Dokploy
Add a mail server template.
What problem will this feature address?
I face TLS certificate issues with the docker mail server application
Describe the solution you'd like
I'm requesting to dokploy developer to create a webmail template using well-known mail application for docker Like docker mail server, mailu
Describe alternatives you've considered
None
Additional context
No response
I have been working with the docker-mailserver configuration and wanted to contribute by reviewing a potential setup that I believe works as intended. Below is the Docker Compose snippet I’m using:
services:
mailserver:
image: ghcr.io/docker-mailserver/docker-mailserver:latest
hostname: ${DMS_HOSTNAME}
ports:
- "25:25" # SMTP (STARTTLS)
- "465:465" # SMTP (Implicit TLS)
- "587:587" # SMTP (STARTTLS)
- "143:143" # IMAP (STARTTLS)
- "993:993" # IMAP (Implicit TLS)
volumes:
- dms-mail-data:/var/mail/
- dms-mail-state:/var/mail-state/
- dms-mail-logs:/var/log/mail/
- dms-mail-config:/tmp/docker-mailserver/
- /etc/dokploy/traefik/dynamic/acme.json:/etc/letsencrypt/acme.json:ro
- /etc/localtime:/etc/localtime:ro
environment:
- ENABLE_FAIL2BAN=${DMS_ENABLE_FAIL2BAN}
- PERMIT_DOCKER=${DMS_PERMIT_DOCKER}
- SPOOF_PROTECTION=${DMS_SPOOF_PROTECTION}
- SSL_TYPE=${DMS_SSL_TYPE}
- SSL_DOMAIN=${DMS_SSL_DOMAIN}
- POSTMASTER_ADDRESS=${DMS_POSTMASTER_ADDRESS}
cap_add:
- NET_ADMIN
restart: always
stop_grace_period: 1m
healthcheck:
test: ${DMS_HEALTHCHECK_CMD}
timeout: ${DMS_HEALTHCHECK_TIMEOUT}
retries: ${DMS_HEALTHCHECK_RETRIES}
command: >
sh -c '
if [ ! -s /tmp/docker-mailserver/postfix-accounts.cf ]; then
echo "File does not exist or is empty. Running setup command...";
setup email add "${DMS_DEFAULT_USER}" "${DMS_DEFAULT_USER_PASS}";
else
echo "File exists and is not empty. Skipping setup command.";
fi
exec supervisord -c /etc/supervisor/supervisord.conf
'
networks:
- dokploy-network
networks:
dokploy-network:
external: true
volumes:
dms-mail-data:
dms-mail-state:
dms-mail-logs:
dms-mail-config:
Environment:
DMS_HOSTNAME=mail.example.com
DMS_HEALTHCHECK_CMD="ss --listening --tcp | grep -P 'LISTEN.+:smtp' || exit 1"
DMS_HEALTHCHECK_TIMEOUT=3s
DMS_HEALTHCHECK_RETRIES=0
[email protected]
[email protected]
DMS_DEFAULT_USER_PASS=password
DMS_ENABLE_FAIL2BAN=1
DMS_PERMIT_DOCKER=network
DMS_SPOOF_PROTECTION=0
DMS_SSL_TYPE=letsencrypt
DMS_SSL_DOMAIN=example.com
@Siumauricio Looking forward to any suggestions or corrections you may have. I hope this configuration can either be helpful or be improved further to meet the needs of others.
@Eliminationzx the functionality of the deployable should be available out of the box, preferably without additional manipulations
Dear @Eliminationzx @SashaGoncharov19
I am facing an issue with running the docker-mailserver. The deployment was smooth but the main problem occurred during setup emails.
Steps I followed
- Create a Service with docker-compose type
- Copy and paste the code in raw
- Configured the environments
- Add a domain: mail.example.com with port 80 and Letsencrypt enabled (tried without adding domain also)
- Deploy the code
- Open the terminal to set the email and run the command: setup email add [email protected] Pass123
- Got the error below
2024-09-10 02:49:18+00:00 INFO start-mailserver.sh: Welcome to docker-mailserver v14.0.0
2024-09-10 02:49:18+00:00 INFO start-mailserver.sh: Checking configuration
2024-09-10 02:49:18+00:00 INFO start-mailserver.sh: Configuring mail server
2024-09-10 02:49:18+00:00 WARN start-mailserver.sh: You need at least one mail account to start Dovecot (120s left for account creation before shutdown)
2024-09-10 02:49:28+00:00 WARN start-mailserver.sh: You need at least one mail account to start Dovecot (110s left for account creation before shutdown)
2024-09-10 02:49:39+00:00 WARN start-mailserver.sh: _extract_certs_from_acme | Unable to find key and/or cert for 'mail.example.com' in '/etc/letsencrypt/acme.json'
2024-09-10 02:49:39+00:00 WARN start-mailserver.sh: _extract_certs_from_acme | Unable to find key and/or cert for 'mail.example.com' in '/etc/letsencrypt/acme.json'
2024-09-10 02:49:39+00:00 WARN start-mailserver.sh: _extract_certs_from_acme | Unable to find key and/or cert for 'example.com' in '/etc/letsencrypt/acme.json'
2024-09-10 02:49:39+00:00 WARN start-mailserver.sh: letsencrypt (acme.json) failed to identify a certificate to extract
2024-09-10 02:49:39+00:00 ERROR start-mailserver.sh: Cannot find a valid DOMAIN for '/etc/letsencrypt/live/<DOMAIN>/', tried: 'mail.example.com', 'mail.example.com', 'example.com'
2024-09-10 02:49:39+00:00 ERROR start-mailserver.sh: _find_letsencrypt_domain | LETSENCRYPT_DOMAIN appears to be misconfigured, please verify.
2024-09-10 02:49:39+00:00 ERROR start-mailserver.sh: Shutting down
2024-09-10 02:49:40,341 WARN exited: mailserver (exit status 1; not expected)
2024-09-10 02:49:40,341 WARN received SIGTERM indicating exit request
After that got another error also
For more reading:
@Eliminationzx the functionality of the deployable should be available out of the box, preferably without additional manipulations
@SashaGoncharov19 @DeveloperRaju23 Post updated.
@Eliminationzx The setup appears to be in order. However, some documentation is required to explain the correct procedure for starting up the mail server.
Dear @Eliminationzx @SashaGoncharov19
I am facing an issue with running the docker-mailserver. The deployment was smooth but the main problem occurred during setup emails.
Steps I followed
- Create a Service with docker-compose type
- Copy and paste the code in raw
- Configured the environments
- Add a domain: mail.example.com with port 80 and Letsencrypt enabled (tried without adding domain also)
- Deploy the code
- Open the terminal to set the email and run the command: setup email add [email protected] Pass123
- Got the error below
2024-09-10 02:49:18+00:00 INFO start-mailserver.sh: Welcome to docker-mailserver v14.0.0
2024-09-10 02:49:18+00:00 INFO start-mailserver.sh: Checking configuration
2024-09-10 02:49:18+00:00 INFO start-mailserver.sh: Configuring mail server
2024-09-10 02:49:18+00:00 WARN start-mailserver.sh: You need at least one mail account to start Dovecot (120s left for account creation before shutdown)
2024-09-10 02:49:28+00:00 WARN start-mailserver.sh: You need at least one mail account to start Dovecot (110s left for account creation before shutdown)
2024-09-10 02:49:39+00:00 WARN start-mailserver.sh: _extract_certs_from_acme | Unable to find key and/or cert for 'mail.example.com' in '/etc/letsencrypt/acme.json'
2024-09-10 02:49:39+00:00 WARN start-mailserver.sh: _extract_certs_from_acme | Unable to find key and/or cert for 'mail.example.com' in '/etc/letsencrypt/acme.json'
2024-09-10 02:49:39+00:00 WARN start-mailserver.sh: _extract_certs_from_acme | Unable to find key and/or cert for 'example.com' in '/etc/letsencrypt/acme.json'
2024-09-10 02:49:39+00:00 WARN start-mailserver.sh: letsencrypt (acme.json) failed to identify a certificate to extract
2024-09-10 02:49:39+00:00 ERROR start-mailserver.sh: Cannot find a valid DOMAIN for '/etc/letsencrypt/live//', tried: 'mail.example.com', 'mail.example.com', 'example.com'
2024-09-10 02:49:39+00:00 ERROR start-mailserver.sh: _find_letsencrypt_domain | LETSENCRYPT_DOMAIN appears to be misconfigured, please verify.
2024-09-10 02:49:39+00:00 ERROR start-mailserver.sh: Shutting down
2024-09-10 02:49:40,341 WARN exited: mailserver (exit status 1; not expected)
2024-09-10 02:49:40,341 WARN received SIGTERM indicating exit request
After that got another error also
For more reading:
The trick here is you need to make sure the domain you selected has the certificate. Since the server will not expose port 80, you will need to create another service (i.e: phpmyadmin) which exposes port 80 for let's encrypt to make a successful acme challenge, then re-assign the domain back to your mail server, and you're good to go.
So docker-mailserver isn't available in the Dokploy templates, right?
Not yet
I don't know what's the point of this ticket, at first I believed you, until I tried installing a mail server using dockploy myself on my own server and then saw that everything you ever wrote on this ticket of is all wrong. all of you.
- You don't need a template to install a mailserver
- You don't need traefik integration to install a service on dokploy
- traefik and caddy and all those gen z reverse proxies are useless, but that's a different topic
- You don't need lets encrypt
- You can't use lets Encrypt, becuase your mail servr won't be able to read the cert anyway, if it's managed by dokploy
- Just use cloudflaire as your SSL ACME provider instead of letsencrypt and get over it, it's all the same, With cloudflaire you don't care about SSL renewals
- Let dokploy serve the mail server docker container on port 80, without SSL, then login to whatever Mail server you want to use and configure it to use cloudflaire SSL
- Poste.io is not working fine, it's not working at all
- Whenever you want to install any service that has its own webserver or that manages its own SSL, skip letsencrypt, go for cloudflaire SSL, same technique.
- If you want a mail server, here's how to install stalwart, paste this as raw docker compose, stalwart is the best in the market anyway. Anything else is miles apart; it's not worth installing any other mail server anyway.
services:
stalwart-mail:
image: stalwartlabs/stalwart:latest
restart: unless-stopped
environment:
TZ: Asia/Dubai # use your timezone
volumes:
- ../files/stalwart-mail:/opt/stalwart
ports:
- "25:25" # SMTP
- "587:587" # Submission
- "465:465" # SMTPS
- "143:143" # IMAP
- "993:993" # IMAPS
- "4190:4190" # Sieve
- "110:110" # POP3
- "995:995" # POP3S
Then setup SSL as I mentioned using cloudflare, you create a new token, and you change the Acme provider in SSL section of stalwart, chatgpt will help with the rest, ask it. My server has 10/10 score.
In conclusion, if you want to install a service X, and that service has its own built in webserver, don't waste your time configuring traeffic, just let dokploy serve on porte 80 and point the webserver of the service X to use cloudflaire.
- Lets encrypt isn't the only way to have SSL and isn't the best way either.
- Cloudflare SSL is better than Letsencrypt anyway because it doesn't require renewal, it doesn't require any fidlling around with your webserver, you just generate an api key from cloudflaire and add some DNS entries.
Caddy and Traeffic and whatnot, they're all shitty, here's why:
- we have nginx, it's production ready, everyone knows it, everyone uses it
- is caddy traeffix production ready? no. Not as ready as nginx
- So now dokploy wants to integrate its traeffic, and sends traffic to your containers that use nginx, so 2 reverse proxies already, this is shit already
- Imagine if you want to protect your site via Cloudflaire proxy, now the request will have to go through 3 proxies, and this in most cases won't work. Good luck surviving any DDOS.
- In an ideal world, dokploy or any other deployment system shouldn't manage the SSL, your container has its own server, let it handle everything, on a container per container basis, but kids these days want one solution fits all, one click SSL and here we are.
So docker-mailserver isn't available in the Dokploy templates, right?
On templates not available. Process with https://github.com/Dokploy/dokploy/issues/408#issuecomment-2337174099