Move to Docker Compose and multiple containers

master
Pierre Jaury 9 years ago
parent caab793716
commit d0006dc624

@ -1,22 +1,7 @@
FROM python:3
# Install required system packages
RUN export DEBIAN_FRONTEND=noninteractive \
&& apt-get update \
&& apt-get install -y --no-install-recommends \
postfix dovecot-imapd dovecot-sqlite dovecot-lmtpd \
dovecot-sieve dovecot-managesieved \
dovecot-antispam spamassassin spamc clamav \
php5-fpm php5-mysql php5-imap php5-sqlite php5-mcrypt \
supervisor rsyslog nginx sqlite3 \
&& apt-get clean
# Install the Webmail from source
ENV ROUNDCUBE_VERSION 1.1.4-complete
RUN curl -L -O https://downloads.sourceforge.net/project/roundcubemail/roundcubemail/1.1.4/roundcubemail-${ROUNDCUBE_VERSION}.tar.gz \
&& tar -xf roundcubemail-${ROUNDCUBE_VERSION}.tar.gz \
&& rm -f roundcubemail-${ROUNDCUBE_VERSION}.tar.gz \
&& mv roundcubemail-* /webmail
# Install the Web admin panel
COPY admin /admin

@ -1,11 +1,10 @@
Freeposte.io
============
Simple yet functional and full-featured mail server as a single Docker image.
Simple yet functional and full-featured mail server as a set of Docker images.
The idea behing Freeposte.io is identical to motivations that led to poste.io:
even though it looks like a Docker anti-pattern, single upgradable image
running a full-featured mail server is a truly amazing advantage for hosting
mails on modern cloud services or home-brewed Docker servers.
providing a simple and maintainable mail server that is painless to manage and
does not require more resources than necessary.
People from poste.io did an amazing job at accomplishing this ; any company
looking for a serious yet simple mail server with professional support should
@ -19,23 +18,32 @@ able to fine-tune some details if needed.
How-to run your mail server
===========================
*Please note that this image is still in a very early stage. Do not use for
*Please note that this project is still in a very early stage. Do not use for
production!*
The mail server runs as a single Docker container. A volume should be mounted to ``/data`` for persistent storage. Simply setup Docker on your
server then run a container with the ``kaiyou/freeposte.io`` image:
The mail server runs as a set of Docker containers. These containers are managed
through a ``docker-compose.yml`` configuration file that requires Docker Compose
to run.
First, follow instructions at https://docs.docker.com to setup Docker and Docker
Compose properly for your system. Then download the main configuration file:
```
docker run --name=freeposte -d \
-e POSTMASTER_ADDRESS=admin@your.tld \
-e MAIL_HOSTNAME=mail.your.tld \
-e SECRET_KEY=yourflasksecretkey \
-p 25:25 \
-p 143:143 \
-p 587:587 \
-p 80:80 \
-v /path/to/your/data:/data \
kaiyou/freeposte.io
wget https://freeposte.io/docker-compose.yml
```
This file contains instructions about which containers to run and how they will
interact. You should also create a data directory. Freeposte will use ``/data``
as a sane default:
```
mkdir -p /data
```
Finally, you can run your mail server:
```
docker-compose up -d
```
General architecture
@ -52,5 +60,3 @@ Additional Web UI :
* Roundcube Webmail (can easily be replaced) ;
* Administration UI based on Flask.
All components are monitored by supervisord.

@ -0,0 +1,12 @@
FROM python:3
RUN mkdir -p /app
WORKDIR /app
COPY freeposte ./freeposte
COPY initdb.py .
COPY requirements.txt .
RUN pip install -r requirements.txt
CMD gunicorn -w 4 -b 0.0.0.0:80 --access-logfile - --error-logfile - freeposte:app

@ -10,7 +10,8 @@ app = Flask(__name__)
default_config = {
'SQLALCHEMY_DATABASE_URI': 'sqlite:////data/freeposte.db',
'SQLALCHEMY_TRACK_MODIFICATIONS': False,
'SECRET_KEY': None
'SECRET_KEY': None,
'DEBUG': False
}
# Load configuration from the environment if available
@ -21,4 +22,9 @@ for key, value in default_config.items():
# Create the database
db = SQLAlchemy(app)
from freeposte import views
# Import views and models
from freeposte import models, views
# Manage database upgrades if necessary
db.create_all()
db.session.commit()

@ -3,9 +3,11 @@ from flask_admin.contrib import sqla
from freeposte import app, db, models
import os
# Flask admin
admin = admin.Admin(app, name='Freeposte.io', template_mode='bootstrap3')
app_name = os.environ.get('APP_NAME', 'Freeposte.io')
admin = admin.Admin(app, name=app_name, template_mode='bootstrap3')
class BaseModelView(sqla.ModelView):

