updated nginx, added noninteractive flag to debian, working on mailserver

5 years ago · acdc516d49
6 changed files with 23 additions and 9 deletions
--- a/src/debian/Containerfile
+++ b/src/debian/Containerfile
@ -12,6 +12,7 @@ RUN rm /etc/localtime && \
    echo $TZ > /etc/timezone

 # Install packages
+ARG DEBIAN_FRONTEND=noninteractive
 RUN apt update -y 
 RUN apt upgrade -y
 RUN apt install -y init sudo wget nano less man-db unzip
--- a/src/gitea/Containerfile
+++ b/src/gitea/Containerfile
@ -39,7 +39,7 @@ RUN apt update -y && apt install -y postgresql postgresql-doc git

 # create gitea user with file owner UID
 RUN addgroup --gid $FILESUID gitea && \
-    adduser gitea --ingroup gitea --uid $FILESUID --disabled-password --gecos "Gitea Server" --shell /usr/sbin/nologin
+    adduser gitea --ingroup gitea --uid $FILESUID --disabled-password --gecos "Gitea Server" --shell /usr/sbin/nologin --home /var/lib/gitea

 # copy our custom scripts
 COPY assets/bin/ /usr/local/bin/
--- a/src/mailserver/Containerfile
+++ b/src/mailserver/Containerfile
@ -12,7 +12,7 @@ LABEL deployopts="\
 -p 993:993 \
 -v /srv/volumes/mailserver/db:/vol/db \
 -v /srv/volumes/mailserver/mail:/vol/mail \
-v /etc/letsencrypt:/vol/ssl"
+-v /etc/letsencrypt:/vol/ssl:ro"

 # Build Variables
 # uid that the files owner user should have
@ -22,9 +22,6 @@ ARG FILESUID=5000
 ### General Setup
 ###

-# tell debian not to ask any questions during package install
-ARG DEBIAN_FRONTEND=noninteractive
-
 # install packages we want
 RUN apt update -y && apt install -y postfix dovecot-imapd dovecot-lmtpd

--- a/src/mailserver/assets/main.cf
+++ b/src/mailserver/assets/main.cf
@ -1,7 +1,7 @@
 # See /usr/share/postfix/main.cf.dist for a commented, more complete version

 # Network settings
-myhostname = mail.brbytes.org
+myhostname = mailtest.brbytes.org
 myorigin = $myhostname
 mydestination = $myhostname, localhost.localdomain, localhost
 relayhost = 
--- a/src/mailserver/docs/Build.md
+++ b/src/mailserver/docs/Build.md
@ -46,7 +46,7 @@ All of the excerpts in this section should be included in `main.cf`.
 configure the domain:
 ```
 # domain
-myhostname = mail.brbytes.org
+myhostname = mailtest.brbytes.org
 myorigin = $myhostname
 mydestination = $myhostname, localhost.localdomain, localhost
 ```
--- a/src/mailserver/docs/Deploy.md
+++ b/src/mailserver/docs/Deploy.md
@ -25,9 +25,25 @@ nft -f /etc/nftables

 ## set up domain name

-Need MX and CNAME records.
+Set up a DNS A Record pointing to your host machine. Make sure it works by running:
+```
+ping ${dnsname:?}
+```

 ## get SSL certificates from letsencrypt

-use certbot
+install certbot:
+```
+apt install certbot
+```

+if you are using a firewall, you need to figure out how to define a temporary rule allowing http access. For nftables, the rule would be:
+```
+nft insert rule inet myfilter myfirewall tcp dport 80 accept
+```
+
+Get a certificate for your domain by running:
+```
+certbot certonly --standalone --pre-hook "nft insert rule inet myfilter myfirewall tcp dport 80 accept" --post-hook "nft -f /etc/nftables.conf"
+```
+the application will ask you a few questions, including you domain. Including the appropriate hooks when issuing the certificate should guarantee that the hooks are also used when renewing.