{"id":42215899,"url":"https://github.com/springcomp/self-hosted-simplelogin","last_synced_at":"2026-01-27T01:14:11.158Z","repository":{"id":183266212,"uuid":"669436567","full_name":"springcomp/self-hosted-simplelogin","owner":"springcomp","description":"Docker-based self-hosted SimpleLogin.io configuration","archived":false,"fork":false,"pushed_at":"2026-01-04T10:29:16.000Z","size":207,"stargazers_count":81,"open_issues_count":4,"forks_count":18,"subscribers_count":5,"default_branch":"main","last_synced_at":"2026-01-26T22:11:45.461Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":null,"language":"Smarty","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/springcomp.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null}},"created_at":"2023-07-22T09:17:59.000Z","updated_at":"2026-01-12T03:33:26.000Z","dependencies_parsed_at":"2023-12-19T14:28:15.261Z","dependency_job_id":"5a840aa4-6026-4ee6-8f1e-9b238aac158d","html_url":"https://github.com/springcomp/self-hosted-simplelogin","commit_stats":null,"previous_names":["springcomp/self-hosted-simplelogin"],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/springcomp/self-hosted-simplelogin","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/springcomp%2Fself-hosted-simplelogin","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/springcomp%2Fself-hosted-simplelogin/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/springcomp%2Fself-hosted-simplelogin/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/springcomp%2Fself-hosted-simplelogin/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/springcomp","download_url":"https://codeload.github.com/springcomp/self-hosted-simplelogin/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/springcomp%2Fself-hosted-simplelogin/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":28795092,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-01-27T01:07:07.743Z","status":"ssl_error","status_checked_at":"2026-01-27T01:07:06.974Z","response_time":59,"last_error":"SSL_read: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2026-01-27T01:14:10.549Z","updated_at":"2026-01-27T01:14:11.144Z","avatar_url":"https://github.com/springcomp.png","language":"Smarty","funding_links":[],"categories":[],"sub_categories":[],"readme":"# SimpleLogin\n\nThis is a self-hosted docker-compose configuration for [SimpleLogin](https://simplelogin.io).\n\n## Prerequisites\n\n- a Linux server (either a VM or dedicated server). This doc shows the setup for Ubuntu 18.04 LTS but the steps could be adapted for other popular Linux distributions. As most of components run as Docker container and Docker can be a bit heavy, having at least 2 GB of RAM is recommended. The server needs to have the port 25 (email), 80, 443 (for the webapp), 22 (so you can ssh into it) open.\n\n- a domain for which you can config the DNS. It could be a sub-domain. In the rest of the doc, let's say it's `mydomain.com` for the email and `app.mydomain.com` for SimpleLogin webapp. Please make sure to replace these values by your domain name and subdomain name whenever they appear in the doc. A trick we use is to download this README file on your computer and replace all `mydomain.com` and `app.mydomain.com` occurrences by your domain.\n\nExcept for the DNS setup that is usually done on your domain registrar interface, all the below steps are to be done on your server. The commands are to run with `bash` (or any bash-compatible shell like `zsh`) being the shell. If you use other shells like `fish`, please make sure to adapt the commands.\n\n- Some utility packages used to verify the setup. Install them by:\n\n```bash\nsudo apt update \\\n  \u0026\u0026 sudo apt install -y net-tools dnsutils\n```\n\n## DNS Configuration\n\n\u003e **Please note** that DNS changes could take up to 24 hours to propagate. In practice, it's a lot faster though (~1 minute or so in our test). In DNS setup, we usually use domain with a trailing dot (`.`) at the end to to force using absolute domain.\n\n### A record\n\nCreate an **A record** that points `app.mydomain.com.` to your server IP.