From d0f759accae612eec2520de97eaad3fa8aebc527 Mon Sep 17 00:00:00 2001
From: Patrick Oberdorf
Date: Wed, 14 Feb 2018 12:15:45 +0100
Subject: [PATCH 01/12] Adding unbound as dns resolver
---
core/unbound/Dockerfile | 14 +++++
core/unbound/unbound.conf | 19 +++++++
docs/compose/.env | 3 ++
docs/compose/docker-compose.yml | 94 ++++++++++++++++++++++++++++++++-
4 files changed, 129 insertions(+), 1 deletion(-)
create mode 100644 core/unbound/Dockerfile
create mode 100644 core/unbound/unbound.conf
diff --git a/core/unbound/Dockerfile b/core/unbound/Dockerfile
new file mode 100644
index 00000000..6ae8a6ee
--- /dev/null
+++ b/core/unbound/Dockerfile
@@ -0,0 +1,14 @@
+FROM alpine:edge
+
+RUN apk add --no-cache unbound curl \
+ && curl -o /etc/unbound/root.hints https://www.internic.net/domain/named.cache \
+ && chown root:unbound /etc/unbound \
+ && chmod 775 /etc/unbound \
+ && apk del --no-cache curl \
+ && /usr/sbin/unbound-anchor -a /etc/unbound/trusted-key.key | true
+
+COPY unbound.conf /etc/unbound/unbound.conf
+
+EXPOSE 53/udp 53/tcp
+
+CMD /usr/sbin/unbound
diff --git a/core/unbound/unbound.conf b/core/unbound/unbound.conf
new file mode 100644
index 00000000..d2d9ce74
--- /dev/null
+++ b/core/unbound/unbound.conf
@@ -0,0 +1,19 @@
+server:
+ verbosity: 1
+ interface: 0.0.0.0
+ interface: ::0
+ logfile: /dev/stdout
+ do-ip4: yes
+ do-ip6: yes
+ do-udp: yes
+ do-tcp: yes
+ do-daemonize: no
+ access-control: 0.0.0.0/0 allow
+ directory: "/etc/unbound"
+ username: unbound
+ auto-trust-anchor-file: trusted-key.key
+ root-hints: "/etc/unbound/root.hints"
+ hide-identity: yes
+ hide-version: yes
+ max-udp-size: 4096
+ msg-buffer-size: 65552
diff --git a/docs/compose/.env b/docs/compose/.env
index 6f330b64..e4c6dff9 100644
--- a/docs/compose/.env
+++ b/docs/compose/.env
@@ -21,6 +21,9 @@ SECRET_KEY=ChangeMeChangeMe
BIND_ADDRESS4=127.0.0.1
BIND_ADDRESS6=::1
+# Internal Docker network
+IPV4_NETWORK=172.22.1
+
# Main mail domain
DOMAIN=mailu.io
diff --git a/docs/compose/docker-compose.yml b/docs/compose/docker-compose.yml
index 740a5ffc..dc674a2b 100644
--- a/docs/compose/docker-compose.yml
+++ b/docs/compose/docker-compose.yml
@@ -1,4 +1,4 @@
-version: '2'
+version: '2.1'
services:
@@ -27,12 +27,37 @@ services:
- "$BIND_ADDRESS6:587:587"
volumes:
- "$ROOT/certs:/certs"
+ depends_on:
+ - unbound
+ dns:
+ - ${IPV4_NETWORK:-172.22.1}.254
+ networks:
+ backend:
+ aliases:
+ - front
+
+ unbound:
+ image: mailu/unbound:$VERSION
+ restart: always
+ networks:
+ backend:
+ ipv4_address: ${IPV4_NETWORK:-172.22.1}.254
+ aliases:
+ - unbound
redis:
image: redis:alpine
restart: always
volumes:
- "$ROOT/redis:/data"
+ dns:
+ - ${IPV4_NETWORK:-172.22.1}.254
+ depends_on:
+ - unbound
+ networks:
+ backend:
+ aliases:
+ - redis
imap:
image: mailu/dovecot:$VERSION
@@ -44,6 +69,13 @@ services:
- "$ROOT/overrides:/overrides"
depends_on:
- front
+ - unbound
+ dns:
+ - ${IPV4_NETWORK:-172.22.1}.254
+ networks:
+ backend:
+ aliases:
+ - imap
smtp:
image: mailu/postfix:$VERSION
@@ -54,6 +86,13 @@ services:
- "$ROOT/overrides:/overrides"
depends_on:
- front
+ - unbound
+ dns:
+ - ${IPV4_NETWORK:-172.22.1}.254
