Skip to main content

Welcome to the new version

· 2 min read
Sławomir Cichy
Sławomir Cichy
Senior Architect @ IBPM S.A.

🚀 New clothes of front-001: Evolution in the shadow of containers - Hardcore Infrastructure Reconstruction

Welcome to the new version of our infrastructure! The changes you see on the surface today are just the tip of the iceberg. Beneath, we've waged a battle we've provisionally called "The Great Cleanup of 2026."

Hardcore Infrastructure Reconstruction

Why "new clothes"?

The previous configuration, while faithful, began to resemble a well-known, yet somehow too tight, suit. We decided to move our ecosystem onto a more modern track – we switched to AlmaLinux, invited Podman to collaborate, and decided to streamline what's most important in any email system: the flow of information.

Anatomy of a "slaughterhouse", or what happened behind the scenes

The road to today's stable front-001 wasn't a bed of roses. If you were wondering why the admins were drinking more coffee this week, here are some technical skirmishes:

  • Battle for Domain Identity: It was crucial to teach the server when a domain belonged to it (ibpm.pl) and when it absolutely had to be forwarded (e.g., to Office365 for .pro). We struggled with an overzealous LDAP that persistently tried to "steal" external emails. The solution? Surgically precise filters that checked administrative groups.
  • Taming Cross-Domain Aliases: Even when the domain was routed correctly, Postfix could "suck in" emails destined for Office365 if it found a matching alias in the local LDAP. We introduced "robust" user filters that only accepted a match if the domain in the query was exactly the local domain. And yes – we closed all the parentheses in the filters!
  • Podman and SELinux Adoption: Migrating to AlmaLinux with Podman presented us with a challenge of permissions and security contexts. Properly mapping volumes with the :z flag became crucial so that configuration changes on the host were immediately visible inside the container.

What does this mean for you?

First and foremost – certainty. The new architecture means greater service isolation, easier deployment, and configuration that's predictable and secure. Jira and notification systems now operate in an environment tailored precisely to our needs, eliminating message delivery issues.

A final word

Thank you for your patience during these "difficulties." Every corrected bracket and every verified trusted network is a step towards a system we can rely on.

IBPM Special Tasks Team