docker/myvemail
1
0
Fork 0
mirror of https://git.myvelabs.com/docker/myvemail.git synced 2025-12-17 21:46:17 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

Fixes for 01-setup.sh and gave .env its own file

Browse source
This commit is contained in:
myve 2025-03-18 02:27:28 +00:00
commit 9cbf043ac0
2 changed files with 96 additions and 73 deletions
Download patch file Download diff file Expand all files Collapse all files

51
.env Normal file
View file

@ -0,0 +1,51 @@
# Required
# Mail domain
MYVEMAIL_SUBDOMAIN={{MYVEMAIL_SUBDOMAIN}}
MYVEMAIL_DOMAIN={{MYVEMAIL_DOMAIN}}
# Webmail port
MYVEMAIL_PORT={{MYVEMAIL_PORT}}
# Optional
# Version: latest or stable (defaults to latest)
MYVEMAIL_VERSION={{MYVEMAIL_VERSION}}
# Additional mail domains separated by commas
MYVEMAIL_ADDMX=
# Backup mail servers separated by commas
MYVEMAIL_BACKUPMX=
# Whitelist SPF
MYVEMAIL_WHITELIST_HELO=
# Whitelist domains separated by commas (eg. website.tld,web.website.tld)
MYVEMAIL_WHITELIST_DOMAINS=
# Whitelist invididual email addresses (eg. email@website.tld,email2@website2.tld2)
MYVEMAIL_WHITELIST_EMAILS=
# Blacklist domains separated by commas (eg. website.tld,web.website.tld)
MYVEMAIL_BLACKLIST_DOMAINS=
# Blacklist invididual email addresses (eg. email@website.tld,email2@website2.tld2)
MYVEMAIL_BLACKLIST_EMAILS=
# Volumes
MYVEMAIL_VOLUME_MARIADB=
MYVEMAIL_VOLUME_SSL=
MYVEMAIL_VOLUME_DATA=
MYVEMAIL_VOLUME_MAIL=
MYVEMAIL_VOLUME_LOGS=
MYVEMAIL_VOLUME_DKIM=
MYVEMAIL_VOLUME_POSTWHITE=
# MariaDB
# Roundcube
MYVEMAIL_ROUNDCUBE_DBNAME=roundcube
MYVEMAIL_ROUNDCUBE_DBUSER=roundcube
MYVEMAIL_ROUNDCUBE_DBPASS={{MYVEMAIL_ROUNDCUBE_DBPASS}}
# Postfixadmin
MYVEMAIL_POSTFIXADMIN_DBNAME=postfixadmin
MYVEMAIL_POSTFIXADMIN_DBUSER=postfixadmin
MYVEMAIL_POSTFIXADMIN_DBPASS={{MYVEMAIL_POSTFIXADMIN_DBPASS}}

