Skip to content

installation/docker: Improve documentation #1325

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

installation/docker: Improve documentation #1325

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
28 changes: 23 additions & 5 deletions docs/installation/docker.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -41,8 +41,6 @@ Example:
docker run -v /etc/dovecot-config:/etc/dovecot/conf.d:ro -v /srv/vmail:/srv/vmail -p 143:31143 -p 993:31993 dovecot/dovecot:latest
```

Dovecot uses TLS certificates from `/etc/dovecot/ssl` directory. The full chain certificate name is expected to be `tls.crt`, and key file `tls.key`.

POP3 service is not enabled by default, if you need pop3, place a pop3.conf drop-in to conf.d:

```
Expand All @@ -53,6 +51,26 @@ protocols {

By default imap, submission, lmtp and sieve protocols are enabled.

### Authentication

The default auth configuration is in conf.d/auth.conf, which has
```
passdb static {
password = $ENV:USER_PASSWORD
}
```

This is useful only for testing purposes and single-user instances. To configure multiple users or other authentication methods, you need to override this file.

### TLS configuration

Default certificate is expected at `/etc/dovecot/ssl/tls.crt` and key at `/etc/dovecot/ssl/tls.key`. You can override `conf.d/ssl.conf` to change this.

### Complex configuration

You can also override the entire `/etc/dovecot/dovecot.conf` file, just make sure you include `/etc/dovecot/vendor.d/rootless.conf` in your configuration either
direcly, or via include. This is not needed if you use the `-root` variant image.
Copy link
Contributor

@sirainen sirainen Oct 30, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

via !include

?


## Listening ports

Since v2.4.1 ports are exposed as non-privileged ports. You need to map these
Expand All @@ -65,7 +83,7 @@ to the ports that you need.
| imap | 31143 |
| imaps | 31993 |
| pop3 | 31110 |
| pop3s | 31990 |
| pop3s | 31995 |
| submissions | 31465 |
| submission | 31587 |
| lmtps | 31024 |
Expand All @@ -81,12 +99,12 @@ To run the system fully read-only, use:
docker run --read-only --tmpfs /tmp --tmpfs /run/dovecot -v /srv/vmail:/srv/vmail --rm -it dovecot/dovecot:latest
```

Dovecot will need write permissions to `/tmp`, `/run` and persistent mail storage at `/srv/vmail`.
Dovecot will need write permissions to `/tmp`, `/run/dovecot` and persistent mail storage at `/srv/vmail`.

## Running without Linux capabilities

By default, Dovecot needs `CAP_SYS_CHROOT` capability. To remove this requirements, you can prevent chrooting
by placing no-chroot.conf to drop-in directory:
by placing no-chroot.conf to `conf.d` directory:

```
service submission-login {
Expand Down