Skip to content

refactor: compose.yaml example #54

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
polarathene wants to merge 2 commits into
base: main
Choose a base branch
from
Open

refactor: compose.yaml example #54

polarathene wants to merge 2 commits into from

Conversation

@polarathene
Copy link

@polarathene polarathene commented Nov 16, 2025
edited
Loading

This has been staged into two separate commits assuming the ENV flexibility paired with unbound.conf embedding into the compose.yaml is undesired. This was based off discussion on a related PR that was focused on dropping the explicit network.

Changes:

  • Simplify the named volumes
  • Remove custom image builds in favor of runtime config (no need to rebuild images just because you changed config).
  • Configure DNS via the Compose dns setting instead of the Rspamd dns setting, as no difference for application specific (Rspamd) DNS config has been identified.
  • The sysctl net.core.somaxconn=4096 for redis has been dropped, given that this workaround is for pre-2020 environments, the 5.4 LTS kernel (Nov 2019 release) that defaults to 4096 will be EOL in Dec 2025.
  • services.rspamd.ports was dropped due to limited context of their value in publishing, it may be better suited to the README.
    • Compose users should already know how to publish ports when needed, and this example appears to assume users are already aware of the Rspamd ports.
    • All ports could just as easily be accessed through the unbound-network subnet from containers on other Compose projects. Including the web UI through a common reverse proxy container. Let those.
    • The main merit is perhaps in 127.0.0.1 binding, but AFAIK rspamd already has protection in place to not trust public IPs (and has no issue with default trust to all private range IPs in the config it ships with), so again if this is of value I'd defer to it to an addition in the README.
  • The documentation subnet 192.0.2.0/24 is fine, but since the existing example already seemed focused on flexible configuration, I've unified the IP assignment and subnet definition to ENV vars with defaults. Prior to this the unbound.conf was hard-coded (and built into a custom image), now it leverages Docker Compose feature to be adjusted in sync with usage else where in the compose.yaml to adjust.
  • The Unbound config also removes use-syslog: no as logfile: "" already disables syslog, alternatively use-syslog: no could be kept instead, the affect of logs then being defaulted to stdout/stderr might be less obvious though?

@polarathene polarathene mentioned this pull request Nov 16, 2025
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@polarathene