I've started the actual version on Mailcow using docker-compose. I removed NGINX and added HAProxy. ``` haproxy: image: haproxy:latest container_name: haproxy restart: always ports: - "80:80" - "443:443" volumes: - ./haproxy/haproxy.cfg:/usr/local/etc/haproxy/haproxy.cfg:ro - ./haproxy/letsencrypt:/etc/letsencrypt:ro - ./haproxy/errors:/etc/haproxy/errors:ro networks: - mailcow-network # nginx-mailcow: # depends_on: # - sogo-mailcow # - php-fpm-mailcow # - redis-mailcow # image: nginx:mainline-alpine # dns: # - ${IPV4_NETWORK:-172.22.1}.254 # command: /bin/sh -c "envsubst /etc/nginx/conf.d/listen_plain.active && # envsubst /etc/nginx/conf.d/listen_ssl.active && # envsubst /etc/nginx/conf.d/sogo.active && # . /etc/nginx/conf.d/templates/server_name.template.sh > /etc/nginx/conf.d/server_name.active && # . /etc/nginx/conf.d/templates/sites.template.sh > /etc/nginx/conf.d/sites.active && # . /etc/nginx/conf.d/templates/sogo_eas.template.sh > /etc/nginx/conf.d/sogo_eas.active && # nginx -qt && # until ping phpfpm -c1 > /dev/null; do sleep 1; done && # until ping sogo -c1 > /dev/null; do sleep 1; done && # until ping redis -c1 > /dev/null; do sleep 1; done && # until ping rspamd -c1 > /dev/null; do sleep 1; done && # exec nginx -g 'daemon off;'" # environment: # - HTTPS_PORT=${HTTPS_PORT:-443} # - HTTP_PORT=${HTTP_PORT:-80} # - MAILCOW_HOSTNAME=${MAILCOW_HOSTNAME} # - IPV4_NETWORK=${IPV4_NETWORK:-172.22.1} # - TZ=${TZ} # - SKIP_SOGO=${SKIP_SOGO:-n} # - ALLOW_ADMIN_EMAIL_LOGIN=${ALLOW_ADMIN_EMAIL_LOGIN:-n} # - ADDITIONAL_SERVER_NAMES=${ADDITIONAL_SERVER_NAMES:-} # volumes: # - ./data/web:/web:ro,z # - ./data/conf/rspamd/dynmaps:/dynmaps:ro,z # - ./data/assets/ssl/:/etc/ssl/mail/:ro,z # - ./data/conf/nginx/:/etc/nginx/conf.d/:z # - ./data/conf/rspamd/meta_exporter:/meta_exporter:ro,z # - sogo-web-vol-1:/usr/lib/GNUstep/SOGo/ # ports: # - "${HTTPS_BIND:-}:${HTTPS_PORT:-443}:${HTTPS_PORT:-443}" # - "${HTTP_BIND:-}:${HTTP_PORT:-80}:${HTTP_PORT:-80}" # restart: always # networks: # mailcow-network: # aliases: # - nginx ``` I also disabled IPv6 ``` networks: mailcow-network: driver: bridge driver_opts: com.docker.network.bridge.name: br-mailcow com.docker.network.driver.mtu: 1450 enable_ipv6: false ipam: driver: default config: - subnet: ${IPV4_NETWORK:-172.22.1}.0/24 - subnet: ${IPV6_NETWORK:-fd4d:6169:6c63:6f77::/64} ``` here is haproxy.cnf: ``` global daemon maxconn 256000 log /dev/log local0 log /dev/log local1 notice user haproxy group haproxy daemon tune.ssl.default-dh-param 2048 defaults mode http log global option httplog option dontlognull timeout connect 5000ms timeout client 50000ms timeout server 50000ms errorfile 400 /etc/haproxy/errors/400.http errorfile 403 /etc/haproxy/errors/403.http errorfile 408 /etc/haproxy/errors/408.http errorfile 500 /etc/haproxy/errors/500.http errorfile 502 /etc/haproxy/errors/502.http errorfile 503 /etc/haproxy/errors/503.http errorfile 504 /etc/haproxy/errors/504.http frontend https-in bind :::80 v4v6 bind :::443 v4v6 ssl crt /etc/letsencrypt/haproxy.pem acl mailcow_acme path -i -m beg /.well-known/ redirect scheme https unless { ssl_fc || mailcow_acme } default_backend mailcow backend mailcow option forwardfor http-request set-header X-Forwarded-Proto https if { ssl_fc } http-request set-header X-Forwarded-Proto http if !{ ssl_fc } server mailcow phpfpm:8080 check ``` Here is haproxy logs: ``` 2024-08-20 23:22:47 [NOTICE] (1) : haproxy version is 3.0.3-95a607c 2024-08-20 23:22:47 [NOTICE] (1) : path to executable is /usr/local/sbin/haproxy 2024-08-20 23:22:47 [ALERT] (1) : config : [/usr/local/etc/haproxy/haproxy.cfg:41] : 'server mailcow/mailcow' : could not resolve address 'phpfpm'. 2024-08-20 23:22:47 [ALERT] (1) : config : Failed to initialize server(s) addr. 2024-08-20 23:22:52 [NOTICE] (1) : New worker (8) forked 2024-08-20 23:22:52 [NOTICE] (1) : Loading success. 2024-08-20 23:22:52 [NOTICE] (8) : haproxy version is 3.0.3-95a607c 2024-08-20 23:22:52 [NOTICE] (8) : path to executable is /usr/local/sbin/haproxy 2024-08-20 23:22:52 [WARNING] (8) : [haproxy.main()] Failed to drop supplementary groups. Using 'gid'/'group' without 'uid'/'user' is generally useless. 2024-08-20 23:22:53 [WARNING] (8) : Server mailcow/mailcow is DOWN, reason: Layer4 connection problem, info: "Connection refused", check duration: 869ms. 0 active and 0 backup servers left. 0 sessions active, 0 requeued, 0 remaining in queue. 2024-08-20 23:22:53 [ALERT] (8) : sendmsg()/writev() failed in logger #1: No such file or directory (errno=2) 2024-08-20 23:22:53 [ALERT] (8) : backend 'mailcow' has no server available! ``` mailcow-network settings: ``` andrii@andrii-MS-7B33:~/IdeaProjects/Infrastructure/mailcow/mailcow-dockerized$ docker network inspect mailcow-network [ { "Name": "mailcow-network", "Id": "d47a599e70311a42adc06eae5e4cbd190f342d3231698ff5aa3b4690e434e94d", "Created": "2024-08-19T19:25:31.808137982Z", "Scope": "local", "Driver": "bridge", "EnableIPv6": false, "IPAM": { "Driver": "default", "Options": {}, "Config": [ { "Subnet": "172.20.0.0/16", "Gateway": "172.20.0.1" } ] }, "Internal": false, "Attachable": false, "Ingress": false, "ConfigFrom": { "Network": "" }, "ConfigOnly": false, "Containers": {}, "Options": {}, "Labels": {} } ] ```

