About
AnonAddy Docker image based on Alpine Linux.
If you are interested, check out my other Docker images!
- Features
- Build locally
- Image
- Environment variables
- Volumes
- Ports
- Usage
- Upgrade
- Notes
- Contributing
- License
Features
- Run as non-root user
- Multi-platform image
- s6-overlay as process supervisor
- Traefik as reverse proxy and creation/renewal of Let's Encrypt certificates (see this template)
Build locally
git clone https://github.com/anonaddy/docker.git docker-anonaddy
cd docker-anonaddy
# Build image and output to docker (default)
docker buildx bake
# Build multi-platform image
docker buildx bake image-all
Image
Following platforms for this image are available:
$ docker run --rm mplatform/mquery anonaddy/anonaddy:latest
Image: anonaddy/anonaddy:latest
* Manifest List: Yes
* Supported platforms:
- linux/amd64
- linux/arm/v6
- linux/arm/v7
- linux/arm64
Environment variables
General
TZ
: The timezone assigned to the container (defaultUTC
)PUID
: AnonAddy user id (default1000
)PGID
: AnonAddy group id (default1000
)MEMORY_LIMIT
: PHP memory limit (default256M
)UPLOAD_MAX_SIZE
: Upload max size (default16M
)CLEAR_ENV
: Clear environment in FPM workers (defaultyes
)OPCACHE_MEM_SIZE
: PHP OpCache memory consumption (default128
)LISTEN_IPV6
: Enable IPv6 for Nginx (defaulttrue
)REAL_IP_FROM
: Trusted addresses that are known to send correct replacement addresses (default0.0.0.0/32
)REAL_IP_HEADER
: Request header field whose value will be used to replace the client address (defaultX-Forwarded-For
)LOG_IP_VAR
: Use another variable to retrieve the remote IP address for access log_format on Nginx. (defaultremote_addr
)LOG_CROND
: Enable crond logging. (defaulttrue
)
App
APP_NAME
: Name of the application (defaultAnonAddy
)APP_KEY
: Application key for encrypter service. You can generate one throughanonaddy key:generate --show
orecho "base64:$(openssl rand -base64 32)"
. requiredAPP_DEBUG
: Enables or disables debug mode, used to troubleshoot issues (defaultfalse
)APP_URL
: The URL of your AnonAddy installation
Note
APP_KEY_FILE
can be used to fill in the value from a file, especially for Docker's secrets feature.
AnonAddy
ANONADDY_RETURN_PATH
: Return-path header for outbound emailsANONADDY_ADMIN_USERNAME
: If set this value will be used and allow you to receive forwarded emails at the root domainANONADDY_ENABLE_REGISTRATION
: If set to false this will prevent new users from registering on the site (defaulttrue
)ANONADDY_DOMAIN
: Root domain to receive email from requiredANONADDY_HOSTNAME
: FQDN hostname for your server used to validate records on custom domains that are added by usersANONADDY_DNS_RESOLVER
: Custom domains that are added by users to validate records (default127.0.0.1
)ANONADDY_ALL_DOMAINS
: Other domains to useANONADDY_SECRET
: Long random string used when hashing data for the anonymous replies requiredANONADDY_LIMIT
: Number of emails a user can forward and reply per hour (default200
)ANONADDY_BANDWIDTH_LIMIT
: Monthly bandwidth limit for users in bytes domains to use (default104857600
)ANONADDY_NEW_ALIAS_LIMIT
: Number of new aliases a user can create each hour (default10
)ANONADDY_ADDITIONAL_USERNAME_LIMIT
: Number of additional usernames a user can add to their account (default10
)ANONADDY_SIGNING_KEY_FINGERPRINT
: GPG key used to sign forwarded emails. Should be the same as your mail from email addressANONADDY_DKIM_SIGNING_KEY
: Path to the private DKIM signing key to be used to sign emails for custom domains.ANONADDY_DKIM_SELECTOR
: Selector for the current DKIM signing key (defaultdefault
)
Note
ANONADDY_SECRET_FILE
andANONADDY_SIGNING_KEY_FINGERPRINT_FILE
can be used to fill in the value from a file, especially for Docker's secrets feature.
Database
DB_HOST
: MySQL database hostname / IP address requiredDB_PORT
: MySQL database port (default3306
)DB_DATABASE
: MySQL database name (defaultanonaddy
)DB_USERNAME
: MySQL user (defaultanonaddy
)DB_PASSWORD
: MySQL passwordDB_TIMEOUT
: Time in seconds after which we stop trying to reach the MySQL server (useful for clusters, default60
)
Note
DB_USERNAME_FILE
andDB_PASSWORD_FILE
can be used to fill in the value from a file, especially for Docker's secrets feature.
Redis
REDIS_HOST
: Redis hostname / IP addressREDIS_PORT
: Redis port (default6379
)REDIS_PASSWORD
: Redis password
MAIL_FROM_NAME
: From name (defaultAnonAddy
)MAIL_FROM_ADDRESS
: From email address (defaultanonaddy@${ANONADDY_DOMAIN}
)MAIL_ENCRYPTION
: Encryption protocol to send e-mail messages (defaultnull
)
Postfix
POSTFIX_DEBUG
: Enable debug (defaultfalse
)POSTFIX_SMTPD_TLS
: Enabling TLS in the Postfix SMTP server (defaultfalse
)POSTFIX_SMTPD_TLS_CERT_FILE
: File with the Postfix SMTP server RSA certificate in PEM formatPOSTFIX_SMTPD_TLS_KEY_FILE
: File with the Postfix SMTP server RSA private key in PEM formatPOSTFIX_SMTP_TLS
: Enabling TLS in the Postfix SMTP client (defaultfalse
)POSTFIX_RELAYHOST
: Default host to send mail toPOSTFIX_RELAYHOST_AUTH_ENABLE
: Enable client-side authentication for relayhost (defaultfalse
)POSTFIX_RELAYHOST_USERNAME
: Postfix SMTP Client username for relayhost authenticationPOSTFIX_RELAYHOST_PASSWORD
: Postfix SMTP Client password for relayhost authentication
Note
POSTFIX_RELAYHOST_USERNAME_FILE
andPOSTFIX_RELAYHOST_PASSWORD_FILE
can be used to fill in the value from a file, especially for Docker's secrets feature.
RSPAMD
RSPAMD_ENABLE
: Enable Rspamd service. (defaultfalse
)RSPAMD_WEB_PASSWORD
: Rspamd web password (defaultnull
)
Note
RSPAMD_WEB_PASSWORD_FILE
can be used to fill in the value from a file, especially for Docker's secrets feature.
Warning
DKIM private key must be located in
/data/dkim/${ANONADDY_DOMAIN}.private
. You can generate a DKIM private/public keypair by following this note.
Warning
Rspamd service is disabled if DKIM private key is not found
Volumes
/data
: Contains storage
Warning
Note that the volume should be owned by the user/group with the specified
PUID
andPGID
. If you don't give the volume correct permissions, the container may not start.
Ports
8000
: HTTP port (anonaddy web)11334
: HTTP port (rspamd web dashboard)25
: SMTP port (postfix)
Usage
Docker Compose
Docker compose is the recommended way to run this image. You can use the following docker compose template, then run the container:
docker-compose up -d
docker-compose logs -f
Upgrade
You can upgrade AnonAddy automatically through the UI, it works well. But I recommend to recreate the container whenever I push an update:
docker-compose pull
docker-compose up -d
Notes
anonaddy
command
If you want to use the artisan command to perform common server operations like manage users, passwords and more, type:
docker-compose exec anonaddy anonaddy <command>
For example to list all available commands:
docker-compose exec anonaddy anonaddy list
Create user
docker-compose exec anonaddy anonaddy anonaddy:create-user "username" "webmaster@example.com"
Generate DKIM private/public keypair
docker-compose run --entrypoint '' anonaddy gen-dkim
generating private and storing in data/dkim/example.com.private
generating DNS TXT record with public key and storing it in data/dkim/example.com.txt
default._domainkey IN TXT ( "v=DKIM1; k=rsa; "
"p=***"
"***"
) ;
The keypair will be available in /data/dkim
.
Generate GPG key
If you don't have an existing GPG key, you can generate a new GPG key with the following command:
docker-compose exec --user anonaddy anonaddy gpg --full-gen-key
Keys will be stored in /data/.gnupg
folder.
Define additional env vars
You can define additional environment variables that will be used by AnonAddy
by creating a file named .env
in /data
.
Contributing
Want to contribute? Awesome! The most basic way to show your support is to star the project, or to raise issues. You can also support this project by becoming a sponsor on GitHub or by making a Paypal donation to ensure this journey continues indefinitely!
Thanks again for your support, it is much appreciated!
License
MIT. See LICENSE
for more details.