git subrepo commit (merge) mailcow/src/mailcow-dockerized
subrepo: subdir: "mailcow/src/mailcow-dockerized"
merged: "02ae5285"
upstream: origin: "https://github.com/mailcow/mailcow-dockerized.git"
branch: "master"
commit: "649a5c01"
git-subrepo: version: "0.4.3"
origin: "???"
commit: "???"
Change-Id: I870ad468fba026cc5abf3c5699ed1e12ff28b32b
diff --git a/mailcow/src/mailcow-dockerized/docker-compose.yml b/mailcow/src/mailcow-dockerized/docker-compose.yml
index 2ec3fa0..74cec10 100644
--- a/mailcow/src/mailcow-dockerized/docker-compose.yml
+++ b/mailcow/src/mailcow-dockerized/docker-compose.yml
@@ -2,7 +2,7 @@
services:
unbound-mailcow:
- image: mailcow/unbound:1.12
+ image: mailcow/unbound:1.13
environment:
- TZ=${TZ}
volumes:
@@ -17,7 +17,7 @@
- unbound
mysql-mailcow:
- image: mariadb:10.4
+ image: mariadb:10.5
depends_on:
- unbound-mailcow
stop_grace_period: 45s
@@ -41,7 +41,7 @@
- mysql
redis-mailcow:
- image: redis:5-alpine
+ image: redis:6-alpine
volumes:
- redis-vol-1:/data/:Z
restart: always
@@ -49,6 +49,8 @@
- "${REDIS_PORT:-127.0.0.1:7654}:6379"
environment:
- TZ=${TZ}
+ sysctls:
+ - net.core.somaxconn=4096
networks:
mailcow-network:
ipv4_address: ${IPV4_NETWORK:-172.22.1}.249
@@ -56,7 +58,7 @@
- redis
clamd-mailcow:
- image: mailcow/clamd:1.38
+ image: mailcow/clamd:1.40
restart: always
dns:
- ${IPV4_NETWORK:-172.22.1}.254
@@ -71,7 +73,7 @@
- clamd
rspamd-mailcow:
- image: mailcow/rspamd:1.75
+ image: mailcow/rspamd:1.77
stop_grace_period: 30s
depends_on:
- dovecot-mailcow
@@ -101,13 +103,13 @@
- rspamd
php-fpm-mailcow:
- image: mailcow/phpfpm:1.69
+ image: mailcow/phpfpm:1.76
command: "php-fpm -d date.timezone=${TZ} -d expose_php=0"
depends_on:
- redis-mailcow
volumes:
- ./data/hooks/phpfpm:/hooks:Z
- - ./data/web:/web:rw,z
+ - ./data/web:/web:z
- ./data/conf/rspamd/dynmaps:/dynmaps:ro,z
- ./data/conf/rspamd/custom/:/rspamd_custom_maps:z
- rspamd-vol-1:/var/lib/rspamd:z
@@ -122,6 +124,7 @@
- ./data/conf/dovecot/global_sieve_before:/global_sieve/before:z
- ./data/conf/dovecot/global_sieve_after:/global_sieve/after:z
- ./data/assets/templates:/tpls:z
+ - ./data/conf/nginx/:/etc/nginx/conf.d/:z
dns:
- ${IPV4_NETWORK:-172.22.1}.254
environment:
@@ -160,7 +163,7 @@
- phpfpm
sogo-mailcow:
- image: mailcow/sogo:1.93
+ image: mailcow/sogo:1.101
environment:
- DBNAME=${DBNAME}
- DBUSER=${DBUSER}
@@ -180,12 +183,25 @@
dns:
- ${IPV4_NETWORK:-172.22.1}.254
volumes:
+ - ./data/hooks/sogo:/hooks:Z
- ./data/conf/sogo/:/etc/sogo/:z
- ./data/web/inc/init_db.inc.php:/init_db.inc.php:Z
+ - ./data/conf/sogo/custom-favicon.ico:/usr/lib/GNUstep/SOGo/WebServerResources/img/sogo.ico:z
+ - ./data/conf/sogo/custom-theme.js:/usr/lib/GNUstep/SOGo/WebServerResources/js/theme.js:z
