Re: Fwd: Help putting cyrus on Docker

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Hi Nic!

I'm super happy with your response!

Honestly, I added that while I was getting 550 from lmtp, but that probably should be removed. But lmtp, do you think I can remove that line from the master? Actually, that line came turned on by default on CentOS 8, that is the base image I'm using. I will turn that off and check if all runs ok.

I will write a README for this recipe and all containers I made. I would be very happy to see that in the Cyrus docs :)

Em ter., 18 de fev. de 2020 às 14:24, Nic Bernstein <nic@xxxxxxxxxxxxxxxx> escreveu:
Fabio,
Very interesting stuff.  I would encourage you to add Readme.md to your repository, containing at least what you've summarized here.  This would make for a nice addition to the Cyrus documentation, but would need a bit more explanation on your part, first, so whomever prepares the docs for the Cyrus project doesn't misrepresent anything you've done.

Some questions:
  • You've gone to the trouble to add the certificate infrastructure for Postfix, but not for Cyrus.  Any reason for that?
    • What I'm referring to here is the nginx proxy support for the Let's Encrypt stuff (at least I assume that's what you're using)
  • Your Postfix configuration contains support for the deprecated Cyrus 'deliver' program as well as LMTP. 
    • If Postfix & Cyrus are separate containers, then 'deliver' won't work.

Nice work!
    -nic

On 2/18/20 10:16 AM, Fabio Montefuscolo wrote:
Hello!

I finally got the basic stuff working on Docker and deployed through Docker swarm. That is what I learnt (or I think I learnt)

* a basic mail solution having Cyrus needs 4 containers (imapd, saslauthd, rsyslog and postfix)
* sharing rsyslog socket on all containers is needed to have logs
* saslauthd socket needs to be shared on imapd and postfix containers, to have authentication
* imapd exposes lmtp socket, that needs to be shared with postfix, to receive emails

Other stuff

* Saslauthd is using OpenLDAP
* Postfix uses letsencrypt generated certificate

Next challenges

* Run OpenDKIM container and tie it o Postfix
* Work with virtualdomains
* Have a spam solution
* Convert the docker-compose.yml to a kubernetes equivalent (so scary)

If anyone have some minutes to take a look at https://github.com/fabiomontefuscolo/wikisuite-swarm/tree/master/global-services and give some thoughts, it would be awesome.

Thank you!!


Em qua., 15 de jan. de 2020 às 08:49, Fabio Montefuscolo <fabio.montefuscolo@xxxxxxxxx> escreveu:
Hi Niels

Thank you very much for looking into this. 

Initially, I would like to get this working like I got in a real CentOS 8. I have here a virtual machine where I did the same steps I did in Dockerfile. But in VM I start services "systemctl start cyrus-imapd" and "systemctl start saslauthd" and basic login works out of the box. I could telnet on port 143 and ". login cyrus cyrus". That is not happening on Docker.

I hope other people using the image can write their own config and mount inside the container to achieve their needs. The plan is to have some kubernetes recipes I can repeat whenever we get a new client wondering to have an email service. Actually I'm testing it on DO, but using kubernetes should be simple to move to AWS, Linode or any other kubernetes hosting.

Thank you

Em qua., 15 de jan. de 2020 às 06:22, Niels Dettenbach via Info-cyrus <info-cyrus@xxxxxxxxxxxxxxxxxxxx> escreveu:
Am Dienstag, 14. Januar 2020, 16:47:52 CET schrieb Fabio Montefuscolo:
> I'm trying to build a simple docker image based on CentOS 8, which brings
> cyrus-imapd 3.0.7. I'm having troubles to authenticate on cyrus imap
> service for unknown reasons. There is no syslog facility working inside
> the centos image, so I don't have logs. The final idea is deploy this
> image in a kubernetes cluster. The Dockerfile I'm using is
> https://github.com/fabiomontefuscolo/docker-cyrusimapd
>
> When I jump into console and try to use cyradm, I get 2 password fields to
> fulfill and at the ent, that doesn't work


as far as i can read in that dockerfile on a first view, it does only install
dependencies and "activating" SSL/TLS, but lacks any kind of further required
configuration for cyrus auth etc.

the flexibility and complexity of cyrus installations are not easy to
"capsule" into a docker file or reciept for a "common usage".

depending on what kind of authentication subsystem (i.e. mysql, pam, ldap,
pam_mysql, sasl, saslauthd (with pam or other "backend") you want to use or
even active AD or others you have to configure that by hand (or extend that
docker file).

a typical "easy" way is using saslauthd with -s pam to "simply" use pam
authentication.


hth,



niels.


--
 ---
 Niels Dettenbach
 Syndicat IT & Internet
 http://www.syndicat.com
 PGP: https://syndicat.com/pub_key.asc
 ---







----
Cyrus Home Page: http://www.cyrusimap.org/
List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
To Unsubscribe:
https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus

----
Cyrus Home Page: http://www.cyrusimap.org/
List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
To Unsubscribe:
https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus


-- 
Nic Bernstein                               nic@xxxxxxxxxxxxxxxx
mobile: +1 414 807 1734
snail: 1111 N Astor St Apt A5, Milwaukee, WI  53202-3319
https://www.nicbernstein.com
https://www.linkedin.com/in/nic-b-26577a178/
----
Cyrus Home Page: http://www.cyrusimap.org/
List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
To Unsubscribe:
https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus

[Index of Archives]     [Cyrus SASL]     [Squirrel Mail]     [Asterisk PBX]     [Video For Linux]     [Photo]     [Yosemite News]     [gtk]     [KDE]     [Gimp on Windows]     [Steve's Art]

  Powered by Linux