you cannot remove containers from mailcow. Do not change the docker compose file. Either use it as its coming out of the box, or use the official documentation to modify its settings. Anything else will break it. If you want haproxy then use it with an additional docker compose file.

I am using official documentation to setup HAProxy instead of NGINX: https://docs.mailcow.email/post_installation/reverse-proxy/r_p-haproxy/ I checked docker ps and saw that phpfpm is on port 9000. mailcow/phpfpm:1.88 9000/tcp It seems to be a docker network setup problem, but I do not know how to fix it.

And where is written to replace nginx with HAproxy? A reverse proxy like HAProxy sits in front of a web server like nginx. You seem to lack understanding what is nginx is used for, and what HAproxy is. HAProxy is not a web server like nginx!

Yeah, I am not a DevOps. Okay, nginx-mailcow must be used as a web server and I should use nginx-mailcow as a web server. After that, I can use NGINX or HAProxy setup over the nginx-mailcow web server to implement HTTPS protection and probably load balancing. Do you think the setup should work like this?

> @"AKarakutsa"#p17883 Do you think the setup should work like this? Mailcow itself handles already https protection, you do not need an additional HA Proxy or nginx for that. And what do you want to load balance? There is only one instance of mailcow, you cannot run it active-active. Seems you are very new to all of this...

I guess you didn't have a look at the official docs... https://docs.mailcow.email/post_installation/reverse-proxy/r_p/

