fix: just use host network mode

forwardemail · Mar 6, 2025 · 6483392 · 6483392
1 parent c7cb24b
commit 6483392
Show file tree

Hide file tree

Showing 2 changed files with 35 additions and 74 deletions.
diff --git a/docker-compose-self-hosted.yml b/docker-compose-self-hosted.yml
@@ -3,8 +3,7 @@ services:
   web:
     image: self-hosted/forwardemail.net
     container_name: web
-    ports:
-      - "443:443"
+    network_mode: host
     command: ["node", "web.js"]
     volumes:
       - ./ssl:/app/ssl/
@@ -26,16 +25,11 @@ services:
   api:
     image: self-hosted/forwardemail.net
     container_name: api
-    ports:
-      - "4000:4000"
+    network_mode: host
     command: ["node", "api.js"]
     volumes:
       - ./ssl:/app/ssl/
       - ./.env:/app/.env
-    networks:
-      default:
-        aliases:
-          - api.${DOMAIN}
     healthcheck:
       test: "curl -ksL -o /dev/null https://127.0.0.1:4000/v1/test"
       interval: 10s
@@ -53,6 +47,7 @@ services:
   bree:
     image: self-hosted/forwardemail.net
     container_name: bree
+    network_mode: host
     command: ["node", "bree.js"]
     volumes:
       - ./ssl:/app/ssl/
@@ -67,18 +62,12 @@ services:
   imap:
     image: self-hosted/forwardemail.net
     container_name: imap
-    ports:
-      - "993:993"
-      - "2993:2993"
+    network_mode: host
     command: ["node", "imap.js"]
     volumes:
       - ./sqlite-data:/mnt/${SQLITE_STORAGE_PATH}
       - ./ssl:/app/ssl/
       - ./.env:/app/.env
-    networks:
-      default:
-        aliases:
-          - imap.${DOMAIN}
     healthcheck:
       test: "nc -z 127.0.0.1 993"
       interval: 10s
@@ -97,18 +86,12 @@ services:
   pop3:
     image: self-hosted/forwardemail.net
     container_name: pop3
-    ports:
-      - "995:995"
-      - "2995:2995"
+    network_mode: host
     command: ["node", "pop3.js"]
     volumes:
       - ./sqlite-data:/mnt/${SQLITE_STORAGE_PATH}
       - ./ssl:/app/ssl/
       - ./.env:/app/.env
-    networks:
-      default:
-        aliases:
-          - pop3.${DOMAIN}
     healthcheck:
       test: "nc -z 127.0.0.1 995"
       interval: 10s
@@ -127,17 +110,11 @@ services:
   smtp:
     image: self-hosted/forwardemail.net
     container_name: smtp
-    ports:
-      - "465:465" # SSL / TLS
-      - "587:587" # startTLS
+    network_mode: host
     command: ["node", "smtp.js"]
     volumes:
       - ./ssl:/app/ssl/
       - ./.env:/app/.env
-    networks:
-      default:
-        aliases:
-          - smtp.${DOMAIN}
     healthcheck:
       test: "nc -z 127.0.0.1 465"
       interval: 10s
@@ -153,7 +130,7 @@ services:
   smtp_bree:
     image: self-hosted/forwardemail.net
     container_name: smtp_bree
-    hostname: ${DOMAIN}
+    network_mode: host
     command: ["node", "smtp-bree.js"]
     volumes:
       - ./.env:/app/.env
@@ -170,40 +147,29 @@ services:
   mongodb:
     image: mongo:latest
     container_name: mongodb
+    network_mode: host
     volumes:
       - mongo-data:/data/db
       - ./mongo-backups:/backups
-    networks:
-      default:
-        aliases:
-          - mongodb.${DOMAIN}
 
   redis:
     image: redis:latest
     container_name: redis
+    network_mode: host
     volumes:
       - ./redis-data:/data
-    networks:
-      default:
-        aliases:
-          - redis.${DOMAIN}
     env_file:
       - .env
 
