Gnous/mailcow
2
0
Fork 0
Code Issues Pull Requests 1 Packages Projects Releases Wiki Activity

Fix docs

Browse Source
This commit is contained in:
andryyy 2017-03-02 21:43:08 +01:00
parent 1a518c545f
commit 58806d12ea
3 changed files with 117 additions and 103 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

103
docs/first_steps.md
View File

@ -5,25 +5,27 @@ mailcow dockerized comes with a snakeoil CA "mailcow" and a server certificate i
mailcow uses 3 domain names that should be covered by your new certificate: mailcow uses 3 domain names that should be covered by your new certificate:
- ${MAILCOW_HOSTNAME} - ${MAILCOW_HOSTNAME}
- autodiscover.*example.org* - autodiscover.**example.org**
- autoconfig.*example.org* - autoconfig.**example.org**
**Obtain multi-SAN certificate by Let's Encrypt** **Obtain multi-SAN certificate by Let's Encrypt**
This is just an example of how to obtain certificates with certbot. There are several methods! This is just an example of how to obtain certificates with certbot. There are several methods!
1. Get the certbot client: 1. Get the certbot client:
```
wget https://dl.eff.org/certbot-auto -O /usr/local/sbin/certbot && chmod +x /usr/local/sbin/certbot ```
``` wget https://dl.eff.org/certbot-auto -O /usr/local/sbin/certbot && chmod +x /usr/local/sbin/certbot
```
2. Make sure you set `HTTP_BIND=0.0.0.0` in `mailcow.conf` or setup a reverse proxy to enable connections to port 80. If you changed HTTP_BIND, then restart Nginx: `docker-compose restart nginx-mailcow`. 2. Make sure you set `HTTP_BIND=0.0.0.0` in `mailcow.conf` or setup a reverse proxy to enable connections to port 80. If you changed HTTP_BIND, then restart Nginx: `docker-compose restart nginx-mailcow`.
3. Request the certificate with the webroot method: 3. Request the certificate with the webroot method:
``` ```
cd /path/to/git/clone/mailcow-dockerized cd /path/to/git/clone/mailcow-dockerized
source mailcow.conf source mailcow.conf
certbot certonly \ certbot certonly \
--webroot \ --webroot \
-w ${PWD}/data/web \ -w ${PWD}/data/web \
-d ${MAILCOW_HOSTNAME} \ -d ${MAILCOW_HOSTNAME} \
@ -31,20 +33,22 @@ certbot certonly \
-d autoconfig.example.org \ -d autoconfig.example.org \
--email you@example.org \ --email you@example.org \
--agree-tos --agree-tos
``` ```
4. Create hard links to the full path of the new certificates. Assuming you are still in the mailcow root folder: 4. Create hard links to the full path of the new certificates. Assuming you are still in the mailcow root folder:
```
mv data/assets/ssl/cert.{pem,pem.backup} ```
mv data/assets/ssl/key.{pem,pem.backup} mv data/assets/ssl/cert.{pem,pem.backup}
ln $(readlink -f /etc/letsencrypt/live/${MAILCOW_HOSTNAME}/fullchain.pem) data/assets/ssl/cert.pem mv data/assets/ssl/key.{pem,pem.backup}
ln $(readlink -f /etc/letsencrypt/live/${MAILCOW_HOSTNAME}/privkey.pem) data/assets/ssl/key.pem ln $(readlink -f /etc/letsencrypt/live/${MAILCOW_HOSTNAME}/fullchain.pem) data/assets/ssl/cert.pem
``` ln $(readlink -f /etc/letsencrypt/live/${MAILCOW_HOSTNAME}/privkey.pem) data/assets/ssl/key.pem
```
5. Restart affected containers: 5. Restart affected containers:
```
docker-compose restart postfix-mailcow dovecot-mailcow nginx-mailcow ```
``` docker-compose restart postfix-mailcow dovecot-mailcow nginx-mailcow
```
When renewing certificates, run the last two steps (link + restart) as post-hook in a script. When renewing certificates, run the last two steps (link + restart) as post-hook in a script.
@ -52,18 +56,22 @@ When renewing certificates, run the last two steps (link + restart) as post-hook
At first you may want to setup Rspamds web interface which provides some useful features and information. At first you may want to setup Rspamds web interface which provides some useful features and information.
1. Generate a Rspamd controller password hash: 1. Generate a Rspamd controller password hash:
```
docker-compose exec rspamd-mailcow rspamadm pw ```
``` docker-compose exec rspamd-mailcow rspamadm pw
```
2. Replace the default hash in `data/conf/rspamd/override.d/worker-controller.inc` by your newly generated: 2. Replace the default hash in `data/conf/rspamd/override.d/worker-controller.inc` by your newly generated:
```
enable_password = "myhash"; ```
``` enable_password = "myhash";
```
