Forum OpenACS Q&A: OpenACS Docker Email configuration
Device: Docker OpenACS and PostgreSQL - loaded successfully. Nice Job with procedure write-up.
Email implementation question 1) How does the SMTP nssmtpd module get build and instaledl? non-docker: ns_modules="nsdbpg nssmtpd" bash install-ns.sh
2) How can I tell if the module nssmtpd is installed? non-docker - /usr/local/src/modules
3) How/where is the NaviServer param relay plain://info%40celtic-arts.org:PWD@smtp.celtic-arts.org:587 variable set
Docker compose:
# Internal listen ports
oacs_httpport: 8080
oacs_httpsport: 8443
oacs_ipaddress: 0.0.0.0
oacs_loopbackport: ${internal_loopbackport:-8888}
oacs_smtpdhost: mail-relay
oacs_smtpdport: 2525
# Host / service naming
oacs_hostname: ${hostname:-localhost}
oacs_server: ${service:-oacs-5-10}
oacs_tag: ${oacs_tag:-oacs-5-10}
# Paths inside the container
oacs_serverroot: /var/www/openacs
oacs_certificate: ${certificate:-/var/www/openacs/etc/certfile.pem}
oacs_logdir: ${logroot:-/var/www/openacs/log}
# OpenACS internal secrets (populated by entrypoint from /run/secrets/*)
oacs_clusterSecret: ${clusterSecret:-}
oacs_paramterSecret: ${parameterSecret:-}
# Extra packages installed at container setup
system_pkgs: ${system_pkgs:-imagemagick}
# ------------------------------------------------------------------
# mail relay
# ------------------------------------------------------------------
mail-relay:
image: gustafn/mail-relay:latest
container_name: mail-relay
hostname: smtpd.celtic-arts.org
restart: unless-stopped
expose:
- "2525"
environment:
- TZ=US/Detroit
- POSTFIX_TLS_CERT_FILE=${certificate}
volumes:
- /var/www/openacs.org:/var/www/openacs.org
- ${logdir}/postfix:/var/log
# ------------------------------------------------------------------
# postgres (PostgreSQL instance)
# ------------------------------------------------------------------
My oversight.
Per Gustafn Docker information:
Integrated nssmtpd The container includes the NaviServer nssmtpd module and is preconfigured to send mail to an internal/external mail relay. STARTTLS is supported automatically when the mail-relay provides a certificate.
Update:
ACS Mail Services Lite
EmailDeliveryMode nssmtpd
EmailRedirectTo celtic-arts.org
Smtp
SMTPPort 2525Docker:
oacs_smtpdhost: mail-relay
oacs_smtpdport: 2525
hostname: smtpd.${hostname}
expose:
- "2525"Certificate: /var/lib/docker/volumes/openacs-prodoacsdata/_data/etc/certfile.pem
Looking for where place the command line: param relay plain:
You can always provide your own configuration file via a bind-mounting your own docker file by overlaying the docker-internal path (in the "volumes" section). This way, you have full freedom.
I am currently in the process of containerizing the openacs.org servers (including xotcl.org, dotlrn, former CVS viewer) into docker containers, including mail-relay and munin. When this is done, I will make it available as a reference. Updating the dockerhub docs is a pain, so it is currently not fully up to date, but keep watching, I have updated also today.
[1] https://openacs.org/forums/message-view?message_id=8728475
My end is not urgent. I am using the docker installation to learn new things and terminology.
Once I understand what I am doing, I will use the docker installation as my production server.
I am very impress with how easy it has been to install OpenACS using docker. Fantastic job.
I will be happy to wait for your updates and test these updates for you and the OpenACS community.
Thanks again.
the last days, i spent some time on further documenting the docker containers, provide examples, document and publish the build environment (see also [1]). If you use OpenACS just for sending emails, you can also consider using the mail-relay container, and you will not have to configure the smtprelay. An example is included in the GitHub repository [2]
all the best
-g
[1] https://openacs.org/forums/message-view?message_id=8729243
[2] https://github.com/gustafn/docker-ns/tree/main/examples/openacs-org
Happy New Year and THANK YOU for all the updates. Very nicely done... I finally had time to do some testing over the weekend.
Containers in the docker compose YML file
mail-relay-1
Openacs-1
postgres-1Case 1 - Outgoing Email only.
OpenACS GUI Configuration:
Parameters on ACS Mail Services Lite line.
Section Rollout Support
Field EmailDeliveryMode and change from default to nssmtpd
Section Smtp
SMTPHost: smtp.celtic-arts.org
SMTPPassword: password
SMTPPort: 587
SMTPTimout: 60
SMTPUser: emailname @ address.orgOpenACS and PostgreSQL are up and running using the YML file provided by your examples.
The YML below only obtain to email-relay YML docker composer file:
# Internal container IP and ports, to be mapped to host values
oacs_httpport: 8080
oacs_httpsport: 8443
#oacs_ipaddress: "::"
oacs_ipaddress: "0.0.0.0"
oacs_loopbackport: ${internal_loopbackport:-8888}
#oacs_smtprelay: plain://mail-relay:25
# Enable nssmtpd on internal port 2525
oacs_smtpdport: 2525
# ------------------------------------------------------------------
# mail-relay (Postfix outgoing mail relay)
# ------------------------------------------------------------------
mail-relay:
image: gustafn/mail-relay:latest
hostname: smtpd.${hostname}
restart: unless-stopped
# Only internal SMTP – do not publish on host; nssmtpd talks to this
# expose:
# - "25"
environment:
<<: *default-env
# Use the managed certificate store (same as OpenACS uses)
POSTFIX_TLS_CERT_FILE: /var/lib/naviserver/certificates/${hostname}.pem
#POSTFIX_MYNETWORKS: 127.0.0.0/8 [::1]/128 172.16.0.0/12 172.27.0.0/16Email-reply log
Notce myhostname = smtpd.BLANK
Generating /etc/postfix/main.cf from template
Generated /etc/postfix/main.cf
---
# SPDX-License-Identifier: MPL-2.0
# Identify this node
myhostname = smtpd.
myorigin = openacs.org
# Don't accept mail *for* this host; just relay outgoing
mydestination =
inet_interfaces = all
inet_protocols = ipv4
# Internal networks allowed to relay (Docker network)
mynetworks = 127.0.0.0/8 [::1]/128 172.16.0.0/12 172.27.0.0/16
#smtpd_relay_restrictions = permit_mynetworks defer_unauth_destination
smtpd_recipient_restrictions = permit_mynetworks, reject_unauth_destination
# We currently use MX lookups, so no relayhost by default
#relayhost = []:
# TLS (paths can be overridden if needed)
smtpd_tls_cert_file = /var/lib/naviserver/certificates/.pem
smtpd_tls_key_file = /var/lib/naviserver/certificates/.pem
smtpd_tls_security_level = may
smtp_tls_security_level = may
smtp_tls_loglevel = 1
maillog_file = /var/log/mail.log
---
postfix: fatal: bad string length 0 < 1: mydomain =
postfix: fatal: bad string length 0 < 1: mydomain =
postfix: fatal: bad string length 0 < 1: mydomain = .....OpenACS email GIU results
test teat has been notified.
Return to user administration
View administrative page for newly created user, test teat
The email message appear to have been sent, but the email was never received.
/var/www/openacs/log/
smtpsend.log empty
/var/www/openacs/log/mail.log showed no errorsI tried several different configurations
Any suggestion?
Hi Tyge,
here a short recipe for using the oacs-db-inclusive container with mail-relay:
1) In the OpenACS package parameter for acs-mail-lite set the following parameters
EmailDeliveryMode nssmtpd
SMTPPort 25252) Use the following extended docker-config file:
# SPDX-License-Identifier: MPL-2.0
#
# oacs-db-inclusive example
#
# Runs:
# - openacs (includes nsd + OpenACS code)
# - postgres (local db)
#
# Works without any environment variables.
#
# Stack-level parameters (optional):
# TZ default: Europe/Vienna
# hostname default: localhost (OpenACS hostname)
#
# ipaddress default: 127.0.0.1 (host bind for IPv4)
# ipv6address default: ::1 (host bind for IPv6)
# httpport default: (empty) (random host port -> container 8080)
# httpsport default: (empty) (random host port -> container 8443)
#
# nsdconfig default: /usr/local/ns/conf/openacs-config.tcl
#
# db_name default: oacs-5-10
# db_user default: openacs
# db_host default: postgres
# db_port default: 5432
#
# system_pkgs default: imagemagick poppler-utils (load these as extra apt packages at startup)
#
# Tailoring:
# - To use a host secrets directory: replace oacs_secrets volume with ./secrets:/run/secrets:ro
# - To use custom OpenACS config: bind-mount openacs-config.tcl to /usr/local/ns/conf/openacs-config.tcl
# - For IPv6 bindings: use docker-compose.ipv6.yml override
#
x-default-env: &default-env
TZ: Europe/Vienna
x-db-env: &db-env
oacs_db_name: ${db_name:-oacs-5-10}
oacs_db_user: ${db_user:-openacs}
oacs_db_host: ${db_host:-postgres}
oacs_db_port: ${db_port:-5432}
oacs_db_passwordfile: /run/secrets/psql_password
services:
openacs:
image: gustafn/openacs:latest
restart: unless-stopped
hostname: ${hostname}
depends_on:
- postgres
command: >
/bin/sh -c "
. /scripts/container-setup-openacs.sh \\
&& /usr/local/ns/bin/nsd -i -t $${nsdconfig:-/usr/local/ns/conf/openacs-config.tcl} -u nsadmin -g nsadmin
"
volumes:
# The following volumes can be named (default) or host paths.
# If it is a host path: must exist/ be writable.
- ${hostroot:-oacs_data}:/var/www/openacs
- ${secretsdir:-oacs_secrets}:/run/secrets
- ${certificatesdir:-oacs_certificates}:/var/lib/naviserver/certificates
- ${logdir:-oacs_log}:/var/www/openacs/log
- /var/run/docker.sock:/var/run/docker.sock
ports:
# Provide IP address and ports for your application if needed.
# By default, the local IP address and an ephemeral port are used.
- ${ipaddress:-127.0.0.1}:${httpport:-}:8080
- ${ipaddress:-127.0.0.1}:${httpsport:-}:8443
# Examples for using (additionally) IPv6 addresses for HTTP and HTTPS
#- ${ipv6address:-::1}:${httpport:-}:8080
#- ${ipv6address:-::1}:${httpsport:-}:8443
healthcheck:
test: ["CMD-SHELL", "curl -s -H \"Host: localhost\" -f http://localhost:8080/SYSTEM/success.tcl || exit 1"]
interval: 10s
timeout: 5s
retries: 5
environment:
<<:
- *default-env
- *db-env
LD_PRELOAD: ${LD_PRELOAD:-}
oacs_httpport: 8080
oacs_httpsport: 8443
oacs_smtpdport: 2525
oacs_smtprelay: plain://mail-relay:25
oacs_ipaddress: "::"
oacs_loopbackport: ${internal_loopbackport:-8888}
oacs_hostname: ${hostname:-localhost}
oacs_serverroot: /var/www/openacs
oacs_certificate: "" # computed via container setup script
oacs_logdir: /var/www/openacs/log
oacs_tag: ${oacs_tag:-oacs-5-10}
oacs_clusterSecret: ${clusterSecret:-}
oacs_parameterSecret: ${parameterSecret:-}
system_pkgs: ${system_pkgs:-imagemagick poppler-utils}
postgres:
image: postgres:18
hostname: postgres
restart: unless-stopped
#user: postgres
environment:
<<: *default-env
POSTGRES_PASSWORD_FILE: /run/secrets/psql_password
POSTGRES_USER: ${db_user:-openacs}
POSTGRES_DB: ${db_name:-oacs-5-10}
volumes:
- db_data:/var/lib/postgresql
- ${secretsdir:-oacs_secrets}:/run/secrets
- ${certificatesdir:-oacs_certificates}:/var/lib/naviserver/certificates
healthcheck:
test: ["CMD-SHELL", "pg_isready -U ${db_user:-openacs} --dbname ${db_name:-oacs-5-10}"]
interval: 10s
timeout: 5s
retries: 5
# ------------------------------------------------------------------
# mail relay
# ------------------------------------------------------------------
mail-relay:
image: gustafn/mail-relay:latest
container_name: mail-relay
hostname: smtpd.${hostname}
restart: unless-stopped
environment:
<<: *default-env
# Use the managed certificate store (same as OpenACS uses)
POSTFIX_MYORIGIN: localhost
POSTFIX_TLS_CERT_FILE: /var/lib/naviserver/certificates/${hostname}.pem
volumes:
- ${logdir:-oacs_log}:/var/log
- ${certificatesdir:-oacs_certificates}:/var/lib/naviserver/certificates:ro
volumes:
db_data:
oacs_data:
oacs_log:
oacs_secrets:
oacs_certificates:The changes relative to the version [oacs-db-inclusive](https://github.com/gustafn/docker-ns/blob/main/examples/oacs-db-inclusive]:
openacscontainer: settinghostname,oacs_smtpdportandoacs_smtprelay- adding the
mail-relaycontainer
3) important: setting the environment/stack variable hostname, since the docker-confg file references i.
We could probably simplify further (e.g. overriding the mail delivery mode, when the nssmtpd module is configured), but that might lead to bad interactions for some people.
Hope this helps! All the best
-g
