Host Mailcow with Traefik reverse Proxy
2/5/2020 2:20:10 PM
Guide to Host Mailcow with Traefik Reverse Proxy and HTTPS
Traefik
Traefik is a reverse proxy for docker container that organises the network trafic und updates the https certificates.
Scope of this Tutorial
Install Docker
Download Mailcow
Setup
docker-compose.override.ymlLaunch Mailcow
Add DNS Entrys
Install Docker & Git
Arch
yay -S docker docker-compose gitUbuntu
curl -fsSL https://get.docker.com -o get-docker.sh
sh get-docker.sh
sudo apt-get install gitStart & Enable Docker service
sudo systemctl start docker
sudo sysyemctl enable dockerDownload Mailcow
In the next step we’ll clone the Mailcow git Repository
git clone https://github.com/mailcow/mailcow-dockerized /optChange directory to /opt/mailcow-dockerized
cd /opt/mailcow-dockerized
Generate config
./generate_config.shRemove exposed ports from Mailcow Docker-Compose File
nginx-mailcow:
...
#ports:
#- "${HTTPS_BIND:-0.0.0.0}:${HTTPS_PORT:-443}:${HTTPS_PORT:-443}"
#- "${HTTP_BIND:-0.0.0.0}:${HTTP_PORT:-80}:${HTTP_PORT:-80}"Create Docker-Compose Override
version: "2.1"
services:
nginx-mailcow:
labels:
- "traefik.enable=true"
- "traefik.http.routers.nginx-mailcow.entrypoints=web"
- "traefik.http.routers.nginx-mailcow.rule=HostRegexp(`{host:(autodiscover|autoconfig|webmail|mail|email).+}`)"
- "traefik.http.middlewares.nginx-mailcow-https-redirect.redirectscheme.scheme=https"
- "traefik.http.routers.nginx-mailcow.middlewares=nginx-mailcow-https-redirect"
- "traefik.http.routers.nginx-mailcow-secure.entrypoints=web-secure"
- "traefik.http.routers.nginx-mailcow-secure.rule=Host(`mail.example.de`)" # YOUR EMAIL SUBDMAIN
- "traefik.http.routers.nginx-mailcow-secure.tls=true"
- "traefik.http.routers.registry-secured.tls.certresolver=myCertResolver" # ADD your Certresolver here
- "traefik.http.routers.nginx-mailcow-secure.service=nginx-mailcow"
- "traefik.http.services.nginx-mailcow.loadbalancer.server.port=80"
- "traefik.docker.network=main"
networks:
main:
certdumper:
image: humenius/traefik-certs-dumper
container_name: traefik_certdumper
restart: unless-stopped
network_mode: none
command: --restart-containers mailcowdockerized_postfix-mailcow_1,mailcowdockerized_dovecot-mailcow_1
volumes:
# mount the folder which contains Traefik's `acme.json' file
# in this case Traefik is started from its own docker-compose in ../traefik
- /home/niklas/letsencrypt:/traefik:ro
# mount mailcow's SSL folder
- /var/run/docker.sock:/var/run/docker.sock:ro
- ./data/assets/ssl:/output:rw
environment:
- DOMAIN=mail.example.de # YOUR EMAIL SUBDOMAIN HERE
networks:
main: # YOUR TRAEFIK NETWORK HERE
external: true
Download docker-compose.override
wget https://gist.githubusercontent.com/corusm/063de56d133aa688f9d36a82bd78e607/raw/cdb03c2c5ef8b2ee62808a04b3aff935ab1e02e7/docker-compose.override.ymlEdit File
Now edit the File in line 12, 33, 35 as in the comments explained.
Edit Mailcow.conf
Change
SKIP_LETS_ENCRYPT=ntoSKIP_LETS_ENCRYPT=yChange
SKIP_CLAMD=ntoSKIP_CLAMD=y
Run Docker-Compose - Start Mailcow
sudo docker-compose upIf you are done with this tutorial, you can add the -dflag to run docker compose in the background.
Open mail.example.com
Start configuring your Mailcow Server!
Configure Mailcow
Goto Configuration > Mail Setup
Add Domain
Goto Configuration > Mail Setup > Domains
Add Mailbox (E-Mail Adress)
Goto Configuration > Mail Setup > Mailbox
Open Webmail
https://mail.example.com/SOGo
Login
User: user@domain.com
Add DNS Config
Add DMARC Entry
_dmarc.domain.com. TXT 3600 "v=DMARC1;p=none;rua=mailto:postmaster@domain.com;ruf=mailto:postmaster@domain.com"Add MX Entry
domain.de MX 3600 10 mail.example.comAdd DKIM Entry
Goto
Configuration > ARC/DKIM-KeysAdd ARC/DKIM key
Copy Private Key to DNS Server
INFO
It takes some time for the DNS Servers to spread the information. Give this process some time!
Check the Spammyness of your email
Open the Website
Send E-Mail to this address
Get the review!
