Working Draft

2025-01-22 21:02:22 +01:00 · 2022-11-12 16:54:48 +01:00 · 2022-11-12 16:54:48 +01:00 · dde53d3452
commit dde53d3452
parent 273cb5f829
6 changed files with 80 additions and 61 deletions
--- a/config/mail/10-custom.conf
+++ b/config/mail/10-custom.conf
@ -1,7 +1,7 @@
 # Enables mail_crypt for all services (imap, pop3, etc)
 mail_plugins = $mail_plugins mail_crypt
 plugin {
-  mail_crypt_global_private_key = </certs/ecprivkey.pem
-  mail_crypt_global_public_key = </certs/ecpubkey.pem
+  mail_crypt_global_private_key = </etc/letsencrypt/live/ecprivkey.pem
+  mail_crypt_global_public_key = </etc/letsencrypt/live/ecpubkey.pem
  mail_crypt_save_version = 2
 }
--- a/config/mail/Dockerfile
+++ b/config/mail/Dockerfile
@ -8,7 +8,7 @@ RUN apk update && \
  apk add --no-cache openssl && \
  rm -rf /var/cache/apk/*

-COPY ./mail/certs /certs
+RUN mkdir -p /etc/letsencrypt/live

-RUN openssl ecparam -name ${SSL_ALGO} -genkey | openssl pkey -out /certs/ecprivkey.pem && \
-    openssl pkey -in /certs/ecprivkey.pem -pubout -out /certs/ecpubkey.pem
+RUN openssl ecparam -name ${SSL_ALGO} -genkey | openssl pkey -out /etc/letsencrypt/live/ecprivkey.pem && \
+    openssl pkey -in /etc/letsencrypt/live/ecprivkey.pem -pubout -out /etc/letsencrypt/live/ecpubkey.pem
--- a/config/nginx/default.conf
+++ b/config/nginx/default.conf
@ -1,17 +0,0 @@
-server {
-    index index.php index.html;
-    server_name php-docker.local;
-    error_log  /var/log/nginx/error.log;
-    access_log /var/log/nginx/access.log;
-    root /var/www/html;
-
-    location ~ \.php$ {
-        try_files $uri =404;
-        fastcgi_split_path_info ^(.+\.php)(/.+)$;
-        fastcgi_pass ${NGINX_PHP_CGI};
-        fastcgi_index index.php;
-        include fastcgi_params;
-        fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
-        fastcgi_param PATH_INFO $fastcgi_path_info;
-    }
-}
--- a/config/nginx/zathura.leene.dev_location
+++ b/config/nginx/zathura.leene.dev_location
@ -0,0 +1,27 @@
+
+root  /var/www/html/roundcubemail;
+index  index.php index.html index.htm;
+client_max_body_size 128M;
+
+location / {
+    try_files $uri $uri/ /index.php?q=$uri&$args;
+}
+
+location ~ \.php$ {
+    try_files $uri =404;
+    fastcgi_keep_conn on;
+    fastcgi_split_path_info ^(.+\.php)(.*)$;
+    fastcgi_pass zathura.leene.dev;
+    fastcgi_index index.php;
+    fastcgi_param PATH_INFO $fastcgi_path_info;
+    fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
+    include fastcgi_params;
+}
+
+location ~ ^/(README|INSTALL|LICENSE|CHANGELOG|UPGRADING)$ {
+    deny all;
+}
+
+location ~ ^/(bin|SQL)/ {
+    deny all;
+}
--- a/docker-compose.yaml
+++ b/docker-compose.yaml
@ -12,24 +12,17 @@ x-mail: &defaults
    - internalnet

 services:
-  ddnsgd:
-    <<: *defaults
-    container_name: "ddnsgd"
-    image: "ghcr.io/dominickbrasileiro/ddnsgd"
-    restart: "always"

  pgsqlserver:
    <<: *defaults
    container_name: pgsqlserver
    image: postgres:15
    volumes:
-      - type: bind
-        source: ./pgsql
-        target: /var/lib/postgresql/data:z
-      - ./config/pg-init-scripts:/docker-entrypoint-initdb.d:z
+      - sql_data:/var/lib/postgresql/data/:z
+      - ./config/pg-init-scripts:/docker-entrypoint-initdb.d:ro
    restart: always
-    ports:
-      - "5432:5432"
+    expose:
+      - "5432"

  roundcubemail:
    <<: *defaults
@ -37,17 +30,20 @@ services:
    container_name: roundcubemail
    environment:
      - ROUNDCUBEMAIL_DB_HOST=pgsqlserver
+      - VIRTUAL_HOST=zathura.leene.dev
+      - LETSENCRYPT_HOST=zathura.leene.dev
+      - LETSENCRYPT_EMAIL=admin@zathura.leene.dev
    depends_on:
      - pgsqlserver
    links:
      - pgsqlserver
-    ports:
-      - "9000:9000"
+    expose:
+      - "9000"
    volumes:
-      - ./nginx/html/:/var/www/html/:z
+      - nginx_html/roundcubemail:/var/www/html

