This commit is contained in:
andryyy 2017-03-02 21:43:08 +01:00
parent 1a518c545f
commit 58806d12ea
3 changed files with 117 additions and 103 deletions

View File

@ -5,17 +5,19 @@ mailcow dockerized comes with a snakeoil CA "mailcow" and a server certificate i
mailcow uses 3 domain names that should be covered by your new certificate:
- ${MAILCOW_HOSTNAME}
- autodiscover.*example.org*
- autoconfig.*example.org*
- autodiscover.**example.org**
- autoconfig.**example.org**
**Obtain multi-SAN certificate by Let's Encrypt**
This is just an example of how to obtain certificates with certbot. There are several methods!
1. Get the certbot client:
```
wget https://dl.eff.org/certbot-auto -O /usr/local/sbin/certbot && chmod +x /usr/local/sbin/certbot
```
2. Make sure you set `HTTP_BIND=0.0.0.0` in `mailcow.conf` or setup a reverse proxy to enable connections to port 80. If you changed HTTP_BIND, then restart Nginx: `docker-compose restart nginx-mailcow`.
3. Request the certificate with the webroot method:
@ -34,6 +36,7 @@ certbot certonly \
```
4. Create hard links to the full path of the new certificates. Assuming you are still in the mailcow root folder:
```
mv data/assets/ssl/cert.{pem,pem.backup}
mv data/assets/ssl/key.{pem,pem.backup}
@ -42,6 +45,7 @@ ln $(readlink -f /etc/letsencrypt/live/${MAILCOW_HOSTNAME}/privkey.pem) data/ass
```
5. Restart affected containers:
```
docker-compose restart postfix-mailcow dovecot-mailcow nginx-mailcow
```
@ -52,13 +56,17 @@ When renewing certificates, run the last two steps (link + restart) as post-hook
At first you may want to setup Rspamds web interface which provides some useful features and information.
1. Generate a Rspamd controller password hash:
```
docker-compose exec rspamd-mailcow rspamadm pw
```
2. Replace the default hash in `data/conf/rspamd/override.d/worker-controller.inc` by your newly generated:
```
enable_password = "myhash";
```
3. Restart rspamd:
```
@ -72,7 +80,8 @@ Open https://${MAILCOW_HOSTNAME}/rspamd in a browser and login!
You don't need to change the Nginx site that comes with mailcow: dockerized.
mailcow: dockerized trusts the default gateway IP 172.22.1.1 as proxy. This is very important to control access to Rspamd's web UI.
Make sure you change HTTP_BIND and HTTPS_BIND in `mailcow.conf` to a local address and set the ports accordingly, for example:
1. Make sure you change HTTP_BIND and HTTPS_BIND in `mailcow.conf` to a local address and set the ports accordingly, for example:
```
HTTP_BIND=127.0.0.1
HTTP_PORT=8080
@ -82,7 +91,7 @@ HTTPS_PORT=8443
Recreate affected containers by running `docker-compose up -d`.
Configure your local webserver as reverse proxy:
2. Configure your local webserver as reverse proxy:
**Apache 2.4**
```

View File

@ -5,20 +5,24 @@
Most systems can install Docker by running `wget -qO- https://get.docker.com/ | sh`.
2. You need Docker Compose
Learn [how to install Docker Compose](https://docs.docker.com/compose/install/).
3. Clone the master branch of the repository
```
git clone https://github.com/andryyy/mailcow-dockerized && cd mailcow-dockerized
```
4. Generate a configuration file. Use a FQDN (`host.domain.tld`) as hostname when asked.
```
./generate_config.sh
```
5. Change configuration if you want or need to.
```
nano mailcow.conf
```
@ -26,6 +30,7 @@ nano mailcow.conf
If you plan to use a reverse proxy, you can, for example, bind HTTPS to 127.0.0.1 on port 8443 and HTTP to 127.0.0.1 on port 8080.
6. Run the composer file.
```
docker-compose up -d
```