Help with Reverse proxy setup using Nginx Proxy Manager

kaushik_ray_1

Hello I am new to Mailcow and need some help. I am using a static IP for my internet service and no ports are blocked.

Setup:
I have added all the DNS records as suggested in the mailcow document https://mailcow.github.io/mailcow-dockerized-docs/prerequisite-dns/ A record, SRV records and CNAME

In my router I have portforward set so that port 80 and port 443 are pointed to Reverse Proxy VM (192.168.1.4) all the other required ports are directed to mailcow VM (192.168.1.5)

I use Nginx Proxy Manager for reverse proxy for my setup which is located in a VM at IP 192.168.1.4
I have added 3 records to NPM (Nginx Proxy Manager) so

mail.example.com -> https://192.168.1.5:433
autoconfig.example.com -> https://192.168.1.5:433
autodiscover.example.com -> https://192.168.1.5:433

Reverse proxy also fetches all the lets encrypt certificates.

My Mailcow setup is on another VM at IP 192.168.1.5

What is working:
Everything is working using SOGo i can send emails and receive them no problem. Emails are landing in mailboxes for all providers i have tested with so far (hotmail, gmail, aol, rediff, yahoo etc.)

Problems
I cannot use a email client to work with this setup. I tried using Thunderbird and its cannot communicate to the server. it says username or the password is not valid.

How do i fix this problem.

KInd Regards

D4niel

Are the login attempts logged in dovecot?

kaushik_ray_1

D4niel see the autodiscover is being pinged but never dovecot. I think I have figured out why I am having this issue but I am not sure how best to solve the problem.

I have the Mailcow and the Reverse proxy in 2 separate VM so when a email client is trying to connect it is getting the mail.example.org default certificate. So the mail client not going forward with the setup any more.

This is the problem but I don’t know how to import the certificates from the reverse proxy vm to Mailcow VM. May be a symbolic link will work. I will have to try and see. If you have any ideas please advice.

diekuh

https://mailcow.github.io/mailcow-dockerized-docs/firststeps-ssl/

You need to copy the certificates and restart the affected services.

kaushik_ray_1

diekuh Thank you, I will try this, definitely missed this in the documentation.

HeyWatchOutDude

kaushik_ray_1 I also copied the LE cert into the correct path and restarted the necessary services - The WebUI is now using the correct certificate.

Issue which still remains: I can’t configure a SMTP client it always says “OpenSSL Error”.

The following ports are forwarded to the WWW: 80,443 + mail ports like 25,465 etc…

Any idea?

diekuh

You are welcome \o/

kaushik_ray_1

diekuh I copied over the certificates over from my nginx VM to the Mail vm and now everything is working great. Thank you for your help.

yahma

I too had the same problem and resolved it by disabling mailcow internal LE and copying the certificates over from nginx-proxy-manager.. everything works fine, but…

The only question I have is why can’t we use symbolic links to the certificates? As it is now, when nginx-proxy-manager updates the certificates, I would have to re-copy them right?

rcd

I know this discussion is old, but the question remains.
It’s easy to copy the certificates from Nginx-Proxy-Manager, but it is renewed every 3 months and then you need to remember to copy the new certificates again. It’s both inconvenient and error prone.
I already tried symlinking the certificates, it doesn’t work.
I assume there are more users than the previous and me using the dockerized version of mailcow, surely there must be a working solution for this?

rcd

HeyWatchOutDude

If you are using NPM as the front end you shouldn’t need to do anything further for the webUI to work. To reuse the webUI cert for SMTP you need to:
1) make sure you created your reverse proxy host with the same name as your mail host, i.e. something like mail.yourdomain.tld or smtp.yourdomain.tld. Up to you which you pick it just have to be the same both places.
2) copy the appropriate cert files from the NPM container to the mailcow container. I use a script like below, run as a monthly cronjob.

#!/bin/bash

# This script takes the certs generated by Nginx Proxy Manager
# and copies it to the mailcow docker container.
# Before use, make sure you update the path to your docker data and locate which cert belongs to mailcow

cp /opt/nginx-proxy-manager/config/letsencrypt/live/npm-3/fullchain.pem /opt/mailcow-dockerized/data/assets/ssl/cert.pem
cp /opt/nginx-proxy-manager/config/letsencrypt/live/npm-3/privkey.pem /opt/mailcow-dockerized/data/assets/ssl/key.pem
postfix_c=$(docker ps -qaf name=postfix-mailcow)
dovecot_c=$(docker ps -qaf name=dovecot-mailcow)
nginx_c=$(docker ps -qaf name=nginx-mailcow)
docker restart ${postfix_c} ${dovecot_c} ${nginx_c}

3) adjust pathnames as appropriate for your system. To identify which npm-XX to use, you can login to the NPM container and run following:

# docker exec -ti nginx-proxy-manager bash
bash-5.1# sqlite3 /config/database.sqlite
sqlite> select id,domain_names from proxy_host;
1|["something.yourdomain.tld"]
2|["somethingelse.yourdomain.tld"]
3|["mail.yourdomain.tld"]
sqlite>

This will list the XX and the corresponding domain something like above, i.e. npm-3 is the one to use for the mail server.