From fc443172397fca02ebb492fa705a5580c09eb2d2 Mon Sep 17 00:00:00 2001 From: Mark Mennell Date: Sun, 19 Apr 2026 15:33:30 +0800 Subject: [PATCH 1/5] certs, quickstart --- .env.example | 10 +++++ QUICKSTART.md | 85 ++++++++++++++++++++++++++++++++++++ compose/docker-compose.yml | 38 ++++++++++++++-- docker/certbot/entrypoint.sh | 44 +++++++++++++++++++ test/docker-compose.test.yml | 4 ++ test/run-tests.sh | 2 +- 6 files changed, 178 insertions(+), 5 deletions(-) create mode 100644 QUICKSTART.md create mode 100644 docker/certbot/entrypoint.sh diff --git a/.env.example b/.env.example index b07330f..a23296f 100644 --- a/.env.example +++ b/.env.example @@ -1,8 +1,17 @@ # ── Required ────────────────────────────────────────────── # fmsg domain name this host serves +# - fmsgd will uses TCP 4930 on fmsg. +# - fmsg-webapi uses HTTPS 443 on fmsgapi. FMSG_DOMAIN=example.com +# Email address for Let's Encrypt certificate registration +CERTBOT_EMAIL= + +# HMAC secret used to validate JWT tokens for fmsg-webapi +# Prefix with base64: to supply a base64-encoded key (e.g. base64:c2VjcmV0) +FMSG_API_JWT_SECRET=changeme + # Per-service database passwords (used by application services) FMSGD_WRITER_PGPASSWORD=changeme FMSGID_WRITER_PGPASSWORD=changeme @@ -14,4 +23,5 @@ FMSGID_WRITER_PGPASSWORD=changeme # FMSGID_PORT=8080 # GIN_MODE=release # FMSG_SKIP_DOMAIN_IP_CHECK=false +# PGUSER=postgres # PGUSER=postgres \ No newline at end of file diff --git a/QUICKSTART.md b/QUICKSTART.md new file mode 100644 index 0000000..64f282c --- /dev/null +++ b/QUICKSTART.md @@ -0,0 +1,85 @@ +# Quickstart - Setting up an fmsg host with fmsg-docker + +## Requirements + +1. A domain you control, e.g `example.com` +2. A public IP +3. A server with Docker and Docker Compose +4. TCP port `4930` open to the internet +5. TCP port `443` open to the internet (fmsg-webapi HTTPS) +6. TCP port `80` open to the internet (only first start - required for initial Let's Encrypt certificate issuance) + +## Steps + +### 0. Server Setup + +Clone this repository to the server and make sure docker is running. +``` +git clone https://github.com/markmnl/fmsg-docker.git +``` + +### 1. Configure DNS + +Create A (or AAAA) DNS records to resolve to your server IP for: + +1. `fmsg.` +2. `fmsgapi.` + +_NOTE_ Ensure DNS is kept up-to-date with your server's IP so you can receive messages! + +### 2. Configure FMSG + +Copy the example env file: + +```sh +cp .env.example compose/.env +``` + +Edit `compose/.env` and set at least (note email address here is just for TLS certificates issued by Let's Encrypt): + +```env +FMSG_DOMAIN=example.com +CERTBOT_EMAIL= +FMSG_API_JWT_SECRET= +FMSGD_WRITER_PGPASSWORD= +FMSGID_WRITER_PGPASSWORD= +``` + +Start the stack for the first time from `compose/` and pass the one-time init passwords on the command line (keep these secret, keep them safe): + +```sh +cd compose +PGPASSWORD= \ +FMSGD_READER_PGPASSWORD= \ +FMSGID_READER_PGPASSWORD= \ +docker compose up -d +``` + +If `fmsgd` is running and port `4930` is reachable on `fmsg.`, the host is up. + +On first start, certbot will request Let's Encrypt TLS certificates for `fmsg.` and `fmsgapi.