I started Mailcow at https://127.0.0.1/ and now I have a problem with HTTPS proper setup. I checked the documentation, and it said I should add a script to use generated certificates and make an access by domain available. Here is this script: ``` server { listen 80 default_server; listen [::]:80 default_server; server_name mail.somesite.com autodiscover.* autoconfig.*; return 301 https://$host$request_uri; } server { listen 443 ssl http2; listen [::]:443 ssl http2; server_name mail.somesite.com autodiscover.* autoconfig.*; ssl_certificate /etc/ssl/mail/cert.pem; ssl_certificate_key /etc/ssl/mail/key.pem; ssl_session_timeout 1d; ssl_session_cache shared:SSL:50m; ssl_session_tickets off; # See https://ssl-config.mozilla.org/#server=nginx for the latest ssl settings recommendations # An example config is given below ssl_protocols TLSv1.2; ssl_ciphers HIGH:!aNULL:!MD5:!SHA1:!kRSA; ssl_prefer_server_ciphers off; location /Microsoft-Server-ActiveSync { proxy_pass http://127.0.0.1:8080/Microsoft-Server-ActiveSync; proxy_set_header Host $http_host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; proxy_connect_timeout 75; proxy_send_timeout 3650; proxy_read_timeout 3650; proxy_buffers 64 512k; # Needed since the 2022-04 Update for SOGo client_body_buffer_size 512k; client_max_body_size 0; } location / { proxy_pass http://127.0.0.1:8080/; proxy_set_header Host $http_host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; client_max_body_size 0; # The following Proxy Buffers has to be set if you want to use SOGo after the 2022-04 (April 2022) Update # Otherwise a Login will fail like this: https://github.com/mailcow/mailcow-dockerized/issues/4537 proxy_buffer_size 128k; proxy_buffers 64 512k; proxy_busy_buffers_size 512k; } } ``` Here are the actual part of docker-compose: ``` nginx-mailcow: depends_on: - sogo-mailcow - php-fpm-mailcow - redis-mailcow image: nginx:mainline-alpine dns: - ${IPV4_NETWORK:-172.22.1}.254 command: /bin/sh -c "envsubst /etc/nginx/conf.d/listen_plain.active && envsubst /etc/nginx/conf.d/listen_ssl.active && envsubst /etc/nginx/conf.d/sogo.active && . /etc/nginx/conf.d/templates/server_name.template.sh > /etc/nginx/conf.d/server_name.active && . /etc/nginx/conf.d/templates/sites.template.sh > /etc/nginx/conf.d/sites.active && . /etc/nginx/conf.d/templates/sogo_eas.template.sh > /etc/nginx/conf.d/sogo_eas.active && nginx -qt && until ping phpfpm -c1 > /dev/null; do sleep 1; done && until ping sogo -c1 > /dev/null; do sleep 1; done && until ping redis -c1 > /dev/null; do sleep 1; done && until ping rspamd -c1 > /dev/null; do sleep 1; done && exec nginx -g 'daemon off;'" environment: - HTTPS_PORT=${HTTPS_PORT:-443} - HTTP_PORT=${HTTP_PORT:-80} - MAILCOW_HOSTNAME=${MAILCOW_HOSTNAME} - IPV4_NETWORK=${IPV4_NETWORK:-172.22.1} - TZ=${TZ} - SKIP_SOGO=${SKIP_SOGO:-n} - ALLOW_ADMIN_EMAIL_LOGIN=${ALLOW_ADMIN_EMAIL_LOGIN:-n} - ADDITIONAL_SERVER_NAMES=${ADDITIONAL_SERVER_NAMES:-} volumes: - ./data/web:/web:ro,z - ./data/conf/rspamd/dynmaps:/dynmaps:ro,z - ./data/assets/ssl/:/etc/ssl/mail/:ro,z - ./data/conf/nginx/:/etc/nginx/conf.d/:z - ./data/conf/rspamd/meta_exporter:/meta_exporter:ro,z - sogo-web-vol-1:/usr/lib/GNUstep/SOGo/ ports: - "${HTTPS_BIND:-}:${HTTPS_PORT:-443}:${HTTPS_PORT:-443}" - "${HTTP_BIND:-}:${HTTP_PORT:-80}:${HTTP_PORT:-80}" restart: always networks: mailcow-network: aliases: - nginx acme-mailcow: depends_on: nginx-mailcow: condition: service_started unbound-mailcow: condition: service_healthy image: mailcow/acme:1.89 dns: - ${IPV4_NETWORK:-172.22.1}.254 environment: - LOG_LINES=${LOG_LINES:-9999} - ACME_CONTACT=${ACME_CONTACT:-} - ADDITIONAL_SAN=${ADDITIONAL_SAN} - AUTODISCOVER_SAN=${AUTODISCOVER_SAN:-y} - MAILCOW_HOSTNAME=${MAILCOW_HOSTNAME} - DBNAME=${DBNAME} - DBUSER=${DBUSER} - DBPASS=${DBPASS} - SKIP_LETS_ENCRYPT=${SKIP_LETS_ENCRYPT:-n} - COMPOSE_PROJECT_NAME=${COMPOSE_PROJECT_NAME:-mailcow-dockerized} - DIRECTORY_URL=${DIRECTORY_URL:-} - ENABLE_SSL_SNI=${ENABLE_SSL_SNI:-n} - SKIP_IP_CHECK=${SKIP_IP_CHECK:-n} - SKIP_HTTP_VERIFICATION=${SKIP_HTTP_VERIFICATION:-n} - ONLY_MAILCOW_HOSTNAME=${ONLY_MAILCOW_HOSTNAME:-n} - LE_STAGING=${LE_STAGING:-n} - TZ=${TZ} - REDIS_SLAVEOF_IP=${REDIS_SLAVEOF_IP:-} - REDIS_SLAVEOF_PORT=${REDIS_SLAVEOF_PORT:-} - SNAT_TO_SOURCE=${SNAT_TO_SOURCE:-n} - SNAT6_TO_SOURCE=${SNAT6_TO_SOURCE:-n} volumes: - ./data/web/.well-known/acme-challenge:/var/www/acme:z - ./data/assets/ssl:/var/lib/acme/:z - ./data/assets/ssl-example:/var/lib/ssl-example/:ro,Z - mysql-socket-vol-1:/var/run/mysqld/ restart: always networks: mailcow-network: aliases: - acme ``` Here are logs from the NGINX container: ``` 2024-08-21 23:28:49 2024/08/21 23:28:49 [warn] 15#15: the "listen ... http2" directive is deprecated, use the "http2" directive instead in /etc/nginx/conf.d/redirect.conf:8 2024-08-21 23:28:49 nginx: [warn] the "listen ... http2" directive is deprecated, use the "http2" directive instead in /etc/nginx/conf.d/redirect.conf:8 2024-08-21 23:28:49 2024/08/21 23:28:49 [warn] 15#15: the "listen ... http2" directive is deprecated, use the "http2" directive instead in /etc/nginx/conf.d/redirect.conf:9 2024-08-21 23:28:49 nginx: [warn] the "listen ... http2" directive is deprecated, use the "http2" directive instead in /etc/nginx/conf.d/redirect.conf:9 2024-08-21 23:28:49 2024/08/21 23:28:49 [warn] 15#15: conflicting server name "mail.somesite.com" on 0.0.0.0:443, ignored 2024-08-21 23:28:49 nginx: [warn] conflicting server name "mail.somesite.com" on 0.0.0.0:443, ignored 2024-08-21 23:28:49 2024/08/21 23:28:49 [warn] 15#15: conflicting server name "autodiscover.*" on 0.0.0.0:443, ignored 2024-08-21 23:28:49 nginx: [warn] conflicting server name "autodiscover.*" on 0.0.0.0:443, ignored 2024-08-21 23:28:49 2024/08/21 23:28:49 [warn] 15#15: conflicting server name "autoconfig.*" on 0.0.0.0:443, ignored 2024-08-21 23:28:49 nginx: [warn] conflicting server name "autoconfig.*" on 0.0.0.0:443, ignored 2024-08-21 23:28:49 2024/08/21 23:28:49 [warn] 15#15: conflicting server name "mail.somesite.com" on [::]:443, ignored 2024-08-21 23:28:49 nginx: [warn] conflicting server name "mail.somesite.com" on [::]:443, ignored 2024-08-21 23:28:49 2024/08/21 23:28:49 [warn] 15#15: conflicting server name "autodiscover.*" on [::]:443, ignored 2024-08-21 23:28:49 nginx: [warn] conflicting server name "autodiscover.*" on [::]:443, ignored 2024-08-21 23:28:49 2024/08/21 23:28:49 [warn] 15#15: conflicting server name "autoconfig.*" on [::]:443, ignored 2024-08-21 23:28:49 nginx: [warn] conflicting server name "autoconfig.*" on [::]:443, ignored 2024-08-21 23:28:50 2024/08/21 23:28:50 [warn] 1#1: the "listen ... http2" directive is deprecated, use the "http2" directive instead in /etc/nginx/conf.d/redirect.conf:8 2024-08-21 23:28:50 nginx: [warn] the "listen ... http2" directive is deprecated, use the "http2" directive instead in /etc/nginx/conf.d/redirect.conf:8 2024-08-21 23:28:50 2024/08/21 23:28:50 [warn] 1#1: the "listen ... http2" directive is deprecated, use the "http2" directive instead in /etc/nginx/conf.d/redirect.conf:9 2024-08-21 23:28:50 nginx: [warn] the "listen ... http2" directive is deprecated, use the "http2" directive instead in /etc/nginx/conf.d/redirect.conf:9 2024-08-21 23:28:50 2024/08/21 23:28:50 [warn] 1#1: conflicting server name "mail.somesite.com" on 0.0.0.0:443, ignored 2024-08-21 23:28:50 nginx: [warn] conflicting server name "mail.somesite.com" on 0.0.0.0:443, ignored 2024-08-21 23:28:50 2024/08/21 23:28:50 [warn] 1#1: conflicting server name "autodiscover.*" on 0.0.0.0:443, ignored 2024-08-21 23:28:50 nginx: [warn] conflicting server name "autodiscover.*" on 0.0.0.0:443, ignored 2024-08-21 23:28:50 2024/08/21 23:28:50 [warn] 1#1: conflicting server name "autoconfig.*" on 0.0.0.0:443, ignored 2024-08-21 23:28:50 nginx: [warn] conflicting server name "autoconfig.*" on 0.0.0.0:443, ignored 2024-08-21 23:28:50 2024/08/21 23:28:50 [warn] 1#1: conflicting server name "mail.somesite.com" on [::]:443, ignored 2024-08-21 23:28:50 nginx: [warn] conflicting server name "mail.somesite.com" on [::]:443, ignored 2024-08-21 23:28:50 2024/08/21 23:28:50 [warn] 1#1: conflicting server name "autodiscover.*" on [::]:443, ignored 2024-08-21 23:28:50 nginx: [warn] conflicting server name "autodiscover.*" on [::]:443, ignored 2024-08-21 23:28:50 2024/08/21 23:28:50 [warn] 1#1: conflicting server name "autoconfig.*" on [::]:443, ignored 2024-08-21 23:28:50 nginx: [warn] conflicting server name "autoconfig.*" on [::]:443, ignored 2024-08-21 23:28:50 2024/08/21 23:28:50 [notice] 1#1: using the "epoll" event method 2024-08-21 23:28:50 2024/08/21 23:28:50 [notice] 1#1: nginx/1.27.1 2024-08-21 23:28:50 2024/08/21 23:28:50 [notice] 1#1: built by gcc 13.2.1 20240309 (Alpine 13.2.1_git20240309) 2024-08-21 23:28:50 2024/08/21 23:28:50 [notice] 1#1: OS: Linux 6.6.32-linuxkit 2024-08-21 23:28:50 2024/08/21 23:28:50 [notice] 1#1: getrlimit(RLIMIT_NOFILE): 1048576:1048576 2024-08-21 23:28:50 2024/08/21 23:28:50 [notice] 1#1: start worker processes 2024-08-21 23:28:50 2024/08/21 23:28:50 [notice] 1#1: start worker process 20 2024-08-21 23:28:50 2024/08/21 23:28:50 [notice] 1#1: start worker process 21 2024-08-21 23:28:50 2024/08/21 23:28:50 [notice] 1#1: start worker process 22 2024-08-21 23:28:50 2024/08/21 23:28:50 [notice] 1#1: start worker process 23 2024-08-21 23:28:50 2024/08/21 23:28:50 [notice] 1#1: start worker process 24 2024-08-21 23:28:50 2024/08/21 23:28:50 [notice] 1#1: start worker process 25 2024-08-21 23:28:50 2024/08/21 23:28:50 [notice] 1#1: start cache manager process 26 2024-08-21 23:28:50 2024/08/21 23:28:50 [notice] 1#1: start cache loader process 27 2024-08-21 23:29:50 2024/08/21 23:29:50 [notice] 27#27: http file cache: /tmp 0.000M, bsize: 4096 2024-08-21 23:29:50 2024/08/21 23:29:50 [notice] 1#1: signal 17 (SIGCHLD) received from 27 2024-08-21 23:29:50 2024/08/21 23:29:50 [notice] 1#1: cache loader process 27 exited with code 0 2024-08-21 23:29:50 2024/08/21 23:29:50 [notice] 1#1: signal 29 (SIGIO) received 2024-08-21 23:28:59 172.22.1.10 - - [21/Aug/2024:23:28:59 +0300] "HEAD /forwardinghosts.php HTTP/1.1" 200 0 "-" "rspamd-3.9.1" 2024-08-21 23:28:59 172.22.1.10 - - [21/Aug/2024:23:28:59 +0300] "HEAD /settings.php HTTP/1.1" 304 0 "-" "rspamd-3.9.1" 2024-08-21 23:29:04 172.22.1.10 - - [21/Aug/2024:23:29:04 +0300] "GET /forwardinghosts.php HTTP/1.1" 200 27 "-" "rspamd-3.9.1" 2024-08-21 23:29:12 172.22.1.12 - - [21/Aug/2024:23:29:12 +0300] "HEAD / HTTP/1.1" 200 0 "-" "curl/8.9.0" 2024-08-21 23:29:13 172.22.1.12 - - [21/Aug/2024:23:29:13 +0300] "GET / HTTP/1.1" 301 169 "-" "curl/8.9.0" "-" 2024-08-21 23:29:42 172.22.1.10 - - [21/Aug/2024:23:29:42 +0300] "HEAD /settings.php HTTP/1.1" 304 0 "-" "rspamd-3.9.1" 2024-08-21 23:29:43 172.22.1.13 - - [21/Aug/2024:23:29:43 +0300] "GET / HTTP/1.1" 200 15 "-" "check_http/v (nagios-plugins 2.4.5)" 2024-08-21 23:29:52 172.22.1.10 - - [21/Aug/2024:23:29:52 +0300] "HEAD /forwardinghosts.php HTTP/1.1" 200 0 "-" "rspamd-3.9.1" 2024-08-21 23:29:57 172.22.1.10 - - [21/Aug/2024:23:29:57 +0300] "GET /forwardinghosts.php HTTP/1.1" 200 27 "-" "rspamd-3.9.1" 2024-08-21 23:30:19 127.0.0.1 - - [21/Aug/2024:23:30:19 +0300] "GET / HTTP/1.0" 200 26586 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:129.0) Gecko/20100101 Firefox/129.0" ``` .env: ``` MAILCOW_HOSTNAME=mail.somesite.com HTTP_PORT=8080 HTTP_BIND=127.0.0.1 HTTPS_PORT=443 HTTPS_BIND=127.0.0.1 ```

> @"AKarakutsa"#p17912 I should add a script It's a config file, not a script. And the config you are referring to is for the Nginx instance acting as reverse proxy which is installed separately. Did you add the config to your mailcow Nginx directory? That's the wrong place... it has to be added to your Nginx package config directory

It looks like the config file was placed correctly, here is the path: `/mailcow/mailcow-dockerized/data/conf/nginx/redirect.conf` Here is docker-compose.yml path: `/mailcow/mailcow-dockerized/docker-compose.yml` nginx volumes: ``` volumes: - ./data/web:/web:ro,z - ./data/conf/rspamd/dynmaps:/dynmaps:ro,z - ./data/assets/ssl/:/etc/ssl/mail/:ro,z **- ./data/conf/nginx/:/etc/nginx/conf.d/:z** - ./data/conf/rspamd/meta_exporter:/meta_exporter:ro,z - sogo-web-vol-1:/usr/lib/GNUstep/SOGo/ ``` acme volumes ``` volumes: - ./data/web/.well-known/acme-challenge:/var/www/acme:z - ./data/assets/ssl:/var/lib/acme/:z **- ./data/assets/ssl-example:/var/lib/ssl-example/:ro,Z** - mysql-socket-vol-1:/var/run/mysqld/ ``` Will Let's Encrypt keys will be generated authomatically or should I generate them separately and put them to `/mailcow/mailcow-dockerized/data/assets/ssl` or `/mailcow/mailcow-dockerized/data/assets/ssl/acme` or `/mailcow/mailcow-dockerized/data/assets/ssl-example` ?

> @"AKarakutsa"#p17912 now I have a problem with HTTPS proper setup. I guess you have no problem with mailcow if you set it up according to the documentation. Lets Encrypt ACME client will get the certificates automatically, as written here: https://docs.mailcow.email/post_installation/firststeps-ssl/#lets-encrypt-out-of-the-box BUT the prerequisite is that your DNS setup is correct and that all needed firewall ports are open. There is no need to mess around with mailcows nginx config files or docker compose files for a plain installation. Any changes to the docker compose file will be overwritten by next update.

I need help to start Mailcow in Docker environment

AKarakutsa

https://docs.mailcow.email/manual-guides/u_e-80_to_443/?h=http

Actual DNS Records (I will update them in a few days, but even now records looks good for ACME that cannot define A or AAAA record):

esackbauer

of course that won’t work, because you are not following the documentation.
There is a minimum DNS configuration, else Lets Encrypt will not work.

Please start over and read the documentation from the beginning and check you have all requirements met.

ad redirect http to https, have you actually read the part in bold letters? It has nothing to do with Lets Encrypt, and the whole topic is obsolete.
And with so little knowledge about basic server operations, you want to run a really complex mail server?
Prone for disaster…

« Previous Page