- ./data/conf/sogo/custom-sogo.js:/usr/lib/GNUstep/SOGo/WebServerResources/js/custom-sogo.js:z
- mysql-socket-vol-1:/var/run/mysqld/:z
- sogo-web-vol-1:/sogo_web:z
- sogo-userdata-backup-vol-1:/sogo_backup:Z
+ labels:
+ ofelia.enabled: "true"
+ ofelia.job-exec.sogo_sessions.schedule: "@every 1m"
+ ofelia.job-exec.sogo_sessions.command: "/bin/bash -c \"[[ $${MASTER} == y ]] && /usr/local/bin/gosu sogo /usr/sbin/sogo-tool expire-sessions $${SOGO_EXPIRE_SESSION} || exit 0\""
+ ofelia.job-exec.sogo_ealarms.schedule: "@every 1m"
+ ofelia.job-exec.sogo_ealarms.command: "/bin/bash -c \"[[ $${MASTER} == y ]] && /usr/local/bin/gosu sogo /usr/sbin/sogo-ealarms-notify -p /etc/sogo/sieve.creds || exit 0\""
+ ofelia.job-exec.sogo_eautoreply.schedule: "@every 24h"
+ ofelia.job-exec.sogo_eautoreply.command: "/bin/bash -c \"[[ $${MASTER} == y ]] && /usr/local/bin/gosu sogo /usr/sbin/sogo-tool update-autoreply -p /etc/sogo/sieve.creds || exit 0\""
+ ofelia.job-exec.sogo_backup.schedule: "@every 24h"
+ ofelia.job-exec.sogo_backup.command: "/bin/bash -c \"[[ $${MASTER} == y ]] && /usr/local/bin/gosu sogo /usr/sbin/sogo-tool backup /sogo_backup ALL || exit 0\""
restart: always
networks:
mailcow-network:
@@ -194,7 +210,7 @@
- sogo
dovecot-mailcow:
- image: mailcow/dovecot:1.139
+ image: mailcow/dovecot:1.155
depends_on:
- mysql-mailcow
dns:
@@ -243,6 +259,25 @@
- "${SIEVE_PORT:-4190}:4190"
restart: always
tty: true
+ labels:
+ ofelia.enabled: "true"
+ ofelia.job-exec.dovecot_imapsync_runner.schedule: "@every 1m"
+ ofelia.job-exec.dovecot_imapsync_runner.no-overlap: "true"
+ ofelia.job-exec.dovecot_imapsync_runner.command: "/bin/bash -c \"[[ $${MASTER} == y ]] && /usr/local/bin/gosu nobody /usr/local/bin/imapsync_runner.pl || exit 0\""
+ ofelia.job-exec.dovecot_trim_logs.schedule: "@every 1m"
+ ofelia.job-exec.dovecot_trim_logs.command: "/bin/bash -c \"[[ $${MASTER} == y ]] && /usr/local/bin/gosu vmail /usr/local/bin/trim_logs.sh || exit 0\""
+ ofelia.job-exec.dovecot_quarantine.schedule: "@every 20m"
+ ofelia.job-exec.dovecot_quarantine.command: "/bin/bash -c \"[[ $${MASTER} == y ]] && /usr/local/bin/gosu vmail /usr/local/bin/quarantine_notify.py || exit 0\""
+ ofelia.job-exec.dovecot_clean_q_aged.schedule: "@every 24h"
+ ofelia.job-exec.dovecot_clean_q_aged.command: "/bin/bash -c \"[[ $${MASTER} == y ]] && /usr/local/bin/gosu vmail /usr/local/bin/clean_q_aged.sh || exit 0\""
+ ofelia.job-exec.dovecot_maildir_gc.schedule: "@every 30m"
+ ofelia.job-exec.dovecot_maildir_gc.command: "/bin/bash -c \"source /source_env.sh ; /usr/local/bin/gosu vmail /usr/local/bin/maildir_gc.sh\""
+ ofelia.job-exec.dovecot_sarules.schedule: "@every 24h"
+ ofelia.job-exec.dovecot_sarules.command: "/bin/bash -c \"/usr/local/bin/sa-rules.sh\""
