mirror of
https://github.com/chatmail/relay.git
synced 2026-05-12 09:04:36 +00:00
0585314468
The cert monitoring was an orphaned background process (`monitor_certificates &`) Replace with a proper systemd timer/service (every 60s). Also made journald ForwardToConsole=yes idempotent.
50 lines
1.7 KiB
YAML
50 lines
1.7 KiB
YAML
# Copy docker/example.env to .env and set MAIL_DOMAIN before starting.
|
|
#
|
|
# Security note: this container uses network_mode:host (chatmail needs many
|
|
# ports: 25, 53, 80, 143, 443, 465, 587, 993, 3340, 8443) and cgroup:host
|
|
# (required for systemd). Together these give the container near-host-level
|
|
# access. This is acceptable for a dedicated mail server, but be aware that
|
|
# the container can bind any port and see all host network traffic.
|
|
services:
|
|
chatmail:
|
|
build:
|
|
context: ./
|
|
dockerfile: docker/chatmail_relay.dockerfile
|
|
image: chatmail-relay:latest
|
|
restart: unless-stopped
|
|
container_name: chatmail
|
|
# Required for systemd — use only one of the following:
|
|
cgroup: host # compose v2 only
|
|
# privileged: true # compose v1 (not tested)
|
|
tty: true # required for logs
|
|
tmpfs: # required for systemd
|
|
- /tmp
|
|
- /run
|
|
- /run/lock
|
|
logging:
|
|
driver: json-file
|
|
options:
|
|
max-size: "10m"
|
|
max-file: "3"
|
|
environment:
|
|
MAIL_DOMAIN: $MAIL_DOMAIN
|
|
CMDEPLOY_STAGES: ${CMDEPLOY_STAGES:-}
|
|
USE_FOREIGN_CERT_MANAGER: ${USE_FOREIGN_CERT_MANAGER:-}
|
|
network_mode: "host"
|
|
volumes:
|
|
## system
|
|
- /sys/fs/cgroup:/sys/fs/cgroup:rw # required for systemd
|
|
|
|
## data
|
|
- ./data/chatmail:/home
|
|
- ./data/chatmail-dkimkeys:/etc/dkimkeys
|
|
- ./data/chatmail-acme:/var/lib/acme
|
|
|
|
## optional overrides
|
|
# - ./chatmail.ini:/etc/chatmail/chatmail.ini # use your own config
|
|
# - ./custom/www:/opt/chatmail-www # custom website
|
|
|
|
## debug
|
|
# - ./docker/files/setup_chatmail_docker.sh:/setup_chatmail_docker.sh
|
|
# - ./docker/files/entrypoint.sh:/entrypoint.sh
|