mirror of
https://git.straybits.ca/straybits/docker-samples.git
synced 2024-11-07 18:22:26 +00:00
36 lines
No EOL
2 KiB
Markdown
36 lines
No EOL
2 KiB
Markdown
|
|
# Mailserver Setup
|
|
|
|
This docker container fires up a copy of docker-mailserver.
|
|
* The services SMTP, IMAP, POP, etc are exposed to by tunneling traffic from a public facing VPS
|
|
* Outbound mail is sent through Amazon SES
|
|
* Optionally, inbound mail can be received through Amazon SES (via. S3 bucket) to allow it to be backup/primary MX if you need it.
|
|
* Make sure to update bucket information in `s3-ingest.py`
|
|
|
|
Steps:
|
|
1. You'll need to update parameters in `.env` and `wireguard.conf` and `Caddyfile`
|
|
2. Initially, comment out (from `docker-compose.yml` the two lines starting with ` - ./data/caddy/certificates`). We need to start it once without so that Caddy will fetch our certificates. Once that happens, uncomment those lines and restart.
|
|
3. Setup Mailgun or SES for mail forwarding and enter relay config in `.env`. SES is pretty easy to work with and supports multiple sending domains with a single set of credentials.
|
|
4. Optionally, setup a S3 bucket and configure SES to deliver inbound mail there and then update `s3-ingest.py` and uncomment the lines for mail ingestion from `docker-compose.yml`. This is handy if your VPS/ISP is blocking inbound mail ports.
|
|
|
|
## Front-end Server Wireguard
|
|
|
|
This wireguard configuration would be deployed to the public-facing VPS which will forward interesting traffic (25,465,587,993,995,80,443) through to our docker services.
|
|
|
|
```
|
|
[Interface]
|
|
Address = 10.0.0.1/24 # Private IP for the VPS in the VPN network
|
|
ListenPort = 51820 # Default WireGuard port
|
|
PrivateKey = ##PRIVATE KEY FOR PUBLIC SERVER##
|
|
|
|
# packet forwarding
|
|
PreUp = sysctl -w net.ipv4.ip_forward=1
|
|
|
|
# port forwarding (HTTP) // repeat for each port
|
|
PreUp = iptables -t nat -A PREROUTING -i eth0 -p tcp -m multiport --dports 25,465,587,993,995,80,443 -j DNAT --to-destination 10.0.0.2
|
|
PostDown = iptables -t nat -D PREROUTING -i eth0 -p tcp -m multiport --dports 25,465,587,993,995,80,443 -j DNAT --to-destination 10.0.0.2
|
|
|
|
[Peer]
|
|
PublicKey = ##PUBLIC KEY FOR PRIVATE SERVER##
|
|
AllowedIPs = 10.0.0.2/32 # IP of the home server in VPN
|
|
``` |