+ networks:
+ backend:
+ aliases:
+ - smtp
antispam:
image: mailu/rspamd:$VERSION
@@ -65,6 +104,13 @@ services:
- "$ROOT/overrides/rspamd:/etc/rspamd/override.d"
depends_on:
- front
+ - unbound
+ dns:
+ - ${IPV4_NETWORK:-172.22.1}.254
+ networks:
+ backend:
+ aliases:
+ - antispam
antivirus:
image: mailu/$ANTIVIRUS:$VERSION
@@ -72,6 +118,14 @@ services:
env_file: .env
volumes:
- "$ROOT/filter:/data"
+ depends_on:
+ - unbound
+ dns:
+ - ${IPV4_NETWORK:-172.22.1}.254
+ networks:
+ backend:
+ aliases:
+ - antivirus
webdav:
image: mailu/$WEBDAV:$VERSION
@@ -79,6 +133,14 @@ services:
env_file: .env
volumes:
- "$ROOT/dav:/data"
+ depends_on:
+ - unbound
+ dns:
+ - ${IPV4_NETWORK:-172.22.1}.254
+ networks:
+ backend:
+ aliases:
+ - webdav
admin:
image: mailu/admin:$VERSION
@@ -90,6 +152,13 @@ services:
- /var/run/docker.sock:/var/run/docker.sock:ro
depends_on:
- redis
+ - unbound
+ dns:
+ - ${IPV4_NETWORK:-172.22.1}.254
+ networks:
+ backend:
+ aliases:
+ - admin
webmail:
image: "mailu/$WEBMAIL:$VERSION"
@@ -99,6 +168,13 @@ services:
- "$ROOT/webmail:/data"
depends_on:
- imap
+ - unbound
+ dns:
+ - ${IPV4_NETWORK:-172.22.1}.254
+ networks:
+ backend:
+ aliases:
+ - webmail
fetchmail:
image: mailu/fetchmail:$VERSION
@@ -106,3 +182,19 @@ services:
env_file: .env
volumes:
- "$ROOT/data:/data"
+ depends_on:
+ - unbound
+ dns:
+ - ${IPV4_NETWORK:-172.22.1}.254
+ networks:
+ backend:
+ aliases:
+ - fetchmail
+
+networks:
+ backend:
+ driver: bridge
+ ipam:
+ driver: default
+ config:
+ - subnet: ${IPV4_NETWORK:-172.22.1}.0/24
From ada09f7922dd50656bbaa99f0c624ad2f90eb1d1 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Tim=20M=C3=B6hlmann?=
Date: Tue, 9 Oct 2018 12:35:08 +0300
Subject: [PATCH 02/12] Unbound: Use alpine:3.8
---
core/unbound/Dockerfile | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/core/unbound/Dockerfile b/core/unbound/Dockerfile
index 6ae8a6ee..3c7f0e7a 100644
--- a/core/unbound/Dockerfile
+++ b/core/unbound/Dockerfile
@@ -1,4 +1,4 @@
-FROM alpine:edge
+FROM alpine:3.8
RUN apk add --no-cache unbound curl \
&& curl -o /etc/unbound/root.hints https://www.internic.net/domain/named.cache \
From 013d02d7264c182db459a7d67acc7d941eb68f4c Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Tim=20M=C3=B6hlmann?=
Date: Tue, 9 Oct 2018 14:11:59 +0300
Subject: [PATCH 03/12] Add unbound to the build directive
---
tests/build.yml | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/tests/build.yml b/tests/build.yml
index 0b6858a0..e0123ca7 100644
--- a/tests/build.yml
+++ b/tests/build.yml
@@ -6,6 +6,10 @@ services:
image: $DOCKER_ORG/nginx:$VERSION
build: ../core/nginx
+ unbound:
+ image: $DOCKER_ORG/unbound:$VERSION
+ build: ../core/unbound
+
imap:
image: $DOCKER_ORG/dovecot:$VERSION
build: ../core/dovecot
From cde22be4c9f4dec9889c75ba1dc7f234b586ba0d Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Tim=20M=C3=B6hlmann?=
Date: Tue, 9 Oct 2018 14:50:09 +0300
Subject: [PATCH 04/12] Some cleanup and changes: - Don't upgrade the
docker-compose file. (Not in the scope of this feature) - No need to use
aliases. Docker already resolves to service names - Use a fixed IP range,
