Gitiles
Code Review Sign In
gerrit.benkard.de / kubeia / d13dbd733f57ea760f8a736702cc68a60eb1b770 / . / mailcow / src / mailcow-dockerized / docker-compose.yml
blob: 040e5308c291a928075c0bfc6718f087e4eedc92 [file] [log] [blame]
Matthias Andreas Benkardb382b102021-01-02 15:32:21 +0100[diff] [blame]1version: '2.1'
2services:
3
4 unbound-mailcow:
Matthias Andreas Benkardd1f5b682023-11-18 13:18:30 +0100[diff] [blame]5 image: mailcow/unbound:1.18
Matthias Andreas Benkardb382b102021-01-02 15:32:21 +0100[diff] [blame]6 environment:
7 - TZ=${TZ}
8 volumes:
9 - ./data/hooks/unbound:/hooks:Z
10 - ./data/conf/unbound/unbound.conf:/etc/unbound/unbound.conf:ro,Z
11 restart: always
12 tty: true
13 networks:
14 mailcow-network:
15 ipv4_address: ${IPV4_NETWORK:-172.22.1}.254
16 aliases:
17 - unbound
18
19 mysql-mailcow:
Matthias Andreas Benkard7b2a3a12021-08-16 10:57:25 +0200[diff] [blame]20 image: mariadb:10.5
Matthias Andreas Benkardb382b102021-01-02 15:32:21 +0100[diff] [blame]21 depends_on:
22 - unbound-mailcow
23 stop_grace_period: 45s
24 volumes:
Matthias Andreas Benkard1ba53812022-12-27 17:32:58 +0100[diff] [blame]25 - mysql-vol-1:/var/lib/mysql/
26 - mysql-socket-vol-1:/var/run/mysqld/
Matthias Andreas Benkardb382b102021-01-02 15:32:21 +0100[diff] [blame]27 - ./data/conf/mysql/:/etc/mysql/conf.d/:ro,Z
28 environment:
29 - TZ=${TZ}
30 - MYSQL_ROOT_PASSWORD=${DBROOT}
31 - MYSQL_DATABASE=${DBNAME}
32 - MYSQL_USER=${DBUSER}
33 - MYSQL_PASSWORD=${DBPASS}
34 - MYSQL_INITDB_SKIP_TZINFO=1
35 restart: always
36 ports:
37 - "${SQL_PORT:-127.0.0.1:13306}:3306"
38 networks:
39 mailcow-network:
40 aliases:
41 - mysql
42
43 redis-mailcow:
Matthias Andreas Benkard1ba53812022-12-27 17:32:58 +0100[diff] [blame]44 image: redis:7-alpine
Matthias Andreas Benkardb382b102021-01-02 15:32:21 +0100[diff] [blame]45 volumes:
Matthias Andreas Benkard1ba53812022-12-27 17:32:58 +0100[diff] [blame]46 - redis-vol-1:/data/
Matthias Andreas Benkardb382b102021-01-02 15:32:21 +0100[diff] [blame]47 restart: always
48 ports:
49 - "${REDIS_PORT:-127.0.0.1:7654}:6379"
50 environment:
51 - TZ=${TZ}
Matthias Andreas Benkard7b2a3a12021-08-16 10:57:25 +0200[diff] [blame]52 sysctls:
53 - net.core.somaxconn=4096
Matthias Andreas Benkardb382b102021-01-02 15:32:21 +0100[diff] [blame]54 networks:
55 mailcow-network:
56 ipv4_address: ${IPV4_NETWORK:-172.22.1}.249
57 aliases:
58 - redis
59
60 clamd-mailcow:
Matthias Andreas Benkardd1f5b682023-11-18 13:18:30 +0100[diff] [blame]61 image: mailcow/clamd:1.63
Matthias Andreas Benkardb382b102021-01-02 15:32:21 +0100[diff] [blame]62 restart: always
Matthias Andreas Benkard1ba53812022-12-27 17:32:58 +0100[diff] [blame]63 depends_on:
Matthias Andreas Benkardd1f5b682023-11-18 13:18:30 +0100[diff] [blame]64 unbound-mailcow:
65 condition: service_healthy
Matthias Andreas Benkardb382b102021-01-02 15:32:21 +0100[diff] [blame]66 dns:
67 - ${IPV4_NETWORK:-172.22.1}.254
68 environment:
69 - TZ=${TZ}
70 - SKIP_CLAMD=${SKIP_CLAMD:-n}
71 volumes:
72 - ./data/conf/clamav/:/etc/clamav/:Z
Matthias Andreas Benkard1ba53812022-12-27 17:32:58 +0100[diff] [blame]73 - clamd-db-vol-1:/var/lib/clamav
Matthias Andreas Benkardb382b102021-01-02 15:32:21 +0100[diff] [blame]74 networks:
75 mailcow-network:
76 aliases:
77 - clamd
78
79 rspamd-mailcow:
Matthias Andreas Benkard1ba53812022-12-27 17:32:58 +0100[diff] [blame]80 image: mailcow/rspamd:1.92
Matthias Andreas Benkardb382b102021-01-02 15:32:21 +0100[diff] [blame]81 stop_grace_period: 30s
82 depends_on:
83 - dovecot-mailcow
84 environment:
85 - TZ=${TZ}
86 - IPV4_NETWORK=${IPV4_NETWORK:-172.22.1}
87 - IPV6_NETWORK=${IPV6_NETWORK:-fd4d:6169:6c63:6f77::/64}
88 - REDIS_SLAVEOF_IP=${REDIS_SLAVEOF_IP:-}
89 - REDIS_SLAVEOF_PORT=${REDIS_SLAVEOF_PORT:-}
90 volumes:
91 - ./data/hooks/rspamd:/hooks:Z
