blob: 0361b850136b0c2f867f94030fe59447a005c08c [file] [log] [blame]
Matthias Andreas Benkardb382b102021-01-02 15:32:21 +01001version: '2.1'
2services:
3
4 unbound-mailcow:
Matthias Andreas Benkard1ba53812022-12-27 17:32:58 +01005 image: mailcow/unbound:1.17
Matthias Andreas Benkardb382b102021-01-02 15:32:21 +01006 environment:
7 - TZ=${TZ}
8 volumes:
9 - ./data/hooks/unbound:/hooks:Z
10 - ./data/conf/unbound/unbound.conf:/etc/unbound/unbound.conf:ro,Z
11 restart: always
12 tty: true
13 networks:
14 mailcow-network:
15 ipv4_address: ${IPV4_NETWORK:-172.22.1}.254
16 aliases:
17 - unbound
18
19 mysql-mailcow:
Matthias Andreas Benkard7b2a3a12021-08-16 10:57:25 +020020 image: mariadb:10.5
Matthias Andreas Benkardb382b102021-01-02 15:32:21 +010021 depends_on:
22 - unbound-mailcow
23 stop_grace_period: 45s
24 volumes:
Matthias Andreas Benkard1ba53812022-12-27 17:32:58 +010025 - mysql-vol-1:/var/lib/mysql/
26 - mysql-socket-vol-1:/var/run/mysqld/
Matthias Andreas Benkardb382b102021-01-02 15:32:21 +010027 - ./data/conf/mysql/:/etc/mysql/conf.d/:ro,Z
28 environment:
29 - TZ=${TZ}
30 - MYSQL_ROOT_PASSWORD=${DBROOT}
31 - MYSQL_DATABASE=${DBNAME}
32 - MYSQL_USER=${DBUSER}
33 - MYSQL_PASSWORD=${DBPASS}
34 - MYSQL_INITDB_SKIP_TZINFO=1
35 restart: always
36 ports:
37 - "${SQL_PORT:-127.0.0.1:13306}:3306"
38 networks:
39 mailcow-network:
40 aliases:
41 - mysql
42
43 redis-mailcow:
Matthias Andreas Benkard1ba53812022-12-27 17:32:58 +010044 image: redis:7-alpine
Matthias Andreas Benkardb382b102021-01-02 15:32:21 +010045 volumes:
Matthias Andreas Benkard1ba53812022-12-27 17:32:58 +010046 - redis-vol-1:/data/
Matthias Andreas Benkardb382b102021-01-02 15:32:21 +010047 restart: always
48 ports:
49 - "${REDIS_PORT:-127.0.0.1:7654}:6379"
50 environment:
51 - TZ=${TZ}
Matthias Andreas Benkard7b2a3a12021-08-16 10:57:25 +020052 sysctls:
53 - net.core.somaxconn=4096
Matthias Andreas Benkardb382b102021-01-02 15:32:21 +010054 networks:
55 mailcow-network:
56 ipv4_address: ${IPV4_NETWORK:-172.22.1}.249
57 aliases:
58 - redis
59
60 clamd-mailcow:
Matthias Andreas Benkard1ba53812022-12-27 17:32:58 +010061 image: mailcow/clamd:1.60
Matthias Andreas Benkardb382b102021-01-02 15:32:21 +010062 restart: always
Matthias Andreas Benkard1ba53812022-12-27 17:32:58 +010063 depends_on:
64 - unbound-mailcow
Matthias Andreas Benkardb382b102021-01-02 15:32:21 +010065 dns:
66 - ${IPV4_NETWORK:-172.22.1}.254
67 environment:
68 - TZ=${TZ}
69 - SKIP_CLAMD=${SKIP_CLAMD:-n}
70 volumes:
71 - ./data/conf/clamav/:/etc/clamav/:Z
Matthias Andreas Benkard1ba53812022-12-27 17:32:58 +010072 - clamd-db-vol-1:/var/lib/clamav
Matthias Andreas Benkardb382b102021-01-02 15:32:21 +010073 networks:
74 mailcow-network:
75 aliases:
76 - clamd
77
78 rspamd-mailcow:
Matthias Andreas Benkard1ba53812022-12-27 17:32:58 +010079 image: mailcow/rspamd:1.92
Matthias Andreas Benkardb382b102021-01-02 15:32:21 +010080 stop_grace_period: 30s
81 depends_on:
82 - dovecot-mailcow
83 environment:
84 - TZ=${TZ}
85 - IPV4_NETWORK=${IPV4_NETWORK:-172.22.1}
86 - IPV6_NETWORK=${IPV6_NETWORK:-fd4d:6169:6c63:6f77::/64}
87 - REDIS_SLAVEOF_IP=${REDIS_SLAVEOF_IP:-}
88 - REDIS_SLAVEOF_PORT=${REDIS_SLAVEOF_PORT:-}
89 volumes:
90 - ./data/hooks/rspamd:/hooks:Z
91 - ./data/conf/rspamd/custom/:/etc/rspamd/custom:z
92 - ./data/conf/rspamd/override.d/:/etc/rspamd/override.d:Z
93 - ./data/conf/rspamd/local.d/:/etc/rspamd/local.d:Z
