chasquid comes with a Dockerfile to create a container running chasquid, dovecot, and managed certificates with Let's Encrypt.

Note these are less thoroughly tested than the traditional setup, which is the recommended way to use chasquid.


There are pre-built images at the gitlab registry and dockerhub. They are automatically built, and tagged with the corresponding branch name. Use the main tag for a stable version.

If, instead, you want to build the image yourself, just run:

$ docker build -t chasquid -f docker/Dockerfile .


First, pull the image into your target machine:

$ docker pull

You will need a data volume to store persistent data, outside the image. This will contain the mailboxes, user databases, etc.

$ docker volume create chasquid-data

To add your first user to the image:

$ docker run \
    --mount source=chasquid-data,target=/data \
    -it --entrypoint=/ \
Email (full user@domain format):
Password: added to /data/dovecot/users

Upon startup, the image will obtain a TLS certificate for you using Let's Encrypt. You need to tell it the domain(s) to get a certificate from by setting the AUTO_CERTS variable.

Because certificates expire, you should restart the container every week or so. Certificates will be renewed automatically upon startup if needed.

In order for chasquid to get access to the source IP address, you will need to use host networking, or create a custom docker network that does IP forwarding and not proxying.

Finally, start the container:

$ docker run -e \
    --mount source=chasquid-data,target=/data \
    --network host \


To get a shell on the running container for debugging, you can use docker ps to find the container ID, and then docker exec -it CONTAINERID /bin/bash to open a shell on the running container.