which stays clear of the network ranges used by Docker. (172.xx.0.0/16)
---
docs/compose/.env | 3 --
docs/compose/docker-compose.yml | 72 +++++++--------------------------
2 files changed, 15 insertions(+), 60 deletions(-)
diff --git a/docs/compose/.env b/docs/compose/.env
index 5378d37e..721aaf22 100644
--- a/docs/compose/.env
+++ b/docs/compose/.env
@@ -21,9 +21,6 @@ SECRET_KEY=ChangeMeChangeMe
BIND_ADDRESS4=127.0.0.1
BIND_ADDRESS6=::1
-# Internal Docker network
-IPV4_NETWORK=172.22.1
-
# Main mail domain
DOMAIN=mailu.io
diff --git a/docs/compose/docker-compose.yml b/docs/compose/docker-compose.yml
index dc674a2b..8038a0bf 100644
--- a/docs/compose/docker-compose.yml
+++ b/docs/compose/docker-compose.yml
@@ -1,4 +1,4 @@
-version: '2.1'
+version: '2'
services:
@@ -30,20 +30,14 @@ services:
depends_on:
- unbound
dns:
- - ${IPV4_NETWORK:-172.22.1}.254
- networks:
- backend:
- aliases:
- - front
+ - 10.177.20.254
unbound:
image: mailu/unbound:$VERSION
restart: always
networks:
- backend:
- ipv4_address: ${IPV4_NETWORK:-172.22.1}.254
- aliases:
- - unbound
+ default:
+ ipv4_address: 10.177.20.254
redis:
image: redis:alpine
@@ -51,13 +45,9 @@ services:
volumes:
- "$ROOT/redis:/data"
dns:
- - ${IPV4_NETWORK:-172.22.1}.254
+ - 10.177.20.254
depends_on:
- unbound
- networks:
- backend:
- aliases:
- - redis
imap:
image: mailu/dovecot:$VERSION
@@ -71,11 +61,7 @@ services:
- front
- unbound
dns:
- - ${IPV4_NETWORK:-172.22.1}.254
- networks:
- backend:
- aliases:
- - imap
+ - 10.177.20.254
smtp:
image: mailu/postfix:$VERSION
@@ -88,11 +74,7 @@ services:
- front
- unbound
dns:
- - ${IPV4_NETWORK:-172.22.1}.254
- networks:
- backend:
- aliases:
- - smtp
+ - 10.177.20.254
antispam:
image: mailu/rspamd:$VERSION
@@ -106,11 +88,7 @@ services:
- front
- unbound
dns:
- - ${IPV4_NETWORK:-172.22.1}.254
- networks:
- backend:
- aliases:
- - antispam
+ - 10.177.20.254
antivirus:
image: mailu/$ANTIVIRUS:$VERSION
@@ -121,11 +99,7 @@ services:
depends_on:
- unbound
dns:
- - ${IPV4_NETWORK:-172.22.1}.254
- networks:
- backend:
- aliases:
- - antivirus
+ - 10.177.20.254
webdav:
image: mailu/$WEBDAV:$VERSION
@@ -136,11 +110,7 @@ services:
depends_on:
- unbound
dns:
- - ${IPV4_NETWORK:-172.22.1}.254
- networks:
- backend:
- aliases:
- - webdav
+ - 10.177.20.254
admin:
image: mailu/admin:$VERSION
@@ -154,11 +124,7 @@ services:
- redis
- unbound
dns:
- - ${IPV4_NETWORK:-172.22.1}.254
- networks:
- backend:
- aliases:
- - admin
+ - 10.177.20.254
webmail:
image: "mailu/$WEBMAIL:$VERSION"
@@ -170,11 +136,7 @@ services:
- imap
- unbound
dns:
- - ${IPV4_NETWORK:-172.22.1}.254
- networks:
- backend:
- aliases:
- - webmail
+ - 10.177.20.254
fetchmail:
image: mailu/fetchmail:$VERSION
@@ -185,16 +147,12 @@ services:
depends_on:
- unbound
dns:
- - ${IPV4_NETWORK:-172.22.1}.254
- networks:
- backend:
- aliases:
- - fetchmail
+ - 10.177.20.254
networks:
- backend:
+ default:
driver: bridge
ipam:
driver: default
config:
- - subnet: ${IPV4_NETWORK:-172.22.1}.0/24
+ - subnet: 10.177.20.0/24
From 40d8e657627a64b3aa8c45784533bc97d4ede69c Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Tim=20M=C3=B6hlmann?=