92 - ./data/conf/rspamd/custom/:/etc/rspamd/custom:z
93 - ./data/conf/rspamd/override.d/:/etc/rspamd/override.d:Z
94 - ./data/conf/rspamd/local.d/:/etc/rspamd/local.d:Z
95 - ./data/conf/rspamd/plugins.d/:/etc/rspamd/plugins.d:Z
96 - ./data/conf/rspamd/lua/:/etc/rspamd/lua/:ro,Z
97 - ./data/conf/rspamd/rspamd.conf.local:/etc/rspamd/rspamd.conf.local:Z
98 - ./data/conf/rspamd/rspamd.conf.override:/etc/rspamd/rspamd.conf.override:Z
Matthias Andreas Benkard1ba53812022-12-27 17:32:58 +0100[diff] [blame]99 - rspamd-vol-1:/var/lib/rspamd
Matthias Andreas Benkardb382b102021-01-02 15:32:21 +0100[diff] [blame]100 restart: always
101 hostname: rspamd
102 dns:
103 - ${IPV4_NETWORK:-172.22.1}.254
104 networks:
105 mailcow-network:
106 aliases:
107 - rspamd
108
109 php-fpm-mailcow:
Matthias Andreas Benkardd1f5b682023-11-18 13:18:30 +0100[diff] [blame]110 image: mailcow/phpfpm:1.85
Matthias Andreas Benkardb382b102021-01-02 15:32:21 +0100[diff] [blame]111 command: "php-fpm -d date.timezone=${TZ} -d expose_php=0"
112 depends_on:
113 - redis-mailcow
114 volumes:
115 - ./data/hooks/phpfpm:/hooks:Z
Matthias Andreas Benkard7b2a3a12021-08-16 10:57:25 +0200[diff] [blame]116 - ./data/web:/web:z
Matthias Andreas Benkardb382b102021-01-02 15:32:21 +0100[diff] [blame]117 - ./data/conf/rspamd/dynmaps:/dynmaps:ro,z
118 - ./data/conf/rspamd/custom/:/rspamd_custom_maps:z
Matthias Andreas Benkard1ba53812022-12-27 17:32:58 +0100[diff] [blame]119 - rspamd-vol-1:/var/lib/rspamd
120 - mysql-socket-vol-1:/var/run/mysqld/
Matthias Andreas Benkardb382b102021-01-02 15:32:21 +0100[diff] [blame]121 - ./data/conf/sogo/:/etc/sogo/:z
122 - ./data/conf/rspamd/meta_exporter:/meta_exporter:ro,z
123 - ./data/conf/phpfpm/sogo-sso/:/etc/sogo-sso/:z
124 - ./data/conf/phpfpm/php-fpm.d/pools.conf:/usr/local/etc/php-fpm.d/z-pools.conf:Z
125 - ./data/conf/phpfpm/php-conf.d/opcache-recommended.ini:/usr/local/etc/php/conf.d/opcache-recommended.ini:Z
126 - ./data/conf/phpfpm/php-conf.d/upload.ini:/usr/local/etc/php/conf.d/upload.ini:Z
127 - ./data/conf/phpfpm/php-conf.d/other.ini:/usr/local/etc/php/conf.d/zzz-other.ini:Z
128 - ./data/conf/dovecot/global_sieve_before:/global_sieve/before:z
129 - ./data/conf/dovecot/global_sieve_after:/global_sieve/after:z
130 - ./data/assets/templates:/tpls:z
Matthias Andreas Benkard7b2a3a12021-08-16 10:57:25 +0200[diff] [blame]131 - ./data/conf/nginx/:/etc/nginx/conf.d/:z
Matthias Andreas Benkardb382b102021-01-02 15:32:21 +0100[diff] [blame]132 dns:
133 - ${IPV4_NETWORK:-172.22.1}.254
134 environment:
135 - REDIS_SLAVEOF_IP=${REDIS_SLAVEOF_IP:-}
136 - REDIS_SLAVEOF_PORT=${REDIS_SLAVEOF_PORT:-}
137 - LOG_LINES=${LOG_LINES:-9999}
138 - TZ=${TZ}
139 - DBNAME=${DBNAME}
140 - DBUSER=${DBUSER}
141 - DBPASS=${DBPASS}
142 - MAILCOW_HOSTNAME=${MAILCOW_HOSTNAME}
143 - MAILCOW_PASS_SCHEME=${MAILCOW_PASS_SCHEME:-BLF-CRYPT}
144 - IMAP_PORT=${IMAP_PORT:-143}
145 - IMAPS_PORT=${IMAPS_PORT:-993}
146 - POP_PORT=${POP_PORT:-110}
147 - POPS_PORT=${POPS_PORT:-995}
148 - SIEVE_PORT=${SIEVE_PORT:-4190}
149 - IPV4_NETWORK=${IPV4_NETWORK:-172.22.1}
150 - IPV6_NETWORK=${IPV6_NETWORK:-fd4d:6169:6c63:6f77::/64}
151 - SUBMISSION_PORT=${SUBMISSION_PORT:-587}
152 - SMTPS_PORT=${SMTPS_PORT:-465}
153 - SMTP_PORT=${SMTP_PORT:-25}
154 - API_KEY=${API_KEY:-invalid}
155 - API_KEY_READ_ONLY=${API_KEY_READ_ONLY:-invalid}
156 - API_ALLOW_FROM=${API_ALLOW_FROM:-invalid}
157 - COMPOSE_PROJECT_NAME=${COMPOSE_PROJECT_NAME:-mailcow-dockerized}
158 - SKIP_SOLR=${SKIP_SOLR:-y}
159 - SKIP_CLAMD=${SKIP_CLAMD:-n}
160 - SKIP_SOGO=${SKIP_SOGO:-n}
161 - ALLOW_ADMIN_EMAIL_LOGIN=${ALLOW_ADMIN_EMAIL_LOGIN:-n}
162 - MASTER=${MASTER:-y}
Matthias Andreas Benkard12a57352021-12-28 18:02:04 +0100[diff] [blame]163 - DEV_MODE=${DEV_MODE:-n}
