• Resources
  • USEnglish

  • [HOWTO] Install mailcow in a LXC container on Proxmox 6.4-13 for home usage

First I’d like to thank for taking the time to reply to my questions.

I understand the easy advice as follows:

  1. in opnsense I install the acme plugin and let the opnsense take care for the let’s encrypt certs. I already tested this way, this plugin works.
  2. I daily copy, preferably with a cron job, the certs to mailcow - what path/location exactly?
  3. the mailcow VM has to be daily rebooted, to recognize the new certs?

@esackbauer

Thank you for describing the way with a reverse proxy. I tried this but honestly, as a part time admin, this is way too complicated for me.

Everything works really pretty well out of the box, if mailcow does not sit in a VM (and probably in lxc container) and behind a firewall like opnsense or pfsense. I tested mailcow at home on a laptop running with arch linux. There’s an asus router in front of the home network. No problem to configure a port forward to the laptop, so everything works as intended.

Anyway, if I take the road kicou suggests, where in mailcow can acme be safely disabled? Is it in the GUI or better with the command line?

    stefan21 what path/location exactly?
    mailcow VM has to be daily rebooted, to recognize the new certs?

    All your questions are already answered in the last link of my previous posting…

      My script on the NAS (Auth by key) :
      #!/bin/bash
      scp -i /root/.ssh/id_rsa /usr/syno/etc/certificate/archive/hkbWEi/fullchain.pem root@192.168.0.3:/root
      scp -i /root/.ssh/id_rsa /usr/syno/etc/certificate/      archive/hkbWEi/privkey.pem root@192.168.0.3:/root

      My daily cron script on mailcow server :
      #!/bin/sh

      copy cert to data folder

      cp -f /root/fullchain.pem /opt/mailcow-dockerized/data/assets/ssl/cert.pem
      cp -f /root/privkey.pem /opt/mailcow-dockerized/data/assets/ssl/key.pem
      rm -f /root/fullchain.pem
      rm -f /root/privkey.pem

      restart needed docker

      docker restart $(docker ps -qaf name=postfix-mailcow)
      docker restart $(docker ps -qaf name=nginx-mailcow)
      docker restart $(docker ps -qaf name=dovecot-mailcow)

        Doing this daily seems unnecessary. Certs are good for 90 days with renewal possible after 60.

        I run a script on mailcow instance itself to check renewal weekly using dns challenge (cloudflare) as I don’t want any more open ports than absolutely necessary. Dns challenge requires the use of an api key to update the require txt record.

        kicou

        I managed to fetch certs with opnsense acme-plugin. Already tested, works fine. I also managed to automate the deploy of the cert to mailcow. In the mailcow-docs is said:
        "How to use your own certificate¶

        Make sure you disable mailcows internal LE client (see above).

        To use your own certificates, just save the combined certificate (containing the certificate and intermediate CA/CA if any) to data/assets/ssl/cert.pem and the corresponding key to data/assets/ssl/key.pem"

        The copy of the certs from the opnsense is in:

        /opt/mailcow-dockerized/data/assets/ssl/FQHN/

        • ca.pem
        • cert.pem
        • fullchain.pem
        • key.pem

        Will that work?

          It won’t. No problem to write a cron job.

          Some other questions are popping up:

          In the doc I read: "Die mailcow Daten (wie bspw. E-Mails, Userdaten etc.) werden in Docker-Volumes aufbewahrt - geben Sie gut auf diese Volumes acht:

          clamd-db-vol-1
crypt-vol-1
mysql-socket-vol-1
mysql-vol-1
postfix-vol-1
redis-vol-1
rspamd-vol-1
sogo-userdata-backup-vol-1
sogo-web-vol-1
solr-vol-1
vmail-index-vol-1
vmail-vol-1

          "
          O.k. Got it. Are those volumes covered within the backup-script?

          While I’m migrating from another email-server, is it possible to upload bulk white/black lists?

          10 months later

          Friends, I have to ask you for help. mailcow is behind nginx proxy manager on 192.168.12.15, mailcow address is 192.168.12.41. It runs on mail.example.com the interface works, but when you start docker compose upd, an error pops up: Your hands are already dropping

          [unknown] Any help is greatly appreciated

          4 months later

          kicou

          Hi
          Really its not needed to prepare Proxmox host form MailCow LXC?

              • lipunis

                  Moolevel 2
                • Post #26
                • Edited

                I struggled for a long time, but eventually, I succeeded. It’s probably because I lacked knowledge. In the end, everything has been working fine for six months, thanks to the guys, everything is okay.

                I used LXC+Docker

                I used LXC+Docker

                  lipunis

                  So without any changes in Proxmox Host ?
                  im trying to avoid modify Proxmox host

                    • lipunis

                        Moolevel 2
                      • Post #28
                      • Edited

                      Sorry. I didnt feedback.In my case, it’s a corrupted container. There is a link in our community

                      The Topikstarter has described everything well. I can hardly help you anymore. This is the only disadvantage of linux, that when you set everything up, it just works)

                      The Topikstarter has described everything well. I can hardly help you anymore. This is the only disadvantage of linux, that when you set everything up, it just works)

                      If I remember correctly, there were nuances of docker with IPtables.

                      The Topikstarter has described everything well. I can hardly help you anymore. This is the only disadvantage of linux, that when you set everything up, it just works)

                      If I remember correctly, there were nuances of docker with IPtables.

                      The Topikstarter has described everything well. I can hardly help you anymore. This is the only disadvantage of linux, that when you set everything up, it just works)

                      If I remember correctly, there were nuances of docker with IPtables.

                      The Topikstarter has described everything well. I can hardly help you anymore. This is the only disadvantage of linux, that when you set everything up, it just works)

                      If I remember correctly, there were nuances of docker with IPtables.

                      • esackbauer

                        • Community Hero
                        Moolevel 347
                      • Post #29

                      KrisFromFuture Is Proxmox VM with Debian 12 (not LXC) option ok ?

                      I would recommend that. Use a Debian 12 VM with Docker installed as per mailcow documentation.

                        • Kkicou

                            Moolevel 6
                          • Post #30

                          Hi all,

                          Just to be clear, LXC is not supported but works until now very well, since years !
                          Not use it for professional usage for sure, but for my personal use, 10 mailbox on a little memory server,
                          LXC works with what at say earlier.

                          But for sure, if you have a issue, you will not have any support from the mailcow staff.
                          If you can have a full KVM, is the preferred installation !

                            4 days later

                            • Dvalin21

                                Moolevel 6
                              • Post #31

                              kicou Can you please share your process to get it up and running? Thanks.

                                • Kkicou

                                    Moolevel 6
                                  • Post #32

                                  Yes sure.

                                  Follow the initial HOWTO without the step 1 “Prepare your proxmox hypervisor”.

                                  It works like a charmn, without any preparation on the new Proxmox (Overlay and Naufs).

                                  Lest Test from scratch on version 8.0.3 of Proxmox for me.

                                  BR

                                  No one is typing