Fwd: Help putting cyrus on Docker

Nic Bernstein nic at nicbernstein.com
Tue Feb 18 12:24:09 EST 2020 

Fabio,
Very interesting stuff.  I would encourage you to add Readme.md to your 
repository, containing at least what you've summarized here. This would 
make for a nice addition to the Cyrus documentation, but would need a 
bit more explanation on your part, first, so whomever prepares the docs 
for the Cyrus project doesn't misrepresent anything you've done.

Some questions:

  * You've gone to the trouble to add the certificate infrastructure for
    Postfix, but not for Cyrus. Any reason for that?
      o What I'm referring to here is the nginx proxy support for the
        Let's Encrypt stuff (at least I assume that's what you're using)
  * Your Postfix configuration contains support for the deprecated Cyrus
    'deliver' program as well as LMTP.
      o If Postfix & Cyrus are separate containers, then 'deliver' won't
        work.


Nice work!
     -nic

On 2/18/20 10:16 AM, Fabio Montefuscolo wrote:
> Hello!
>
> I finally got the basic stuff working on Docker and deployed through 
> Docker swarm. That is what I learnt (or I think I learnt)
>
> * a basic mail solution having Cyrus needs 4 containers (imapd, 
> saslauthd, rsyslog and postfix)
> * sharing rsyslog socket on all containers is needed to have logs
> * saslauthd socket needs to be shared on imapd and postfix containers, 
> to have authentication
> * imapd exposes lmtp socket, that needs to be shared with postfix, to 
> receive emails
>
> Other stuff
>
> * Saslauthd is using OpenLDAP
> * Postfix uses letsencrypt generated certificate
>
> Next challenges
>
> * Run OpenDKIM container and tie it o Postfix
> * Work with virtualdomains
> * Have a spam solution
> * Convert the docker-compose.yml to a kubernetes equivalent (so scary)
>
> If anyone have some minutes to take a look at 
> https://github.com/fabiomontefuscolo/wikisuite-swarm/tree/master/global-services 
> and give some thoughts, it would be awesome.
>
> Thank you!!
>
>
> Em qua., 15 de jan. de 2020 às 08:49, Fabio Montefuscolo 
> <fabio.montefuscolo at gmail.com <mailto:fabio.montefuscolo at gmail.com>> 
> escreveu:
>
>     Hi Niels
>
>     Thank you very much for looking into this.
>
>     Initially, I would like to get this working like I got in a real
>     CentOS 8. I have here a virtual machine where I did the same steps
>     I did in Dockerfile. But in VM I start services "*systemctl start
>     cyrus-imapd*" and "*systemctl start saslauthd*" and basic login
>     works out of the box. I could telnet on port 143 and "*. login
>     cyrus cyrus*". That is not happening on Docker.
>
>     I hope other people using the image can write their own config and
>     mount inside the container to achieve their needs. The plan is to
>     have some kubernetes recipes I can repeat whenever we get a new
>     client wondering to have an email service. Actually I'm testing it
>     on DO, but using kubernetes should be simple to move to AWS,
>     Linode or any other kubernetes hosting.
>
>     Thank you
>
>     Em qua., 15 de jan. de 2020 às 06:22, Niels Dettenbach via
>     Info-cyrus <info-cyrus at lists.andrew.cmu.edu
>     <mailto:info-cyrus at lists.andrew.cmu.edu>> escreveu:
>
>         Am Dienstag, 14. Januar 2020, 16:47:52 CET schrieb Fabio
>         Montefuscolo:
>         > I'm trying to build a simple docker image based on CentOS 8,
>         which brings
>         > cyrus-imapd 3.0.7. I'm having troubles to authenticate on
>         cyrus imap
>         > service for unknown reasons. There is no syslog facility
>         working inside
>         > the centos image, so I don't have logs. The final idea is
>         deploy this
>         > image in a kubernetes cluster. The Dockerfile I'm using is
>         > https://github.com/fabiomontefuscolo/docker-cyrusimapd
>         >
>         > When I jump into console and try to use cyradm, I get 2
>         password fields to
>         > fulfill and at the ent, that doesn't work
>
>
>         as far as i can read in that dockerfile on a first view, it
>         does only install
>         dependencies and "activating" SSL/TLS, but lacks any kind of
>         further required
>         configuration for cyrus auth etc.
>
>         the flexibility and complexity of cyrus installations are not
>         easy to
>         "capsule" into a docker file or reciept for a "common usage".
>
>         depending on what kind of authentication subsystem (i.e.
>         mysql, pam, ldap,
>         pam_mysql, sasl, saslauthd (with pam or other "backend") you
>         want to use or
>         even active AD or others you have to configure that by hand
>         (or extend that
>         docker file).
>
>         a typical "easy" way is using saslauthd with -s pam to
>         "simply" use pam
>         authentication.
>
>
>         hth,
>
>
>
>         niels.
>
>
>         -- 
>          ---
>          Niels Dettenbach
>          Syndicat IT & Internet
>         http://www.syndicat.com
>          PGP: https://syndicat.com/pub_key.asc
>          ---
>
>
>
>
>
>
>
>         ----
>         Cyrus Home Page: http://www.cyrusimap.org/
>         List Archives/Info:
>         http://lists.andrew.cmu.edu/pipermail/info-cyrus/
>         To Unsubscribe:
>         https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
>
>
> ----
> Cyrus Home Page:http://www.cyrusimap.org/
> List Archives/Info:http://lists.andrew.cmu.edu/pipermail/info-cyrus/
> To Unsubscribe:
> https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus


-- 
Nic Bernstein                               nic at nicbernstein.com
mobile: +1 414 807 1734
snail: 1111 N Astor St Apt A5, Milwaukee, WI  53202-3319
https://www.nicbernstein.com
https://www.linkedin.com/in/nic-b-26577a178/

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.andrew.cmu.edu/pipermail/info-cyrus/attachments/20200218/80c05312/attachment.html>

More information about the Info-cyrus mailing list