| Create environment files (cf. `git ls-files \*environment.template`): |
| * Set SA_PUBLIC_DOMAIN_NAME in `environment` |
| * Set CANONICAL_WEB_URL in `gerrit/environment` |
| * Enable GitHub OAUTH in `gerrit/environment` |
| |
| To build: |
| * nginx first because it creates selfsigned certificate `docker-compose build nginx` |
| * then everything else `docker-compose build` |
| |
| Get containers up: |
| * `docker-compose up` |
| |
| Mail setup: |
| * A 'gerrit@' mail account will be added automatically |
| * See `docker-compose exec mailserver setup` for more |
| * Add account or alias for 'postmaster@' |
| |
| When the containers are up run `certbot`: |
| * Once `docker-compose -f sa-certbot.yml run new` |
| * Every x < 30 days `docker-compose -f sa-certbot.yml run renew` |
| * Always reload nginx `docker-compose exec nginx nginx -s reload` |
| |
| DKIM: |
| * `docker-compose exec mailserver setup config dkim` |
| * If using a subdomain, set `use_esld = false;` |
| in `mail/rspamd-override.d/dkim_signing.conf` |
| * Publish key from `mail/config/rspamd/dkim/*.public.dns.txt` via DNS |
| |
| Mail testing with dial-in IP: |
| Some popular (german) email providers greet with a 554 error when the IP is |
| blacklisted. Seems out of standard and hence can lead to not bouncing the |
| message immediately. |
| * Set `smtp_skip_5xx_greeting = no` in `mail/config/postfix-main.cf`, |
| if you want immediate bounces. |