fix: add SMTP relay on main server for Outline email auth

tools-server (85.193.83.9) has outbound SMTP ports 465/587 blocked by VPS provider. Added tecnativa/postfix-relay container on main server that relays to smtp.resend.com:587. Outline now uses ip_main:1025 as SMTP host. - UFW rule: allow port 1025 from ip_tools only - Remove stale authelia_image from docker pull list Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-03-26 23:35:30 +07:00 · 2026-03-26 23:35:30 +07:00 · fba7eb68ea
commit fba7eb68ea
parent e754d54e81
3 changed files with 38 additions and 7 deletions
--- a/roles/services/tasks/main.yml
+++ b/roles/services/tasks/main.yml
@ -24,14 +24,22 @@
    - "{{ loki_image }}"
    - "{{ promtail_image }}"
    - "{{ crowdsec_image }}"
    - "{{ authelia_image }}"
    - "{{ uptime_kuma_image }}"
    - "tecnativa/postfix-relay"
  register: pull_result
  changed_when: "'Status: Downloaded newer image' in pull_result.stdout"
  retries: 5
  delay: 30
  until: pull_result.rc == 0
 - name: Allow SMTP relay port from tools server
  community.general.ufw:
    rule: allow
    port: "1025"
    proto: tcp
    src: "{{ ip_tools }}"
    comment: "SMTP relay for tools-server Outline"
 - name: Deploy Docker Compose stack
  community.docker.docker_compose_v2:
    project_src: "{{ services_root }}"
--- a/roles/services/templates/docker-compose.yml.j2
+++ b/roles/services/templates/docker-compose.yml.j2
@ -570,3 +570,28 @@ services:
      interval: 30s
      timeout: 5s
      retries: 3
  # ── SMTP Relay ─────────────────────────────────────────────────────────────
  # Forwards mail from tools-server (85.193.83.9) to Resend SMTP.
  # tools-server has outbound SMTP blocked by the VPS provider.
  # Listens on 85.193.83.9:1025 (UFW allows only from ip_tools).
  smtp-relay:
    image: tecnativa/postfix-relay
    container_name: smtp-relay
    restart: unless-stopped
    ports:
      - "{{ ip_tools }}:1025:25"
    networks:
      - proxy
    environment:
      - MAILNAME={{ domain_base }}
      - MAIL_RELAY_HOST=smtp.resend.com
      - MAIL_RELAY_PORT=587
      - MAIL_RELAY_USER=resend
      - MAIL_RELAY_PASS={{ resend_api_key }}
      - MAIL_RELAY_MYHOSTNAME=mail.{{ domain_base }}
    logging:
      driver: json-file
      options:
        max-size: "5m"
        max-file: "2"
--- a/roles/tools/templates/env.j2
+++ b/roles/tools/templates/env.j2
@ -27,14 +27,12 @@ FILE_STORAGE=s3
 # Auth
 AUTH_PROVIDERS=email
-# SMTP via Resend
+# SMTP via relay on main server (tools-server has outbound SMTP blocked)
-SMTP_HOST=smtp.resend.com
+SMTP_HOST={{ ip_main }}
-SMTP_PORT=465
+SMTP_PORT=1025
 SMTP_USERNAME=resend
 SMTP_PASSWORD={{ resend_api_key }}
 SMTP_FROM_EMAIL=noreply@{{ domain_base }}
 SMTP_FROM_NAME=Visual Wiki
-SMTP_SECURE=true
+SMTP_SECURE=false
 # Outline DB password (used in docker-compose)
 OUTLINE_DB_PASSWORD={{ outline_db_password }}