94 - ./data/conf/rspamd/plugins.d/:/etc/rspamd/plugins.d:Z
95 - ./data/conf/rspamd/lua/:/etc/rspamd/lua/:ro,Z
96 - ./data/conf/rspamd/rspamd.conf.local:/etc/rspamd/rspamd.conf.local:Z
97 - ./data/conf/rspamd/rspamd.conf.override:/etc/rspamd/rspamd.conf.override:Z
Matthias Andreas Benkard1ba53812022-12-27 17:32:58 +010098 - rspamd-vol-1:/var/lib/rspamd
Matthias Andreas Benkardb382b102021-01-02 15:32:21 +010099 restart: always
100 hostname: rspamd
101 dns:
102 - ${IPV4_NETWORK:-172.22.1}.254
103 networks:
104 mailcow-network:
105 aliases:
106 - rspamd
107
108 php-fpm-mailcow:
Matthias Andreas Benkard1ba53812022-12-27 17:32:58 +0100109 image: mailcow/phpfpm:1.81
Matthias Andreas Benkardb382b102021-01-02 15:32:21 +0100110 command: "php-fpm -d date.timezone=${TZ} -d expose_php=0"
111 depends_on:
112 - redis-mailcow
113 volumes:
114 - ./data/hooks/phpfpm:/hooks:Z
Matthias Andreas Benkard7b2a3a12021-08-16 10:57:25 +0200115 - ./data/web:/web:z
Matthias Andreas Benkardb382b102021-01-02 15:32:21 +0100116 - ./data/conf/rspamd/dynmaps:/dynmaps:ro,z
117 - ./data/conf/rspamd/custom/:/rspamd_custom_maps:z
Matthias Andreas Benkard1ba53812022-12-27 17:32:58 +0100118 - rspamd-vol-1:/var/lib/rspamd
119 - mysql-socket-vol-1:/var/run/mysqld/
Matthias Andreas Benkardb382b102021-01-02 15:32:21 +0100120 - ./data/conf/sogo/:/etc/sogo/:z
121 - ./data/conf/rspamd/meta_exporter:/meta_exporter:ro,z
122 - ./data/conf/phpfpm/sogo-sso/:/etc/sogo-sso/:z
123 - ./data/conf/phpfpm/php-fpm.d/pools.conf:/usr/local/etc/php-fpm.d/z-pools.conf:Z
124 - ./data/conf/phpfpm/php-conf.d/opcache-recommended.ini:/usr/local/etc/php/conf.d/opcache-recommended.ini:Z
125 - ./data/conf/phpfpm/php-conf.d/upload.ini:/usr/local/etc/php/conf.d/upload.ini:Z
126 - ./data/conf/phpfpm/php-conf.d/other.ini:/usr/local/etc/php/conf.d/zzz-other.ini:Z
127 - ./data/conf/dovecot/global_sieve_before:/global_sieve/before:z
128 - ./data/conf/dovecot/global_sieve_after:/global_sieve/after:z
129 - ./data/assets/templates:/tpls:z
Matthias Andreas Benkard7b2a3a12021-08-16 10:57:25 +0200130 - ./data/conf/nginx/:/etc/nginx/conf.d/:z
Matthias Andreas Benkardb382b102021-01-02 15:32:21 +0100131 dns:
132 - ${IPV4_NETWORK:-172.22.1}.254
133 environment:
134 - REDIS_SLAVEOF_IP=${REDIS_SLAVEOF_IP:-}
135 - REDIS_SLAVEOF_PORT=${REDIS_SLAVEOF_PORT:-}
136 - LOG_LINES=${LOG_LINES:-9999}
137 - TZ=${TZ}
138 - DBNAME=${DBNAME}
139 - DBUSER=${DBUSER}
140 - DBPASS=${DBPASS}
141 - MAILCOW_HOSTNAME=${MAILCOW_HOSTNAME}
142 - MAILCOW_PASS_SCHEME=${MAILCOW_PASS_SCHEME:-BLF-CRYPT}
143 - IMAP_PORT=${IMAP_PORT:-143}
144 - IMAPS_PORT=${IMAPS_PORT:-993}
145 - POP_PORT=${POP_PORT:-110}
146 - POPS_PORT=${POPS_PORT:-995}
147 - SIEVE_PORT=${SIEVE_PORT:-4190}
148 - IPV4_NETWORK=${IPV4_NETWORK:-172.22.1}
149 - IPV6_NETWORK=${IPV6_NETWORK:-fd4d:6169:6c63:6f77::/64}
150 - SUBMISSION_PORT=${SUBMISSION_PORT:-587}
151 - SMTPS_PORT=${SMTPS_PORT:-465}
152 - SMTP_PORT=${SMTP_PORT:-25}
153 - API_KEY=${API_KEY:-invalid}
154 - API_KEY_READ_ONLY=${API_KEY_READ_ONLY:-invalid}
155 - API_ALLOW_FROM=${API_ALLOW_FROM:-invalid}
156 - COMPOSE_PROJECT_NAME=${COMPOSE_PROJECT_NAME:-mailcow-dockerized}
157 - SKIP_SOLR=${SKIP_SOLR:-y}
158 - SKIP_CLAMD=${SKIP_CLAMD:-n}
159 - SKIP_SOGO=${SKIP_SOGO:-n}
160 - ALLOW_ADMIN_EMAIL_LOGIN=${ALLOW_ADMIN_EMAIL_LOGIN:-n}
161 - MASTER=${MASTER:-y}
Matthias Andreas Benkard12a57352021-12-28 18:02:04 +0100162 - DEV_MODE=${DEV_MODE:-n}