Matthias Andreas Benkard1ba53812022-12-27 17:32:58 +0100[diff] [blame]164 - DEMO_MODE=${DEMO_MODE:-n}
165 - WEBAUTHN_ONLY_TRUSTED_VENDORS=${WEBAUTHN_ONLY_TRUSTED_VENDORS:-n}
Matthias Andreas Benkardd1f5b682023-11-18 13:18:30 +0100[diff] [blame]166 - CLUSTERMODE=${CLUSTERMODE:-}
Matthias Andreas Benkardb382b102021-01-02 15:32:21 +0100[diff] [blame]167 restart: always
168 networks:
169 mailcow-network:
170 aliases:
171 - phpfpm
172
173 sogo-mailcow:
Matthias Andreas Benkardd1f5b682023-11-18 13:18:30 +0100[diff] [blame]174 image: mailcow/sogo:1.119
Matthias Andreas Benkardb382b102021-01-02 15:32:21 +0100[diff] [blame]175 environment:
176 - DBNAME=${DBNAME}
177 - DBUSER=${DBUSER}
178 - DBPASS=${DBPASS}
179 - TZ=${TZ}
180 - LOG_LINES=${LOG_LINES:-9999}
181 - MAILCOW_HOSTNAME=${MAILCOW_HOSTNAME}
182 - MAILCOW_PASS_SCHEME=${MAILCOW_PASS_SCHEME:-BLF-CRYPT}
183 - ACL_ANYONE=${ACL_ANYONE:-disallow}
184 - ALLOW_ADMIN_EMAIL_LOGIN=${ALLOW_ADMIN_EMAIL_LOGIN:-n}
185 - IPV4_NETWORK=${IPV4_NETWORK:-172.22.1}
186 - SOGO_EXPIRE_SESSION=${SOGO_EXPIRE_SESSION:-480}
187 - SKIP_SOGO=${SKIP_SOGO:-n}
188 - MASTER=${MASTER:-y}
189 - REDIS_SLAVEOF_IP=${REDIS_SLAVEOF_IP:-}
190 - REDIS_SLAVEOF_PORT=${REDIS_SLAVEOF_PORT:-}
191 dns:
192 - ${IPV4_NETWORK:-172.22.1}.254
193 volumes:
Matthias Andreas Benkard7b2a3a12021-08-16 10:57:25 +0200[diff] [blame]194 - ./data/hooks/sogo:/hooks:Z
Matthias Andreas Benkardb382b102021-01-02 15:32:21 +0100[diff] [blame]195 - ./data/conf/sogo/:/etc/sogo/:z
Matthias Andreas Benkardd1f5b682023-11-18 13:18:30 +0100[diff] [blame]196 - ./data/web/inc/init_db.inc.php:/init_db.inc.php:z
Matthias Andreas Benkard7b2a3a12021-08-16 10:57:25 +0200[diff] [blame]197 - ./data/conf/sogo/custom-favicon.ico:/usr/lib/GNUstep/SOGo/WebServerResources/img/sogo.ico:z
198 - ./data/conf/sogo/custom-theme.js:/usr/lib/GNUstep/SOGo/WebServerResources/js/theme.js:z
Matthias Andreas Benkardb382b102021-01-02 15:32:21 +0100[diff] [blame]199 - ./data/conf/sogo/custom-sogo.js:/usr/lib/GNUstep/SOGo/WebServerResources/js/custom-sogo.js:z
Matthias Andreas Benkard1ba53812022-12-27 17:32:58 +0100[diff] [blame]200 - mysql-socket-vol-1:/var/run/mysqld/
201 - sogo-web-vol-1:/sogo_web
202 - sogo-userdata-backup-vol-1:/sogo_backup
Matthias Andreas Benkard7b2a3a12021-08-16 10:57:25 +0200[diff] [blame]203 labels:
204 ofelia.enabled: "true"
205 ofelia.job-exec.sogo_sessions.schedule: "@every 1m"
206 ofelia.job-exec.sogo_sessions.command: "/bin/bash -c \"[[ $${MASTER} == y ]] && /usr/local/bin/gosu sogo /usr/sbin/sogo-tool expire-sessions $${SOGO_EXPIRE_SESSION} || exit 0\""
207 ofelia.job-exec.sogo_ealarms.schedule: "@every 1m"
208 ofelia.job-exec.sogo_ealarms.command: "/bin/bash -c \"[[ $${MASTER} == y ]] && /usr/local/bin/gosu sogo /usr/sbin/sogo-ealarms-notify -p /etc/sogo/sieve.creds || exit 0\""
Matthias Andreas Benkard1ba53812022-12-27 17:32:58 +0100[diff] [blame]209 ofelia.job-exec.sogo_eautoreply.schedule: "@every 5m"
Matthias Andreas Benkard7b2a3a12021-08-16 10:57:25 +0200[diff] [blame]210 ofelia.job-exec.sogo_eautoreply.command: "/bin/bash -c \"[[ $${MASTER} == y ]] && /usr/local/bin/gosu sogo /usr/sbin/sogo-tool update-autoreply -p /etc/sogo/sieve.creds || exit 0\""
211 ofelia.job-exec.sogo_backup.schedule: "@every 24h"
212 ofelia.job-exec.sogo_backup.command: "/bin/bash -c \"[[ $${MASTER} == y ]] && /usr/local/bin/gosu sogo /usr/sbin/sogo-tool backup /sogo_backup ALL || exit 0\""
Matthias Andreas Benkardb382b102021-01-02 15:32:21 +0100[diff] [blame]213 restart: always
214 networks:
215 mailcow-network:
216 ipv4_address: ${IPV4_NETWORK:-172.22.1}.248
217 aliases:
218 - sogo
219
220 dovecot-mailcow:
Matthias Andreas Benkardd1f5b682023-11-18 13:18:30 +0100[diff] [blame]221 image: mailcow/dovecot:1.25
Matthias Andreas Benkardb382b102021-01-02 15:32:21 +0100[diff] [blame]222 depends_on:
223 - mysql-mailcow
224 dns:
225 - ${IPV4_NETWORK:-172.22.1}.254
226 cap_add:
227 - NET_BIND_SERVICE
228 volumes:
229 - ./data/hooks/dovecot:/hooks:Z
230 - ./data/conf/dovecot:/etc/dovecot:z
231 - ./data/assets/ssl:/etc/ssl/mail/:ro,z
232 - ./data/conf/sogo/:/etc/sogo/:z
233 - ./data/conf/phpfpm/sogo-sso/:/etc/phpfpm/:z
Matthias Andreas Benkard1ba53812022-12-27 17:32:58 +0100[diff] [blame]234 - vmail-vol-1:/var/vmail
235 - vmail-index-vol-1:/var/vmail_index
236 - crypt-vol-1:/mail_crypt/
Matthias Andreas Benkardb382b102021-01-02 15:32:21 +0100[diff] [blame]237 - ./data/conf/rspamd/custom/:/etc/rspamd/custom:z
238 - ./data/assets/templates:/templates:z
Matthias Andreas Benkard1ba53812022-12-27 17:32:58 +0100[diff] [blame]239 - rspamd-vol-1:/var/lib/rspamd
240 - mysql-socket-vol-1:/var/run/mysqld/
Matthias Andreas Benkardb382b102021-01-02 15:32:21 +0100[diff] [blame]241 environment:
242 - DOVECOT_MASTER_USER=${DOVECOT_MASTER_USER:-}
243 - DOVECOT_MASTER_PASS=${DOVECOT_MASTER_PASS:-}
244 - LOG_LINES=${LOG_LINES:-9999}
245 - DBNAME=${DBNAME}
246 - DBUSER=${DBUSER}
247 - DBPASS=${DBPASS}
248 - TZ=${TZ}
249 - MAILCOW_HOSTNAME=${MAILCOW_HOSTNAME}
250 - MAILCOW_PASS_SCHEME=${MAILCOW_PASS_SCHEME:-BLF-CRYPT}
251 - IPV4_NETWORK=${IPV4_NETWORK:-172.22.1}
252 - ALLOW_ADMIN_EMAIL_LOGIN=${ALLOW_ADMIN_EMAIL_LOGIN:-n}
Matthias Andreas Benkard12a57352021-12-28 18:02:04 +0100[diff] [blame]253 - MAILDIR_GC_TIME=${MAILDIR_GC_TIME:-7200}
Matthias Andreas Benkardb382b102021-01-02 15:32:21 +0100[diff] [blame]254 - ACL_ANYONE=${ACL_ANYONE:-disallow}
255 - SKIP_SOLR=${SKIP_SOLR:-y}
256 - MAILDIR_SUB=${MAILDIR_SUB:-}
257 - MASTER=${MASTER:-y}
258 - REDIS_SLAVEOF_IP=${REDIS_SLAVEOF_IP:-}
259 - REDIS_SLAVEOF_PORT=${REDIS_SLAVEOF_PORT:-}
260 - COMPOSE_PROJECT_NAME=${COMPOSE_PROJECT_NAME:-mailcow-dockerized}
261 ports:
262 - "${DOVEADM_PORT:-127.0.0.1:19991}:12345"
263 - "${IMAP_PORT:-143}:143"
264 - "${IMAPS_PORT:-993}:993"
265 - "${POP_PORT:-110}:110"
266 - "${POPS_PORT:-995}:995"
267 - "${SIEVE_PORT:-4190}:4190"
268 restart: always
269 tty: true
Matthias Andreas Benkard7b2a3a12021-08-16 10:57:25 +0200[diff] [blame]270 labels:
271 ofelia.enabled: "true"
272 ofelia.job-exec.dovecot_imapsync_runner.schedule: "@every 1m"
273 ofelia.job-exec.dovecot_imapsync_runner.no-overlap: "true"
274 ofelia.job-exec.dovecot_imapsync_runner.command: "/bin/bash -c \"[[ $${MASTER} == y ]] && /usr/local/bin/gosu nobody /usr/local/bin/imapsync_runner.pl || exit 0\""
275 ofelia.job-exec.dovecot_trim_logs.schedule: "@every 1m"
276 ofelia.job-exec.dovecot_trim_logs.command: "/bin/bash -c \"[[ $${MASTER} == y ]] && /usr/local/bin/gosu vmail /usr/local/bin/trim_logs.sh || exit 0\""
277 ofelia.job-exec.dovecot_quarantine.schedule: "@every 20m"
278 ofelia.job-exec.dovecot_quarantine.command: "/bin/bash -c \"[[ $${MASTER} == y ]] && /usr/local/bin/gosu vmail /usr/local/bin/quarantine_notify.py || exit 0\""
279 ofelia.job-exec.dovecot_clean_q_aged.schedule: "@every 24h"
280 ofelia.job-exec.dovecot_clean_q_aged.command: "/bin/bash -c \"[[ $${MASTER} == y ]] && /usr/local/bin/gosu vmail /usr/local/bin/clean_q_aged.sh || exit 0\""
281 ofelia.job-exec.dovecot_maildir_gc.schedule: "@every 30m"
282 ofelia.job-exec.dovecot_maildir_gc.command: "/bin/bash -c \"source /source_env.sh ; /usr/local/bin/gosu vmail /usr/local/bin/maildir_gc.sh\""
283 ofelia.job-exec.dovecot_sarules.schedule: "@every 24h"
284 ofelia.job-exec.dovecot_sarules.command: "/bin/bash -c \"/usr/local/bin/sa-rules.sh\""
285 ofelia.job-exec.dovecot_fts.schedule: "@every 24h"
286 ofelia.job-exec.dovecot_fts.command: "/usr/bin/curl http://solr:8983/solr/dovecot-fts/update?optimize=true"
287 ofelia.job-exec.dovecot_repl_health.schedule: "@every 5m"