`. If certificate issuance fails (e.g. the domains do not resolve to the server), the stack will not start. Certificates are persisted in a Docker volume and reused on subsequent starts. + + +## Next Steps + +### Add Users + +Create users (mailboxes) by placing a CSV file in the `fmsgid_data` volume at `/opt/fmsgid/data/addresses.csv`. The format is: + +```csv +address,display_name,accepting_new,limit_recv_size_total,limit_recv_size_per_msg,limit_recv_size_per_1d,limit_recv_count_per_1d,limit_send_size_total,limit_send_size_per_msg,limit_send_size_per_1d,limit_send_count_per_1d +@alice@example.com,Alice,true,102400000,10240,102400,1000,102400000,10240,102400,1000 +``` + +You can copy it into the volume with: + +```sh +docker compose cp addresses.csv fmsgid:/opt/fmsgid/data/addresses.csv +docker compose restart fmsgid +``` + +### Connect a Client + +* Connect a client such as [fmsg-cli](https://github.com/markmnl/fmsg-cli) to `fmsgapi.` configured with your `FMSG_API_JWT_SECRET` to send and retrieve messages. + +_NOTE_ Anyone with `FMSG_API_JWT_SECRET` can mint tokens for your `fmsgapi.` for any user e.g. `@alice@`. \ No newline at end of file diff --git a/compose/docker-compose.yml b/compose/docker-compose.yml index ea1bf31..dc2936d 100644 --- a/compose/docker-compose.yml +++ b/compose/docker-compose.yml @@ -1,5 +1,18 @@ services: + certbot: + image: certbot/certbot + restart: "no" + entrypoint: ["/bin/sh", "/entrypoint.sh"] + environment: + FMSG_DOMAIN: ${FMSG_DOMAIN} + CERTBOT_EMAIL: ${CERTBOT_EMAIL} + volumes: + - letsencrypt:/etc/letsencrypt + - ../docker/certbot/entrypoint.sh:/entrypoint.sh:ro + ports: + - "80:80" + postgres: image: postgres:18-alpine restart: unless-stopped @@ -32,12 +45,15 @@ services: environment: GIN_MODE: ${GIN_MODE:-release} FMSGID_PORT: ${FMSGID_PORT:-8080} + FMSGID_CSV_FILE: /opt/fmsgid/data/addresses.csv PGHOST: postgres PGPORT: 5432 PGDATABASE: fmsgid PGUSER: fmsgid_writer PGPASSWORD: ${FMSGID_WRITER_PGPASSWORD} PGSSLMODE: disable + volumes: + - fmsgid_data:/opt/fmsgid/data depends_on: postgres: condition: service_healthy @@ -57,8 +73,8 @@ services: FMSG_ID_URL: http://fmsgid:${FMSGID_PORT:-8080} FMSG_SKIP_DOMAIN_IP_CHECK: ${FMSG_SKIP_DOMAIN_IP_CHECK:-false} FMSG_SKIP_AUTHORISED_IPS: ${FMSG_SKIP_AUTHORISED_IPS:-false} - FMSG_TLS_CERT: ${FMSG_TLS_CERT:-} - FMSG_TLS_KEY: ${FMSG_TLS_KEY:-} + FMSG_TLS_CERT: /etc/letsencrypt/live/fmsg.${FMSG_DOMAIN}/fullchain.pem + FMSG_TLS_KEY: /etc/letsencrypt/live/fmsg.${FMSG_DOMAIN}/privkey.pem PGHOST: postgres PGPORT: 5432 PGDATABASE: fmsgd @@ -67,9 +83,12 @@ services: PGSSLMODE: disable volumes: - fmsg_data:/opt/fmsg/data + - letsencrypt:/etc/letsencrypt:ro ports: - "${FMSG_PORT:-4930}:4930" depends_on: + certbot: + condition: service_completed_successfully postgres: condition: service_healthy fmsgid: @@ -94,14 +113,25 @@ services: PGDATABASE: fmsgd PGUSER: fmsgd_writer PGPASSWORD: ${FMSGD_WRITER_PGPASSWORD} + FMSG_TLS_CERT: /etc/letsencrypt/live/fmsgapi.${FMSG_DOMAIN}/fullchain.pem + FMSG_TLS_KEY: /etc/letsencrypt/live/fmsgapi.