docker-samples/mailserver/docker-compose.yml

services:

  wireguard:
    image: lscr.io/linuxserver/wireguard:latest
    hostname: ${HOSTNAME}
    cap_add:
      - NET_ADMIN
    environment:
      - TZ=America/Edmonton
    volumes:
      - ./wireguard.conf:/config/wg_confs/wg0.conf
    restart: always
    sysctls:
      - net.ipv4.ip_forward=1


  mailserver:
    image: ghcr.io/docker-mailserver/docker-mailserver:latest
    network_mode: service:wireguard
    volumes:
      - ./data/dms/mail-data/:/var/mail/
      - ./data/dms/mail-state/:/var/mail-state/
      - ./data/dms/mail-logs/:/var/log/mail/
      - ./data/dms/config/:/tmp/docker-mailserver/
      - /etc/localtime:/etc/localtime:ro

      # Enable ingestion from S3 
      #- ./s3-ingest.py:/usr/local/bin/s3-ingest:ro
      #- ./cron/s3:/etc/cron.d/s3:ro

      # Enable full text searching 
      # https://docker-mailserver.github.io/docker-mailserver/latest/config/advanced/full-text-search/
      - ./fts-xapian-plugin.conf:/etc/dovecot/conf.d/10-plugin.conf:ro
      - ./cron/fts_xapian:/etc/cron.d/fts_xapian:ro
        
      # when initializing, these need to be commented out because they don't exist.
      # until Caddy has had a chance to fetch them.
      - ./data/caddy/certificates/acme.zerossl.com-v2-dv90/${HOSTNAME}/${HOSTNAME}.crt:/etc/letsencrypt/live/${HOSTNAME}/fullchain.pem:ro
      - ./data/caddy/certificates/acme.zerossl.com-v2-dv90/${HOSTNAME}/${HOSTNAME}.key:/etc/letsencrypt/live/${HOSTNAME}/privkey.pem:ro
    environment:
      - ENABLE_RSPAMD=1
      - ENABLE_OPENDMARC=0
      - ENABLE_POLICYD_SPF=0
      - ENABLE_FAIL2BAN=1
      - ENABLE_POSTGREY=1
      - ENABLE_DNSBL=1
      - ENABLE_CLAMAV=1
      - ENABLE_POP3=1

      # We'll leverage certs from Caddy here
      - SSL_TYPE=letsencrypt

      # Assume we can't send outbound mail.  Relay sent mail through
      # something like Mailgun or Amazon SES
      - RELAY_HOST=${RELAY_HOST}
      - RELAY_PORT=${RELAY_PORT}
      - RELAY_USER=${RELAY_USER}
      - RELAY_PASSWORD=${RELAY_PASSWORD}
    cap_add:
      - NET_ADMIN # For Fail2Ban to work
    restart: always

  # ========= WEBMAIL =========================================
  # Who doesn't want webmail.  Besides we can piggy back on this
  # to fetch TLS certificates for our IMAP/SMTP services.

  caddy:
    image: caddy:latest
    restart: always
    network_mode: service:wireguard
    volumes:
      - ./Caddyfile:/etc/caddy/Caddyfile    # Mount Caddyfile for configuration
      - ./data/caddy:/data/caddy            # Persistent storage for certificates

  roundcube:
    image: roundcube/roundcubemail:latest
    container_name: roundcubemail
    restart: always
    volumes:
      - ./data/roundcube/www:/var/www/html
      - ./data/roundcube/db:/var/roundcube/db
    environment:
      - ROUNDCUBEMAIL_DB_TYPE=sqlite
      - ROUNDCUBEMAIL_SKIN=elastic
      - ROUNDCUBEMAIL_DEFAULT_HOST=tls://${HOSTNAME}
      - ROUNDCUBEMAIL_SMTP_SERVER=tls://${HOSTNAME}
many new containers. work in progress 2024-11-02 20:09:56 +00:00			`services:`

