Giters

coldfix / server

docker-compose configuration for my webserver at coldfix.de - very early stage!

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

Overview

This is the docker-compose configuration for my server at coldfix.de. You may adapt it to your purposes and use it for your own purposes. Note that this repository is put under the GPLv3.

Setup

git clone git@github.com:coldfix/server --recursive
cd server
docker-compose up

mailserver

The mailserver requires some initial setup:

  • setup email and aliases using ./bin/mail-setup.sh [...], see setup.sh

  • create dkim keys: ./bin/mail-setup.sh config dkim

  • put netcup credentials in ./var/letsencrypt/netcup_credentials.ini, see Credentials

  • create DNS records, see Best Practices:

    ./bin/mail-setup-dns.sh \
    create-mx-record \
    create-spf-record \
    create-dkim-record \
    create-dmarc-record \
    list-records

  • check DNS records using this DMARC Guide, an SPF Record Checker, and a DKIM Key Checker

Services

docker-compose up will start the following sites/services:

maintenance

mailserver

See: https://docker-mailserver.github.io/docker-mailserver/edge/

letsencrypt

letsencrypt cronjob is currently not run within docker container. You need to setup a cronjob like this manually:

# min   hour    dom     mon     dow     cmd
0       5,21    *       *       *       /home/server/bin/cert-renew.sh --wait 60 --quiet

ejabberd

Create backup:

docker exec server_ejabberd_1 /usr/local/sbin/ejabberdctl backup /opt/ejabberd/backup/ejabberd.backup
docker cp server_ejabberd_1:/opt/ejabberd/backup/ejabberd.backup /tmp/ejabberd.backup

Restore backup:

docker cp /tmp/ejabberd.backup server_ejabberd_1:/opt/ejabberd/backup/ejabberd.backup
docker exec server_ejabberd_1 /usr/local/sbin/ejabberdctl restore /opt/ejabberd/backup/ejabberd.backup

Create admin user:

docker exec server_ejabberd_1 \
    /usr/local/sbin/ejabberdctl register admin coldfix.de "password"

Replace SSL certificate:

uid=$(docker exec server_ejabberd_1 id -u ejabberd)
gid=$(docker exec server_ejabberd_1 id -g ejabberd)
crt=$(pwd)/var/ssl/ejabberd.pem
cat /etc/letsencrypt/live/coldfix.de/{fullchain,privkey}.pem $crt
chown $uid:$gid $crt
chmod 700 $crt
docker restart server_ejabberd_1

Big TODOs

  • drop privileges in all containers

About

docker-compose configuration for my webserver at coldfix.de - very early stage!

Languages

Language:Shell 48.8%Language:Python 46.8%Language:Dockerfile 3.3%Language:Slice 1.0%