karim
1d3818e725
- dms-lxc.sh: Proxmox-Host-Installer (unprivilegierter LXC, Debian 13, Docker), curl-Self-Download, Multi-Domain-DKIM, SnappyMail-Provisionierung, PVE-Firewall - Stack: docker-mailserver, Node-Admin-API (Supabase-Auth), React-Admin-UI (OPENBUREAU-Look), SnappyMail (Shibui-Theme), Rspamd-Web-UI, docker-socket-proxy - Admin: Postfächer/Aliase/Catch-all/Quota, editierbare Domains+Settings, Server (Quota/Queue über abgesicherte Bridge), Status & DNS - Hardening: no-new-privileges, Whitelisted exec-Bridge, Rspamd-Passwort, .env chmod 600, PVE-CT-Firewall, generisch/teilbar (keine festen Domains) Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
90 lines
2.9 KiB
YAML
90 lines
2.9 KiB
YAML
# ============================================================================
|
|
# LOKALES TEST-COMPOSE (OrbStack/Colima/Docker Desktop auf dem Mac)
|
|
# NICHT für Produktion — getrennt vom Deploy-Artefakt unter stack/.
|
|
#
|
|
# docker compose -f docker-compose.local.yml up -d --build # Admin-Stack
|
|
# docker compose -f docker-compose.local.yml --profile mail up -d # + Mailserver
|
|
# docker compose -f docker-compose.local.yml down -v
|
|
#
|
|
# Besonderheiten:
|
|
# - admin-api mit AUTH_DISABLED=true (kein Supabase nötig)
|
|
# - Mail-Ports auf hohe Ports gemappt (kein Konflikt/keine Root-Rechte)
|
|
# ============================================================================
|
|
name: dms-local
|
|
|
|
services:
|
|
# docker-socket-proxy: gibt der API NUR exec frei (kein create/delete/volumes ...)
|
|
socket-proxy:
|
|
image: tecnativa/docker-socket-proxy:latest
|
|
restart: always
|
|
environment:
|
|
- CONTAINERS=1
|
|
- EXEC=1
|
|
- POST=1
|
|
volumes:
|
|
- /var/run/docker.sock:/var/run/docker.sock:ro
|
|
|
|
admin-api:
|
|
build: ./stack/api
|
|
environment:
|
|
- AUTH_DISABLED=true
|
|
- CONFIG_DIR=/config
|
|
- MAIL_DOMAIN=example.com
|
|
- MAIL_DOMAINS=example.com gabrielevarano.ch karimgabrielevarano.xyz openbureau.ch
|
|
- MAIL_FQDN=mail.example.com
|
|
- BRAND=Example
|
|
- WEBMAIL_FQDN=mail.example.com
|
|
- ADMIN_FQDN=admin.example.com
|
|
- DOCKER_PROXY=socket-proxy:2375
|
|
- MAILSERVER_CONTAINER=dms-local-mailserver-1
|
|
depends_on:
|
|
- socket-proxy
|
|
volumes:
|
|
- ./stack/docker-data/dms/config/:/config/
|
|
ports:
|
|
- "3000:3000"
|
|
|
|
admin-ui:
|
|
build: ./stack/admin
|
|
environment:
|
|
- AUTH_DISABLED=true # nur lokal: UI ohne Supabase-Login ansehen
|
|
- SUPABASE_URL=
|
|
- SUPABASE_ANON_KEY=
|
|
depends_on:
|
|
- admin-api
|
|
ports:
|
|
- "8090:80"
|
|
|
|
snappymail:
|
|
image: djmaze/snappymail:latest
|
|
ports:
|
|
- "8888:8888"
|
|
volumes:
|
|
- ./stack/docker-data/snappymail/:/var/lib/snappymail/ # echter Datenpfad der djmaze-Image
|
|
- ./stack/snappymail-theme/:/snappymail/themes/:ro # KGVA "Shibui"-Theme
|
|
|
|
# Nur mit --profile mail starten (großer Image-Pull, bindet Mail-Ports)
|
|
mailserver:
|
|
image: ghcr.io/docker-mailserver/docker-mailserver:latest
|
|
hostname: mail.example.com
|
|
env_file: ./stack/mailserver.env
|
|
environment:
|
|
- OVERRIDE_HOSTNAME=mail.example.com
|
|
- POSTMASTER_ADDRESS=postmaster@example.com
|
|
profiles: ["mail"]
|
|
ports:
|
|
- "2525:25"
|
|
- "1143:143"
|
|
- "4465:465"
|
|
- "5587:587"
|
|
- "9993:993"
|
|
- "11334:11334" # Rspamd Web-UI (lokaler Test)
|
|
volumes:
|
|
- ./stack/docker-data/dms/mail-data/:/var/mail/
|
|
- ./stack/docker-data/dms/mail-state/:/var/mail-state/
|
|
- ./stack/docker-data/dms/mail-logs/:/var/log/mail/
|
|
- ./stack/docker-data/dms/config/:/tmp/docker-mailserver/
|
|
- ./stack/docker-data/certs/:/etc/letsencrypt/:ro
|
|
cap_add:
|
|
- NET_ADMIN
|