Adding a WebDAV variant of Nginx
Addendum to re-fixing encryption
Re-fixing encryption
So while I will continue to prefer port 465, in order to support
public-facing port 587, it really is best to enable wrapper mode only
for the appropriate service. In which case, it should be enabled in
`master.cf` NOT `main.cf`.
Also, to better set relay restrictions, I'm fixing `mydestinations` and
adding `relay_domains`.
Fix encryption setup
Configuration was a bit confused on account of running both SMTPD and
Submission ports. I am going to prefer port 465 with implicit TLS, and
to correctly support that mode I am setting wrapper mode on.
Proxy and TLS updates
Include configuration for proxying on HTTP 1.1, which enabled keepalive.
Also adding configuration for automatic connection upgrading as needed.
Update configuration for TLS ciphers.
Include a simple configuration file for enabling encryption.
Adding recipient_canonical maps to Postfix
Continuation of Postfix redesign
It took frustratingly long to realize that the widely publicized home
for SASL (database in `/etc/sasldb2`, configurations in
`/etc/postfix/sasl`) are at least completely wrong for Alpine Linux, and
probably completely wrong for most distributions. (Everything is in
`/etc/sasl2`, in case you're wondering.)
Logging to stderr is added. One guess as to why I needed to add this.
I've also learned that while bracketing a hostname (i.e.
`smtp:[mail.realy.com]:25`) halts MX record lookups, it does *not* halt
A record lookups. To ensure accurate delivery of mail, Postfix
would much prefer to use public DNS over local name resolution. Luckily
I agree with this design; the opposite behavior only makes sense if a
server isn't delivering to the open internet at all. Precisely the
intended use of the `:tls-in` image. So, that image will no longer do DNS.
Postfix redesign
Now there are three images tags for `postfix`. `:latest` uses encryption
and authentication for inbound and outbound mail. It listens on posts 25
and 465. Because it authenticates, I dropped the requirement for
senders to have a LAN IP.
`:tls-in` drops outbound encryption and authentication. This is
generally going to be useful for receiving mail and handing it to a
local service.
`:tls-out` drops inbound encryption and authentication and listining on
port 465. This is useful for relaying mail off of a trusted host.
Minor adjustments to documentation
sr.ht
Adding a postfix server image.
Adding images for the sr.ht system (meta+todo+git).
Updates
Added a main README file to act as a directory.
Updated nitter Makefile.
Added useful base images (fcgi and php).
Initial commit with my core utilities