Matthias Andreas Benkard1ba53812022-12-27 17:32:58 +0100163 - DEMO_MODE=${DEMO_MODE:-n}
164 - WEBAUTHN_ONLY_TRUSTED_VENDORS=${WEBAUTHN_ONLY_TRUSTED_VENDORS:-n}
Matthias Andreas Benkardb382b102021-01-02 15:32:21 +0100165 restart: always
166 networks:
167 mailcow-network:
168 aliases:
169 - phpfpm
170
171 sogo-mailcow:
Matthias Andreas Benkard1ba53812022-12-27 17:32:58 +0100172 image: mailcow/sogo:1.113
Matthias Andreas Benkardb382b102021-01-02 15:32:21 +0100173 environment:
174 - DBNAME=${DBNAME}
175 - DBUSER=${DBUSER}
176 - DBPASS=${DBPASS}
177 - TZ=${TZ}
178 - LOG_LINES=${LOG_LINES:-9999}
179 - MAILCOW_HOSTNAME=${MAILCOW_HOSTNAME}
180 - MAILCOW_PASS_SCHEME=${MAILCOW_PASS_SCHEME:-BLF-CRYPT}
181 - ACL_ANYONE=${ACL_ANYONE:-disallow}
182 - ALLOW_ADMIN_EMAIL_LOGIN=${ALLOW_ADMIN_EMAIL_LOGIN:-n}
183 - IPV4_NETWORK=${IPV4_NETWORK:-172.22.1}
184 - SOGO_EXPIRE_SESSION=${SOGO_EXPIRE_SESSION:-480}
185 - SKIP_SOGO=${SKIP_SOGO:-n}
186 - MASTER=${MASTER:-y}
187 - REDIS_SLAVEOF_IP=${REDIS_SLAVEOF_IP:-}
188 - REDIS_SLAVEOF_PORT=${REDIS_SLAVEOF_PORT:-}
189 dns:
190 - ${IPV4_NETWORK:-172.22.1}.254
191 volumes:
Matthias Andreas Benkard7b2a3a12021-08-16 10:57:25 +0200192 - ./data/hooks/sogo:/hooks:Z
Matthias Andreas Benkardb382b102021-01-02 15:32:21 +0100193 - ./data/conf/sogo/:/etc/sogo/:z
194 - ./data/web/inc/init_db.inc.php:/init_db.inc.php:Z
Matthias Andreas Benkard7b2a3a12021-08-16 10:57:25 +0200195 - ./data/conf/sogo/custom-favicon.ico:/usr/lib/GNUstep/SOGo/WebServerResources/img/sogo.ico:z
196 - ./data/conf/sogo/custom-theme.js:/usr/lib/GNUstep/SOGo/WebServerResources/js/theme.js:z
Matthias Andreas Benkardb382b102021-01-02 15:32:21 +0100197 - ./data/conf/sogo/custom-sogo.js:/usr/lib/GNUstep/SOGo/WebServerResources/js/custom-sogo.js:z
Matthias Andreas Benkard1ba53812022-12-27 17:32:58 +0100198 - mysql-socket-vol-1:/var/run/mysqld/
199 - sogo-web-vol-1:/sogo_web
200 - sogo-userdata-backup-vol-1:/sogo_backup
Matthias Andreas Benkard7b2a3a12021-08-16 10:57:25 +0200201 labels:
202 ofelia.enabled: "true"
203 ofelia.job-exec.sogo_sessions.schedule: "@every 1m"
204 ofelia.job-exec.sogo_sessions.command: "/bin/bash -c \"[[ $${MASTER} == y ]] && /usr/local/bin/gosu sogo /usr/sbin/sogo-tool expire-sessions $${SOGO_EXPIRE_SESSION} || exit 0\""
205 ofelia.job-exec.sogo_ealarms.schedule: "@every 1m"
206 ofelia.job-exec.sogo_ealarms.command: "/bin/bash -c \"[[ $${MASTER} == y ]] && /usr/local/bin/gosu sogo /usr/sbin/sogo-ealarms-notify -p /etc/sogo/sieve.creds || exit 0\""
Matthias Andreas Benkard1ba53812022-12-27 17:32:58 +0100207 ofelia.job-exec.sogo_eautoreply.schedule: "@every 5m"
Matthias Andreas Benkard7b2a3a12021-08-16 10:57:25 +0200208 ofelia.job-exec.sogo_eautoreply.command: "/bin/bash -c \"[[ $${MASTER} == y ]] && /usr/local/bin/gosu sogo /usr/sbin/sogo-tool update-autoreply -p /etc/sogo/sieve.creds || exit 0\""
209 ofelia.job-exec.sogo_backup.schedule: "@every 24h"
210 ofelia.job-exec.sogo_backup.command: "/bin/bash -c \"[[ $${MASTER} == y ]] && /usr/local/bin/gosu sogo /usr/sbin/sogo-tool backup /sogo_backup ALL || exit 0\""
Matthias Andreas Benkardb382b102021-01-02 15:32:21 +0100211 restart: always
212 networks:
213 mailcow-network:
214 ipv4_address: ${IPV4_NETWORK:-172.22.1}.248
215 aliases:
216 - sogo
217
218 dovecot-mailcow:
Matthias Andreas Benkard1ba53812022-12-27 17:32:58 +0100219 image: mailcow/dovecot:1.21
Matthias Andreas Benkardb382b102021-01-02 15:32:21 +0100220 depends_on:
221 - mysql-mailcow
222 dns:
223 - ${IPV4_NETWORK:-172.22.1}.254
224 cap_add:
225 - NET_BIND_SERVICE
226 volumes:
227 - ./data/hooks/dovecot:/hooks:Z
228 - ./data/conf/dovecot:/etc/dovecot:z
229 - ./data/assets/ssl:/etc/ssl/mail/:ro,z
230 - ./data/conf/sogo/:/etc/sogo/:z
231 - ./data/conf/phpfpm/sogo-sso/:/etc/phpfpm/:z
Matthias Andreas Benkard1ba53812022-12-27 17:32:58 +0100232 - vmail-vol-1:/var/vmail
233 - vmail-index-vol-1:/var/vmail_index
234 - crypt-vol-1:/mail_crypt/
Matthias Andreas Benkardb382b102021-01-02 15:32:21 +0100235 - ./data/conf/rspamd/custom/:/etc/rspamd/custom:z
236 - ./data/assets/templates:/templates:z
Matthias Andreas Benkard1ba53812022-12-27 17:32:58 +0100237 - rspamd-vol-1:/var/lib/rspamd
238 - mysql-socket-vol-1:/var/run/mysqld/
Matthias Andreas Benkardb382b102021-01-02 15:32:21 +0100239 environment:
240 - DOVECOT_MASTER_USER=${DOVECOT_MASTER_USER:-}
241 - DOVECOT_MASTER_PASS=${DOVECOT_MASTER_PASS:-}
242 - LOG_LINES=${LOG_LINES:-9999}
243 - DBNAME=${DBNAME}
244 - DBUSER=${DBUSER}
245 - DBPASS=${DBPASS}
246 - TZ=${TZ}
247 - MAILCOW_HOSTNAME=${MAILCOW_HOSTNAME}
248 - MAILCOW_PASS_SCHEME=${MAILCOW_PASS_SCHEME:-BLF-CRYPT}
249 - IPV4_NETWORK=${IPV4_NETWORK:-172.22.1}
250 - ALLOW_ADMIN_EMAIL_LOGIN=${ALLOW_ADMIN_EMAIL_LOGIN:-n}
Matthias Andreas Benkard12a57352021-12-28 18:02:04 +0100251 - MAILDIR_GC_TIME=${MAILDIR_GC_TIME:-7200}
Matthias Andreas Benkardb382b102021-01-02 15:32:21 +0100252 - ACL_ANYONE=${ACL_ANYONE:-disallow}
253 - SKIP_SOLR=${SKIP_SOLR:-y}
254 - MAILDIR_SUB=${MAILDIR_SUB:-}
255 - MASTER=${MASTER:-y}
256 - REDIS_SLAVEOF_IP=${REDIS_SLAVEOF_IP:-}
257 - REDIS_SLAVEOF_PORT=${REDIS_SLAVEOF_PORT:-}
258 - COMPOSE_PROJECT_NAME=${COMPOSE_PROJECT_NAME:-mailcow-dockerized}
259 ports:
260 - "${DOVEADM_PORT:-127.0.0.1:19991}:12345"
261 - "${IMAP_PORT:-143}:143"
262 - "${IMAPS_PORT:-993}:993"
263 - "${POP_PORT:-110}:110"
264 - "${POPS_PORT:-995}:995"
265 - "${SIEVE_PORT:-4190}:4190"
266 restart: always
267 tty: true
Matthias Andreas Benkard7b2a3a12021-08-16 10:57:25 +0200268 labels:
269 ofelia.enabled: "true"
270 ofelia.job-exec.dovecot_imapsync_runner.schedule: "@every 1m"
271 ofelia.job-exec.dovecot_imapsync_runner.no-overlap: "true"
272 ofelia.job-exec.dovecot_imapsync_runner.command: "/bin/bash -c \"[[ $${MASTER} == y ]] && /usr/local/bin/gosu nobody /usr/local/bin/imapsync_runner.pl || exit 0\""
273 ofelia.job-exec.dovecot_trim_logs.schedule: "@every 1m"
274 ofelia.job-exec.dovecot_trim_logs.command: "/bin/bash -c \"[[ $${MASTER} == y ]] && /usr/local/bin/gosu vmail /usr/local/bin/trim_logs.sh || exit 0\""
275 ofelia.job-exec.dovecot_quarantine.schedule: "@every 20m"
276 ofelia.job-exec.dovecot_quarantine.command: "/bin/bash -c \"[[ $${MASTER} == y ]] && /usr/local/bin/gosu vmail /usr/local/bin/quarantine_notify.py || exit 0\""
277 ofelia.job-exec.dovecot_clean_q_aged.schedule: "@every 24h"
278 ofelia.job-exec.dovecot_clean_q_aged.command: "/bin/bash -c \"[[ $${MASTER} == y ]] && /usr/local/bin/gosu vmail /usr/local/bin/clean_q_aged.sh || exit 0\""
279 ofelia.job-exec.dovecot_maildir_gc.schedule: "@every 30m"
280 ofelia.job-exec.dovecot_maildir_gc.command: "/bin/bash -c \"source /source_env.sh ; /usr/local/bin/gosu vmail /usr/local/bin/maildir_gc.sh\""
281 ofelia.job-exec.dovecot_sarules.schedule: "@every 24h"
282 ofelia.job-exec.dovecot_sarules.command: "/bin/bash -c \"/usr/local/bin/sa-rules.sh\""
