From d0f759accae612eec2520de97eaad3fa8aebc527 Mon Sep 17 00:00:00 2001 From: Patrick Oberdorf Date: Wed, 14 Feb 2018 12:15:45 +0100 Subject: [PATCH 01/12] Adding unbound as dns resolver --- core/unbound/Dockerfile | 14 +++++ core/unbound/unbound.conf | 19 +++++++ docs/compose/.env | 3 ++ docs/compose/docker-compose.yml | 94 ++++++++++++++++++++++++++++++++- 4 files changed, 129 insertions(+), 1 deletion(-) create mode 100644 core/unbound/Dockerfile create mode 100644 core/unbound/unbound.conf diff --git a/core/unbound/Dockerfile b/core/unbound/Dockerfile new file mode 100644 index 00000000..6ae8a6ee --- /dev/null +++ b/core/unbound/Dockerfile @@ -0,0 +1,14 @@ +FROM alpine:edge + +RUN apk add --no-cache unbound curl \ + && curl -o /etc/unbound/root.hints https://www.internic.net/domain/named.cache \ + && chown root:unbound /etc/unbound \ + && chmod 775 /etc/unbound \ + && apk del --no-cache curl \ + && /usr/sbin/unbound-anchor -a /etc/unbound/trusted-key.key | true + +COPY unbound.conf /etc/unbound/unbound.conf + +EXPOSE 53/udp 53/tcp + +CMD /usr/sbin/unbound diff --git a/core/unbound/unbound.conf b/core/unbound/unbound.conf new file mode 100644 index 00000000..d2d9ce74 --- /dev/null +++ b/core/unbound/unbound.conf @@ -0,0 +1,19 @@ +server: + verbosity: 1 + interface: 0.0.0.0 + interface: ::0 + logfile: /dev/stdout + do-ip4: yes + do-ip6: yes + do-udp: yes + do-tcp: yes + do-daemonize: no + access-control: 0.0.0.0/0 allow + directory: "/etc/unbound" + username: unbound + auto-trust-anchor-file: trusted-key.key + root-hints: "/etc/unbound/root.hints" + hide-identity: yes + hide-version: yes + max-udp-size: 4096 + msg-buffer-size: 65552 diff --git a/docs/compose/.env b/docs/compose/.env index 6f330b64..e4c6dff9 100644 --- a/docs/compose/.env +++ b/docs/compose/.env @@ -21,6 +21,9 @@ SECRET_KEY=ChangeMeChangeMe BIND_ADDRESS4=127.0.0.1 BIND_ADDRESS6=::1 +# Internal Docker network +IPV4_NETWORK=172.22.1 + # Main mail domain DOMAIN=mailu.io diff --git a/docs/compose/docker-compose.yml b/docs/compose/docker-compose.yml index 740a5ffc..dc674a2b 100644 --- a/docs/compose/docker-compose.yml +++ b/docs/compose/docker-compose.yml @@ -1,4 +1,4 @@ -version: '2' +version: '2.1' services: @@ -27,12 +27,37 @@ services: - "$BIND_ADDRESS6:587:587" volumes: - "$ROOT/certs:/certs" + depends_on: + - unbound + dns: + - ${IPV4_NETWORK:-172.22.1}.254 + networks: + backend: + aliases: + - front + + unbound: + image: mailu/unbound:$VERSION + restart: always + networks: + backend: + ipv4_address: ${IPV4_NETWORK:-172.22.1}.254 + aliases: + - unbound redis: image: redis:alpine restart: always volumes: - "$ROOT/redis:/data" + dns: + - ${IPV4_NETWORK:-172.22.1}.254 + depends_on: + - unbound + networks: + backend: + aliases: + - redis imap: image: mailu/dovecot:$VERSION @@ -44,6 +69,13 @@ services: - "$ROOT/overrides:/overrides" depends_on: - front + - unbound + dns: + - ${IPV4_NETWORK:-172.22.1}.254 + networks: + backend: + aliases: + - imap smtp: image: mailu/postfix:$VERSION @@ -54,6 +86,13 @@ services: - "$ROOT/overrides:/overrides" depends_on: - front + - unbound + dns: + - ${IPV4_NETWORK:-172.22.1}.254 + networks: + backend: + aliases: + - smtp antispam: image: mailu/rspamd:$VERSION @@ -65,6 +104,13 @@ services: - "$ROOT/overrides/rspamd:/etc/rspamd/override.d" depends_on: - front + - unbound + dns: + - ${IPV4_NETWORK:-172.22.1}.254 + networks: + backend: + aliases: + - antispam antivirus: image: mailu/$ANTIVIRUS:$VERSION @@ -72,6 +118,14 @@ services: env_file: .env volumes: - "$ROOT/filter:/data" + depends_on: + - unbound + dns: + - ${IPV4_NETWORK:-172.22.1}.254 + networks: + backend: + aliases: + - antivirus webdav: image: mailu/$WEBDAV:$VERSION @@ -79,6 +133,14 @@ services: env_file: .env volumes: - "$ROOT/dav:/data" + depends_on: + - unbound + dns: + - ${IPV4_NETWORK:-172.22.1}.254 + networks: + backend: + aliases: + - webdav admin: image: mailu/admin:$VERSION @@ -90,6 +152,13 @@ services: - /var/run/docker.sock:/var/run/docker.sock:ro depends_on: - redis + - unbound + dns: + - ${IPV4_NETWORK:-172.22.1}.254 + networks: + backend: + aliases: + - admin webmail: image: "mailu/$WEBMAIL:$VERSION" @@ -99,6 +168,13 @@ services: - "$ROOT/webmail:/data" depends_on: - imap + - unbound + dns: + - ${IPV4_NETWORK:-172.22.1}.254 + networks: + backend: + aliases: + - webmail fetchmail: image: mailu/fetchmail:$VERSION @@ -106,3 +182,19 @@ services: env_file: .env volumes: - "$ROOT/data:/data" + depends_on: + - unbound + dns: + - ${IPV4_NETWORK:-172.22.1}.254 + networks: + backend: + aliases: + - fetchmail + +networks: + backend: + driver: bridge + ipam: + driver: default + config: + - subnet: ${IPV4_NETWORK:-172.22.1}.0/24 From ada09f7922dd50656bbaa99f0c624ad2f90eb1d1 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Tim=20M=C3=B6hlmann?= Date: Tue, 9 Oct 2018 12:35:08 +0300 Subject: [PATCH 02/12] Unbound: Use alpine:3.8 --- core/unbound/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/core/unbound/Dockerfile b/core/unbound/Dockerfile index 6ae8a6ee..3c7f0e7a 100644 --- a/core/unbound/Dockerfile +++ b/core/unbound/Dockerfile @@ -1,4 +1,4 @@ -FROM alpine:edge +FROM alpine:3.8 RUN apk add --no-cache unbound curl \ && curl -o /etc/unbound/root.hints https://www.internic.net/domain/named.cache \ From 013d02d7264c182db459a7d67acc7d941eb68f4c Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Tim=20M=C3=B6hlmann?= Date: Tue, 9 Oct 2018 14:11:59 +0300 Subject: [PATCH 03/12] Add unbound to the build directive --- tests/build.yml | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/tests/build.yml b/tests/build.yml index 0b6858a0..e0123ca7 100644 --- a/tests/build.yml +++ b/tests/build.yml @@ -6,6 +6,10 @@ services: image: $DOCKER_ORG/nginx:$VERSION build: ../core/nginx + unbound: + image: $DOCKER_ORG/unbound:$VERSION + build: ../core/unbound + imap: image: $DOCKER_ORG/dovecot:$VERSION build: ../core/dovecot From cde22be4c9f4dec9889c75ba1dc7f234b586ba0d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Tim=20M=C3=B6hlmann?