Containerization (LXC) - SomethingWithHorizons/mailserver GitHub Wiki
This procedure provides the functional subsystems with virtual platforms to be installed on.
The functional subsystems can be implemented next to each other on a single physical computer. On the other end of the spectrum, some (often professional) stakeholders prefer to implemented them on various redundant load-balanced scalable virtualized distributed systems. Possibilities are virtually (pun not intended) limitless. In this guide the subsystems are deployed in Linux-kernel-sharing LXC containers in favor of resource efficiency (personal e-mail server).
Functional services deployed in containers are ignorant of the fact that they are hosted in a container. From their "perspective" they simply run on a networked computer. Correspondingly, the rest of this guide's instructions are described deployment-platform agnostic.
đĄ This page can be skipped should another platform be preferred. The rest of the guide is applicable as long as it is applied on a Debian 9 (Stretch), or derivative, equipped system.
The containers are build from a GNU/Linux Debian Stretch template and started after installation. Then the Apt repository is updated to the latest package information, the template packages are upgraded to their latest version and dbus gets installed. Lastly the container's hostname is set corresponding to the functional service that it represents (which required 'dbus' to be installed).
âšī¸ Technically the hostname-change is optional but advised for easy identification.
-
Create and configure CERTS:
# Create the container from template lxc-create -B btrfs -n certs -t download -- -d Debian -r Stretch -a $(uname -m)
# Start the container lxc-start -n certs# Create the `/etc/certs` folder in the certs container, to enable the proxy- and mailserver containers to mount this directory lxc-attach -n certs -- sh -c "mkdir /etc/dehydrated/certs"
# Update / install dbus (within the container) lxc-attach -n certs -- sh -c "apt update && apt upgrade -y && apt install -y dbus rsyslog"
# set hostname accordingly (within the container) lxc-attach -n certs -- hostnamectl set-hostname certsbrtfsspecifies BTRFS as backing store, enabling incrementallxc-snapshot -n <container>.â ī¸ Requires the underlying host file-system to be BTRFS formatted!$(uname -m)returns the CPU architecture, to automatically use it as such in this command. -
Create and configure MAILSERVER:
# Create the container from template lxc-create -B btrfs -n mailserver -t download -- -d Debian -r Stretch -a $(uname -m)
# Create a mount-point, pointing at the certs' container certs directory to have the SSL certificates available echo -e "\n\n# Mount configuration" >> $(lxc-config lxc.lxcpath)/mailserver/config echo -e "lxc.mount.entry = $(lxc-config lxc.lxcpath)/certs/rootfs/etc/dehydrated/certs etc/certs none bind,ro,create=dir 0 0" >> $(lxc-config lxc.lxcpath)/mailserver/config
$(lxc-config lxc.lxcpath)resolves to the LXC-base path.create=dircreates the directory (mount point) if it does not exist in the mailserver container yet.# Start the container lxc-start -n mailserver# Update / install dbus (within the container) lxc-attach -n mailserver -- sh -c "apt update && apt upgrade -y && apt install -y dbus rsyslog"
# set hostname accordingly (within the container) lxc-attach -n mailserver -- hostnamectl set-hostname mailserver -
Create and configure WEBMAIL:
# Create the container from template lxc-create -B btrfs -n webmail -t download -- -d Debian -r Stretch -a $(uname -m)
# Start the container lxc-start -n webmail# Update / install dbus (within the container) lxc-attach -n webmail -- sh -c "apt update && apt upgrade -y && apt install -y dbus rsyslog"
# set hostname accordingly (within the container) lxc-attach -n webmail -- hostnamectl set-hostname webmail -
Create and configure PROXYSERVER:
# Create the container from template lxc-create -B btrfs -n proxyserver -t download -- -d Debian -r Stretch -a $(uname -m)
# Create a mount-point, pointing at the certs' container certs directory to have the SSL certificates available. echo -e "\n\n# Mount configuration" >> $(lxc-config lxc.lxcpath)/proxyserver/config echo -e "lxc.mount.entry = $(lxc-config lxc.lxcpath)/certs/rootfs/etc/dehydrated/certs etc/certs none bind,ro,create=dir 0 0" >> $(lxc-config lxc.lxcpath)/proxyserver/config
# Start the container lxc-start -n proxyserver# Update / install dbus (within the container) lxc-attach -n proxyserver -- sh -c "apt update && apt upgrade -y && apt install -y dbus rsyslog"
# set hostname accordingly (within the container) lxc-attach -n proxyserver -- hostnamectl set-hostname proxyserver