- Notifications
You must be signed in to change notification settings - Fork0
Dockerized DirectAdmin Alias and Forwarder Management
License
GitTimeraider/Directadmin-Emailforwarder-docker
Folders and files
| Name | Name | Last commit message | Last commit date | |
|---|---|---|---|---|
Repository files navigation
AI is responsible for over half of the coding. Also keep in mind that this software is mostly developed for personal use by myself and thus might not receive all feature requests desired.
###################################################
A Dockerized secure web application for managing email forwarders through the DirectAdmin API. Features a clean web interface with authentication, 2FA support, user management options.
- 🔐 Secure Authentication: Built-in user authentication system with session management
- 📱 Two-Factor Authentication: Optional TOTP-based 2FA for enhanced security
- 📧 Email Forwarder Management:
- Create email forwarders with intuitive interface
- List all existing forwarders
- Delete forwarders with confirmation
- Auto-refresh forwarders list every 60 seconds
- 🎨 Modern Web UI: Clean, responsive interface built with vanilla JavaScript
- 🐳 Docker Support:
- Multi-architecture images (amd64, arm64)
- Configurable UID/GID for proper file permissions
- Available on GitHub Container Registry
- 🔄 DirectAdmin Integration: Direct API integration with DirectAdmin servers
- 📊 Real-time Updates: Automatic refresh of forwarder list
- DirectAdmin Server: Access to a DirectAdmin server with API enabled
- DirectAdmin API Credentials: Username and password with email management permissions
- Docker (recommended): Docker Engine 20.10+ and Docker Compose 2.0+
# Pull and run the Docker imagedocker run -d \ --name email-forwarder \ -p 5000:5000 \ -e SECRET_KEY=$(openssl rand -hex 32) \ -v email-forwarder-data:/app/data \ ghcr.io/gittimeraider/directadmin-emailforwarder:main
Access the application at http://localhost:5000
- Default username:
admin - Default password:
changeme(⚠️ Change immediately!)
| Variable | Description | Required | Default | Example |
|---|---|---|---|---|
SECRET_KEY | Flask secret key for session encryption | ✅ | - | your-secret-key-here |
USER_UID | User ID for container process | ❌ | 1000 | 1001 |
USER_GID | Group ID for container process | ❌ | 1000 | 1001 |
DATABASE_URL | SQLAlchemy database URL | ❌ | sqlite:////app/data/users.db | postgresql://... |
DATA_DIR | Override data directory (SQLite, uploads) | ❌ | /app/data | /data |
SESSION_COOKIE_SECURE | Force secure cookies (set true in HTTPS) | ❌ | false | true |
SESSION_LIFETIME_DAYS | Session lifetime in days | ❌ | 1 | 7 |
Access the applicationNavigate to
http://localhost:5000Login with default credentials
- Username:
admin - Password:
changeme
- Username:
Change default password immediately
- This is critical for security
Configure additional users (if needed)
- Navigate to User Management under Admin
- Create users for team members
Enable 2FA (Recommended)
- Click "Enable 2FA" in the settings
- Scan QR code with authenticator app
- Navigate to the dashboard
- Enter the alias (e.g., "support" for support@yourdomain.com)
- Select destination email from dropdown
- Click "Create Forwarder"
- All forwarders are listed with their destinations
- List auto-refreshes every 60 seconds
- Shows alias → destination mapping
- Find the forwarder in the list
- Click "Delete" button
- Confirm deletion
Only administrators can access user management at /admin/users
- Click "Add New User"
- Enter username and password
- Optionally generate secure password
- Assign admin privileges if needed
- Click "Save"
- Click "Edit" next to user
- Modify username, password, or privileges
- Reset 2FA if needed
- Click "Save"
- Click "Delete" next to user
- Confirm deletion
- System prevents deleting:
- Your own account
- The last administrator
- Username
- Role (Admin/User)
- 2FA Status
- Creation date
- Last login time
Immediate Actions
- Change default admin password
- Enable 2FA for all administrators
- Use strong, unique passwords
Password Security
Bash
# Generate secure secret key openssl rand -hex 32 # Generate secure password openssl rand -base64 12Environment Security
- Never commit
.envfiles - Use HTTPS in production
- Restrict database file permissions
- Keep DirectAdmin credentials secure
- Never commit
Container Security
- Run as non-root user
- Use specific UID/GID
- Mount volumes with appropriate permissions
- Password hashing (Werkzeug PBKDF2)
- Session-based authentication
- TOTP 2FA (RFC 6238 compliant)
- CSRF protection
- Admin/user role separation
- Activity logging
Cannot connect to DirectAdmin
- Verify URL format:
https://server.com:2222 - Check API credentials
- Ensure API is enabled for user
- Test with curl:
curl -u user:pass https://server.com:2222/CMD_API_SHOW_DOMAINS
Permission errors
- Set correct UID/GID:
-e USER_UID=$(id -u) -e USER_GID=$(id -g) - Fix data directory:
chown -R $(id -u):$(id -g) ./data
2FA not working
- Verify device time is synchronized
- Try adjacent codes (±30 seconds)
- Ensure using TOTP not HOTP
- Admin can reset user's 2FA
Database errors
- Check data directory permissions
- Ensure volume is mounted correctly
- Verify DATABASE_URL if using external DB
About
Dockerized DirectAdmin Alias and Forwarder Management
Topics
Resources
License
Uh oh!
There was an error while loading.Please reload this page.
Stars
Watchers
Forks
Packages0
Uh oh!
There was an error while loading.Please reload this page.
Uh oh!
There was an error while loading.Please reload this page.
Contributors4
Uh oh!
There was an error while loading.Please reload this page.