3. Restart rspamd: 3. Restart rspamd:
``` ```
docker-compose restart rspamd-mailcow docker-compose restart rspamd-mailcow
``` ```
Open https://${MAILCOW_HOSTNAME}/rspamd in a browser and login! Open https://${MAILCOW_HOSTNAME}/rspamd in a browser and login!
@ -72,21 +80,22 @@ Open https://${MAILCOW_HOSTNAME}/rspamd in a browser and login!
You don't need to change the Nginx site that comes with mailcow: dockerized. You don't need to change the Nginx site that comes with mailcow: dockerized.
mailcow: dockerized trusts the default gateway IP 172.22.1.1 as proxy. This is very important to control access to Rspamd's web UI. mailcow: dockerized trusts the default gateway IP 172.22.1.1 as proxy. This is very important to control access to Rspamd's web UI.
Make sure you change HTTP_BIND and HTTPS_BIND in `mailcow.conf` to a local address and set the ports accordingly, for example: 1. Make sure you change HTTP_BIND and HTTPS_BIND in `mailcow.conf` to a local address and set the ports accordingly, for example:
```
HTTP_BIND=127.0.0.1
HTTP_PORT=8080
HTTPS_PORT=127.0.0.1
HTTPS_PORT=8443
```
Recreate affected containers by running `docker-compose up -d`. ```
HTTP_BIND=127.0.0.1
HTTP_PORT=8080
HTTPS_PORT=127.0.0.1
HTTPS_PORT=8443
```
Configure your local webserver as reverse proxy: Recreate affected containers by running `docker-compose up -d`.
**Apache 2.4** 2. Configure your local webserver as reverse proxy:
```
<VirtualHost *:443> **Apache 2.4**
```
<VirtualHost *:443>
ServerName mail.example.org ServerName mail.example.org
ServerAlias autodiscover.example.org ServerAlias autodiscover.example.org
ServerAlias autoconfig.example.org ServerAlias autoconfig.example.org
@ -107,12 +116,12 @@ Configure your local webserver as reverse proxy:
#SSLProxyCheckPeerCN off #SSLProxyCheckPeerCN off
#SSLProxyCheckPeerName off #SSLProxyCheckPeerName off
#SSLProxyCheckPeerExpire off #SSLProxyCheckPeerExpire off
</VirtualHost> </VirtualHost>
``` ```
**Nginx** **Nginx**
``` ```
server { server {
listen 443; listen 443;
server_name mail.example.org autodiscover.example.org autoconfig.example.org; server_name mail.example.org autodiscover.example.org autoconfig.example.org;
@ -126,6 +135,6 @@ server {
proxy_set_header X-Forwarded-Proto $scheme; proxy_set_header X-Forwarded-Proto $scheme;
} }
[...] [...]
} }
``` ```

33
docs/install.md
View File

@ -2,33 +2,38 @@
1. You need Docker. 1. You need Docker.
Most systems can install Docker by running `wget -qO- https://get.docker.com/ | sh`. Most systems can install Docker by running `wget -qO- https://get.docker.com/ | sh`.
2. You need Docker Compose 2. You need Docker Compose
Learn [how to install Docker Compose](https://docs.docker.com/compose/install/).
Learn [how to install Docker Compose](https://docs.docker.com/compose/install/).
3. Clone the master branch of the repository 3. Clone the master branch of the repository
```
git clone https://github.com/andryyy/mailcow-dockerized && cd mailcow-dockerized ```
``` git clone https://github.com/andryyy/mailcow-dockerized && cd mailcow-dockerized
```
4. Generate a configuration file. Use a FQDN (`host.domain.tld`) as hostname when asked. 4. Generate a configuration file. Use a FQDN (`host.domain.tld`) as hostname when asked.
```
./generate_config.sh ```
``` ./generate_config.sh
```
5. Change configuration if you want or need to. 5. Change configuration if you want or need to.
```
nano mailcow.conf ```
``` nano mailcow.conf
```
If you plan to use a reverse proxy, you can, for example, bind HTTPS to 127.0.0.1 on port 8443 and HTTP to 127.0.0.1 on port 8080. If you plan to use a reverse proxy, you can, for example, bind HTTPS to 127.0.0.1 on port 8443 and HTTP to 127.0.0.1 on port 8080.
6. Run the composer file. 6. Run the composer file.
```
docker-compose up -d ```
``` docker-compose up -d
```
Done! Done!

10
docs/u_and_e.md
View File

@ -265,12 +265,12 @@ Reset mailcow admin to `admin:moohoo`:
1. Drop admin table 1. Drop admin table
``` ```
source mailcow.conf source mailcow.conf
docker-compose exec mysql-mailcow mysql -u${DBUSER} -p${DBPASS} ${DBNAME} -e "DROP TABLE admin;" docker-compose exec mysql-mailcow mysql -u${DBUSER} -p${DBPASS} ${DBNAME} -e "DROP TABLE admin;"
``` ```
2. Open mailcow UI to auto-init the db 2. Open mailcow UI to auto-init the db
# Rspamd # Rspamd