How to use mailcow behind nginx proxy manager via external domain?

apoorv569

I recently purchased a domain and VPS on which I am hosting Wireguard VPN and NginxProxyManager. The NginxProxyManager redirects all domain and sub-domains to another instance of NginxProxyManager running in a VM on my Proxmox server at home which is connected to the Wireguard VPN, which then redirects the same domain/sub-domain to their respective IP on my LAN.

So I recently decided to self host a mail server just for using as a email service for my other services running at home, for example Nextcloud needs a Email server to send recovery codes, forgotten password and all.

And I chose MailCow for that, as it seemed easy to get up and running using the Docker compose file.

Now I have a A record say mydomain.com and I created bunch of CNAME records for all my services using this A record. One of them is mail.mydomain.com which I wanted to use as my Email server’s domain so to say.

I installed it and set the hostname that the generate_config.sh script asks as mail.mydomain.com. It installed correctly I can access the web admin page using LAN IP and external domain as well. I created a domain and alias and a mailbox and I can login to the mailbox on LAN but using external domain I cannot login in the newly created mailbox.

I did create all the TXT, MX, SPF, DMARC records and all necessary but it doesn’t help.

What am i doing wrong here? Is it not possible to access it behind proxy?

mhadjih

So Mailcow will work well behind NPM, that’s no problem. You need to make Let’s Encrypt certificate in NPM, by name mail.domain.com and download that cert from the SSL menu in NPM. Once downloaded you need to copy the file cert1.pem to cert.pem and privkey1.pem to key.pem in the /opt/mailcow-dockerized/data/assets/ssl folder, in place of the ones that probably are already there. Before copying these files do a ‘docker-compose down’, and after having copied the beforementioned certs in the ssl-directory, do a ‘docker-compose up -d’. Now the certs should be good.

In the mailcow.conf file, inde the /opt/mailcow-dockerized directory, set HTTP-PORT to 8090, or any port you don’t already use, HTTP_BIND to 127.0.0.1, HTTPS-PORT to 8443, or another portnumber if already in use, and the HTTPS_BIND to 127.0.0.1.

In NPM set the ‘Destination’ as the Dockercontainer-name or the IP-address of the container, and the portnumber to 8090 (HTTP-PORT in mailcow.conf), block common exploits, set Websockets-support as on, set the SSL certificate and force SSL on the SSL page.

In the router or modem, make sure that all required ports are open and forwarded to the container with NPM (80/443). All other ports for the mailcow-server can be pointed to the ip of the Mailcow Docker container.

Hope this will help! Good luck!

apoorv569

mhadjih Hello, Thank you for the response.

I did everything as you mentioned, but I still having the same issue. I noticed you said I need to open ports on my modem/router, but I don’t have a public IP and in my case I am using a VPS with Wireguard VPN installed on it and a instance of NPM forwarding to another instance of NPM running at my home which is connected to the Wireguard VPN.

The SSL certificates are on the NPM installed on VPS and the forward to mailcow docker running at home is done via NPM running at home.

I can’t login to Webmail when using external domain, but if I try Webmail from local IP I can login.

I also noticed setting HTTP_BIND and HTTPS_BIND to 127.0.0.1 I am not able to access the website I have to set it to the local IP of the machine which is 10.10.10.192 in my case.