- Edited
Continuing to get ready for my initial mailcow deployment, in conjunction with an existing, non-mailcow docker-compose stack. The existing stack has nginx 1.25.1 running, and to simply point my external nginx to the nginx-mailcow
service.
I intend to follow this advice, but I’ve never chained nginx in this fashion before. I see on the documentation that I should add any other servers to the ADDITIONAL_SERVER_NAMES
variable in mailcow.conf. Is this absolutely necessary in this case? My other, non-malcow web domains shouldn’t reach the nginx-mailcow
service (they’ll be handled by the external nginx service, and not forwarded to the nginx-mailcow
service).
My plan is to use my existing ACME/certbot
certs for mailcow (I’ve already set up the letsencrypt renewal-hooks/post/mailcow-restart script as recommended on the Reverse Proxy documentation). Would I need to add everything in the SAN on that cert (ADDITIONAL_SAN
, or ADDITIONAL_SERVER_NAMES
), given that nginx-mailcow
wouldn’t actually see anything it’s not supposed to handle?
I see the following warning on the Reverse Proxy documentation: If you enable TLS SNI (ENABLE_TLS_SNI in mailcow.conf), the certificate paths in your reverse proxy must match the correct paths in data/assets/ssl/{hostname}. The certificates will be split into data/assets/ssl/{hostname1,hostname2,etc} and therefore will not work when you copy the examples from below pointing to data/assets/ssl/cert.pem etc.
Isn’t this only for the acme-mailcow
service? I was thinking of disabling this service since I’ll be using the external ACME/certbot
, if that’s recommended (or possible).