288 ofelia.job-exec.dovecot_repl_health.command: "/bin/bash -c \"/usr/local/bin/gosu vmail /usr/local/bin/repl_health.sh\""
Matthias Andreas Benkardb382b102021-01-02 15:32:21 +0100[diff] [blame]289 ulimits:
290 nproc: 65535
291 nofile:
292 soft: 20000
293 hard: 40000
294 networks:
295 mailcow-network:
296 ipv4_address: ${IPV4_NETWORK:-172.22.1}.250
297 aliases:
298 - dovecot
299
300 postfix-mailcow:
Matthias Andreas Benkardd1f5b682023-11-18 13:18:30 +0100[diff] [blame]301 image: mailcow/postfix:1.72
Matthias Andreas Benkardb382b102021-01-02 15:32:21 +0100[diff] [blame]302 depends_on:
Matthias Andreas Benkardd1f5b682023-11-18 13:18:30 +0100[diff] [blame]303 mysql-mailcow:
304 condition: service_started
305 unbound-mailcow:
306 condition: service_healthy
Matthias Andreas Benkardb382b102021-01-02 15:32:21 +0100[diff] [blame]307 volumes:
308 - ./data/hooks/postfix:/hooks:Z
309 - ./data/conf/postfix:/opt/postfix/conf:z
310 - ./data/assets/ssl:/etc/ssl/mail/:ro,z
Matthias Andreas Benkard1ba53812022-12-27 17:32:58 +0100[diff] [blame]311 - postfix-vol-1:/var/spool/postfix
312 - crypt-vol-1:/var/lib/zeyple
313 - rspamd-vol-1:/var/lib/rspamd
314 - mysql-socket-vol-1:/var/run/mysqld/
Matthias Andreas Benkardb382b102021-01-02 15:32:21 +0100[diff] [blame]315 environment:
316 - LOG_LINES=${LOG_LINES:-9999}
317 - TZ=${TZ}
318 - DBNAME=${DBNAME}
319 - DBUSER=${DBUSER}
320 - DBPASS=${DBPASS}
321 - REDIS_SLAVEOF_IP=${REDIS_SLAVEOF_IP:-}
322 - REDIS_SLAVEOF_PORT=${REDIS_SLAVEOF_PORT:-}
323 - MAILCOW_HOSTNAME=${MAILCOW_HOSTNAME}
Matthias Andreas Benkardd1f5b682023-11-18 13:18:30 +0100[diff] [blame]324 - SPAMHAUS_DQS_KEY=${SPAMHAUS_DQS_KEY:-}
Matthias Andreas Benkardb382b102021-01-02 15:32:21 +0100[diff] [blame]325 cap_add:
326 - NET_BIND_SERVICE
327 ports:
328 - "${SMTP_PORT:-25}:25"
329 - "${SMTPS_PORT:-465}:465"
330 - "${SUBMISSION_PORT:-587}:587"
331 restart: always
332 dns:
333 - ${IPV4_NETWORK:-172.22.1}.254
334 networks:
335 mailcow-network:
Matthias Andreas Benkard7b2a3a12021-08-16 10:57:25 +0200[diff] [blame]336 ipv4_address: ${IPV4_NETWORK:-172.22.1}.253
Matthias Andreas Benkardb382b102021-01-02 15:32:21 +0100[diff] [blame]337 aliases:
338 - postfix
339
340 memcached-mailcow:
341 image: memcached:alpine
342 restart: always
343 environment:
344 - TZ=${TZ}
345 networks:
346 mailcow-network:
347 aliases:
348 - memcached
349
350 nginx-mailcow:
351 depends_on:
352 - sogo-mailcow
353 - php-fpm-mailcow
354 - redis-mailcow
Matthias Andreas Benkarda515bc62023-11-18 16:44:25 +0100[diff] [blame]355 image: nginx:mainline-alpine
Matthias Andreas Benkardb382b102021-01-02 15:32:21 +0100[diff] [blame]356 dns:
357 - ${IPV4_NETWORK:-172.22.1}.254
358 command: /bin/sh -c "envsubst < /etc/nginx/conf.d/templates/listen_plain.template > /etc/nginx/conf.d/listen_plain.active &&
359 envsubst < /etc/nginx/conf.d/templates/listen_ssl.template > /etc/nginx/conf.d/listen_ssl.active &&
Matthias Andreas Benkardb382b102021-01-02 15:32:21 +0100[diff] [blame]360 envsubst < /etc/nginx/conf.d/templates/sogo.template > /etc/nginx/conf.d/sogo.active &&
Matthias Andreas Benkard7b2a3a12021-08-16 10:57:25 +0200[diff] [blame]361 . /etc/nginx/conf.d/templates/server_name.template.sh > /etc/nginx/conf.d/server_name.active &&
Matthias Andreas Benkardb382b102021-01-02 15:32:21 +0100[diff] [blame]362 . /etc/nginx/conf.d/templates/sites.template.sh > /etc/nginx/conf.d/sites.active &&
363 . /etc/nginx/conf.d/templates/sogo_eas.template.sh > /etc/nginx/conf.d/sogo_eas.active &&
364 nginx -qt &&
365 until ping phpfpm -c1 > /dev/null; do sleep 1; done &&
366 until ping sogo -c1 > /dev/null; do sleep 1; done &&
367 until ping redis -c1 > /dev/null; do sleep 1; done &&
368 until ping rspamd -c1 > /dev/null; do sleep 1; done &&
369 exec nginx -g 'daemon off;'"
370 environment:
371 - HTTPS_PORT=${HTTPS_PORT:-443}
372 - HTTP_PORT=${HTTP_PORT:-80}
373 - MAILCOW_HOSTNAME=${MAILCOW_HOSTNAME}
374 - IPV4_NETWORK=${IPV4_NETWORK:-172.22.1}
375 - TZ=${TZ}
376 - SKIP_SOGO=${SKIP_SOGO:-n}
377 - ALLOW_ADMIN_EMAIL_LOGIN=${ALLOW_ADMIN_EMAIL_LOGIN:-n}
Matthias Andreas Benkard7b2a3a12021-08-16 10:57:25 +0200[diff] [blame]378 - ADDITIONAL_SERVER_NAMES=${ADDITIONAL_SERVER_NAMES:-}
Matthias Andreas Benkardb382b102021-01-02 15:32:21 +0100[diff] [blame]379 volumes:
380 - ./data/web:/web:ro,z
381 - ./data/conf/rspamd/dynmaps:/dynmaps:ro,z
382 - ./data/assets/ssl/:/etc/ssl/mail/:ro,z
Matthias Andreas Benkard7b2a3a12021-08-16 10:57:25 +0200[diff] [blame]383 - ./data/conf/nginx/:/etc/nginx/conf.d/:z
Matthias Andreas Benkardb382b102021-01-02 15:32:21 +0100[diff] [blame]384 - ./data/conf/rspamd/meta_exporter:/meta_exporter:ro,z
Matthias Andreas Benkard1ba53812022-12-27 17:32:58 +0100[diff] [blame]385 - sogo-web-vol-1:/usr/lib/GNUstep/SOGo/
Matthias Andreas Benkardb382b102021-01-02 15:32:21 +0100[diff] [blame]386 ports:
Matthias Andreas Benkardd1f5b682023-11-18 13:18:30 +0100[diff] [blame]387 - "${HTTPS_BIND:-}:${HTTPS_PORT:-443}:${HTTPS_PORT:-443}"
388 - "${HTTP_BIND:-}:${HTTP_PORT:-80}:${HTTP_PORT:-80}"
Matthias Andreas Benkardb382b102021-01-02 15:32:21 +0100[diff] [blame]389 restart: always
390 networks:
391 mailcow-network:
392 aliases:
393 - nginx
394
395 acme-mailcow:
396 depends_on:
Matthias Andreas Benkardd1f5b682023-11-18 13:18:30 +0100[diff] [blame]397 nginx-mailcow:
398 condition: service_started
399 unbound-mailcow:
400 condition: service_healthy
401 image: mailcow/acme:1.85
Matthias Andreas Benkardb382b102021-01-02 15:32:21 +0100[diff] [blame]402 dns:
403 - ${IPV4_NETWORK:-172.22.1}.254
404 environment:
405 - LOG_LINES=${LOG_LINES:-9999}
Matthias Andreas Benkard7b2a3a12021-08-16 10:57:25 +0200[diff] [blame]406 - ACME_CONTACT=${ACME_CONTACT:-}
Matthias Andreas Benkardb382b102021-01-02 15:32:21 +0100[diff] [blame]407 - ADDITIONAL_SAN=${ADDITIONAL_SAN}
408 - MAILCOW_HOSTNAME=${MAILCOW_HOSTNAME}
409 - DBNAME=${DBNAME}
410 - DBUSER=${DBUSER}
411 - DBPASS=${DBPASS}
412 - SKIP_LETS_ENCRYPT=${SKIP_LETS_ENCRYPT:-n}
413 - COMPOSE_PROJECT_NAME=${COMPOSE_PROJECT_NAME:-mailcow-dockerized}
414 - DIRECTORY_URL=${DIRECTORY_URL:-}
415 - ENABLE_SSL_SNI=${ENABLE_SSL_SNI:-n}
416 - SKIP_IP_CHECK=${SKIP_IP_CHECK:-n}
417 - SKIP_HTTP_VERIFICATION=${SKIP_HTTP_VERIFICATION:-n}
418 - ONLY_MAILCOW_HOSTNAME=${ONLY_MAILCOW_HOSTNAME:-n}
419 - LE_STAGING=${LE_STAGING:-n}
420 - TZ=${TZ}
421 - REDIS_SLAVEOF_IP=${REDIS_SLAVEOF_IP:-}
422 - REDIS_SLAVEOF_PORT=${REDIS_SLAVEOF_PORT:-}
423 - SNAT_TO_SOURCE=${SNAT_TO_SOURCE:-n}
424 - SNAT6_TO_SOURCE=${SNAT6_TO_SOURCE:-n}
425 volumes:
Matthias Andreas Benkard7b2a3a12021-08-16 10:57:25 +0200[diff] [blame]426 - ./data/web/.well-known/acme-challenge:/var/www/acme:z
427 - ./data/assets/ssl:/var/lib/acme/:z
Matthias Andreas Benkardb382b102021-01-02 15:32:21 +0100[diff] [blame]428 - ./data/assets/ssl-example:/var/lib/ssl-example/:ro,Z
Matthias Andreas Benkard1ba53812022-12-27 17:32:58 +0100[diff] [blame]429 - mysql-socket-vol-1:/var/run/mysqld/
Matthias Andreas Benkardb382b102021-01-02 15:32:21 +0100[diff] [blame]430 restart: always
431 networks:
432 mailcow-network:
433 aliases:
434 - acme
435
436 netfilter-mailcow:
Matthias Andreas Benkardd1f5b682023-11-18 13:18:30 +0100[diff] [blame]437 image: mailcow/netfilter:1.52
Matthias Andreas Benkardb382b102021-01-02 15:32:21 +0100[diff] [blame]438 stop_grace_period: 30s
439 depends_on:
440 - dovecot-mailcow
441 - postfix-mailcow
442 - sogo-mailcow
443 - php-fpm-mailcow
444 - redis-mailcow
445 restart: always
446 privileged: true
447 environment:
448 - TZ=${TZ}
449 - IPV4_NETWORK=${IPV4_NETWORK:-172.22.1}
450 - IPV6_NETWORK=${IPV6_NETWORK:-fd4d:6169:6c63:6f77::/64}