283 ofelia.job-exec.dovecot_fts.schedule: "@every 24h"
284 ofelia.job-exec.dovecot_fts.command: "/usr/bin/curl http://solr:8983/solr/dovecot-fts/update?optimize=true"
285 ofelia.job-exec.dovecot_repl_health.schedule: "@every 5m"
286 ofelia.job-exec.dovecot_repl_health.command: "/bin/bash -c \"/usr/local/bin/gosu vmail /usr/local/bin/repl_health.sh\""
Matthias Andreas Benkardb382b102021-01-02 15:32:21 +0100287 ulimits:
288 nproc: 65535
289 nofile:
290 soft: 20000
291 hard: 40000
292 networks:
293 mailcow-network:
294 ipv4_address: ${IPV4_NETWORK:-172.22.1}.250
295 aliases:
296 - dovecot
297
298 postfix-mailcow:
Matthias Andreas Benkard1ba53812022-12-27 17:32:58 +0100299 image: mailcow/postfix:1.68
Matthias Andreas Benkardb382b102021-01-02 15:32:21 +0100300 depends_on:
301 - mysql-mailcow
302 volumes:
303 - ./data/hooks/postfix:/hooks:Z
304 - ./data/conf/postfix:/opt/postfix/conf:z
305 - ./data/assets/ssl:/etc/ssl/mail/:ro,z
Matthias Andreas Benkard1ba53812022-12-27 17:32:58 +0100306 - postfix-vol-1:/var/spool/postfix
307 - crypt-vol-1:/var/lib/zeyple
308 - rspamd-vol-1:/var/lib/rspamd
309 - mysql-socket-vol-1:/var/run/mysqld/
Matthias Andreas Benkardb382b102021-01-02 15:32:21 +0100310 environment:
311 - LOG_LINES=${LOG_LINES:-9999}
312 - TZ=${TZ}
313 - DBNAME=${DBNAME}
314 - DBUSER=${DBUSER}
315 - DBPASS=${DBPASS}
316 - REDIS_SLAVEOF_IP=${REDIS_SLAVEOF_IP:-}
317 - REDIS_SLAVEOF_PORT=${REDIS_SLAVEOF_PORT:-}
318 - MAILCOW_HOSTNAME=${MAILCOW_HOSTNAME}
319 cap_add:
320 - NET_BIND_SERVICE
321 ports:
322 - "${SMTP_PORT:-25}:25"
323 - "${SMTPS_PORT:-465}:465"
324 - "${SUBMISSION_PORT:-587}:587"
325 restart: always
326 dns:
327 - ${IPV4_NETWORK:-172.22.1}.254
328 networks:
329 mailcow-network:
Matthias Andreas Benkard7b2a3a12021-08-16 10:57:25 +0200330 ipv4_address: ${IPV4_NETWORK:-172.22.1}.253
Matthias Andreas Benkardb382b102021-01-02 15:32:21 +0100331 aliases:
332 - postfix
333
334 memcached-mailcow:
335 image: memcached:alpine
336 restart: always
337 environment:
338 - TZ=${TZ}
339 networks:
340 mailcow-network:
341 aliases:
342 - memcached
343
344 nginx-mailcow:
345 depends_on:
346 - sogo-mailcow
347 - php-fpm-mailcow
348 - redis-mailcow
Matthias Andreas Benkarda9e47d22021-12-28 18:06:33 +0100349 image: nginx:1.19-alpine
Matthias Andreas Benkardb382b102021-01-02 15:32:21 +0100350 dns:
351 - ${IPV4_NETWORK:-172.22.1}.254
352 command: /bin/sh -c "envsubst < /etc/nginx/conf.d/templates/listen_plain.template > /etc/nginx/conf.d/listen_plain.active &&
353 envsubst < /etc/nginx/conf.d/templates/listen_ssl.template > /etc/nginx/conf.d/listen_ssl.active &&
Matthias Andreas Benkardb382b102021-01-02 15:32:21 +0100354 envsubst < /etc/nginx/conf.d/templates/sogo.template > /etc/nginx/conf.d/sogo.active &&
Matthias Andreas Benkard7b2a3a12021-08-16 10:57:25 +0200355 . /etc/nginx/conf.d/templates/server_name.template.sh > /etc/nginx/conf.d/server_name.active &&
Matthias Andreas Benkardb382b102021-01-02 15:32:21 +0100356 . /etc/nginx/conf.d/templates/sites.template.sh > /etc/nginx/conf.d/sites.active &&
357 . /etc/nginx/conf.d/templates/sogo_eas.template.sh > /etc/nginx/conf.d/sogo_eas.active &&
358 nginx -qt &&
359 until ping phpfpm -c1 > /dev/null; do sleep 1; done &&
360 until ping sogo -c1 > /dev/null; do sleep 1; done &&
361 until ping redis -c1 > /dev/null; do sleep 1; done &&
362 until ping rspamd -c1 > /dev/null; do sleep 1; done &&
363 exec nginx -g 'daemon off;'"
364 environment:
365 - HTTPS_PORT=${HTTPS_PORT:-443}
366 - HTTP_PORT=${HTTP_PORT:-80}
367 - MAILCOW_HOSTNAME=${MAILCOW_HOSTNAME}
368 - IPV4_NETWORK=${IPV4_NETWORK:-172.22.1}
369 - TZ=${TZ}
370 - SKIP_SOGO=${SKIP_SOGO:-n}
371 - ALLOW_ADMIN_EMAIL_LOGIN=${ALLOW_ADMIN_EMAIL_LOGIN:-n}
Matthias Andreas Benkard7b2a3a12021-08-16 10:57:25 +0200372 - ADDITIONAL_SERVER_NAMES=${ADDITIONAL_SERVER_NAMES:-}
Matthias Andreas Benkardb382b102021-01-02 15:32:21 +0100373 volumes:
374 - ./data/web:/web:ro,z
375 - ./data/conf/rspamd/dynmaps:/dynmaps:ro,z
376 - ./data/assets/ssl/:/etc/ssl/mail/:ro,z
Matthias Andreas Benkard7b2a3a12021-08-16 10:57:25 +0200377 - ./data/conf/nginx/:/etc/nginx/conf.d/:z
Matthias Andreas Benkardb382b102021-01-02 15:32:21 +0100378 - ./data/conf/rspamd/meta_exporter:/meta_exporter:ro,z
Matthias Andreas Benkard1ba53812022-12-27 17:32:58 +0100379 - sogo-web-vol-1:/usr/lib/GNUstep/SOGo/
Matthias Andreas Benkardb382b102021-01-02 15:32:21 +0100380 ports:
Matthias Andreas Benkard1ba53812022-12-27 17:32:58 +0100381 - "${HTTPS_BIND:-}:${HTTPS_PORT:-443}:${HTTPS_PORT:-443}"
382 - "${HTTP_BIND:-}:${HTTP_PORT:-80}:${HTTP_PORT:-80}"
Matthias Andreas Benkardb382b102021-01-02 15:32:21 +0100383 restart: always
384 networks:
385 mailcow-network:
386 aliases:
387 - nginx
388
389 acme-mailcow:
390 depends_on:
391 - nginx-mailcow
Matthias Andreas Benkard1ba53812022-12-27 17:32:58 +0100392 image: mailcow/acme:1.83
Matthias Andreas Benkardb382b102021-01-02 15:32:21 +0100393 dns:
394 - ${IPV4_NETWORK:-172.22.1}.254
395 environment:
396 - LOG_LINES=${LOG_LINES:-9999}
Matthias Andreas Benkard7b2a3a12021-08-16 10:57:25 +0200397 - ACME_CONTACT=${ACME_CONTACT:-}
Matthias Andreas Benkardb382b102021-01-02 15:32:21 +0100398 - ADDITIONAL_SAN=${ADDITIONAL_SAN}
399 - MAILCOW_HOSTNAME=${MAILCOW_HOSTNAME}
400 - DBNAME=${DBNAME}
401 - DBUSER=${DBUSER}
402 - DBPASS=${DBPASS}
403 - SKIP_LETS_ENCRYPT=${SKIP_LETS_ENCRYPT:-n}
404 - COMPOSE_PROJECT_NAME=${COMPOSE_PROJECT_NAME:-mailcow-dockerized}
405 - DIRECTORY_URL=${DIRECTORY_URL:-}
406 - ENABLE_SSL_SNI=${ENABLE_SSL_SNI:-n}
407 - SKIP_IP_CHECK=${SKIP_IP_CHECK:-n}
408 - SKIP_HTTP_VERIFICATION=${SKIP_HTTP_VERIFICATION:-n}
409 - ONLY_MAILCOW_HOSTNAME=${ONLY_MAILCOW_HOSTNAME:-n}
410 - LE_STAGING=${LE_STAGING:-n}
411 - TZ=${TZ}
412 - REDIS_SLAVEOF_IP=${REDIS_SLAVEOF_IP:-}
413 - REDIS_SLAVEOF_PORT=${REDIS_SLAVEOF_PORT:-}
414 - SNAT_TO_SOURCE=${SNAT_TO_SOURCE:-n}
415 - SNAT6_TO_SOURCE=${SNAT6_TO_SOURCE:-n}
416 volumes:
Matthias Andreas Benkard7b2a3a12021-08-16 10:57:25 +0200417 - ./data/web/.well-known/acme-challenge:/var/www/acme:z
418 - ./data/assets/ssl:/var/lib/acme/:z
Matthias Andreas Benkardb382b102021-01-02 15:32:21 +0100419 - ./data/assets/ssl-example:/var/lib/ssl-example/:ro,Z
Matthias Andreas Benkard1ba53812022-12-27 17:32:58 +0100420 - mysql-socket-vol-1:/var/run/mysqld/
Matthias Andreas Benkardb382b102021-01-02 15:32:21 +0100421 restart: always
422 networks:
423 mailcow-network:
424 aliases:
425 - acme
426
427 netfilter-mailcow:
Matthias Andreas Benkard1ba53812022-12-27 17:32:58 +0100428 image: mailcow/netfilter:1.38
Matthias Andreas Benkardb382b102021-01-02 15:32:21 +0100429 stop_grace_period: 30s
430 depends_on:
431 - dovecot-mailcow
432 - postfix-mailcow
433 - sogo-mailcow
434 - php-fpm-mailcow
435 - redis-mailcow
436 restart: always
437 privileged: true
438 environment:
439 - TZ=${TZ}
440 - IPV4_NETWORK=${IPV4_NETWORK:-172.22.1}
