From fba7eb68ea70f2fec3bd1a4ae06d68fbe365e682 Mon Sep 17 00:00:00 2001 From: jack Date: Thu, 26 Mar 2026 23:35:30 +0700 Subject: [PATCH] fix: add SMTP relay on main server for Outline email auth tools-server (85.193.83.9) has outbound SMTP ports 465/587 blocked by VPS provider. Added tecnativa/postfix-relay container on main server that relays to smtp.resend.com:587. Outline now uses ip_main:1025 as SMTP host. - UFW rule: allow port 1025 from ip_tools only - Remove stale authelia_image from docker pull list Co-Authored-By: Claude Sonnet 4.6 --- roles/services/tasks/main.yml | 10 +++++++- .../services/templates/docker-compose.yml.j2 | 25 +++++++++++++++++++ roles/tools/templates/env.j2 | 10 +++----- 3 files changed, 38 insertions(+), 7 deletions(-) diff --git a/roles/services/tasks/main.yml b/roles/services/tasks/main.yml index 42cd1c4..b09df08 100644 --- a/roles/services/tasks/main.yml +++ b/roles/services/tasks/main.yml @@ -24,14 +24,22 @@ - "{{ loki_image }}" - "{{ promtail_image }}" - "{{ crowdsec_image }}" - - "{{ authelia_image }}" - "{{ uptime_kuma_image }}" + - "tecnativa/postfix-relay" register: pull_result changed_when: "'Status: Downloaded newer image' in pull_result.stdout" retries: 5 delay: 30 until: pull_result.rc == 0 +- name: Allow SMTP relay port from tools server + community.general.ufw: + rule: allow + port: "1025" + proto: tcp + src: "{{ ip_tools }}" + comment: "SMTP relay for tools-server Outline" + - name: Deploy Docker Compose stack community.docker.docker_compose_v2: project_src: "{{ services_root }}" diff --git a/roles/services/templates/docker-compose.yml.j2 b/roles/services/templates/docker-compose.yml.j2 index 756ee18..2a7979f 100644 --- a/roles/services/templates/docker-compose.yml.j2 +++ b/roles/services/templates/docker-compose.yml.j2 @@ -570,3 +570,28 @@ services: interval: 30s timeout: 5s retries: 3 + + # ── SMTP Relay ───────────────────────────────────────────────────────────── + # Forwards mail from tools-server (85.193.83.9) to Resend SMTP. + # tools-server has outbound SMTP blocked by the VPS provider. + # Listens on 85.193.83.9:1025 (UFW allows only from ip_tools). + smtp-relay: + image: tecnativa/postfix-relay + container_name: smtp-relay + restart: unless-stopped + ports: + - "{{ ip_tools }}:1025:25" + networks: + - proxy + environment: + - MAILNAME={{ domain_base }} + - MAIL_RELAY_HOST=smtp.resend.com + - MAIL_RELAY_PORT=587 + - MAIL_RELAY_USER=resend + - MAIL_RELAY_PASS={{ resend_api_key }} + - MAIL_RELAY_MYHOSTNAME=mail.{{ domain_base }} + logging: + driver: json-file + options: + max-size: "5m" + max-file: "2" diff --git a/roles/tools/templates/env.j2 b/roles/tools/templates/env.j2 index 571f25a..aaba16e 100644 --- a/roles/tools/templates/env.j2 +++ b/roles/tools/templates/env.j2 @@ -27,14 +27,12 @@ FILE_STORAGE=s3 # Auth AUTH_PROVIDERS=email -# SMTP via Resend -SMTP_HOST=smtp.resend.com -SMTP_PORT=465 -SMTP_USERNAME=resend -SMTP_PASSWORD={{ resend_api_key }} +# SMTP via relay on main server (tools-server has outbound SMTP blocked) +SMTP_HOST={{ ip_main }} +SMTP_PORT=1025 SMTP_FROM_EMAIL=noreply@{{ domain_base }} SMTP_FROM_NAME=Visual Wiki -SMTP_SECURE=true +SMTP_SECURE=false # Outline DB password (used in docker-compose) OUTLINE_DB_PASSWORD={{ outline_db_password }}