\nTo verify, the following command:\n\n```bash\ndig @1.1.1.1 app.mydomain.com a\n```\n\nshould return your server IP.\n\n### MX record\n\nCreate a **MX record** that points `mydomain.com.` to `app.mydomain.com.` with priority 10.\n\nTo verify if the DNS works, the following command:\n\n```bash\ndig @1.1.1.1 mydomain.com mx\n```\n\nshould return:\n\n```dns\nmydomain.com. 3600 IN MX 10 app.mydomain.com.\n```\n\n### PTR record\n\nFrom Wikipedia \u003chttps://en.wikipedia.org/wiki/Reverse_DNS_lookup\u003e\n\n\u003e A reverse DNS lookup or reverse DNS resolution (rDNS) is the querying technique of the Domain Name System (DNS) to determine the domain name associated with an IP address – the reverse of the usual \"forward\" DNS lookup of an IP address from a domain name.\n\nCreate a **PTR record** that point your IP address to your domain name.\n**Important** Some providers require PTR configuration to be done from their dashboard and ignore DNS records. Please, make sure to properly configure reverse DNS lookup for your domain.\n\nTo verify, the following command:\n\n```bash\ndig @1.1.1.1 -x $( ip addr show eth0 | grep 'inet ' | awk '{print $2}' | cut -d'/' -f1)\n```\n\nshould return your domain name.\n\n### DKIM\n\nFrom Wikipedia \u003chttps://en.wikipedia.org/wiki/DomainKeys_Identified_Mail\u003e\n\n\u003e DomainKeys Identified Mail (DKIM) is an email authentication method designed to detect forged sender addresses in emails (email spoofing), a technique often used in phishing and email spam.\n\nSetting up DKIM is highly recommended to reduce the chance for your emails ending up in the recipient's Spam folder.\n\nFirst you need to generate a private and public key for DKIM:\n\n```bash\nopenssl genrsa -traditional -out dkim.key 1024\nopenssl rsa -in dkim.key -pubout -out dkim.pub.key\n```\n\nYou will need the files `dkim.key` and `dkim.pub.key` for the next steps.\n\nFor email gurus, we have chosen 1024 key length instead of 2048 for DNS simplicity as some registrars don't play well with long TXT record.\n\nSet up DKIM by adding a **TXT record** for `dkim._domainkey.mydomain.com.` with the following value:\n\n```plaintext\nv=DKIM1; k=rsa; p=PUBLIC_KEY\n```\n\nwith `PUBLIC_KEY` being your `dkim.pub.key` but\n\n- remove the `-----BEGIN PUBLIC KEY-----` and `-----END PUBLIC KEY-----`\n- join all the lines on a single line.\n\nFor example, if your `dkim.pub.key` is\n\n```plaintext\n-----BEGIN PUBLIC KEY-----\nab\ncd\nef\ngh\n-----END PUBLIC KEY-----\n```\n\nthen the `PUBLIC_KEY` would be `abcdefgh`.\n\nYou can get the `PUBLIC_KEY` by running this command:\n\n```bash\nsed \"s/-----BEGIN PUBLIC KEY-----/v=DKIM1; k=rsa; p=/g\" $(pwd)/dkim.pub.key | \\\n  sed 's/-----END PUBLIC KEY-----//g' | \\\n  tr -d '\\n' | awk 1\n```\n\nTo verify, the following command:\n\n```bash\ndig @1.1.1.1 dkim._domainkey.mydomain.com txt\n```\n\nshould return the above value.\n\n### SPF\n\nFrom Wikipedia \u003chttps://en.wikipedia.org/wiki/Sender_Policy_Framework\u003e\n\n\u003e Sender Policy Framework (SPF) is an email authentication method designed to detect forging sender addresses during the delivery of the email\n\nSimilar to DKIM, setting up SPF is highly recommended.\n\nCreate a **TXT record** for `mydomain.com.` with the value:\n\n```plaintext\nv=spf1 mx -all\n```\n\nWhat it means is only your server can send email with `@mydomain.com` domain.\nTo verify, the following command\n\n```bash\ndig @1.1.1.1 mydomain.com txt\n```\n\nshould return the above value.\n\n### DMARC\n\nFrom Wikipedia \u003chttps://en.wikipedia.org/wiki/DMARC\u003e\n\n\u003e It (DMARC) is designed to give email domain owners the ability to protect their domain from unauthorized use, commonly known as email spoofing\n\nSetting up DMARC is also recommended.\n\nCreate a **TXT record** for `_dmarc.mydomain.com.` with the following value\n\n```plaintext\nv=DMARC1; p=quarantine; adkim=r; aspf=r\n```\n\nThis is a `relaxed` DMARC policy. You can also use a more strict policy with `v=DMARC1; p=reject; adkim=s; aspf=s` value.\n\nTo verify, the following command\n\n```bash\ndig @1.1.1.1 _dmarc.mydomain.com txt\n```\n\nshould return the set value.