			`wireguard:`
			`image: lscr.io/linuxserver/wireguard:latest`
			`hostname: ${HOSTNAME}`
			`cap_add:`
			`- NET_ADMIN`
			`environment:`
			`- TZ=America/Edmonton`
			`volumes:`
			`- ./wireguard.conf:/config/wg_confs/wg0.conf`
			`restart: always`
			`sysctls:`
			`- net.ipv4.ip_forward=1`


			`mailserver:`
			`image: ghcr.io/docker-mailserver/docker-mailserver:latest`
			`network_mode: service:wireguard`
			`volumes:`
			`- ./data/dms/mail-data/:/var/mail/`
			`- ./data/dms/mail-state/:/var/mail-state/`
			`- ./data/dms/mail-logs/:/var/log/mail/`
			`- ./data/dms/config/:/tmp/docker-mailserver/`
			`- /etc/localtime:/etc/localtime:ro`

			`# Enable ingestion from S3`
			`#- ./s3-ingest.py:/usr/local/bin/s3-ingest:ro`
			`#- ./cron/s3:/etc/cron.d/s3:ro`

			`# Enable full text searching`
			`# https://docker-mailserver.github.io/docker-mailserver/latest/config/advanced/full-text-search/`
			`- ./fts-xapian-plugin.conf:/etc/dovecot/conf.d/10-plugin.conf:ro`
			`- ./cron/fts_xapian:/etc/cron.d/fts_xapian:ro`

			`# when initializing, these need to be commented out because they don't exist.`
			`# until Caddy has had a chance to fetch them.`
			`- ./data/caddy/certificates/acme.zerossl.com-v2-dv90/${HOSTNAME}/${HOSTNAME}.crt:/etc/letsencrypt/live/${HOSTNAME}/fullchain.pem:ro`
			`- ./data/caddy/certificates/acme.zerossl.com-v2-dv90/${HOSTNAME}/${HOSTNAME}.key:/etc/letsencrypt/live/${HOSTNAME}/privkey.pem:ro`
			`environment:`
			`- ENABLE_RSPAMD=1`
			`- ENABLE_OPENDMARC=0`
			`- ENABLE_POLICYD_SPF=0`
			`- ENABLE_FAIL2BAN=1`
			`- ENABLE_POSTGREY=1`
			`- ENABLE_DNSBL=1`
			`- ENABLE_CLAMAV=1`
			`- ENABLE_POP3=1`

			`# We'll leverage certs from Caddy here`
			`- SSL_TYPE=letsencrypt`

			`# Assume we can't send outbound mail. Relay sent mail through`
			`# something like Mailgun or Amazon SES`
			`- RELAY_HOST=${RELAY_HOST}`
			`- RELAY_PORT=${RELAY_PORT}`
			`- RELAY_USER=${RELAY_USER}`
			`- RELAY_PASSWORD=${RELAY_PASSWORD}`
			`cap_add:`
			`- NET_ADMIN # For Fail2Ban to work`
			`restart: always`

			`# ========= WEBMAIL =========================================`
			`# Who doesn't want webmail. Besides we can piggy back on this`
			`# to fetch TLS certificates for our IMAP/SMTP services.`

			`caddy:`
			`image: caddy:latest`
			`restart: always`
			`network_mode: service:wireguard`
			`volumes:`
			`- ./Caddyfile:/etc/caddy/Caddyfile # Mount Caddyfile for configuration`
			`- ./data/caddy:/data/caddy # Persistent storage for certificates`

			`roundcube:`
			`image: roundcube/roundcubemail:latest`
			`container_name: roundcubemail`
			`restart: always`
			`volumes:`
			`- ./data/roundcube/www:/var/www/html`
			`- ./data/roundcube/db:/var/roundcube/db`
			`environment:`
			`- ROUNDCUBEMAIL_DB_TYPE=sqlite`
			`- ROUNDCUBEMAIL_SKIN=elastic`
			`- ROUNDCUBEMAIL_DEFAULT_HOST=tls://${HOSTNAME}`
			`- ROUNDCUBEMAIL_SMTP_SERVER=tls://${HOSTNAME}`