171 lines
10 KiB
YAML
171 lines
10 KiB
YAML
# SECURITY: Only attach trusted containers to the traefik network.
|
|
# This service is reachable only by Traefik (and other containers on traefik).
|
|
# Do not add untrusted or third-party containers to the traefik network.
|
|
services:
|
|
mail-autoconfig:
|
|
image: git.mifi.dev/mifi-holdings/mail-autoconfig:latest
|
|
container_name: mifi-mail-autoconfig
|
|
restart: unless-stopped
|
|
# Security configurations
|
|
security_opt:
|
|
- no-new-privileges:true
|
|
cap_drop:
|
|
- ALL
|
|
read_only: true
|
|
tmpfs:
|
|
- /tmp
|
|
# Isolate from host: no privileged mode, no host network, no host mounts
|
|
# Limit resources to prevent resource exhaustion attacks
|
|
deploy:
|
|
resources:
|
|
limits:
|
|
memory: 256M
|
|
cpus: '0.5'
|
|
reservations:
|
|
memory: 128M
|
|
cpus: '0.25'
|
|
# Update healthcheck to use new port
|
|
healthcheck:
|
|
test: ["CMD", "python", "-c", "import urllib.request; r = urllib.request.Request('http://localhost:8080/ping', headers={'Host': 'autoconfig.mifi.holdings'}); urllib.request.urlopen(r)"]
|
|
interval: 30s
|
|
timeout: 10s
|
|
retries: 3
|
|
start_period: 40s
|
|
networks:
|
|
- marina-net
|
|
labels:
|
|
- "traefik.enable=true"
|
|
- "traefik.docker.network=marina-net"
|
|
|
|
# mifi.holdings
|
|
- "traefik.http.routers.mailconfig-mifi-holdings.rule=Host(`autoconfig.mifi.holdings`) || Host(`autodiscover.mifi.holdings`)"
|
|
- "traefik.http.routers.mailconfig-mifi-holdings.entrypoints=websecure"
|
|
- "traefik.http.routers.mailconfig-mifi-holdings.tls=true"
|
|
- "traefik.http.routers.mailconfig-mifi-holdings.tls.certresolver=letsencrypt"
|
|
- "traefik.http.routers.mailconfig-mifi-holdings.service=mailconfig-mifi-holdings"
|
|
- "traefik.http.services.mailconfig-mifi-holdings.loadbalancer.server.port=8080"
|
|
|
|
# mifi.com.br
|
|
- "traefik.http.routers.mailconfig-mifi-com-br.rule=Host(`autoconfig.mifi.com.br`) || Host(`autodiscover.mifi.com.br`)"
|
|
- "traefik.http.routers.mailconfig-mifi-com-br.entrypoints=websecure"
|
|
- "traefik.http.routers.mailconfig-mifi-com-br.tls=true"
|
|
- "traefik.http.routers.mailconfig-mifi-com-br.tls.certresolver=letsencrypt"
|
|
- "traefik.http.routers.mailconfig-mifi-com-br.service=mailconfig-mifi-com-br"
|
|
- "traefik.http.services.mailconfig-mifi-com-br.loadbalancer.server.port=8080"
|
|
|
|
# mifi.dev
|
|
- "traefik.http.routers.mailconfig-mifi-dev.rule=Host(`autoconfig.mifi.dev`) || Host(`autodiscover.mifi.dev`)"
|
|
- "traefik.http.routers.mailconfig-mifi-dev.entrypoints=websecure"
|
|
- "traefik.http.routers.mailconfig-mifi-dev.tls=true"
|
|
- "traefik.http.routers.mailconfig-mifi-dev.tls.certresolver=letsencrypt"
|
|
- "traefik.http.routers.mailconfig-mifi-dev.service=mailconfig-mifi-dev"
|
|
- "traefik.http.services.mailconfig-mifi-dev.loadbalancer.server.port=8080"
|
|
|
|
# mifi.ventures
|
|
- "traefik.http.routers.mailconfig-mifi-ventures.rule=Host(`autoconfig.mifi.ventures`) || Host(`autodiscover.mifi.ventures`)"
|
|
- "traefik.http.routers.mailconfig-mifi-ventures.entrypoints=websecure"
|
|
- "traefik.http.routers.mailconfig-mifi-ventures.tls=true"
|
|
- "traefik.http.routers.mailconfig-mifi-ventures.tls.certresolver=letsencrypt"
|
|
- "traefik.http.routers.mailconfig-mifi-ventures.service=mailconfig-mifi-ventures"
|
|
- "traefik.http.services.mailconfig-mifi-ventures.loadbalancer.server.port=8080"
|
|
|
|
# mifi.vix.br
|
|
- "traefik.http.routers.mailconfig-mifi-vix-br.rule=Host(`autoconfig.mifi.vix.br`) || Host(`autodiscover.mifi.vix.br`)"
|
|
- "traefik.http.routers.mailconfig-mifi-vix-br.entrypoints=websecure"
|
|
- "traefik.http.routers.mailconfig-mifi-vix-br.tls=true"
|
|
- "traefik.http.routers.mailconfig-mifi-vix-br.tls.certresolver=letsencrypt"
|
|
- "traefik.http.routers.mailconfig-mifi-vix-br.service=mailconfig-mifi-vix-br"
|
|
- "traefik.http.services.mailconfig-mifi-vix-br.loadbalancer.server.port=8080"
|
|
|
|
# mifi.me
|
|
- "traefik.http.routers.mailconfig-mifi-me.rule=Host(`autoconfig.mifi.me`) || Host(`autodiscover.mifi.me`)"
|
|
- "traefik.http.routers.mailconfig-mifi-me.entrypoints=websecure"
|
|
- "traefik.http.routers.mailconfig-mifi-me.tls=true"
|
|
- "traefik.http.routers.mailconfig-mifi-me.tls.certresolver=letsencrypt"
|
|
- "traefik.http.routers.mailconfig-mifi-me.service=mailconfig-mifi-me"
|
|
- "traefik.http.services.mailconfig-mifi-me.loadbalancer.server.port=8080"
|
|
|
|
# blackice.vix.br
|
|
- "traefik.http.routers.mailconfig-blackice-vix-br.rule=Host(`autoconfig.blackice.vix.br`) || Host(`autodiscover.blackice.vix.br`)"
|
|
- "traefik.http.routers.mailconfig-blackice-vix-br.entrypoints=websecure"
|
|
- "traefik.http.routers.mailconfig-blackice-vix-br.tls=true"
|
|
- "traefik.http.routers.mailconfig-blackice-vix-br.tls.certresolver=letsencrypt"
|
|
- "traefik.http.routers.mailconfig-blackice-vix-br.service=mailconfig-blackice-vix-br"
|
|
- "traefik.http.services.mailconfig-blackice-vix-br.loadbalancer.server.port=8080"
|
|
|
|
# fitz.guru
|
|
- "traefik.http.routers.mailconfig-fitz-guru.rule=Host(`autoconfig.fitz.guru`) || Host(`autodiscover.fitz.guru`)"
|
|
- "traefik.http.routers.mailconfig-fitz-guru.entrypoints=websecure"
|
|
- "traefik.http.routers.mailconfig-fitz-guru.tls=true"
|
|
- "traefik.http.routers.mailconfig-fitz-guru.tls.certresolver=letsencrypt"
|
|
- "traefik.http.routers.mailconfig-fitz-guru.service=mailconfig-fitz-guru"
|
|
- "traefik.http.services.mailconfig-fitz-guru.loadbalancer.server.port=8080"
|
|
|
|
# umlautpress.com
|
|
- "traefik.http.routers.mailconfig-umlautpress-com.rule=Host(`autoconfig.umlautpress.com`) || Host(`autodiscover.umlautpress.com`)"
|
|
- "traefik.http.routers.mailconfig-umlautpress-com.entrypoints=websecure"
|
|
- "traefik.http.routers.mailconfig-umlautpress-com.tls=true"
|
|
- "traefik.http.routers.mailconfig-umlautpress-com.tls.certresolver=letsencrypt"
|
|
- "traefik.http.routers.mailconfig-umlautpress-com.service=mailconfig-umlautpress-com"
|
|
- "traefik.http.services.mailconfig-umlautpress-com.loadbalancer.server.port=8080"
|
|
|
|
# camilla-rena.com
|
|
- "traefik.http.routers.mailconfig-camilla-rena-com.rule=Host(`autoconfig.camilla-rena.com`) || Host(`autodiscover.camilla-rena.com`)"
|
|
- "traefik.http.routers.mailconfig-camilla-rena-com.entrypoints=websecure"
|
|
- "traefik.http.routers.mailconfig-camilla-rena-com.tls=true"
|
|
- "traefik.http.routers.mailconfig-camilla-rena-com.tls.certresolver=letsencrypt"
|
|
- "traefik.http.routers.mailconfig-camilla-rena-com.service=mailconfig-camilla-rena-com"
|
|
- "traefik.http.services.mailconfig-camilla-rena-com.loadbalancer.server.port=8080"
|
|
|
|
# officelift.net
|
|
- "traefik.http.routers.mailconfig-officelift-net.rule=Host(`autoconfig.officelift.net`) || Host(`autodiscover.officelift.net`)"
|
|
- "traefik.http.routers.mailconfig-officelift-net.entrypoints=websecure"
|
|
- "traefik.http.routers.mailconfig-officelift-net.tls=true"
|
|
- "traefik.http.routers.mailconfig-officelift-net.tls.certresolver=letsencrypt"
|
|
- "traefik.http.routers.mailconfig-officelift-net.service=mailconfig-officelift-net"
|
|
- "traefik.http.services.mailconfig-officelift-net.loadbalancer.server.port=8080"
|
|
|
|
# mylocalpro.biz
|
|
- "traefik.http.routers.mailconfig-mylocalpro-biz.rule=Host(`autoconfig.mylocalpro.biz`) || Host(`autodiscover.mylocalpro.biz`)"
|
|
- "traefik.http.routers.mailconfig-mylocalpro-biz.entrypoints=websecure"
|
|
- "traefik.http.routers.mailconfig-mylocalpro-biz.tls=true"
|
|
- "traefik.http.routers.mailconfig-mylocalpro-biz.tls.certresolver=letsencrypt"
|
|
- "traefik.http.routers.mailconfig-mylocalpro-biz.service=mailconfig-mylocalpro-biz"
|
|
- "traefik.http.services.mailconfig-mylocalpro-biz.loadbalancer.server.port=8080"
|
|
|
|
# mylocalpro.online
|
|
- "traefik.http.routers.mailconfig-mylocalpro-online.rule=Host(`autoconfig.mylocalpro.online`) || Host(`autodiscover.mylocalpro.online`)"
|
|
- "traefik.http.routers.mailconfig-mylocalpro-online.entrypoints=websecure"
|
|
- "traefik.http.routers.mailconfig-mylocalpro-online.tls=true"
|
|
- "traefik.http.routers.mailconfig-mylocalpro-online.tls.certresolver=letsencrypt"
|
|
- "traefik.http.routers.mailconfig-mylocalpro-online.service=mailconfig-mylocalpro-online"
|
|
- "traefik.http.services.mailconfig-mylocalpro-online.loadbalancer.server.port=8080"
|
|
|
|
# happybeardedcarpenter.com
|
|
- "traefik.http.routers.mailconfig-happybeardedcarpenter-com.rule=Host(`autoconfig.happybeardedcarpenter.com`) || Host(`autodiscover.happybeardedcarpenter.com`)"
|
|
- "traefik.http.routers.mailconfig-happybeardedcarpenter-com.entrypoints=websecure"
|
|
- "traefik.http.routers.mailconfig-happybeardedcarpenter-com.tls=true"
|
|
- "traefik.http.routers.mailconfig-happybeardedcarpenter-com.tls.certresolver=letsencrypt"
|
|
- "traefik.http.routers.mailconfig-happybeardedcarpenter-com.service=mailconfig-happybeardedcarpenter-com"
|
|
- "traefik.http.services.mailconfig-happybeardedcarpenter-com.loadbalancer.server.port=8080"
|
|
|
|
# thenewenglandpalletguy.com
|
|
- "traefik.http.routers.mailconfig-thenewenglandpalletguy-com.rule=Host(`autoconfig.thenewenglandpalletguy.com`) || Host(`autodiscover.thenewenglandpalletguy.com`)"
|
|
- "traefik.http.routers.mailconfig-thenewenglandpalletguy-com.entrypoints=websecure"
|
|
- "traefik.http.routers.mailconfig-thenewenglandpalletguy-com.tls=true"
|
|
- "traefik.http.routers.mailconfig-thenewenglandpalletguy-com.tls.certresolver=letsencrypt"
|
|
- "traefik.http.routers.mailconfig-thenewenglandpalletguy-com.service=mailconfig-thenewenglandpalletguy-com"
|
|
- "traefik.http.services.mailconfig-thenewenglandpalletguy-com.loadbalancer.server.port=8080"
|
|
|
|
# dining-it.com
|
|
- "traefik.http.routers.mailconfig-dining-it-com.rule=Host(`autoconfig.dining-it.com`) || Host(`autodiscover.dining-it.com`)"
|
|
- "traefik.http.routers.mailconfig-dining-it-com.entrypoints=websecure"
|
|
- "traefik.http.routers.mailconfig-dining-it-com.tls=true"
|
|
- "traefik.http.routers.mailconfig-dining-it-com.tls.certresolver=letsencrypt"
|
|
- "traefik.http.routers.mailconfig-dining-it-com.service=mailconfig-dining-it-com"
|
|
- "traefik.http.services.mailconfig-dining-it-com.loadbalancer.server.port=8080"
|
|
|
|
networks:
|
|
marina-net:
|
|
external: true
|