451 - SNAT_TO_SOURCE=${SNAT_TO_SOURCE:-n}
452 - SNAT6_TO_SOURCE=${SNAT6_TO_SOURCE:-n}
453 - REDIS_SLAVEOF_IP=${REDIS_SLAVEOF_IP:-}
454 - REDIS_SLAVEOF_PORT=${REDIS_SLAVEOF_PORT:-}
455 network_mode: "host"
456 volumes:
457 - /lib/modules:/lib/modules:ro
458
459 watchdog-mailcow:
Matthias Andreas Benkardd1f5b682023-11-18 13:18:30 +0100[diff] [blame]460 image: mailcow/watchdog:1.98
Matthias Andreas Benkardb382b102021-01-02 15:32:21 +0100[diff] [blame]461 dns:
462 - ${IPV4_NETWORK:-172.22.1}.254
Matthias Andreas Benkard7b2a3a12021-08-16 10:57:25 +0200[diff] [blame]463 tmpfs:
464 - /tmp
Matthias Andreas Benkardb382b102021-01-02 15:32:21 +0100[diff] [blame]465 volumes:
Matthias Andreas Benkard1ba53812022-12-27 17:32:58 +0100[diff] [blame]466 - rspamd-vol-1:/var/lib/rspamd
467 - mysql-socket-vol-1:/var/run/mysqld/
468 - postfix-vol-1:/var/spool/postfix
Matthias Andreas Benkardb382b102021-01-02 15:32:21 +0100[diff] [blame]469 - ./data/assets/ssl:/etc/ssl/mail/:ro,z
470 restart: always
Matthias Andreas Benkardd1f5b682023-11-18 13:18:30 +0100[diff] [blame]471 depends_on:
472 - postfix-mailcow
473 - dovecot-mailcow
474 - mysql-mailcow
475 - acme-mailcow
476 - redis-mailcow
477
Matthias Andreas Benkardb382b102021-01-02 15:32:21 +0100[diff] [blame]478 environment:
479 - IPV6_NETWORK=${IPV6_NETWORK:-fd4d:6169:6c63:6f77::/64}
480 - LOG_LINES=${LOG_LINES:-9999}
481 - TZ=${TZ}
482 - DBNAME=${DBNAME}
483 - DBUSER=${DBUSER}
484 - DBPASS=${DBPASS}
485 - DBROOT=${DBROOT}
486 - USE_WATCHDOG=${USE_WATCHDOG:-n}
Matthias Andreas Benkard1ba53812022-12-27 17:32:58 +0100[diff] [blame]487 - WATCHDOG_NOTIFY_EMAIL=${WATCHDOG_NOTIFY_EMAIL:-}
Matthias Andreas Benkardb382b102021-01-02 15:32:21 +0100[diff] [blame]488 - WATCHDOG_NOTIFY_BAN=${WATCHDOG_NOTIFY_BAN:-y}
Matthias Andreas Benkard7b2a3a12021-08-16 10:57:25 +0200[diff] [blame]489 - WATCHDOG_SUBJECT=${WATCHDOG_SUBJECT:-Watchdog ALERT}
Matthias Andreas Benkardb382b102021-01-02 15:32:21 +0100[diff] [blame]490 - WATCHDOG_EXTERNAL_CHECKS=${WATCHDOG_EXTERNAL_CHECKS:-n}
491 - WATCHDOG_MYSQL_REPLICATION_CHECKS=${WATCHDOG_MYSQL_REPLICATION_CHECKS:-n}
Matthias Andreas Benkard12a57352021-12-28 18:02:04 +0100[diff] [blame]492 - WATCHDOG_VERBOSE=${WATCHDOG_VERBOSE:-n}
Matthias Andreas Benkardb382b102021-01-02 15:32:21 +0100[diff] [blame]493 - MAILCOW_HOSTNAME=${MAILCOW_HOSTNAME}
494 - COMPOSE_PROJECT_NAME=${COMPOSE_PROJECT_NAME:-mailcow-dockerized}
495 - IPV4_NETWORK=${IPV4_NETWORK:-172.22.1}
496 - IP_BY_DOCKER_API=${IP_BY_DOCKER_API:-0}
497 - CHECK_UNBOUND=${CHECK_UNBOUND:-1}
498 - SKIP_CLAMD=${SKIP_CLAMD:-n}
499 - SKIP_LETS_ENCRYPT=${SKIP_LETS_ENCRYPT:-n}
500 - SKIP_SOGO=${SKIP_SOGO:-n}
501 - HTTPS_PORT=${HTTPS_PORT:-443}
502 - REDIS_SLAVEOF_IP=${REDIS_SLAVEOF_IP:-}
503 - REDIS_SLAVEOF_PORT=${REDIS_SLAVEOF_PORT:-}
504 - EXTERNAL_CHECKS_THRESHOLD=${EXTERNAL_CHECKS_THRESHOLD:-1}
505 - NGINX_THRESHOLD=${NGINX_THRESHOLD:-5}
506 - UNBOUND_THRESHOLD=${UNBOUND_THRESHOLD:-5}
507 - REDIS_THRESHOLD=${REDIS_THRESHOLD:-5}
508 - MYSQL_THRESHOLD=${MYSQL_THRESHOLD:-5}
509 - MYSQL_REPLICATION_THRESHOLD=${MYSQL_REPLICATION_THRESHOLD:-1}
510 - SOGO_THRESHOLD=${SOGO_THRESHOLD:-3}
511 - POSTFIX_THRESHOLD=${POSTFIX_THRESHOLD:-8}
512 - CLAMD_THRESHOLD=${CLAMD_THRESHOLD:-15}
513 - DOVECOT_THRESHOLD=${DOVECOT_THRESHOLD:-12}
514 - DOVECOT_REPL_THRESHOLD=${DOVECOT_REPL_THRESHOLD:-20}
515 - PHPFPM_THRESHOLD=${PHPFPM_THRESHOLD:-5}
516 - RATELIMIT_THRESHOLD=${RATELIMIT_THRESHOLD:-1}
517 - FAIL2BAN_THRESHOLD=${FAIL2BAN_THRESHOLD:-1}
518 - ACME_THRESHOLD=${ACME_THRESHOLD:-1}
Matthias Andreas Benkardb382b102021-01-02 15:32:21 +0100[diff] [blame]519 - RSPAMD_THRESHOLD=${RSPAMD_THRESHOLD:-5}
520 - OLEFY_THRESHOLD=${OLEFY_THRESHOLD:-5}
521 - MAILQ_THRESHOLD=${MAILQ_THRESHOLD:-20}