= Date: Tue, 9 Oct 2018 14:50:09 +0300 Subject: [PATCH 04/12] Some cleanup and changes: - Don't upgrade the docker-compose file. (Not in the scope of this feature) - No need to use aliases. Docker already resolves to service names - Use a fixed IP range, which stays clear of the network ranges used by Docker. (172.xx.0.0/16) --- docs/compose/.env | 3 -- docs/compose/docker-compose.yml | 72 +++++++-------------------------- 2 files changed, 15 insertions(+), 60 deletions(-) diff --git a/docs/compose/.env b/docs/compose/.env index 5378d37e..721aaf22 100644 --- a/docs/compose/.env +++ b/docs/compose/.env @@ -21,9 +21,6 @@ SECRET_KEY=ChangeMeChangeMe BIND_ADDRESS4=127.0.0.1 BIND_ADDRESS6=::1 -# Internal Docker network -IPV4_NETWORK=172.22.1 - # Main mail domain DOMAIN=mailu.io diff --git a/docs/compose/docker-compose.yml b/docs/compose/docker-compose.yml index dc674a2b..8038a0bf 100644 --- a/docs/compose/docker-compose.yml +++ b/docs/compose/docker-compose.yml @@ -1,4 +1,4 @@ -version: '2.1' +version: '2' services: @@ -30,20 +30,14 @@ services: depends_on: - unbound dns: - - ${IPV4_NETWORK:-172.22.1}.254 - networks: - backend: - aliases: - - front + - 10.177.20.254 unbound: image: mailu/unbound:$VERSION restart: always networks: - backend: - ipv4_address: ${IPV4_NETWORK:-172.22.1}.254 - aliases: - - unbound + default: + ipv4_address: 10.177.20.254 redis: image: redis:alpine @@ -51,13 +45,9 @@ services: volumes: - "$ROOT/redis:/data" dns: - - ${IPV4_NETWORK:-172.22.1}.254 + - 10.177.20.254 depends_on: - unbound - networks: - backend: - aliases: - - redis imap: image: mailu/dovecot:$VERSION @@ -71,11 +61,7 @@ services: - front - unbound dns: - - ${IPV4_NETWORK:-172.22.1}.254 - networks: - backend: - aliases: - - imap + - 10.177.20.254 smtp: image: mailu/postfix:$VERSION @@ -88,11 +74,7 @@ services: - front - unbound dns: - - ${IPV4_NETWORK:-172.22.1}.254 - networks: - backend: - aliases: - - smtp + - 10.177.20.254 antispam: image: mailu/rspamd:$VERSION @@ -106,11 +88,7 @@ services: - front - unbound dns: - - ${IPV4_NETWORK:-172.22.1}.254 - networks: - backend: - aliases: - - antispam + - 10.177.20.254 antivirus: image: mailu/$ANTIVIRUS:$VERSION @@ -121,11 +99,7 @@ services: depends_on: - unbound dns: - - ${IPV4_NETWORK:-172.22.1}.254 - networks: - backend: - aliases: - - antivirus + - 10.177.20.254 webdav: image: mailu/$WEBDAV:$VERSION @@ -136,11 +110,7 @@ services: depends_on: - unbound dns: - - ${IPV4_NETWORK:-172.22.1}.254 - networks: - backend: - aliases: - - webdav + - 10.177.20.254 admin: image: mailu/admin:$VERSION @@ -154,11 +124,7 @@ services: - redis - unbound dns: - - ${IPV4_NETWORK:-172.22.1}.254 - networks: - backend: - aliases: - - admin + - 10.177.20.254 webmail: image: "mailu/$WEBMAIL:$VERSION" @@ -170,11 +136,7 @@ services: - imap - unbound dns: - - ${IPV4_NETWORK:-172.22.1}.254 - networks: - backend: - aliases: - - webmail + - 10.177.20.254 fetchmail: image: mailu/fetchmail:$VERSION @@ -185,16 +147,12 @@ services: depends_on: - unbound dns: - - ${IPV4_NETWORK:-172.22.1}.254 - networks: - backend: - aliases: - - fetchmail + - 10.177.20.254 networks: - backend: + default: driver: bridge ipam: driver: default config: - - subnet: ${IPV4_NETWORK:-172.22.1}.0/24 + - subnet: 10.177.20.0/24 From 40d8e657627a64b3aa8c45784533bc97d4ede69c Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Tim=20M=C3=B6hlmann?