self-hosted-simplelogin/postfix-compose.yaml at main · springcomp/self-hosted-simplelogin · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86

services:

  ## POSTFIX
  ## =================

  dns:
    image: crazymax/unbound:latest
    container_name: dns
    user: "0:0"
    cap_add:
      - NET_BIND_SERVICE
    networks:
      internal:
        ipv4_address: 10.0.0.53
    volumes:
      - ./unbound/conf.d/:/config/:ro
    restart: unless-stopped
    entrypoint:
      - /bin/sh
      - -ec
      - |
        unbound-anchor -a /var/run/unbound/root.key || true
        exec su -s /bin/sh unbound -c "sh /entrypoint.sh"

  postfix:
    image: private/postfix:latest
    build:
      context: ./postfix/
      dockerfile: Dockerfile
    container_name: postfix
    dns:
      - '10.0.0.53'
    networks:
      - internal
    env_file: .env
    ports:
      - '25:25'
    volumes:
      - certs:/certs:ro
    restart: unless-stopped
    healthcheck:
      test: ["CMD-SHELL", "nc -w 3 127.0.0.1 25 </dev/null | grep -q '^220'"]
      interval: 30s
      timeout: 10s
      retries: 3
      start_period: 30s
    depends_on:
      dns:
        condition: service_healthy
      postgres:
        condition: service_healthy
      traefik-certificate-exporter:
        condition: service_healthy
    labels:
      - com.github.ravensorb.traefik-certificate-exporter.domain-restart=${SUBDOMAIN:-app}.${DOMAIN},${DOMAIN}

  traefik-certificate-exporter:
    image: ravensorb/traefik-certificate-exporter:latest
    container_name: cert-exporter
    environment:
      - TRAEFIK_CERTIFICATE_EXPORTER_SETTINGS_FLAT=true
      - TRAEFIK_CERTIFICATE_EXPORTER_SETTINGS_RESTARTCONTAINER=true
      - TRAEFIK_CERTIFICATE_EXPORTER_SETTINGS_RUNATSTART=true
      - TRAEFIK_CERTIFICATE_EXPORTER_SETTINGS_RESOLVERINPATHNAME=false
      - TRAEFIK_CERTIFICATE_EXPORTER_SETTINGS_DOMAINS_INCLUDE=${DOMAIN},${SUBDOMAIN:-app}.${DOMAIN},*.${DOMAIN}
      - TRAEFIK_CERTIFICATE_EXPORTER_SETTINGS_DOMAINS_EXCLUDE=exclude # see: https://github.com/ravensorb/traefik-certificate-exporter/issues/5
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock:ro
      - traefik-acme:/data:ro
      - certs:/certs:rw
    healthcheck:
      test: ["CMD-SHELL", "[ -f \"/certs/${SUBDOMAIN:-app}.${DOMAIN}.fullchain.pem\" ] || [ -f \"/certs/${DOMAIN}.fullchain.pem\" ]"]
      interval: 20s
      timeout: 5s
      retries: 3
      start_period: 5m
    depends_on:
      - app

volumes:
  certs:
  ## Uncomment the next lines, if traefik is running outside this project
  # traefik-acme:  # <-- do not change this identifier
  #   name: traefik-acme    # change (only) this to the name of traefik acme storage volume
  #   external: true