From: Damian Myrda Date: Fri, 29 Nov 2024 22:38:39 +0000 (-0600) Subject: fix tls X-Git-Url: http://git.prime8.dev/?a=commitdiff_plain;h=2e847bc0c8ced61ef99097dbfeea2bcdbaae0bdb;p=p8d.git fix tls --- diff --git a/compose.yml b/compose.yml index 989f044..c5fd0ee 100644 --- a/compose.yml +++ b/compose.yml @@ -1,92 +1,57 @@ +--- services: updates: container_name: updates image: containrrr/watchtower:latest - volumes: - - /var/run/docker.sock:/var/run/docker.sock - command: - - "--interval" - - "120" - - "--rolling-restart" - - "--cleanup" + volumes: [/var/run/docker.sock:/var/run/docker.sock] + command: [--interval, '120', --rolling-restart, --cleanup] restart: always - web: container_name: web image: moncheeta/website:latest - ports: - - "80:80" - - "443:443" + ports: [80:80, 443:443] volumes: - ./caddy:/etc/caddy/Caddyfile:ro - ./web/data/:/data/caddy/ - ./web/config/:/config/caddy/ restart: always - mail: container_name: mail image: ghcr.io/docker-mailserver/docker-mailserver:latest hostname: mail.prime8.dev env_file: ./mail/env - ports: - - "25:25" - - "143:143" - - "465:465" - - "587:587" - - "993:993" + ports: [25:25, 143:143, 465:465, 587:587, 993:993] volumes: - ./mail/data/:/var/mail/ - ./mail/state/:/var/mail-state/ - ./mail/logs/:/var/log/mail/ - ./mail/config/:/tmp/docker-mailserver/ - - ./web/data/certificates/acme-v02.api.letsencrypt.org-directory/mail.prime8.dev/:/etc/certificates/:ro - depends_on: - - web - cap_add: - - NET_ADMIN - restart: always - - fail2ban: - image: crazymax/fail2ban:latest - container_name: fail2ban - volumes: - - ./jail:/etc/fail2ban/jail.local:ro - - /var/log/mail/mail.log:/var/log/mail/mail.log:ro - - /var/log/auth.log:/var/log/auth.log:ro + - ./web/data/certificates/acme-v02.api.letsencrypt.org-directory/mail.prime8.dev/mail.prime8.dev.crt:/etc/certificates/cert.pem + - ./web/data/certificates/acme-v02.api.letsencrypt.org-directory/mail.prime8.dev/mail.prime8.dev.key:/etc/certificates/key.pem + depends_on: [web] restart: always - gitolite: container_name: gitolite image: jgiannuzzi/gitolite:latest env_file: ./git/env - volumes: - - ./git/.ssh/keys/:/etc/ssh/keys/ - - ./git/:/var/lib/git/ - ports: - - "22:22" + volumes: [./git/.ssh/keys/:/etc/ssh/keys/, ./git/:/var/lib/git/] + ports: [22:22] restart: always - gitweb: container_name: gitweb image: moncheeta/gitweb:latest - depends_on: - - gitolite + depends_on: [gitolite] volumes: - ./git/gitweb.conf:/etc/gitweb.conf:ro - ./git/theme/:/usr/share/gitweb/theme/:ro - ./git/:/srv/git/:ro - expose: - - "80" + expose: ['80'] restart: always - csc: container_name: csc image: moncheeta/csc:latest - environment: - - DOMAIN=csc.prime8.dev + environment: [DOMAIN=csc.prime8.dev] env_file: ./csc/env - volumes: - - ./csc/auth.json:/app/google_auth.json:ro - expose: - - "80" + volumes: [./csc/auth.json:/app/google_auth.json:ro] + expose: ['80'] restart: always diff --git a/jail b/jail deleted file mode 100644 index 1961f85..0000000 --- a/jail +++ /dev/null @@ -1,18 +0,0 @@ -[DEFAULT] -bantime = 10m -findtime = 10m -maxretry = 5 - -[postfix] -enabled = true -port = smtp,ssmtp -filter = postfix -logpath = /var/log/mail/mail.log -maxretry = 3 - -[dovecot] -enabled = true -port = imap -filter = dovecot -logpath = /var/log/mail/mail.log -maxretry = 3 diff --git a/mail/env b/mail/env index d8be55f..107be1d 100644 --- a/mail/env +++ b/mail/env @@ -20,8 +20,8 @@ SSL_TYPE=manual # These are only supported with `SSL_TYPE=manual`. # Provide the path to your cert and key files that you've mounted access to within the container. -SSL_CERT_PATH=/etc/certificates/mail.prime8.dev.crt -SSL_KEY_PATH=/etc/certificates/mail.prime8.dev.key +SSL_CERT_PATH=/etc/certificates/cert.pem +SSL_KEY_PATH=/etc/certificates/key.pem # Optional: A 2nd certificate can be supported as fallback (dual cert support), eg ECDSA with an RSA fallback. # Useful for additional compatibility with older MTA and MUA (eg pre-2015). SSL_ALT_CERT_PATH=