youtous / docker-mailserver-traefik Goto Github PK
View Code? Open in Web Editor NEW๐ณ โ๏ธ Automatically renew docker-mailserver/docker-mailserver certificates using traefik.
License: MIT License
docker-mailserver-traefik's People
Contributors
Stargazers
Watchers
Forkers
infostreams digitalsanity harinugroho yashodhank chewtoys ivan-leschinsky sergeydjam mvandermeulen jiriks74 raf1hhdocker-mailserver-traefik's Issues
Dovecot not using proper certificate, but Postfix does
Hello, I have a pretty standard configuration, with latests images from tvial/docker-mailserver and your Docker image, using Docker compose. Postfix certificate is OK, but Dovecot is the generic Let's Encrypt and never gets updated.
My boot logs:
Attaching to roundcube, mail, mailserver-traefik
mail | 2021-01-05 12:07:53,559 CRIT Supervisor running as root (no user in config file)
mail | 2021-01-05 12:07:53,561 INFO Included extra file "/etc/supervisor/conf.d/saslauth.conf" during parsing
mail | 2021-01-05 12:07:53,562 INFO Included extra file "/etc/supervisor/conf.d/supervisor-app.conf" during parsing
mail | 2021-01-05 12:07:53,612 INFO RPC interface 'supervisor' initialized
mail | 2021-01-05 12:07:53,613 CRIT Server 'unix_http_server' running without any HTTP authentication checking
mail | 2021-01-05 12:07:53,614 INFO supervisord started with pid 1
mail | 2021-01-05 12:07:54,625 INFO spawned: 'mailserver' with pid 25
mail |
mail | 2021-01-05 12:07:54,728 INFO success: mailserver entered RUNNING state, process has stayed up for > than 0 seconds (startsecs)
mail | #
mail | #
mail | # ENV
mail | #
mail | #
mail |
mail | DEFAULT_RELAY_HOST=
mail | RELAY_PORT=25
mail | SASLAUTHD_LDAP_FILTER=
mail | FETCHMAIL_POLL=300
mail | POSTGREY_DELAY=300
mail | RELAY_HOST=
mail | RELAY_USER=
mail | SASLAUTHD_LDAP_SEARCH_BASE=
mail | SASLAUTHD_MECHANISMS=
mail | SA_SPAM_SUBJECT=***SPAM*****
mail | SPOOF_PROTECTION=1
mail | LDAP_BIND_PW=
mail | HOSTNAME=<my-domain>
mail | ENABLE_LDAP=0
mail | OVERRIDE_HOSTNAME=
mail | SASLAUTHD_LDAP_PASSWORD=
mail | REPORT_RECIPIENT=1
mail | LDAP_SERVER_HOST=
mail | SASLAUTHD_LDAP_START_TLS=
mail | POSTMASTER_ADDRESS=<my-user>@<my-domain>
mail | REPORT_SENDER=
mail | LDAP_SEARCH_BASE=
mail | DOMAINNAME=<my-domain>
mail | LDAP_BIND_DN=
mail | ENABLE_POSTFIX_VIRTUAL_TRANSPORT=
mail | TLS_LEVEL=modern
mail | SA_TAG=2.0
mail | REPORT_INTERVAL=daily
mail | ENABLE_MANAGESIEVE=0
mail | SMTP_ONLY=0
mail | PERMIT_DOCKER=
mail | SA_TAG2=6.31
mail | POSTFIX_MESSAGE_SIZE_LIMIT=10240000
mail | POSTFIX_MAILBOX_SIZE_LIMIT=0
mail | PWD=/
mail | POSTFIX_DAGENT=
mail | LDAP_QUERY_FILTER_USER=
mail | DOVECOT_TLS=1
mail | HOME=/root
mail | SA_KILL=6.31
mail | DMS_DEBUG=1
mail | ENABLE_FAIL2BAN=0
mail | SSL_TYPE=manual
mail | SUPERVISOR_PROCESS_NAME=mailserver
mail | SSL_KEY_PATH=/var/mail-state/manual-ssl/key
mail | POSTSCREEN_ACTION=enforce
mail | SUPERVISOR_ENABLED=1
mail | LDAP_QUERY_FILTER_ALIAS=
mail | SASLAUTHD_LDAP_SERVER=
mail | SASL_PASSWD=
mail | SASLAUTHD_LDAP_BIND_DN=
mail | ENABLE_SPAMASSASSIN=1
mail | CONTAINER_NAME=mail
mail | ENABLE_POSTGREY=0
mail | RELAY_PASSWORD=
mail | ENABLE_FETCHMAIL=0
mail | SRS_SECRET=
mail | VIRUSMAILS_DELETE_DELAY=7
mail | SSL_CERT_PATH=/var/mail-state/manual-ssl/cert
mail | SASLAUTHD_MECH_OPTIONS=
mail | SASLAUTHD_LDAP_TLS_CHECK_PEER=
mail | SHLVL=1
mail | ENABLE_SRS=0
mail | ENABLE_SASLAUTHD=0
mail | SUPERVISOR_GROUP_NAME=mailserver
mail | LDAP_QUERY_FILTER_DOMAIN=
mail | DOVECOT_USER_FILTER=