Date: Tue, 23 Oct 2018 12:22:36 +0300
Subject: [PATCH 05/12] Revert docker-compose to latest upstream version
---
docs/compose/docker-compose.yml | 51 ---------------------------------
1 file changed, 51 deletions(-)
diff --git a/docs/compose/docker-compose.yml b/docs/compose/docker-compose.yml
index 7e2ac486..b8d15587 100644
--- a/docs/compose/docker-compose.yml
+++ b/docs/compose/docker-compose.yml
@@ -29,27 +29,12 @@ services:
- "$BIND_ADDRESS6:587:587"
volumes:
- "$ROOT/certs:/certs"
- depends_on:
- - unbound
- dns:
- - 10.177.20.254
-
- unbound:
- image: mailu/unbound:$VERSION
- restart: always
- networks:
- default:
- ipv4_address: 10.177.20.254
redis:
image: redis:alpine
restart: always
volumes:
- "$ROOT/redis:/data"
- dns:
- - 10.177.20.254
- depends_on:
- - unbound
imap:
image: mailu/dovecot:$VERSION
@@ -60,9 +45,6 @@ services:
- "$ROOT/overrides:/overrides"
depends_on:
- front
- - unbound
- dns:
- - 10.177.20.254
smtp:
image: mailu/postfix:$VERSION
@@ -72,9 +54,6 @@ services:
- "$ROOT/overrides:/overrides"
depends_on:
- front
- - unbound
- dns:
- - 10.177.20.254
antispam:
image: mailu/rspamd:$VERSION
@@ -86,9 +65,6 @@ services:
- "$ROOT/overrides/rspamd:/etc/rspamd/override.d"
depends_on:
- front
- - unbound
- dns:
- - 10.177.20.254
antivirus:
image: mailu/$ANTIVIRUS:$VERSION
@@ -96,10 +72,6 @@ services:
env_file: .env
volumes:
- "$ROOT/filter:/data"
- depends_on:
- - unbound
- dns:
- - 10.177.20.254
webdav:
image: mailu/$WEBDAV:$VERSION
@@ -107,10 +79,6 @@ services:
env_file: .env
volumes:
- "$ROOT/dav:/data"
- depends_on:
- - unbound
- dns:
- - 10.177.20.254
admin:
image: mailu/admin:$VERSION
@@ -122,9 +90,6 @@ services:
- /var/run/docker.sock:/var/run/docker.sock:ro
depends_on:
- redis
- - unbound
- dns:
- - 10.177.20.254
webmail:
image: "mailu/$WEBMAIL:$VERSION"
@@ -134,24 +99,8 @@ services:
- "$ROOT/webmail:/data"
depends_on:
- imap
- - unbound
- dns:
- - 10.177.20.254
fetchmail:
image: mailu/fetchmail:$VERSION
restart: always
env_file: .env
- depends_on:
- - unbound
- dns:
- - 10.177.20.254
-
-networks:
- default:
- driver: bridge
- ipam:
- driver: default
- config:
- - subnet: 10.177.20.0/24
-
From bcfce27ee2beb735049d4597786b3354930cb771 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Tim=20M=C3=B6hlmann?=
Date: Tue, 23 Oct 2018 15:07:49 +0300
Subject: [PATCH 06/12] Standarize unbound, prepare for setup inclusion - Use
jinja template for configuration file (start.py) - Limit access to the Mailu
subnet - Implement health checks
---
core/unbound/Dockerfile | 14 --------------
services/unbound/Dockerfile | 18 ++++++++++++++++++
services/unbound/start.py | 9 +++++++++
{core => services}/unbound/unbound.conf | 4 ++--
tests/build.yml | 4 ++--
5 files changed, 31 insertions(+), 18 deletions(-)
delete mode 100644 core/unbound/Dockerfile
create mode 100644 services/unbound/Dockerfile
create mode 100755 services/unbound/start.py
rename {core => services}/unbound/unbound.conf (86%)
diff --git a/core/unbound/Dockerfile b/core/unbound/Dockerfile
deleted file mode 100644
index 3c7f0e7a..00000000
--- a/core/unbound/Dockerfile
