ketreweb containers
| Container | Purpose |
|---|---|
| ketrenet-web | Main webserver entry for https://ketrenos.com |
| ketrenet-mail | Email MTA and mailbox management |
| ketrenet-roundcube | Email web interface. https://mail.ketrenos.com |
| ketrenet-cron | Update letsencrypt keys, etc. |
| ketrenet-dns | DNS server |
| ketrenet-mailman-core | Mailman3 Core backend |
| ketrenet-mailman-web | Mailman3 Web frontend |
| ketrenet-database | Mailman3 Postgres DB |
Disk structure
| Directory | Purpose |
|---|---|
| $PWD/data/$SERVICE | Logs, error reporting, databases |
| $SERVICE/etc | Configuration files for $SERVICE |
| $PWD/www | Web content hosted by ketrenet-web directly |
Update certificates
The cron job to update certificates isn't quite working yet. To update certificates:
docker exec -it ketrenet-cron /bin/bash
/usr/bin/certbot renew --no-self-upgrade --webroot \
-w /var/www/ketrenos.com
/usr/bin/scp -q \
-i /keys/opnsense-letsencrypt \
/etc/letsencrypt/live/ketrenos.com/{fullchain,privkey}.pem \
letsencrypt@opnsense.ketrenos.com:.
/usr/bin/ssh \
-i /keys/opnsense-letsencrypt \
letsencrypt@opnsense.ketrenos.com \
sudo ./update-cert.sh fullchain.pem privkey.pem
After that completes (without errors) outside the container use ./sync-certs
to push the updated certificates to all the service containers and servers.
ketreweb
nginx and apache2 monitors keys from ./config/letsencrypt and restarts nginx and apache if changed
apache2 is only being used for mailman, which is currently offline
ketreweb-roundcube
default container for roundcube. Provides https://mail.ketrenos.com
ketreweb-cron
Runs letsencrypt via cron once per day Runs email-check via cron once per day
ketreweb-mail
uses LDAP to 192.168.1.78 dovecot postfix
ketrenet-dns
Runs dhcp and bind
Host needs to have following in /etc/systemd/resolved.conf:
[Resolve]
DNSStubListener=no
DNSStubListenerExtra=1053
sudo systemctl restart systemd-resolved