From da1bcd0551f8f01c9bb64a2b979765dbc289b603 Mon Sep 17 00:00:00 2001
From: Brad <b@fltr.ch>
Date: Sat, 22 Apr 2017 14:14:56 +0100
Subject: [PATCH 1/4] Include instructions for Portainer

---
 docs/u_and_e.md | 55 +++++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 55 insertions(+)

diff --git a/docs/u_and_e.md b/docs/u_and_e.md
index 3f52b05e..03c8bab9 100644
--- a/docs/u_and_e.md
+++ b/docs/u_and_e.md
@@ -465,6 +465,61 @@ For Firefox you will need to install the "U2F Support Add-on" as provided on [mo
 
 U2F works without an internet connection.
 
+## Portainer
+
+In order to enable Portainer, the docker-compose.yml and site.conf for nginx must be modified.
+
+1\. docker-compose.yml: Insert this block for portainer
+```
+    portainer-mailcow:
+      image: portainer/portainer
+      volumes:
+        - /var/run/docker.sock:/var/run/docker.sock
+      restart: always
+      dns:
+        - 172.22.1.254
+      dns_search: mailcow-network
+      networks:
+        mailcow-network:
+          aliases:
+            - portainer
+```
+2a\. data/conf/nginx/site.conf: Just beneath the opening line, at the same level as a server { block, add this:
+```
+upstream portainer {
+  server portainer-mailcow:9000;
+}
+
+map $http_upgrade $connection_upgrade {
+  default upgrade;
+  '' close;
+}
+```
+
+2b\. data/conf/nginx/site.conf: Then, inside **both** (ssl and plain) server blocks, add this:
+```
+  location /portainer/ {
+    proxy_http_version 1.1;
+    proxy_set_header Host              $http_host;   # required for docker client's sake
+    proxy_set_header X-Real-IP         $remote_addr; # pass on real client's IP
+    proxy_set_header X-Forwarded-For   $proxy_add_x_forwarded_for;
+    proxy_set_header X-Forwarded-Proto $scheme;
+    proxy_read_timeout                 900;
+
+    proxy_set_header Connection "";
+    proxy_buffers 32 4k;
+    proxy_pass http://portainer/;   }
+
+  location /portainer/api/websocket/ {
+    proxy_http_version 1.1;
+    proxy_set_header Upgrade $http_upgrade;
+    proxy_set_header Connection $connection_upgrade;
+    proxy_pass http://portainer/api/websocket/;
+  }
+```
+
+Now you can simply navigate to https://${MAILCOW_HOSTNAME}/portainer/ to view your Portainer container monitoring page. You’ll then be prompted to specify a new password for the **admin** account. After specifying your password, you’ll then be able to connect to the Portainer UI.
+
 ## Why Bind?
 
 For DNS blacklist lookups and DNSSEC.

From e9af97781a99ce338fae366f8464c2c149143f5d Mon Sep 17 00:00:00 2001
From: Brad <b@fltr.ch>
Date: Sun, 23 Apr 2017 10:10:02 +0100
Subject: [PATCH 2/4] Update u_and_e.md

just formatting of {}
---
 docs/u_and_e.md | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/docs/u_and_e.md b/docs/u_and_e.md
index 03c8bab9..c80f0618 100644
--- a/docs/u_and_e.md
+++ b/docs/u_and_e.md
@@ -508,7 +508,8 @@ map $http_upgrade $connection_upgrade {
 
     proxy_set_header Connection "";
     proxy_buffers 32 4k;
-    proxy_pass http://portainer/;   }
+    proxy_pass http://portainer/;
+  }
 
   location /portainer/api/websocket/ {
     proxy_http_version 1.1;

From 81e86d802ed4099a0fd96c54b355070c2491031f Mon Sep 17 00:00:00 2001
From: Joel Howard <joel@paradoxalbyte.com>
Date: Mon, 24 Apr 2017 03:26:33 +1000
Subject: [PATCH 3/4] Update first_steps.md

Revision to step two, as just restarting does not apply the changes in `mailcow.conf`.
---
 docs/first_steps.md | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/docs/first_steps.md b/docs/first_steps.md
index ab7876dc..fa563a2f 100644
--- a/docs/first_steps.md
+++ b/docs/first_steps.md
@@ -17,9 +17,9 @@ This is just an example of how to obtain certificates with certbot. There are se
 wget https://dl.eff.org/certbot-auto -O /usr/local/sbin/certbot && chmod +x /usr/local/sbin/certbot
 ```
 
-2\. Make sure you set `HTTP_BIND=0.0.0.0` and `HTTP_PORT=80` in `mailcow.conf` or setup a reverse proxy to enable connections to port 80. If you changed HTTP_BIND, then restart Nginx:
+2\. Make sure you set `HTTP_BIND=0.0.0.0` and `HTTP_PORT=80` in `mailcow.conf` or setup a reverse proxy to enable connections to port 80. If you changed HTTP_BIND, then rebuild Nginx:
 ``` bash
-docker-compose restart nginx-mailcow
+docker-compose up -d
 ```
 
 3\. Request the certificate with the webroot method:

From c2fe6ee9475380bf16d4067fc493c4abe094b87a Mon Sep 17 00:00:00 2001
From: Joel Howard <joel@paradoxalbyte.com>
Date: Mon, 24 Apr 2017 03:34:21 +1000
Subject: [PATCH 4/4] Update first_steps.md

Yet another revision, adding a warning to step three.
---
 docs/first_steps.md | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/docs/first_steps.md b/docs/first_steps.md
index fa563a2f..24448b53 100644
--- a/docs/first_steps.md
+++ b/docs/first_steps.md
@@ -35,6 +35,8 @@ certbot certonly \
     --email you@example.org \
     --agree-tos
 ```
+
+**Remember to replace the example.org domain with your own domain, this command will not work if you dont.**
     
 4\. Create hard links to the full path of the new certificates. Assuming you are still in the mailcow root folder:
 ``` bash