diff --git a/.gitignore b/.gitignore
index 84ee07d3..845a97ee 100644
--- a/.gitignore
+++ b/.gitignore
@@ -9,6 +9,7 @@ pip-selfcheck.json
/docs/lib*
/docs/bin
/docs/include
+/docs/contributors/mailu-network-diagram.svg
/docs/_build
/.env
/.venv
diff --git a/docs/Dockerfile b/docs/Dockerfile
index 25ecc496..08e725fc 100644
--- a/docs/Dockerfile
+++ b/docs/Dockerfile
@@ -9,7 +9,7 @@ COPY . /docs
RUN set -euxo pipefail \
; machine="$(uname -m)" \
- ; deps="gcc musl-dev" \
+ ; deps="gcc musl-dev graphviz" \
; [[ "${machine}" != x86_64 ]] && \
deps="${deps} cargo" \
; apk add --no-cache --virtual .build-deps ${deps} \
@@ -17,7 +17,8 @@ RUN set -euxo pipefail \
mkdir -p /root/.cargo/registry/index && \
git clone --bare https://github.com/rust-lang/crates.io-index.git /root/.cargo/registry/index/github.com-1285ae84e5963aae \
; pip3 install -r /requirements.txt \
- ; mkdir -p /build/$VERSION \
+ ; mkdir -p /build/$VERSION/ \
+ ; dot -Tsvg /docs/mailu-network-diagram.dot -o /docs/contributors/mailu-network-diagram.svg \
; sphinx-build -W /docs /build/$VERSION \
; apk del .build-deps \
; rm -rf /root/.cargo
diff --git a/docs/contributors/firewalling.rst b/docs/contributors/firewalling.rst
new file mode 100644
index 00000000..b1a363d5
--- /dev/null
+++ b/docs/contributors/firewalling.rst
@@ -0,0 +1,10 @@
+Firewalling
+===========
+
+Network flows within Mailu
+--------------------------
+
+The following diagram may prove useful in understanding how the different components interact.
+
+.. image:: mailu-network-diagram.svg
+
diff --git a/docs/index.rst b/docs/index.rst
index f2cf56f3..77c95df9 100644
--- a/docs/index.rst
+++ b/docs/index.rst
@@ -81,3 +81,4 @@ the version of Mailu that you are running.
contributors/database
contributors/memo
contributors/localization
+ contributors/firewalling
diff --git a/docs/mailu-network-diagram.dot b/docs/mailu-network-diagram.dot
new file mode 100644
index 00000000..ed7d1001
--- /dev/null
+++ b/docs/mailu-network-diagram.dot
@@ -0,0 +1,92 @@
+digraph mailu {
+ label = "Mailu";
+ fontname = "arial";
+
+ node [shape = box; fontname = "arial"; fontsize = 8; style = filled; color = "#d3edea";];
+ splines = "compound";
+ // node [shape = "box"; fontsize = "10";];
+ edge [fontsize = "8";];
+
+ # Components
+ internet [label = "Internet";];
+ proxy [label = "Optional proxy"; shape = "polygon"];
+ front [label = "Front";];
+ admin [label = "Admin";];
+ smtp [label = "SMTP";];
+ redis [label = "Redis";];
+ antispam [label = "Antispam";];
+ antivirus [label = "Anti-Virus";];
+ imap [label = "IMAP";];
+ webdav [label = "WebDAV";];
+ webmail [label = "Webmail";];
+ fetchmail [label = "Fetchmail";];
+ oletools [label = "Oletools"];
+ fts_attachments [label = "Tika"];
+ # proxy from internet
+ internet -> proxy [label = "25/tcp";];
+ internet -> proxy [label = "80/tcp";];
+ internet -> proxy [label = "443/tcp";];
+ internet -> proxy [label = "465/tcp";];
+ internet -> proxy [label = "587/tcp";];
+ internet -> proxy [label = "110/tcp";];
+ internet -> proxy [label = "995/tcp";];
+ internet -> proxy [label = "143/tcp";];
+ internet -> proxy [label = "993/tcp";];
+ internet -> proxy [label = "4190/tcp";];
+
+ # Front from proxy
+ proxy -> front [label = "25/tcp";];
+ proxy -> front [label = "80/tcp";];
+ proxy -> front [label = "443/tcp";];
+ proxy -> front [label = "465/tcp";];
+ proxy -> front [label = "587/tcp";];
+ proxy -> front [label = "110/tcp";];
+ proxy -> front [label = "995/tcp";];
+ proxy -> front [label = "143/tcp";];
+ proxy -> front [label = "993/tcp";];
+ proxy -> front [label = "4190/tcp";];
+
+ front -> front [label = "8008/tcp";];
+ front -> front [label = "8000/tcp";];
+ front -> admin [label = "8080/tcp";];
+ front -> imap [label = "4190/tcp";];
+ front -> imap [label = "143/tcp";];
+ front -> imap [label = "110/tcp";];
+ front -> smtp [label = "25/tcp";];
+ front -> smtp [label = "10025/tcp";];
+ front -> webmail [label = "80/tcp";];
+ front -> antispam [label = "11334/tcp";];
+ front -> webdav [label = "5232/tcp";];
+
+ smtp -> admin [label = "8080/tcp";];
+ smtp -> front [label = "2525/tcp";];
+ smtp -> antispam [label = "11332/tcp";];
+
+ imap -> admin [label = "8080/tcp";];
+ imap -> antispam [label = "11334/tcp";];
+ imap -> proxy [label = "25/tcp";];
+ imap -> fts_attachments [label = "9998/tcp";];
+
+ webmail -> front [label = "14190/tcp";];
+ webmail -> front [label = "10025/tcp";];
+ webmail -> front [label = "10143/tcp";];
+ # carddav
+ webmail -> proxy [label = "443/tcp";];
+
+ admin -> redis [label = "6379/tcp";];
+ admin -> front [label = "2525/tcp";];
+
+ antispam -> redis [label = "6379/tcp";];
+ antispam -> admin [label = "8080/tcp";];
+ antispam -> oletools [label = "11343/tcp";];
+ antispam -> antivirus [label = "3310/tcp";];
+
+ fetchmail -> admin [label = "8080/tcp"]
+ fetchmail -> proxy [label = "25/tcp"]
+ fetchmail -> front [label = "2525/tcp"]
+ #
+ # those don't need internet:
+ # oletools
+ # fts_attachments
+ # redis
+}
diff --git a/docs/mailu-network-diagram.ipynb b/docs/mailu-network-diagram.ipynb
deleted file mode 100644
index 2a68e0e4..00000000
--- a/docs/mailu-network-diagram.ipynb
+++ /dev/null
@@ -1,614 +0,0 @@
-{
- "cells": [
- {
- "cell_type": "code",
- "execution_count": 1,
- "metadata": {},
- "outputs": [
- {
- "data": {
- "image/svg+xml": [
- "\n",
- "\n",
- "\n",
- "\n",
- "\n"
- ],
- "text/plain": [
- ""
- ]
- },
- "execution_count": 1,
- "metadata": {},
- "output_type": "execute_result"
- }
- ],
- "source": [
- "import graphviz\n",
- "\n",
- "a = \"\"\"\n",
- "digraph mailu {\n",
- " label = \"Mailu\";\n",
- " fontname = \"arial\";\n",
- " \n",
- " node [shape = box; fontname = \"arial\"; fontsize = 8; style = filled; color = \"#d3edea\";];\n",
- " splines = \"compound\";\n",
- " // node [shape = \"box\"; fontsize = \"10\";];\n",
- " edge [fontsize = \"8\";];\n",
- " \n",
- " # Components\n",
- " internet [label = \"Internet\";];\n",
- " proxy [label = \"Optional proxy\"; shape = \"polygon\"];\n",
- " front [label = \"Front\";];\n",
- " admin [label = \"Admin\";];\n",
- " smtp [label = \"SMTP\";];\n",
- " redis [label = \"Redis\";];\n",
- " antispam [label = \"Antispam\";];\n",
- " antivirus [label = \"Anti-Virus\";];\n",
- " imap [label = \"IMAP\";];\n",
- " webdav [label = \"WebDAV\";];\n",
- " webmail [label = \"Webmail\";];\n",
- " fetchmail [label = \"Fetchmail\";];\n",
- " oletools [label = \"Oletools\"];\n",
- " fts_attachments [label = \"Tika\"];\n",
- " # proxy from internet\n",
- " internet -> proxy [label = \"25/tcp\";];\n",
- " internet -> proxy [label = \"80/tcp\";];\n",
- " internet -> proxy [label = \"443/tcp\";];\n",
- " internet -> proxy [label = \"465/tcp\";];\n",
- " internet -> proxy [label = \"587/tcp\";];\n",
- " internet -> proxy [label = \"110/tcp\";];\n",
- " internet -> proxy [label = \"995/tcp\";];\n",
- " internet -> proxy [label = \"143/tcp\";];\n",
- " internet -> proxy [label = \"993/tcp\";];\n",
- " internet -> proxy [label = \"4190/tcp\";];\n",
- " \n",
- " # Front from proxy\n",
- " proxy -> front [label = \"25/tcp\";];\n",
- " proxy -> front [label = \"80/tcp\";];\n",
- " proxy -> front [label = \"443/tcp\";];\n",
- " proxy -> front [label = \"465/tcp\";];\n",
- " proxy -> front [label = \"587/tcp\";];\n",
- " proxy -> front [label = \"110/tcp\";];\n",
- " proxy -> front [label = \"995/tcp\";];\n",
- " proxy -> front [label = \"143/tcp\";];\n",
- " proxy -> front [label = \"993/tcp\";];\n",
- " proxy -> front [label = \"4190/tcp\";];\n",
- " \n",
- " front -> front [label = \"8008/tcp\";];\n",
- " front -> front [label = \"8000/tcp\";];\n",
- " front -> admin [label = \"8080/tcp\";];\n",
- " front -> imap [label = \"4190/tcp\";];\n",
- " front -> imap [label = \"143/tcp\";];\n",
- " front -> imap [label = \"110/tcp\";];\n",
- " front -> smtp [label = \"25/tcp\";];\n",
- " front -> smtp [label = \"10025/tcp\";];\n",
- " front -> webmail [label = \"80/tcp\";];\n",
- " front -> antispam [label = \"11334/tcp\";];\n",
- " front -> webdav [label = \"5232/tcp\";];\n",
- " \n",
- " smtp -> admin [label = \"8080/tcp\";];\n",
- " smtp -> front [label = \"2525/tcp\";];\n",
- " smtp -> antispam [label = \"11332/tcp\";];\n",
- " \n",
- " imap -> admin [label = \"8080/tcp\";];\n",
- " imap -> antispam [label = \"11334/tcp\";];\n",
- " imap -> proxy [label = \"25/tcp\";];\n",
- " imap -> fts_attachments [label = \"9998/tcp\";];\n",
- " \n",
- " webmail -> front [label = \"14190/tcp\";];\n",
- " webmail -> front [label = \"10025/tcp\";];\n",
- " webmail -> front [label = \"10143/tcp\";];\n",
- " # carddav\n",
- " webmail -> proxy [label = \"443/tcp\";];\n",
- " \n",
- " admin -> redis [label = \"6379/tcp\";];\n",
- " admin -> front [label = \"2525/tcp\";];\n",
- " \n",
- " antispam -> redis [label = \"6379/tcp\";];\n",
- " antispam -> admin [label = \"8080/tcp\";];\n",
- " antispam -> oletools [label = \"11343/tcp\";];\n",
- " antispam -> antivirus [label = \"3310/tcp\";];\n",
- " \n",
- " fetchmail -> admin [label = \"8080/tcp\"]\n",
- " fetchmail -> proxy [label = \"25/tcp\"]\n",
- " fetchmail -> front [label = \"2525/tcp\"]\n",
- " #\n",
- " # those don't need internet:\n",
- " # oletools\n",
- " # fts_attachments\n",
- " # redis\n",
- "}\n",
- "\"\"\"\n",
- "\n",
- "dot = graphviz.Source(a)\n",
- "dot\n"
- ]
- },
- {
- "cell_type": "code",
- "execution_count": null,
- "metadata": {},
- "outputs": [],
- "source": []
- },
- {
- "cell_type": "code",
- "execution_count": null,
- "metadata": {},
- "outputs": [],
- "source": []
- }
- ],
- "metadata": {
- "kernelspec": {
- "display_name": "Python 3 (ipykernel)",
- "language": "python",
- "name": "python3"
- },
- "language_info": {
- "codemirror_mode": {
- "name": "ipython",
- "version": 3
- },
- "file_extension": ".py",
- "mimetype": "text/x-python",
- "name": "python",
- "nbconvert_exporter": "python",
- "pygments_lexer": "ipython3",
- "version": "3.11.2"
- }
- },
- "nbformat": 4,
- "nbformat_minor": 2
-}