  mailserver:
-    build: .
+    build: ./config/mail
    <<: *defaults
    image: mailserver/docker-mailserver:latest
    container_name: mailserver
@ -59,40 +55,43 @@ services:
      - "587:587"
      - "993:993"
    volumes:
-      - ./nginx/certs/:/etc/letsencrypt/live/:z
-      - ./mail/mail-data/:/var/mail/:z
-      - ./mail/mail-state/:/var/mail-state/:z
-      - ./mail/mail-logs/:/var/log/mail/:z
-      - ./mail/config/:/tmp/docker-mailserver/:z
-      - ./nginx/certs/:/certs/:z
+      - nginx_certs:/etc/letsencrypt/live/
+      - mail_data:/var/mail/:z
+      - mail_state:/var/mail-state/:z
+      - mail_config:/tmp/docker-mailserver/:z
      - /etc/localtime:/etc/localtime:ro
-
    cap_add:
      - NET_ADMIN
    depends_on:
      - ddnsgd
    restart: always

+
  reverse-proxy:
    <<: *defaults
    image: nginxproxy/nginx-proxy
    container_name: nginx-proxy
-    environment:
-      - NGINX_PHP_CGI=roundcubemail:9000
    restart: always
    ports:
      - "80:80"
      - "443:443"
    volumes:
-      - ./nginx/conf/:/etc/nginx/conf.d:z
-      - ./nginx/html/:/usr/share/nginx/html/:z
-      - ./nginx/vhost/:/etc/nginx/vhost.d/:z
-      - ./nginx/certs/:/etc/nginx/certs/:z
-      - ./nginx/dhparam:/etc/nginx/dhparam:z
+      - nginx_dhparam:/etc/nginx/dhparam:z
+      - nginx_certs:/etc/nginx/certs/:z
+      - nginx_conf:/etc/nginx/conf.d/:z
+      - nginx_vhost:/etc/nginx/vhost.d/:z
+      - nginx_html:/usr/share/nginx/html/:z
+      - ./config/nginx/zathura.leene.dev_location:/etc/nginx/vhost.d/zathura.leene.dev_location:ro
      - /var/run/docker.sock:/tmp/docker.sock:z
    depends_on:
      - ddnsgd

+  ddnsgd:
+    <<: *defaults
+    container_name: "ddnsgd"
+    image: "ghcr.io/dominickbrasileiro/ddnsgd"
+    restart: "always"
+
  acme-companion:
    <<: *defaults
    image: nginxproxy/acme-companion
@ -101,8 +100,20 @@ services:
    volumes_from:
      - reverse-proxy
    volumes:
-      - ./nginx/certs/:/etc/nginx/certs/:z
-      - ./nginx/acme-state/:/etc/acme.sh/:z
+      - acme-state:/etc/acme.sh
      - /var/run/docker.sock:/var/run/docker.sock:z
    depends_on:
      - ddnsgd
+    build: ./config/nginx
+
+volumes:
+  sql_data:
+  acme-state:
+  nginx_certs:
+  nginx_dhparam:
+  nginx_html:
+  nginx_conf:
+  nginx_vhost:
+  mail_data:
+  mail_config:
+  mail_state:
--- a/local.env
+++ b/local.env
@ -7,12 +7,11 @@ PASSWORD="Enl0rRgqBsZPVupA"

 ## Docker Env

-DEBUG=1
 PERMIT_DOCKER=network

 ## Google Dynamic DNS

-INTERVAL=30
+INTERVAL=900
 HOSTNAME="zathura.leene.dev"

 ## Mail Server Env
@ -32,8 +31,7 @@ POSTMASTER_ADDRESS=admin@leene.dev
 ENABLE_UPDATE_CHECK=1

 SSL_TYPE=letsencrypt
-VIRTUAL_HOST=zathura.leene.dev,mail.zathura.leene.dev,git.zathura.leene.dev
-LETSENCRYPT_HOST=zathura.leene.dev,mail.zathura.leene.dev,git.zathura.leene.dev
+

 ## SQL Server Env

@ -47,13 +45,13 @@ ROUNDCUBEMAIL_DB_TYPE=pgsql
 ROUNDCUBEMAIL_DB_NAME=roundcube
 ROUNDCUBEMAIL_DB_USER=roundcube
 ROUNDCUBEMAIL_SKIN=elastic
-ROUNDCUBEMAIL_DEFAULT_HOST=tls://mail.zathura.leene.dev
-ROUNDCUBEMAIL_SMTP_SERVER=tls://mail.zathura.leene.dev
-
+ROUNDCUBEMAIL_DEFAULT_HOST=tls://zathura.leene.dev
+ROUNDCUBEMAIL_SMTP_SERVER=tls://zathura.leene.dev
+ROUNDCUBEMAIL_ASPELL_DICTS=en

 ## NGINX Reverse Proxy
+
 NGINX_HOST=zathura.leene.dev
 NGINX_PROXY_CONTAINER=nginx-proxy
-LETSENCRYPT_TEST=true
 LETSENCRYPT_RESTART_CONTAINER=true
 DEFAULT_EMAIL=lieuwe@leene.dev