{"id":13550380,"url":"https://github.com/anonaddy/docker","last_synced_at":"2025-04-03T00:33:47.096Z","repository":{"id":37193872,"uuid":"228188119","full_name":"anonaddy/docker","owner":"anonaddy","description":"AnonAddy Docker image","archived":false,"fork":false,"pushed_at":"2025-02-15T16:41:58.000Z","size":502,"stargazers_count":548,"open_issues_count":35,"forks_count":58,"subscribers_count":6,"default_branch":"master","last_synced_at":"2025-02-15T17:19:00.005Z","etag":null,"topics":["alpine-linux","anonaddy","disposable-email","docker","multi-platform","privacy","traefik"],"latest_commit_sha":null,"homepage":"","language":"Dockerfile","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/anonaddy.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":".github/FUNDING.yml","license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":".github/CODEOWNERS","security":null,"support":".github/SUPPORT.md","governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null},"funding":{"github":"crazy-max","custom":"https://www.paypal.me/crazyws"}},"created_at":"2019-12-15T13:23:40.000Z","updated_at":"2025-02-15T16:38:18.000Z","dependencies_parsed_at":"2024-01-28T16:01:40.747Z","dependency_job_id":"8bc45848-4300-48ff-8352-97de3c3fa427","html_url":"https://github.com/anonaddy/docker","commit_stats":null,"previous_names":[],"tags_count":104,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/anonaddy%2Fdocker","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/anonaddy%2Fdocker/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/anonaddy%2Fdocker/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/anonaddy%2Fdocker/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/anonaddy","download_url":"https://codeload.github.com/anonaddy/docker/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":246916733,"owners_count":20854511,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["alpine-linux","anonaddy","disposable-email","docker","multi-platform","privacy","traefik"],"created_at":"2024-08-01T12:01:32.381Z","updated_at":"2025-04-03T00:33:47.081Z","avatar_url":"https://github.com/anonaddy.png","language":"Dockerfile","readme":"\u003cp align=\"center\"\u003e\u003ca href=\"https://github.com/anonaddy/docker\" target=\"_blank\"\u003e\u003cimg height=\"128\" src=\"https://raw.githubusercontent.com/anonaddy/docker/master/.github/docker-anonaddy.jpg\"\u003e\u003c/a\u003e\u003c/p\u003e\n\n\u003cp align=\"center\"\u003e\n  \u003ca href=\"https://hub.docker.com/r/anonaddy/anonaddy/tags?page=1\u0026ordering=last_updated\"\u003e\u003cimg src=\"https://img.shields.io/github/v/tag/anonaddy/docker?label=version\u0026style=flat-square\" alt=\"Latest Version\"\u003e\u003c/a\u003e\n  \u003ca href=\"https://github.com/anonaddy/docker/actions?workflow=build\"\u003e\u003cimg src=\"https://img.shields.io/github/actions/workflow/status/anonaddy/docker/build.yml?branch=master\u0026label=build\u0026logo=github\u0026style=flat-square\" alt=\"Build Status\"\u003e\u003c/a\u003e\n  \u003ca href=\"https://hub.docker.com/r/anonaddy/anonaddy/\"\u003e\u003cimg src=\"https://img.shields.io/docker/stars/anonaddy/anonaddy.svg?style=flat-square\u0026logo=docker\" alt=\"Docker Stars\"\u003e\u003c/a\u003e\n  \u003ca href=\"https://hub.docker.com/r/anonaddy/anonaddy/\"\u003e\u003cimg src=\"https://img.shields.io/docker/pulls/anonaddy/anonaddy.svg?style=flat-square\u0026logo=docker\" alt=\"Docker Pulls\"\u003e\u003c/a\u003e\n  \u003cbr /\u003e\u003ca href=\"https://github.com/sponsors/crazy-max\"\u003e\u003cimg src=\"https://img.shields.io/badge/sponsor-crazy--max-181717.svg?logo=github\u0026style=flat-square\" alt=\"Become a sponsor\"\u003e\u003c/a\u003e\n  \u003ca href=\"https://www.paypal.me/crazyws\"\u003e\u003cimg src=\"https://img.shields.io/badge/donate-paypal-00457c.svg?logo=paypal\u0026style=flat-square\" alt=\"Donate Paypal\"\u003e\u003c/a\u003e\n\u003c/p\u003e\n\n## About\n\nDocker image for [addy.io](https://addy.io/), an anonymous email forwarding service. \n\n\u003e [!TIP]\n\u003e Want to be notified of new releases? Check out 🔔 [Diun (Docker Image Update Notifier)](https://github.com/crazy-max/diun)\n\u003e project!\n\n___\n\n* [Features](#features)\n* [Build locally](#build-locally)\n* [Image](#Image)\n* [Environment variables](#environment-variables)\n  * [General](#general)\n  * [App](#app)\n  * [Database](#database)\n  * [Redis](#redis)\n  * [Mail](#mail)\n  * [Postfix](#postfix)\n  * [RSPAMD](#rspamd)\n* [Volumes](#volumes)\n* [Ports](#ports)\n* [Usage](#usage)\n  * [Docker Compose](#docker-compose)\n* [Upgrade](#upgrade)\n* [Notes](#notes)\n  * [`anonaddy` command](#anonaddy-command)\n  * [Create user](#create-user)\n  * [Generate DKIM private/public keypair](#generate-dkim-privatepublic-keypair)\n  * [Generate GPG key](#generate-gpg-key)\n  * [Define additional env vars](#define-additional-env-vars)\n  * [Override Postfix main configuration](#override-postfix-main-configuration)\n  * [Spamhaus DQS configuration](#spamhaus-dqs-configuration)\n* [Contributing](#contributing)\n* [License](#license)\n\n## Features\n\n* Run as non-root user\n* Multi-platform image\n* [s6-overlay](https://github.com/just-containers/s6-overlay/) as process supervisor\n* [Traefik](https://github.com/containous/traefik-library-image) as reverse proxy and creation/renewal of Let's Encrypt certificates (see [this template](examples/traefik))\n\n## Build locally\n\n```console\ngit clone https://github.com/anonaddy/docker.git docker-addy\ncd docker-addy\n\n# Build image and output to docker (default)\ndocker buildx bake\n\n# Build multi-platform image\ndocker buildx bake image-all\n```\n\n## Image\n\nFollowing platforms for this image are available:\n\n```\n$ docker buildx imagetools inspect anonaddy/anonaddy --format \"{{json .Manifest}}\" | \\\n  jq -r '.manifests[] | select(.platform.os != null and .platform.os != \"unknown\") | .platform | \"\\(.os)/\\(.architecture)\\(if .variant then \"/\" + .variant else \"\" end)\"'\n\nlinux/amd64\nlinux/arm/v6\nlinux/arm/v7\nlinux/arm64\n```\n\n## Environment variables\n\n### General\n\n* `TZ`: The timezone assigned to the container (default `UTC`)\n* `PUID`: user id (default `1000`)\n* `PGID`: group id (default `1000`)\n* `MEMORY_LIMIT`: PHP memory limit (default `256M`)\n* `UPLOAD_MAX_SIZE`: Upload max size (default `16M`)\n* `CLEAR_ENV`: Clear environment in FPM workers (default `yes`)\n* `OPCACHE_MEM_SIZE`: PHP OpCache memory consumption (default `128`)\n* `LISTEN_IPV6`: Enable IPv6 for Nginx and Postfix (default `true`)\n* `REAL_IP_FROM`: Trusted addresses that are known to send correct replacement addresses (default `0.0.0.0/32`)\n* `REAL_IP_HEADER`: Request header field whose value will be used to replace the client address (default `X-Forwarded-For`)\n* `LOG_IP_VAR`: Use another variable to retrieve the remote IP address for access [log_format](http://nginx.org/en/docs/http/ngx_http_log_module.html#log_format) on Nginx. (default `remote_addr`)\n* `LOG_CROND`: Enable crond logging. (default `true`)\n\n### App\n\n* `APP_NAME`: Name of the application (default `addy.io`)\n* `APP_KEY`: Application key for encrypter service. You can generate one through `anonaddy key:generate --show` or `echo \"base64:$(openssl rand -base64 32)\"`. **required**\n* `APP_DEBUG`: Enables or disables debug mode, used to troubleshoot issues (default `false`)\n* `APP_URL`: The URL of your installation\n* `ANONADDY_RETURN_PATH`: Return-path header for outbound emails\n* `ANONADDY_ADMIN_USERNAME`: If set this value will be used and allow you to receive forwarded emails at the root domain\n* `ANONADDY_ENABLE_REGISTRATION`: If set to false this will prevent new users from registering on the site (default `true`)\n* `ANONADDY_DOMAIN`: Root domain to receive email from **required**\n* `ANONADDY_HOSTNAME`: FQDN hostname for your server used to validate records on custom domains that are added by users\n* `ANONADDY_DNS_RESOLVER`: Custom domains that are added by users to validate records (default `127.0.0.1`)\n* `ANONADDY_ALL_DOMAINS`: If you would like to have other domains to use (e.g. `@username.example2.com`), set a comma separated list like so, `example.com,example2.com` (default `$ANONADDY_DOMAIN`)\n* `ANONADDY_NON_ADMIN_SHARED_DOMAINS`: If set to false this will prevent any non-admin users from being able to create shared domain aliases at any domains that have been set for `$ANONADDY_ALL_DOMAINS` (default `true`)\n* `ANONADDY_SECRET`: Long random string used when hashing data for the anonymous replies **required**\n* `ANONADDY_LIMIT`: Number of emails a user can forward and reply per hour (default `200`)\n* `ANONADDY_BANDWIDTH_LIMIT`: Monthly bandwidth limit for users in bytes domains to use (default `104857600`)\n* `ANONADDY_NEW_ALIAS_LIMIT`: Number of new aliases a user can create each hour (default `10`)\n* `ANONADDY_ADDITIONAL_USERNAME_LIMIT`: Number of additional usernames a user can add to their account (default `10`)\n* `ANONADDY_SIGNING_KEY_FINGERPRINT`: GPG key used to sign forwarded emails. Should be the same as your mail from email address\n* `ANONADDY_DKIM_SIGNING_KEY`: Path to the private DKIM signing key to be used to sign emails for custom domains.\n* `ANONADDY_DKIM_SELECTOR`: Selector for the current DKIM signing key (default `default`)\n\n\u003e [!NOTE]\n\u003e `APP_KEY_FILE`, `ANONADDY_SECRET_FILE` and `ANONADDY_SIGNING_KEY_FINGERPRINT_FILE`\n\u003e can be used to fill in the value from a file, especially for Docker's secrets\n\u003e feature.\n\n### Database\n\n* `DB_HOST`: MySQL database hostname / IP address **required**\n* `DB_PORT`: MySQL database port (default `3306`)\n* `DB_DATABASE`: MySQL database name (default `anonaddy`)\n* `DB_USERNAME`: MySQL user (default `anonaddy`)\n* `DB_PASSWORD`: MySQL password\n* `DB_TIMEOUT`: Time in seconds after which we stop trying to reach the MySQL server (useful for clusters, default `60`)\n\n\u003e [!NOTE]\n\u003e `DB_USERNAME_FILE` and `DB_PASSWORD_FILE` can be used to fill in the value\n\u003e from a file, especially for Docker's secrets feature.\n\n### Redis\n\n* `REDIS_HOST`: Redis hostname / IP address\n* `REDIS_PORT`: Redis port (default `6379`)\n* `REDIS_PASSWORD`: Redis password\n\n\u003e [!NOTE]\n\u003e `REDIS_PASSWORD_FILE` can be used to fill in the value from a file, especially\n\u003e for Docker's secrets feature.\n\n### Mail\n\n* `MAIL_FROM_NAME`: From name (default `addy.io`)\n* `MAIL_FROM_ADDRESS`: From email address (default `addy@${ANONADDY_DOMAIN}`)\n* `MAIL_ENCRYPTION`: Encryption protocol to send e-mail messages (default `null`)\n\n### Postfix\n\n* `POSTFIX_DEBUG`: Enable debug (default `false`)\n* `POSTFIX_MESSAGE_SIZE_LIMIT`: The maximal size in bytes of a message, including envelope information (default `26214400`)\n* `POSTFIX_SMTPD_TLS`: Enabling TLS in the Postfix SMTP server (default `false`)\n* `POSTFIX_SMTPD_TLS_CERT_FILE`: File with the Postfix SMTP server RSA certificate in PEM format\n* `POSTFIX_SMTPD_TLS_KEY_FILE`: File with the Postfix SMTP server RSA private key in PEM format\n* `POSTFIX_SMTP_TLS`: Enabling TLS in the Postfix SMTP client (default `false`)\n* `POSTFIX_RELAYHOST`: Default host to send mail to\n* `POSTFIX_RELAYHOST_AUTH_ENABLE`: Enable client-side authentication for relayhost (default `false`)\n* `POSTFIX_RELAYHOST_USERNAME`: Postfix SMTP Client username for relayhost authentication\n* `POSTFIX_RELAYHOST_PASSWORD`: Postfix SMTP Client password for relayhost authentication\n* `POSTFIX_RELAYHOST_SSL_ENCRYPTION`: enable SSL encrpytion over SMTP where TLS is not available. (default `false`)\n* `POSTFIX_SPAMAUS_DQS_KEY`: Personal key for [Spamhaus DQS](#spamhaus-dqs-configuration)\n\n\u003e [!NOTE]\n\u003e `POSTFIX_RELAYHOST_USERNAME_FILE` and `POSTFIX_RELAYHOST_PASSWORD_FILE` can be\n\u003e used to fill in the value from a file, especially for Docker's secrets feature.\n\n### RSPAMD\n\n* `RSPAMD_ENABLE`: Enable Rspamd service. (default `false`)\n* `RSPAMD_WEB_PASSWORD`: Rspamd web password (default `null`)\n* `RSPAMD_NO_LOCAL_ADDRS`: Disable Rspamd local networks (default `false`)\n* `RSPAMD_SMTPD_MILTERS`: A list of Milter (space or comma as separated) applications for new mail that arrives (default `inet:127.0.0.1:11332`)\n\n\u003e [!NOTE]\n\u003e `RSPAMD_WEB_PASSWORD_FILE` can be used to fill in the value from a file,\n\u003e especially for Docker's secrets feature.\n\n\u003e [!WARNING]\n\u003e DKIM private key must be located in `/data/dkim/${ANONADDY_DOMAIN}.private`.\n\u003e You can generate a DKIM private/public keypair by following [this note](#generate-dkim-privatepublic-keypair).\n\n\u003e [!WARNING]\n\u003e Rspamd service is disabled if DKIM private key is not found\n\n\u003e [!WARNING]\n\u003e Rspamd service needs to be enabled for the reply anonymously feature to work.  \n\u003e See [#169](https://github.com/anonaddy/docker/issues/169#issuecomment-1232577449) for more details.\n\n\n## Volumes\n\n* `/data`: Contains storage\n\n\u003e [!WARNING]\n\u003e Note that the volume should be owned by the user/group with the specified\n\u003e `PUID` and `PGID`. If you don't give the volume correct permissions, the\n\u003e container may not start.