mailu / rancher Goto Github PK

View Code? Open in Web Editor NEW

9.0 7.0 6.0 57 KB

Rancher catalog entries

rancher's Introduction

Mailu Rancher Catalog

Rancher Catalog for Mailu.io mail server.

How to

Just add https://github.com/Mailu/Rancher.git to Rancher custom catalog in "Admin -> Settings -> Catalog".
You need to provide a cert.pem and key.pem files in ${ROOT}/certs. For example, in /mailu/certs/.

Using the "Let's Encrypt" stack from the Rancher Catalog

The Let's Encrypt stack from the Rancher Catalog uses: janeczku/rancher-letsencrypt.

That stack takes care of generating TLS / SSL certificates with Let's Encrypt, updating them and adding the certificates to your Rancher Certificate "store".

You can read the full updated documentation for that stack in the GitHub repository: https://github.com/janeczku/rancher-letsencrypt.

You need to pay special attention to the configuration for certificate renewal. You can configure it with several DNS providers or do it just using a Rancher Load Balancer and redirecting a specific route (example.com/.well-known/acme-challenge) to the Let's Encrypt stack service: https://github.com/janeczku/rancher-letsencrypt#http.

For Mailu you also need to have those certificates in a path in the host, for example in /mailu/certs/.

To use the Let's Encrypt stack to generate the certificates and use them inside Mailu, you can do the following:

Note: for this example let's assume that your domain is example.com and that the Mailu ${ROOT} directory is at /mailu/. Update it as according to your configuration.

Create the Let's Encrypt stack from the Rancher Catalog following its documentation.
Enter in the Let's Encrypt stack and click the "upgrade" button of the letsencrypt service.
Go to the "Volumes" tab, it will have a Docker named volume as lets-encrypt:/etc/letsencrypt.
Update that named volume to be a host volume, for example: /etc/letsencrypt-example.com:/etc/letsencrypt.
Now, after creating the certificates (or renovating them) you will have your certificates as: fullchain.pem and privkey.pem.
Those certificates will be under the path: /etc/letsencrypt-example.com/production/certs/example.com/.
Now, you have your certificates in your host in that path, but you need them inside the Mailu path, i.e. in: /mailu/certs/cert.pem and /mailu/certs/key.pem.
To achieve that, create the /mailu/certs/ directory (if you haven't already):

mkdir -p /mailu/certs/

Go to that directory:

cd /mailu/certs/

And there, create a link (a hard link, not a symbolic link) to those files, but with the names that you need to have inside (key.pem and cert.pem):

ln /etc/letsencrypt-example.com/production/certs/example.com/privkey.pem key.pem
ln /etc/letsencrypt-example.com/production/certs/example.com/fullchain.pem cert.pem

Now you can start (or re-start) your Mailu Stack.
As you are using the Rancher Catalog Let's Encrypt stack to generate your certificates, you shouldn't use the integrated certbot with the variable ENABLE_CERTBOT, mark it as False.
If you want to use a Rancher Load Balancer to handle HTTPS connections with the certificate generated with the Let's Encrypt stack (working as a TLS / SSL termination proxy) you should choose the alternative frontend that doesn't implement HTTPS itself (giving that task to the Rancher Load Balancer), so instead of nginx as frontend, you can use:

nginx-no-https

Then, to make sure that every http request gets redirected to https you can start a service (container) that just redirects any http to https, for example using the Docker image: jamessharp/docker-nginx-https-redirect and configuring routes in your Rancher Load Balancer pointing any http to that container so that it gets converted to https.

Using `jwilder/nginx` and `JrCs/docker-letsencrypt-nginx-proxy-companion`

If you need jwilder/nginx support and JrCs/docker-letsencrypt-nginx-proxy-companion, you need to manually symlink cert produce by JrCs/docker-letsencrypt-nginx-proxy-companion to cert.pem and key.pem in ${ROOT}/certs of your Mailu install.

rancher's People

Contributors

Stargazers

Watchers

Forkers

sanduhrs thejordanclark ebertech goalia macduff23

rancher's Issues

using haproxy instead

I would like to use haproxy in rancher instead of nginx, so instead of mapping container to host ports directly in compose, I expose the container ports internally, and then I can use haproxy to map the ports on a per-domain basis.

I also run letsencrypt and haproxy uses the cert generated exclusively. so I would prefer to get rid of nginx altogether and not let any mailu container have access to the cert private keys.

is what I described here doable?

Unable to start stack

I am trying to test this stack on a private network. I created there certs in /mailu/certs (as described here https://github.com/Mailu/Mailu/wiki/Setup-Guide )

then started the rancher stack with Bind address = local machines IP and local DNS name

however multiple containers fail to start due to issues with ports, all ports are available on the host. Bellow is the error from the IMAP container.

(Failed to allocate instance [container:1i439]: Bad instance [container:1i439] in state [stopping]: Allocation failed: No healthy hosts meet the resource constraints: [ports: [192.168.1.140:110:110/tcp, 192.168.1.140:143:143/tcp, 192.168.1.140:993:993/tcp, 192.168.1.140:995:995/tcp, 192.168.1.140:4190:4190/tcp], ResourceType: instanceReservation, Amount: 1])

im using Rancher v1.6.0

1.3 to 1.4 fails upgrade

so i tried to upgrade my default running rancher deployment from the 0.3 to 0.4 miserable failure....
same with deploying a fresh stack on a fresh rancher from this catalog... also a fail ... sorry but does this stuff get tested? after i looked through the merge i though heck lets give it a go.... result 0 mail services now functional.... ughhhh......

Release 1.5.0 Update

With the latest release of Mailu this probably needs an update too?
https://github.com/Mailu/Mailu/releases/tag/v1.5.0

Standard Helm Chart is usable on Rancher 2

Since https://github.com/Mailu/helm-charts is installable OOTB on Rancher 2, shouldn't we archive this repo and point to: https://github.com/Mailu/helm-charts ?

Rancher 2

I think it would be cool to create an helm chart compatible with Rancher 2.
It's not possible to use compose with Rancher 1

But there is http://kompose.io/ to simplify the process from docker-compose.yml to a helm chart. Even though we will probably have to do some modifications but that should be easier than generating everything from scratch. Moreover if we want it to be compatible with Rancher2 we need to have a few things in the chart https://rancher.com/docs/rancher/v2.x/en/catalog/custom/

can anyone make heads or tails of this ??

im trying to deploy from the catalog with a self signed cert in /mailu/certs and listen on 0.0.0.0 yet http sees to fail loading with this error

and the admin container fails with
Failed to allocate instance [container:1i98]: Bad instance [container:1i98] in state [error]: Allocation failed: No healthy hosts meet the resource constraints: [127.0.0.1:8000:80/tcp portReservation, instanceReservation: 1].

why is it even trying 127.0.0.1 ??

1/25/2018 6:36:26 PMwriting new private key to '/tmp/snakeoil.pem'
1/25/2018 6:36:26 PM-----
1/25/2018 6:36:26 PM2018/01/25 23:36:26 [emerg] 14#14: host not found in upstream "admin" in /etc/nginx/nginx.conf:43
1/25/2018 6:36:26 PMnginx: [emerg] host not found in upstream "admin" in /etc/nginx/nginx.conf:43
1/25/2018 6:36:39 PMGenerating a 2048 bit RSA private key
1/25/2018 6:36:39 PM....................................................+++
1/25/2018 6:36:39 PM.......................+++
1/25/2018 6:36:39 PMwriting new private key to '/tmp/snakeoil.pem'
1/25/2018 6:36:39 PM-----
1/25/2018 6:36:39 PM2018/01/25 23:36:39 [emerg] 13#13: host not found in upstream "admin" in /etc/nginx/nginx.conf:43
1/25/2018 6:36:39 PMnginx: [emerg] host not found in upstream "admin" in /etc/nginx/nginx.conf:43
1/25/2018 6:36:54 PMGenerating a 2048 bit RSA private key
1/25/2018 6:36:54 PM................................................................................................+++
1/25/2018 6:36:54 PM.+++
1/25/2018 6:36:54 PMwriting new private key to '/tmp/snakeoil.pem'
1/25/2018 6:36:54 PM-----
1/25/2018 6:36:54 PM2018/01/25 23:36:54 [emerg] 13#13: host not found in upstream "admin" in /etc/nginx/nginx.conf:43
1/25/2018 6:36:54 PMnginx: [emerg] host not found in upstream "admin" in /etc/nginx/nginx.conf:43
1/25/2018 6:37:09 PMGenerating a 2048 bit RSA private key
1/25/2018 6:37:09 PM....................................................+++
1/25/2018 6:37:09 PM...........................+++
1/25/2018 6:37:09 PMwriting new private key to '/tmp/snakeoil.pem'
1/25/2018 6:37:09 PM-----
1/25/2018 6:37:09 PM2018/01/25 23:37:09 [emerg] 13#13: host not found in upstream "admin" in /etc/nginx/nginx.conf:43
1/25/2018 6:37:09 PMnginx: [emerg] host not found in upstream "admin" in /etc/nginx/nginx.conf:43
1/25/2018 6:37:10 PMGenerating a 2048 bit RSA private key
1/25/2018 6:37:10 PM.............+++
1/25/2018 6:37:10 PM.......................................................+++
1/25/2018 6:37:10 PMwriting new private key to '/tmp/snakeoil.pem'
1/25/2018 6:37:10 PM-----
1/25/2018 6:37:10 PM2018/01/25 23:37:10 [emerg] 13#13: host not found in upstream "admin" in /etc/nginx/nginx.conf:43
1/25/2018 6:37:10 PMnginx: [emerg] host not found in upstream "admin" in /etc/nginx/nginx.conf:43
1/25/2018 6:37:24 PM2018/01/25 23:37:24 [emerg] 12#12: host not found in upstream "admin" in /etc/nginx/nginx.conf:76
1/25/2018 6:37:24 PMnginx: [emerg] host not found in upstream "admin" in /etc/nginx/nginx.conf:76
1/25/2018 6:37:25 PM2018/01/25 23:37:25 [emerg] 12#12: host not found in upstream "admin" in /etc/nginx/nginx.conf:76
1/25/2018 6:37:25 PMnginx: [emerg] host not found in upstream "admin" in /etc/nginx/nginx.conf:76
1/25/2018 6:37:39 PM2018/01/25 23:37:39 [emerg] 12#12: host not found in upstream "admin" in /etc/nginx/nginx.conf:76
1/25/2018 6:37:39 PMnginx: [emerg] host not found in upstream "admin" in /etc/nginx/nginx.conf:76