+++ /dev/null
@@ -1,14 +0,0 @@
-FROM alpine:3.8
-
-RUN apk add --no-cache unbound curl \
- && curl -o /etc/unbound/root.hints https://www.internic.net/domain/named.cache \
- && chown root:unbound /etc/unbound \
- && chmod 775 /etc/unbound \
- && apk del --no-cache curl \
- && /usr/sbin/unbound-anchor -a /etc/unbound/trusted-key.key | true
-
-COPY unbound.conf /etc/unbound/unbound.conf
-
-EXPOSE 53/udp 53/tcp
-
-CMD /usr/sbin/unbound
diff --git a/services/unbound/Dockerfile b/services/unbound/Dockerfile
new file mode 100644
index 00000000..1b84855c
--- /dev/null
+++ b/services/unbound/Dockerfile
@@ -0,0 +1,18 @@
+FROM python:3-alpine
+
+RUN apk add --no-cache unbound curl bind-tools \
+ && pip3 install jinja2 \
+ && curl -o /etc/unbound/root.hints https://www.internic.net/domain/named.cache \
+ && chown root:unbound /etc/unbound \
+ && chmod 775 /etc/unbound \
+ && apk del --no-cache curl \
+ && /usr/sbin/unbound-anchor -a /etc/unbound/trusted-key.key | true
+
+COPY start.py /start.py
+COPY unbound.conf /unbound.conf
+
+EXPOSE 53/udp 53/tcp
+
+CMD /start.py
+
+HEALTHCHECK CMD dig @127.0.0.1 || exit 1
diff --git a/services/unbound/start.py b/services/unbound/start.py
new file mode 100755
index 00000000..82e017f7
--- /dev/null
+++ b/services/unbound/start.py
@@ -0,0 +1,9 @@
+#!/usr/local/bin/python3
+
+import jinja2
+import os
+
+convert = lambda src, dst: open(dst, "w").write(jinja2.Template(open(src).read()).render(**os.environ))
+convert("/unbound.conf", "/etc/unbound/unbound.conf")
+
+os.execv("/usr/sbin/unbound", ["-c /etc/unbound/unbound.conf"])
diff --git a/core/unbound/unbound.conf b/services/unbound/unbound.conf
similarity index 86%
rename from core/unbound/unbound.conf
rename to services/unbound/unbound.conf
index d2d9ce74..d54cbfbc 100644
--- a/core/unbound/unbound.conf
+++ b/services/unbound/unbound.conf
@@ -8,9 +8,9 @@ server:
do-udp: yes
do-tcp: yes
do-daemonize: no
- access-control: 0.0.0.0/0 allow
+ access-control: {{ SUBNET }} allow
directory: "/etc/unbound"
- username: unbound
+ username: root
auto-trust-anchor-file: trusted-key.key
root-hints: "/etc/unbound/root.hints"
hide-identity: yes
diff --git a/tests/build.yml b/tests/build.yml
index 00323151..8a5cd540 100644
--- a/tests/build.yml
+++ b/tests/build.yml
@@ -6,8 +6,8 @@ services:
image: ${DOCKER_ORG:-mailu}/nginx:${VERSION:-local}
build: ../core/nginx
- unbound:
- image: $DOCKER_ORG/unbound:$VERSION
+ resolver:
+ image: ${DOCKER_ORG:-mailu}/unbound:${VERSION:-local}
build: ../core/unbound
imap:
From 7c07efc216138eb4d7402c530e8f4173787ccf53 Mon Sep 17 00:00:00 2001
From: Ionut Filip
Date: Tue, 23 Oct 2018 15:42:19 +0300
Subject: [PATCH 07/12] Added unbound to setup
- Added checkbox for unbound resolver
- Added subnet variable
- Added dns variable which is generating the ip address based on subnet
---
setup/flavors/compose/docker-compose.yml | 44 ++++++++++++++++++++
setup/flavors/compose/mailu.env | 3 ++
setup/server.py | 2 +
setup/templates/steps/compose/03_expose.html | 13 ++++++
setup/templates/steps/stack/03_expose.html | 3 +-
5 files changed, 64 insertions(+), 1 deletion(-)
