Page 1 of 1

vestacp exim dovecot in docker

Posted: Thu Aug 16, 2018 5:28 pm
by canoodle
when i test-telnet my server on port 25 i get:

Code: Select all

telnet mydomain.com 25
Trying XX.XXX.XXX.XXX...
Connected to mydomain.com.
Escape character is '^]'.
220 cf012b971d3c ESMTP Exim 4.90_1 Thu, 16 Aug 2018 17:14:12 +0000
EHLO client.localhost
250-cf012b971d3c Hello 083-040-157-037.client.domain [YY.YYY.YY.YY]
250-SIZE 52428800
250-8BITMIME
250-PIPELINING
250-AUTH PLAIN LOGIN
250-CHUNKING
250-STARTTLS
250 HELP
cf012b971d3c is automatically by docker generated hostname also set under /etc/hostname

i have vestacp/exim/dovecot running inside docker.

when i try to send mail via mydomain.com i get as response:

Code: Select all

the problem is: smtp; 550 Please use a fully-qualified domain name for HELO/EHLO
this seems to be the problem: container needs to use host's /etc/hosts /etc/resolv.conf not generate it's own? https://github.com/moby/moby/issues/7851

does --net=host solve the problem?

i could run the container with --hostname=mydomain.com but that allows only one hostname.

i am little confused, what can i do?

i would like to send mail from different hostnames
unlike this https://serverfault.com/questions/75948 ... ts-own-dom, i would like to send from multiple domains that share the same IP.

thanks in advance.

Re: vestacp exim dovecot in docker

Posted: Sun Sep 02, 2018 5:56 pm
by canoodle
let me answer this....

--hostname=yourdomain.com

will fix the problem

--net=host

is NOT required (it could possibly decrease security).

so the full line was like:

Code: Select all

docker run -it --name=container_name --hostname=yourdomain.com --privileged --cap-add=NET_ADMIN -p 80:80 -p 443:443 -p 9093:8083 -p 25:25 -p 587:587 -p 143:143 --net=network1 --ip 172.18.0.2 image_name
(this is WITHOUT DNS/nameserver at port 53 and FTP at port 21 and pop3 110,995)

Code: Select all

# what was this? can't remember
docker run --privileged -d -ti -e "container=docker" -v /sys/fs/cgroup:/sys/fs/cgroup  docker.io/centos /usr/sbin/init
without --cap-add=NET_ADMIN fail2ban/iptables does not work.

https://github.com/moby/moby/issues/336 ... -307361421

checkout:
https://www.aporeto.com/blog/security-d ... -networks/

Re: vestacp exim dovecot in docker

Posted: Wed Sep 19, 2018 7:12 am
by canoodle
BIGGEST Problem with docker: it can not free once claimed disk space! X-D

so if you copy big files to your docker instance... and delete them... the disk space is not FREEED!

is it a bug? or a feature?

whatever it is IT SUCKS and forced me to buy a bigger server.

Re: vestacp exim dovecot in docker

Posted: Thu Oct 18, 2018 2:22 pm
by canoodle
okay it is getting worse.

after running vestacp for several months inside docker... i think i will take a look at OpenVZ or leave the container space at all.

why?

problems:

1. containers harddisk space once used – does not shrink!? (unless you export/import)

i would understand this if all files were in ONE FILE but they are NOT, i really do NOT understand, that when you copy a large file into your container and delete it from the container… the harddisk space is still in USE!

exporting containers takes 3x times the harddisk space it needs for a container

so if you have a container that uses 50GBytes of harddisk space and your harddisk is only 100GBytes you are screwed! you can not migrate your docker container to a bigger harddisk by commit and save.

... that was one of the MAIN reasons i wanted to use docker, to easier migrate to another server.

2. fail2ban / iptables does not work!? (or is a big mess) https://unrouted.io/2017/08/15/docker-firewall/

not in the container and not on the host!?

more strange problems: „can’t remove directory“ under certain conditions https://github.com/moby/moby/issues/27214

it seems the docker-complexity is going south!

the concept is great – similar to OpenVZ increasing server density even more – (hardware -> virtualization -> container) but i am seriously thinking about not using it again for exactly those issues and probably more hidden issues i do not know about (yet).

Re: vestacp exim dovecot in docker

Posted: Fri Nov 09, 2018 6:14 pm
by noogen
Running Vesta inside of docker goes against single purpose Docker container Philosophy because Vesta is doing a lot of things. Therefore, you will hit complexity for each feature that Vesta provide.

Though, I've been running Vesta in docker for 2 years in Production just fine. (Shameless plug) Here's my repository - https://github.com/niiknow/vestacp

Honestly, I've only been using it to host fully managed client websites with Letsencrypt and automatic backup. I don't even use email, though I believe my Docker Panel does work with email because some of my Github users are reporting issue for me to fix with their use of email.

Benefits that I've seen with Vesta in Docker running for the last two years:
1. Anytime I want to install/reinstall Vesta, it is easy. I don't have to blow away the entire OS. Simply backup and restore user to upgrade to a major version of my panel. Exactly the step you take when you need to reinstall Vesta.
2. It allow me to remap my internal to external port. I did not, or did any of my users, report of the Vesta security issue occurred from April to October this year. I also default an installation password, as a result, forcing my user to change their admin password so that also help remedy with the October reported issue.
3. Since I can blow away my docker at any time, I'm free to experiment with things like multiple-php including fcgi and fpm, customize build of nginx pagespeed, php v8js, and more. Another experiment result in my Docker Vesta providing panel SSL with Letsencrypt before official support from Vesta.

P.S. I run fail2ban fine inside of Docker with cap_add: ['NET_RAW', 'NET_ADMIN']