+ ofelia.job-exec.dovecot_fts.schedule: "@every 24h"
+ ofelia.job-exec.dovecot_fts.command: "/usr/bin/curl http://solr:8983/solr/dovecot-fts/update?optimize=true"
+ ofelia.job-exec.dovecot_repl_health.schedule: "@every 5m"
+ ofelia.job-exec.dovecot_repl_health.command: "/bin/bash -c \"/usr/local/bin/gosu vmail /usr/local/bin/repl_health.sh\""
ulimits:
nproc: 65535
nofile:
@@ -255,7 +290,7 @@
- dovecot
postfix-mailcow:
- image: mailcow/postfix:1.58
+ image: mailcow/postfix:1.65
depends_on:
- mysql-mailcow
volumes:
@@ -286,6 +321,7 @@
- ${IPV4_NETWORK:-172.22.1}.254
networks:
mailcow-network:
+ ipv4_address: ${IPV4_NETWORK:-172.22.1}.253
aliases:
- postfix
@@ -309,9 +345,8 @@
- ${IPV4_NETWORK:-172.22.1}.254
command: /bin/sh -c "envsubst < /etc/nginx/conf.d/templates/listen_plain.template > /etc/nginx/conf.d/listen_plain.active &&
envsubst < /etc/nginx/conf.d/templates/listen_ssl.template > /etc/nginx/conf.d/listen_ssl.active &&
- envsubst < /etc/nginx/conf.d/templates/server_name.template > /etc/nginx/conf.d/server_name.active &&
envsubst < /etc/nginx/conf.d/templates/sogo.template > /etc/nginx/conf.d/sogo.active &&
- . /etc/nginx/conf.d/templates/sogo.auth_request.template.sh > /etc/nginx/conf.d/sogo_proxy_auth.active &&
+ . /etc/nginx/conf.d/templates/server_name.template.sh > /etc/nginx/conf.d/server_name.active &&
. /etc/nginx/conf.d/templates/sites.template.sh > /etc/nginx/conf.d/sites.active &&
. /etc/nginx/conf.d/templates/sogo_eas.template.sh > /etc/nginx/conf.d/sogo_eas.active &&
nginx -qt &&
@@ -328,16 +363,17 @@
- TZ=${TZ}
- SKIP_SOGO=${SKIP_SOGO:-n}
- ALLOW_ADMIN_EMAIL_LOGIN=${ALLOW_ADMIN_EMAIL_LOGIN:-n}
+ - ADDITIONAL_SERVER_NAMES=${ADDITIONAL_SERVER_NAMES:-}
volumes:
- ./data/web:/web:ro,z
- ./data/conf/rspamd/dynmaps:/dynmaps:ro,z
- ./data/assets/ssl/:/etc/ssl/mail/:ro,z
- - ./data/conf/nginx/:/etc/nginx/conf.d/:rw,Z
+ - ./data/conf/nginx/:/etc/nginx/conf.d/:z
- ./data/conf/rspamd/meta_exporter:/meta_exporter:ro,z
- sogo-web-vol-1:/usr/lib/GNUstep/SOGo/:z
ports:
- - "${HTTPS_BIND:-0.0.0.0}:${HTTPS_PORT:-443}:${HTTPS_PORT:-443}"
- - "${HTTP_BIND:-0.0.0.0}:${HTTP_PORT:-80}:${HTTP_PORT:-80}"
+ - "${HTTPS_BIND:-:}:${HTTPS_PORT:-443}:${HTTPS_PORT:-443}"
+ - "${HTTP_BIND:-:}:${HTTP_PORT:-80}:${HTTP_PORT:-80}"
restart: always
networks:
mailcow-network:
@@ -347,11 +383,12 @@
acme-mailcow:
depends_on:
- nginx-mailcow
- image: mailcow/acme:1.76
+ image: mailcow/acme:1.79
dns:
- ${IPV4_NETWORK:-172.22.1}.254
environment:
- LOG_LINES=${LOG_LINES:-9999}
+ - ACME_CONTACT=${ACME_CONTACT:-}
- ADDITIONAL_SAN=${ADDITIONAL_SAN}
- MAILCOW_HOSTNAME=${MAILCOW_HOSTNAME}
- DBNAME=${DBNAME}
@@ -371,8 +408,8 @@
- SNAT_TO_SOURCE=${SNAT_TO_SOURCE:-n}
- SNAT6_TO_SOURCE=${SNAT6_TO_SOURCE:-n}
volumes:
- - ./data/web/.well-known/acme-challenge:/var/www/acme:rw,z
- - ./data/assets/ssl:/var/lib/acme/:rw,z
+ - ./data/web/.well-known/acme-challenge:/var/www/acme:z
+ - ./data/assets/ssl:/var/lib/acme/:z
- ./data/assets/ssl-example:/var/lib/ssl-example/:ro,Z
- mysql-socket-vol-1:/var/run/mysqld/:z
restart: always
@@ -382,7 +419,7 @@
- acme
netfilter-mailcow:
- image: mailcow/netfilter:1.38
+ image: mailcow/netfilter:1.43
stop_grace_period: 30s
depends_on:
- dovecot-mailcow
@@ -405,11 +442,13 @@
- /lib/modules:/lib/modules:ro
watchdog-mailcow:
- image: mailcow/watchdog:1.86
+ image: mailcow/watchdog:1.92
# Debug
#command: /watchdog.sh
dns:
- ${IPV4_NETWORK:-172.22.1}.254
+ tmpfs:
+ - /tmp
volumes:
- rspamd-vol-1:/var/lib/rspamd:z
- mysql-socket-vol-1:/var/run/mysqld/:z
@@ -427,6 +466,7 @@
- USE_WATCHDOG=${USE_WATCHDOG:-n}
- WATCHDOG_NOTIFY_EMAIL=${WATCHDOG_NOTIFY_EMAIL}
- WATCHDOG_NOTIFY_BAN=${WATCHDOG_NOTIFY_BAN:-y}
+ - WATCHDOG_SUBJECT=${WATCHDOG_SUBJECT:-Watchdog ALERT}
- WATCHDOG_EXTERNAL_CHECKS=${WATCHDOG_EXTERNAL_CHECKS:-n}
- WATCHDOG_MYSQL_REPLICATION_CHECKS=${WATCHDOG_MYSQL_REPLICATION_CHECKS:-n}
- MAILCOW_HOSTNAME=${MAILCOW_HOSTNAME}
@@ -455,7 +495,6 @@
- RATELIMIT_THRESHOLD=${RATELIMIT_THRESHOLD:-1}
- FAIL2BAN_THRESHOLD=${FAIL2BAN_THRESHOLD:-1}
- ACME_THRESHOLD=${ACME_THRESHOLD:-1}
- - IPV6NAT_THRESHOLD=${IPV6NAT_THRESHOLD:-1}
- RSPAMD_THRESHOLD=${RSPAMD_THRESHOLD:-5}
- OLEFY_THRESHOLD=${OLEFY_THRESHOLD:-5}
- MAILQ_THRESHOLD=${MAILQ_THRESHOLD:-20}
@@ -466,7 +505,7 @@
- watchdog
dockerapi-mailcow:
- image: mailcow/dockerapi:1.37
+ image: mailcow/dockerapi:1.38
security_opt:
- label=disable
restart: always
@@ -500,7 +539,7 @@
- solr
olefy-mailcow:
- image: mailcow/olefy:1.5
+ image: mailcow/olefy:1.7
restart: always
environment:
- TZ=${TZ}
@@ -517,6 +556,53 @@
aliases:
- olefy
+ ofelia-mailcow:
+ image: mcuadros/ofelia:latest
+ restart: always
+ command: daemon --docker
+ - TZ=${TZ}
+ depends_on:
+ - sogo-mailcow
+ - dovecot-mailcow
+ labels:
+ ofelia.enabled: "true"
+ volumes:
+ - /var/run/docker.sock:/var/run/docker.sock:ro
+ networks:
+ mailcow-network:
+ aliases:
+ - ofelia
+
+ ipv6nat-mailcow:
+ depends_on:
+ - unbound-mailcow
+ - mysql-mailcow
+ - redis-mailcow
+ - clamd-mailcow
+ - rspamd-mailcow
+ - php-fpm-mailcow
+ - sogo-mailcow
+ - dovecot-mailcow
+ - postfix-mailcow
+ - memcached-mailcow
+ - nginx-mailcow
+ - acme-mailcow
+ - netfilter-mailcow
+ - watchdog-mailcow
+ - dockerapi-mailcow
+ - solr-mailcow
+ environment:
+ - TZ=${TZ}
+ image: robbertkl/ipv6nat
+ security_opt:
+ - label=disable
+ restart: always
+ privileged: true
+ network_mode: "host"
+ volumes:
+ - /var/run/docker.sock:/var/run/docker.sock:ro
+ - /lib/modules:/lib/modules:ro
+
networks:
mailcow-network:
driver: bridge