Docker Compose setup ==================== Prepare the environment ----------------------- Mailu will store all of its persistent data in a path of your choice (``/mailu`` by default) simply create the directory and move there: .. code-block:: bash mkdir /mailu cd /mailu Create the configuration files ------------------------------ Docker Compose configuration is stored in a file named ``docker-compose.yml``. Additionally, Mailu relies on a ``mailu.env`` file for various settings. Both files can be generated by the `mailu setup utility`_. The setup utility is mostly self-explanatory, with some more additional information in this section. .. _`mailu setup utility`: https://setup.mailu.io .. _tls_flavor: TLS certificates ```````````````` Sets the ``TLS_FLAVOR`` to one of the following values: - ``cert`` is the default and requires certificates to be setup manually; - ``letsencrypt`` will use the *Letsencrypt!* CA to obtain certificates automatically; - ``notls`` will disable TLS, this is not recommended except for testing. .. note:: When using *Letsencrypt!* you have to make sure that the DNS ``A`` and ``AAAA`` records for the all hostnames mentioned in the ``HOSTNAMES`` variable match with the ip addresses of you server or else certificate generation will fail! See also: :ref:`dns_setup`. Bind address ```````````` The bind addresses need to match the public IP addresses assigned to your server. For IPv6 you will need the ```` scope address. You can find those addresses by running the following: .. code-block:: bash [root@mailu ~]$ ifconfig eth0 eth0: flags=4163 mtu 1500 inet 125.189.138.127 netmask 255.255.255.0 broadcast 5.189.138.255 inet6 fd21:aab2:717c:cc5a::1 prefixlen 64 scopeid 0x0 inet6 fe2f:2a73:43a8:7a1b::1 prefixlen 64 scopeid 0x20 ether 00:50:56:3c:b2:23 txqueuelen 1000 (Ethernet) RX packets 174866612 bytes 127773819607 (118.9 GiB) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 19905110 bytes 2191519656 (2.0 GiB) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 If the address is not configured directly (NAT) on any of the network interfaces or if you would simply like the server to listen on all interfaces, use ``0.0.0.0`` and ``::``. Note that running in this mode is not supported and can lead to `issues`_. .. _issues: https://github.com/Mailu/Mailu/issues/641 Review configuration variables ------------------------------ After downloading the files, open ``mailu.env`` and review the variable settings. Make sure to read the comments in the file and instructions from the :ref:`common_cfg` page. If your CPU supports Advanced Vector Extensions (AVX2 on x86_64, lrcpc on ARM64), you should consider enabling hardened-malloc earlier in the boot process by adding the following to your mailu.env: .. code-block:: bash LD_PRELOAD=/usr/lib/libhardened_malloc.so Finish setting up TLS --------------------- Mailu relies heavily on TLS and must have a key pair and a certificate available, at least for the hostname configured in the ``mailu.env`` file. If you set ``TLS_FLAVOR`` to ``cert`` then you must create a ``certs`` directory in your root path and setup a key-certificate pair there: - ``cert.pem`` contains the certificate (override with ``TLS_CERT_FILENAME``), - ``key.pem`` contains the key pair (override with ``TLS_KEYPAIR_FILENAME``). Start Mailu ----------- You may now start Mailu. Move the to the Mailu directory and run: .. code-block:: bash docker compose up -d Finally, you need an admin user account. You can have the system create it automatically: use the environment variables ``INITIAL_ADMIN_*`` as described in :ref:`admin_account` Else, if you don't go with the automatic way, you need to manually create the admin account now: .. code-block:: bash docker compose exec admin flask mailu admin me example.net 'password' This will create a user named ``me@example.net`` with password ``password`` and administration privileges. Connect to the Web admin interface and change the password to a strong one. .. note:: It is vitally important that either a user with the same email as ``POSTMASTER`` in your ``mailu.env`` exists, or you remember to create an alias with this name after you log in. All kinds of strange errors will occur as a result of not doing so!