6.6 KiB
layout, title, parent, nav_order
| layout | title | parent | nav_order |
|---|---|---|---|
| default | Manual Setup (single container) | Self-hosting | 2 |
Self-host via All-In-One Docker image
The following guide will walk you through the steps to install AliasVault via the All-In-One Docker container. This container uses s6-overlay to combine all AliasVault's services into one image for convenience. The only downside compared to the install.sh installer is that this version does NOT come with SSL support, so you'll have to make the container available through your own SSL proxy.
Prerequisites:
This guide assumes you already have the following:
- Docker (20.10+) and Docker Compose (2.0+) installed on your system
- See instructions: https://docs.docker.com/engine/install/
- You have existing SSL proxy infrastructure (Traefik, Nginx, HAProxy, Cloudflare Tunnel)
- Knowledge of working with direct Docker commands
- Knowledge of .yml and .env files
1. Basic installation
- Create a new folder where you want to store AliasVault's data and configuration folders.
mkdir aliasvault
cd aliasvault
- Create a new
docker-compose.ymlfile with the following contents. Note: this will auto-create the directories specified involumes:in the current folder.
services:
aliasvault:
image: ghcr.io/aliasvault/aliasvault:latest
container_name: aliasvault
restart: unless-stopped
ports:
- "80:80"
- "443:443"
- "25:25"
- "587:587"
volumes:
- ./database:/database
- ./logs:/logs
- ./secrets:/secrets
environment:
PUBLIC_REGISTRATION_ENABLED: "true"
IP_LOGGING_ENABLED: "true"
SUPPORT_EMAIL: ""
PRIVATE_EMAIL_DOMAINS: ""
-
Run
docker-compose up -dto start the container. -
After the container has started, AliasVault will be accessible at:
- Client: http://localhost/ or https://localhost/
- Admin: http://localhost/admin or https://localhost/admin
- API: http://localhost/api or https://localhost/api
2. SSL configuration
HTTPS is required to use AliasVault for using:
- Web app via non-localhost URLs (because of browser crypto restrictions)
- Mobile apps require the API URL to have a valid SSL certificate, otherwise the app refuses to connect
Configure your existing SSL infrastructure (Traefik, Nginx, HAProxy, CloudFlare Tunnel) to make the AliasVault container available through HTTPS with a valid SSL certificate. E.g. https://aliasvault.yourdomain.com.
3. Email Server Setup
AliasVault includes a built-in email server that allows you to generate email aliases on-the-fly for every website you use, and receive the emails straight in AliasVault.
{: .note } If you skip this step, AliasVault will default to use public email domains offered by SpamOK. While this still works for creating aliases, it has privacy limitations. For complete privacy and control, we recommend setting up your own domain. Learn more about the differences between private and public email domains.
Requirements
- A public IPv4 address with ports 25 and 587 pointing to your AliasVault server
- Open ports 25 and 587 on your server firewall for email SMTP traffic (NOTE: some residential IP's block this, check with your ISP).
Verifying Port Access
While the AliasVault docker containers are running, use telnet to confirm your public IP allows access to the ports:
# Test standard SMTP port
telnet <your-server-public-ip> 25
# Test secure SMTP port
telnet <your-server-public-ip> 587
Choose your configuration: primary domain vs subdomain
AliasVault can be configured under:
-
A primary (top-level) domain Example:
your-aliasvault.net. This allows you to receive email on%alias%@your-aliasvault.net. -
A subdomain of your existing domain Example:
aliasvault.example.net. This allows you to receive email on%alias%@aliasvault.example.net. Email sent to your main domain remains unaffected and will continue arriving in your usual inbox.
a) Setup using a primary domain
DNS Configuration
Configure the following DNS records on your primary domain (e.g. your-aliasvault.net):
| Name | Type | Priority | Content | TTL |
|---|---|---|---|---|
| A | <your-server-public-ip> |
3600 | ||
| @ | MX | 10 | mail.your-aliasvault.net |
3600 |
Replace
<your-server-public-ip>with your actual server IP.
Example
mail.your-aliasvault.netpoints to your server IP.- Email to
@your-aliasvault.netwill be handled by your AliasVault server.
b) Setup using a subdomain
DNS Configuration
Configure the following DNS records on your subdomain setup (for example, aliasvault.example.com):
| Name | Type | Priority | Content | TTL |
|---|---|---|---|---|
| mail.aliasvault | A | <your-server-public-ip> |
3600 | |
| aliasvault | MX | 10 | mail.aliasvault.example.com |
3600 |
🔹 Explanation:
mail.aliasvaultcreates a DNS A record formail.aliasvault.example.compointing to your server IP.- The MX record on
aliasvault.exampletells senders to send their mail addressed to%@aliasvault.example.comtomail.aliasvault.example.com.
Replace
<your-server-public-ip>with your actual server’s IP address.
Example
mail.aliasvault.example.compoints to your server IP.- Emails to
user@aliasvault.example.comwill be handled by your AliasVault server.
This keeps the email configuration of your primary domain (example.com) completely separate, so you can keep receiving email on your normal email addresses and have unique AliasVault addresses too.
Configuring AliasVault
After setting up your DNS, you have to configure AliasVault to let it know which email domains it should support. Update the docker-compose.yml file:
[..]
environment:
PRIVATE_EMAIL_DOMAINS: "yourdomain1.com,yourdomain2.com"
After updating the docker-compose.yml file, issue a docker compose restart. Afterwards, when you login to the AliasVault web app, you should now be able to create an alias with your domain and be able to receive email on it.
{: .note } Important: DNS propagation can take up to 24-48 hours. During this time, email delivery might be inconsistent.
If you encounter any issues, feel free to join the Discord chat to get help from other users and maintainers.