${FMSG_DOMAIN}/privkey.pem FMSG_DATA_DIR: /opt/fmsg/data PGSSLMODE: disable volumes: - fmsg_data:/opt/fmsg/data + - letsencrypt:/etc/letsencrypt:ro + ports: + - "443:443" depends_on: - - fmsgd - - fmsgid + certbot: + condition: service_completed_successfully + fmsgd: + condition: service_started + fmsgid: + condition: service_started volumes: postgres_data: fmsg_data: + fmsgid_data: + letsencrypt: diff --git a/docker/certbot/entrypoint.sh b/docker/certbot/entrypoint.sh new file mode 100644 index 0000000..67ac919 --- /dev/null +++ b/docker/certbot/entrypoint.sh @@ -0,0 +1,44 @@ +#!/bin/sh +set -e + +: "${FMSG_DOMAIN:?FMSG_DOMAIN is required}" +: "${CERTBOT_EMAIL:?CERTBOT_EMAIL is required}" + +FMSGD_DOMAIN="fmsg.${FMSG_DOMAIN}" +WEBAPI_DOMAIN="fmsgapi.${FMSG_DOMAIN}" + +# Skip issuance if both certificates already exist +if [ -d "/etc/letsencrypt/live/${FMSGD_DOMAIN}" ] && \ + [ -d "/etc/letsencrypt/live/${WEBAPI_DOMAIN}" ]; then + echo "Certificates for ${FMSGD_DOMAIN} and ${WEBAPI_DOMAIN} already exist, skipping." + exit 0 +fi + +echo "Requesting certificate for ${FMSGD_DOMAIN} ..." +certbot certonly \ + --standalone \ + --non-interactive \ + --agree-tos \ + --email "${CERTBOT_EMAIL}" \ + -d "${FMSGD_DOMAIN}" + +echo "Requesting certificate for ${WEBAPI_DOMAIN} ..." +certbot certonly \ + --standalone \ + --non-interactive \ + --agree-tos \ + --email "${CERTBOT_EMAIL}" \ + -d "${WEBAPI_DOMAIN}" + +# certbot creates private keys as root:root 0600. The application +# containers run as an unprivileged user so the keys must be readable. +chmod 0644 "/etc/letsencrypt/live/${FMSGD_DOMAIN}/privkey.pem" \ + "/etc/letsencrypt/live/${WEBAPI_DOMAIN}/privkey.pem" +chmod 0755 /etc/letsencrypt/live \ + /etc/letsencrypt/archive \ + "/etc/letsencrypt/live/${FMSGD_DOMAIN}" \ + "/etc/letsencrypt/live/${WEBAPI_DOMAIN}" \ + "/etc/letsencrypt/archive/${FMSGD_DOMAIN}" \ + "/etc/letsencrypt/archive/${WEBAPI_DOMAIN}" + +echo "Certificates issued successfully." diff --git a/test/docker-compose.test.yml b/test/docker-compose.test.yml index a6eac9b..7bc7187 100644 --- a/test/docker-compose.test.yml +++ b/test/docker-compose.test.yml @@ -11,6 +11,10 @@ services: + certbot: + entrypoint: ["true"] + restart: "no" + fmsgd: environment: FMSG_TLS_CERT: /opt/fmsg/tls/fmsg.${FMSG_DOMAIN}.crt diff --git a/test/run-tests.sh b/test/run-tests.sh index 4364ebd..6e670c0 100755 --- a/test/run-tests.sh +++ b/test/run-tests.sh @@ -148,7 +148,7 @@ if [ "$SKIP_START" != "true" ]; then -keyout "$TLS_DIR/fmsg.${domain}.key" \ -out "$TLS_DIR/fmsg.${domain}.crt" \ -days 1 -nodes \ - -subj "/CN=fmsg.${domain}" \ + -subj "//CN=fmsg.${domain}" \ -addext "subjectAltName=DNS:fmsg.${domain}" done chmod 644 "$TLS_DIR"/*.key From 14fc407a6593badb5cf1783c605a0bbfbcd7fa3d Mon Sep 17 00:00:00 2001 From: Mark Mennell Date: Sun, 19 Apr 2026 16:16:01 +0800 Subject: [PATCH 2/5] quickstart wording --- QUICKSTART.md | 22 +++++++++++++--------- 1 file changed, 13 insertions(+), 9 deletions(-) diff --git a/QUICKSTART.md b/QUICKSTART.md index 64f282c..0ab7a98 100644 --- a/QUICKSTART.md +++ b/QUICKSTART.md @@ -1,13 +1,17 @@ # Quickstart - Setting up an fmsg host with fmsg-docker +This quickstart gets the docker compose stack from this repository up and running on your server. TLS provisioning is included and an HTTPS API is exposed so you can start sending and receiving fmsg messages for your domain. TCP