Hi,
I want to use the mailhog service on the staging machine. I copied the mail.yml from the group_vars and added the mailhog role to the server.yml
Did I miss anything?
Hi,
I want to use the mailhog service on the staging machine. I copied the mail.yml from the group_vars and added the mailhog role to the server.yml
Did I miss anything?
Is it working as expected?
Oh, I forgot the most important thing. No it’s not working. I tried to visit staging.domain.com:8025 like development, but I don’t get the mailhog webinterface.
Trellis sets up Mailhog on your local/development environment by default (see here).
If you want to use Mailhog as part of your remote/staging environment then you’ll need to make some changes to your server provisioning playbooks. Trellis sets up ssmtp for those environments by default (see here).
Also, refer to Trellis’s mail documentation here: https://roots.io/trellis/docs/mail/.
If you already made changes to your playbooks in an effort to setup Mailhog on your remote environment then please paste the changes you made, along with any relevant provisioning output, and finally, detailed output that indicates what you mean by “it’s not working.” A good example of that is error log output.
Thx for your response. I just added the mailhog role to the provisioning playbook - { role: mailhog, tags: [mailhog, mail] }
(and
So the main provisioning of staging looks nearly like the provisoning of the dev machine (yes I ignore production for now).
The problem is that I don’t get any errors except ERR_CONNECTION_REFUSED
in Chrome when I visit staging.domain.com:8025. I don’t know how to debug this…
An excerpt of the provisioning:
TASK [mailhog : Ensure mailhog install directory exists.] **********************
ok: [192.168.10.5]
TASK [mailhog : Download MailHog and mhsendmail binaries.] *********************
ok: [192.168.10.5] => (item={u'url': u'https://github.com/mailhog/MailHog/releases/download/v0.2.0/MailHog_linux_amd64', u'dest': u'/opt/mailhog/mailhog'})
ok: [192.168.10.5] => (item={u'url': u'https://github.com/mailhog/mhsendmail/releases/download/v0.2.0/mhsendmail_linux_amd64', u'dest': u'/opt/mailhog/mhsendmail'})
TASK [mailhog : Copy mailhog init script into place.] **************************
ok: [192.168.10.5]
TASK [mailhog : Copy mailhog systemd unit file into place (for systemd systems).] ***
skipping: [192.168.10.5]
TASK [mailhog : Ensure mailhog is enabled and will start on boot.] *************
ok: [192.168.10.5]
I can get mailhog working on staging using the steps below. But first, a word of caution about security. Think twice before enabling Mailhog on a public server.
ip_whitelist
for port 8025
(see below).The following steps are what you already described, just adding conditionals on the mailhog and ssmtp roles in server.yml
(although I didn’t test the necessity of conditional) and adding an updated ferm_input_list
list to open port 8025
on staging.
Step 1. cp group_vars/development/mail.yml group_vars/staging/mail.yml
Step 2. adjust server.yml
...
- { role: sshd, tags: [sshd] }
- { role: mariadb, tags: [mariadb] }
+ - { role: mailhog, tags: [mailhog, mail], when: env != 'production' }
- - { role: ssmtp, tags: [ssmtp, mail] }
+ - { role: ssmtp, tags: [ssmtp, mail], when: env == 'production' }
- { role: php, tags: [php] }
- { role: memcached, tags: [memcached] }
...
Step 3. Open port 8025
by overriding the default ferm_input_list
, adding the following to group_vars/staging/main.yml
(context/discussion):
ferm_input_list:
- type: dport_accept
dport: [http, https]
filename: nginx_accept
- type: dport_accept
dport: [ssh]
saddr: "{{ ip_whitelist }}"
- type: dport_limit
dport: [ssh]
seconds: 300
hits: 20
- type: dport_accept
dport: [8025]
saddr: "{{ ip_whitelist }}"
That final saddr: "{{ ip_whitelist }}"
is what keeps just anyone from accessing your Mailhog interface (allows only those accessing the port from an IP in your whitelist) , but I doubt this would be enough to meet official security policies, if you have them.
Great! Thx for your detailed response!
Our staging server isn’t really public in that special case. I will try it.
I enabled mailhog in staging, but I can’t see it because all my browsers try HTTPS (ssl) on port 8025 and then fail. Some trick to fix this?
Maybe put mailhog under the nginx, just under some different base URL.
@iceteabottle, as an alternative, you could consider using the free https://mailtrap.io service. This is what I use on staging to capture my emails. I like this setup because it means staging more closely matches my production environment, in as much as they both use an external SMTP server for mail. It could potentially alert me to network problems on staging, rather than discovering the problem in production later on.