Host Mailcow with Traefik reverse Proxy
corusm
Posted on June 26, 2023
Traefik
Traefik is a reverse proxy for docker container that organises the network trafic und updates the https certificates.
Scope of this Tutorial
Install Docker
Download Mailcow
Setup
docker-compose.override.yml
Launch Mailcow
Add DNS Entrys
Install Docker & Git
Arch
yay -S docker docker-compose git
Ubuntu
curl -fsSL https://get.docker.com -o get-docker.sh
sh get-docker.sh
sudo apt-get install git
Start & Enable Docker service
sudo systemctl start docker
sudo sysyemctl enable docker
Download Mailcow
In the next step we’ll clone the Mailcow git Repository
git clone https://github.com/mailcow/mailcow-dockerized /opt
Change directory to /opt/mailcow-dockerized
cd /opt/mailcow-dockerized
Generate config
./generate_config.sh
Remove exposed ports from Mailcow Docker-Compose File
nginx-mailcow:
...
#ports:
#- "${HTTPS_BIND:-0.0.0.0}:${HTTPS_PORT:-443}:${HTTPS_PORT:-443}"
#- "${HTTP_BIND:-0.0.0.0}:${HTTP_PORT:-80}:${HTTP_PORT:-80}"
Create Docker-Compose Override
version: "2.1"
services:
nginx-mailcow:
labels:
- "traefik.enable=true"
- "traefik.http.routers.nginx-mailcow.entrypoints=web"
- "traefik.http.routers.nginx-mailcow.rule=HostRegexp(`{host:(autodiscover|autoconfig|webmail|mail|email).+}`)"
- "traefik.http.middlewares.nginx-mailcow-https-redirect.redirectscheme.scheme=https"
- "traefik.http.routers.nginx-mailcow.middlewares=nginx-mailcow-https-redirect"
- "traefik.http.routers.nginx-mailcow-secure.entrypoints=web-secure"
- "traefik.http.routers.nginx-mailcow-secure.rule=Host(`mail.example.de`)" # YOUR EMAIL SUBDMAIN
- "traefik.http.routers.nginx-mailcow-secure.tls=true"
- "traefik.http.routers.registry-secured.tls.certresolver=myCertResolver" # ADD your Certresolver here
- "traefik.http.routers.nginx-mailcow-secure.service=nginx-mailcow"
- "traefik.http.services.nginx-mailcow.loadbalancer.server.port=80"
- "traefik.docker.network=main"
networks:
main:
certdumper:
image: humenius/traefik-certs-dumper
container_name: traefik_certdumper
restart: unless-stopped
network_mode: none
command: --restart-containers mailcowdockerized_postfix-mailcow_1,mailcowdockerized_dovecot-mailcow_1
volumes:
# mount the folder which contains Traefik's `acme.json' file
# in this case Traefik is started from its own docker-compose in ../traefik
- /home/niklas/letsencrypt:/traefik:ro
# mount mailcow's SSL folder
- /var/run/docker.sock:/var/run/docker.sock:ro
- ./data/assets/ssl:/output:rw
environment:
- DOMAIN=mail.example.de # YOUR EMAIL SUBDOMAIN HERE
networks:
main: # YOUR TRAEFIK NETWORK HERE
external: true
```
### Download `docker-compose.override`
```
wget https://gist.githubusercontent.com/corusm/063de56d133aa688f9d36a82bd78e607/raw/cdb03c2c5ef8b2ee62808a04b3aff935ab1e02e7/docker-compose.override.yml
```
### Edit File
Now edit the File in line `12, 33, 35` as in the comments explained.
### Edit `Mailcow.conf`
1.
Change `SKIP_LETS_ENCRYPT=n` to `SKIP_LETS_ENCRYPT=y`
2. Change `SKIP_CLAMD=n` to `SKIP_CLAMD=y`
### Run Docker-Compose - Start Mailcow
```
sudo docker-compose up
```
If you are done with this tutorial, you can add the `-d`flag to run docker compose in the background.
### Open `mail.example.com`
Start configuring your Mailcow Server!
![](https://dev-to-uploads.s3.amazonaws.com/i/37ppi0kz8x3rq3d9tuuw.png)
### Configure Mailcow
Goto `Configuration > Mail Setup`
### Add Domain
Goto `Configuration > Mail Setup > Domains`
![](https://dev-to-uploads.s3.amazonaws.com/i/fdg9v0q5mv0b0eus1ei2.png)
### Add Mailbox (E-Mail Adress)
Goto `Configuration > Mail Setup > Mailbox`
![](https://dev-to-uploads.s3.amazonaws.com/i/upqxn526f30neyobuiuv.png)
### Open Webmail
`https://mail.example.com/SOGo`
### Login
```
User: user@domain.com
```
![](https://dev-to-uploads.s3.amazonaws.com/i/mkv1z22n07ab50ic5k4e.png)
### Add DNS Config
### Add DMARC Entry
```
_dmarc.domain.com. TXT 3600 "v=DMARC1;p=none;rua=mailto:postmaster@domain.com;ruf=mailto:postmaster@domain.com"
```
### Add MX Entry
```
domain.de MX 3600 10 mail.example.com
```
### Add DKIM Entry
-
Goto `Configuration > ARC/DKIM-Keys`
- `Add ARC/DKIM key`
![](https://dev-to-uploads.s3.amazonaws.com/i/vl32lvpfmb1eqvgfm2ph.png)
-
Copy Private Key to DNS Server
![](https://dev-to-uploads.s3.amazonaws.com/i/9p3x9mghsrh9nox496zn.png)
### INFO
It takes some time for the DNS Servers to spread the information. Give this process some time!
### Check the Spammyness of your email
[https://www.mail-tester.com/](https://www.mail-tester.com/)
1.
Open the Website
2. Send E-Mail to this address
3. Get the review!
![](https://dev-to-uploads.s3.amazonaws.com/i/p3irqhkr8vlhx2iizqgh.png)
💖 💪 🙅 🚩
corusm
Posted on June 26, 2023
Join Our Newsletter. No Spam, Only the good stuff.
Sign up to receive the latest update from our blog.