We are happy to announce that Vesta is back under active development as of 25 February 2024. We are working on v1 candidate and expect to engage more with the community over the coming months. We are committed to open source, and we encourage contributors to help us build the future of Vesta.
vestacp exim dovecot in docker
vestacp exim dovecot in docker
when i test-telnet my server on port 25 i get:
cf012b971d3c is automatically by docker generated hostname also set under /etc/hostname
i have vestacp/exim/dovecot running inside docker.
when i try to send mail via mydomain.com i get as response:
this seems to be the problem: container needs to use host's /etc/hosts /etc/resolv.conf not generate it's own? https://github.com/moby/moby/issues/7851
does --net=host solve the problem?
i could run the container with --hostname=mydomain.com but that allows only one hostname.
i am little confused, what can i do?
i would like to send mail from different hostnames
unlike this https://serverfault.com/questions/75948 ... ts-own-dom, i would like to send from multiple domains that share the same IP.
thanks in advance.
Code: Select all
telnet mydomain.com 25
Trying XX.XXX.XXX.XXX...
Connected to mydomain.com.
Escape character is '^]'.
220 cf012b971d3c ESMTP Exim 4.90_1 Thu, 16 Aug 2018 17:14:12 +0000
EHLO client.localhost
250-cf012b971d3c Hello 083-040-157-037.client.domain [YY.YYY.YY.YY]
250-SIZE 52428800
250-8BITMIME
250-PIPELINING
250-AUTH PLAIN LOGIN
250-CHUNKING
250-STARTTLS
250 HELP
i have vestacp/exim/dovecot running inside docker.
when i try to send mail via mydomain.com i get as response:
Code: Select all
the problem is: smtp; 550 Please use a fully-qualified domain name for HELO/EHLO
does --net=host solve the problem?
i could run the container with --hostname=mydomain.com but that allows only one hostname.
i am little confused, what can i do?
i would like to send mail from different hostnames
unlike this https://serverfault.com/questions/75948 ... ts-own-dom, i would like to send from multiple domains that share the same IP.
thanks in advance.
Re: vestacp exim dovecot in docker
let me answer this....
--hostname=yourdomain.com
will fix the problem
--net=host
is NOT required (it could possibly decrease security).
so the full line was like:
(this is WITHOUT DNS/nameserver at port 53 and FTP at port 21 and pop3 110,995)
without --cap-add=NET_ADMIN fail2ban/iptables does not work.
https://github.com/moby/moby/issues/336 ... -307361421
checkout:
https://www.aporeto.com/blog/security-d ... -networks/
--hostname=yourdomain.com
will fix the problem
--net=host
is NOT required (it could possibly decrease security).
so the full line was like:
Code: Select all
docker run -it --name=container_name --hostname=yourdomain.com --privileged --cap-add=NET_ADMIN -p 80:80 -p 443:443 -p 9093:8083 -p 25:25 -p 587:587 -p 143:143 --net=network1 --ip 172.18.0.2 image_name
Code: Select all
# what was this? can't remember
docker run --privileged -d -ti -e "container=docker" -v /sys/fs/cgroup:/sys/fs/cgroup docker.io/centos /usr/sbin/init
https://github.com/moby/moby/issues/336 ... -307361421
checkout:
https://www.aporeto.com/blog/security-d ... -networks/
Last edited by canoodle on Mon Oct 15, 2018 1:00 pm, edited 3 times in total.
Re: vestacp exim dovecot in docker
BIGGEST Problem with docker: it can not free once claimed disk space! X-D
so if you copy big files to your docker instance... and delete them... the disk space is not FREEED!
is it a bug? or a feature?
whatever it is IT SUCKS and forced me to buy a bigger server.
so if you copy big files to your docker instance... and delete them... the disk space is not FREEED!
is it a bug? or a feature?
whatever it is IT SUCKS and forced me to buy a bigger server.
Re: vestacp exim dovecot in docker
okay it is getting worse.
after running vestacp for several months inside docker... i think i will take a look at OpenVZ or leave the container space at all.
why?
problems:
1. containers harddisk space once used – does not shrink!? (unless you export/import)
i would understand this if all files were in ONE FILE but they are NOT, i really do NOT understand, that when you copy a large file into your container and delete it from the container… the harddisk space is still in USE!
exporting containers takes 3x times the harddisk space it needs for a container
so if you have a container that uses 50GBytes of harddisk space and your harddisk is only 100GBytes you are screwed! you can not migrate your docker container to a bigger harddisk by commit and save.
... that was one of the MAIN reasons i wanted to use docker, to easier migrate to another server.
2. fail2ban / iptables does not work!? (or is a big mess) https://unrouted.io/2017/08/15/docker-firewall/
not in the container and not on the host!?
more strange problems: „can’t remove directory“ under certain conditions https://github.com/moby/moby/issues/27214
it seems the docker-complexity is going south!
the concept is great – similar to OpenVZ increasing server density even more – (hardware -> virtualization -> container) but i am seriously thinking about not using it again for exactly those issues and probably more hidden issues i do not know about (yet).
after running vestacp for several months inside docker... i think i will take a look at OpenVZ or leave the container space at all.
why?
problems:
1. containers harddisk space once used – does not shrink!? (unless you export/import)
i would understand this if all files were in ONE FILE but they are NOT, i really do NOT understand, that when you copy a large file into your container and delete it from the container… the harddisk space is still in USE!
exporting containers takes 3x times the harddisk space it needs for a container
so if you have a container that uses 50GBytes of harddisk space and your harddisk is only 100GBytes you are screwed! you can not migrate your docker container to a bigger harddisk by commit and save.
... that was one of the MAIN reasons i wanted to use docker, to easier migrate to another server.
2. fail2ban / iptables does not work!? (or is a big mess) https://unrouted.io/2017/08/15/docker-firewall/
not in the container and not on the host!?
more strange problems: „can’t remove directory“ under certain conditions https://github.com/moby/moby/issues/27214
it seems the docker-complexity is going south!
the concept is great – similar to OpenVZ increasing server density even more – (hardware -> virtualization -> container) but i am seriously thinking about not using it again for exactly those issues and probably more hidden issues i do not know about (yet).
Re: vestacp exim dovecot in docker
Running Vesta inside of docker goes against single purpose Docker container Philosophy because Vesta is doing a lot of things. Therefore, you will hit complexity for each feature that Vesta provide.
Though, I've been running Vesta in docker for 2 years in Production just fine. (Shameless plug) Here's my repository - https://github.com/niiknow/vestacp
Honestly, I've only been using it to host fully managed client websites with Letsencrypt and automatic backup. I don't even use email, though I believe my Docker Panel does work with email because some of my Github users are reporting issue for me to fix with their use of email.
Benefits that I've seen with Vesta in Docker running for the last two years:
1. Anytime I want to install/reinstall Vesta, it is easy. I don't have to blow away the entire OS. Simply backup and restore user to upgrade to a major version of my panel. Exactly the step you take when you need to reinstall Vesta.
2. It allow me to remap my internal to external port. I did not, or did any of my users, report of the Vesta security issue occurred from April to October this year. I also default an installation password, as a result, forcing my user to change their admin password so that also help remedy with the October reported issue.
3. Since I can blow away my docker at any time, I'm free to experiment with things like multiple-php including fcgi and fpm, customize build of nginx pagespeed, php v8js, and more. Another experiment result in my Docker Vesta providing panel SSL with Letsencrypt before official support from Vesta.
P.S. I run fail2ban fine inside of Docker with cap_add: ['NET_RAW', 'NET_ADMIN']
Though, I've been running Vesta in docker for 2 years in Production just fine. (Shameless plug) Here's my repository - https://github.com/niiknow/vestacp
Honestly, I've only been using it to host fully managed client websites with Letsencrypt and automatic backup. I don't even use email, though I believe my Docker Panel does work with email because some of my Github users are reporting issue for me to fix with their use of email.
Benefits that I've seen with Vesta in Docker running for the last two years:
1. Anytime I want to install/reinstall Vesta, it is easy. I don't have to blow away the entire OS. Simply backup and restore user to upgrade to a major version of my panel. Exactly the step you take when you need to reinstall Vesta.
2. It allow me to remap my internal to external port. I did not, or did any of my users, report of the Vesta security issue occurred from April to October this year. I also default an installation password, as a result, forcing my user to change their admin password so that also help remedy with the October reported issue.
3. Since I can blow away my docker at any time, I'm free to experiment with things like multiple-php including fcgi and fpm, customize build of nginx pagespeed, php v8js, and more. Another experiment result in my Docker Vesta providing panel SSL with Letsencrypt before official support from Vesta.
P.S. I run fail2ban fine inside of Docker with cap_add: ['NET_RAW', 'NET_ADMIN']