-
Notifications
You must be signed in to change notification settings - Fork 46
Expand file tree
/
Copy pathexample.env
More file actions
71 lines (59 loc) · 2.85 KB
/
example.env
File metadata and controls
71 lines (59 loc) · 2.85 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
# Public hostname used by Traefik and shown to clients for IMAP, POP3, SMTP, and webmail.
PUBLIC_HOSTNAME=mail.example.com
# Optional SMTP hostname used by ZoneMTA and Haraka for their container hostname / HELO identity.
# Defaults to PUBLIC_HOSTNAME.
# SMTP_HOSTNAME=mx1.example.net
# Email addresses are created under this domain.
MAIL_DOMAIN=example.com
# WildDuck API stays bound to localhost on the host machine.
WILDDUCK_API_PORT=8080
# Required shared secrets. Replace these before any non-local deployment.
WILDDUCK_API_ACCESS_TOKEN=change-me
WILDDUCK_API_ACCESSCONTROL_SECRET=change-me-too
WILDDUCK_LOOP_SECRET=change-me-loop
WILDDUCK_DKIM_SECRET=change-me-dkim
# Optional database overrides.
# WILDDUCK_MONGO_URL=mongodb://mongo:27017/wildduck
# WILDDUCK_REDIS_URL=redis://redis:6379/3
# WEBMAIL_MONGO_URL=mongodb://mongo:27017/wildduck-webmail
# WEBMAIL_REDIS_URL=redis://redis:6379/5
# ZONEMTA_MONGO_URL=mongodb://mongo:27017/wildduck
# ZONEMTA_REDIS_URL=redis://redis:6379/2
# HARAKA_MONGO_URL=mongodb://mongo:27017/wildduck
# Traefik TLS mode:
# file = use TRAEFIK_CERT_FILE / TRAEFIK_KEY_FILE
# acme = request certs automatically with Traefik ACME
TRAEFIK_TLS_MODE=file
# Used only in acme mode.
TRAEFIK_CERT_RESOLVER=letsencrypt
# TRAEFIK_ACME_EMAIL=admin@example.com
# Used only in file mode.
# Keep file-mode certs under ./certs. The checked-in defaults are only for local development.
TRAEFIK_CERT_FILE=./certs/wildduck.dockerized.test.pem
TRAEFIK_KEY_FILE=./certs/wildduck.dockerized.test-key.pem
# Haraka uses these files in file mode and as the fallback before ACME has issued a cert.
HARAKA_TLS_CERT_FILE=./certs/wildduck.dockerized.test.pem
HARAKA_TLS_KEY_FILE=./certs/wildduck.dockerized.test-key.pem
# Optional logging override.
# TRAEFIK_LOG_LEVEL=INFO
# Optional PROXY protocol trusted source CIDRs.
# Leave TRAEFIK_PROXY_PROTOCOL_TRUSTED_IPS unset for direct client connections.
# Set it only if Traefik itself sits behind an L4 proxy that sends PROXY protocol.
# HARAKA_PROXY_PROTOCOL_TRUSTED_IPS controls which backend proxy IPs Haraka trusts
# for the PROXY header that Traefik forwards internally.
# TRAEFIK_PROXY_PROTOCOL_TRUSTED_IPS=198.51.100.10/32,2001:db8::10/128
# HARAKA_PROXY_PROTOCOL_TRUSTED_IPS=127.0.0.0/8,10.0.0.0/8,172.16.0.0/12,192.168.0.0/16,::1/128,fc00::/7,fe80::/10
# Optional bootstrap helper overrides.
# BOOTSTRAP_API_URL=http://127.0.0.1:8080
# BOOTSTRAP_WAIT_TIMEOUT=120
# BOOTSTRAP_PUBLIC_IP=203.0.113.10
# BOOTSTRAP_HARAKA_CERT_DOMAIN=mail.example.com
# BOOTSTRAP_INSTALL_HARAKA_CERT_CRON=false
# BOOTSTRAP_HARAKA_CERT_CRON_SCHEDULE=17 */12 * * *
# DKIM_SELECTOR defaults to the current month and year, for example mar2026
# DKIM_DESCRIPTION=Bootstrap DKIM for example.com
# BOOTSTRAP_DKIM_REPLACE=false
# FIRST_USER_NAME=firstuser
# FIRST_USER_PASSWORD=change-me
# FIRST_USER_ADDRESS=firstuser@example.com
# FIRST_USER_DISPLAY_NAME=First User