port 4930 is also exposed for fmsg host-to-host communication. + +To learn more about fmsg, see the documentation repository: (fmsg)[https://github.com/markmnl/fmsg]. + ## Requirements 1. A domain you control, e.g `example.com` -2. A public IP -3. A server with Docker and Docker Compose -4. TCP port `4930` open to the internet -5. TCP port `443` open to the internet (fmsg-webapi HTTPS) -6. TCP port `80` open to the internet (only first start - required for initial Let's Encrypt certificate issuance) +2. A server with a public IP and + 1. TCP port `4930` open to the internet (fmsg TLS) + 2. TCP port `443` open to the internet (fmsg-webapi HTTPS) + 3. TCP port `80` open to the internet (only first start - required for initial Let's Encrypt certificate issuance) +3. Docker and Docker Compose ## Steps @@ -20,12 +24,12 @@ git clone https://github.com/markmnl/fmsg-docker.git ### 1. Configure DNS -Create A (or AAAA) DNS records to resolve to your server IP for: +Create A (or AAAA if your public IP is IPv6) DNS records to resolve to your server IP for: 1. `fmsg.` 2. `fmsgapi.` -_NOTE_ Ensure DNS is kept up-to-date with your server's IP so you can receive messages! +_NOTE_ Ensure DNS is kept up-to-date with your server's IP so you can send and receive messages! ### 2. Configure FMSG @@ -57,14 +61,14 @@ docker compose up -d If `fmsgd` is running and port `4930` is reachable on `fmsg.`, the host is up. -On first start, certbot will request Let's Encrypt TLS certificates for `fmsg.` and `fmsgapi.`. If certificate issuance fails (e.g. the domains do not resolve to the server), the stack will not start. Certificates are persisted in a Docker volume and reused on subsequent starts. +On first start, certbot will request Let's Encrypt TLS certificates for `fmsg.` and `fmsgapi.`. If certificate issuance fails (e.g. the domains do not resolve to the server or port 80 is blocked), the stack will not start. Certificates are persisted in a Docker volume and reused on subsequent starts. ## Next Steps ### Add Users -Create users (mailboxes) by placing a CSV file in the `fmsgid_data` volume at `/opt/fmsgid/data/addresses.csv`. The format is: +Create users (message stores, analoguous to mailboxes) by placing a CSV file in the `fmsgid_data` volume at `/opt/fmsgid/data/addresses.csv`. The format is: ```csv address,display_name,accepting_new,limit_recv_size_total,limit_recv_size_per_msg,limit_recv_size_per_1d,limit_recv_count_per_1d,limit_send_size_total,limit_send_size_per_msg,limit_send_size_per_1d,limit_send_count_per_1d From 750c2325fb84d0708dc6472b768be76f4fbbc9c6 Mon Sep 17 00:00:00 2001 From: Mark Mennell Date: Sun, 19 Apr 2026 16:54:21 +0800 Subject: [PATCH 3/5] added ca-certificates to fmsgd runtime --- QUICKSTART.md | 7 ++++++- docker/fmsgd/Dockerfile | 3 +++ 2 files changed, 9 insertions(+), 1 deletion(-) diff --git a/QUICKSTART.md b/QUICKSTART.md index 0ab7a98..f39d441 100644 --- a/QUICKSTART.md +++ b/QUICKSTART.md @@ -39,7 +39,7 @@ Copy the example env file: cp .env.example compose/.env ``` -Edit `compose/.env` and set at least (note email address here is just for TLS certificates issued by Let's Encrypt): +Edit `compose/.env` and set at least: ```env FMSG_DOMAIN=example.com @@ -49,6 +49,11 @@ FMSGD_WRITER_PGPASSWORD= FMSGID_WRITER_PGPASSWORD= ``` +_NOTE_ +* FMSG_DOMAIN is the domain part of fmsg addresses e.g. in `@user@example.com` would be `example.com`. This server you are setting up is located at the subdomain `fmsg.