\n\nFor more information on DMARC, please consult \u003chttps://tools.ietf.org/html/rfc7489\u003e\n\n### HSTS\n\nFrom Wikipedia \u003chttps://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security\u003e\n\n\u003e HTTP Strict Transport Security (HSTS) is a policy mechanism that helps to protect websites against man-in-the-middle attacks such as protocol downgrade attacks and cookie hijacking.\n\nHTTP Strict Transport Security is an extra step you can take to protect your web app from certain man-in-the-middle attacks. It does this by specifying an amount of time (usually a really long one) for which you should only accept HTTPS connections, not HTTP ones.\n\nThis repository already enables HSTS, thanks to the traefik configuration for the simplelogin container\n\n### CAA\n\nFrom Wikipedia \u003chttps://en.wikipedia.org/wiki/DNS_Certification_Authority_Authorization\u003e\n\n\u003e DNS Certification Authority Authorization (CAA) is an Internet security policy mechanism that allows domain name holders to indicate to certificate authorities whether they are authorized to issue digital certificates for a particular domain name.\n\n[Certificate Authority Authorization](https://letsencrypt.org/docs/caa/) is a step you can take to restrict the list of certificate authorities that are allowed to issue certificates for your domains.\n\nUse [SSLMate’s CAA Record Generator](https://sslmate.com/caa/) to create a **CAA record** with the following configuration:\n\n- `flags`: `0`\n- `tag`: `issue`\n- `value`: `\"letsencrypt.org\"`\n\nTo verify if the DNS works, the following command:\n\n```bash\ndig @1.1.1.1 mydomain.com caa\n```\n\nshould return:\n\n```dns\nmydomain.com. 3600 IN CAA 0 issue \"letsencrypt.org\"\n```\n\n**Warning**: setting up a CAA record will restrict which certificate authority can successfully issue SSL certificates for your domain.\nThis will prevent certificate issuance from Let’s Encrypt staging servers. You may want to differ this DNS record until after SSL certificates are successfully issued for your domain.\n\n### MTA-STS\n\nFrom Wikipedia \u003chttps://en.wikipedia.org/wiki/Simple_Mail_Transfer_Protocol#SMTP_MTA_Strict_Transport_Security\u003e\n\n\u003e SMTP MTA Strict Transport Security defines a protocol for mail servers to declare their ability to use secure channels in specific files on the server and specific DNS TXT records.\n\n[SMTP MTA Strict Transport Security](https://datatracker.ietf.org/doc/html/rfc8461) is an extra step you can take to broadcast the ability of your instance to receive and, optionally enforce, TSL-secure SMTP connections to protect email traffic.\n\nCreate an **A record** that points `mta-sts.mydomain.com.` to your server IP.\n\nTo verify, the following command:\n\n```bash\ndig @1.1.1.1 mta-sts.mydomain.com a\n```\n\nshould return your server IP.\n\nCreate a **TXT record** for `_mta-sts.mydomain.com.` with the following value:\n\n```plaintext\nv=STSv1; id=UNIX_TIMESTAMP\n```\n\nWith `UNIX_TIMESTAMP` being the current date/time.\n\nUse the following command to generate the record:\n\n```bash\necho \"v=STSv1; id=$(date +%s)\"\n```\n\nTo verify if the DNS works, the following command:\n\n```bash\ndig @1.1.1.1 _mta-sts.mydomain.com txt\n```\n\nshould return a result similar to this one:\n\n```dns\n_mta-sts.mydomain.com. 3600 IN TXT \"v=STSv1; id=1689416399\"\n```\n\n### TLSRPT\n\n[SMTP TLS Reporting](https://datatracker.ietf.org/doc/html/rfc8460) is used by SMTP systems to report failures in establishing TLS-secure sessions as broadcast by the MTA-STS configuration.\n\nConfiguring MTA-STS in `mode: testing` as shown in the previous section gives you time to review failures from some SMTP senders.\n\nCreate a **TXT record** for `_smtp._tls.mydomain.com.` with the following value:\n\n```txt\nv=TSLRPTv1; rua=mailto:YOUR_EMAIL\n```\n\nThe TLSRPT configuration at the DNS level allows SMTP senders that fail to initiate TLS-secure sessions to send reports to a particular email address.  We suggest creating a `tls-reports` alias in SimpleLogin for this purpose.\n\nTo verify if the DNS works, the following command\n\n```bash\ndig @1.1.1.1 _smtp._tls.mydomain.com txt\n```\n\nshould return a result similar to this one:\n\n```dns\n_smtp._tls.mydomain.com. 3600 IN TXT \"v=TSLRPTv1; rua=mailto:tls-reports@mydomain.com\"\n```\n\n## Docker\n\nIf you don't already have Docker installed on your server, please follow the steps on [Docker CE for Ubuntu](https://docs.docker.com/v17.12/install/linux/docker-ce/ubuntu/) to install Docker.\n\nYou can also install Docker using the [docker-install](https://github.com/docker/docker-install) script which is\n\n```bash\ncurl -fsSL https://get.docker.com | sh\n```\n\nEnable IPv6 for [the default bridge network](https://docs.docker.com/config/daemon/ipv6/#use-ipv6-for-the-default-bridge-network)\n\n```json\n{\n  \"ipv6\": true,\n  \"fixed-cidr-v6\": \"2001:db8:1::/64\",\n  \"experimental\": true,\n  \"ip6tables\": true\n}\n```\n\nThis procedure will guide you through running the entire stack using Docker containers.\nThis includes:\n\n- traefik\n- The [SimpleLogin app](https://github.com/simple-login/app) containers\n- postfix\n\nRun SimpleLogin from Docker containers:\n\n1. Clone this repository in `/opt/simplelogin`\n1. Copy `.env.example` to `.env` and set appropriate values.\n\n    - set the `DOMAIN` variable to your domain.\n    - set the `SUBDOMAIN` variable to your domain. The default value is `app`.\n    - set the `POSTGRES_USER` variable to match the postgres credentials (when starting from scratch, use `simplelogin`).\n    - set the `POSTGRES_PASSWORD` to match the postgres credentials (when starting from scratch, set to a random key).\n    - set the `FLASK_SECRET` to an arbitrary secret key.\n\n#### Running the application\n\nRun the application using the following commands:\n\n```sh\ndocker compose up --detach --remove-orphans --build \u0026\u0026 docker compose logs -f\n```\n\nYou may want to setup [Certificate Authority Authorization (CAA)](#caa) at this point.\n\n## Next steps\n\nIf all the above steps are successful, open \u003chttps://app.mydomain.com/\u003e and create your first account!\n\nBy default, new accounts are not premium so don't have unlimited aliases. To make your account premium,\nplease go to the database, table \"users\" and set \"lifetime\" column to \"1\" or \"TRUE\":\n\n```bash\ndocker compose exec -it postgres psql -U myuser simplelogin\n\u003e UPDATE users SET lifetime = TRUE;\n\u003e \\q\n```\n\nOnce you've created all your desired login accounts, add these lines to `.env` to disable further registrations:\n\n```env\nDISABLE_REGISTRATION=1\nDISABLE_ONBOARDING=true\n```\n\nThen, to restart the web app, apply: `docker compose restart app`\n\n## Miscellaneous\n\n### Wildcard subdomains\n\n**Note** the following section documents wildcard certificates and subdomains. You may want to use builtin facility within SimpleLogin to achieve the same results.\n\nIf your DNS supports it, you can add a **MX record** to point `*.mydomain.com` to `app.mydomain.com` so that you can receive mails from any number of subdomains.\nTo verify, the following command:\n\n```sh\ndig @1.1.1.1 *.mydomain.com mx\n```\n\nShould return:\n\n```dns\n*.mydomain.com. 3600  IN  MX    10 app.mydomain.com\n```\n\nSSL-Certificates are requested from [Let`s Encrypt](https://letsencrypt.org/).\nTraefik is (by default) configured to use TLS-ALPN Challenge, because this works out-of-the-box without further\nconfiguration, as long as DNS resolves to your server.\n\nDisadvantage of this configuration is, that letsencrypt does not allow requesting wildcard certificates via TLS Challenge.\n\nTo request a wildcard certificate, edit `.env` file to set `LE_CHALLENGE=dns`, identify your DNS provider\nby setting `LE_DNS_PROVIDER`, and provide further details (i.e. credentials/API-Key, depending on your DNS provider) as ENV.\n\nYou can find all supported DNS providers and corresponding instructions here: \u003chttps://go-acme.github.io/lego/dns/\u003e\n\n### Postfix configuration - Spamhaus\n\nThe Spamhaus Project maintains a reliable list of IP addresses known to be the source of SPAM.