many new containers. work in progress
This commit is contained in:
parent
f0f9f608cc
commit
aed48ffdf8
31 changed files with 1042 additions and 1 deletions
36
mailserver/README.md
Normal file
36
mailserver/README.md
Normal file
|
@ -0,0 +1,36 @@
|
|||
|
||||
# Mailserver Setup
|
||||
|
||||
This docker container fires up a copy of docker-mailserver.
|
||||
* The services SMTP, IMAP, POP, etc are exposed to by tunneling traffic from a public facing VPS
|
||||
* Outbound mail is sent through Amazon SES
|
||||
* Optionally, inbound mail can be received through Amazon SES (via. S3 bucket) to allow it to be backup/primary MX if you need it.
|
||||
* Make sure to update bucket information in `s3-ingest.py`
|
||||
|
||||
Steps:
|
||||
1. You'll need to update parameters in `.env` and `wireguard.conf` and `Caddyfile`
|
||||
2. Initially, comment out (from `docker-compose.yml` the two lines starting with ` - ./data/caddy/certificates`). We need to start it once without so that Caddy will fetch our certificates. Once that happens, uncomment those lines and restart.
|
||||
3. Setup Mailgun or SES for mail forwarding and enter relay config in `.env`. SES is pretty easy to work with and supports multiple sending domains with a single set of credentials.
|
||||
4. Optionally, setup a S3 bucket and configure SES to deliver inbound mail there and then update `s3-ingest.py` and uncomment the lines for mail ingestion from `docker-compose.yml`. This is handy if your VPS/ISP is blocking inbound mail ports.
|
||||
|
||||
## Front-end Server Wireguard
|
||||
|
||||
This wireguard configuration would be deployed to the public-facing VPS which will forward interesting traffic (25,465,587,993,995,80,443) through to our docker services.
|
||||
|
||||
```
|
||||
[Interface]
|
||||
Address = 10.0.0.1/24 # Private IP for the VPS in the VPN network
|
||||
ListenPort = 51820 # Default WireGuard port
|
||||
PrivateKey = ##PRIVATE KEY FOR PUBLIC SERVER##
|
||||
|
||||
# packet forwarding
|
||||
PreUp = sysctl -w net.ipv4.ip_forward=1
|
||||
|
||||
# port forwarding (HTTP) // repeat for each port
|
||||
PreUp = iptables -t nat -A PREROUTING -i eth0 -p tcp -m multiport --dports 25,465,587,993,995,80,443 -j DNAT --to-destination 10.0.0.2
|
||||
PostDown = iptables -t nat -D PREROUTING -i eth0 -p tcp -m multiport --dports 25,465,587,993,995,80,443 -j DNAT --to-destination 10.0.0.2
|
||||
|
||||
[Peer]
|
||||
PublicKey = ##PUBLIC KEY FOR PRIVATE SERVER##
|
||||
AllowedIPs = 10.0.0.2/32 # IP of the home server in VPN
|
||||
```
|
Loading…
Add table
Add a link
Reference in a new issue