` but addresses will be at ``, you should only specify `` for FMSG_DOMAIN. +* CERTBOT_EMAIL is an email address supplied to [Let's Encrypt](https://letsencrypt.org/) for e.g. TLS expiry warnings. +* For all secrets and passwords env vars create your own. + Start the stack for the first time from `compose/` and pass the one-time init passwords on the command line (keep these secret, keep them safe): ```sh diff --git a/docker/fmsgd/Dockerfile b/docker/fmsgd/Dockerfile index cfe592d..5da3e89 100644 --- a/docker/fmsgd/Dockerfile +++ b/docker/fmsgd/Dockerfile @@ -16,6 +16,9 @@ RUN if [ "$GIT_SSL_NO_VERIFY" = "true" ]; then \ FROM debian:bookworm-slim +RUN apt-get update && apt-get install -y --no-install-recommends ca-certificates && \ + rm -rf /var/lib/apt/lists/* + RUN useradd -r -s /bin/false fmsg WORKDIR /opt/fmsgd From e4e95ad79c68f2d712e62a9fd52258a08bec9dd8 Mon Sep 17 00:00:00 2001 From: Mark Mennell Date: Sun, 19 Apr 2026 17:04:22 +0800 Subject: [PATCH 4/5] rm GIT_SSL_NO_VERIFY --- .env.example | 3 --- QUICKSTART.md | 6 ++++-- compose/docker-compose.yml | 3 --- docker/fmsg-webapi/Dockerfile | 7 +------ docker/fmsgd/Dockerfile | 7 +------ docker/fmsgid/Dockerfile | 7 +------ test/run-tests.sh | 11 +---------- 7 files changed, 8 insertions(+), 36 deletions(-) diff --git a/.env.example b/.env.example index a23296f..f73abdb 100644 --- a/.env.example +++ b/.env.example @@ -18,10 +18,7 @@ FMSGID_WRITER_PGPASSWORD=changeme # ── Optional (defaults shown) ──────────────────────────── -# GIT_SSL_NO_VERIFY=false # FMSG_PORT=4930 # FMSGID_PORT=8080 # GIN_MODE=release # FMSG_SKIP_DOMAIN_IP_CHECK=false -# PGUSER=postgres -# PGUSER=postgres \ No newline at end of file diff --git a/QUICKSTART.md b/QUICKSTART.md index f39d441..5f0a778 100644 --- a/QUICKSTART.md +++ b/QUICKSTART.md @@ -50,12 +50,14 @@ FMSGID_WRITER_PGPASSWORD= ``` _NOTE_ -* FMSG_DOMAIN is the domain part of fmsg addresses e.g. in `@user@example.com` would be `example.com`. This server you are setting up is located at the subdomain `fmsg.` but addresses will be at ``, you should only specify `` for FMSG_DOMAIN. +* FMSG_DOMAIN is the domain part of fmsg addresses e.g. in `@user@example.com` would be `example.com`. This server you are setting up is located at the subdomain `fmsg.` but addresses will be at ``, you should only specify `` for FMSG_DOMAIN here. * CERTBOT_EMAIL is an email address supplied to [Let's Encrypt](https://letsencrypt.org/) for e.g. TLS expiry warnings. * For all secrets and passwords env vars create your own. Start the stack for the first time from `compose/` and pass the one-time init passwords on the command line (keep these secret, keep them safe): +(might require sudo) + ```sh cd compose PGPASSWORD= \ @@ -66,7 +68,7 @@ docker compose up -d If `fmsgd` is running and port `4930` is reachable on `fmsg.`, the host is up. -On first start, certbot will request Let's Encrypt TLS certificates for `fmsg.` and `fmsgapi.