Deploy mailserver with Docker: customize config of service unbound

I’m considering to migrate to a docker based mailserver deployment. This deployment includes several services, e.g. Unbound.
However I need to understand how to customize unbound configuration to enhance DNSSEC, DoT, unbound-control, etc.
This would result in an override of /etc/unbound.conf with

# The following line includes additional configuration files from the
# /etc/unbound/unbound.conf.d directory.
include-toplevel: "/etc/unbound/unbound.conf.d/*.conf"

The relevant section in docker-compose.yml file is this:

    image: ${}/${DOCKER_PREFIX:-}unbound:${MAILU_VERSION:-2.0}
    env_file: mailu.env
    restart: always

Can you please advise how to proceed?
Or can you consider this as a feature request?


If you want to change a file in a Docker container, you can

  1. Create a new image from the original one, and add the updated config to it
  2. Run the container from the original image and mount the updated config file, for example with a bind mount from a local file on host.

Is it not possible to create a volume and write all relevant configuration files to this volume?

That’s possible, too. Just a tiny bit more complicated. Sorry I haven’t mentioned it.

I think it makes sense to follow the approach that’s a combination of both, means

  • create new image from original
  • add volume for /etc/unbound/unbound.conf.d
  • modify configuration file /etc/unbound.conf and include include-toplevel: "/etc/unbound/unbound.conf.d/*.conf"