many new containers. work in progress

This commit is contained in:
Jeff Clement 2024-11-02 14:09:56 -06:00
parent f0f9f608cc
commit aed48ffdf8
Signed by: jeff
GPG key ID: 3BCB43A3F0E1D7DA
31 changed files with 1042 additions and 1 deletions

36
mailserver/README.md Normal file
View file

@ -0,0 +1,36 @@
# Mailserver Setup
This docker container fires up a copy of docker-mailserver.
* The services SMTP, IMAP, POP, etc are exposed to by tunneling traffic from a public facing VPS
* Outbound mail is sent through Amazon SES
* Optionally, inbound mail can be received through Amazon SES (via. S3 bucket) to allow it to be backup/primary MX if you need it.
* Make sure to update bucket information in `s3-ingest.py`
Steps:
1. You'll need to update parameters in `.env` and `wireguard.conf` and `Caddyfile`
2. Initially, comment out (from `docker-compose.yml` the two lines starting with ` - ./data/caddy/certificates`). We need to start it once without so that Caddy will fetch our certificates. Once that happens, uncomment those lines and restart.
3. Setup Mailgun or SES for mail forwarding and enter relay config in `.env`. SES is pretty easy to work with and supports multiple sending domains with a single set of credentials.
4. Optionally, setup a S3 bucket and configure SES to deliver inbound mail there and then update `s3-ingest.py` and uncomment the lines for mail ingestion from `docker-compose.yml`. This is handy if your VPS/ISP is blocking inbound mail ports.
## Front-end Server Wireguard
This wireguard configuration would be deployed to the public-facing VPS which will forward interesting traffic (25,465,587,993,995,80,443) through to our docker services.
```
[Interface]
Address = 10.0.0.1/24 # Private IP for the VPS in the VPN network
ListenPort = 51820 # Default WireGuard port
PrivateKey = ##PRIVATE KEY FOR PUBLIC SERVER##
# packet forwarding
PreUp = sysctl -w net.ipv4.ip_forward=1
# port forwarding (HTTP) // repeat for each port
PreUp = iptables -t nat -A PREROUTING -i eth0 -p tcp -m multiport --dports 25,465,587,993,995,80,443 -j DNAT --to-destination 10.0.0.2
PostDown = iptables -t nat -D PREROUTING -i eth0 -p tcp -m multiport --dports 25,465,587,993,995,80,443 -j DNAT --to-destination 10.0.0.2
[Peer]
PublicKey = ##PUBLIC KEY FOR PRIVATE SERVER##
AllowedIPs = 10.0.0.2/32 # IP of the home server in VPN
```