`. If certificate issuance fails (e.g. the domains do not resolve to the server or port 80 is blocked), the stack will not start. Certificates are persisted in a Docker volume and reused on subsequent starts. +On first start, certbot will request Let's Encrypt TLS certificates for `fmsg.` and `fmsgapi.`. If certificate issuance fails (e.g. the domains do not resolve to the server or port 80 is blocked), the stack will not start. Certificates are persisted in a Docker volume and reused on subsequent starts. Once certificates are issued port 80 is no longer needed until certificates need to be renewed - usually 90 days. ## Next Steps diff --git a/compose/docker-compose.yml b/compose/docker-compose.yml index dc2936d..9cd0243 100644 --- a/compose/docker-compose.yml +++ b/compose/docker-compose.yml @@ -39,7 +39,6 @@ services: dockerfile: Dockerfile args: FMSGID_REF: ${FMSGID_REF:-main} - GIT_SSL_NO_VERIFY: ${GIT_SSL_NO_VERIFY:-} CACHEBUST: ${CACHEBUST:-} restart: unless-stopped environment: @@ -64,7 +63,6 @@ services: dockerfile: Dockerfile args: FMSGD_REF: ${FMSGD_REF:-main} - GIT_SSL_NO_VERIFY: ${GIT_SSL_NO_VERIFY:-} CACHEBUST: ${CACHEBUST:-} restart: unless-stopped environment: @@ -100,7 +98,6 @@ services: dockerfile: Dockerfile args: FMSG_WEBAPI_REF: ${FMSG_WEBAPI_REF:-main} - GIT_SSL_NO_VERIFY: ${GIT_SSL_NO_VERIFY:-} CACHEBUST: ${CACHEBUST:-} restart: unless-stopped environment: diff --git a/docker/fmsg-webapi/Dockerfile b/docker/fmsg-webapi/Dockerfile index 720ba20..0b44def 100644 --- a/docker/fmsg-webapi/Dockerfile +++ b/docker/fmsg-webapi/Dockerfile @@ -1,16 +1,11 @@ FROM golang:1.25 AS builder ARG FMSG_WEBAPI_REF=main -ARG GIT_SSL_NO_VERIFY= ARG CACHEBUST WORKDIR /build -RUN if [ "$GIT_SSL_NO_VERIFY" = "true" ]; then \ - git config --global http.sslVerify false; \ - export GOINSECURE='*' GONOSUMDB='*' GONOSUMCHECK='*' GOPROXY=direct; \ - fi && \ - git clone --branch "$FMSG_WEBAPI_REF" --depth 1 https://github.com/markmnl/fmsg-webapi.git . && \ +RUN git clone --branch "$FMSG_WEBAPI_REF" --depth 1 https://github.com/markmnl/fmsg-webapi.git . && \ cd src && \ go build -o fmsg-webapi . diff --git a/docker/fmsgd/Dockerfile b/docker/fmsgd/Dockerfile index 5da3e89..2798d3e 100644 --- a/docker/fmsgd/Dockerfile +++ b/docker/fmsgd/Dockerfile @@ -1,16 +1,11 @@ FROM golang:1.25 AS builder ARG FMSGD_REF=main -ARG GIT_SSL_NO_VERIFY= ARG CACHEBUST WORKDIR /build -RUN if [ "$GIT_SSL_NO_VERIFY" = "true" ]; then \ - git config --global http.sslVerify false; \ - export GOINSECURE='*' GONOSUMDB='*' GONOSUMCHECK='*' GOPROXY=direct; \ - fi && \ - git clone --branch "$FMSGD_REF" --depth 1 https://github.com/markmnl/fmsgd.git . && \ +RUN git clone --branch "$FMSGD_REF" --depth 1 https://github.com/markmnl/fmsgd.git . && \ cd src && \ go build -o fmsgd . diff --git a/docker/fmsgid/Dockerfile b/docker/fmsgid/Dockerfile index 9d13ea6..89fb92c 100644 --- a/docker/fmsgid/Dockerfile +++ b/docker/fmsgid/Dockerfile @@ -1,16 +1,11 @@ FROM golang:1.25 AS builder ARG FMSGID_REF=main -ARG GIT_SSL_NO_VERIFY= ARG CACHEBUST WORKDIR /build -RUN if [ "$GIT_SSL_NO_VERIFY" = "true" ]; then \ - git config --global http.sslVerify false; \ - export GOINSECURE='*' GONOSUMDB='*' GONOSUMCHECK='*' GOPROXY=direct; \ - fi && \ - git clone --branch "$FMSGID_REF" --depth 1 https://github.com/markmnl/fmsgid.git . && \ +RUN git clone --branch "$FMSGID_REF" --depth 1 https://github.com/markmnl/fmsgid.git . && \ cd src && \ go build -o fmsgid . diff --git a/test/run-tests.sh b/test/run-tests.sh index 6e670c0..d01a15f 100755 --- a/test/run-tests.sh +++ b/test/run-tests.sh @@ -89,9 +89,6 @@ export FMSGID_REF=${FMSGID_REF:-main} export FMSG_WEBAPI_REF=${FMSG_WEBAPI_REF:-main} FMSG_CLI_REF=${FMSG_CLI_REF:-main} -# ── Pass through optional SSL verification override ────────── -export GIT_SSL_NO_VERIFY=${GIT_SSL_NO_VERIFY:-} - # ── Ensure Go is on PATH ────────────────────────────────────── if ! command -v go &>/dev/null && [ -x /usr/local/go/bin/go ]; then export PATH="/usr/local/go/bin:$PATH" @@ -114,14 +111,8 @@ fi if [ "$NEED_BUILD_CLI" = "true" ]; then echo "==> Building fmsg CLI (ref: $FMSG_CLI_REF)..." FMSG_CLI_DIR=$(mktemp -d) - if [ "$GIT_SSL_NO_VERIFY" = "true" ]; then git config --global http.sslVerify false; fi git clone --branch "$FMSG_CLI_REF" --depth 1 https://github.com/markmnl/fmsg-cli.git "$FMSG_CLI_DIR" - if [ "$GIT_SSL_NO_VERIFY" = "true" ]; then - GOINSECURE='*' GONOSUMDB='*' GONOSUMCHECK='*' GOPROXY=direct \ - bash -c "cd \"$FMSG_CLI_DIR\" && go build -o \"$FMSG_BIN\" ." - else - (cd "$FMSG_CLI_DIR" && go build -o "$FMSG_BIN" .) - fi + (cd "$FMSG_CLI_DIR" && go build -o "$FMSG_BIN" .) rm -rf "$FMSG_CLI_DIR" echo "$FMSG_CLI_REF" > "$FMSG_BIN_REF_FILE" else From 4749e9b3c086e63568cd8c6da4479e4cf3ea85d3 Mon Sep 17 00:00:00 2001 From: Mark Mennell Date: Sun, 19 Apr 2026 17:14:05 +0800 Subject: [PATCH 5/5] fix tests - no certbot or 443 needed --- QUICKSTART.md | 2 ++ test/docker-compose.test.yml | 17 ++++++++++++++++- 2 files changed, 18 insertions(+), 1 deletion(-) diff --git a/QUICKSTART.md b/QUICKSTART.md index 5f0a778..273c1eb 100644 --- a/QUICKSTART.md +++ b/QUICKSTART.md @@ -4,6 +4,8 @@ This quickstart gets the docker compose stack from this repository up and runnin To learn more about fmsg, see the documentation repository: (fmsg)[https://github.com/markmnl/fmsg]. +Read the (README.md)[https://github.com/markmnl/fmsg-docker] of this repo for more about settings and environment being used in this quickstart. + ## Requirements 1. A domain you control, e.g `example.com` diff --git a/test/docker-compose.test.yml b/test/docker-compose.test.yml index 7bc7187..a1a8c9f 100644 --- a/test/docker-compose.test.yml +++ b/test/docker-compose.test.yml @@ -14,6 +14,8 @@ services: certbot: entrypoint: ["true"] restart: "no" + ports: !override [] + profiles: ["certbot"] fmsgd: environment: @@ -22,6 +24,11 @@ services: FMSG_TLS_INSECURE_SKIP_VERIFY: "true" volumes: - ../test/.tls:/opt/fmsg/tls:ro + depends_on: !override + postgres: + condition: service_healthy + fmsgid: + condition: service_started networks: default: fmsg-test: @@ -30,7 +37,15 @@ services: - fmsg.${FMSG_DOMAIN} fmsg-webapi: - ports: + environment: + FMSG_TLS_CERT: "" + FMSG_TLS_KEY: "" + depends_on: !override + fmsgd: + condition: service_started + fmsgid: + condition: service_started + ports: !override - "${FMSG_WEBAPI_HOST_PORT:-8081}:${FMSG_API_PORT:-8000}" networks: