Deploying & Running Axigen in Docker

Installing Axigen

 

The Axigen Docker image is available starting with Axigen X2.

Introduction

The Axigen Docker image is provided for users to be able to run an Axigen based mail service within a Docker container.

Image structure

The image relies on a Centos 7 (centos:7) image; on it, Axigen is installed (from RPM) and basic configuration is performed.

The disk structure obeys the RPM defined structure:

  • /opt/axigen — binaries and other files

  • /var/opt/axigen — data files

The "/var/opt/axigen" is configured as a Docker volume and must be preserved between container runs, to preserve the mail server data (configuration, mailbox data, etc.).

The following services are enabled and mapped as 'exposed' TCP ports in Docker:

  • SMTP (25 - non secure, 465 - TLS)
  • IMAP (143 - non secure, 993 - TLS)
  • POP3 (110 - non secure, 995 - TLS)
  • WEBMAIL (80 - non secure, 443 - TLS)
  • WEBADMIN (9000 - non secure, 9443 - TLS)
  • CLI (7000 - non secure)

Using the Axigen image / container

An important point is that the Axigen instance data is not the container itself (which holds just package files — binaries and so on) but the "/var/opt/axigen" volume, which holds the actual server configuration and the server (mailbox / users) data. A container may be deleted, upgraded (new container created from a newer image), stopped, started, and the server data will be preserved, as long as the Docker volume which is mapped upon container startup is preserved.

Creating a new Axigen mail server instance

The Axigen data volume may be mapped, upon container creation, to the Docker volume or to a host filesystem path (bind mount). The latter approach is recommended, allowing the administrator to examine the Axigen data files (storage, logs, configuration) directly from the Docker host.

# docker run --name=axigen -dt -v <volume>:/var/opt/axigen -p 443:443 -p 9443:9443 -p 993:993 -p 995:995 -p 25:25 -p 465:465 -p 9000:9000 -p 7000:7000 axigen/axigen

The following options are used:

  • -d → detach from the container (since we want it to run in the background)

  • -t → allocate a pseudo-TTY to allow capturing Axigen stdout in the Docker logs

  • -v → map a volume in /var/opt/axigen; <volume> may be a Docker volume or a local host path (bind mount). See the The Axigen data volume section below for more details

  • -p → port mapping: map the ports exposed by the container (Axigen, in this case) to host ports. In the example above, ports 443 (WebMail), 9443 (WebAdmin), 993 (IMAPs) and 995 (POP3s), 25 (SMTP) and 465 (SMTPs) are mapped. The Axigen container also exposes other ports which may me mapped, if needed (see the Image structure section).

When the Axigen data volume (be it a Docker volume or a bind mount) is first used in the container, it will be initialized.
Upon creation, the container will also be started.

Check that the container is running:

# docker ps -f ancestor=axigen

The output should display a running container, along with the port mapping and other information:

CONTAINER ID        IMAGE               COMMAND                  CREATED             STATUS              PORTS                                                                                                                                                                                            NAMES
03fa1abc15d2        axigen/axigen    "/bin/sh -c /app/run…"   6 minutes ago       Up 6 minutes        80/tcp, 110/tcp, 0.0.0.0:25->25/tcp, 0.0.0.0:443->443/tcp, 0.0.0.0:465->465/tcp, 0.0.0.0:993->993/tcp, 143/tcp, 0.0.0.0:995->995/tcp, 0.0.0.0:9000->9000/tcp, 0.0.0.0:9443->9443/tcp, 8443/tcp   axigen

At this point, if the WebAdmin port was mapped (-p 9443:9443), the Axigen WebAdmin interface should be accessible via the host IP: https://localhost:9443/. Since Axigen will only run in demo mode for a limited period without an assigned license, please use the WebAdmin to upload your license file (free or commercial), before this period expires. After the demo period expires, the container will no longer start, and the Axigen data volume will need to be reinitialized (deleted and recreated).

The administrator password is set randomly upon the data volume initialization, and is available in the container logs (note that you invoke the docker logs command using the Container ID from the previous output; alternatively you can invoke also with the container given name, see the --name parameter of the docker run command):

# docker logs 03fa1abc15d2
Initializing workdir
Administrator's password saved
Admin password is: L5NuNBVZXA6mr
Axigen[18]: INFO: Starting Axigen Mail Server version 10.1.4 (Linux/x64)
Axigen[18]: SUCCESS: supervise ready... (respawns per minute: 10)
Axigen[18]: INFO: supervise: spawning a new process to execute Axigen Mail Server version 10.1.4 (Linux/x64)

In the example above, the generated administrator password is L5NuNBVZXA6mr

Stopping and starting the container

A running Axigen container may be stopped by using the docker stop <container_id> command, where the <container_id> is obtained from the output of the docker ps command. Axigen containers (including stopped ones) may be viewed with the docker ps -a -f ancestor=axigen command. When a container is stopped, its full state is preserved, only the Axigen process is stopped.

A stopped Axigen container may be started by using the docker start <container_id> command.

You can as well restart the container (also restarts the Axigen service) by using the  docker restart <container_id> command.

Updating an axigen image to the latest version available

Use the following command to update your local axigen/axigen image to the latest version:

After an image is updated, you will need to recreate the axigen instance with an existing axigen data volume as described below.

Deleting a container

The administrator may delete an Axigen container (without deleting the actual data — configuration and domains, which is stored in the Axigen data volume).

A stopped Axigen container may be deleted by using the docker rm <container_id> command. Please note that only stopped containers may be deleted.

Along with the container, all data which is not Axigen data volume (e.g. shell history, system logs) will be lost.

Recreating an Axigen instance with an existing Axigen data volume

If the Axigen data volume was preserved, a new container may be created using the same volume; the admin password, configuration and domain data will be preserved. The same command as for the initial instance creation is used, but providing an existing, populated Axigen data volume as the fist parameter in the -v mapping.

docker run --name=axigen -dt -v <volume>:/var/opt/axigen -p 443:443 -p 9443:9443 -p 993:993 -p 995:995 -p 25:25 -p 465:465 -p 9000:9000 -p 7000:7000 axigen/axigen

This method is also used for the following purposes:

  • Upgrading to a newer version of Axigen
  • Recreating the container ↔ host port mapping

The Axigen data volume

Using a host filesystem path (bind mount)

A directory on the host must be created. If selinux (for Linux hosts) is used, the folder must be labeled with the svirt_sandbox_file_t selinux label.

Example:

mkdir /var/axigen_var
chcon -t svirt_sandbox_file_t /var/axigen_var

This way, the administrator may access files from the axigen var partition (logs, configurations) without accessing the Docker container itself.

Important Note

Since Axigen is accessing (reading / writing) files in the data volume, it is imperative that the administrator does not modify files in the mapped host folder, as this action may have unpredictable results.

More information about Docker bind mounts here: https://docs.docker.com/storage/bind-mounts/

Using a Docker volume

A persistent Docker volume may be used. If it does not exist, it will be automatically created on the container instantiation.

More information about Docker volumes here: https://docs.docker.com/storage/volumes/