\n\n## Ports\n\n* `8000`: HTTP port (addy.io)\n* `11334`: HTTP port (rspamd web dashboard)\n* `25`: SMTP port (postfix)\n\n## Usage\n\n### Docker Compose\n\nDocker compose is the recommended way to run this image. You can use the following\n[docker compose template](examples/compose/compose.yml), then run the container:\n\n```console\ndocker compose up -d\ndocker compose logs -f\n```\n\n## Upgrade\n\n```console\ndocker compose pull\ndocker compose up -d\n```\n\n## Notes\n\n### `anonaddy` command\n\nIf you want to use the artisan command to perform common server operations like\nmanage users, passwords and more, type:\n\n```console\ndocker compose exec addy anonaddy \u003ccommand\u003e\n```\n\nFor example to list all available commands:\n\n```console\ndocker compose exec addy anonaddy list\n```\n\n### Create user\n\n```console\ndocker compose exec addy anonaddy anonaddy:create-user \"username\" \"webmaster@example.com\"\n```\n\n### Generate DKIM private/public keypair\n\n```console\ndocker compose run --entrypoint '' addy gen-dkim\n```\n\n```text\ngenerating private and storing in data/dkim/example.com.private\ngenerating DNS TXT record with public key and storing it in data/dkim/example.com.txt\n\ndefault._domainkey IN TXT ( \"v=DKIM1; k=rsa; \"\n        \"p=***\"\n        \"***\"\n) ;\n```\n\nThe keypair will be available in `/data/dkim`.\n\n### Generate GPG key\n\nIf you don't have an existing GPG key, you can generate a new GPG key with the\nfollowing command:\n\n```console\ndocker compose exec --user anonaddy addy gpg --full-gen-key\n```\n\nKeys will be stored in `/data/.gnupg` folder.\n\n### Define additional env vars\n\nYou can define additional environment variables that will be used by the app\nby creating a file named `.env` in `/data`.\n\n### Override Postfix main configuration\n\nIn some cases you may want to override the default Postfix main configuration\nto fit your infrastructure. To do so, you can create a file named\n`postfix-main.alt.cf` in `/data` and it will be used instead of the generated\nconfiguration. **Use at your own risk**.\n\n\u003e [!WARNING]\n\u003e Container has to be restarted to propagate changes\n\n### Spamhaus DQS configuration\n\nIf a public DNS resolver is used, it may be blocked by Spamhaus and return a\n'non-existent domain' (NXDOMAIN), and soon will start to return an error code:\n\n```text\nAug  3 10:15:40 mail01 postfix/smtpd[23645]: NOQUEUE: reject: RCPT from sender.example.com[xx.xx.xx.xx]: 554 5.7.1 Service unavailable;\nClient host [xx.xx.xx.xx] blocked using zen.spamhaus.org; Error: open resolver; https://www.spamhaus.org/returnc/pub/162.158.148.77;\nfrom=\u003csender@example.com\u003e to=\u003crecipient@example.com\u003e proto=ESMTP helo=\u003cicinga2.infiniroot.net\u003e\n```\n\nTo fix this issue, you can register a DQS key [here](https://www.spamhaustech.com/dqs/)\nand complete the registration procedure. After you register an account, you can find the DQS key in the \"Access\" section of\n[this page](https://portal.spamhaustech.com/dqs/).\n\n## Contributing\n\nWant to contribute? Awesome! The most basic way to show your support is to star\nthe project, or to raise issues. You can also support this project by [**becoming a sponsor on GitHub**](https://github.com/sponsors/crazy-max)\nor by making a [PayPal donation](https://www.paypal.me/crazyws) to ensure this\njourney continues indefinitely!\n\nThanks again for your support, it is much appreciated! :pray:\n\n## License\n\nMIT. See `LICENSE` for more details.\n","funding_links":["https://github.com/sponsors/crazy-max","https://www.paypal.me/crazyws"],"categories":["Dockerfile","docker"],"sub_categories":[],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fanonaddy%2Fdocker","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fanonaddy%2Fdocker","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fanonaddy%2Fdocker/lists"}