Gnous/mailcow
2
0
Fork 0
Code Issues Pull Requests 1 Packages Projects Releases Wiki Activity

[GNOUS] prod

Browse Source
This commit is contained in:
thopic 2023-03-02 13:22:07 +01:00
parent d64f262cdd
commit a74cecc4e8
Signed by: thopic
GPG Key ID: 292DBBF0B54AD4C5
5 changed files with 116 additions and 47 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

48
data/assets/ssl-example/cert.pem
View File

@ -1,19 +1,33 @@
-----BEGIN CERTIFICATE----- -----BEGIN CERTIFICATE-----
MIIDBDCCAe6gAwIBAgIQeJMoL/3dxhxhT9EwuRTL/DALBgkqhkiG9w0BAQswEjEQ MIIFszCCA5ugAwIBAgIUK9hVp//3lB80sg1vrIpE7178FqAwDQYJKoZIhvcNAQEL
MA4GA1UEChMHbWFpbGNvdzAeFw0xNjEyMTMxMDExMDBaFw0xOTExMjgxMDExMDBa BQAwaTELMAkGA1UEBhMCREUxDDAKBgNVBAgMA05SVzEQMA4GA1UEBwwHV2lsbGlj
MC0xEDAOBgNVBAoTB21haWxjb3cxGTAXBgNVBAMTEG1haWwuZXhhbXBsZS5vcmcw aDEQMA4GA1UECgwHbWFpbGNvdzEQMA4GA1UECwwHbWFpbGNvdzEWMBQGA1UEAwwN
ggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDRg0xT3At9DSb3H5OMp3K1 bWFpbC5nbm91cy5mcjAeFw0yMTAzMDIxMTEzMzlaFw0yMjAzMDIxMTEzMzlaMGkx
MpXAgYyotSK6TS61fC0QEHy2fMXiws7Agcye6Ln7CG63Fe1eN2jkdlefy9xJivS8 CzAJBgNVBAYTAkRFMQwwCgYDVQQIDANOUlcxEDAOBgNVBAcMB1dpbGxpY2gxEDAO
y5w0M8i168v5znzC8fnylL2iOiSYfK/B/oEqfU7YH4RcegO53oDDIUZmi4Frgnu7 BgNVBAoMB21haWxjb3cxEDAOBgNVBAsMB21haWxjb3cxFjAUBgNVBAMMDW1haWwu
39VVOU1ZyHEVqGJ2H2aAIkoZRjGzumD9Ym4LWGidtKJzBgFt/qmhUeWXipM8w281 Z25vdXMuZnIwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQCvFtjY5uAH
XkQnJU79+x2ywnJSvEZ3r/ZVJC7kbjiVw+/k15k9Cxk6Ik8wmJ0X/+xWxoZomHQI GAIm2N5c2lXlAW1tCgIQl8+QfM1OsGMEs1svHA0LOtvrWHcBtgG9e/eWQkSRh67m
1LM0VKAS/iaU95dn2bplvL6jTiiyWAbrMjSKs4XbPt/fIbOicNkj6+CFy0MVfyyH LAmFy0vY0XO61Fj0dTkXOp4nESs+OQP6p7VZPvQ+v0umlVMvRlgUazynaXtRvUsp
AgMBAAGjPzA9MA4GA1UdDwEB/wQEAwIAqDAdBgNVHSUEFjAUBggrBgEFBQcDAgYI 9icQGsTFmPfjP7le3JbjJ/N58rAlTBv3Jxcujbr/QoZEGnX+Jb4mn3FmWM9U+zct
KwYBBQUHAwEwDAYDVR0TAQH/BAIwADALBgkqhkiG9w0BAQsDggEBAI/jBJa1P8nB sNiFLsi6mKl2H8a7gwdD783n4t7VHyeOZElzaFfkGGCReUQ2PF9BIjIhM/HvA86N
eHUN5muQmjBVDVOYyWAAEapOe2HYsBcpjaB2H8Iw3DQzJtz6peYeYSCmHRVqFLCm bB53558liMmn1ctrwDnlr/xJ/pgHfAdZ1kCtyNLQ/X3XrFp2VoEtt4drYb3cb8Jz
VPrq36l9mPUotyPDPlQQAxCj9R2+WbGaJO+N/E1F8FQ94dr3jqwUyfjVPoqEjmIH uBean8fMBriePs9yqqFIVGZaVUeJqNPm7+F6MOqp78D15q0uxvgTPKHtT/3MFKs9
NFkvbA0RJOeBm9oYGdhM0wjOBV9c9MTHFG82nQ/zQeTuPb7GXuKIOXYCxoLNOZMw UYnm0xn7wxXf02UZLNJWPus0ALYiD8QufGSksEMy+zX/T+0eKlI62m7g/YU1RIij
UJ02Cqjv5ImrgOhcstAKX3Ip0urSvZUGvtPla4CGh+M6yDFJ08GzX6OiMIH207RW ByvgS3AC0hXJPBj5aKzD+DSsrqYr34SGReG+8AuuyUt9/wqSAovmskonpjJ3etxz
jAbUXXERSUv/7hysdDjGo5HZjCeMzVu9KAxoZXqnmvkk8g2swKWtWBRcoeU1VGx0 1Cer2agUVwP/akVVpfPamHuwlnq2xwJcsT6ykBxc3+wit25nSXf86fxfqK/mm9og
Bx4Q4KMjuYQ= 5SCsmAedvsiYEzakOzKl6foB7OzmscFAGVnwdu5p78AxCskwo9EPULbHm/dHsyiM
3YB0Xk2/FykPxeyJPuNo2f5GTZ8YCB7T4QIDAQABo1MwUTAdBgNVHQ4EFgQU1Wkn
Y1tRMJTshNm9O35iZ8UBS2MwHwYDVR0jBBgwFoAU1WknY1tRMJTshNm9O35iZ8UB
S2MwDwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAgEACJOsqpuRJOGr
waT/5xm3j6o2CYhZO8n0aRfwvwIQVABuqGVMcbx7GwFt+Gq/afYkxfUObSgu4jAL
QVRwhE72N8RNDxWyJNaOWa1jvRvvTYoDKiMsOONUpgk3tGKYmVQlPaSV2eyQS1t7
56LB53EvQlb9AVY6T3kODNTmY8yDRA6Ys+ggGZQ5weaud6pFdgMTgfll/GAdPXU2
3dE/6+dN9mNF6z4jArgC3wJzyeedv85D7bxlXfdz7fw/c1WEPfGdbqqsxX1VZUNJ
l2rhc/6P3wDtQFJKckV2ryLBCn7JD8FtUa3HZLmjO/Leo4gAbJqCDSZvNvP8pPyk
LTt2W67vbHgZFlhUDDGQizEqBsCElIwfJRc/o+s4mVweZLIdhDVU8ZPVRdGqu7B0
lLsIw0+68JthiweL+6d/skenuEgZdfXWsV+Xy/vUXtelWe09558SrsX3fBhzD8jK
+oTxkN5fX6Bg3lOz+PcIlvgsLSaOgrz9Kfx652l3fh01nKlNXYxqLtOljfiFeKks
eWOPIxHodxWUUzAbO/PM8Nn5q/oJ7Zw4xAlZlNjO6OKq+WgizdQQdCgJvgKlGUYd
AGAqgVf09HBw/CLSXdtGrkMEHzWM0DfYRzQ2MOlvbyu2W08dC7dBGcQNfKKEls9i
FmRXfgDgPxHLt+f3OIn8CfNDlvhKZN4=
-----END CERTIFICATE----- -----END CERTIFICATE-----

79
data/assets/ssl-example/key.pem
View File

@ -1,27 +1,52 @@
-----BEGIN RSA PRIVATE KEY----- -----BEGIN PRIVATE KEY-----
MIIEpAIBAAKCAQEA0YNMU9wLfQ0m9x+TjKdytTKVwIGMqLUiuk0utXwtEBB8tnzF MIIJQwIBADANBgkqhkiG9w0BAQEFAASCCS0wggkpAgEAAoICAQCvFtjY5uAHGAIm
4sLOwIHMnui5+whutxXtXjdo5HZXn8vcSYr0vMucNDPItevL+c58wvH58pS9ojok 2N5c2lXlAW1tCgIQl8+QfM1OsGMEs1svHA0LOtvrWHcBtgG9e/eWQkSRh67mLAmF
mHyvwf6BKn1O2B+EXHoDud6AwyFGZouBa4J7u9/VVTlNWchxFahidh9mgCJKGUYx y0vY0XO61Fj0dTkXOp4nESs+OQP6p7VZPvQ+v0umlVMvRlgUazynaXtRvUsp9icQ
s7pg/WJuC1honbSicwYBbf6poVHll4qTPMNvNV5EJyVO/fsdssJyUrxGd6/2VSQu GsTFmPfjP7le3JbjJ/N58rAlTBv3Jxcujbr/QoZEGnX+Jb4mn3FmWM9U+zctsNiF
5G44lcPv5NeZPQsZOiJPMJidF//sVsaGaJh0CNSzNFSgEv4mlPeXZ9m6Zby+o04o Lsi6mKl2H8a7gwdD783n4t7VHyeOZElzaFfkGGCReUQ2PF9BIjIhM/HvA86NbB53
slgG6zI0irOF2z7f3yGzonDZI+vghctDFX8shwIDAQABAoIBAQC9kiLnIgxXGyZt 558liMmn1ctrwDnlr/xJ/pgHfAdZ1kCtyNLQ/X3XrFp2VoEtt4drYb3cb8JzuBea
pmmYdA6re1jatZ2zLSp+DcY8ul3/0hs195IKCyCOOSQPiR520Pt0t+duP46uYZIJ n8fMBriePs9yqqFIVGZaVUeJqNPm7+F6MOqp78D15q0uxvgTPKHtT/3MFKs9UYnm
aakp9gxaI5Vz+oMacH/AyaBDuDTj1Mf9WMSyIOfbDVCMRJOppGLcVh62+Gfjp2EO 0xn7wxXf02UZLNJWPus0ALYiD8QufGSksEMy+zX/T+0eKlI62m7g/YU1RIijByvg
+h2hTJBuvypFkbK2kVIZOaHVpbXWKw1oYuEcTftk9XfxxvfSMw1HQ12/P2CAcbaa S3AC0hXJPBj5aKzD+DSsrqYr34SGReG+8AuuyUt9/wqSAovmskonpjJ3etxz1Cer
jPmVbisunv6kpXtewSBTcaLSYWJf1MYD5Hi8fzkD2FJSXYbfQd8RKvT2rj6FA7ux 2agUVwP/akVVpfPamHuwlnq2xwJcsT6ykBxc3+wit25nSXf86fxfqK/mm9og5SCs
CDMzbYhdnd7lc63OARCIjfCRNtDT1cZ3gR1CQHD98lWxmPQIZukv+w7s/bSrFgnQ mAedvsiYEzakOzKl6foB7OzmscFAGVnwdu5p78AxCskwo9EPULbHm/dHsyiM3YB0
ROZ0ghBJAoGBAOmE/3d5FDmp0aJNxXynKcRGdpEEM4O40RIdqa2eR6Pa7aTRosao Xk2/FykPxeyJPuNo2f5GTZ8YCB7T4QIDAQABAoICAQCaSRGwoFGNLrTGspfPTn4e
z0qVgdFuJrqjlB3jgedxXEX1M0abCUzzM9Q5F7JLl+KsjwRwpkIOkPiyUncLp7LK HFHmockMAhpfgfoQexHmFH4nVxqPaMBd9Eh58345EMItYBu3+c4++VMy2N/vITJP
QbY3tvYBIdpjlF1USOMGRL4j11hqr4vQC/yPBF7jj81kCZDTbmZhp82jAoGBAOWu 0crJL3qtY3P1jQWEAQ3mlF4TVIw5tqvdEPyKTfxTkeOSyjpm3t0bDtOBN3Vpgc/+
ql5QFUOlmqkuWIAFkiLEZhOu+ptqkE+zG50CCGMJIX0dJ2PHXFyNGInomAeT0nbI KisY0l0Lsiq0rQxW8Wg7M/ETjsTXJjHWVVLgLzYOJrXwsBWTFwOaeZlyUrWC5/98
pbnK3x7KeEKiGrAqZFNCTHhApTwkrIj0L/RQbMDZ7u7j1AEUVNFEhIm62kg84FtG Hagrl9yRGwFgcuRU/O0IZorq7Wl1j52Y0zkuaaiuZomyBGoOalZa/Ikks6/jjVPV
xtfxVxredE+NQc/tyV3hXegdNZxegALirlcMKIvNAoGAWFwIxk48Ru1o8z72QQqH V2m3e14Jbjhso7In9j0sBsZb3PkYPCfmIvRcDwIp3O2xzCFX3AuHmRMDqASRXuLS
lUsMRicOzwK5qV8r+xPvC6MlVL42F3F8rj4QFwzU/r4yp3SUjNyqC5aSRl8Xj9Re 6Lhe4HxzExw2d7/8v34+SzkqgKb51NyvRTxm4gf4IqbVfyHoXpJ4RphjQHTj5J67
gijwPHi6Cf09SHLPliMo29GtvnnchJxfbPF7+23GP3p6gy4HPk/65u9s5nnH3uFk FN8kag6gaWVuZHse9gBz4l5FkqEd1yvUVYrbxdH/FzmxOPw0YOpRE5xd3Sr8yXgm
B7ad8sGsgg0eSXyXQ4okEn0CgYEAnogPuedGthlxBgMiPMMbmfm7hyyId4t3Ljuu /4WN9Ao5jEdfNbTT2a6HfkxZZcXft7pPjIyASv4Qz7sEPDVlRPC3qrpDJS0X2Z4W
/JExnsHnpobf8EPjoVIWNOIhRWGnrCtUEEhR9tvDZCKljyDDfKBPTdU496lMmX8K Rk2jsxowG12vpyyTD2ylFQaCVImp93zKJfBin2/W280dcfaOgS5VWNj3VysK1GLl
NnToi7gg7iy84T3aSVMktDgPgDrclMPmbZh8CeSvnVUfrtgu3Ci4+4Rlw5eKffNe h9BGEBdo2nhRG1o1Ml0CGhgZQ15L22MysgPoBgUW5vZlFQchBGkwyhB+X3afxDiS
aGDQ/6UCgYAbUq9mRT2WOXIo+Dchi9VzDWgtfOw5VEyqkSpb7hPiIYx5jNaENnVK 2755nRJJFdNsHh09LaL62QKCAQEA5dan2MMKcMmvOAMukvFZ1p8n/IlWrxUH9lHt
cAi3iqbBgPJBuMlTrKmmaxdmssGOEZNJLuuXLDbCU+f5cpu5PQ4crC6UtRI5rlhp urJJ/WM5NqcMKjpmsCy6bix6NVbF3xxybsAJNm9XCkpgLviua20LzdaMlA5N/AxX
8Yc+oiv3HWbSw3sVRpMFB6NP4DnvgFW3B2Wdfb/lNzPCKWqBsX7gWw== CdnDaKorH1pWVKWlT5oIWViekzJZVWtkXGPNIAGuE6hH+QHK7MAqKct4Vzt6/K9a
-----END RSA PRIVATE KEY----- jvldKXd+DTumEuUxNi+mV0bWh13oFQjfBlJkv2/Llldb7Eq0Bcz9GeLVU0hWwty8
BjafhqKC79IQtPZRmVbyqWieDGZsmW1pAY2RF+A7nuC/HjctPmXcF+AjHyhaqs5I
D1jv/TDMdccMnu7/esZV1nKKBT+r3Uqf2pOBEzxzbMN0zwvuzwKCAQEAwwTVdHhL
vUwSQBcBST160ds2i0s/SZ1qYS8g48dZpoSyxzMqID5clDjOe+O5vQrzGyaFa2Jp
A3UnFMDD3jDj2yjxy6v1Z6KgyW7q2l6lNEoacEB2PqW6eqoDmBT9ORhK/oQH0UzQ
Vo8zfnhmW8JbQceDy73zIRmUxuJhgRLMtieNfMyTI94hwQZHPipSdx18w81Nz5zo
JdD8UpkQqlRFX8tKr7OlEUBJ34KoHbuz4mpx0ENtO8IrqeEdCtSTKgmcFgLeU+PU
S8LJBzQy8JN+9cD9IuvGPEpJsiVLtXQ1Xc1MH4Ly0N7SvwFl+vlqn+DUefRrb/rf
buUQyAuhnUY+TwKCAQEAsBnGRRk72KtPa5VUjBYMhZswohgAqOluTlb71T5h3pm1
7qATfA9/OqEqvtupT1ELDyXWr/DHnkO05xeRlqvHyFum3bHzyEUlj2dNESkexgUM
QVuQJg89GD6nAv4ZkiLTu9Uq8nctZcajwEAB1VKATuH17EwQCpZyZ0VcF4wMy4bY
t/7qAjRFfoUH6HtISDO1bNh9OXTL6LoZvTl2Hxgl0wP7MWhRlxwoDenezsvvctL1
jBbh4iWQ4/Jwv0h/QHUB5JSmDiCP+UE/rT36cYZJTjPxbQG5J1heD9057ThxuQc4
wU0f6G6qpUFt53+fLOJaJpXU4T5/eWOp9L3VtAYqlQKCAQA7ynabP+qQvgr2ZVc6
mkPWpWwCpu5fZojgBPADhfIhkJuzYSdwPU5rD0OXTkl7ASlp0JSlSMXDjp6NyVAE
Bl9FqTcA59bUkFLVj1En5E6oSnPyqIDYUj1rMEbr0LuWTrFneRlgfTl+4Ga8RrOz
PFJ4R3BL/g/VvR8VHwEf7qCe1F+XvKz8GTWmFYOwNo+T/5FqAr7xgTzXo0xJEq6+
Whnu9cgPOHfKYziC828RtqO/Lj14ycNqx+xVKDScRnJcOBgH05dQhxBmrfCuab2Y
btBFDodNtpXPlEMmADNHDbry6GeHXcGOclKQxx/6I5AiNm9OeLab3YG1YTuU6aQC
MTAXAoIBAHBXGy9wM+8f2wsP1dgv4aiwuOK8WbbqpjQ/vdCOUxVHxVRrgG/3epsE
jXAuzzERzWSJax4cW3XvB0xzVf3P+6bVbAwUd9dwrKUG1AQ19MuvHJ+S4hXLmu1B
+E5/xyGHJhjbvzSSH8e98mvbv6gQ2s7kmGbY7pCYPuWYIaw54aqDLH0agAjAxC8i
wVK5B8yMyxL//PEPjTQHZx4LIICPkApT6dvvrSNMxVltqgTu/qbvCn+wgpb6snU9
YhqrcA2tpSrwe4WGMK7Q1+/EGSUKvQy21EuenF2IHxkZYRgWrFDOowib/Paw8WM5
tCCpMpFrpTx5YHRXKh/2WxLbGzUpbzA=
-----END PRIVATE KEY-----

