Prerequisites¶
Server¶
- 8 GB RAM minimum (both stacks + Keycloak + OpenSearch)
- Docker and Docker Compose v2 installed
- Traefik already configured as reverse proxy with Let's Encrypt
- Port 25 open inbound (Hetzner: add incoming TCP/25 in Cloud Firewall)
- A wildcard DNS A record (
*.<domain>) pointing to the VPS public IP
Domain & DNS¶
- A domain you control (e.g.,
<domain>) with DNS managed at your registrar - Ability to add MX, TXT, and A records
SMTP Relay¶
- A free Brevo account (300 emails/day) or any SMTP relay
- SMTP credentials: host, port, username, password
Docker Networks¶
The Traefik reverse proxy must be on a Docker network named proxy:
Keycloak¶
- Keycloak will be deployed as part of the Messages stack
- You'll need to create realms and users through the admin console
Estimated Resource Usage¶
| Component | Memory |
|---|---|
| Messages (full stack) | ~2 GB |
| Calendars (full stack with CalDAV) | ~1 GB |
| Keycloak | ~600 MB |
| Overhead | ~1.5 GB |
| Total | ~5 GB |
With 8 GB RAM, there is comfortable headroom. If memory is tight, reduce OpenSearch heap (-Xms256m -Xmx256m) and gunicorn workers (--workers 2).