7x31/mailcow-dockerized
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

[Compose] Added SELinux support / volume labeling (#3766)

Browse Source 
* [Compose] Added SELinux support / volume labeling

* fix typo
This commit is contained in:
Hannes Happle
2020-10-06 20:56:19 +02:00
committed by GitHub
parent 60dde06669
commit e8ccd24f57
1 changed files with 76 additions and 72 deletions
Download Patch File Download Diff File Expand all files Collapse all files

148
docker-compose.yml
View File

@@ -6,8 +6,8 @@ services:
environment:
- TZ=${TZ}
volumes:
- ./data/hooks/unbound:/hooks
- ./data/conf/unbound/unbound.conf:/etc/unbound/unbound.conf:ro
- ./data/hooks/unbound:/hooks:Z
- ./data/conf/unbound/unbound.conf:/etc/unbound/unbound.conf:ro,Z
restart: always
tty: true
networks:
@@ -22,9 +22,9 @@ services:
- unbound-mailcow
stop_grace_period: 45s
volumes:
- mysql-vol-1:/var/lib/mysql/
- mysql-socket-vol-1:/var/run/mysqld/
- ./data/conf/mysql/:/etc/mysql/conf.d/:ro
- mysql-vol-1:/var/lib/mysql/:Z
- mysql-socket-vol-1:/var/run/mysqld/:z
- ./data/conf/mysql/:/etc/mysql/conf.d/:ro,Z
environment:
- TZ=${TZ}
- MYSQL_ROOT_PASSWORD=${DBROOT}
@@ -43,7 +43,7 @@ services:
redis-mailcow:
image: redis:5-alpine
volumes:
- redis-vol-1:/data/
- redis-vol-1:/data/:Z
restart: always
ports:
- "${REDIS_PORT:-127.0.0.1:7654}:6379"
@@ -64,7 +64,7 @@ services:
- TZ=${TZ}
- SKIP_CLAMD=${SKIP_CLAMD:-n}
volumes:
- ./data/conf/clamav/:/etc/clamav/
- ./data/conf/clamav/:/etc/clamav/:Z
networks:
mailcow-network:
aliases:
@@ -82,15 +82,15 @@ services:
- REDIS_SLAVEOF_IP=${REDIS_SLAVEOF_IP:-}
- REDIS_SLAVEOF_PORT=${REDIS_SLAVEOF_PORT:-}
volumes:
- ./data/hooks/rspamd:/hooks
- ./data/conf/rspamd/custom/:/etc/rspamd/custom
- ./data/conf/rspamd/override.d/:/etc/rspamd/override.d
- ./data/conf/rspamd/local.d/:/etc/rspamd/local.d
- ./data/conf/rspamd/plugins.d/:/etc/rspamd/plugins.d
- ./data/conf/rspamd/lua/:/etc/rspamd/lua/:ro
- ./data/conf/rspamd/rspamd.conf.local:/etc/rspamd/rspamd.conf.local
- ./data/conf/rspamd/rspamd.conf.override:/etc/rspamd/rspamd.conf.override
- rspamd-vol-1:/var/lib/rspamd
- ./data/hooks/rspamd:/hooks:Z
- ./data/conf/rspamd/custom/:/etc/rspamd/custom:z
- ./data/conf/rspamd/override.d/:/etc/rspamd/override.d:Z
- ./data/conf/rspamd/local.d/:/etc/rspamd/local.d:Z
- ./data/conf/rspamd/plugins.d/:/etc/rspamd/plugins.d:Z
- ./data/conf/rspamd/lua/:/etc/rspamd/lua/:ro,Z
- ./data/conf/rspamd/rspamd.conf.local:/etc/rspamd/rspamd.conf.local:Z
- ./data/conf/rspamd/rspamd.conf.override:/etc/rspamd/rspamd.conf.override:Z
- rspamd-vol-1:/var/lib/rspamd:z
restart: always
dns:
- ${IPV4_NETWORK:-172.22.1}.254
@@ -106,22 +106,22 @@ services:
depends_on:
- redis-mailcow
volumes:
- ./data/hooks/phpfpm:/hooks
- ./data/web:/web:rw
- ./data/conf/rspamd/dynmaps:/dynmaps:ro
- ./data/conf/rspamd/custom/:/rspamd_custom_maps
- rspamd-vol-1:/var/lib/rspamd
- mysql-socket-vol-1:/var/run/mysqld/
- ./data/conf/sogo/:/etc/sogo/
- ./data/conf/rspamd/meta_exporter:/meta_exporter:ro
- ./data/conf/phpfpm/sogo-sso/:/etc/sogo-sso/
- ./data/conf/phpfpm/php-fpm.d/pools.conf:/usr/local/etc/php-fpm.d/z-pools.conf
- ./data/conf/phpfpm/php-conf.d/opcache-recommended.ini:/usr/local/etc/php/conf.d/opcache-recommended.ini
- ./data/conf/phpfpm/php-conf.d/upload.ini:/usr/local/etc/php/conf.d/upload.ini
- ./data/conf/phpfpm/php-conf.d/other.ini:/usr/local/etc/php/conf.d/zzz-other.ini
- ./data/conf/dovecot/global_sieve_before:/global_sieve/before
- ./data/conf/dovecot/global_sieve_after:/global_sieve/after
- ./data/assets/templates:/tpls
- ./data/hooks/phpfpm:/hooks:Z
- ./data/web:/web:rw,z
- ./data/conf/rspamd/dynmaps:/dynmaps:ro,z
- ./data/conf/rspamd/custom/:/rspamd_custom_maps:z
- rspamd-vol-1:/var/lib/rspamd:z
- mysql-socket-vol-1:/var/run/mysqld/:z
- ./data/conf/sogo/:/etc/sogo/:z
- ./data/conf/rspamd/meta_exporter:/meta_exporter:ro,z
- ./data/conf/phpfpm/sogo-sso/:/etc/sogo-sso/:z
- ./data/conf/phpfpm/php-fpm.d/pools.conf:/usr/local/etc/php-fpm.d/z-pools.conf:Z
- ./data/conf/phpfpm/php-conf.d/opcache-recommended.ini:/usr/local/etc/php/conf.d/opcache-recommended.ini:Z
- ./data/conf/phpfpm/php-conf.d/upload.ini:/usr/local/etc/php/conf.d/upload.ini:Z
- ./data/conf/phpfpm/php-conf.d/other.ini:/usr/local/etc/php/conf.d/zzz-other.ini:Z
- ./data/conf/dovecot/global_sieve_before:/global_sieve/before:Z
- ./data/conf/dovecot/global_sieve_after:/global_sieve/after:Z
- ./data/assets/templates:/tpls:z
dns:
- ${IPV4_NETWORK:-172.22.1}.254
environment:
@@ -178,12 +178,12 @@ services:
dns:
- ${IPV4_NETWORK:-172.22.1}.254
volumes:
- ./data/conf/sogo/:/etc/sogo/
- ./data/web/inc/init_db.inc.php:/init_db.inc.php
- ./data/conf/sogo/custom-sogo.js:/usr/lib/GNUstep/SOGo/WebServerResources/js/custom-sogo.js
- mysql-socket-vol-1:/var/run/mysqld/
- sogo-web-vol-1:/sogo_web
- sogo-userdata-backup-vol-1:/sogo_backup
- ./data/conf/sogo/:/etc/sogo/:z
- ./data/web/inc/init_db.inc.php:/init_db.inc.php:Z
- ./data/conf/sogo/custom-sogo.js:/usr/lib/GNUstep/SOGo/WebServerResources/js/custom-sogo.js:Z
- mysql-socket-vol-1:/var/run/mysqld/:z
- sogo-web-vol-1:/sogo_web:z
- sogo-userdata-backup-vol-1:/sogo_backup:Z
restart: always
networks:
mailcow-network:
@@ -200,18 +200,18 @@ services:
cap_add:
- NET_BIND_SERVICE
volumes:
- ./data/hooks/dovecot:/hooks
- ./data/conf/dovecot:/etc/dovecot
- ./data/assets/ssl:/etc/ssl/mail/:ro
- ./data/conf/sogo/:/etc/sogo/
- ./data/conf/phpfpm/sogo-sso/:/etc/phpfpm/
- vmail-vol-1:/var/vmail
- vmail-index-vol-1:/var/vmail_index
- crypt-vol-1:/mail_crypt/
- ./data/conf/rspamd/custom/:/etc/rspamd/custom
- ./data/assets/templates:/templates
- rspamd-vol-1:/var/lib/rspamd
- mysql-socket-vol-1:/var/run/mysqld/
- ./data/hooks/dovecot:/hooks:Z
- ./data/conf/dovecot:/etc/dovecot:z
- ./data/assets/ssl:/etc/ssl/mail/:ro,z
- ./data/conf/sogo/:/etc/sogo/:z
- ./data/conf/phpfpm/sogo-sso/:/etc/phpfpm/:z
- vmail-vol-1:/var/vmail:Z
- vmail-index-vol-1:/var/vmail_index:Z
- crypt-vol-1:/mail_crypt/:z
- ./data/conf/rspamd/custom/:/etc/rspamd/custom:z
- ./data/assets/templates:/templates:z
- rspamd-vol-1:/var/lib/rspamd:z
- mysql-socket-vol-1:/var/run/mysqld/:z
environment:
- LOG_LINES=${LOG_LINES:-9999}
- DBNAME=${DBNAME}
@@ -255,13 +255,13 @@ services:
depends_on:
- mysql-mailcow
volumes:
- ./data/hooks/postfix:/hooks
- ./data/conf/postfix:/opt/postfix/conf
- ./data/assets/ssl:/etc/ssl/mail/:ro
- postfix-vol-1:/var/spool/postfix
- crypt-vol-1:/var/lib/zeyple
- rspamd-vol-1:/var/lib/rspamd
- mysql-socket-vol-1:/var/run/mysqld/
- ./data/hooks/postfix:/hooks:Z
- ./data/conf/postfix:/opt/postfix/conf:z
- ./data/assets/ssl:/etc/ssl/mail/:ro,z
- postfix-vol-1:/var/spool/postfix:z
- crypt-vol-1:/var/lib/zeyple:z
- rspamd-vol-1:/var/lib/rspamd:z
- mysql-socket-vol-1:/var/run/mysqld/:z
environment:
- LOG_LINES=${LOG_LINES:-9999}
- TZ=${TZ}
@@ -325,12 +325,12 @@ services:
- SKIP_SOGO=${SKIP_SOGO:-n}
- ALLOW_ADMIN_EMAIL_LOGIN=${ALLOW_ADMIN_EMAIL_LOGIN:-n}
volumes:
- ./data/web:/web:ro
- ./data/conf/rspamd/dynmaps:/dynmaps:ro
- ./data/assets/ssl/:/etc/ssl/mail/:ro
- ./data/conf/nginx/:/etc/nginx/conf.d/:rw
- ./data/conf/rspamd/meta_exporter:/meta_exporter:ro
- sogo-web-vol-1:/usr/lib/GNUstep/SOGo/
- ./data/web:/web:ro,z
- ./data/conf/rspamd/dynmaps:/dynmaps:ro,z
- ./data/assets/ssl/:/etc/ssl/mail/:ro,z
- ./data/conf/nginx/:/etc/nginx/conf.d/:rw,Z
- ./data/conf/rspamd/meta_exporter:/meta_exporter:ro,z
- sogo-web-vol-1:/usr/lib/GNUstep/SOGo/:z
ports:
- "${HTTPS_BIND:-0.0.0.0}:${HTTPS_PORT:-443}:${HTTPS_PORT:-443}"
- "${HTTP_BIND:-0.0.0.0}:${HTTP_PORT:-80}:${HTTP_PORT:-80}"
@@ -367,10 +367,10 @@ services:
- SNAT_TO_SOURCE=${SNAT_TO_SOURCE:-n}
- SNAT6_TO_SOURCE=${SNAT6_TO_SOURCE:-n}
volumes:
- ./data/web/.well-known/acme-challenge:/var/www/acme:rw
- ./data/assets/ssl:/var/lib/acme/:rw
- ./data/assets/ssl-example:/var/lib/ssl-example/:ro
- mysql-socket-vol-1:/var/run/mysqld/
- ./data/web/.well-known/acme-challenge:/var/www/acme:rw,Z
- ./data/assets/ssl:/var/lib/acme/:rw,z
- ./data/assets/ssl-example:/var/lib/ssl-example/:ro,Z
- mysql-socket-vol-1:/var/run/mysqld/:z
restart: always
networks:
mailcow-network:
@@ -407,10 +407,10 @@ services:
dns:
- ${IPV4_NETWORK:-172.22.1}.254
volumes:
- rspamd-vol-1:/var/lib/rspamd
- mysql-socket-vol-1:/var/run/mysqld/
- postfix-vol-1:/var/spool/postfix
- ./data/assets/ssl:/etc/ssl/mail/:ro
- rspamd-vol-1:/var/lib/rspamd:z
- mysql-socket-vol-1:/var/run/mysqld/:z
- postfix-vol-1:/var/spool/postfix:z
- ./data/assets/ssl:/etc/ssl/mail/:ro,z
restart: always
environment:
- IPV6_NETWORK=${IPV6_NETWORK:-fd4d:6169:6c63:6f77::/64}
@@ -463,6 +463,8 @@ services:
dockerapi-mailcow:
image: mailcow/dockerapi:1.37
security_opt:
- label=disable
restart: always
oom_kill_disable: true
dns:
@@ -481,7 +483,7 @@ services:
image: mailcow/solr:1.7
restart: always
volumes:
- solr-vol-1:/opt/solr/server/solr/dovecot-fts/data
- solr-vol-1:/opt/solr/server/solr/dovecot-fts/data:Z
ports:
- "${SOLR_PORT:-127.0.0.1:18983}:8983"
environment:
@@ -532,6 +534,8 @@ services:
environment:
- TZ=${TZ}
image: robbertkl/ipv6nat
security_opt:
- label=disable
restart: always
privileged: true
network_mode: "host"