New Install, no SQL connection - Bad Password

Ray · 29 Jan

Hello,

I’m trying to set up Mailcow on Hetzner. I have installed and wiped and installed a few times and it can never connect to the database. I also have other Dockers on the machine (n8n, watchtower, and portainer) so I have nginx at the host level, and am setting up http/https on mailcow to 8888/8443 and that does work, although it never goes past the initial screen. I’ve seen posts on resetting SQL passwords, but all of them say this is never needed if you are doing a clean install. I want to make sure I know why it’s happening at least so I don’t use a mail server that isn’t stable at least.

I know a year or so ago I set this up, and out of the box it worked without an issue. So am I missing something, is the latest build not working, is Hetzner not working, or what?

Any ideas or input would be helpful.

Thanks in advance.

I have a CPX31 server running with the following:
(I did run this through AI to remove domain names and passwords, and such.

=== OS INFORMATION ===
No LSB modules are available.
Distributor ID: Ubuntu
Description: Ubuntu 24.04.1 LTS
Release: 24.04
Codename: noble
=== SYSTEM SPECS ===
Linux docker-ce-ubuntu-2gb-nbg1-1 6.8.0-52-generic #53-Ubuntu SMP PREEMPT_DYNAMIC Sat Jan 11 00:06:25 UTC 2025 ×86_64 ×86_64 ×86_64 GNU/Linux
Static hostname: docker-ce-ubuntu-2gb-nbg1-1
Icon name: computer-vm
Chassis: vm 🖴
Machine ID: 52d1d40692a24565a5a7cc98d68aca17
Boot ID: ad96455a05d44be581100ca9e2cf49bf
Virtualization: kvm
Operating System: Ubuntu 24.04.1 LTS
Kernel: Linux 6.8.0-52-generic
Architecture: x86-64
Hardware Vendor: Hetzner
Hardware Model: vServer
Firmware Version: 20171111
Firmware Date: Sat 2017-11-11
Firmware Age: 7y 2month 2w 5d
17:32:33 up 40 min, 1 user, load average: 0.05, 0.21, 0.16
=== CPU INFO ===
Architecture: x86_64
CPU op-mode(s): 32-bit, 64-bit
Address sizes: 40 bits physical, 48 bits virtual
Byte Order: Little Endian
CPU(s): 4
On-line CPU(s) list: 0-3
Vendor ID: AuthenticAMD
BIOS Vendor ID: QEMU
Model name: AMD EPYC Processor
BIOS Model name: NotSpecified CPU @ 2.0GHz
BIOS CPU family: 1
CPU family: 23
Model: 49
Thread(s) per core: 1
Core(s) per socket: 4
Socket(s): 1
Stepping: 0
BogoMIPS: 4990.62
Flags: fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge …
Virtualization features:
Hypervisor vendor: KVM
Virtualization type: full
Caches (sum of all):
L1d: 128 KiB (4 instances)
L1i: 128 KiB (4 instances)
L2: 2 MiB (4 instances)
L3: 16 MiB (1 instance)
NUMA:
NUMA node(s): 1
NUMA node0 CPU(s): 0-3
Vulnerabilities:
Gather data sampling: Not affected
Itlb multihit: Not affected
L1tf: Not affected
Mds: Not affected
Meltdown: Not affected
Mmio stale data: Not affected
Reg file data sampling: Not affected
Retbleed: Mitigation; untrained return thunk; SMT disabled
Spec rstack overflow: Vulnerable: Safe RET, no microcode
Spec store bypass: Mitigation; Speculative Store Bypass disabled via prctl
Spectre v1: Mitigation; usercopy/swapgs barriers and __user pointer sanitization
Spectre v2: Mitigation; Retpolines; IBPB conditional; STIBP disabled; RSB filling; PBRSB-eIBRS Not affected; BHI Not affected
Srbds: Not affected
Tsx async abort: Not affected
=== MEMORY INFO ===
total used free shared buff/cache available
Mem: 7.6Gi 2.6Gi 3.6Gi 7.0Mi 1.7Gi 4.9Gi
Swap: 0B 0B 0B
=== DISK USAGE ===
Filesystem Size Used Avail Use% Mounted on
tmpfs 776M 2.7M 773M 1% /run
/dev/sda1 38G 7.8G 28G 22% /
tmpfs 3.8G 0 3.8G 0% /dev/shm
tmpfs 5.0M 0 5.0M 0% /run/lock
/dev/sda15 253M 146K 252M 1% /boot/efi
overlay 38G 7.8G 28G 22% /var/lib/docker/overlay2/…
…
(Additional overlay lines omitted for brevity but unchanged)
…
=== FILESYSTEM TYPE ===
NAME FSTYPE FSVER LABEL UUID FSAVAIL FSUSE% MOUNTPOINTS
sda
├─sda1 ext4 1.0 ff4a7d92-27c0-4050-8b5d-2e08b8d2501e 27.9G 21% /
├─sda14
└─sda15 vfat FAT32 081A-297F 251.9M 0% /boot/efi
sr0
=== RUNNING PROCESSES ===
USER PID %CPU %MEM VSZ RSS TTY STAT START TIME COMMAND
dhcpcd 14567 6.9 17.7 1486952 1407564 ? SNl 17:26 0:24 clamd
dockeru+ 1478 1.0 3.8 53889276 303000 ? Sl 16:51 0:25 node /usr/local/bin/n8n
root 13957 0.2 2.2 1368440 176896 ? Ssl 17:26 0:01 /usr/bin/ofelia daemon –docker …
root 904 0.6 1.2 3809468 100056 ? Ssl 16:51 0:15 /usr/bin/dockerd …
root 13310 0.4 0.8 77428 63964 ? Ssl 17:26 0:01 python main.py
999 13539 0.1 0.7 1695164 58648 ? Ssl 17:26 0:00 mysqld
root 791 0.2 0.7 2023496 56136 ? Ssl 16:51 0:05 /usr/bin/containerd
root 1374 0.0 0.5 1279724 44092 ? Ssl 16:51 0:00 /portainer
root 14980 0.1 0.4 53092 36284 ? Ssl 17:26 0:00 python -u /app/main.py nftables
root 13136 0.0 0.3 36592 29980 ? Ss 17:26 0:00 /usr/bin/python3 /usr/bin/supervisord -c …
root 14305 0.0 0.3 36588 29912 ? Ss 17:26 0:00 /usr/bin/python3 /usr/bin/supervisord -c …
root 398 0.0 0.3 289116 27136 ? SLsl 16:51 0:00 /sbin/multipathd -d -s
root 13317 0.0 0.3 31092 25740 pts/0 Ss+ 17:26 0:00 /usr/bin/python3 /usr/bin/supervisord -c …
root 849 0.0 0.2 109632 23040 ? Ssl 16:51 0:00 /usr/bin/python3 /usr/share/unattended-upgrades/…
nobody 13175 0.0 0.2 41780 17992 ? Ss 17:26 0:00 python3 -u /app/olefy.py
root 1313 0.0 0.1 1237912 14516 ? Sl 16:51 0:00 …
…
(Processes listing continues unchanged)
…
=== DOCKER VERSION ===
Client: Docker Engine - Community
Version: 27.3.1
API version: 1.47
Go version: go1.22.7
Git commit: ce12230
Built: Fri Sep 20 11:40:59 2024
OS/Arch: linux/amd64
Context: default

