Sogo on Subdomain

tynie

Hi,

my mailcow is handling many different domains. I´d like so serve my SOGO-Webmail on a customers Subdomain e.g. mail.example.org. I already searched around and often found this link https://mailcow.github.io/mailcow-dockerized-docs/u_e-webmail-site/ which now ends up in 404 - Not found 🙁

Does anyone have a copy or another “How-To”?

MAGIC

See https://mailcow.github.io/mailcow-dockerized-docs/manual-guides/Nginx/u_e-nginx_webmail-site/, gonna fix the redirect in a bit!

PavshinSergei

I need help

In order to create certificates, I disabled Nginx, launched certbot, copied the received keys to the /etc/ssl/mail folder, then created a new Nginx configuration according to the instructions, specified my domain for which SoGo should open, the domain on which the mail is located, restarted Nginx - and nothing doesn’t work. Tell me please where to start searching?

DocFraggle

PavshinSergei I disabled Nginx

Why did you do that? Are you using a reverse proxy?

PavshinSergei launched certbot, copied the received keys

This is only necessary if you’re using a reverse proxy, so again, do you? 🙂

PavshinSergei

No. certbot could not access port 80 while Nginx was running

I found a mistake, I needed to put the keys in the ./data/assets/ssl/ directory

Now I have another problem. Now when you go to domain2 you wil be redirected to domain1/SOgo. I would like it not to be redirected from domain2 to domain1, but for the web interface to be available on domain2. If I specify proxy_pass then everything breaks down again

DocFraggle

PavshinSergei No. certbot could not access port 80 while Nginx was running

OK, if you don’t use a reverse proxy, why do you need to run certbot?

PavshinSergei when you go to domain2 you wil be redirected to domain1/SOgo

You need a second section with something like

server {
  ssl_certificate /etc/ssl/mail/cert.pem;
  ssl_certificate_key /etc/ssl/mail/key.pem;
  index index.php index.html;
  client_max_body_size 0;
  root /web;
  include /etc/nginx/conf.d/listen_plain.active;
  include /etc/nginx/conf.d/listen_ssl.active;
  server_name webmail.domain2.org;
  server_tokens off;
  location ^~ /.well-known/acme-challenge/ {
    allow all;
    default_type "text/plain";
  }

  location / {
    return 301 https://CHANGE_TO_MAILCOW_HOSTNAME_2/SOGo;
  }
}

And, of course, you have to add your second domain to mailcow.conf at ADDITIONAL_SERVER_NAMES

And just in case you didn’t do that yet, RTM:

https://docs.mailcow.email/post_installation/firststeps-ssl/#additional-domain-names

PavshinSergei

Because if the keys were not generated and placed in the ./data/assets/ssl/ folder, then Nginx could not start. it gave the error “I can’t find the certificate” and went into restart.

CHANGE_TO_MAILCOW_HOSTNAME_2 - what should I write here? Host on which docker is installed? Name of the container? Domain for which the admin panel is available?

location / {
return 301 https://CHANGE_TO_MAILCOW_HOSTNAME_2/SOGo;
}
}

this code will lead to the fact that when you enter domain2 in the browser, a redirection will occur and in the address bar you will receive domain1/SOGo

DocFraggle

PavshinSergei Because if the keys were not generated and placed in the ./data/assets/ssl/ folder,

That’s what the ACME container is for :/ you don’t need to put your own certificate in there

So let’s assume you have two domains whcih you already added to the domain tab in your mailcow UI:

domain1.tld
domain2.tld

Your primary mailcow hostname is mail.domain1.tld, and you added a CNAME (or an A record if you want to) for mail.domain2.tld, webmail.domain1.tld and webmail.domain2.tld which point to your primary hostname

Step 1: add webmail.* to ADDITIONAL_SAN in mailcow.conf

ADDITIONAL_SAN=mail.*,webmail.*

Step 2: add the Nginx config to redirect your webmail URLs:

data/conf/nginx/webmail.conf

server {
  ssl_certificate /etc/ssl/mail/cert.pem;
  ssl_certificate_key /etc/ssl/mail/key.pem;
  index index.php index.html;
  client_max_body_size 0;
  root /web;
  include /etc/nginx/conf.d/listen_plain.active;
  include /etc/nginx/conf.d/listen_ssl.active;
  server_name webmail.domain1.tld;
  server_tokens off;
  location ^~ /.well-known/acme-challenge/ {
    allow all;
    default_type "text/plain";
  }

  location / {
    return 301 https://webmail.domain1.tld/SOGo;
  }
}

server {
  ssl_certificate /etc/ssl/mail/cert.pem;
  ssl_certificate_key /etc/ssl/mail/key.pem;
  index index.php index.html;
  client_max_body_size 0;
  root /web;
  include /etc/nginx/conf.d/listen_plain.active;
  include /etc/nginx/conf.d/listen_ssl.active;
  server_name webmail.domain2.tld;
  server_tokens off;
  location ^~ /.well-known/acme-challenge/ {
    allow all;
    default_type "text/plain";
  }

  location / {
    return 301 https://webmail.domain2.tld/SOGo;
  }
}

Restart the Nginx container:

docker compose restart nginx-mailcow

Then apply the changes to your stack:

docker compose up -d

The ACME container will fetch a new certificate for mail.domain2.tld, webmail.domain1.tld and webmail.domain2.tld automatically! No need for you to run certbot manually and copy stuff
That should be it

DocFraggle

DocFraggle Step 1: add webmail.* to ADDITIONAL_SAN in mailcow.conf

ADDITIONAL_SAN=mail.*,webmail.*

As I wrote above 😉 Afaik you don’t need ADDITIONAL_SERVER_NAMES

PavshinSergei

No. Not like that.
There is a domain name mail.domain.ltd - it leads to the host where the docker with mailcow is installed. By default, the mailcow UI page opens.

It is necessary that the SOGo web interface page opens at the specified domain name (mail.domain.ltd) or make the web interface open at the domain name webmail.domain.ltd

I tried the example you suggested.

server {
..
server_name mail.domain.tld;
..
location/{
return 301 https://mail.domain.tld/SOGo;
}
}

no redirection occurs. The mailcow UI window opens

I cleared the browser cache and refreshed the page

DocFraggle

That won’t work because mail.domain.tld is your mailcow’s main FQDN and all the default Nginx config is related to this…

Why don’t you use webmail.domain.tld and redirect this to webmail.domain.tld/SOGo?

PavshinSergei

I’m sorry. I didn’t immediately understand your message. I kept trying to change webmail.domain.ltd to mail.domain.ltd/SOGo

Once again I re-read all your messages and, having the main mail.domain.ltd, made a configuration for NGinx in which the server name is webmail.domain.ltd and in the redirect line webmail.domain.ltd/SOGo

In the end everything works. Thank you for your help

There is one more question. Off topic, but if something is wrong you can redirect me. Is it possible to change the SOGo logo to your own?

DocFraggle

Great!

PavshinSergei Is it possible to change the SOGo logo to your own?

Check this: https://docs.mailcow.email/manual-guides/SOGo/u_e-sogo/#apply-custom-sogo-theme

PavshinSergei

And again I have a question. It seems like we did everything last time - everything worked. After some time, the browser started popping up with messages that the site had made too many redirects and the page was not opening. I read the documentation - it says that this may be due to the fact that the paths in mailcow.conf are incorrect. Added ADDITIONAL_SAN=mail.domain.ltd,webmail.domain.ltd and
ADDITIONAL_SERVER_NAMES=mail.domain.ltd,webmail.domain.ltd
Now mailcowUI opens at both addresses

PavshinSergei

Me again. Doesn’t work as it should.

Again. Clean setup. There is a host mail.domain.tld. Leads to mailcowUI. To make a subdomain, I create a new config data/conf/nginx/webmail.conf with the contents:
server {
ssl_certificate /etc/ssl/mail/cert.pem;
ssl_certificate_key /etc/ssl/mail/key.pem;
index index.php index.html;
client_max_body_size 0;
root/web;
include /etc/nginx/conf.d/listen_plain.active;
include /etc/nginx/conf.d/listen_ssl.active;
server_name webmail.domain.tld;
server_tokens off;
location ^~ /.well-known/acme-challenge/ {
allow all;
default_type “text/plain”;
}

location/{
return 301 https://webmail.domain.tld/SOGo;
}
}

restarting Nginx docker compose restart nginx-mailcow

editing mailcow.conf ADDITIONAL_SAN=webmail.domain.tld

docker compose up -d

The webmail.domain.tld page does not open.

ERR_TOO_MANY_REDIRECTS

chainged ADDITIONAL_SAN=webmail.,mail. - both paths lead to mailcowUI

DocFraggle

Did you remove webmail.domain.tld from ADDITIONAL_SERVER_NAMES beforehand? If not I guess this is why this may happen

PavshinSergei

Yes. I remove it

DocFraggle

OK, you’re right, doesn’t work if the redirected URL isn’t the mailcow FQDN, AND the location is wrong.

I got it to work this way:

Add webmail.domain.tld to ADDITIONAL_SERVER_NAMES (so that it acts as mailcow FQDN as well)

Change the webmail.conf file to this (eyes on the “location” part, = added):

server {
  ssl_certificate /etc/ssl/mail/cert.pem;
  ssl_certificate_key /etc/ssl/mail/key.pem;
  index index.php index.html;
  client_max_body_size 0;
  root /web;
  include /etc/nginx/conf.d/listen_plain.active;
  include /etc/nginx/conf.d/listen_ssl.active;
  server_name webmail.domain.tld;
  server_tokens off;
  location ^~ /.well-known/acme-challenge/ {
    allow all;
    default_type "text/plain";
  }

  location = / {
    return 301 https://webmail.domain.tld/SOGo;
  }
}

Then do

docker compose up -d

this will restart nginx as well. Works for me now