Docker Compose setup
====================

Prepare the environment
-----------------------

Mailu will store all of its persistent data in a path of your choice
(``/mailu`` by default) simply create the directory and move there:

.. code-block:: bash

  mkdir /mailu
  cd /mailu

Create the configuration files
------------------------------

Docker Compose configuration is stored in a file named ``docker-compose.yml``.
Additionally, Mailu relies on a ``mailu.env`` file for various settings.
Both files can be generated by the `mailu setup utility`_. The setup utility
is mostly self-explanatory, with some more additional information in this section.

.. _`mailu setup utility`: https://setup.mailu.io

.. _tls_flavor:

TLS certificates
````````````````

Sets the ``TLS_FLAVOR`` to one of the following
values:

- ``cert`` is the default and requires certificates to be setup manually;
- ``letsencrypt`` will use the *Letsencrypt!* CA to generate automatic certificates;
- ``mail`` is similar to ``cert`` except that TLS will only be served for
  emails (IMAP and SMTP), not HTTP (use it behind reverse proxies);
- ``mail-letsencrypt`` is similar to ``letsencrypt`` except that TLS will only be served for
  emails (IMAP and SMTP), not HTTP (use it behind reverse proxies);
- ``notls`` will disable TLS, this is not recommended except for testing.

.. note::

  When using *Letsencrypt!* you have to make sure that the DNS ``A`` and ``AAAA`` records for the
  all hostnames mentioned in the ``HOSTNAMES`` variable match with the ip addresses of you server.
  Or else certificate generation will fail! See also: :ref:`dns_setup`.

Bind address
````````````

The bind addresses need to match the public IP addresses assigned to your server. For IPv6 you will need the ``<global>`` scope address.

You can find those addresses by running the following:

.. code-block:: bash

  [root@mailu ~]$ ifconfig eth0
  eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
          inet 125.189.138.127  netmask 255.255.255.0  broadcast 5.189.138.255
          inet6 fd21:aab2:717c:cc5a::1  prefixlen 64  scopeid 0x0<global>
          inet6 fe2f:2a73:43a8:7a1b::1  prefixlen 64  scopeid 0x20<link>
          ether 00:50:56:3c:b2:23  txqueuelen 1000  (Ethernet)
          RX packets 174866612  bytes 127773819607 (118.9 GiB)
          RX errors 0  dropped 0  overruns 0  frame 0
          TX packets 19905110  bytes 2191519656 (2.0 GiB)
          TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

If the address is not configured directly (NAT) on any of the network interfaces or if
you would simply like the server to listen on all interfaces, use ``0.0.0.0`` and ``::``. 
Note that running in this mode is not supported and can lead to `issues`_.

.. _issues: https://github.com/Mailu/Mailu/issues/641

Review configuration variables
------------------------------

After downloading the files, open ``mailu.env`` and review the variable settings.
Make sure to read the comments in the file and instructions from the :ref:`common_cfg` page.

Finish setting up TLS
---------------------

Mailu relies heavily on TLS and must have a key pair and a certificate
available, at least for the hostname configured in the ``mailu.env`` file.

If you set ``TLS_FLAVOR`` to ``cert`` or ``mail`` then you must create a ``certs`` directory
in your root path and setup a key-certificate pair there:

- ``cert.pem`` contains the certificate (override with ``TLS_CERT_FILENAME``),
- ``key.pem`` contains the key pair (override with ``TLS_KEYPAIR_FILENAME``).

Start Mailu
-----------

You may now start Mailu. Move the to the Mailu directory and run:

.. code-block:: bash

  docker-compose up -d

Finally, you need an admin user account. 

You can have the system create it automatically:
use the environment variables ``INITIAL_ADMIN_*`` as described in :ref:`admin_account`

Else, if you don't go with the automatic way, you need to manually create the admin account now:

.. code-block:: bash

  docker-compose exec admin flask mailu admin me example.net 'password'

This will create a user named ``me@example.net`` with password ``password`` and administration privileges.
Connect to the Web admin interface and change the password to a strong one.

  .. note:: It is vitally important that either a user with the same email as ``POSTMASTER`` in your ``mailu.env`` exists, or you remember to create an alias with this name after you log in. All kinds of strange errors will occur as a result of not doing so!