= Date: Tue, 23 Oct 2018 12:22:36 +0300 Subject: [PATCH 05/12] Revert docker-compose to latest upstream version --- docs/compose/docker-compose.yml | 51 --------------------------------- 1 file changed, 51 deletions(-) diff --git a/docs/compose/docker-compose.yml b/docs/compose/docker-compose.yml index 7e2ac486..b8d15587 100644 --- a/docs/compose/docker-compose.yml +++ b/docs/compose/docker-compose.yml @@ -29,27 +29,12 @@ services: - "$BIND_ADDRESS6:587:587" volumes: - "$ROOT/certs:/certs" - depends_on: - - unbound - dns: - - 10.177.20.254 - - unbound: - image: mailu/unbound:$VERSION - restart: always - networks: - default: - ipv4_address: 10.177.20.254 redis: image: redis:alpine restart: always volumes: - "$ROOT/redis:/data" - dns: - - 10.177.20.254 - depends_on: - - unbound imap: image: mailu/dovecot:$VERSION @@ -60,9 +45,6 @@ services: - "$ROOT/overrides:/overrides" depends_on: - front - - unbound - dns: - - 10.177.20.254 smtp: image: mailu/postfix:$VERSION @@ -72,9 +54,6 @@ services: - "$ROOT/overrides:/overrides" depends_on: - front - - unbound - dns: - - 10.177.20.254 antispam: image: mailu/rspamd:$VERSION @@ -86,9 +65,6 @@ services: - "$ROOT/overrides/rspamd:/etc/rspamd/override.d" depends_on: - front - - unbound - dns: - - 10.177.20.254 antivirus: image: mailu/$ANTIVIRUS:$VERSION @@ -96,10 +72,6 @@ services: env_file: .env volumes: - "$ROOT/filter:/data" - depends_on: - - unbound - dns: - - 10.177.20.254 webdav: image: mailu/$WEBDAV:$VERSION @@ -107,10 +79,6 @@ services: env_file: .env volumes: - "$ROOT/dav:/data" - depends_on: - - unbound - dns: - - 10.177.20.254 admin: image: mailu/admin:$VERSION @@ -122,9 +90,6 @@ services: - /var/run/docker.sock:/var/run/docker.sock:ro depends_on: - redis - - unbound - dns: - - 10.177.20.254 webmail: image: "mailu/$WEBMAIL:$VERSION" @@ -134,24 +99,8 @@ services: - "$ROOT/webmail:/data" depends_on: - imap - - unbound - dns: - - 10.177.20.254 fetchmail: image: mailu/fetchmail:$VERSION restart: always env_file: .env - depends_on: - - unbound - dns: - - 10.177.20.254 - -networks: - default: - driver: bridge - ipam: - driver: default - config: - - subnet: 10.177.20.0/24 - From bcfce27ee2beb735049d4597786b3354930cb771 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Tim=20M=C3=B6hlmann?= Date: Tue, 23 Oct 2018 15:07:49 +0300 Subject: [PATCH 06/12] Standarize unbound, prepare for setup inclusion - Use jinja template for configuration file (start.py) - Limit access to the Mailu subnet - Implement health checks --- core/unbound/Dockerfile | 14 -------------- services/unbound/Dockerfile | 18 ++++++++++++++++++ services/unbound/start.py | 9 +++++++++ {core => services}/unbound/unbound.conf | 4 ++-- tests/build.yml | 4 ++-- 5 files changed, 31 insertions(+), 18 deletions(-) delete mode 100644 core/unbound/Dockerfile create mode 100644 services/unbound/Dockerfile create mode 100755 services/unbound/start.py rename {core => services}/unbound/unbound.conf (86%) diff --git a/core/unbound/Dockerfile b/core/unbound/Dockerfile deleted file mode 100644 index 3c7f0e7a..00000000 --- a/core/unbound/Dockerfile +++ /dev/null @@ -1,14 +0,0 @@ -FROM alpine:3.8 - -RUN apk add --no-cache unbound curl \ - && curl -o /etc/unbound/root.hints https://www.internic.net/domain/named.cache \ - && chown root:unbound /etc/unbound \ - && chmod 775 /etc/unbound \ - && apk del --no-cache curl \ - && /usr/sbin/unbound-anchor -a /etc/unbound/trusted-key.key | true - -COPY unbound.conf /etc/unbound/unbound.conf - -EXPOSE 53/udp 53/tcp - -CMD /usr/sbin/unbound diff --git a/services/unbound/Dockerfile b/services/unbound/Dockerfile new file mode 100644 index 00000000..1b84855c --- /dev/null +++ b/services/unbound/Dockerfile @@ -0,0 +1,18 @@ +FROM python:3-alpine + +RUN apk add --no-cache unbound curl bind-tools \ + && pip3 install jinja2 \ + && curl -o /etc/unbound/root.hints https://www.internic.net/domain/named.cache \ + && chown root:unbound /etc/unbound \ + && chmod 775 /etc/unbound \ + && apk del --no-cache curl \ + && /usr/sbin/unbound-anchor -a /etc/unbound/trusted-key.key | true + +COPY start.py /start.py +COPY unbound.conf /unbound.conf + +EXPOSE 53/udp 53/tcp + +CMD /start.py + +HEALTHCHECK CMD dig @127.0.0.1 || exit 1 diff --git a/services/unbound/start.py b/services/unbound/start.py new file mode 100755 index 00000000..82e017f7 --- /dev/null +++ b/services/unbound/start.py @@ -0,0 +1,9 @@ +#!/usr/local/bin/python3 + +import jinja2 +import os + +convert = lambda src, dst: open(dst, "w").write(jinja2.Template(open(src).read()).render(**os.environ)) +convert("/unbound.conf", "/etc/unbound/unbound.conf") + +os.execv("/usr/sbin/unbound", ["-c /etc/unbound/unbound.conf"]) diff --git a/core/unbound/unbound.conf b/services/unbound/unbound.conf similarity index 86% rename from core/unbound/unbound.conf rename to services/unbound/unbound.conf index d2d9ce74..d54cbfbc 100644 --- a/core/unbound/unbound.conf +++ b/services/unbound/unbound.conf @@ -8,9 +8,9 @@ server: do-udp: yes do-tcp: yes do-daemonize: no - access-control: 0.0.0.0/0 allow + access-control: {{ SUBNET }} allow directory: "/etc/unbound" - username: unbound + username: root auto-trust-anchor-file: trusted-key.key root-hints: "/etc/unbound/root.hints" hide-identity: yes diff --git a/tests/build.yml b/tests/build.yml index 00323151..8a5cd540 100644 --- a/tests/build.yml +++ b/tests/build.yml @@ -6,8 +6,8 @@ services: image: ${DOCKER_ORG:-mailu}/nginx:${VERSION:-local} build: ../core/nginx - unbound: - image: $DOCKER_ORG/unbound:$VERSION + resolver: + image: ${DOCKER_ORG:-mailu}/unbound:${VERSION:-local} build: ../core/unbound imap: From 7c07efc216138eb4d7402c530e8f4173787ccf53 Mon Sep 17 00:00:00 2001 From: Ionut Filip Date: Tue, 23 Oct 2018 15:42:19 +0300 Subject: [PATCH 07/12] Added unbound to setup - Added checkbox for unbound resolver - Added subnet variable - Added dns variable which is generating the ip address based on subnet --- setup/flavors/compose/docker-compose.yml | 44 ++++++++++++++++++++ setup/flavors/compose/mailu.env | 3 ++ setup/server.py | 2 + setup/templates/steps/compose/03_expose.html | 13 ++++++ setup/templates/steps/stack/03_expose.html | 3 +- 5 files changed, 64 insertions(+), 1 deletion(-) diff --git a/setup/flavors/compose/docker-compose.yml b/setup/flavors/compose/docker-compose.yml index b01bb8fd..4fef7468 100644 --- a/setup/flavors/compose/docker-compose.yml +++ b/setup/flavors/compose/docker-compose.yml @@ -28,6 +28,15 @@ services: {% endfor %} volumes: - "{{ root }}/certs:/certs" + + {% if resolver_enabled %} + resolver: + image: mailu/resolver:{{ version }} + restart: always + networks: + default: + ipv4_address: {{ dns }} + {% endif %} admin: image: mailu/admin:{{ version }} @@ -58,6 +67,11 @@ services: - "{{ root }}/overrides:/overrides" depends_on: - front + {% if resolver_enabled %} + - resolver + dns: + - {{ dns }} + {% endif %} # Optional services {% if antispam_enabled %} @@ -70,6 +84,11 @@ services: - "{{ root }}/overrides/rspamd:/etc/rspamd/override.d" depends_on: - front + {% if resolver_enabled %} + - resolver + dns: + - {{ dns }} + {% endif %} {% endif %} {% if antivirus_enabled %} @@ -78,6 +97,12 @@ services: env_file: {{ env }} volumes: - "{{ root }}/filter:/data" + {% if resolver_enabled %} + depends_on: + - resolver + dns: + - {{ dns }} + {% endif %} {% endif %} {% if webdav_enabled %} @@ -92,6 +117,12 @@ services: fetchmail: image: mailu/fetchmail:{{ version }} env_file: {{ env }} + {% if resolver_enabled %} + depends_on: + - resolver + dns: + - {{ dns }} + {% endif %} {% endif %} # Webmail @@ -103,4 +134,17 @@ services: - "{{ root }}/webmail:/data" depends_on: - imap + - resolver + dns: + - {{ dns }} {% endif %} + +{% if resolver_enabled %} +networks: + default: + driver: bridge + ipam: + driver: default + config: + - subnet: {{ subnet }} +{% endif %} diff --git a/setup/flavors/compose/mailu.env b/setup/flavors/compose/mailu.env index 9fc1197d..425f4cad 100644 --- a/setup/flavors/compose/mailu.env +++ b/setup/flavors/compose/mailu.env @@ -25,6 +25,9 @@ SECRET_KEY={{ secret(16) }} # PUBLIC_IPV4= {{ bind4 }} (default: 127.0.0.1) # PUBLIC_IPV6= {{ bind6 }} (default: ::1) +# Subnet +# SUBNET={{ subnet }} + # Main mail domain DOMAIN={{ domain }} diff --git a/setup/server.py b/setup/server.py index bfe5ef15..6f60c3c0 100644 --- a/setup/server.py +++ b/setup/server.py @@ -7,6 +7,7 @@ import jinja2 import uuid import string import random +import ipaddress app = flask.Flask(__name__) @@ -75,6 +76,7 @@ def build_app(path): def submit(): data = flask.request.form.copy() data['uid'] = str(uuid.uuid4()) + data['dns'] = str(ipaddress.IPv4Network(data['subnet'])[-2]) db.set(data['uid'], json.dumps(data)) return flask.redirect(flask.url_for('.setup', uid=data['uid'])) diff --git a/setup/templates/steps/compose/03_expose.html b/setup/templates/steps/compose/03_expose.html index df121c7d..783c2037 100644 --- a/setup/templates/steps/compose/03_expose.html +++ b/setup/templates/steps/compose/03_expose.html @@ -26,6 +26,19 @@ avoid generic all-interfaces addresses like 0.0.0.0 or :: +
+ +
+ +
+ + +
+

You server will be available under a main hostname but may expose multiple public hostnames. Every e-mail domain that points to this server must have one of the hostnames in its MX record. Hostnames must be coma-separated.

diff --git a/setup/templates/steps/stack/03_expose.html b/setup/templates/steps/stack/03_expose.html index a9cffc1c..1cd0cde5 100644 --- a/setup/templates/steps/stack/03_expose.html +++ b/setup/templates/steps/stack/03_expose.html @@ -5,7 +5,8 @@ you expose it to the world.

- +

You server will be available under a main hostname but may expose multiple public From da37555a3c6af23a28237bf8ba9da7ff34ed5529 Mon Sep 17 00:00:00 2001 From: Ionut Filip Date: Tue, 23 Oct 2018 15:46:53 +0300 Subject: [PATCH 08/12] Fixed naming error --- setup/flavors/compose/docker-compose.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/setup/flavors/compose/docker-compose.yml b/setup/flavors/compose/docker-compose.yml index 4fef7468..630531fe 100644 --- a/setup/flavors/compose/docker-compose.yml +++ b/setup/flavors/compose/docker-compose.yml @@ -31,7 +31,7 @@ services: {% if resolver_enabled %} resolver: - image: mailu/resolver:{{ version }} + image: mailu/unbound:{{ version }} restart: always networks: default: From 12d8872a0950173fed22050eb1baad3786f0e3f3 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Tim=20M=C3=B6hlmann?= Date: Tue, 23 Oct 2018 16:09:59 +0300 Subject: [PATCH 09/12] Fix unbound build path --- tests/build.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/build.yml b/tests/build.yml index 8a5cd540..ed5b75fe 100644 --- a/tests/build.yml +++ b/tests/build.yml @@ -8,7 +8,7 @@ services: resolver: image: ${DOCKER_ORG:-mailu}/unbound:${VERSION:-local} - build: ../core/unbound + build: ../services/unbound imap: image: ${DOCKER_ORG:-mailu}/dovecot:${VERSION:-local} From 6c12e2fffb9990dec70fdbc650245d78796b282c Mon Sep 17 00:00:00 2001 From: Ionut Filip Date: Tue, 23 Oct 2018 16:39:22 +0300 Subject: [PATCH 10/12] Fixed subnet variable in unbound --- setup/flavors/compose/docker-compose.yml | 1 + setup/flavors/compose/mailu.env | 2 +- 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/setup/flavors/compose/docker-compose.yml b/setup/flavors/compose/docker-compose.yml index 630531fe..e6b64077 100644 --- a/setup/flavors/compose/docker-compose.yml +++ b/setup/flavors/compose/docker-compose.yml @@ -32,6 +32,7 @@ services: {% if resolver_enabled %} resolver: image: mailu/unbound:{{ version }} + env_file: {{ env }} restart: always networks: default: diff --git a/setup/flavors/compose/mailu.env b/setup/flavors/compose/mailu.env index 425f4cad..4a14de63 100644 --- a/setup/flavors/compose/mailu.env +++ b/setup/flavors/compose/mailu.env @@ -26,7 +26,7 @@ SECRET_KEY={{ secret(16) }} # PUBLIC_IPV6= {{ bind6 }} (default: ::1) # Subnet -# SUBNET={{ subnet }} +SUBNET={{ subnet }} # Main mail domain DOMAIN={{ domain }} From 120c29eff603850d8bb9573df1ddbc8edc4a56b5 Mon Sep 17 00:00:00 2001 From: Ionut Filip Date: Tue, 23 Oct 2018 17:46:06 +0300 Subject: [PATCH 11/12] Added unbound for stack flavor --- setup/flavors/compose/docker-compose.yml | 4 ++-- setup/flavors/stack/docker-compose.yml | 25 ++++++++++++++++++++++ setup/templates/steps/stack/03_expose.html | 7 ++++++ 3 files changed, 34 insertions(+), 2 deletions(-) diff --git a/setup/flavors/compose/docker-compose.yml b/setup/flavors/compose/docker-compose.yml index e6b64077..50fd1705 100644 --- a/setup/flavors/compose/docker-compose.yml +++ b/setup/flavors/compose/docker-compose.yml @@ -29,7 +29,7 @@ services: volumes: - "{{ root }}/certs:/certs" - {% if resolver_enabled %} + {% if resolver_enabled %} resolver: image: mailu/unbound:{{ version }} env_file: {{ env }} @@ -68,7 +68,7 @@ services: - "{{ root }}/overrides:/overrides" depends_on: - front - {% if resolver_enabled %} + {% if resolver_enabled %} - resolver dns: - {{ dns }} diff --git a/setup/flavors/stack/docker-compose.yml b/setup/flavors/stack/docker-compose.yml index f27b661f..b9537e94 100644 --- a/setup/flavors/stack/docker-compose.yml +++ b/setup/flavors/stack/docker-compose.yml @@ -28,6 +28,15 @@ services: - "{{ root }}/certs:/certs" deploy: replicas: 1 + + {% if resolver_enabled %} + resolver: + image: mailu/unbound:{{ version }} + env_file: {{ env }} + networks: + default: + ipv4_address: {{ dns }} + {% endif %} admin: image: mailu/admin:{{ version }} @@ -63,6 +72,10 @@ services: - "{{ root }}/overrides:/overrides" deploy: replicas: 1 + {% if resolver_enabled %} + dns: + - {{ dns }} + {% endif %} # Optional services {% if antispam_enabled %} @@ -77,6 +90,10 @@ services: - "{{ root }}/overrides/rspamd:/etc/rspamd/override.d" deploy: replicas: 1 + {% if resolver_enabled %} + dns: + - {{ dns }} + {% endif %} {% endif %} {% if antivirus_enabled %} @@ -87,6 +104,10 @@ services: - "{{ root }}/filter:/data" deploy: replicas: 1 + {% if resolver_enabled %} + dns: + - {{ dns }} + {% endif %} {% endif %} {% if webdav_enabled %} @@ -107,6 +128,10 @@ services: - "{{ root }}/data:/data" deploy: replicas: 1 + {% if resolver_enabled %} + dns: + - {{ dns }} + {% endif %} {% endif %} {% if webmail_type != 'none' %} diff --git a/setup/templates/steps/stack/03_expose.html b/setup/templates/steps/stack/03_expose.html index 1cd0cde5..d47390be 100644 --- a/setup/templates/steps/stack/03_expose.html +++ b/setup/templates/steps/stack/03_expose.html @@ -3,6 +3,13 @@ and let users access their mailboxes. Mailu has some flexibility in the way you expose it to the world.

+
+ +
+
Date: Wed, 24 Oct 2018 12:18:03 +0300 Subject: [PATCH 12/12] Take out DNS entry for webmail --- setup/flavors/compose/docker-compose.yml | 3 --- 1 file changed, 3 deletions(-) diff --git a/setup/flavors/compose/docker-compose.yml b/setup/flavors/compose/docker-compose.yml index 50fd1705..81b6bcb2 100644 --- a/setup/flavors/compose/docker-compose.yml +++ b/setup/flavors/compose/docker-compose.yml @@ -135,9 +135,6 @@ services: - "{{ root }}/webmail:/data" depends_on: - imap - - resolver - dns: - - {{ dns }} {% endif %} {% if resolver_enabled %}