441 - IPV6_NETWORK=${IPV6_NETWORK:-fd4d:6169:6c63:6f77::/64}
442 - SNAT_TO_SOURCE=${SNAT_TO_SOURCE:-n}
443 - SNAT6_TO_SOURCE=${SNAT6_TO_SOURCE:-n}
444 - REDIS_SLAVEOF_IP=${REDIS_SLAVEOF_IP:-}
445 - REDIS_SLAVEOF_PORT=${REDIS_SLAVEOF_PORT:-}
446 network_mode: "host"
447 volumes:
448 - /lib/modules:/lib/modules:ro
449
450 watchdog-mailcow:
Matthias Andreas Benkard1ba53812022-12-27 17:32:58 +0100451 image: mailcow/watchdog:1.86
452 # Debug
453 #command: /watchdog.sh
Matthias Andreas Benkardb382b102021-01-02 15:32:21 +0100454 dns:
455 - ${IPV4_NETWORK:-172.22.1}.254
Matthias Andreas Benkard7b2a3a12021-08-16 10:57:25 +0200456 tmpfs:
457 - /tmp
Matthias Andreas Benkardb382b102021-01-02 15:32:21 +0100458 volumes:
Matthias Andreas Benkard1ba53812022-12-27 17:32:58 +0100459 - rspamd-vol-1:/var/lib/rspamd
460 - mysql-socket-vol-1:/var/run/mysqld/
461 - postfix-vol-1:/var/spool/postfix
Matthias Andreas Benkardb382b102021-01-02 15:32:21 +0100462 - ./data/assets/ssl:/etc/ssl/mail/:ro,z
463 restart: always
464 environment:
465 - IPV6_NETWORK=${IPV6_NETWORK:-fd4d:6169:6c63:6f77::/64}
466 - LOG_LINES=${LOG_LINES:-9999}
467 - TZ=${TZ}
468 - DBNAME=${DBNAME}
469 - DBUSER=${DBUSER}
470 - DBPASS=${DBPASS}
471 - DBROOT=${DBROOT}
472 - USE_WATCHDOG=${USE_WATCHDOG:-n}
Matthias Andreas Benkard1ba53812022-12-27 17:32:58 +0100473 - WATCHDOG_NOTIFY_EMAIL=${WATCHDOG_NOTIFY_EMAIL:-}
Matthias Andreas Benkardb382b102021-01-02 15:32:21 +0100474 - WATCHDOG_NOTIFY_BAN=${WATCHDOG_NOTIFY_BAN:-y}
Matthias Andreas Benkard7b2a3a12021-08-16 10:57:25 +0200475 - WATCHDOG_SUBJECT=${WATCHDOG_SUBJECT:-Watchdog ALERT}
Matthias Andreas Benkardb382b102021-01-02 15:32:21 +0100476 - WATCHDOG_EXTERNAL_CHECKS=${WATCHDOG_EXTERNAL_CHECKS:-n}
477 - WATCHDOG_MYSQL_REPLICATION_CHECKS=${WATCHDOG_MYSQL_REPLICATION_CHECKS:-n}
Matthias Andreas Benkard12a57352021-12-28 18:02:04 +0100478 - WATCHDOG_VERBOSE=${WATCHDOG_VERBOSE:-n}
Matthias Andreas Benkardb382b102021-01-02 15:32:21 +0100479 - MAILCOW_HOSTNAME=${MAILCOW_HOSTNAME}
480 - COMPOSE_PROJECT_NAME=${COMPOSE_PROJECT_NAME:-mailcow-dockerized}
481 - IPV4_NETWORK=${IPV4_NETWORK:-172.22.1}
482 - IP_BY_DOCKER_API=${IP_BY_DOCKER_API:-0}
483 - CHECK_UNBOUND=${CHECK_UNBOUND:-1}
484 - SKIP_CLAMD=${SKIP_CLAMD:-n}
485 - SKIP_LETS_ENCRYPT=${SKIP_LETS_ENCRYPT:-n}
486 - SKIP_SOGO=${SKIP_SOGO:-n}
487 - HTTPS_PORT=${HTTPS_PORT:-443}
488 - REDIS_SLAVEOF_IP=${REDIS_SLAVEOF_IP:-}
489 - REDIS_SLAVEOF_PORT=${REDIS_SLAVEOF_PORT:-}
490 - EXTERNAL_CHECKS_THRESHOLD=${EXTERNAL_CHECKS_THRESHOLD:-1}
491 - NGINX_THRESHOLD=${NGINX_THRESHOLD:-5}
492 - UNBOUND_THRESHOLD=${UNBOUND_THRESHOLD:-5}
493 - REDIS_THRESHOLD=${REDIS_THRESHOLD:-5}
494 - MYSQL_THRESHOLD=${MYSQL_THRESHOLD:-5}
495 - MYSQL_REPLICATION_THRESHOLD=${MYSQL_REPLICATION_THRESHOLD:-1}
496 - SOGO_THRESHOLD=${SOGO_THRESHOLD:-3}
497 - POSTFIX_THRESHOLD=${POSTFIX_THRESHOLD:-8}
498 - CLAMD_THRESHOLD=${CLAMD_THRESHOLD:-15}
499 - DOVECOT_THRESHOLD=${DOVECOT_THRESHOLD:-12}
500 - DOVECOT_REPL_THRESHOLD=${DOVECOT_REPL_THRESHOLD:-20}
501 - PHPFPM_THRESHOLD=${PHPFPM_THRESHOLD:-5}
502 - RATELIMIT_THRESHOLD=${RATELIMIT_THRESHOLD:-1}
503 - FAIL2BAN_THRESHOLD=${FAIL2BAN_THRESHOLD:-1}
504 - ACME_THRESHOLD=${ACME_THRESHOLD:-1}
Matthias Andreas Benkardb382b102021-01-02 15:32:21 +0100505 - RSPAMD_THRESHOLD=${RSPAMD_THRESHOLD:-5}
506 - OLEFY_THRESHOLD=${OLEFY_THRESHOLD:-5}
507 - MAILQ_THRESHOLD=${MAILQ_THRESHOLD:-20}
508 - MAILQ_CRIT=${MAILQ_CRIT:-30}
