DocFraggle I have a CNAME autodiscover record for autodiscover.domain.com to go to mail.autodiscover.com. I do not have anything configured on my Nginx itself to recognise autodiscover.domain.com

When I add those extra lines from the recommend config it goes offline again.

DocFraggle nah this whole section:

server {
listen 80 default_server;
listen [::]:80 default_server;
server_name CHANGE_TO_MAILCOW_HOSTNAME autodiscover.* autoconfig.;
return 301 https://$host$request_uri;
}
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name CHANGE_TO_MAILCOW_HOSTNAME autodiscover. autoconfig.*;

ssl_certificate MAILCOW_PATH/data/assets/ssl/cert.pem;
ssl_certificate_key MAILCOW_PATH/data/assets/ssl/key.pem;
ssl_session_timeout 1d;
ssl_session_cache shared:SSL:50m;
ssl_session_tickets off;

See Mozilla SSL Configuration Generator

ssl-config.mozilla.org

Mozilla SSL Configuration Generator

for the latest ssl settings recommendations

An example config is given below

ssl_protocols TLSv1.2;
ssl_ciphers HIGH:!aNULL:!MD5:!SHA1:!kRSA;
ssl_prefer_server_ciphers off;

DocFraggle I did use that but if I add the top section I put in my previous comment it takes the proxy offline and no longer works.

DocFraggle Yup, got multiple virtual and non virtual hosts that I provide SSL certificates for instead of having to add all the certificates manually for each host and changing them every 3 months.

Not a fan or having unencrypted services accessed externally from my network.

So if I just have this configuration in the advanced tab I get a 502 bad gateway but my host at least shows online in Nginx.

location /Microsoft-Server-ActiveSync {
proxy_pass http://127.0.0.1:8080/Microsoft-Server-ActiveSync;
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_connect_timeout 75;
proxy_send_timeout 3650;
proxy_read_timeout 3650;
proxy_buffers 64 512k; # Needed since the 2022-04 Update for SOGo
client_body_buffer_size 512k;
client_max_body_size 0;
}

location / {
proxy_pass http://127.0.0.1:8080/;
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
client_max_body_size 0;

The following Proxy Buffers has to be set if you want to use SOGo after the 2022-04 (April 2022) Update

Otherwise a Login will fail like this: mailcow/mailcow-dockerized4537

proxy_buffer_size 128k;
proxy_buffers 64 512k;
proxy_busy_buffers_size 512k;
}

But if I added the full recommended Advanced config the host shows offline and I get a SSL_ERROR_UNRECOGNIZED_NAME_ALERT on the web page.

If I go to the IP and port of the mail server both HTTP (8080) and HTTPS (8443) it works and the SSL certificate shows correctly as valid and issued to the mail server domain name. I copied the SSL cert and key from Nginx Proxy into the Mailcow SSL folder so it is ready the SSL certificate correct.

There is a Logs folder in the nginx/data folder but all the files in there are blank. The audit logs page on the Nginx dashboard is just showing when I have made a change to a host.

even adding just this section in causes the host to go offline.

server {
listen 80 default_server;
listen [::]:80 default_server;
server_name CHANGE_TO_MAILCOW_HOSTNAME autodiscover.* autoconfig.;
return 301 https://$host$request_uri;
}

DocFraggle I work in IT mate, stuff like that is never a dumb question to ask lol

so the full location from my home directory is docker_volumes/mailcow-dockerized/data/assets/ssl/cert.pem and I have manually copied the cert.pem and key.pem from Nginx to this location. I have disabled Mailcow from being able to get its own SSL certificate in the mailcow.conf file by changing this line SKIP_LETS_ENCRYPT=y

I have got autodiscovery working (mostly) exchange activesync works but IMAPS does not work (I have port 25, 587,465 993 and 4190 ported forward to my docker server for Mailcow plus 80 and 443 for Nginx itself.

The bit I am unsure of for that section is the Mailcow path itself, do I start its location from the home directory or from the Nginx folder or the Mailcow folder.

I added mail.domain.com autodiscover.domain.com and autoconfig.domain.com to the advanced configuration, the let’s encrypt SSL certificate, and to the proxy host domains section (I am a HUGE dumbarse and should have realised adding all 3 subdomains was necessary…)

Rightio, I am making good progress I believe.

I solved the IMAPS issue, I had the port forward wrong, this is all I will say on this matter…..

When I put in the full, filled-out version of the Nginx advanced configuration for Mailcow it knocks it offline as we all know but what I didn’t know is you can hover your mouse over the offline area and it will give you a sippet of what is causing the error.

Doing a bit more searching I am still stumped on how to fix it though.

esackbauer Ah is that how you do it, thank you. Sorry I am not really a forum type person most of the time I just search the entire internet in silence.

So Ansible does it automatically or does it require manual intervention?

I will look into it as I would like to do a complete guide to help others who don’t quite understand just like I was.

esackbauer I am always up for learning something useful which why I didn’t give up on this and ended up learning how the whole Nginx proxy worked.

Looks like I have a busy weekend ahead

Thanks for the suggestion and link.