   sqlite:
     image: self-hosted/forwardemail.net
     container_name: sqlite
-    ports:
-      - "3456:3456"
+    network_mode: host
     command: ["node", "sqlite.js"]
     volumes:
       - ./sqlite-data:/mnt/${SQLITE_STORAGE_PATH}
       - ./ssl:/app/ssl/
       - ./.env:/app/.env
-    networks:
-      default:
-        aliases:
-          - sqlite.${DOMAIN}
     healthcheck:
       test: "nc -z 127.0.0.1 3456"
       interval: 10s
@@ -221,6 +187,7 @@ services:
   sqlite_bree:
     image: self-hosted/forwardemail.net
     container_name: sqlite_bree
+    network_mode: host
     command: ["node", "sqlite-bree.js"]
     volumes:
       - ./ssl:/app/ssl/
@@ -238,17 +205,12 @@ services:
   mx:
     image: self-hosted/forwardemail.net
     container_name: mx
-    ports:
-      - "25:25"
+    network_mode: host
     command: ["node", "mx.js"]
     volumes:
       - ./ssl:/app/ssl/
       - /mnt/${SQLITE_STORAGE_PATH}:/mnt/${SQLITE_STORAGE_PATH}
       - ./.env:/app/.env
-    networks:
-      default:
-        aliases:
-          - mx.${DOMAIN}
     healthcheck:
       test: "nc -z 127.0.0.1 25"
       interval: 10s
@@ -266,16 +228,11 @@ services:
   caldav:
     image: self-hosted/forwardemail.net
     container_name: caldav
-    ports:
-      - "5000:5000"
+    network_mode: host
     command: ["node", "caldav.js"]
     volumes:
       - ./.env:/app/.env
       - ./ssl:/app/ssl/
-    networks:
-      default:
-        aliases:
-          - caldav.${DOMAIN}
     healthcheck:
       test: "nc -z 127.0.0.1 5000"
       interval: 10s

diff --git a/self-hosting/setup.sh b/self-hosting/setup.sh
@@ -194,31 +194,31 @@ update_env_file() {
 update_default_env() {
   update_env_file NODE_ENV production
   update_env_file HTTP_PROTOCOL https
-  update_env_file SQLITE_HOST sqlite.{{DOMAIN}}
+  update_env_file SQLITE_HOST 127.0.0.1
   update_env_file WEB_HOST {{DOMAIN}}
   update_env_file WEB_PORT 443
-  update_env_file CALDAV_HOST caldav.{{DOMAIN}}
-  update_env_file API_HOST api.{{DOMAIN}}
+  update_env_file CALDAV_HOST 127.0.0.1
+  update_env_file API_HOST 127.0.0.1
   update_env_file APP_NAME {{DOMAIN}}
   update_env_file TRANSPORT_DEBUG true
   update_env_file SEND_EMAIL true
   update_env_file PREVIEW_EMAIL false
-  update_env_file MONGO_HOST mongodb.{{DOMAIN}}
-  update_env_file LOGS_MONGO_HOST mongodb.{{DOMAIN}}
-  update_env_file JOURNALS_MONGO_HOST mongodb.{{DOMAIN}}
-  update_env_file EMAILS_MONGO_HOST mongodb.{{DOMAIN}}
-  update_env_file REDIS_HOST redis.{{DOMAIN}}
+  update_env_file MONGO_HOST 127.0.0.1
+  update_env_file LOGS_MONGO_HOST 127.0.0.1
+  update_env_file JOURNALS_MONGO_HOST 127.0.0.1
+  update_env_file EMAILS_MONGO_HOST 127.0.0.1
+  update_env_file REDIS_HOST 127.0.0.1
   update_env_file TURNSTILE_ENABLED false
   update_env_file MX_PORT 25
   update_env_file SQLITE_STORAGE_PATH sqlite_storage
   update_env_file SMTP_TRANSPORT_PASS "Thisisapassword123"
-  update_env_file SMTP_HOST smtp.{{DOMAIN}}
+  update_env_file SMTP_HOST 127.0.0.1
   update_env_file SMTP_PORT 465
-  update_env_file IMAP_HOST imap.{{DOMAIN}}
+  update_env_file IMAP_HOST 127.0.0.1
   update_env_file IMAP_PORT 993
-  update_env_file POP3_HOST pop3.{{DOMAIN}}
+  update_env_file POP3_HOST 127.0.0.1
   update_env_file POP3_PORT 995
-  update_env_file MX_HOST mx.{{DOMAIN}}
+  update_env_file MX_HOST 127.0.0.1
   update_env_file SMTP_EXCHANGE_DOMAINS mx.{{DOMAIN}}
   update_env_file SELF_HOSTED true
   update_env_file ENABLE_MONITOR_SERVER false
@@ -315,12 +315,15 @@ clone_repo() {
   fi
 }
 
-# this is used for spf so outgoing smtp email have the true client IP
-ip_mask() {
-  sysctl -w net.ipv4.ip_forward=1
-  SUBNET=$(docker network inspect bridge -f '{{range .IPAM.Config}}{{.Subnet}}{{end}}')
-  iptables -t nat -A POSTROUTING -s $SUBNET ! -o docker0 -j MASQUERADE
-  # iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
+setup_firewall() {
+  ufw deny in on eth0 to any port 27017
+  ufw allow from 127.0.0.1 to any port 27017
+
+  ufw deny in on eth0 to any port 6379
+  ufw allow from 127.0.0.1 to any port 6379
+
+  ufw allow 22/tcp
+  ufw enable
 }
 
 create_db_directories() {
@@ -366,6 +369,7 @@ input_user_pass() {
 initial_setup() {
   update_dns_resolvers
   install_dependencies
+  setup_firewall
   clone_repo
 
   if [[ -f "$ENV_FILE" ]]; then