522 - MAILQ_CRIT=${MAILQ_CRIT:-30}
523 networks:
524 mailcow-network:
525 aliases:
526 - watchdog
527
528 dockerapi-mailcow:
Matthias Andreas Benkardd1f5b682023-11-18 13:18:30 +0100[diff] [blame]529 image: mailcow/dockerapi:2.05
Matthias Andreas Benkardb382b102021-01-02 15:32:21 +0100[diff] [blame]530 security_opt:
531 - label=disable
532 restart: always
Matthias Andreas Benkardb382b102021-01-02 15:32:21 +0100[diff] [blame]533 dns:
534 - ${IPV4_NETWORK:-172.22.1}.254
535 environment:
536 - DBROOT=${DBROOT}
537 - TZ=${TZ}
Matthias Andreas Benkard1ba53812022-12-27 17:32:58 +0100[diff] [blame]538 - REDIS_SLAVEOF_IP=${REDIS_SLAVEOF_IP:-}
539 - REDIS_SLAVEOF_PORT=${REDIS_SLAVEOF_PORT:-}
Matthias Andreas Benkardb382b102021-01-02 15:32:21 +0100[diff] [blame]540 volumes:
541 - /var/run/docker.sock:/var/run/docker.sock:ro
542 networks:
543 mailcow-network:
544 aliases:
545 - dockerapi
546
547 solr-mailcow:
Matthias Andreas Benkard1ba53812022-12-27 17:32:58 +0100[diff] [blame]548 image: mailcow/solr:1.8.1
Matthias Andreas Benkardb382b102021-01-02 15:32:21 +0100[diff] [blame]549 restart: always
550 volumes:
Matthias Andreas Benkard1ba53812022-12-27 17:32:58 +0100[diff] [blame]551 - solr-vol-1:/opt/solr/server/solr/dovecot-fts/data
Matthias Andreas Benkardb382b102021-01-02 15:32:21 +0100[diff] [blame]552 ports:
553 - "${SOLR_PORT:-127.0.0.1:18983}:8983"
554 environment:
555 - TZ=${TZ}
556 - SOLR_HEAP=${SOLR_HEAP:-1024}
557 - SKIP_SOLR=${SKIP_SOLR:-y}
558 networks:
559 mailcow-network:
560 aliases:
561 - solr
562
563 olefy-mailcow:
Matthias Andreas Benkard1ba53812022-12-27 17:32:58 +0100[diff] [blame]564 image: mailcow/olefy:1.11
Matthias Andreas Benkardb382b102021-01-02 15:32:21 +0100[diff] [blame]565 restart: always
566 environment:
567 - TZ=${TZ}
568 - OLEFY_BINDADDRESS=0.0.0.0
569 - OLEFY_BINDPORT=10055
570 - OLEFY_TMPDIR=/tmp
571 - OLEFY_PYTHON_PATH=/usr/bin/python3
Matthias Andreas Benkard1ba53812022-12-27 17:32:58 +0100[diff] [blame]572 - OLEFY_OLEVBA_PATH=/usr/bin/olevba
Matthias Andreas Benkardb382b102021-01-02 15:32:21 +0100[diff] [blame]573 - OLEFY_LOGLVL=20
574 - OLEFY_MINLENGTH=500
575 - OLEFY_DEL_TMP=1
576 networks:
577 mailcow-network:
578 aliases:
579 - olefy
580
Matthias Andreas Benkard7b2a3a12021-08-16 10:57:25 +0200[diff] [blame]581 ofelia-mailcow:
582 image: mcuadros/ofelia:latest
583 restart: always
584 command: daemon --docker
Matthias Andreas Benkard1ba53812022-12-27 17:32:58 +0100[diff] [blame]585 environment:
Matthias Andreas Benkard7b2a3a12021-08-16 10:57:25 +0200[diff] [blame]586 - TZ=${TZ}
587 depends_on:
588 - sogo-mailcow
589 - dovecot-mailcow
590 labels:
591 ofelia.enabled: "true"
Matthias Andreas Benkard12a57352021-12-28 18:02:04 +0100[diff] [blame]592 security_opt:
593 - label=disable
Matthias Andreas Benkard7b2a3a12021-08-16 10:57:25 +0200[diff] [blame]594 volumes:
595 - /var/run/docker.sock:/var/run/docker.sock:ro
596 networks:
597 mailcow-network:
598 aliases:
599 - ofelia
600
Matthias Andreas Benkardb382b102021-01-02 15:32:21 +0100[diff] [blame]601networks:
602 mailcow-network:
603 driver: bridge
604 driver_opts:
605 com.docker.network.bridge.name: br-mailcow
Matthias Andreas Benkarda9e47d22021-12-28 18:06:33 +0100[diff] [blame]606 enable_ipv6: false
Matthias Andreas Benkardb382b102021-01-02 15:32:21 +0100[diff] [blame]607 ipam:
608 driver: default
609 config:
610 - subnet: ${IPV4_NETWORK:-172.22.1}.0/24
611 - subnet: ${IPV6_NETWORK:-fd4d:6169:6c63:6f77::/64}
612
613volumes:
614 vmail-vol-1:
615 vmail-index-vol-1:
616 mysql-vol-1:
617 mysql-socket-vol-1:
618 redis-vol-1:
619 rspamd-vol-1:
620 solr-vol-1:
621 postfix-vol-1:
622 crypt-vol-1:
623 sogo-web-vol-1:
624 sogo-userdata-backup-vol-1:
Matthias Andreas Benkard1ba53812022-12-27 17:32:58 +0100[diff] [blame]625 clamd-db-vol-1: