| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
We don't need to modify any files within this volume, so mark it as read
only, especially since the volume belongs to nginx-proxy.
We require write access to the other volumes.
Signed-off-by: Malfurious <m@lfurio.us>
|
|
Define a container to run mlmmj-maintd service. It runs daemonized so
it will schedule its own tasks (its forground mode is one-shot
execution).
Signed-off-by: Malfurious <m@lfurio.us>
|
|
Signed-off-by: Malfurious <m@lfurio.us>
|
|
As hinted by the previous commit, the mailnode system is built in a
single docker image for simplicity. Defining multiple Dockerfiles would
lead to many redundant tasks and be harder to maintain. So a common
image for all services is built.
However, the compose file spawns a unique container for each service,
and communication occurs via the filesystem, through volumes. Note also
that some fields in docker-compose.yml are required to be set by the
end-user.
The mail system is oriented around virtual users, so that nobody needs
their own unix system account. However, best security practice is to
create a dedicated user to own the mails - this user shouldn't be used
for any other purpose. For this, the Dockerfile creates the user
"vmailbox".
The reason for declaring port exposure for TCP/80 is to enable automated
TLS encryption with nginx-proxy-acme. This port is not actually opened
by the compose file.
Signed-off-by: Malfurious <m@lfurio.us>
|