mail | ENABLE_CLAMAV=0
mail | POSTGREY_AUTO_WHITELIST_CLIENTS=5
mail | SASLAUTHD_LDAP_SSL=
mail | PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
mail | DOVECOT_PASS_FILTER=
mail | POSTGREY_TEXT=Delayed by postgrey
mail | ONE_DIR=0
mail | SUPERVISOR_SERVER_URL=unix:///dev/shm/supervisor.sock
mail | POSTGREY_MAX_AGE=35
mail | ENABLE_POP3=0
mail | LDAP_QUERY_FILTER_GROUP=
mail | LDAP_START_TLS=no
mail | SRS_EXCLUDE_DOMAINS=
mail | _=/usr/bin/printenv
mail |
mail | #
mail | #
mail | # docker-mailserver
mail | #
mail | #
mail |
mail | Initializing setup
mail | Registering check,setup,fix,misc and start-daemons functions
mail | * _check_environment_variables() registered
mail | * _check_hostname() registered
mail | * _setup_default_vars() registered
mail | * _setup_dovecot() registered
mail | * _setup_dovecot_dhparam() registered
mail | * _setup_dovecot_local_user() registered
mail | * _setup_dkim() registered
mail | * _setup_ssl() registered
mail | * _setup_docker_permit() registered
mail | * _setup_mailname() registered
mail | * _setup_amavis() registered
mail | * _setup_dmarc_hostname() registered
mail | * _setup_postfix_hostname() registered
mail | * _setup_dovecot_hostname() registered
mail | * _setup_postfix_smtputf8() registered
mail | * _setup_postfix_sasl() registered
mail | * _setup_postfix_sasl_password() registered
mail | * _setup_security_stack() registered
mail | * _setup_postfix_aliases() registered
mail | * _setup_postfix_vhost() registered
mail | * _setup_postfix_dhparam() registered
mail | * _setup_postfix_postscreen() registered
mail | * _setup_postfix_sizelimits() registered
mail | * _setup_spoof_protection() registered
mail | * _setup_postfix_access_control() registered
mail | * _setup_postfix_override_configuration() registered
mail | * _setup_environment() registered
mail | * _setup_logrotate() registered
mail | * _setup_mail_summary() registered
mail | * _setup_logwatch() registered
mail | * _setup_chksum_file() registered
mail | * _fix_var_mail_permissions() registered
mail | * _fix_var_amavis_permissions() registered
mail | * _fix_cleanup_clamav() registered
mail | * _misc_save_states() registered
mail | * _start_daemons_cron() registered
mail | * _start_daemons_rsyslog() registered
mail | * _start_daemons_dovecot() registered
mail | * _start_daemons_opendkim() registered
mail | * _start_daemons_opendmarc() registered
mail | * _start_daemons_postfix() registered
mail | * _start_changedetector() registered
mail | * _start_daemons_amavis() registered
mail | Checking configuration
mail | Check that there are no conflicts with env variables [_check_environment_variables]
mail | Check that hostname/domainname is provided or overidden (no default docker hostname/kubernetes) [_check_hostname]
mail | * Domain has been set to <my-domain>
mail | * Hostname has been set to <my-domain>
mail | Configuring mail server
mail | Setting up default variables [_setup_default_vars]
mail | * Set POSTFIX_MESSAGE_SIZE_LIMIT=10240000
mail | * Set ENABLE_LDAP=0
mail | * Set PFLOGSUMM_TRIGGER=logrotate
mail | * Set OVERRIDE_HOSTNAME=
mail | * Set DMS_DEBUG=1
mail | * Set LOGWATCH_RECIPIENT=<my-user>@<my-domain>
mail | * Set POSTFIX_MAILBOX_SIZE_LIMIT=0
mail | * Set ENABLE_CLAMAV=0
mail | * Set POSTGREY_AUTO_WHITELIST_CLIENTS=5
mail | * Set LOGWATCH_INTERVAL=none
mail | * Set ENABLE_FAIL2BAN=0
mail | * Set FETCHMAIL_POLL=300
mailserver-traefik | [INFO] Running on a regular host.
