MailU service via Docker compose

[ktufekcic]

Howdy all;

I've been trying to deploy a MailU server via Coolify for a while now, but no matter what I do I can't quite get it to work. This is the entire docker-compose.yml:

# This file is auto-generated by the Mailu configuration wizard.
# Please read the documentation before attempting any change.
# Generated for compose flavor

services:

  # External dependencies
  redis:
    image: redis:alpine
    restart: always
    volumes:
      - "/mailu/redis:/data"
    depends_on:
      - resolver
    dns:
      - 192.168.203.254

  # Core services
  front:
    image: ${DOCKER_ORG:-ghcr.io/mailu}/${DOCKER_PREFIX:-}nginx:${MAILU_VERSION:-2024.06}
    restart: always
    env_file: mailu.env
    logging:
      driver: journald
      options:
        tag: mailu-front
    ports:
      - "<my private IP>:80:80"
      - "<my private IP>:443:443"
      - "<my private IP>:25:25"
      - "<my private IP>:465:465"
      - "<my private IP>:587:587"
      - "<my private IP>:110:110"
      - "<my private IP>:995:995"
      - "<my private IP>:143:143"
      - "<my private IP>:993:993"
      - "<my private IP>:4190:4190"
    networks:
      - default
      - radicale
    volumes:
      - "/mailu/certs:/certs"
      - "/mailu/overrides/nginx:/overrides:ro"
    depends_on:
      - resolver
    dns:
      - 192.168.203.254

  resolver:
    image: ${DOCKER_ORG:-ghcr.io/mailu}/${DOCKER_PREFIX:-}unbound:${MAILU_VERSION:-2024.06}
    env_file: mailu.env
    logging:
      driver: journald
      options:
        tag: mailu-resolver
    restart: always
    networks:
      default:
        ipv4_address: 192.168.203.254

  admin:
    image: ${DOCKER_ORG:-ghcr.io/mailu}/${DOCKER_PREFIX:-}admin:${MAILU_VERSION:-2024.06}
    restart: always
    env_file: mailu.env
    logging:
      driver: journald
      options:
        tag: mailu-admin
    volumes:
      - "/mailu/data:/data"
      - "/mailu/dkim:/dkim"
    depends_on:
      - redis
      - resolver
    dns:
      - 192.168.203.254

  imap:
    image: ${DOCKER_ORG:-ghcr.io/mailu}/${DOCKER_PREFIX:-}dovecot:${MAILU_VERSION:-2024.06}
    restart: always
    env_file: mailu.env
    logging:
      driver: journald
      options:
        tag: mailu-imap
    volumes:
      - "/mailu/mail:/mail"
      - "/mailu/overrides/dovecot:/overrides:ro"
    networks:
      - default
      - fts_attachments
    depends_on:
      - front
      - fts_attachments
      - resolver
    dns:
      - 192.168.203.254

  smtp:
    image: ${DOCKER_ORG:-ghcr.io/mailu}/${DOCKER_PREFIX:-}postfix:${MAILU_VERSION:-2024.06}
    restart: always
    env_file: mailu.env
    logging:
      driver: journald
      options:
        tag: mailu-smtp
    volumes:
      - "/mailu/mailqueue:/queue"
      - "/mailu/overrides/postfix:/overrides:ro"
    depends_on:
      - front
      - resolver
    dns:
      - 192.168.203.254

  oletools:
    image: ${DOCKER_ORG:-ghcr.io/mailu}/${DOCKER_PREFIX:-}oletools:${MAILU_VERSION:-2024.06}
    hostname: oletools
    logging:
      driver: journald
      options:
        tag: mailu-oletools
    restart: always
    networks:
      - oletools
    depends_on:
      - resolver
    dns:
      - 192.168.203.254

  fts_attachments:
    image: apache/tika:2.9.2.1-full
    hostname: tika
    logging:
      driver: journald
      options:
        tag: mailu-tika
    restart: always
    networks:
      - fts_attachments
    depends_on:
      - resolver
    dns:
      - 192.168.203.254
    healthcheck:
      test: ["CMD-SHELL", "wget -nv -t1 -O /dev/null http://127.0.0.1:9998/tika || exit 1"]
      interval: 10s
      timeout: 5s
      retries: 3
      start_period: 10s

  antispam:
    image: ${DOCKER_ORG:-ghcr.io/mailu}/${DOCKER_PREFIX:-}rspamd:${MAILU_VERSION:-2024.06}
    hostname: antispam
    restart: always
    env_file: mailu.env
    logging:
      driver: journald
      options:
        tag: mailu-antispam
    networks:
      - default
      - oletools
      - clamav
    volumes:
      - "/mailu/filter:/var/lib/rspamd"
      - "/mailu/overrides/rspamd:/overrides:ro"
    depends_on:
      - front
      - redis
      - oletools
      - antivirus
      - resolver
    dns:
      - 192.168.203.254

  # Optional services
  antivirus:
    image: clamav/clamav-debian:1.2.3-45
    restart: always
    logging:
      driver: journald
      options:
        tag: mailu-antivirus
    networks:
      - clamav
    volumes:
      - "/mailu/filter/clamav:/var/lib/clamav"
    healthcheck:
      test: ["CMD-SHELL", "kill -0 `cat /tmp/clamd.pid` && kill -0 `cat /tmp/freshclam.pid`"]
      interval: 10s
      timeout: 5s
      retries: 3
      start_period: 10s

  webdav:
    image: ${DOCKER_ORG:-ghcr.io/mailu}/${DOCKER_PREFIX:-}radicale:${MAILU_VERSION:-2024.06}
    restart: always
    logging:
      driver: journald
      options:
        tag: mailu-webdav
    volumes:
      - "/mailu/dav:/data"
    networks:
      - radicale


  # Webmail

networks:
  default:
    driver: bridge
    ipam:
      driver: default
      config:
        - subnet: 192.168.203.0/24
  radicale:
    driver: bridge
  clamav:
    driver: bridge
  oletools:
    driver: bridge
    internal: true
  fts_attachments:
    driver: bridge
    internal: true

I've generated this from mailu's own docker compose generator, the only change I made was to remove the env_file: mailu.env because I was using Coolify's own env variables. However, with this setup I'd get the following error:
Error response from daemon: user specified IP address is supported only when connecting to networks with user configured subnets
This seems to be caused by the resolver service having an ipv4 address bound to it.

For some extra context, the server where I'm trying to setup the mail service on is managed by Coolify, but Coolify isn't running directly on it, and it's pretty much a "blank" slate, it's a Hetzner service with that singular purpose running 22.04.
ip a output:

1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host 
       valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
    link/ether 96:00:03:a9:c3:d0 brd ff:ff:ff:ff:ff:ff
    altname enp1s0
    inet <server's ipv4>/32 metric 100 scope global dynamic eth0
       valid_lft 81581sec preferred_lft 81581sec
    inet6 <server's ipv6>/64 scope link 
       valid_lft forever preferred_lft forever
3: docker0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN group default 
    link/ether 02:42:04:d1:5c:fb brd ff:ff:ff:ff:ff:ff
    inet 172.17.0.1/16 brd 172.17.255.255 scope global docker0
       valid_lft forever preferred_lft forever

Any help or guidance is highly appreciated, and let me know if any further information is needed

[ktufekcic]

Also, if I remove that binding, I get a different error:
Error response from daemon: driver failed programming external connectivity on endpoint front-k4kk08k8koww884g8kcog880 (07854e2ba93d79a3285b4a5663acd26df5fdc313c9f4e28fe49b93912d773c6c): Error starting userland proxy: listen tcp4 <server's IP>:443: bind: address already in use

Presumably coming from Coolify's proxy configuration:

version: '3.8'
networks:
  coolify:
    external: true
services:
  traefik:
    container_name: coolify-proxy
    image: 'traefik:v2.11'
    restart: unless-stopped
    extra_hosts:
      - 'host.docker.internal:host-gateway'
    networks:
      - coolify
    ports:
      - '80:80'
      - '443:443'
      - '8080:8080'
    healthcheck:
      test: 'wget -qO- http://localhost:80/ping || exit 1'
      interval: 4s
      timeout: 2s
      retries: 5
    volumes:
      - '/var/run/docker.sock:/var/run/docker.sock:ro'
      - '/data/coolify/proxy:/traefik'
    command:
      - '--ping=true'
      - '--ping.entrypoint=http'
      - '--api.dashboard=true'
      - '--api.insecure=false'
      - '--entrypoints.http.address=:80'
      - '--entrypoints.https.address=:443'
      - '--entrypoints.http.http.encodequerysemicolons=true'
      - '--entryPoints.http.http2.maxConcurrentStreams=50'
      - '--entrypoints.https.http.encodequerysemicolons=true'
      - '--entryPoints.https.http2.maxConcurrentStreams=50'
      - '--providers.docker.exposedbydefault=false'
      - '--providers.file.directory=/traefik/dynamic/'
      - '--providers.file.watch=true'
      - '--certificatesresolvers.letsencrypt.acme.httpchallenge=true'
      - '--certificatesresolvers.letsencrypt.acme.storage=/traefik/acme.json'
      - '--certificatesresolvers.letsencrypt.acme.httpchallenge.entrypoint=http'
      - '--providers.docker=true'
    labels:
      - traefik.enable=true
      - traefik.http.routers.traefik.entrypoints=http
      - traefik.http.routers.traefik.service=api@internal
      - traefik.http.services.traefik.loadbalancer.server.port=8080
      - coolify.managed=true

So if/when the initial issue is solved, I'll still have to deal with this

[devinshawntripp]

port 80 and 443 are already in use by your coolify setup. You either have to use a different server or have the ports be different and let the proxy decide the ports

[Bad-Y]

Hi, @ktufekcic

So i got mailu to work with coolify.v4.0.0beta-373 using traefik but it's a tricky solution...

Here is what i did :

• Create a docker compose using mailu setup
• Update the proxy setting ($server->localhost->proxy->configuration) to enable entrypoints for all mail related ports (25,465...etc) :

networks:
  coolify:
    external: true
services:
  traefik:
    container_name: coolify-proxy
    image: 'traefik:v3.1'
    restart: unless-stopped
    extra_hosts:
      - 'host.docker.internal:host-gateway'
    networks:
      - coolify
    ports:
      - '80:80'
      - '443:443'
      - '443:443/udp'
    # add theses ports for mailu
      - "25:25"
      - "465:465"
      - "993:993"
      - "995:995"
      - "4190:4190"
    healthcheck:
      test: 'wget -qO- http://localhost:80/ping || exit 1'
      interval: 4s
      timeout: 2s
      retries: 5
    volumes:
      - '/var/run/docker.sock:/var/run/docker.sock:ro'
      - '/data/coolify/proxy:/traefik'
    command:
#      - '--log.level=INFO' # uncomment for debuggig
      - '--ping=true'
      - '--ping.entrypoint=http'
      - '--api.dashboard=true'
      - '--api.insecure=false'
      - '--entrypoints.http.address=:80'
      - '--entrypoints.https.address=:443'
      # Mailu entrypoints
      - "--entrypoints.smtp.address=:smtp"
      - "--entrypoints.submissions.address=:submissions"
      - "--entrypoints.imaps.address=:imaps"
      - "--entrypoints.pop3s.address=:pop3s"
      - "--entrypoints.sieve.address=:sieve"
      # end mailu entrypoints
      - '--entrypoints.http.http.encodequerysemicolons=true'
      - '--entryPoints.http.http2.maxConcurrentStreams=50'
      - '--entrypoints.https.http.encodequerysemicolons=true'
      - '--entryPoints.https.http2.maxConcurrentStreams=50'
      - '--entrypoints.https.http3'
      # omitted letsencrypt part
      - '--providers.docker.exposedbydefault=false'
      - '--providers.file.directory=/traefik/dynamic/'
      - '--providers.file.watch=true'
      - '--providers.docker=true'
    labels:
      - traefik.enable=true
      - traefik.http.routers.traefik.entrypoints=https
      - traefik.http.routers.traefik.rule=Host(`dashboard.exemple.com`)
      - traefik.http.routers.traefik.service=api@internal
      - coolify.managed=true
      - coolify.proxy=true

# This service is Important as it'll help you get (easily) the IP of traefik
# You can (and must) remove it afterwards
  whoami:
    image: traefik/whoami
    container_name: traefik-whoami
    networks:
      - coolify
    labels:
      - traefik.enable=true
      - 'traefik.http.routers.whoami.rule=Host(`dashboard.oksweb.com`) && Path(`/whoami`)'
      - traefik.http.routers.whoami.entrypoints=https

• then go to your mailu project and update the docker compose config, add this to the front service

  front:
    image: '${DOCKER_ORG:-ghcr.io/mailu}/${DOCKER_PREFIX:-}nginx:${MAILU_VERSION:-2024.06}'
    restart: always
    env_file: .env # mailu default env file is "mailu.env" but coolify default env file ".env" so let's switch to the last one
    logging:
      driver: journald
      options:
        tag: mailu-front
    networks:
      - default
      - webmail
      - coolify # add this network otherwise traefik will not be able to communicate with this container
    volumes:
      - './mailu/certs:/certs'
      - './mailu/overrides/nginx:/overrides:ro'
    depends_on:
      - resolver
    dns:
      - '${RESOLVER_IP}' # I had some issues with the resolver so i removed it and switched all the DNS to cloudflare's (added "RESOLVER_IP=1.1.1.1" in the env variables
    labels: # here is the beast...
      - traefik.enable=true
      - traefik.docker.network=coolify
      - 'traefik.http.routers.http.rule=Host(`mail.example.com`) || PathPrefix(`/.well-known/acme-challenge/`)'
      - traefik.http.routers.http.entrypoints=http
      - traefik.http.services.http.loadbalancer.server.port=80
      - 'traefik.tcp.routers.https.rule=HostSNI(`mail.example.com`) || HostSNI(`autoconfig.example.com`) || HostSNI(`mta-sts.example.com`)'
      - traefik.tcp.routers.https.entrypoints=https
      - traefik.tcp.routers.https.tls.passthrough=true
      - traefik.tcp.routers.https.service=https
      - traefik.tcp.services.https.loadbalancer.server.port=443
      - traefik.tcp.services.https.loadbalancer.proxyProtocol.version=2
      - 'traefik.tcp.routers.smtp.rule=HostSNI(`*`)'
      - traefik.tcp.routers.smtp.entrypoints=smtp
      - traefik.tcp.routers.smtp.service=smtp
      - traefik.tcp.services.smtp.loadbalancer.server.port=25
      - traefik.tcp.services.smtp.loadbalancer.proxyProtocol.version=2
      - 'traefik.tcp.routers.submissions.rule=HostSNI(`*`)'
      - traefik.tcp.routers.submissions.entrypoints=submissions
      - traefik.tcp.routers.submissions.service=submissions
      - traefik.tcp.services.submissions.loadbalancer.server.port=465
      - traefik.tcp.services.submissions.loadbalancer.proxyProtocol.version=2
      - 'traefik.tcp.routers.imaps.rule=HostSNI(`*`)'
      - traefik.tcp.routers.imaps.entrypoints=imaps
      - traefik.tcp.routers.imaps.service=imaps
      - traefik.tcp.services.imaps.loadbalancer.server.port=993
      - traefik.tcp.services.imaps.loadbalancer.proxyProtocol.version=2
      - 'traefik.tcp.routers.pop3s.rule=HostSNI(`*`)'
      - traefik.tcp.routers.pop3s.entrypoints=pop3s
      - traefik.tcp.routers.pop3s.service=pop3s
      - traefik.tcp.services.pop3s.loadbalancer.server.port=995
      - traefik.tcp.services.pop3s.loadbalancer.proxyProtocol.version=2
      - 'traefik.tcp.routers.sieve.rule=HostSNI(`*`)'
      - traefik.tcp.routers.sieve.entrypoints=sieve
      - traefik.tcp.routers.sieve.service=sieve
      - traefik.tcp.services.sieve.loadbalancer.server.port=4190
      - traefik.tcp.services.sieve.loadbalancer.proxyProtocol.version=2
    healthcheck:
      test:
        - NONE

# [ other services omited]

networks:
  default:
    driver: bridge
    ipam:
      driver: default
      config:
        -
          subnet: '${SUBNET}' # i added this and grabbed it from the env file

• Add your env variable in $server->localhost->proxy->Environment Variables (just copy/paste the content of mailu env file here)
• Access the whoami container (dashboard.example.com/whoami) and retrive the IP

• add this two entry in your env file :
• REAL_IP_FROM=10.0.1.7/32 # The IP of traefik
• REAL_IP_HEADER=X-Real-IP
• Change the subnet if you have executed a docker compose of mailu in your host...
• Remove the whoami container and redeploy the Proxy
• At this point the env and docker compose file should be saved, you shall edit them (/data/coolify/services/{UUID}/docker-compose.yml) and remove all the added networks with the UUID here is an example for the redis service

redis:
    image: 'redis:alpine'
    restart: always
    volumes:
      - '/data/coolify/services/d8cw4swwgwkw8ooo04w44gwk/mailu/redis:/data'
    depends_on:
      - resolver
    dns:
      - '${RESOLVER_IP}'
    container_name: redis-d8cw4swwgwkw8ooo04w44gwk
    labels:
      - coolify.managed=true
      - coolify.version=4.0.0-beta.373
      - coolify.serviceId=1
      - coolify.type=service
      - coolify.name=redis-d8cw4swwgwkw8ooo04w44gwk
      - coolify.pullRequestId=0
      - coolify.service.subId=1
      - coolify.service.subType=database
    networks: # remove this
      d8cw4swwgwkw8ooo04w44gwk: null # remove this
    environment:
      COOLIFY_CONTAINER_NAME: '"redis-d8cw4swwgwkw8ooo04w44gwk"'

• run the command "docker compose down && docker compose up -d" and it should work.
• Do not redeploy using coolify otherwise it'll recreate the docker compose file and readd the networks

The thing here that i spent almost 3 days on is if you do not remove the added subnet "d8cw4swwgwkw8ooo04w44gwk" (like in my example), all mailu will work as desired front, admin, everything will work just fine but you'll end up having a loop while trying to login to the webmail or imap/pop3 or the UI of rspamd but like i said the admin will work just fine and a redirect loop will happen like it's described here Mailu/Mailu#1895 (comment)

the issue is when you have more than one network on the services, it'll just fail to authenticate... i'm still trying to debug it but i'm kinda busy this week, i'll post an answer later if i find any.

Btw, it'd be interresting to have mailu as a template or coolify app to deploy it quickly !

[foadshariat7]

Hi, would you please help me here. I'm very new at this. Where did you add the front and the rest? In the same docker-compose.yaml file?

[Bad-Y]

Yes, the front, redis and all the other services are in there.
Just add what you need in the allready generated docker-compose by the mailu setup