@ -1,4 +1,4 @@
Flask
Flask-Admin
Flask-SQLAlchemy
uwsgi
gunicorn

@ -0,0 +1,3 @@
FROM alpine
RUN apk add --update amavis spamassassin clamav && rm -rf /var/cache/apk/*

@ -1,39 +0,0 @@
# service type private unpriv chroot wakeup maxproc command + args
# (yes) (yes) (yes) (never) (100)
# Exposed SMTP services
smtp inet n - - - - smtpd
-o content_filter=spamassassin
submission inet n - - - - smtpd
-o smtpd_enforce_tls=yes
-o smtpd_sasl_auth_enable=yes
-o smtpd_client_restrictions=permit_sasl_authenticated,reject
smtps inet n - - - - smtpd
-o smtpd_enforce_tls=yes
-o smtpd_sasl_auth_enable=yes
-o smtpd_client_restrictions=permit_sasl_authenticated,reject
# Internal postfix services
pickup fifo n - n 60 1 pickup
cleanup unix n - - - 0 cleanup
qmgr unix n - n 300 1 qmgr
tlsmgr unix - - - 1000? 1 tlsmgr
rewrite unix - - - - - trivial-rewrite
bounce unix - - - - 0 bounce
defer unix - - - - 0 bounce
trace unix - - - - 0 bounce
proxymap unix - - - - - proxymap
verify unix - - - - 1 verify
flush unix n - - 1000? 0 flush
smtp unix - - - - - smtp
relay unix - - - - - smtp
error unix - - - - - error
retry unix - - - - - error
discard unix - - - - - discard
lmtp unix - - - - - lmtp
anvil unix - - - - 1 anvil
scache unix - - - - 1 scache
# Utility services
spamassassin unix - n n - - pipe
user=nobody argv=/usr/bin/spamc -f -e /usr/sbin/sendmail -oi -f ${sender} ${recipient}

@ -1,5 +0,0 @@
$ModLoad imuxsock
$ModLoad imklog
*.* /data/logs/mail.log

@ -1,28 +0,0 @@
[supervisord]
nodaemon = true
logfile = /data/logs/supervisord.log
[program:nginx]
command = nginx -g 'daemon off;'
[program:rsyslog]
command = rsyslogd -n
[program:postfix]
command = /usr/lib/postfix/master -d
[program:dovecot]
command = /usr/sbin/dovecot -c /etc/dovecot/dovecot.conf -F
[program:spamassassin]
command = /usr/sbin/spamd
[program:admin]
command = uwsgi --yaml /etc/uwsgi/apps-enabled/freeposte.yml
stdout_logfile = /data/logs/admin.log
stderr_logfile = /data/logs/admin-error.log
[program:webmail]
command = php5-fpm -F
stdout_logfile = /data/logs/php.log
stderr_logfile = /data/logs/php-error.log

@ -1,16 +0,0 @@
uwsgi:
socket: /var/run/freeposte.sock
chown-socket: www-data:www-data
pidfile: /var/run/freeposte.pid
master: true
workers: 2
vacuum: true
plugins: python
wsgi-file: /admin/run.py
callable: app
processes: 1
pythonpath: /usr/lib/python2.7/site-packages
pythonpath: /admin
catch-exceptions: true
post-buffering: 8192

@ -0,0 +1,48 @@
http:
build: nginx
ports:
- "80:80"
- "443:443"
links:
- admin
- webmail
volumes:
- /tmp/data/certs:/certs
imap:
build: dovecot
ports:
- "143:143"
- "993:993"
volumes:
- /tmp/data/freeposte:/data
- /tmp/data/mail:/mail
- /tmp/data/certs:/certs
smtp:
build: postfix
ports:
- "25:25"
- "465:465"
- "587:587"
links:
- imap
volumes:
- /tmp/data/freeposte:/data
- /tmp/data/logs:/logs
- /tmp/data/certs:/certs
admin:
build: admin
volumes:
- /tmp/data/freeposte:/data
environment:
- DEBUG=True
- SECRET_KEY=mysecretkey
webmail:
build: roundcube
links:
- imap
volumes:
- /tmp/data/webmail:/data

@ -0,0 +1,17 @@
FROM alpine
RUN echo "@testing http://nl.alpinelinux.org/alpine/edge/testing" >> /etc/apk/repositories \
&& echo "@community http://dl-3.alpinelinux.org/alpine/edge/community/" >> /etc/apk/repositories \
&& apk add --update \
dovecot \
dovecot-sqlite \
dovecot-pigeonhole-plugin@community \
dovecot-antispam-plugin@testing \
&& rm -rf /var/cache/apk/*
COPY conf /etc/dovecot
COPY sieve /var/lib/dovecot
COPY start.sh /start.sh
CMD ["/start.sh"]

@ -1,6 +1,7 @@
###############
# General
###############
log_path = /dev/stderr
protocols = imap lmtp sieve
postmaster_address = %{env:POSTMASTER_ADDRESS}
hostname = %{env:MAIL_HOSTNAME}
@ -18,8 +19,8 @@ service dict {
###############
first_valid_gid = 8
first_valid_uid = 8
mail_location = maildir:/data/mail/%u
mail_home = /data/mail/%u
mail_location = maildir:/mail/%u
mail_home = /mail/%u
mail_uid = mail
mail_gid = mail
mail_privileged_group = mail
@ -49,13 +50,13 @@ namespace inbox {
# TLS
###############
ssl = yes
ssl_cert = </data/ssl/cert.pem
ssl_key = </data/ssl/key.pem
ssl_cert = </certs/cert.pem
ssl_key = </certs/key.pem
###############
# Authentication
###############
auth_mechanisms = plain login cram-md5
auth_mechanisms = plain login
passdb {
driver = sql
@ -71,10 +72,9 @@ service auth {
user = dovecot
unix_listener auth-userdb {
}
unix_listener /var/spool/postfix/private/dovecot-auth {
user = postfix
group = postfix
mode = 0600
inet_listener {
port = 2102
}
}
@ -114,10 +114,8 @@ protocol lmtp {
}
service lmtp {
unix_listener /var/spool/postfix/private/dovecot-lmtp {
user = postfix
group = postfix
mode = 0600
inet_listener lmtp {
port = 2525
}
}
@ -139,7 +137,7 @@ service managesieve-login {
plugin {
sieve = ~/.sieve
sieve_dir = ~/sieve
sieve_before = /etc/dovecot/before.sieve
sieve_default = /etc/dovecot/default.sieve
sieve_after = /etc/dovecot/after.sieve
sieve_before = /var/lib/dovecot/before.sieve
sieve_default = /var/lib/dovecot/default.sieve
sieve_after = /var/lib/dovecot/after.sieve
}

@ -0,0 +1,8 @@
#!/bin/sh
# Fix permissions
chown -R mail:mail /mail
chown -R mail:mail /var/lib/dovecot
# Run dovecot
exec /usr/sbin/dovecot -c /etc/dovecot/dovecot.conf -F

@ -0,0 +1,3 @@
FROM nginx
COPY nginx.conf /etc/nginx/nginx.conf

@ -1,7 +1,7 @@
user www-data;
worker_processes 1;
error_log /data/logs/nginx-error.log info;
error_log /dev/stderr info;
pid /var/run/nginx.pid;
events {
@ -11,7 +11,7 @@ events {
http {
include /etc/nginx/mime.types;
default_type application/octet-stream;
access_log /data/logs/nginx.log;
access_log /dev/stdout;
sendfile on;
keepalive_timeout 65;
server_tokens off;
@ -25,28 +25,19 @@ http {
ssl_prefer_server_ciphers on;
ssl_session_timeout 5m;
ssl_session_cache shared:SSL:50m;
ssl_certificate /data/ssl/cert.pem;
ssl_certificate_key /data/ssl/key.pem;
ssl_certificate /certs/cert.pem;
ssl_certificate_key /certs/key.pem;
if ($scheme = http) {
return 301 https://$host$request_uri;
}
root /webmail;
index index.php;
location ~ \.php$ {
try_files $uri =404;
fastcgi_pass unix:/var/run/php5-fpm.sock;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
location / {
proxy_pass http://webmail;
}
location /admin {
include uwsgi_params;
uwsgi_modifier1 30;
uwsgi_pass unix:/var/run/freeposte.sock;
proxy_pass http://admin;
}
}
}

@ -0,0 +1,10 @@
FROM alpine
RUN apk add --update postfix postfix-sqlite rsyslog && rm -rf /var/cache/apk/*
COPY conf /etc/postfix
COPY rsyslog.conf /etc/rsyslog.conf
COPY start.sh /start.sh
CMD ["/start.sh"]

@ -15,8 +15,8 @@ mydestination =
# TLS
###############
smtpd_use_tls = yes
smtpd_tls_cert_file=/data/ssl/cert.pem
smtpd_tls_key_file=/data/ssl/key.pem
smtpd_tls_cert_file=/certs/cert.pem
smtpd_tls_key_file=/certs/key.pem
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
@ -25,7 +25,7 @@ smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
###############
smtpd_sasl_local_domain = $myhostname
smtpd_sasl_type = dovecot
smtpd_sasl_path = private/dovecot-auth
smtpd_sasl_path = inet:imap:2102
smtpd_sasl_auth_enable = yes
smtpd_sasl_security_options = noanonymous
@ -34,12 +34,5 @@ smtpd_sasl_security_options = noanonymous
###############
virtual_mailbox_domains = ${sql}sqlite-virtual_mailbox_domains.cf
virtual_alias_maps = ${sql}sqlite-virtual_alias_maps.cf
virtual_transport = lmtp:unix:private/dovecot-lmtp
###############
# Milter
###############
milter_default_action = tempfail
milter_protocol = 6
smtpd_milters =
non_smtpd_milters =
virtual_transport = lmtp:inet:imap:2525
lmtp_host_lookup = native