mailserver-traefik | [INFO] 1 domain(s) to watch: <my-domain>
mailserver-traefik | [INFO] Configured to automatically push existing certificates in containers every 15m (PUSH_PERIOD=15m).
mailserver-traefik | [INFO] file selected as certificates source
mailserver-traefik | [INFO] Traefik v2 selected as target
mailserver-traefik |
mailserver-traefik | [INFO] Pushing <my-domain> to 1 subscribed containers
mailserver-traefik | [INFO] Pushing <my-domain> certificate in container bd6075d673b3
mailserver-traefik | [INFO] <my-domain> - new certificate '/tmp/ssl/fullchain.pem' received on mailserver container
mailserver-traefik | [INFO] <my-domain> - Cert update: new certificate copied into container
mailserver-traefik | [INFO] <my-domain> - Cert update: restarting daemons Postfix and Dovecot
mailserver-traefik | postfix: ERROR (not running)
mailserver-traefik | postfix: started
mailserver-traefik | dovecot: ERROR (not running)
mailserver-traefik | dovecot: started
mailserver-traefik | [INFO] <my-domain> - ONE_DIR detected, generating copy in /var/mail/manual-ssl/{cert,key}
mailserver-traefik |
mail | * Set TLS_LEVEL=modern
mail | * Set ENABLE_SPAMASSASSIN=1
mail | * Set DOVECOT_TLS=1
mail | * Set REPORT_RECIPIENT=<my-user>@<my-domain>
mail | * Set POSTGREY_DELAY=300
mail | * Set POSTGREY_TEXT=Delayed by postgrey
mail | * Set PFLOGSUMM_RECIPIENT=<my-user>@<my-domain>
mail | * Set ENABLE_POSTGREY=0
mail | * Set POSTGREY_MAX_AGE=35
mail | * Set POSTMASTER_ADDRESS=<my-user>@<my-domain>
mail | * Set ENABLE_FETCHMAIL=0
mail | * Set REPORT_SENDER=mailserver-report@<my-domain>
mail | * Set ENABLE_MANAGESIEVE=0
mail | * Set VIRUSMAILS_DELETE_DELAY=7
mail | * Set ENABLE_SRS=0
mail | * Set POSTSCREEN_ACTION=enforce
mail | * Set ENABLE_POP3=0
mail | * Set ENABLE_SASLAUTHD=0
mail | * Set PFLOGSUMM_SENDER=mailserver-report@<my-domain>
mail | * Set SMTP_ONLY=0
mail | * Set LDAP_START_TLS=no
mail | * Set LOGROTATE_INTERVAL=daily
mail | * Set SPOOF_PROTECTION=1
mail | Setting up Dovecot
mail | Setting up Dovecot dhparam
mail | * Generate new dhparams for dovecot
mail | Generating DH parameters, 2048 bit long safe prime, generator 2
mail | This is going to take a long time
mail | 2021-01-05 12:07:55,350 INFO spawned: 'postfix' with pid 47
mail | 2021-01-05 12:07:55,360 INFO success: postfix entered RUNNING state, process has stayed up for > than 0 seconds (startsecs)
mail | 2021-01-05 12:07:56,217 INFO spawned: 'dovecot' with pid 100
mail | 2021-01-05 12:07:56,220 INFO success: dovecot entered RUNNING state, process has stayed up for > than 0 seconds (startsecs)
mail | .+........................................................................................................................................+.....................................................................................................................................................................................................+.............................................................................................................................+...............................................................................+........................................................................................+...+..........+..................................................................................+......................................................................................+...............+......+........................+.................................................................................+........................................+..............................................................+.........................................+.............................................................................................................+..................................+..................+......................................................................................................+.............................................+.......+.+..............+......................+..............................+............................................+...................................................................+............................................+..................................................................................................................................................................++*++*++*++*
mail | Setting up Dovecot Local User
mail | * Checking file line endings
mail | * Regenerating postfix user list
mail | * user '<my-user>' for domain '<my-domain>' with password '********'
mail | Setting up DKIM
mail | * DKIM keys added for: <my-domain>
mail | * Changing permissions on /etc/opendkim
mail | * Nameservers added to /etc/opendkim.conf
mail | Setting up SSL
mail | * TLS configured with 'modern' ciphers
mail | * Configuring certificates using cert /var/mail-state/manual-ssl/cert and key /var/mail-state/manual-ssl/key
mail | * SSL configured with 'Manual' certificates
mail | Setting up PERMIT_DOCKER Option
mail | * Adding container ip in my networks
mail | Setting up Mailname
mail | * Creating /etc/mailname
mail | Setting up Amavis
mail | * Applying hostname to /etc/amavis/conf.d/05-node_id
mail | Setting up dmarc
mail | * Applying hostname to /etc/opendmarc.conf
mail | Applying hostname and domainname to Postfix
mail | * Applying hostname to /etc/postfix/main.cf
mail | Applying hostname to Dovecot
mail | * Applying hostname to /etc/dovecot/conf.d/15-lda.conf
mail | * Configuring postfix smtputf8 support (disable)
mail | Setting up Postfix SASL Password
mail | * Warning: 'SASL_PASSWD' is not provided. /etc/postfix/sasl_passwd not created.
mail | Setting up Security Stack
mail | * Enabling and configuring spamassassin
mail | * Clamav is disabled. You can enable it with 'ENABLE_CLAMAV=1'
mail | Setting up Postfix Aliases
mail | * Warning 'config/postfix-virtual.cf' is not provided. No mail alias/forward created.
mail | * Configuring root alias
mail | Setting up Postfix vhost
mail | Setting up Postfix dhparam
mail | * Copy dovecot dhparams to postfix
mail | * Configuring postscreen
mail | * Configuring postfix message size limit
mail | * Configuring postfix mailbox size limit
mail | * Configuring Spoof Protection
mail | * Configuring user access
mail | Setting up Postfix Override configuration
mail | * No extra postfix settings loaded because optional '/tmp/docker-mailserver/postfix-main.cf' not provided.
mail | * No extra postfix settings loaded because optional '/tmp/docker-mailserver/postfix-master.cf' not provided.
mail | * set the compatibility level to 2
mail | Setting up /etc/environment
mail | * Setting up logrotate
mail | * Setting postfix logrotate interval to daily
mail | * Enable postfix summary with recipient <my-user>@<my-domain>
mail | * Add postrotate action for pflogsumm report
mail | * Enable logwatch reports with recipient <my-user>@<my-domain>
mail | Setting up configuration checksum file
mail | /tmp/docker-mailserver /
mail | * Creating /tmp/docker-mailserver-config-chksum
mail | /
mail | Checking /var/mail permissions
mail | * Fixing /var/mail permissions
mail | Checking $amavis_state_dir permissions
mail | * Permissions in /var/lib/amavis look OK
mail | Cleaning up disabled Clamav
mail | Starting Misc
mail | Starting mail server
mail | Starting cron2021-01-05 12:08:17,979 INFO spawned: 'cron' with pid 948
mail | 2021-01-05 12:08:17,980 INFO success: cron entered RUNNING state, process has stayed up for > than 0 seconds (startsecs)
mail | cron: started
roundcube | roundcubemail not found in /var/www/html - copying now...
roundcube | Complete! ROUNDCUBEMAIL has been successfully copied to /var/www/html
roundcube | /docker-entrypoint.sh: line 17: [: missing `]'
roundcube | /docker-entrypoint.sh: line 20: [: missing `]'
roundcube | Write config to /var/www/html/config/config.inc.php
roundcube | AH00558: apache2: Could not reliably determine the server's fully qualified domain name, using 172.19.0.14. Set the 'ServerName' directive globally to suppress this message
roundcube | AH00558: apache2: Could not reliably determine the server's fully qualified domain name, using 172.19.0.14. Set the 'ServerName' directive globally to suppress this message
roundcube | [Tue Jan 05 12:07:54.643528 2021] [mpm_prefork:notice] [pid 1] AH00163: Apache/2.4.38 (Debian) PHP/7.2.21 configured -- resuming normal operations
roundcube | [Tue Jan 05 12:07:54.660594 2021] [core:notice] [pid 1] AH00094: Command line: 'apache2 -D FOREGROUND'
mail | Starting rsyslog 2021-01-05 12:08:18,213 INFO spawned: 'rsyslog' with pid 950
mail | 2021-01-05 12:08:18,214 INFO success: rsyslog entered RUNNING state, process has stayed up for > than 0 seconds (startsecs)
mail | rsyslog: started
mail | Starting dovecot servicesdovecot: ERROR (already started)
mail | Starting opendkim 2021-01-05 12:08:18,783 INFO spawned: 'opendkim' with pid 955
mail | 2021-01-05 12:08:18,785 INFO success: opendkim entered RUNNING state, process has stayed up for > than 0 seconds (startsecs)
mail | opendkim: started
mail | Starting opendmarc 2021-01-05 12:08:19,049 INFO spawned: 'opendmarc' with pid 963
mail | 2021-01-05 12:08:19,050 INFO success: opendmarc entered RUNNING state, process has stayed up for > than 0 seconds (startsecs)
mail | opendmarc: started
mail | Starting postfixpostfix: ERROR (already started)
mail | Starting changedetector2021-01-05 12:08:19,532 INFO spawned: 'changedetector' with pid 971
mail | 2021-01-05 12:08:19,534 INFO success: changedetector entered RUNNING state, process has stayed up for > than 0 seconds (startsecs)
mail | changedetector: started
mail | Starting amavis2021-01-05 12:08:19,821 INFO spawned: 'amavis' with pid 976
mail | 2021-01-05 12:08:19,823 INFO success: amavis entered RUNNING state, process has stayed up for > than 0 seconds (startsecs)
mail | amavis: started
mail |
mail | #
mail | # <my-domain> is up and running
mail | #
mail |
mail | Jan 5 12:08:20 mail amavis[976]: starting. /usr/sbin/amavisd-new at <my-domain> amavisd-new-2.10.1 (20141025), Unicode aware
mail | Jan 5 12:08:21 mail amavis[976]: Net::Server: Group Not Defined. Defaulting to EGID '111 111'
mail | Jan 5 12:08:21 mail amavis[976]: Net::Server: User Not Defined. Defaulting to EUID '109'
mail | Jan 5 12:08:21 mail amavis[976]: Module Amavis::Conf 2.404
mail | Jan 5 12:08:21 mail amavis[976]: Module Archive::Zip 1.59
mail | Jan 5 12:08:21 mail amavis[976]: Module BerkeleyDB 0.55
mail | Jan 5 12:08:21 mail amavis[976]: Module Compress::Raw::Zlib 2.069
mail | Jan 5 12:08:21 mail amavis[976]: Module Compress::Zlib 2.069001
mail | Jan 5 12:08:21 mail amavis[976]: Module Crypt::OpenSSL::RSA 0.28
mail | Jan 5 12:08:21 mail amavis[976]: Module DB_File 1.835
mail | Jan 5 12:08:21 mail amavis[976]: Module Digest::MD5 2.54
mail | Jan 5 12:08:21 mail amavis[976]: Module Digest::SHA 5.95_01
mail | Jan 5 12:08:21 mail amavis[976]: Module Encode 2.80_01
mail | Jan 5 12:08:21 mail amavis[976]: Module File::Temp 0.2304
mail | Jan 5 12:08:21 mail amavis[976]: Module IO::Socket::INET6 2.72
mail | Jan 5 12:08:21 mail amavis[976]: Module IO::Socket::IP 0.37
mail | Jan 5 12:08:21 mail amavis[976]: Module MIME::Entity 5.508
mail | Jan 5 12:08:21 mail amavis[976]: Module MIME::Parser 5.508
mail | Jan 5 12:08:21 mail amavis[976]: Module MIME::Tools 5.508
mail | Jan 5 12:08:21 mail amavis[976]: Module Mail::DKIM::Verifier 0.4
mail | Jan 5 12:08:21 mail amavis[976]: Module Mail::Header 2.18
mail | Jan 5 12:08:21 mail amavis[976]: Module Mail::Internet 2.18
mail | Jan 5 12:08:21 mail amavis[976]: Module Mail::SPF v2.009
mail | Jan 5 12:08:21 mail amavis[976]: Module Mail::SpamAssassin 3.004002
mail | Jan 5 12:08:21 mail amavis[976]: Module Net::DNS 1.07
mail | Jan 5 12:08:21 mail amavis[976]: Module Net::LibIDN 0.12
mail | Jan 5 12:08:21 mail amavis[976]: Module Net::Server 2.008
mail | Jan 5 12:08:21 mail amavis[976]: Module NetAddr::IP 4.079
mail | Jan 5 12:08:21 mail amavis[976]: Module Razor2::Client::Version 2.84
mail | Jan 5 12:08:21 mail amavis[976]: Module Scalar::Util 1.4202
mail | Jan 5 12:08:21 mail amavis[976]: Module Socket 2.020_03
mail | Jan 5 12:08:21 mail amavis[976]: Module Socket6 0.27
mail | Jan 5 12:08:21 mail amavis[976]: Module Time::HiRes 1.9733
mail | Jan 5 12:08:21 mail amavis[976]: Module URI 1.71
mail | Jan 5 12:08:21 mail amavis[976]: Module Unix::Syslog 1.1
mail | Jan 5 12:08:21 mail amavis[976]: Amavis::ZMQ code NOT loaded
mail | Jan 5 12:08:21 mail amavis[976]: Amavis::DB code loaded
mail | Jan 5 12:08:21 mail amavis[976]: SQL base code NOT loaded
mail | Jan 5 12:08:21 mail amavis[976]: SQL::Log code NOT loaded
mail | Jan 5 12:08:21 mail amavis[976]: SQL::Quarantine NOT loaded
mail | Jan 5 12:08:21 mail amavis[976]: Lookup::SQL code NOT loaded
mail | Jan 5 12:08:21 mail amavis[976]: Lookup::LDAP code NOT loaded
mail | Jan 5 12:08:21 mail amavis[976]: AM.PDP-in proto code loaded
mail | Jan 5 12:08:21 mail amavis[976]: SMTP-in proto code loaded
mail | Jan 5 12:08:21 mail amavis[976]: Courier proto code NOT loaded
mail | Jan 5 12:08:21 mail amavis[976]: SMTP-out proto code loaded
mail | Jan 5 12:08:21 mail amavis[976]: Pipe-out proto code NOT loaded
mail | Jan 5 12:08:21 mail amavis[976]: BSMTP-out proto code NOT loaded
mail | Jan 5 12:08:21 mail amavis[976]: Local-out proto code loaded
mail | Jan 5 12:08:21 mail amavis[976]: OS_Fingerprint code NOT loaded
mail | Jan 5 12:08:21 mail amavis[976]: ANTI-VIRUS code NOT loaded
mail | Jan 5 12:08:21 mail amavis[976]: ANTI-SPAM code loaded
mail | Jan 5 12:08:21 mail amavis[976]: ANTI-SPAM-EXT code NOT loaded
mail | Jan 5 12:08:21 mail amavis[976]: ANTI-SPAM-C code NOT loaded
mail | Jan 5 12:08:21 mail amavis[976]: ANTI-SPAM-SA code loaded
mail | Jan 5 12:08:21 mail amavis[976]: Unpackers code loaded
mail | Jan 5 12:08:21 mail amavis[976]: DKIM code NOT loaded
mail | Jan 5 12:08:21 mail amavis[976]: Tools code NOT loaded
mail | Jan 5 12:08:21 mail amavis[976]: Found $file at /usr/bin/file
mail | Jan 5 12:08:21 mail amavis[976]: No $altermime, not using it
mail | Jan 5 12:08:21 mail amavis[976]: Internal decoder for .mail
mail | Jan 5 12:08:21 mail amavis[976]: Found decoder for .Z at /bin/uncompress
mail | Jan 5 12:08:21 mail amavis[976]: Found decoder for .gz at /bin/gzip -d
mail | Jan 5 12:08:21 mail amavis[976]: Found decoder for .bz2 at /bin/bzip2 -d
mail | Jan 5 12:08:21 mail amavis[976]: Found decoder for .xz at /usr/bin/xz -dc
mail | Jan 5 12:08:21 mail amavis[976]: Found decoder for .lzma at /usr/bin/xz -dc --format=lzma
mail | Jan 5 12:08:21 mail amavis[976]: Found decoder for .lrz at /usr/bin/lrzip -q -k -d -o -
mail | Jan 5 12:08:21 mail amavis[976]: Found decoder for .lzo at /usr/bin/lzop -d
mail | Jan 5 12:08:21 mail amavis[976]: Found decoder for .lz4 at /usr/bin/lz4c -d
mail | Jan 5 12:08:21 mail amavis[976]: Found decoder for .rpm at /usr/bin/rpm2cpio
mail | Jan 5 12:08:21 mail amavis[976]: Found decoder for .cpio at /bin/pax
mail | Jan 5 12:08:21 mail amavis[976]: Found decoder for .tar at /bin/pax
mail | Jan 5 12:08:21 mail amavis[976]: Found decoder for .deb at /usr/bin/ar
mail | Jan 5 12:08:21 mail amavis[976]: Found decoder for .rar at /usr/bin/unrar-free
mail | Jan 5 12:08:21 mail amavis[976]: Found decoder for .arj at /usr/bin/arj
mail | Jan 5 12:08:21 mail amavis[976]: Found decoder for .arc at /usr/bin/nomarch
mail | Jan 5 12:08:21 mail amavis[976]: Found decoder for .zoo at /usr/bin/zoo
mail | Jan 5 12:08:21 mail amavis[976]: Found decoder for .doc at /usr/bin/ripole
mail | Jan 5 12:08:21 mail amavis[976]: Found decoder for .cab at /usr/bin/cabextract
mail | Jan 5 12:08:21 mail amavis[976]: Internal decoder for .tnef
mail | Jan 5 12:08:21 mail amavis[976]: Found decoder for .zip at /usr/bin/7za
mail | Jan 5 12:08:21 mail amavis[976]: Found decoder for .kmz at /usr/bin/7za
mail | Jan 5 12:08:21 mail amavis[976]: Found decoder for .7z at /usr/bin/7zr
mail | Jan 5 12:08:21 mail amavis[976]: Found decoder for .jar at /usr/bin/7z
mail | Jan 5 12:08:21 mail amavis[976]: Found decoder for .swf at /usr/bin/7z
mail | Jan 5 12:08:21 mail amavis[976]: Found decoder for .lha at /usr/bin/7z
mail | Jan 5 12:08:21 mail amavis[976]: Found decoder for .iso at /usr/bin/7z
mail | Jan 5 12:08:21 mail amavis[976]: Found decoder for .exe at /usr/bin/unrar-free; /usr/bin/arj
mail | Jan 5 12:08:21 mail amavis[976]: No decoder for .F
mail | Jan 5 12:08:21 mail amavis[976]: Deleting db files in /var/lib/amavis/db
mail | Jan 5 12:08:21 mail amavis[976]: Creating db in /var/lib/amavis/db/; BerkeleyDB 0.55, libdb 5.3
Wildcard certificate support
By using a DNS-01 challenge, Traefik can provide a wildcard certificate. Unfortunately, I cannot get it to work. I tried using *.<domain>', tried mail.<domain> but none of these seem to work for me.
The container recognizes the acme.json, but logs say
Terminated
[INFO] Periodically push initiated...
[INFO] certificate for mail.<domain> not yet generated, skipping push...Is there a way of getting this to work?
[HELP] No Cert generated
I'm sorry to bother you with my problem, but I could need some help figuring out what's wrong.
Running Traefik v2 as reverse proxy, tomav/docker-mailserver as mailserver and your container to manage the LE-certificates.
However, no new cert is generated for my mail.domain.com.
Please see below configuration:
Traefik docker-compose.yml
______________________________
version: "3"
networks:
external:
external : true
services:
traefik:
container_name: traefik
restart: always
image: traefik:latest
ports:
# Web
- 80:80
- 443:443
- 8080:8080
environment:
- CLOUDFLARE_EMAIL=${CF_API_EMAIL}
- CLOUDFLARE_API_KEY=${CF_API_KEY}
- CF_DNS_API_TOKEN=${CF_DNS_API_TOKEN}
- CF_ZONE_API_TOKEN=${CF_ZONE_API_TOKEN}
volumes:
- ./traefik/letsencrypt/:/letsencrypt:rw
- /run/docker.sock:/var/run/docker.sock:ro
command:
# All entrypoints
- --entrypoints.http.address=:80
- --entrypoints.https.address=:443
# Docker provider
- --providers.docker.exposedByDefault=true
- --providers.docker.endpoint=unix:///run/docker.sock
- --providers.docker.network=external
# Use of API
- --api
# Better logging
- --log.level=DEBUG
# Creating LE certs
# - --certificatesResolvers.le.acme.caServer=https://acme-staging-v02.api.letsencrypt.org/directory
- --certificatesResolvers.le.acme.email=${LE_MAIL}
- --certificatesResolvers.le.acme.storage=letsencrypt/acme.json
- --certificatesResolvers.le.acme.dnschallenge=true
- --certificatesResolvers.le.acme.dnsChallenge.provider=cloudflare
- --certificatesResolvers.le.acme.dnsChallenge.delayBeforeCheck=0
# No SSL communication between traefik <-> apps
# - --serverstransport.insecureskipverify=true
labels:
# Middleware for http redirect
- "traefik.http.middlewares.redirect-to-https.redirectscheme.scheme=https"
- "traefik.http.routers.redirs.rule=hostregexp(`{host:.+}`)"
- "traefik.http.routers.redirs.entrypoints=http"
- "traefik.http.routers.redirs.middlewares=redirect-to-https"
# Traefik dashboard available
- "traefik.http.routers.traefik.rule=Host(`traefik.${DOMAIN_JS}`)"
- "traefik.http.routers.traefik.service=api@internal"
- "traefik.http.routers.traefik.tls.certresolver=le"
- "traefik.http.routers.traefik.entrypoints=https"
- "traefik.http.routers.traefik.middlewares=sts_headers"
# Set STS-header for security
- "traefik.http.middlewares.sts_headers.headers.stsSeconds=15552000"
- "traefik.http.middlewares.sts_headers.headers.stsIncludeSubdomains=True"
- "traefik.http.middlewares.sts_headers.headers.stsPreload=true"
# CalDAV / CardDAV discovery
- "traefik.http.middlewares.dav_discovery.replacepathregex.regex=^/.well-known/(card|cal)dav"
- "traefik.http.middlewares.dav_discovery.replacepathregex.replacement=/remote.php/dav/"
# Webfinger discovery
- "traefik.http.middlewares.webfinger.replacepathregex.regex=^/.well-known/webfinger"
- "traefik.http.middlewares.webfinger.replacepathregex.replacement=/public.php?service=webfinger"
networks:
- external
my-app:
image: containous/whoami:v1.3.0
labels:
- traefik.http.routers.my-app.rule=Host(`whoami.${DOMAIN_JS}`)
- traefik.http.routers.my-app.tls=true
- traefik.http.routers.my-app.tls.certresolver=le
- traefik.http.routers.my-app.entrypoints=https
networks:
- external
Mailserver docker-compose.yml
__________________________________
version: '3.0'
networks:
external:
external: true # connection to traefik and to the outer world
internal:
external: false # just for the 2 containers in this file
services:
cert-renewer-traefik:
image: youtous/mailserver-traefik:latest
container_name: cert-handler
volumes:
- /var/run/docker.sock:/var/run/docker.sock
- ../traefik/letsencrypt/acme.json:/tmp/traefik/acme.json:ro # link traefik acme.json file (read-only)
environment:
- TRAEFIK_VERSION=2
- CERTS_SOURCE=file
- DOMAINS=mail.domain.com
networks:
- internal
mail:
image: tvial/docker-mailserver:latest
hostname: ${HOSTNAME}
domainname: ${DOMAINNAME}
container_name: ${CONTAINER_NAME}
ports:
- "25:25"
- "143:143"
- "587:587"
- "993:993"
volumes:
- ../traefik/letsencrypt/acme.json:/etc/letsencrypt/acme.json:ro
- ../../data/mailserver/maildata:/var/mail
- ../../data/mailserver/mailstate:/var/mail-state
- ../../data/mailserver/maillogs:/var/log/mail
- ../../data/mailserver/config/:/tmp/docker-mailserver/
# ? if SELinux is enabled, uncomment the line below and comment the line above
# - ./config/:/tmp/docker-mailserver/${SELINUX_LABEL}
labels:
- "mailserver-traefik.renew.domain=mail.domain.com" # tag the service
# traefik configuration using labels, not required
- "traefik.enable=true" # use traefik v2 for certificate generation
- "traefik.port=443" # dummy port, required generating certs with traefik
- "traefik.http.routers.mail.rule=Host(`mail.domain.com`)"
- "traefik.http.routers.mail.entrypoints=https"
- "traefik.http.routers.mail.middlewares=redirect-webmail@docker" # redirect to webmail
- "traefik.http.middlewares.redirect-webmail.redirectregex.regex=.*"
- "traefik.http.middlewares.redirect-webmail.redirectregex.replacement=https://webmail.domain.com/"
env_file:
- mailserver.env
cap_add:
- NET_ADMIN
- SYS_PTRACE
restart: always
networks:
- internal
- external
Looking at the logs I get
docker logs cert-handler
[INFO] Running on a regular host.
[INFO] 1 domain(s) to watch: mail.domain.com
[INFO] Configured to automatically push existing certificates in containers every 15m (PUSH_PERIOD=15m).
[INFO] file selected as certificates source
[INFO] Traefik v2 selected as target
[INFO] certificate for mail.domain.com not yet generated, skipping push...
The Traefik log does not show any cert generation, but also no errors. Therefore the handler can not push anything to the mailserver. But why is no cert generated??
Pulling image from gitlab registry denied
I followed the README.md example and got a forbidden error
ERROR: Head "https://registry.gitlab.com/v2/youtous/mailserver-traefik/manifests/latest": denied: access forbidden
Using the Docker Hub image worked however (youtous/mailserver-traefik:latest)
Just to notify you ๐
Volume mount error
This is amazing and it works well with my use-cases.
Just a point : the volume mount was incorrect for me (in the readme), I need to update this line :
- ./acme.json:/tmp/traefik/:ro
to
- ./acme.json:/tmp/traefik/acme.json:ro
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. ๐๐๐
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google โค๏ธ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.