First, a big thanks to all devs and contributors to this magnificent project. It sure is fun to work with mailcow. I just stumbled across this project a few days ago and decided to give it a try. I’m not a pro, let alone a Linux guru, so I had various issues with certs and Nginx reverse proxy. I managed to solve all of the problems and ended up with a working instance of a mailcow dockerized behind an Nginx reverse proxy, eventually.
Because of all the config involved in setting up Nginx and Let’sencrypt (yes, I’m lazy…), I decided to try Caddy server as a reverse proxy, which I discovered recently. I remembered from my other projects, it was simple to install and it worked out-of-the-box. Caddy has reverse proxy included, HTTPS by default, automatic certs, and renewals. No fuss, almost no config 🙂
I got a 2 core, 4GB RAM Ubuntu 20.04 cloud server at Hetzner (aff. link), for a test. Apart from setting up the Caddy server, I followed the manuals in everything else in detail: prerequisites, setting up docker and docker-compose, open ports and DNS settings.
Instead of using acme-mailcow to handle the certs, I turned that option off in mailcow.conf. I added an additional server name (my.mail-domain.tld), with which I wanted to access my mailcow host (my.mailcow-host.tld), also. Then I changed HTTP and HTTPS ports and bindings. Here are all the changes I made to the mailcow.conf:
docker-compose pull and
docker-compose up -d I installed Caddy server like this:
echo "deb [trusted=yes] https://apt.fury.io/caddy/ /" | sudo tee -a /etc/apt/sources.list.d/caddy-fury.list
sudo apt update
sudo apt install caddy libnss3-tools
With Caddy installed I needed to config it as a reverse proxy. To do this I commented everything out in its config file located at /etc/caddy/Caddyfile and added the following:
I had to reload Caddy afterward with
caddy reload in /etc/caddy .
That was it! I just waited a minute or so for Caddy to generate certs. After a short wait, I headed to my.mailcow-host.tld and was presented with a secure, valid Let’s encrypt protected mailcow login! The same was true for my.mail-domain.tld.
After initial config and adding a mail-box for a email@example.com I can confirm everything just works! I got myself a working Mailcow-dockerized instance behind Caddy server reverse proxy with automatic Let’s encrypt. All this with almost no config and no hassle. Of course, none of this would be possible without a wonderful team behind Mailcow - Thank You again!
This was a test setup. I’m planning to go to production in a few weeks.
For this setup to work and for a Caddy server to be able to issue certs, all DNS records must be correct and must already propagate before the setup.
The link to Hetzner is an affiliate link. It will get you 20€ in cloud credits if you decided to go with them. And I’d receive a small commission 🙂. To admins: remove if inappropriate.