@ -0,0 +1,34 @@
# service type private unpriv chroot wakeup maxproc command + args
# (yes) (yes) (yes) (never) (100)
# Exposed SMTP services
smtp inet n - n - - smtpd
submission inet n - n - - smtpd
-o smtpd_enforce_tls=yes
-o smtpd_sasl_auth_enable=yes
-o smtpd_client_restrictions=permit_sasl_authenticated,reject
smtps inet n - n - - smtpd
-o smtpd_enforce_tls=yes
-o smtpd_sasl_auth_enable=yes
-o smtpd_client_restrictions=permit_sasl_authenticated,reject
# Internal postfix services
pickup unix n - n 60 1 pickup
cleanup unix n - n - 0 cleanup
qmgr unix n - n 300 1 qmgr
tlsmgr unix - - n 1000? 1 tlsmgr
rewrite unix - - n - - trivial-rewrite
bounce unix - - n - 0 bounce
defer unix - - n - 0 bounce
trace unix - - n - 0 bounce
verify unix - - n - 1 verify
flush unix n - n 1000? 0 flush
proxymap unix - - n - - proxymap
smtp unix - - n - - smtp
relay unix - - n - - smtp
error unix - - n - - error
retry unix - - n - - error
discard unix - - n - - discard
lmtp unix - - n - - lmtp
anvil unix - - n - 1 anvil
scache unix - - n - 1 scache

@ -0,0 +1,4 @@
$ModLoad imuxsock
$template noTimestampFormat,"%syslogtag%%msg%\n"
$ActionFileDefaultTemplate noTimestampFormat
*.*;auth,authpriv.none /dev/stdout

@ -0,0 +1,4 @@
#!/bin/sh
/usr/lib/postfix/master &
rsyslogd -n

@ -0,0 +1,28 @@
FROM php:apache
RUN apt-get update && apt-get install -y \
libfreetype6-dev \
libjpeg62-turbo-dev \
libmcrypt-dev \
libpng12-dev \
&& docker-php-ext-install pdo_mysql mcrypt
ENV ROUNDCUBE_URL https://downloads.sourceforge.net/project/roundcubemail/roundcubemail/1.1.4/roundcubemail-1.1.4-complete.tar.gz
RUN echo date.timezone=UTC > /usr/local/etc/php/conf.d/timezone.ini
RUN cd /tmp \
&& curl -L -O ${ROUNDCUBE_URL} \
&& tar -xf *.tar.gz \
&& rm -f *.tar.gz \
&& rm -rf /var/www/html \
&& mv roundcubemail-* /var/www/html \
&& cd /var/www/html \
&& rm -rf CHANGELOG INSTALL LICENSE README.md UPGRADING composer.json-dist installer \
&& chown -R www-data: logs
COPY config.inc.php /var/www/html/config/
COPY start.sh /start.sh
CMD ["/start.sh"]

@ -3,7 +3,7 @@
$config = array();
// Generals
$config['db_dsnw'] = 'sqlite:////data/webmail/roundcube.db';
$config['db_dsnw'] = 'sqlite:////data/roundcube.db';
$config['des_key'] = 'rcmail-!24ByteDESkey*Str';
$config['identities_level'] = 3;
$config['reply_all_mode'] = 1;
@ -18,10 +18,24 @@ $config['plugins'] = array(
);
// Mail servers
$config['default_host'] = 'localhost';
$config['default_host'] = 'tls://imap';
$config['default_port'] = 143;
$config['smtp_server'] = 'localhost';
$config['smtp_port'] = 25;
$config['smtp_server'] = 'tls://smtp';
$config['smtp_port'] = 587;
$config['smtp_user'] = '%u';
$config['smtp_pass'] = '%p';
// We access the IMAP and SMTP servers locally with internal names, SSL
// will obviously fail but this sounds better than allowing insecure login
// from the outter world
$ssl_no_check = array(
'ssl' => array(
'verify_peer' => false,
'verify_peer_name' => false,
),
);
$config['imap_conn_options'] = $ssl_no_check;
$config['smtp_conn_options'] = $ssl_no_check;
// Password management
$config['password_driver'] = 'sql';

@ -0,0 +1,7 @@
#!/bin/sh
# Fix some permissions
chown -R www-data:www-data /data
# Run apache
exec apache2-foreground
Loading…
Cancel
Save