fast server implementation?

[JC-os]

Hello Dave, first of all, a BIG thak you for this docker set! Postal is a great software which I enjoy since a long time, but having it in docker is really awesome.

Everything has pro and cons, now my install is much simpler and I can use one server to run other docker services but I miss the domain tracker feature.

Do you have any idea if the fast server could be used in this context to have domain tracking feature?

Best regards

[tiredofit]

Hi there, I have explicitly disabled the fast server in this image as I didn't see the value of it based on the complexity of getting it setup. It would be fairly easy to switch on however, I just would need to know if it is possible to use behind a reverse proxy, as I would not want to use it without. The TLS certificate/self signed certificate generation would be a pain, and would be much easier to put behind something like nginx-proxy/traefik.

Do you have more info on this so that I can understand further?

[JC-os]

Thank you for answering, Initially I used postal on a server with classic install and yes the fast server was quite complex to setup but at the end I did it and it ran fine for a few years. Then the server got destroyed in the OVH incident (fortunately I had backup offsite) but I decided to switch to docker thanks to your image.

In the classic situation let's encrypt was handled by the postal app itself. Actually my setup is using a proxy: nginx:1.13.1 + jwilder/docker-gen + jrcs/letsencrypt-nginx-proxy-companion as suggested here: https://blog.ssdnodes.com/blog/host-multiple-ssl-websites-docker-nginx/

I re-use the nginx TLS certificate to enable TLS on postal so may be the same could be done for the fast server. My idea was that may be it would have been possible to put proxy the web app on port :5000 and the fast server on 80/443 but then I remembered that in that classic config I had two IPs and that might be mandatory.

Unfortunately my knowledge is not enough to tell you if this could work behind a proxy so I have no real info to help this out. That's why I asked you as may be you had a cookbook on your own.

That said, even if the tracking feature is useful in some situations, if it's a pain to have it I have no problem to renounce to it as things are already that complex, you already made a big gift to the comunity :)

[tiredofit]

Sorry to hear about your OVH loss - I suffered as well. Has been a challenging past few weeks. No Data loss on my end either.

I just put some effort into changing the image around to support the fast server from a proxy - It theoretically SHOULD work. Problem is I can't fetch all the ruby dependencies at this time. Mimemagic 0.35 has been yanked from the ruby gem repositories, and I think it's best we wait for developers to update Gem dependencies. I will check back every couple days to see if they have updated it and then push this new image.

I also realize my documentation and options are way out of date - I will spend some time to putting all the options in the README.

[JC-os]

So that OVH incident was really big and I easily imagine your past few weeks, I am happy you got out of it well too.

Thank you very much for your efforts and update the README! No hurry on this and let's catch later on when the developers will be ready so I can test later on the new image.

[tiredofit]

Have a peek at the README now. A new build should be ready as well that should be able to flip on fast server or "TRACKING" under the same IP address. There may be some tweaking needed so I haven't made an actual tagged release yet.

[tiredofit]

FWIW: It's ENABLE_TRACKING=true and TRACK_DOMAIN=track.domain1.com track.domain2.com

[joaoreis81]

First, thank you for the great work. How do you plan to share the letsencrypt key with the nginx frontend for the fastserver when different tracking domains are created? Seems that running nginx in postal app container is a good idea for simplicity, but a nginx ssl auto configuration will be needed too. I´m just exposing some ideas for discussion.

[JC-os]

Hello Dave and thank you for working on this, I am testing the new image but postal seems to never start and the init seems to be kind of stuck on [INFO] ** [fail2ban] Starting Fail2ban. I just add those values to my docker-compose (previously working):

  - ENABLE_TRACKING=false
  - DNS_TRACK_DOMAIN=postaltrack.youhost.eu postaltrack.yhmail.eu      

Should I add also FAST_SERVER_ENABLE_PROXY_PROTOCOL=TRUE?

@joaoreis81 i use the jrcs/letsencrypt-nginx-proxy-companion for TLS cert, could this work for fastserver too?

volumes:
  - ../nginx/certs:/certs
environment: 
  - SMTP_SERVER_ENABLE_TLS=true
  - SMTP_SERVER_TLS_CERT=/certs/smtp.yhmail.eu.crt
  - SMTP_SERVER_TLS_KEY=/certs/smtp.yhmail.eu.key

[tiredofit]

Fast server is definitely designed in this scenario to run behind a proxy server. If using jwilder/nginx-proxy and letsencrypt companion you should have appropriate VIRTUAL_HOSTS and LETSENCRYPT_HOSTS environment variables.

I have no problem using those certs in other applications - that should work fine if you map them to the right one.

I looked at the logs and there are definitely some issues.

If it loops again with this latest pull of :latest lets get the logs this time with these environment variables..

CONTAINER_LOG_LEVEL=DEBUG DEBUG_MODE=TRUE

Careful, strip your secrets out of this log before posting them..

[JC-os]

Yes, i do have environment variables:

  - VIRTUAL_PORT=5000
  - VIRTUAL_HOST=domain
  - LETSENCRYPT_HOST=domain
  - LETSENCRYPT_EMAIL=email

I pulled the new image but I have a loop like this:

+ '[' '!' -f /tmp/state/10-postal-init ']',,
1,
+ print_debug 'Looking for existence of /tmp/state/10-postal-init',
+ output_off,
+ '[' TRUE = TRUE ']',
+ set +x,
[DEBUG] /etc/services.available/10-postal/run ** [container] Looking for existence of /tmp/state/10-postal-init,
+ '[' '!' -f /tmp/state/10-postal-init ']',,

[tiredofit]

Thanks for that. Should be good now with a fresh pull. I'm being sloppy in the morning without coffee.

[JC-os]

Hey Dave, I wouldn't be able to do what you are doing even with liters of coffee ;) That said, I still have the same loop.

[JC-os]

Hello Dave, sorry to disturb you again on this one. Am I missing something or the fast server implementation is still not working? Best regards