I have my mailcow server up and running for year or more with no problems.
Now i need add traefik reverse proxy.
I’ve configured Traefik and humenius/traefik-certs-dumper.
my mailcow UI work ok with traefik ssl cert but email clients get old outdated cert and i cant figure out why its happend.
and yes i know that i need to restart mailcow services which looks like the simplest answer but it didnt help
docker restart $(docker ps -qaf name=postfix-mailcow)
docker restart $(docker ps -qaf name=nginx-mailcow)
docker restart $(docker ps -qaf name=dovecot-mailcow)
httpbind ports changed and letsencrypt skiped in mailcow.conf
SKIP_LETS_ENCRYPT=y
HTTP_BIND=127.0.0.1
HTTP_PORT=8080
HTTPS_BIND=127.0.0.1
HTTPS_PORT=8443
my mailcow docker-compose.override.yml
`version: '2.1'
services:
nginx-mailcow:
networks:
web:
labels:
- traefik.enable=true
- traefik.http.routers.moo.rule=Host(`${MAILCOW_HOSTNAME}`)
- traefik.http.routers.moo.tls=true
- traefik.http.routers.moo.tls.certresolver=production
- traefik.http.services.moo.loadbalancer.server.port=${HTTP_PORT}
- traefik.http.routers.moo.entrypoints=websecure
- traefik.docker.network=web
certdumper:
image: humenius/traefik-certs-dumper:latest
container_name: traefik_certdumper
network_mode: none
command: --restart-containers mailcow_postfix-mailcow_1,mailcow_dovecot-mailcow_1,mailcow_nginx-mailcow_1
volumes:
- /etc/localtime:/etc/localtime:ro
- /opt/traefik/data/ssl-certs:/traefik:ro
- /var/run/docker.sock:/var/run/docker.sock:ro
- ./data/assets/ssl/:/output:rw
environment:
- DOMAIN=${MAILCOW_HOSTNAME}
networks:
web:
external: true`
my traefik docker-compose
`version: '3'
services:
traefik:
image: "traefik:v2.5"
container_name: "traefik"
networks:
- web
ports:
- "80:80"
- "443:443"
# (Optional) Expose Dashboard
#- "8080:8080" # Don't do this in production!
volumes:
- /etc/localtime:/etc/localtime:ro
- /opt/traefik:/opt/traefik
- ./data/ssl-certs:/ssl-certs
- ./data/traefik.yml:/traefik.yml:ro
- /var/run/docker.sock:/var/run/docker.sock:ro
labels:
- "traefik.enable=true"
- "traefik.http.routers.traefik.tls=true"
- "traefik.http.routers.traefik.tls.certresolver=production"
- "traefik.http.routers.traefik.rule=Host(`traefik.domain.eu`) && (PathPrefix(`/api`) || PathPrefix(`/dashboard`))"
- "traefik.http.routers.traefik.service=api@internal"
- "traefik.http.routers.traefik.middlewares=auth"
- "traefik.http.middlewares.auth.basicauth.users=admin:*****************************************"
networks:
web:
external: true
my traefik.yml
`global:
checkNewVersion: true
sendAnonymousUsage: false # true by default
api:
dashboard: true # true by default
entryPoints:
web:
address: :80
(Optional) Redirect to HTTPS
—
http:
redirections:
entryPoint:
to: websecure
scheme: https
websecure:
address: :443
certificatesResolvers:
staging:
acme:
email: ***@gmail.com
storage: /ssl-certs/acme.json
caServer: “https://acme-staging-v02.api.letsencrypt.org/directory”
httpChallenge:
entryPoint: web
production:
acme:
email: ***@gmail.com
storage: /ssl-certs/acme.json
caServer: “https://acme-v02.api.letsencrypt.org/directory”
httpChallenge:
entryPoint: web
providers:
file:
filename: dynamic.yml
#
docker:
exposedByDefault: false # Default is true`