}
healthcheck:
disable: true
smtp:
image: ${DOCKER_ORG:-mailu}/${DOCKER_PREFIX:-}postfix:${MAILU_VERSION:-{{ version }}}
env_file: {{ env }}
volumes:
- "{{ root }}/mailqueue:/queue"
- "{{ root }}/overrides:/overrides"
- "{{ root }}/overrides/postfix:/overrides:ro"
deploy:
replicas: {{ smtp_replicas }}
healthcheck:
disable: true
antispam:
image: ${DOCKER_ORG:-mailu}/${DOCKER_PREFIX:-}rspamd:${MAILU_VERSION:-{{ version }}}
env_file: {{ env }}
volumes:
- "{{ root }}/filter:/var/lib/rspamd"
- "{{ root }}/dkim:/dkim"
- "{{ root }}/overrides/rspamd:/etc/rspamd/override.d"
- "{{ root }}/dkim:/dkim:ro"
- "{{ root }}/overrides/rspamd:/etc/rspamd/override.d:ro"
deploy:
replicas: 1
healthcheck:
disable: true
# Optional services
{% if antivirus_enabled %}
@ -81,6 +89,8 @@ services:
- "{{ root }}/filter:/data"
deploy:
replicas: 1
healthcheck:
disable: true
{% endif %}
{% if webdav_enabled %}
@ -91,6 +101,8 @@ services:
- "{{ root }}/dav:/data"
deploy:
replicas: 1
healthcheck:
disable: true
{% endif %}
{% if fetchmail_enabled %}
@ -101,6 +113,8 @@ services:
- "{{ root }}/data:/data"
deploy:
replicas: 1
healthcheck:
disable: true
{% endif %}
{% if webmail_type != 'none' %}
@ -111,6 +125,8 @@ services:
- "{{ root }}/webmail:/data"
deploy:
replicas: 1
healthcheck:
disable: true
{% endif %}
{% if db_flavor == 'postgresql' and postgresql == 'internal' %}
@ -119,6 +135,8 @@ services:
env_file: {{ env }}
volumes:
- "{{ root }}/data/psql_backup:/backup"
healthcheck:
disable: true
{% endif %}
networks:

@ -4,7 +4,7 @@
<p>Docker Stack expects a project file, named <code>docker-compose.yml</code>
in a project directory. First create your project directory.</p>
<pre><code>mkdir -p /{{ root }}/{redis,certs,data,dkim,mail,overrides/rspamd,overrides/nginx,filter,dav,webmail}
<pre><code>mkdir -p {{ root }}/{redis,certs,data,dkim,mail,mailqueue,overrides/rspamd,overrides/postfix,overrides/dovecot,overrides/nginx,filter,dav,webmail}
</pre></code>
<p>Then download the project file. A side configuration file makes it easier

@ -52,7 +52,9 @@ avoid generic all-interfaces addresses like <code>0.0.0.0</code> or <code>::</co
hostnames. Every e-mail domain that points to this server must have one of the
hostnames in its <code>MX</code> record. Hostnames must be comma-separated. If you're having
trouble accessing your admin interface, make sure it is the first entry here (and possibly the
same as your <code>DOMAIN</code> entry from earlier.</p>
same as your <code>DOMAIN</code> entry from earlier). Also make sure that the first entry in
this list resolves to the IP address of your server, and that the reverse DNS entry for
the IP address of your server resolves to this first entry in this list.</p>
<div class="form-group">
<label>Public hostnames</label>

@ -22,7 +22,7 @@
<div class="form-group">
<input class="form-control" type="number" name=smtp_replicas min="1" required value="1"
style="width: 6%; display: inline;">
<label>SMPT</label>
<label>SMTP</label>
</div>
{% endcall %}
{% endcall %}

@ -0,0 +1 @@
Allow to enforce TLS for outbound mail by setting OUTBOUND_TLS_LEVEL=encrypt for postfix.

@ -0,0 +1 @@
Disable Health checks on swarm mode

@ -0,0 +1 @@
Defining POSTMASTER through setup tool apply also to DMARC_RUA and DMARC_RUF settings

@ -0,0 +1 @@
Use Radicale 3.x for webdav service

@ -0,0 +1 @@
Introduce option to disable dovecot full-text-search by an enviroment variable.

@ -16,7 +16,7 @@ RUN apt-get update && apt-get install -y \
# Shared layer between nginx, dovecot, postfix, postgresql, rspamd, unbound, rainloop, roundcube
RUN pip3 install socrate
ENV ROUNDCUBE_URL https://github.com/roundcube/roundcubemail/releases/download/1.4.3/roundcubemail-1.4.3-complete.tar.gz
ENV ROUNDCUBE_URL https://github.com/roundcube/roundcubemail/releases/download/1.4.6/roundcubemail-1.4.6-complete.tar.gz
ENV CARDDAV_URL https://github.com/blind-coder/rcmcarddav/releases/download/v3.0.3/carddav-3.0.3.tar.bz2

Loading…
Cancel
Save