diff --git a/setup/flavors/compose/docker-compose.yml b/setup/flavors/compose/docker-compose.yml
index b01bb8fd..4fef7468 100644
--- a/setup/flavors/compose/docker-compose.yml
+++ b/setup/flavors/compose/docker-compose.yml
@@ -28,6 +28,15 @@ services:
{% endfor %}
volumes:
- "{{ root }}/certs:/certs"
+
+ {% if resolver_enabled %}
+ resolver:
+ image: mailu/resolver:{{ version }}
+ restart: always
+ networks:
+ default:
+ ipv4_address: {{ dns }}
+ {% endif %}
admin:
image: mailu/admin:{{ version }}
@@ -58,6 +67,11 @@ services:
- "{{ root }}/overrides:/overrides"
depends_on:
- front
+ {% if resolver_enabled %}
+ - resolver
+ dns:
+ - {{ dns }}
+ {% endif %}
# Optional services
{% if antispam_enabled %}
@@ -70,6 +84,11 @@ services:
- "{{ root }}/overrides/rspamd:/etc/rspamd/override.d"
depends_on:
- front
+ {% if resolver_enabled %}
+ - resolver
+ dns:
+ - {{ dns }}
+ {% endif %}
{% endif %}
{% if antivirus_enabled %}
@@ -78,6 +97,12 @@ services:
env_file: {{ env }}
volumes:
- "{{ root }}/filter:/data"
+ {% if resolver_enabled %}
+ depends_on:
+ - resolver
+ dns:
+ - {{ dns }}
+ {% endif %}
{% endif %}
{% if webdav_enabled %}
@@ -92,6 +117,12 @@ services:
fetchmail:
image: mailu/fetchmail:{{ version }}
env_file: {{ env }}
+ {% if resolver_enabled %}
+ depends_on:
+ - resolver
+ dns:
+ - {{ dns }}
+ {% endif %}
{% endif %}
# Webmail
@@ -103,4 +134,17 @@ services:
- "{{ root }}/webmail:/data"
depends_on:
- imap
+ - resolver
+ dns:
+ - {{ dns }}
{% endif %}
+
+{% if resolver_enabled %}
+networks:
+ default:
+ driver: bridge
+ ipam:
+ driver: default
+ config:
+ - subnet: {{ subnet }}
+{% endif %}
diff --git a/setup/flavors/compose/mailu.env b/setup/flavors/compose/mailu.env
index 9fc1197d..425f4cad 100644
--- a/setup/flavors/compose/mailu.env
+++ b/setup/flavors/compose/mailu.env
@@ -25,6 +25,9 @@ SECRET_KEY={{ secret(16) }}
# PUBLIC_IPV4= {{ bind4 }} (default: 127.0.0.1)
# PUBLIC_IPV6= {{ bind6 }} (default: ::1)
+# Subnet
+# SUBNET={{ subnet }}
+
# Main mail domain
DOMAIN={{ domain }}
diff --git a/setup/server.py b/setup/server.py
index bfe5ef15..6f60c3c0 100644
--- a/setup/server.py
+++ b/setup/server.py
@@ -7,6 +7,7 @@ import jinja2
import uuid
import string
import random
+import ipaddress
app = flask.Flask(__name__)
@@ -75,6 +76,7 @@ def build_app(path):
def submit():
data = flask.request.form.copy()
data['uid'] = str(uuid.uuid4())
+ data['dns'] = str(ipaddress.IPv4Network(data['subnet'])[-2])
db.set(data['uid'], json.dumps(data))
return flask.redirect(flask.url_for('.setup', uid=data['uid']))
diff --git a/setup/templates/steps/compose/03_expose.html b/setup/templates/steps/compose/03_expose.html
index df121c7d..783c2037 100644
--- a/setup/templates/steps/compose/03_expose.html
+++ b/setup/templates/steps/compose/03_expose.html
@@ -26,6 +26,19 @@ avoid generic all-interfaces addresses like 0.0.0.0
or ::
+
+
+
+ Enable unbound resolver
+
+
+
+
+ Subnet
+
+
+
You server will be available under a main hostname but may expose multiple public
hostnames. Every e-mail domain that points to this server must have one of the
hostnames in its MX
record. Hostnames must be coma-separated.
