1

I try to set up my own mailserver, Mailcow was recommended.

DNS-provider:
Cloudflare with

CNAME mail.examle.com => examle.com, proxied

Because it is proxies, I cannot use normal ports like mentioned in the docs. Therefore I have to setup some forwarding...

Router:
Fritzbox with port forwadring

2052 => 25
2053 => 465
8080 => 587
2082 => 143
2083 => 993
2086 => 110
2087 => 995
8880 => 4190

Docker:
I use jwilders reverse proxy and it's LE-companion, which works well with everything else I have hosted so far.

${DOCKERDIR}/docker-compose-js.yml
version: '3'

services:
  proxy:
    build: ./reverse_proxy
    container_name: proxy
    restart: always
    ports:
      - 80:80
      - 443:443
    volumes:
      - ${DOCKERDIR}/reverse_proxy/certs:/etc/nginx/certs:ro
      - ${DOCKERDIR}/reverse_proxy/vhost.d:/etc/nginx/vhost.d
      - ${DOCKERDIR}/reverse_proxy/html:/usr/share/nginx/html
      - /var/run/docker.sock:/tmp/docker.sock:ro
    environment:
      - PUID=33
      - PGID=33
    labels:
      com.github.jrcs.letsencrypt_nginx_proxy_companion.nginx_proxy: ""
    networks:
      - proxy-tier
    depends_on:
      - le

  le:
    image: jrcs/letsencrypt-nginx-proxy-companion
    container_name: le
    volumes:
      - ${DOCKERDIR}/reverse_proxy/certs:/etc/nginx/certs:rw
      - ${DOCKERDIR}/reverse_proxy/vhost.d:/etc/nginx/vhost.d
      - ${DOCKERDIR}/reverse_proxy/html:/usr/share/nginx/html
      - /var/run/docker.sock:/var/run/docker.sock:ro
    environment:
      - PUID=33
      - PGID=33
      - DEFAULT_EMAIL=*****
      - NGINX_PROXY_CONTAINER=proxy
    networks:
      - proxy-tier

networks:
  proxy-tier:

Then there is a (slightly) modified file for mailcow, just mentioning the changes

%{DOCKERDIR}/mailcow/docker-compose.yml
nginx-mailcow:
...
#      ports:
#        - "${HTTPS_BIND:-0.0.0.0}:${HTTPS_PORT:-443}:${HTTPS_PORT:-443}"
#        - "${HTTP_BIND:-0.0.0.0}:${HTTP_PORT:-80}:${HTTP_PORT:-80}"
...

There seems to be no way to remove those ports from it's original docker-compose.yml despite it not being recommended.
For all other changes I got

${DOCKERDIR}/mailcow/docker-compose-override.yml
version: '2.1'

services:
    nginx-mailcow:
      networks:
        proxy-tier:
      environment:
        - VIRTUAL_HOST=${MAILCOW_HOSTNAME},${ADDITIONAL_SAN}
        - VIRTUAL_PORT=8080
        - VIRTUAL_PROTO=http
        - LETSENCRYPT_HOST=${MAILCOW_HOSTNAME},${ADDITIONAL_SAN}
      volumes:
        - ${DOCKERDIR}/reverse_proxy/certs/${MAILCOW_HOSTNAME}:/etc/ssl/mail/
        - ${DOCKERDIR}/reverse_proxy/certs/dhparam.pem:/etc/ssl/mail/dhparams.pem:ro
      ports:
    dovecot-mailcow:
      volumes:
        - ${DOCKERDIR}/reverse_proxy/certs/${MAILCOW_HOSTNAME}:/etc/ssl/mail/
        - ${DOCKERDIR}/reverse_proxy/certs/dhparam.pem:/etc/ssl/mail/dhparams.pem:ro
    postfix-mailcow:
      volumes:
        - ${DOCKERDIR}/reverse_proxy/certs/${MAILCOW_HOSTNAME}:/etc/ssl/mail/
        - ${DOCKERDIR}/reverse_proxy/certs/dhparam.pem:/etc/ssl/mail/dhparams.pem:ro

networks:
  proxy-tier:

And finally the mailcow.conf (changes only)

${DOCKERDIR}/mailcow/mailcow.conf
MAILCOW_HOSTNAME=mail.example.com

HTTP_PORT=8080
#HTTP_BIND=0.0.0.0
HTTP_BIND=proxy

HTTPS_PORT=8443
#HTTPS_BIND=0.0.0.0
HTTPS_BIND=proxy

SKIP_LETS_ENCRYPT=y

When I try to connect to mail.example.com I get Error 526 Invalid SSL certificate.

Could someone pls show me where my config is wrong and how to change it so I get mailcow working?

vonAlenberg
  • 552
  • 1
  • 3
  • 11

0 Answers0