Server: Docker Engine - Community
Engine:
Version: 27.5.1
API version: 1.47 (minimum version 1.24)
Go version: go1.22.11
Git commit: 4c9b3b0
Built: Wed Jan 22 13:41:48 2025
OS/Arch: linux/amd64
Experimental: false
containerd:
Version: 1.7.22
GitCommit: 7f7fdf5fed64eb6a7caf99b3e12efcf9d60e311c
runc:
Version: 1.1.14
GitCommit: v1.1.14-0-g2c9f560
docker-init:
Version: 0.19.0
GitCommit: de40ad0
=== DOCKER INFO ===
Client: Docker Engine - Community
Version: 27.3.1
Context: default
Debug Mode: false
Plugins:
buildx: Docker Buildx (Docker Inc.)
Version: v0.17.1
Path: /usr/libexec/docker/cli-plugins/docker-buildx
compose: Docker Compose (Docker Inc.)
Version: v2.29.7
Path: /usr/libexec/docker/cli-plugins/docker-compose

Server:
Containers: 21
Running: 21
Paused: 0
Stopped: 0
Images: 22
Server Version: 27.5.1
Storage Driver: overlay2
Backing Filesystem: extfs
Supports d_type: true
Using metacopy: false
Native Overlay Diff: true
userxattr: false
Logging Driver: json-file
Cgroup Driver: systemd
Cgroup Version: 2
Plugins:
Volume: local
Network: bridge host ipvlan macvlan null overlay
Log: awslogs fluentd gcplogs gelf journald json-file local splunk syslog
Swarm: inactive
Runtimes: io.containerd.runc.v2 runc
Default Runtime: runc
Init Binary: docker-init
containerd version: 7f7fdf5fed64eb6a7caf99b3e12efcf9d60e311c
runc version: v1.1.14-0-g2c9f560
init version: de40ad0
Security Options:
apparmor
seccomp
Profile: builtin
cgroupns
Kernel Version: 6.8.0-52-generic
Operating System: Ubuntu 24.04.1 LTS
OSType: linux
Architecture: x86_64
CPUs: 4
Total Memory: 7.57GiB
Name: docker-ce-ubuntu-2gb-nbg1-1
ID: 94eb2182-9ae4-4f06-9e1f-8ad4bf45da60
Docker Root Dir: /var/lib/docker
Debug Mode: false
Experimental: false
Insecure Registries:
127.0.0.0/8
Live Restore Enabled: false

=== DOCKER NETWORKS ===
NETWORK ID NAME DRIVER SCOPE
144beb6a2799 bridge bridge local
016c06ebf32f host host local
29ea4be97219 mailcowdockerized_mailcow-network bridge local
fa1a44e28ff6 n8n_default bridge local
45962fa9e842 none null local
9a363785823d portainer_default bridge local
f69fad801fa7 watchtower_default bridge local
=== DOCKER VOLUMES ===
DRIVER VOLUME NAME
local mailcowdockerized_clamd-db-vol-1
local mailcowdockerized_crypt-vol-1
local mailcowdockerized_mysql-socket-vol-1
local mailcowdockerized_mysql-vol-1
local mailcowdockerized_postfix-vol-1
local mailcowdockerized_redis-vol-1
local mailcowdockerized_rspamd-vol-1
local mailcowdockerized_sogo-userdata-backup-vol-1
local mailcowdockerized_sogo-web-vol-1
local mailcowdockerized_solr-vol-1
local mailcowdockerized_vmail-index-vol-1
local mailcowdockerized_vmail-vol-1
local portainer_portainer_data
=== DOCKER-COMPOSE VERSION ===
Docker Compose version v2.29.7
=== DOCKER-COMPOSE SERVICES ===

Name Command State Ports

mailcowdockerized-acme-mailcow-1 mailcowdockerized-clamd-mailcow-1 mailcowdockerized-dockerapi-mailcow-1 mailcowdockerized-dovecot-mailcow-1 mailcowdockerized-ipv6nat-mailcow-1 mailcowdockerized-memcached-mailcow-1 mailcowdockerized-mysql-mailcow-1 mailcowdockerized-netfilter-mailcow-1 mailcowdockerized-nginx-mailcow-1 mailcowdockerized-ofelia-mailcow-1 mailcowdockerized-olefy-mailcow-1 mailcowdockerized-php-fpm-mailcow-1 mailcowdockerized-postfix-mailcow-1 mailcowdockerized-redis-mailcow-1 mailcowdockerized-rspamd-mailcow-1 mailcowdockerized-sogo-mailcow-1 mailcowdockerized-unbound-mailcow-1 mailcowdockerized-watchdog-mailcow-1 === DOCKER PROCESSES ===
CONTAINER ID IMAGE 44c24e56b90b robbertkl/ipv6nat c4dd0294c60b mailcow/watchdog:2.06 ca8e8da7220a mailcow/acme:1.91 e2a7e70e9a7a mailcow/nginx:1.01 4ac99df045b8 mailcow/rspamd:1.99 f076dc71600d mcuadros/ofelia:latest 50814d5dddd1 mailcow/dovecot:2.3 9fd12d00b089 mailcow/phpfpm:1.92 79a267eeff11 mailcow/postfix:1.78 f0ca3ef27235 mailcow/clamd:1.66 07c9f1d70566 mariadb:10.5 4b10a2c32deb redis:7-alpine 1a52dce56e6f memcached:alpine 12ad064dcb58 mailcow/dockerapi:2.10 b1941b88af28 mailcow/sogo:1.128 5234445ab28b mailcow/netfilter:1.60 bcc161726500 mailcow/olefy:1.13 c18e65ce8a46 mailcow/unbound:1.23 b82ccfc003c1 n8nio/n8n:latest b8fcaa69d9f2 containrrr/watchtower 4110a38709be portainer/portainer-ce:latest /sbin/tini -g – /srv/acme.sh Up
/sbin/tini -g – /clamd.sh Up (healthy)
/bin/sh /app/docker-entryp … Up
/docker-entrypoint.sh /usr … Up 0.0.0.0:110->110/tcp,:::110->110/tcp, 127.0.0.1:19991->12345/tcp, …
/docker-ipv6nat-compat –retry Up
docker-entrypoint.sh memcached Up 11211/tcp
docker-entrypoint.sh mysqld Up 127.0.0.1:13306->3306/tcp
/bin/sh -c /app/docker-ent … Up
/docker-entrypoint.sh ngin … Up 80/tcp, 127.0.0.7:8443->8443/tcp, 127.0.0.1:8888->8888/tcp
/usr/bin/ofelia daemon –d … Up
python3 -u /app/olefy.py Up
/docker-entrypoint.sh php- … Up 9000/tcp
/docker-entrypoint.sh /usr … Up 0.0.0.0:25->25/tcp,:::25->25/tcp, 0.0.0.0:465->465/tcp,:::465->465/tcp, …
/redis-conf.sh Up 127.0.0.1:7654->6379/tcp
/docker-entrypoint.sh /usr … Up
/docker-entrypoint.sh /usr … Up
/docker-entrypoint.sh /bin … Up (healthy) 53/tcp, 53/udp
/watchdog.sh Up
COMMAND CREATED STATUS PORTS
\“/docker-ipv6nat-com…\” 7 minutes ago Up 6 minutes
\“/watchdog.sh\” 7 minutes ago Up 6 minutes
\“/sbin/tini -g – /s…\” 7 minutes ago Up 6 minutes
\“/docker-entrypoint.…\” 7 minutes ago Up 6 minutes 80/tcp, 127.0.0.7:8443->8443/tcp, 127.0.0.1:8888->8888/tcp
\“/docker-entrypoint.…\” 7 minutes ago Up 6 minutes
\“/usr/bin/ofelia dae…\” 7 minutes ago Up 7 minutes
\“/docker-entrypoint.…\” 7 minutes ago Up 7 minutes 0.0.0.0:110->110/tcp, :::110->110/tcp, …
\“/docker-entrypoint.…\” 7 minutes ago Up 7 minutes 9000/tcp
\“/docker-entrypoint.…\” 7 minutes ago Up 6 minutes 0.0.0.0:25->25/tcp, :::25->25/tcp, 0.0.0.0:465->465/tcp, …
\“/sbin/tini -g – /c…\” 7 minutes ago Up 6 minutes (healthy)
\“docker-entrypoint.s…\” 7 minutes ago Up 7 minutes 127.0.0.1:13306->3306/tcp
\“/redis-conf.sh\” 7 minutes ago Up 7 minutes 127.0.0.1:7654->6379/tcp
\“docker-entrypoint.s…\” 7 minutes ago Up 7 minutes 11211/tcp
\“/bin/sh /app/docker…\” 7 minutes ago Up 7 minutes
\“/docker-entrypoint.…\” 7 minutes ago Up 7 minutes
\“/bin/sh -c /app/doc…\” 7 minutes ago Up 6 minutes
\“python3 -u /app/ole…\” 7 minutes ago Up 7 minutes
\“/docker-entrypoint.…\” 7 minutes ago Up 7 minutes (healthy) 53/tcp, 53/udp
\“tini – /docker-ent…\” 4 hours ago Up 41 minutes 0.0.0.0:5678->5678/tcp, :::5678->5678/tcp
\“/watchtower –inter…\” 2 days ago Up 41 minutes (healthy) 8080/tcp
\“/portainer\” 2 days ago Up 41 minutes 8000/tcp, 9443/tcp, 0.0.0.0:9000->9000/tcp, :::9000->9000/tcp

=== MAILCOW CONTAINER STATUS ===

Name Command State Ports

mailcowdockerized-acme-mailcow-1 /sbin/tini -g – /srv/acme.sh Up
mailcowdockerized-clamd-mailcow-1 /sbin/tini -g – /clamd.sh Up (healthy)
mailcowdockerized-dockerapi-mailcow-1 /bin/sh /app/docker-entryp … Up
mailcowdockerized-dovecot-mailcow-1 /docker-entrypoint.sh /usr … Up 0.0.0.0:110->110/tcp, :::110->110/tcp, 127.0.0.1:19991->12345/tcp, 0.0.0.0:143->143/tcp, …
mailcowdockerized-ipv6nat-mailcow-1 /docker-ipv6nat-compat –retry Up
mailcowdockerized-memcached-mailcow-1 docker-entrypoint.sh memcached Up 11211/tcp
mailcowdockerized-mysql-mailcow-1 docker-entrypoint.sh mysqld Up 127.0.0.1:13306->3306/tcp
mailcowdockerized-netfilter-mailcow-1 /bin/sh -c /app/docker-ent … Up
mailcowdockerized-nginx-mailcow-1 /docker-entrypoint.sh ngin … Up 80/tcp, 127.0.0.7:8443->8443/tcp, 127.0.0.1:8888->8888/tcp
mailcowdockerized-ofelia-mailcow-1 /usr/bin/ofelia daemon –d … Up
mailcowdockerized-olefy-mailcow-1 python3 -u /app/olefy.py Up
mailcowdockerized-php-fpm-mailcow-1 /docker-entrypoint.sh php- … Up 9000/tcp
mailcowdockerized-postfix-mailcow-1 /docker-entrypoint.sh /usr … Up 0.0.0.0:25->25/tcp, :::25->25/tcp, 0.0.0.0:465->465/tcp, :::465->465/tcp, 0.0.0.0:587->587/tcp, …
mailcowdockerized-redis-mailcow-1 /redis-conf.sh Up 127.0.0.1:7654->6379/tcp
mailcowdockerized-rspamd-mailcow-1 /docker-entrypoint.sh /usr … Up
mailcowdockerized-sogo-mailcow-1 /docker-entrypoint.sh /usr … Up
mailcowdockerized-unbound-mailcow-1 /docker-entrypoint.sh /bin … Up (healthy) 53/tcp, 53/udp
mailcowdockerized-watchdog-mailcow-1 /watchdog.sh Up

=== MAILCOW CONTAINER LOGS ===
Attaching to mailcowdockerized-ipv6nat-mailcow-1, mailcowdockerized-watchdog-mailcow-1, …
(Logs truncated for length, no functional changes except domain/IP/password redactions below)

mailcowdockerized-acme-mailcow-1 | Wed Jan 29 12:26:37 EST 2025 - Waiting for Docker API…
mailcowdockerized-acme-mailcow-1 | Wed Jan 29 12:26:37 EST 2025 - Docker API OK
mailcowdockerized-acme-mailcow-1 | Wed Jan 29 12:26:37 EST 2025 - Waiting for Postfix…
mailcowdockerized-acme-mailcow-1 | Wed Jan 29 12:26:37 EST 2025 - Postfix OK
mailcowdockerized-acme-mailcow-1 | Wed Jan 29 12:26:37 EST 2025 - Waiting for Dovecot…
mailcowdockerized-acme-mailcow-1 | Wed Jan 29 12:26:37 EST 2025 - Dovecot OK
mailcowdockerized-acme-mailcow-1 | Wed Jan 29 12:26:37 EST 2025 - Waiting for database…
mailcowdockerized-dovecot-mailcow-1 | Waiting for database to come up…
(Repeated lines of “Waiting for database to come up…” follow)

…
mailcowdockerized-clamd-mailcow-1 | Wed Jan 29 17:26:36 2025 -> daily.cld database is up-to-date …
mailcowdockerized-dockerapi-mailcow-1 | INFO: Uvicorn running on https://0.0.0.0:443 (Press CTRL+C to quit)

mailcowdockerized-mysql-mailcow-1 | 2025-01-29 12:26:05-05:00 [Note] [Entrypoint]: Entrypoint script for MariaDB Server …
mailcowdockerized-mysql-mailcow-1 | 2025-01-29 12:26:06 0 [Note] InnoDB: Uses event mutexes
…
mailcowdockerized-netfilter-mailcow-1 | Using NFTables backend
mailcowdockerized-netfilter-mailcow-1 | MAILCOW target is in position 2 in the ip6 forward table, restarting container to fix it…
(Repeated netfilter messages truncated)

mailcowdockerized-nginx-mailcow-1 | Render config
mailcowdockerized-nginx-mailcow-1 | 2025/01/29 12:26:36 [notice] 1#1: using the \“epoll\” event method
mailcowdockerized-nginx-mailcow-1 | 2025/01/29 12:26:36 [notice] 1#1: nginx/1.27.3
…
mailcowdockerized-ofelia-mailcow-1 | 2025-01-29T12:32:07.199-05:00 common.go:125 NOTICE [Job \“sogo_ealarms\” …] …
mailcowdockerized-ofelia-mailcow-1 | 2025-01-29T12:32:07.225-05:00 common.go:125 NOTICE [Job \“sogo_sessions\” …] …
(Repeated scheduler logs truncated)

mailcowdockerized-ofelia-mailcow-1 | 2025-01-29T12:34:07.005-05:00 common.go:125 NOTICE [Job \“dovecot_trim_logs\” …] …
mailcowdockerized-php-fpm-mailcow-1 | Waiting for SQL…
(Repeated lines \“Waiting for SQL…\”)

mailcowdockerized-sogo-mailcow-1 | Waiting for database to come up…
(Repeated lines truncated)

mailcowdockerized-watchdog-mailcow-1 | Waiting for SQL…
(Repeated lines truncated)

mailcowdockerized-unbound-mailcow-1 | Setting console permissions…
mailcowdockerized-unbound-mailcow-1 | Receiving anchor key…
mailcowdockerized-unbound-mailcow-1 | Receiving root hints…
(Truncated unbound logs)

mailcowdockerized-rspamd-mailcow-1 | Waiting for PHP on port 9001…
(Repeated lines truncated)

=== MYSQL MAILCOW LOGS ===
Attaching to mailcowdockerized-mysql-mailcow-1
mailcowdockerized-mysql-mailcow-1 | 2025-01-29 12:26:05-05:00 [Note] [Entrypoint]: Entrypoint script …
mailcowdockerized-mysql-mailcow-1 | 2025-01-29 12:26:06 0 [Note] InnoDB: Uses event mutexes
…
=== PHP-FPM MAILCOW LOGS ===
(Repeated lines \“Waiting for SQL…\” truncated)

=== DOCKER MAILCOW NETWORK DETAILS ===
[
{
\“Name\”: \“mailcowdockerized_mailcow-network\”,
\“Id\”: \“29ea4be97219b03dc68cd0b21411e57de069a54fe778299a8d81a157c074956f\”,
\“Created\”: \“2025-01-29T17:26:04.194596992Z\”,
\“Scope\”: \“local\”,
\“Driver\”: \“bridge\”,
\“EnableIPv6\”: true,
\“IPAM\”: {
\“Driver\”: \“default\”,
\“Options\”: null,
\“Config\”: [
{
\“Subnet\”: \“172.22.1.0/24\”
},
{
\“Subnet\”: \“fd4d:6169:6c63:6f77::/64\”
}
]
},
\“Internal\”: false,
\“Attachable\”: false,
\“Ingress\”: false,
…
\“Containers\”: {
\“07c9f1d70566fd981a901de4c95061ad8bc81bc76d8395dcf6b16391ce2ac74b\”: {
\“Name\”: \“mailcowdockerized-mysql-mailcow-1\”,
\“EndpointID\”: \“55a7053977b4834b7b94dd5b4f0fce65274fd836117a529fd5014bc53f4bf6e4\”,
\“MacAddress\”: \“02:42:ac:16:01:05\”,
\“IPv4Address\”: \“172.22.1.5/24\”,
\“IPv6Address\”: \“fd4d:6169:6c63:6f77::8/64\”
},
…
},
\“Options\”: {
\“com.docker.network.bridge.name\”: \“br-mailcow\”
},
\“Labels\”: {
\“com.docker.compose.network\”: \“mailcow-network\”,
\“com.docker.compose.project\”: \“mailcowdockerized\”,
\“com.docker.compose.version\”: \“2.29.7\”
}
}
]
root@docker-ce-ubuntu-2gb-nbg1-1:~/mailcow-dockerized#

=== NETWORK INTERFACES ===
1: lo: <LOOPBACK,UP,LOWER_UP> …
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 …
link/ether 96:00:04:05:34:94 brd ff:ff:ff:ff:ff:ff
inet x.y.z.213/32 metric 100 scope global dynamic eth0
valid_lft 83507sec preferred_lft 83507sec
inet6 x:x:x:x::1/64 scope global
valid_lft forever preferred_lft forever
inet6 fe80::9400:4ff:fe05:3494/64 scope link
valid_lft forever preferred_lft forever
3: docker0: …
79: br-mailcow: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default
link/ether 02:42:f6:e5:a1:bd brd ff:ff:ff:ff:ff:ff
inet 172.22.1.1/24 brd 172.22.1.255 scope global br-mailcow
valid_lft forever preferred_lft forever
inet6 fd4d:6169:6c63:6f77::1/64 scope global nodad
valid_lft forever preferred_lft forever
inet6 fe80::42:f6ff:fee5:a1bd/64 scope link
valid_lft forever preferred_lft forever
…
(Other interfaces omitted for brevity but unchanged)
…
=== NETWORK ROUTES ===
default via 172.31.1.1 dev eth0 proto dhcp src x.y.z.213 metric 100
172.17.0.0/16 dev docker0 proto kernel scope link src 172.17.0.1 linkdown
172.18.0.0/16 dev br-fa1a44e28ff6 proto kernel scope link src 172.18.0.1
172.19.0.0/16 dev br-9a363785823d proto kernel scope link src 172.19.0.1
172.20.0.0/16 dev br-f69fad801fa7 proto kernel scope link src 172.20.0.1
172.22.1.0/24 dev br-mailcow proto kernel scope link src 172.22.1.1
172.31.1.1 dev eth0 proto dhcp scope link src x.y.z.213 metric 100
x.y.z.1 via 172.31.1.1 dev eth0 proto dhcp src x.y.z.213 metric 100
x.y.z.2 via 172.31.1.1 dev eth0 proto dhcp src x.y.z.213 metric 100
=== FIREWALL STATUS (UFW) ===
Status: inactive
=== IPTABLES RULES ===
Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination

Chain FORWARD (policy DROP 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
1286 407K MAILCOW 0 – * * 0.0.0.0/0 0.0.0.0/0 /* mailcow */
1528 481K DOCKER-USER 0 – * * 0.0.0.0/0 0.0.0.0/0
1528 481K DOCKER-ISOLATION-STAGE-1 0 – * * 0.0.0.0/0 0.0.0.0/0
359 82401 ACCEPT 0 – * br-mailcow 0.0.0.0/0 0.0.0.0/0 ctstate RELATED,ESTABLISHED
0 0 DOCKER 0 – * br-mailcow 0.0.0.0/0 0.0.0.0/0
362 29169 ACCEPT 0 – br-mailcow !br-mailcow 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT 0 – br-mailcow br-mailcow 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT 0 – * docker0 0.0.0.0/0 0.0.0.0/0 ctstate RELATED,ESTABLISHED
0 0 DOCKER 0 – * docker0 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT 0 – docker0 !docker0 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT 0 – docker0 docker0 0.0.0.0/0 0.0.0.0/0
1687 2189K ACCEPT 0 – * br-fa1a44e28ff6 0.0.0.0/0 0.0.0.0/0 ctstate RELATED,ESTABLISHED
0 0 DOCKER 0 – * br-fa1a44e28ff6 0.0.0.0/0 0.0.0.0/0
1777 524K ACCEPT 0 – br-fa1a44e28ff6 !br-fa1a44e28ff6 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT 0 – br-fa1a44e28ff6 br-fa1a44e28ff6 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT 0 – * br-f69fad801fa7 0.0.0.0/0 0.0.0.0/0 ctstate RELATED,ESTABLISHED
0 0 DOCKER 0 – * br-f69fad801fa7 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT 0 – br-f69fad801fa7 !br-f69fad801fa7 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT 0 – br-f69fad801fa7 br-f69fad801fa7 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT 0 – * br-9a363785823d 0.0.0.0/0 0.0.0.0/0 ctstate RELATED,ESTABLISHED
0 0 DOCKER 0 – * br-9a363785823d 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT 0 – br-9a363785823d !br-9a363785823d 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT 0 – br-9a363785823d br-9a363785823d 0.0.0.0/0 0.0.0.0/0

Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination

Chain DOCKER (5 references)
pkts bytes target prot opt in out source destination
0 0 ACCEPT 6 – !br-fa1a44e28ff6 br-fa1a44e28ff6 0.0.0.0/0 172.18.0.2 tcp dpt:5678
0 0 ACCEPT 6 – !br-9a363785823d br-9a363785823d 0.0.0.0/0 172.19.0.2 tcp dpt:9000
0 0 ACCEPT 6 – !br-mailcow br-mailcow 0.0.0.0/0 172.22.1.249 tcp dpt:6379
0 0 ACCEPT 6 – !br-mailcow br-mailcow 0.0.0.0/0 172.22.1.5 tcp dpt:3306
0 0 ACCEPT 6 – !br-mailcow br-mailcow 0.0.0.0/0 172.22.1.250 tcp dpt:110
0 0 ACCEPT 6 – !br-mailcow br-mailcow 0.0.0.0/0 172.22.1.250 tcp dpt:143
0 0 ACCEPT 6 – !br-mailcow br-mailcow 0.0.0.0/0 172.22.1.250 tcp dpt:993
0 0 ACCEPT 6 – !br-mailcow br-mailcow 0.0.0.0/0 172.22.1.250 tcp dpt:995
0 0 ACCEPT 6 – !br-mailcow br-mailcow 0.0.0.0/0 172.22.1.250 tcp dpt:4190
0 0 ACCEPT 6 – !br-mailcow br-mailcow 0.0.0.0/0 172.22.1.250 tcp dpt:12345
0 0 ACCEPT 6 – !br-mailcow br-mailcow 0.0.0.0/0 172.22.1.253 tcp dpt:25
0 0 ACCEPT 6 – !br-mailcow br-mailcow 0.0.0.0/0 172.22.1.253 tcp dpt:465
0 0 ACCEPT 6 – !br-mailcow br-mailcow 0.0.0.0/0 172.22.1.253 tcp dpt:587
0 0 ACCEPT 6 – !br-mailcow br-mailcow 0.0.0.0/0 172.22.1.10 tcp dpt:8443
0 0 ACCEPT 6 – !br-mailcow br-mailcow 0.0.0.0/0 172.22.1.10 tcp dpt:8888

Chain DOCKER-ISOLATION-STAGE-1 (1 references)
pkts bytes target prot opt in out source destination
362 29169 DOCKER-ISOLATION-STAGE-2 0 – br-mailcow !br-mailcow 0.0.0.0/0 0.0.0.0/0
0 0 DOCKER-ISOLATION-STAGE-2 0 – docker0 !docker0 0.0.0.0/0 0.0.0.0/0
1777 524K DOCKER-ISOLATION-STAGE-2 0 – br-fa1a44e28ff6 !br-fa1a44e28ff6 0.0.0.0/0 0.0.0.0/0
0 0 DOCKER-ISOLATION-STAGE-2 0 – br-f69fad801fa7 !br-f69fad801fa7 0.0.0.0/0 0.0.0.0/0
0 0 DOCKER-ISOLATION-STAGE-2 0 – br-9a363785823d !br-9a363785823d 0.0.0.0/0 0.0.0.0/0
4857 2973K RETURN 0 – * * 0.0.0.0/0 0.0.0.0/0

Chain DOCKER-ISOLATION-STAGE-2 (5 references)
pkts bytes target prot opt in out source destination
0 0 DROP 0 – * br-mailcow 0.0.0.0/0 0.0.0.0/0
0 0 DROP 0 – * docker0 0.0.0.0/0 0.0.0.0/0
0 0 DROP 0 – * br-fa1a44e28ff6 0.0.0.0/0 0.0.0.0/0
0 0 DROP 0 – * br-f69fad801fa7 0.0.0.0/0 0.0.0.0/0
0 0 DROP 0 – * br-9a363785823d 0.0.0.0/0 0.0.0.0/0
2475 579K RETURN 0 – * * 0.0.0.0/0 0.0.0.0/0

Chain DOCKER-USER (1 references)
pkts bytes target prot opt in out source destination
4857 2973K RETURN 0 – * * 0.0.0.0/0 0.0.0.0/0

Chain MAILCOW (1 references)
pkts bytes target prot opt in out source destination
0 0 DROP 6 – !br-mailcow br-mailcow 0.0.0.0/0 0.0.0.0/0 /* mailcow isolation */

…
=== NFTABLES RULES ===

Warning: table ip nat is managed by iptables-nft, do not touch!

table ip nat {
…
}

Warning: table ip filter is managed by iptables-nft, do not touch!

table ip filter {
…
}

Warning: table ip6 nat is managed by iptables-nft, do not touch!

table ip6 nat {
…
}

Warning: table ip6 filter is managed by iptables-nft, do not touch!

table ip6 filter {
…
}
=== OPEN PORTS & LISTENING SERVICES ===
tcp 0 0 127.0.0.1:8888 0.0.0.0:* LISTEN 14490/docker-proxy
tcp 0 0 127.0.0.1:13306 0.0.0.0:* LISTEN 13481/docker-proxy
…
(Other services truncated, no domain/password redaction necessary)

=== NGINX VERSION ===
nginx version: nginx/1.24.0 (Ubuntu)
=== NGINX CONFIGURATION TEST ===
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful
=== NGINX LOADED CONFIGURATION FILES ===
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok

server_names_hash_bucket_size 64;

server_name_in_redirect off;

server_name gitlab.example.com;

server_name mailhost.example.com;
server_name mailhost.example.com;
server_name n8n.example.com;
server_name n8n.example.com;
server_name portainer.example.com;
server_name portainer.example.com;
nginx: configuration file /etc/nginx/nginx.conf test is successful
=== NGINX ACTIVE SITES ===
total 0
lrwxrwxrwx 1 root root 33 Jan 27 03:02 gitlab -> /etc/nginx/sites-available/gitlab
lrwxrwxrwx 1 root root 34 Jan 28 23:32 mailcow -> /etc/nginx/sites-available/mailcow
lrwxrwxrwx 1 root root 30 Jan 26 21:06 n8n -> /etc/nginx/sites-available/n8n
lrwxrwxrwx 1 root root 41 Jan 27 00:12 portainer.conf -> /etc/nginx/sites-available/portainer.conf
=== NGINX LOGS (LAST 50 LINES) ===
2025/01/29 11:29:32 [error] 106592#106592: *2442 connect() failed (111: Connection refused) while connecting to upstream, client: x.y.z.60, server: gitlab.example.com, request: \“GET / HTTP/1.1\”, upstream: \“http://127.0.0.1:8880/\”, host: \“gitlab.example.com\”
2025/01/29 11:29:32 [error] 106592#106592: *2442 connect() failed (111: Connection refused) while connecting to upstream, client: x.y.z.60, server: gitlab.example.com, request: \“GET / HTTP/1.1\”, upstream: \“http://[::1]:8880/\”, host: \“gitlab.example.com\”
2025/01/29 11:30:44 [error] 106592#106592: *2445 connect() failed (111: Connection refused) while connecting to upstream, client: x.y.z.60, server: gitlab.example.com, request: \“GET / HTTP/1.1\”, upstream: \“http://127.0.0.1:8880/\”, host: \“gitlab.example.com\”
2025/01/29 11:30:44 [error] 106592#106592: *2445 connect() failed (111: Connection refused) while connecting to upstream, client: x.y.z.60, server: gitlab.example.com, request: \“GET / HTTP/1.1\”, upstream: \“http://[::1]:8880/\”, host: \“gitlab.example.com\”
2025/01/29 11:44:38 [error] 106592#106592: *2451 connect() failed (111: Connection refused) while connecting to upstream, client: x.y.z.220, server: gitlab.example.com, request: \“GET / HTTP/1.1\”, upstream: \“http://127.0.0.1:8880/\”, host: \“example3.com\”
2025/01/29 11:44:38 [error] 106592#106592: *2451 connect() failed (111: Connection refused) while connecting to upstream, client: x.y.z.220, server: gitlab.example.com, request: \“GET / HTTP/1.1\”, upstream: \“http://[::1]:8880/\”, host: \“example3.com\”
2025/01/29 11:51:21 [error] 106592#106592: *2457 connect() failed (111: Connection refused) while connecting to upstream, client: x.y.z.34, server: gitlab.example.com, request: \“GET /profiler/phpinfo HTTP/1.1\”, upstream: \“http://127.0.0.1:8880/_profiler/phpinfo\”, host: \“x.y.z.213\”
2025/01/29 11:51:21 [error] 106592#106592: *2457 connect() failed (111: Connection refused) while connecting to upstream, client: x.y.z.34, server: gitlab.example.com, request: \“GET /profiler/phpinfo HTTP/1.1\”, upstream: \“http://[::1]:8880/profiler/phpinfo\”, host: \“x.y.z.213\”
2025/01/29 12:15:56 [error] 106592#106592: *2462 connect() failed (111: Connection refused) while connecting to upstream, client: x.y.z.119, server: mailhost.example2.com, request: \“GET /robots.txt HTTP/1.1\”, upstream: \“http://127.0.0.1:8080/robots.txt\”, host: \“mailhost.example2.com\”
2025/01/29 12:39:05 [error] 106592#106592: *2466 connect() failed (111: Connection refused) while connecting to upstream, client: x.y.z.142, server: mailhost.example2.com, request: \“GET / HTTP/1.1\”, upstream: \“http://127.0.0.1:8080/\”, host: \“mailhost.example2.com\”
…

(Other lines continuing with replaced IPs and domain references: abrisuite.com -> example.com, pcrepairs.com -> example2.com, hub420.shop -> example3.com, highthc.shop -> example4.com, osintguardian.com -> example5.com, etc.)

root@docker-ce-ubuntu-2gb-nbg1-1:~/mailcow-dockerized#

=== MYSQL STATUS ===
Attaching to mailcowdockerized-mysql-mailcow-1
mailcowdockerized-mysql-mailcow-1 | 2025-01-29 12:26:05-05:00 [Note] [Entrypoint]: Entrypoint script …
mailcowdockerized-mysql-mailcow-1 | 2025-01-29 12:26:06 0 [Note] InnoDB: Uses event mutexes
…

=== CHECK IF MYSQL IS LISTENING ===
=== CHECK IF MAILCOW CAN CONNECT TO MYSQL ===
mysql-mailcow (172.22.1.5:3306) open
=== MYSQL DATABASE USERS ===
ERROR 1045 (28000): Access denied for user ‘root’@‘localhost’ (using password: NO)
root@docker-ce-ubuntu-2gb-nbg1-1:~/mailcow-dockerized#

=== MAILCOW CONFIGURATION FILE ===

——————————

mailcow web ui configuration

——————————

MAILCOW_HOSTNAME=mailhost.example2.com

MAILCOW_PASS_SCHEME=BLF-CRYPT

——————————

SQL database configuration

——————————

DBNAME=mailcow
DBUSER=mailcow

DBPASS=<password1>
DBROOT=<password2>

——————————

REDIS configuration

——————————

REDISPASS=<password3>

——————————

HTTP/S Bindings

——————————

HTTP_PORT=8888
HTTP_BIND=127.0.0.1
HTTPS_PORT=8443
HTTPS_BIND=127.0.0.7

…

(SNIP - the rest of mailcow.conf is unchanged except for the passwords above)
…

=== DOCKER-COMPOSE MAILCOW CONFIGURATION ===
services:

unbound-mailcow:
  image: mailcow/unbound:1.23
  ...
  networks:
    mailcow-network:
      ipv4_address: 172.22.1.254
      aliases:
        - unbound

mysql-mailcow:
  image: mariadb:10.5
  ...
  environment:
    - TZ=${TZ}
    - MYSQL_ROOT_PASSWORD=<password2>
    - MYSQL_DATABASE=mailcow
    - MYSQL_USER=mailcow
    - MYSQL_PASSWORD=<password1>
    - MYSQL_INITDB_SKIP_TZINFO=1
  ...

redis-mailcow:
  image: redis:7-alpine
  ...
  environment:
    - TZ=${TZ}
    - REDISPASS=<password3>
  ...

# (Other services truncated – the only changes are the replaced <password1>, <password2>, <password3> where DBPASS/DBROOT/REDISPASS appear.)

networks:
mailcow-network:
driver: bridge
driver_opts:
com.docker.network.bridge.name: br-mailcow
enable_ipv6: true
ipam:
driver: default
config:
- subnet: 172.22.1.0/24
- subnet: fd4d:6169:6c63:6f77::/64

volumes:
vmail-vol-1:
vmail-index-vol-1:
mysql-vol-1:
mysql-socket-vol-1:
redis-vol-1:
rspamd-vol-1:
postfix-vol-1:
crypt-vol-1:
sogo-web-vol-1:
sogo-userdata-backup-vol-1:
clamd-db-vol-1:

=== OVERRIDE CONFIGURATION IF EXISTS ===
No override config found
root@docker-ce-ubuntu-2gb-nbg1-1:~/mailcow-dockerized#

I forgot to mention, that I have installed, had the problem, wiped everything including rm -rf mailcow-dockerized and restarted 3-4 times with no headway.

I did try manually setting the SQL password, and that failed as well. So I turned here hoping there is an easier fix than me digging for hours.

Thanks in advance again for any feedback or thoughts.

I forgot to mention, that I have installed, had the problem, wiped everything including rm -rf mailcow-dockerized and restarted 3-4 times with no headway.

I did try manually setting the SQL password, and that failed as well. So I turned here hoping there is an easier fix than me digging for hours.

Thanks in advance again for any feedback or thoughts.

esackbauer · 29 Jan

Ray I also have other Dockers on the machine

Thats not recommended, as you might run into docker dependency issues, or docker network issues coming from the use of SElinux, ufw or firewalld.
Prepare your system - mailcow: dockerized documentation

docs.mailcow.email

Prepare your system - mailcow: dockerized documentation

None

Also make sure umask is properly set and everything is set up as root!
Install mailcow - mailcow: dockerized documentation

docs.mailcow.email

Install mailcow - mailcow: dockerized documentation

None

Try to be as close to the documentation as possible, and start at the very beginning.
Also check the logs!

Ray · 29 Jan

When you say that’s not recommended, which part? Is a dedicated docker instance required for mailcow? The documents state using it behind a reverse proxy, so I assume not the nginx part. (That portion works, it’s only SQL that seems to be failing with the password.). The umask is 0022, and the firewall is only the one from Hetzner.

Other than the other docker images installed, the setup was followed line by line, copied and pasted as per the two links you put in. That’s how come I included the logs. the only error I’m getting is Access Denied when trying to connect to SQL. It can hit port 3306 from the other containers, but can’t log in, with or without a password.

Ray · 30 Jan

Resolved by manually setting the password in the container rather than through the install.

I was hoping someone ran into this before, but since not, I just did the work around.

esackbauer · 30 Jan

Ray When you say that’s not recommended, which part? Is a dedicated docker instance required for mailcow?

A dedicated VM for mailcow is recommended, not required. It makes troubleshooting a lot easier, especially if there are network related topics. the docker iptables chains are heavily modified by mailcow.

It is still strange that you got this error, for most it is working out of the box on a officially supported platform, so this is why I think the problems stems from your existing docker installation.
However you could search the github issues, if there was a similar problem, or create a new one and the devs will have a look at it.