\nYou can check whether a given IP address is in that list by submitting queries to the DNS infrastructure.\n\nSince Spamhaus blocks queries coming from public (open) DNS-Resolvers (see: https://check.spamhaus.org/returnc/pub) and your postfix container may use \na public resolver by default, it is recommended to sign up for the free \n[Spamhaus Data Query Service](https://www.spamhaus.com/free-trial/sign-up-for-a-free-data-query-service-account/)\nand obtain a Spamhaus DQS key.\n\nPaste this key as `SPAMHAUS_DQS_KEY` in your `.env`\n\nIf no DQS-key is provided, your postfix container will check if the Spamhaus public mirrors are accepting its queries and use them instead.\nIf Spamhaus rejects queries from your postfix container to the public mirrors, it will be disabled entirely.\n\n### Postfix configuration - Virtual aliases\n\nThe postfix configuration supports virtual aliases using the `postfix/conf.d/virtual` and `postfix/conf.d/virtual-regexp` files.\nThose files are automatically created on startup based upon the corresponding [`postfix/templates/virtual.tpl`](./postfix/templates/virtual.tpl)\nand [`postfix/templates/virtual-regexp.tpl`](./postfix/templates/virtual-regexp.tpl) template files.\n\nThe default configuration is as follows:\n\n#### virtual.tpl\n\nThe `virtual` file supports postfix `virtual_alias_maps` settings.\nIt includes a rule that maps `unknown@mydomain.com` to `contact@mydomain.com` to demonstrate receiving\nand email from a specific address that does not correspond to an existing alias, to another one that does.\n\n```postfix-conf\nunknown@mydomain.com  contact@mydomain.com\n```\n\n#### virtual-regexp.tpl\n\nThe `virtual-regexp` file supports postfix `virtual_alias_maps` settings.\nIt includes a rule that rewrite emails addressed to an arbitrary subdomain, which does not correspond\nto an existing alias, to a new alias that belongs to a directory whose name is taken from the subdomain.\nThat alias may be created on the fly if it does not exist.\n\n```postfix-conf\n/^([^@]+)@([^.]+)\\.mydomain.com/   $2/$1@mydomain.com\n```\n\nFor instance, emails sent to `someone@directory.mydomain.com` will be routed to `directory/someone@mydomain.com` by postfix.\n\n## How-to Upgrade from 3.4.0\n\n- Change the image version in `.env`\n\n```env\nSL_VERSION=4.6.5-beta\n```\n\n- Check and apply [migration commands](https://github.com/simple-login/app/blob/master/docs/upgrade.md)\n\nFor instance, to upgrade from `3.4.0` to `4.6.x-beta`, the following change must be done in `simple-login-compose.yaml`:\n\n```patch\n  migration:\n    image: simplelogin/app:$SL_VERSION\n-   command: [ \"flask\", \"db\", \"upgrade\" ]\n+   command: [ \"alembic\", \"upgrade\", \"head\" ]\n    container_name: sl-migration\n    env_file: .env\n```\n\nFinally, the following command must be run in the database:\n\n```bash\ndocker compose exec -it postgres psql -U myuser simplelogin\n\u003e UPDATE email_log SET alias_id=(SELECT alias_id FROM contact WHERE contact.id = email_log.contact_id);\n\u003e \\q\n```\n\n- Restart containers\n\n```sh\ndocker compose stop \u0026\u0026 docker compose up --detach\n```\n\nAfter successfully upgrading to `v4.6.x-beta` you might want to upgrade\nto the latest stable version. Change the `SL_IMAGE` and `SL_VERSION`\nvariables from the `.env` file:\n\n```env\nSL_VERSION=v4.70.0\nSL_IMAGE=app-ci\n```\n\n**Caution**: some [underpowered VPS](https://github.com/springcomp/self-hosted-simplelogin/issues/12#issuecomment-3160394621) might exhibit some WORKER_TIMEOUT errors\nwhen running the `sl-app` image. To mitigate this issue, you may want to\nincrease the starting timeout value in [`simple-login-compose.yaml`](https://github.com/springcomp/self-hosted-simplelogin/blob/main/simple-login-compose.yaml#L49):\n\n```patch\n  app:\n    image: simplelogin/$SL_IMAGE:$SL_VERSION\n    container_name: sl-app\n    env_file: .env\n    volumes:\n      - ./pgp:/sl/pgp\n      - ./upload:/code/static/upload\n      - ./dkim.key:/dkim.key\n      - ./dkim.pub.key:/dkim.pub.key\n+   command: [\"gunicorn\",\"wsgi:app\",\"-b\",\"0.0.0.0:7777\",\"-w\",\"2\",\"--timeout\",\"30\"]\n    restart: unless-stopped\n```\n\nAnd restart the containers.\n\nThis will pull up the latest versions of the docker images,\npotentially running the updated `sl-migration` steps, and\nstartup the application.\n\n## How-to Upgrade from previous NGinx-based setup\n\nThis section outlines the migration steps from a previous installation of `self-hosted-simplelogin` using the NGinx-based setup, to the current Traefik-based setup.\n\n### Backup your server\n\n1. Backup the database using the following command:\n\n```powershell\nmkdir /tmp/sl-backup/\n\ndocker compose \\\n  -f /opt/simplelogin/docker-compose.yaml exec postgres \\\n  pg_dump -U \u003cpostgres-user-name\u003e simplelogin -F c -b \u003e/tmp/sl-backup/simplelogin.sql\n```\n\n1. Backup your DKIM public and private keys.\n\n1. Backup your PGP keys, avatar picture and undelivered emails from the `upload/` and `pgp/` folders.\n\n1. Backup your existing `.env` file.\n\n### Postfix\n\nThe `postfix` container is running a private image that has changed from the previous NGinx-based setup to the current Traefik-based setup.\n\nThat image needs to be regenerated. You can remove the previous version using the command:\n\n```sh\ndocker rmi private/postfix:latest\n```\n\n### In-place upgrade\n\nIn-place upgrade refers to the fact that you will upgrade the stack from the previous setup to the current setup in the same directoy.\n\nThis is the easiest upgrade path as you only need to change the docker-compose and setup files. If you cloned this repository, you most likely need to use `git pull` to upgrade to the latest version.\n\n**Prerequisites**: make sure you are running a recent version of SimpleLogin. This section assumes you are running `app-ci:v4.70.0`.\n\n1. Stop the stack using `. ./down.sh`.\n1. Upgrade to the latest version of the files.\n1. Create and update the `.env` file from `.env.example`.\n\nThe new `.env` file supports specifying parameters for certificate renewal using either the `DNS-01` or `TLS–ALPN-01` ACME challenge from Let’sEncrypt using [LEGO](https://go-acme.github.io/lego/dns/) , a Let’sEncrypt client library written in Go. Please, review the LEGO documentation for supported providers and their parameters.\n\n4. Start the stack using `. ./up.sh`.\n\nYou can now cleanup the folders that are no longer useful:\n\n```sh\nrm -rf acme.sh/\nrm -rf nginx/\n```\n\n### Backup / restore upgrade\n\nIf you want to keep the existing setup in a known working directory, you can use the backup - restore path to test the new setup from a separate folder.\n\n1. Clone this repository to get the latest version of the files.\n1. Create and update the `.env` file from `.env.example`.\n\nThe new `.env` file supports specifying parameters for certificate renewal using either the `DNS-01` or `TLS–ALPN-01` ACME challenge from Let’sEncrypt using [LEGO](https://go-acme.github.io/lego/dns/) , a Let’sEncrypt client library written in Go. Please, review the LEGO documentation for supported providers and their parameters.\n\n3. Restore the `pgp/` and `upload/` folders.\n3. Restore the `dkim.pub.key` and `dkim.key` files.\n3. Restore the postfix `virtual` and `virtual-regexp` files.\n4. Start the stack using `. ./up.sh`.\n\nThis will create the `private/postfix:latest` image and request new certificates from Let’s Encrypt.\n\nOnce the application is running successfully, you need to restore the database. The easiest way it to copy the backup file in the `db/` folder:\n\n```sh\nsudo cp /tmp/sl-backup/simplelogin.sql db/\ndocker compose exec -it pg_restore -U \u003cpostgres-user-name\u003e \\\n  --dbname=simplelogin \\\n  --clean \\\n  --verbose \\\n  /var/lib/postgresql/data/simplelogin.sql\n```\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fspringcomp%2Fself-hosted-simplelogin","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fspringcomp%2Fself-hosted-simplelogin","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fspringcomp%2Fself-hosted-simplelogin/lists"}