118
01-setup.sh
View file

@ -66,6 +66,14 @@ server {
proxy_set_header Accept-Encoding ""; proxy_set_header Accept-Encoding "";
proxy_set_header Host $host; proxy_set_header Host $host;
proxy_set_header Early-Data $ssl_early_data;
proxy_buffering off;
proxy_request_buffering off;
proxy_next_upstream error timeout invalid_header http_500;
proxy_next_upstream_timeout 3s;
proxy_next_upstream_tries 2;
client_body_buffer_size 512k; client_body_buffer_size 512k;
proxy_read_timeout 86400s; proxy_read_timeout 86400s;
client_max_body_size 0; client_max_body_size 0;
@ -80,104 +88,67 @@ server {
# http_upgrade # http_upgrade
# Security # Security
server_tokens off; server_tokens off;
add_header X-Frame-Options "SAMEORIGIN" always; add_header X-Frame-Options "SAMEORIGIN" always;
add_header X-Content-Type-Options "nosniff" always; add_header X-Content-Type-Options "nosniff" always;
add_header X-XSS-Protection "1; mode=block" always; add_header X-XSS-Protection "1; mode=block" always;
add_header Referrer-Policy "strict-origin" always; add_header Referrer-Policy "no-referrer" always;
add_header X-Permitted-Cross-Domain-Policies "none" always; add_header X-Permitted-Cross-Domain-Policies "none" always;
add_header X-Robots-Tag "noindex, nofollow" always; add_header X-Robots-Tag "noindex, nofollow" always;
# add_header Content-Security-Policy "default-src 'self';" always;
# http2 # http2
http2 on; http2 on;
# http3 # http3
listen 443 quic;
add_header Alt-Svc 'h3=":443"; ma=86400'; add_header Alt-Svc 'h3=":443"; ma=86400';
quic_retry on; quic_retry on;
quic_gso on;
http3_stream_buffer_size 512k;
http3 on; http3 on;
# Certbot defaults # Certbot defaults
listen 443 ssl;
include /etc/letsencrypt/options-ssl-nginx.conf;
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;
add_header Strict-Transport-Security "max-age=31536000" always; add_header Strict-Transport-Security "max-age=31536000" always;
} }
proxy proxy
# Run certbot # Run certbot
if sudo nginx -t sudo certbot --nginx --non-interactive --agree-tos --no-eff-email -m eff@${_domain} -d ${domain} \
then --staple-ocsp --hsts --no-redirect --renew-hook 'docker exec --interactive --tty myvemail /bin/ash -c "dovecot reload; postfix reload"'
sudo certbot --nginx --non-interactive --agree-tos --no-eff-email -m eff@${_domain} -d ${domain} \
--staple-ocsp --hsts --no-redirect --renew-hook 'docker exec --interactive --tty myvemail /bin/ash -c "dovecot reload; postfix reload"' # Add http2 and http3 directives
else sudo sed -e '/listen 80/d' \
exit 1 -e '/listen 443/a\
fi listen 443 quic;\
listen [::]:443 ssl;\
listen [::]:443 quic;\n' -i ${nginxdir}/${appname}.conf
sudo tee -a ${nginxdir}/${appname}.conf >/dev/null <<- 'redirect'
server {
listen 80;
server_name {{domain}};
if ($scheme = "http") {
return 301 https://$host$request_uri;
}
}
redirect
sudo systemctl reload nginx.service
# SSL # SSL
[ -d ./data/ssl/ ] || install --directory ./data/ssl/ [ -d ./data/ssl/ ] || install --directory ./data/ssl/
sudo ln -s -f /etc/letsencrypt/live/${domain}/fullchain.pem ./data/ssl/tls.pem sudo ln -s -f /etc/letsencrypt/live/${domain}/fullchain.pem ./data/ssl/tls.pem
sudo ln -s -f /etc/letsencrypt/live/${domain}/privkey.pem ./data/ssl/tls.key sudo ln -s -f /etc/letsencrypt/live/${domain}/privkey.pem ./data/ssl/tls.key
[ -f ./data/ssl/dh.pem ] || openssl dhparam -out ./data/ssl/dh.pem 4096 [ -f ./data/ssl/dh.pem ] || touch ./data/ssl/dh.pem
# Postwhite # Postwhite
[ -f ./data/postwhite ] || touch ./data/postwhite [ -f ./data/postwhite ] || touch ./data/postwhite
# Environment file # Environment file
[ -f ./.env ] || \ sed -e "s/{{MYVEMAIL_SUBDOMAIN}}/${_subdomain}/" \
cat >./.env <<- gen-env -e "s/{{MYVEMAIL_DOMAIN}}/${_domain}/" \
# Required -e "s/{{MYVEMAIL_PORT}}/${proxyport}/" \
# Mail domain -e "s/{{MYVEMAIL_VERSION}}/${mailver:-latest}/" \
MYVEMAIL_SUBDOMAIN=${_subdomain} -e "s/{{MYVEMAIL_ROUNDCUBE_DBPASS}}/$(openssl rand -hex 32)/" \
MYVEMAIL_DOMAIN=${_domain} -e "s/{{MYVEMAIL_POSTFIXADMIN_DBPASS}}/$(openssl rand -hex 32)/" \
-i ./.env
# Webmail port
MYVEMAIL_PORT=${proxyport}
# Optional
# Version: latest or stable (defaults to latest)
MYVEMAIL_VERSION=${mailver:-latest}
# Additional mail domains separated by commas
MYVEMAIL_ADDMX=
# Backup mail servers separated by commas
MYVEMAIL_BACKUPMX=
# Whitelist SPF
MYVEMAIL_WHITELIST_HELO=
# Whitelist domains separated by commas (eg. website.tld,web.website.tld)
MYVEMAIL_WHITELIST_DOMAINS=
# Whitelist invididual email addresses (eg. email@website.tld,email2@website2.tld2)
MYVEMAIL_WHITELIST_EMAILS=
# Blacklist domains separated by commas (eg. website.tld,web.website.tld)
MYVEMAIL_BLACKLIST_DOMAINS=
# Blacklist invididual email addresses (eg. email@website.tld,email2@website2.tld2)
MYVEMAIL_BLACKLIST_EMAILS=
# Volumes
MYVEMAIL_VOLUME_MARIADB=
MYVEMAIL_VOLUME_SSL=
MYVEMAIL_VOLUME_DATA=
MYVEMAIL_VOLUME_MAIL=
MYVEMAIL_VOLUME_LOGS=
MYVEMAIL_VOLUME_DKIM=
MYVEMAIL_VOLUME_POSTWHITE=
# MariaDB
# Roundcube
MYVEMAIL_ROUNDCUBE_DBNAME=roundcube
MYVEMAIL_ROUNDCUBE_DBUSER=roundcube
MYVEMAIL_ROUNDCUBE_DBPASS=$(openssl rand -hex 32)
# Postfixadmin
MYVEMAIL_POSTFIXADMIN_DBNAME=postfixadmin
MYVEMAIL_POSTFIXADMIN_DBUSER=postfixadmin
MYVEMAIL_POSTFIXADMIN_DBPASS=$(openssl rand -hex 32)
gen-env
# Cleanup # Cleanup
rm -r ${0} ./build/ -f rm -r ${0} ./build/ -f
@ -190,5 +161,6 @@ docker compose run --rm -it myvemail setup
if [ -d ./data/sql/mysql/ ] && [ -d ./data/sql/postfixadmin/ ] if [ -d ./data/sql/mysql/ ] && [ -d ./data/sql/postfixadmin/ ]
then then
docker compose up --detach docker compose up --detach
[ -s ./data/ssl/dh.pem ] || openssl dhparam -out ./data/ssl/dh.pem 4096 &
docker compose logs --follow docker compose logs --follow
fi fi