diff --git a/setup/templates/steps/stack/03_expose.html b/setup/templates/steps/stack/03_expose.html
index a9cffc1c..1cd0cde5 100644
--- a/setup/templates/steps/stack/03_expose.html
+++ b/setup/templates/steps/stack/03_expose.html
@@ -5,7 +5,8 @@ you expose it to the world.
Subnet
-
+
You server will be available under a main hostname but may expose multiple public
From da37555a3c6af23a28237bf8ba9da7ff34ed5529 Mon Sep 17 00:00:00 2001
From: Ionut Filip
Date: Tue, 23 Oct 2018 15:46:53 +0300
Subject: [PATCH 08/12] Fixed naming error
---
setup/flavors/compose/docker-compose.yml | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/setup/flavors/compose/docker-compose.yml b/setup/flavors/compose/docker-compose.yml
index 4fef7468..630531fe 100644
--- a/setup/flavors/compose/docker-compose.yml
+++ b/setup/flavors/compose/docker-compose.yml
@@ -31,7 +31,7 @@ services:
{% if resolver_enabled %}
resolver:
- image: mailu/resolver:{{ version }}
+ image: mailu/unbound:{{ version }}
restart: always
networks:
default:
From 12d8872a0950173fed22050eb1baad3786f0e3f3 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Tim=20M=C3=B6hlmann?=
Date: Tue, 23 Oct 2018 16:09:59 +0300
Subject: [PATCH 09/12] Fix unbound build path
---
tests/build.yml | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/tests/build.yml b/tests/build.yml
index 8a5cd540..ed5b75fe 100644
--- a/tests/build.yml
+++ b/tests/build.yml
@@ -8,7 +8,7 @@ services:
resolver:
image: ${DOCKER_ORG:-mailu}/unbound:${VERSION:-local}
- build: ../core/unbound
+ build: ../services/unbound
imap:
image: ${DOCKER_ORG:-mailu}/dovecot:${VERSION:-local}
From 6c12e2fffb9990dec70fdbc650245d78796b282c Mon Sep 17 00:00:00 2001
From: Ionut Filip
Date: Tue, 23 Oct 2018 16:39:22 +0300
Subject: [PATCH 10/12] Fixed subnet variable in unbound
---
setup/flavors/compose/docker-compose.yml | 1 +
setup/flavors/compose/mailu.env | 2 +-
2 files changed, 2 insertions(+), 1 deletion(-)
diff --git a/setup/flavors/compose/docker-compose.yml b/setup/flavors/compose/docker-compose.yml
index 630531fe..e6b64077 100644
--- a/setup/flavors/compose/docker-compose.yml
+++ b/setup/flavors/compose/docker-compose.yml
@@ -32,6 +32,7 @@ services:
{% if resolver_enabled %}
resolver:
image: mailu/unbound:{{ version }}
+ env_file: {{ env }}
restart: always
networks:
default:
diff --git a/setup/flavors/compose/mailu.env b/setup/flavors/compose/mailu.env
index 425f4cad..4a14de63 100644
--- a/setup/flavors/compose/mailu.env
+++ b/setup/flavors/compose/mailu.env
@@ -26,7 +26,7 @@ SECRET_KEY={{ secret(16) }}
# PUBLIC_IPV6= {{ bind6 }} (default: ::1)
# Subnet
-# SUBNET={{ subnet }}
+SUBNET={{ subnet }}
# Main mail domain
DOMAIN={{ domain }}
From 120c29eff603850d8bb9573df1ddbc8edc4a56b5 Mon Sep 17 00:00:00 2001
From: Ionut Filip
Date: Tue, 23 Oct 2018 17:46:06 +0300
Subject: [PATCH 11/12] Added unbound for stack flavor
---
setup/flavors/compose/docker-compose.yml | 4 ++--
setup/flavors/stack/docker-compose.yml | 25 ++++++++++++++++++++++
setup/templates/steps/stack/03_expose.html | 7 ++++++
3 files changed, 34 insertions(+), 2 deletions(-)
diff --git a/setup/flavors/compose/docker-compose.yml b/setup/flavors/compose/docker-compose.yml
index e6b64077..50fd1705 100644
--- a/setup/flavors/compose/docker-compose.yml
+++ b/setup/flavors/compose/docker-compose.yml
@@ -29,7 +29,7 @@ services:
volumes:
- "{{ root }}/certs:/certs"
- {% if resolver_enabled %}
+ {% if resolver_enabled %}
resolver:
image: mailu/unbound:{{ version }}
env_file: {{ env }}
@@ -68,7 +68,7 @@ services:
- "{{ root }}/overrides:/overrides"
depends_on:
- front
- {% if resolver_enabled %}
+ {% if resolver_enabled %}
- resolver
dns:
- {{ dns }}
diff --git a/setup/flavors/stack/docker-compose.yml b/setup/flavors/stack/docker-compose.yml
index f27b661f..b9537e94 100644
--- a/setup/flavors/stack/docker-compose.yml
+++ b/setup/flavors/stack/docker-compose.yml
@@ -28,6 +28,15 @@ services:
- "{{ root }}/certs:/certs"
deploy:
replicas: 1
+
+ {% if resolver_enabled %}
+ resolver:
+ image: mailu/unbound:{{ version }}
+ env_file: {{ env }}
+ networks:
+ default:
+ ipv4_address: {{ dns }}
+ {% endif %}
admin:
image: mailu/admin:{{ version }}
@@ -63,6 +72,10 @@ services:
- "{{ root }}/overrides:/overrides"
deploy:
replicas: 1
+ {% if resolver_enabled %}
+ dns:
+ - {{ dns }}
+ {% endif %}
# Optional services
{% if antispam_enabled %}
@@ -77,6 +90,10 @@ services:
- "{{ root }}/overrides/rspamd:/etc/rspamd/override.d"
deploy:
replicas: 1
+ {% if resolver_enabled %}
+ dns:
+ - {{ dns }}
+ {% endif %}
{% endif %}
{% if antivirus_enabled %}
@@ -87,6 +104,10 @@ services:
- "{{ root }}/filter:/data"
deploy:
replicas: 1
+ {% if resolver_enabled %}
+ dns:
+ - {{ dns }}
+ {% endif %}
{% endif %}
{% if webdav_enabled %}
@@ -107,6 +128,10 @@ services:
- "{{ root }}/data:/data"
deploy:
replicas: 1
+ {% if resolver_enabled %}
+ dns:
+ - {{ dns }}
+ {% endif %}
{% endif %}
{% if webmail_type != 'none' %}
diff --git a/setup/templates/steps/stack/03_expose.html b/setup/templates/steps/stack/03_expose.html
index 1cd0cde5..d47390be 100644
--- a/setup/templates/steps/stack/03_expose.html
+++ b/setup/templates/steps/stack/03_expose.html
@@ -3,6 +3,13 @@
and let users access their mailboxes. Mailu has some flexibility in the way
you expose it to the world.
+
+
+
+ Enable unbound resolver
+
+
+
Subnet
Date: Wed, 24 Oct 2018 12:18:03 +0300
Subject: [PATCH 12/12] Take out DNS entry for webmail
---
setup/flavors/compose/docker-compose.yml | 3 ---
1 file changed, 3 deletions(-)
diff --git a/setup/flavors/compose/docker-compose.yml b/setup/flavors/compose/docker-compose.yml
index 50fd1705..81b6bcb2 100644
--- a/setup/flavors/compose/docker-compose.yml
+++ b/setup/flavors/compose/docker-compose.yml
@@ -135,9 +135,6 @@ services:
- "{{ root }}/webmail:/data"
depends_on:
- imap
- - resolver
- dns:
- - {{ dns }}
{% endif %}
{% if resolver_enabled %}