cqrenet/relay
3
0
Fork 0
mirror of https://github.com/chatmail/relay.git synced 2026-05-10 16:04:37 +00:00
Code Issues Packages Projects Releases Wiki Activity

Add traefik config files

Browse Source 
https://github.com/chatmail/relay/pull/614#discussion_r2269887232
This commit is contained in:
Keonik1
2025-08-23 18:02:45 +03:00
parent a01eebe2db
commit d545fc8f10
9 changed files with 82 additions and 204 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
.gitignore vendored
View File

@@ -170,3 +170,4 @@ chatmail.zone
/custom/ /custom/
docker-compose.yaml docker-compose.yaml
.env .env
/traefik/data/

37
docker/docker-compose-traefik.yaml
View File

@@ -69,6 +69,22 @@ services:
- traefik.http.routers.chatmail-relay.tls=true - traefik.http.routers.chatmail-relay.tls=true
- traefik.http.routers.chatmail-relay.tls.certresolver=letsEncrypt - traefik.http.routers.chatmail-relay.tls.certresolver=letsEncrypt
traefik_init:
image: alpine:latest
restart: on-failure
logging:
driver: json-file
options:
max-size: "10m"
max-file: "3"
working_dir: /app
entrypoint: sh -c '
touch acme.json &&
sudo chown 0:0 ./acme.json &&
sudo chmod 600 ./acme.json'
volumes:
- ./traefik/data:/app
traefik: traefik:
image: traefik:v3.3 image: traefik:v3.3
container_name: traefik container_name: traefik
@@ -79,17 +95,20 @@ services:
max-size: "10m" max-size: "10m"
max-file: "3" max-file: "3"
command: command:
- --configFile=/config.yaml - "--configFile=/config.yaml"
- "--certificatesresolvers.letsEncrypt.acme.email=${ACME_EMAIL:-my.email@gmail.com}"
# ports: # ports:
# - "80:80" # - "80:80"
# - "443:443" # - "443:443"
network_mode: host
depends_on:
traefik_init:
condition: service_completed_successfully
volumes: volumes:
- /var/run/docker.sock:/var/run/docker.sock - /var/run/docker.sock:/var/run/docker.sock
- ./data/traefik/config.yaml:/config.yaml - ./traefik/config.yaml:/config.yaml
- ./data/traefik/acme.json:/acme.json - ./traefik/data/acme.json:/acme.json
- ./data/traefik/dynamic-configs:/dynamic/conf - ./traefik/dynamic-configs:/dynamic/conf
network_mode: host
traefik-certs-dumper: traefik-certs-dumper:
image: ldez/traefik-certs-dumper:v2.10.0 image: ldez/traefik-certs-dumper:v2.10.0
@@ -112,6 +131,6 @@ services:
environment: environment:
CERTS_DIR: /data/letsencrypt/certs CERTS_DIR: /data/letsencrypt/certs
volumes: volumes:
- ./data/traefik/letsencrypt:/data/letsencrypt - ./traefik/data/letsencrypt:/data/letsencrypt
- ./data/traefik/acme.json:/data/acme.json - ./traefik/data/acme.json:/data/acme.json
- ./data/traefik/post-hook.sh:/post-hook.sh - ./traefik/post-hook.sh:/post-hook.sh

3
docker/example.env
View File

@@ -1,4 +1,5 @@
MAIL_DOMAIN="chat.example.com" MAIL_DOMAIN="chat.example.com"
ACME_EMAIL="my.email@gmail.com"
PATH_TO_SSL_HOST="/opt/traefik/data/letsencrypt/certs/${MAIL_DOMAIN}" PATH_TO_SSL_HOST="./traefik/data/letsencrypt/certs/${MAIL_DOMAIN}"
PATH_TO_SSL_CONTAINER="/var/lib/acme/live/${MAIL_DOMAIN}" PATH_TO_SSL_CONTAINER="/var/lib/acme/live/${MAIL_DOMAIN}"

2
docker/files/entrypoint.sh
View File

@@ -4,10 +4,12 @@ set -eo pipefail
if [ "${USE_FOREIGN_CERT_MANAGER,,}" == "true" ]; then if [ "${USE_FOREIGN_CERT_MANAGER,,}" == "true" ]; then
if [ ! -f "$PATH_TO_SSL_CONTAINER/fullchain" ]; then if [ ! -f "$PATH_TO_SSL_CONTAINER/fullchain" ]; then
echo "Error: file '$PATH_TO_SSL_CONTAINER/fullchain' does not exist. Exiting..." > /dev/stderr echo "Error: file '$PATH_TO_SSL_CONTAINER/fullchain' does not exist. Exiting..." > /dev/stderr
sleep 2
exit 1 exit 1
fi fi
if [ ! -f "$PATH_TO_SSL_CONTAINER/privkey" ]; then if [ ! -f "$PATH_TO_SSL_CONTAINER/privkey" ]; then
echo "Error: file '$PATH_TO_SSL_CONTAINER/privkey' does not exist. Exiting..." > /dev/stderr echo "Error: file '$PATH_TO_SSL_CONTAINER/privkey' does not exist. Exiting..." > /dev/stderr
sleep 2
exit 1 exit 1
fi fi
fi fi

99
docs/DOCKER_INSTALLATION_EN.md
View File

@@ -88,105 +88,6 @@ Mandatory variables for deployment via Docker:
docker compose build chatmail docker compose build chatmail
``` ```
<details>
<summary>Additional steps for configuring with traefik</summary>
> [!note]
> If you are using the default installation without traefik skip these steps and go to step 7 (running docker compose).
Before starting traefik, configuration files must be prepared; otherwise, it will not start correctly.
First, run these commands in the console, replacing their values with the correct ones:
```shell
export YOUR_EMAIL=your_email@gmail.com
mkdir -p "./data/traefik"
cd "./data/traefik"
```
1. Create a traefik configuration file:
```shell
cat > config.yaml << EOF
log:
level: TRACE
entryPoints:
web:
address: ":80"
http:
redirections:
entryPoint:
to: websecure
permanent: true
websecure:
address: ":443"
providers:
docker:
endpoint: "unix:///var/run/docker.sock"
exposedByDefault: false
file:
directory: /dynamic/conf
watch: true
serverstransport:
insecureskipverify: true
certificatesResolvers:
letsEncrypt:
acme:
email: $YOUR_EMAIL
storage: /acme.json
caServer: "https://acme-v02.api.letsencrypt.org/directory"
tlschallenge: true
httpChallenge:
entryPoint: web
EOF
```
2. Create a post-hook script:
```shell
cat > post-hook.sh << 'EOF'
CERTS_DIR=${CERTS_DIR:-"/data/letsencrypt/certs"}
for dir in "$CERTS_DIR"/*/; do
cd "$dir"
if [ -f "certificate.crt" ]; then
ln -sf certificate.crt fullchain
fi
if [ -f "privatekey.key" ]; then
ln -sf privatekey.key privkey
fi
cd -
done
EOF
```
3. Create the `acme.json` file:
```shell
touch acme.json
sudo chown 0:0 ./acme.json # required
sudo chmod 600 ./acme.json # required
```
4. Create insecure config:
```shell
mkdir dynamic-configs
cat > ./dynamic-configs/insecure.yaml << 'EOF'
http:
serversTransports:
insecure:
insecureSkipVerify: true
EOF
cd ../..
```
</details>
7. Start docker compose and wait for the installation to finish: 7. Start docker compose and wait for the installation to finish:
```shell ```shell

95
docs/DOCKER_INSTALLATION_RU.md
View File

@@ -78,101 +78,6 @@ sudo sysctl --system
docker compose build chatmail docker compose build chatmail
``` ```
<details>
<summary>Дополнительные шаги для конфигурации работы с traefik</summary>
> [!note]
> Если вы используете default установку, без использования traefik - пропустите эти шаги и переходите к шагу 7 (запуск docker compose)
Перед запуском traefik необходимо подготовить файлы конфигурации, иначе он запустится некорректно.
Сначала выполните эти команды в консоли, заменив значения в них на корректные.
```shell
export YOUR_EMAIL=your_email@gmail.com
mkdir -p "./data/traefik"
cd "./data/traefik"
```
1. Создать файл конфигурации traefik
```shell
cat > config.yaml << EOF
log:
level: TRACE
entryPoints:
web:
address: ":80"
http:
redirections:
entryPoint:
to: websecure
permanent: true
websecure:
address: ":443"
providers:
docker:
endpoint: "unix:///var/run/docker.sock"
exposedByDefault: false
file:
directory: /dynamic/conf
watch: true
serverstransport:
insecureskipverify: true
certificatesResolvers:
letsEncrypt:
acme:
email: $YOUR_EMAIL
storage: /acme.json
caServer: "https://acme-v02.api.letsencrypt.org/directory"
tlschallenge: true
httpChallenge:
entryPoint: web
EOF
```
2. Создать post-hook скрипт
```shell
cat > post-hook.sh << 'EOF'
CERTS_DIR=${CERTS_DIR:-"/data/letsencrypt/certs"}
for dir in "$CERTS_DIR"/*/; do
cd "$dir"
if [ -f "certificate.crt" ]; then
ln -sf certificate.crt fullchain
fi
if [ -f "privatekey.key" ]; then
ln -sf privatekey.key privkey
fi
cd -
done
EOF
```
3. Создать `acme.json` файл
```shell
touch acme.json
sudo chown 0:0 ./acme.json # это обязательно
sudo chmod 600 ./acme.json # это обязательно
```
4. Создать insecure config
```shell
mkdir dynamic-configs
cat > ./dynamic-configs/insecure.yaml << 'EOF'
http:
serversTransports:
insecure:
insecureSkipVerify: true
EOF
cd ../..
```
</details>
7. Запустить docker compose и дождаться завершения установки 7. Запустить docker compose и дождаться завершения установки
```shell ```shell
docker compose up -d # запуск сервиса docker compose up -d # запуск сервиса

33
traefik/config.yaml Normal file
View File

@@ -0,0 +1,33 @@
log:
level: TRACE
entryPoints:
web:
address: ":80"
http:
redirections:
entryPoint:
to: websecure
permanent: true
websecure:
address: ":443"
providers:
docker:
endpoint: "unix:///var/run/docker.sock"
exposedByDefault: false
file:
directory: /dynamic/conf
watch: true
serverstransport:
insecureskipverify: true
certificatesResolvers:
letsEncrypt:
acme:
storage: /acme.json
caServer: "https://acme-v02.api.letsencrypt.org/directory"
tlschallenge: true
httpChallenge:
entryPoint: web

4
traefik/dynamic-configs/insecure.yaml Normal file
View File

@@ -0,0 +1,4 @@
http:
serversTransports:
insecure:
insecureSkipVerify: true

12
traefik/post-hook.sh Executable file
View File

@@ -0,0 +1,12 @@
CERTS_DIR=${CERTS_DIR:-"/data/letsencrypt/certs"}
for dir in "$CERTS_DIR"/*/; do
cd "$dir"
if [ -f "certificate.crt" ]; then
ln -sf certificate.crt fullchain
fi
if [ -f "privatekey.key" ]; then
ln -sf privatekey.key privkey
fi
cd -
done