search

simple-login / simplelogin-postfix-docker

The missing Docker image for SimpleLogin Postfix
https://hub.docker.com/r/simplelogin/postfix
GNU General Public License v3.0
22 stars 21 forks source link

Added ability to use LE staging via env #4

Closed imro2 closed 4 months ago

imro2 commented 3 years ago

Adding the ability to use Let's encrypt staging server via cli.ini template. Related to issue #2

nguyenkims commented 3 years ago

@doanguyen hey can you have a look at this PR when you have free time :)?

smargold476 commented 2 years ago

Hi @imro2 are you still using the simplelogin-postfix-docker project? Looks like nobody is maintaining that project? Do you have any Information? Regards

imro2 commented 2 years ago

@smargold476 I still use it. However I use a modified version that does DNS verification with Let's encrypt.

rehanone commented 1 year ago

Maybe take a look at this separate container. https://hub.docker.com/r/rehanone/auto-cert-manager. I supports the staging. I think this container should do just postfixand not certificate management.

rehanone commented 1 year ago

I would like to propose that we remove the CertBot support completely from this repo and make it work best in providing support for Postfix which is its original purpose. The SSL_CERT_FOLDER provides a great way to supply the certs for this repo. I have actually refactored the cert generation out into a standalone docker image like this:

  cert-manager:
    image: rehanone/auto-cert-manager:${CERT_MANAGER_VERSION}
    container_name: 'simplelogin-cert-manager'
    secrets:
      - linode_api_key
    environment:
      DOMAINS: example.com
      EMAIL: ${CERT_MANAGER_EMAIL}
      CERTBOT_PLUGIN: linode
      LINODE_API_KEY_FILE: /run/secrets/linode_api_key
      PROPAGATION_SECONDS: ${CERT_MANAGER_PROPAGATION_SECONDS}
      DEBUG: true
      STAGING: ${CERT_MANAGER_STAGING}
    volumes:
      - type: bind
        source: /docker-data/simplelogin/tls/letsencrypt
        target: /etc/letsencrypt
        read_only: false
      - type: bind
        source: /docker-data/simplelogin/tls/certs
        target: /certs
        read_only: false
      - type: bind
        source: /docker-data/simplelogin/tls/log
        target: /var/log/letsencrypt
        read_only: false
    restart: 'unless-stopped'

  postfix:
    image: simplelogin/postfix:${POSTFIX_VERSION}
    container_name: 'simplelogin-postfix'
    secrets:
      - postgres
    networks:
      - sl-net
    environment:
      ALIASES_DEFAULT_DOMAIN: example.com
      DB_HOST: db
      DB_USER: ${DB_USER}
      DB_PASSWORD_FILE: /run/secrets/postgres
      DB_NAME: simplelogin
      LETSENCRYPT_EMAIL: example@example.com
      EMAIL_HANDLER_HOST: email
      POSTFIX_FQDN: sl.mahmoods.org
      SSL_CERT_FOLDER: /etc/letsencrypt/live/app.example.com
      SIMPLELOGIN_COMPATIBILITY_MODE: ${SIMPLELOGIN_COMPATIBILITY_MODE}
      RELAY_HOST: ${RELAY_HOST}
      RELAY_HOST_USERNAME: ${RELAY_HOST_USERNAME}
      RELAY_HOST_PASSWORD: ${RELAY_HOST_PASSWORD}
    volumes:
      - type: bind
        source: /docker-data/simplelogin/tls/letsencrypt
        target: /etc/letsencrypt
        read_only: true
    ports:
      - "25:25/tcp"
    depends_on:
      db:
        condition: service_healthy
    restart: 'unless-stopped'
springcomp commented 1 year ago

I would like to propose that we remove the CertBot support completely from this repo and make it work best in providing support for Postfix which is its original purpose.

I strongly support this recommendation.

I think, from a separation of concerns point of view, this Docker image should not concern itself with issueing and renewing certificates. One can choose, for instance, an alternate mechanis than Certbot. In fact, in my self-host, I use acme.sh which has better or simpler integration with my DNS provider for wildcard certificates.

rehanone commented 4 months ago

Closing this PR as it is not required anymore.