2
data/conf/postfix/main.cf
View File

@ -199,3 +199,5 @@ parent_domain_matches_subdomains = debug_peer_list,fast_flush_domains,mynetworks
# DO NOT EDIT ANYTHING BELOW # # DO NOT EDIT ANYTHING BELOW #
# User overrides # # User overrides #
myhostname = mail.gnous.fr

2
data/conf/unbound/unbound.conf
View File

@ -4,7 +4,7 @@ server:
interface: ::0 interface: ::0
logfile: /dev/console logfile: /dev/console
do-ip4: yes do-ip4: yes
do-ip6: yes do-ip6: no
do-udp: yes do-udp: yes
do-tcp: yes do-tcp: yes
do-daemonize: no do-daemonize: no

32
docker-compose.yml
View File

@ -344,13 +344,39 @@ services:
- ./data/conf/rspamd/meta_exporter:/meta_exporter:ro,z - ./data/conf/rspamd/meta_exporter:/meta_exporter:ro,z
- sogo-web-vol-1:/usr/lib/GNUstep/SOGo/:z - sogo-web-vol-1:/usr/lib/GNUstep/SOGo/:z
ports: ports:
- "${HTTPS_BIND:-:}:${HTTPS_PORT:-443}:${HTTPS_PORT:-443}" - "${HTTP_PORT:-80}"
- "${HTTP_BIND:-:}:${HTTP_PORT:-80}:${HTTP_PORT:-80}"
restart: always restart: always
networks: networks:
proxy:
mailcow-network: mailcow-network:
aliases: aliases:
- nginx - nginx
labels:
- traefik.enable=true
- traefik.docker.network=proxy
- traefik.http.middlewares.mail-redirect-websecure.redirectscheme.scheme=https
- traefik.http.routers.mail-http.middlewares=mail-redirect-websecure
- traefik.http.routers.mail-http.rule=Host(`${MAILCOW_HOSTNAME}`)
- traefik.http.routers.mail-http.entrypoints=web
- traefik.http.routers.mail-https.rule=Host(`${MAILCOW_HOSTNAME}`)
- traefik.http.routers.mail-https.entrypoints=websecure
- traefik.http.routers.mail-https.tls=true
- traefik.http.routers.mail-https.tls.certresolver=myhttpchallenge
- traefik.http.services.mail.loadbalancer.server.port=80
certdumper:
image: humenius/traefik-certs-dumper
container_name: traefik_certdumper
network_mode: none
volumes:
# mount the folder which contains Traefik's `acme.json' file
# in this case Traefik is started from its own docker-compose in ../traefik
- ${DATA_PATH}/traefik:/traefik:ro
# mount mailcow's SSL folder
- ./data/assets/ssl/:/output:rw
environment:
# only change this, if you're using another domain for mailcow's web frontend compared to the standard config
- DOMAIN=${MAILCOW_HOSTNAME}
acme-mailcow: acme-mailcow:
depends_on: depends_on:
@ -602,6 +628,8 @@ networks:
config: config:
- subnet: ${IPV4_NETWORK:-172.22.1}.0/24 - subnet: ${IPV4_NETWORK:-172.22.1}.0/24
- subnet: ${IPV6_NETWORK:-fd4d:6169:6c63:6f77::/64} - subnet: ${IPV6_NETWORK:-fd4d:6169:6c63:6f77::/64}
proxy:
external: true
volumes: volumes:
vmail-vol-1: vmail-vol-1: