I'd like to be able to restrict access to the MailCow UI, using an external firewall. The simplest way to do that is have the UI bound to a unique port. When I need to access it, I can unblock it with my current IP, but it otherwise remains blocked. For SOGo webmail to continue to be accessible to everyone else though, I need to separate the two. Ideally, I'm aiming for this: - **mail**.mydomain.com:**8443** = MailCow UI, firewalled - **webmail**.mydomain.com:**443** = SoGo webmail Currently the default is: mail.mydomain.com/webmail.mydomain.com:443 = MailCow UI with /SoGo then pointing to WebMail. This exposes my admin UI to the web and presents an extra step (and perhaps confusion) to users wanting to access webmail. I know this is quite achievable with Nginx, but I'm new to Docker and can't work out where to go to change the current config. I've been through the conf files in /data/conf/nginx/ , but they point to locations I can't seem to get to (Docker?).

MailCow UI on a separate web port to SOGo

Bink

I’d like to be able to restrict access to the MailCow UI, using an external firewall. The simplest way to do that is have the UI bound to a unique port. When I need to access it, I can unblock it with my current IP, but it otherwise remains blocked.

For SOGo webmail to continue to be accessible to everyone else though, I need to separate the two.

Ideally, I’m aiming for this:

mail.mydomain.com:8443 = MailCow UI, firewalled
webmail.mydomain.com:443 = SoGo webmail

Currently the default is:
mail.mydomain.com/webmail.mydomain.com:443 = MailCow UI
with /SoGo then pointing to WebMail.

This exposes my admin UI to the web and presents an extra step (and perhaps confusion) to users wanting to access webmail.

I know this is quite achievable with Nginx, but I’m new to Docker and can’t work out where to go to change the current config.

I’ve been through the conf files in /data/conf/nginx/ , but they point to locations I can’t seem to get to (Docker?).

diekuh

The UI is for clients as well, it is meant to be the first page to be seen. So no. No support for that. You can probably hack around a bit and get it working as you like.