509 networks:
510 mailcow-network:
511 aliases:
512 - watchdog
513
514 dockerapi-mailcow:
Matthias Andreas Benkard1ba53812022-12-27 17:32:58 +0100515 image: mailcow/dockerapi:2.0
Matthias Andreas Benkardb382b102021-01-02 15:32:21 +0100516 security_opt:
517 - label=disable
518 restart: always
519 oom_kill_disable: true
520 dns:
521 - ${IPV4_NETWORK:-172.22.1}.254
522 environment:
523 - DBROOT=${DBROOT}
524 - TZ=${TZ}
Matthias Andreas Benkard1ba53812022-12-27 17:32:58 +0100525 - REDIS_SLAVEOF_IP=${REDIS_SLAVEOF_IP:-}
526 - REDIS_SLAVEOF_PORT=${REDIS_SLAVEOF_PORT:-}
Matthias Andreas Benkardb382b102021-01-02 15:32:21 +0100527 volumes:
528 - /var/run/docker.sock:/var/run/docker.sock:ro
529 networks:
530 mailcow-network:
531 aliases:
532 - dockerapi
533
534 solr-mailcow:
Matthias Andreas Benkard1ba53812022-12-27 17:32:58 +0100535 image: mailcow/solr:1.8.1
Matthias Andreas Benkardb382b102021-01-02 15:32:21 +0100536 restart: always
537 volumes:
Matthias Andreas Benkard1ba53812022-12-27 17:32:58 +0100538 - solr-vol-1:/opt/solr/server/solr/dovecot-fts/data
Matthias Andreas Benkardb382b102021-01-02 15:32:21 +0100539 ports:
540 - "${SOLR_PORT:-127.0.0.1:18983}:8983"
541 environment:
542 - TZ=${TZ}
543 - SOLR_HEAP=${SOLR_HEAP:-1024}
544 - SKIP_SOLR=${SKIP_SOLR:-y}
545 networks:
546 mailcow-network:
547 aliases:
548 - solr
549
550 olefy-mailcow:
Matthias Andreas Benkard1ba53812022-12-27 17:32:58 +0100551 image: mailcow/olefy:1.11
Matthias Andreas Benkardb382b102021-01-02 15:32:21 +0100552 restart: always
553 environment:
554 - TZ=${TZ}
555 - OLEFY_BINDADDRESS=0.0.0.0
556 - OLEFY_BINDPORT=10055
557 - OLEFY_TMPDIR=/tmp
558 - OLEFY_PYTHON_PATH=/usr/bin/python3
Matthias Andreas Benkard1ba53812022-12-27 17:32:58 +0100559 - OLEFY_OLEVBA_PATH=/usr/bin/olevba
Matthias Andreas Benkardb382b102021-01-02 15:32:21 +0100560 - OLEFY_LOGLVL=20
561 - OLEFY_MINLENGTH=500
562 - OLEFY_DEL_TMP=1
563 networks:
564 mailcow-network:
565 aliases:
566 - olefy
567
Matthias Andreas Benkard7b2a3a12021-08-16 10:57:25 +0200568 ofelia-mailcow:
569 image: mcuadros/ofelia:latest
570 restart: always
571 command: daemon --docker
Matthias Andreas Benkard1ba53812022-12-27 17:32:58 +0100572 environment:
Matthias Andreas Benkard7b2a3a12021-08-16 10:57:25 +0200573 - TZ=${TZ}
574 depends_on:
575 - sogo-mailcow
576 - dovecot-mailcow
577 labels:
578 ofelia.enabled: "true"
Matthias Andreas Benkard12a57352021-12-28 18:02:04 +0100579 security_opt:
580 - label=disable
Matthias Andreas Benkard7b2a3a12021-08-16 10:57:25 +0200581 volumes:
582 - /var/run/docker.sock:/var/run/docker.sock:ro
583 networks:
584 mailcow-network:
585 aliases:
586 - ofelia
587
Matthias Andreas Benkardb382b102021-01-02 15:32:21 +0100588networks:
589 mailcow-network:
590 driver: bridge
591 driver_opts:
592 com.docker.network.bridge.name: br-mailcow
Matthias Andreas Benkarda9e47d22021-12-28 18:06:33 +0100593 enable_ipv6: false
Matthias Andreas Benkardb382b102021-01-02 15:32:21 +0100594 ipam:
595 driver: default
596 config:
597 - subnet: ${IPV4_NETWORK:-172.22.1}.0/24
598 - subnet: ${IPV6_NETWORK:-fd4d:6169:6c63:6f77::/64}
599
600volumes:
601 vmail-vol-1:
602 vmail-index-vol-1:
603 mysql-vol-1:
604 mysql-socket-vol-1:
605 redis-vol-1:
606 rspamd-vol-1:
607 solr-vol-1:
608 postfix-vol-1:
609 crypt-vol-1:
610 sogo-web-vol-1:
611 sogo-userdata-backup-vol-1:
Matthias Andreas Benkard1ba53812022-12-27 17:32:58 +0100612 clamd-db-vol-1: