Gnous/mailcow
2
0
Fork 0
Code Issues Pull Requests 1 Packages Projects Releases Wiki Activity

Fix Nginx proxy pass

Browse Source
This commit is contained in:
andryyy 2017-03-07 21:44:51 +01:00
parent ef3861d448
commit 7ca0d96bf6
1 changed files with 8 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

16
docs/first_steps.md
View File

@ -13,17 +13,17 @@ mailcow uses 3 domain names that should be covered by your new certificate:
This is just an example of how to obtain certificates with certbot. There are several methods! This is just an example of how to obtain certificates with certbot. There are several methods!
1\. Get the certbot client: 1\. Get the certbot client:
``` ``` bash
wget https://dl.eff.org/certbot-auto -O /usr/local/sbin/certbot && chmod +x /usr/local/sbin/certbot wget https://dl.eff.org/certbot-auto -O /usr/local/sbin/certbot && chmod +x /usr/local/sbin/certbot
``` ```
2\. Make sure you set `HTTP_BIND=0.0.0.0` in `mailcow.conf` or setup a reverse proxy to enable connections to port 80. If you changed HTTP_BIND, then restart Nginx: 2\. Make sure you set `HTTP_BIND=0.0.0.0` in `mailcow.conf` or setup a reverse proxy to enable connections to port 80. If you changed HTTP_BIND, then restart Nginx:
``` ``` bash
docker-compose restart nginx-mailcow docker-compose restart nginx-mailcow
``` ```
3\. Request the certificate with the webroot method: 3\. Request the certificate with the webroot method:
``` ``` bash
cd /path/to/git/clone/mailcow-dockerized cd /path/to/git/clone/mailcow-dockerized
source mailcow.conf source mailcow.conf
certbot certonly \ certbot certonly \
@ -37,7 +37,7 @@ certbot certonly \
``` ```
4\. Create hard links to the full path of the new certificates. Assuming you are still in the mailcow root folder: 4\. Create hard links to the full path of the new certificates. Assuming you are still in the mailcow root folder:
``` ``` bash
mv data/assets/ssl/cert.{pem,pem.backup} mv data/assets/ssl/cert.{pem,pem.backup}
mv data/assets/ssl/key.{pem,pem.backup} mv data/assets/ssl/key.{pem,pem.backup}
ln $(readlink -f /etc/letsencrypt/live/${MAILCOW_HOSTNAME}/fullchain.pem) data/assets/ssl/cert.pem ln $(readlink -f /etc/letsencrypt/live/${MAILCOW_HOSTNAME}/fullchain.pem) data/assets/ssl/cert.pem
@ -77,7 +77,7 @@ You don't need to change the Nginx site that comes with mailcow: dockerized.
mailcow: dockerized trusts the default gateway IP 172.22.1.1 as proxy. This is very important to control access to Rspamd's web UI. mailcow: dockerized trusts the default gateway IP 172.22.1.1 as proxy. This is very important to control access to Rspamd's web UI.
1\. Make sure you change HTTP_BIND and HTTPS_BIND in `mailcow.conf` to a local address and set the ports accordingly, for example: 1\. Make sure you change HTTP_BIND and HTTPS_BIND in `mailcow.conf` to a local address and set the ports accordingly, for example:
``` ``` bash
HTTP_BIND=127.0.0.1 HTTP_BIND=127.0.0.1
HTTP_PORT=8080 HTTP_PORT=8080
HTTPS_PORT=127.0.0.1 HTTPS_PORT=127.0.0.1
@ -89,7 +89,7 @@ Recreate affected containers by running `docker-compose up -d`.
2\. Configure your local webserver as reverse proxy: 2\. Configure your local webserver as reverse proxy:
### Apache 2.4 ### Apache 2.4
``` ``` apache
<VirtualHost *:443> <VirtualHost *:443>
ServerName mail.example.org ServerName mail.example.org
ServerAlias autodiscover.example.org ServerAlias autodiscover.example.org
@ -123,8 +123,8 @@ server {
[...] [...]
your-ssl-configuration-here your-ssl-configuration-here
location / { location / {
proxy_pass http://127.0.0.1:8080; proxy_pass http://127.0.0.1:8080/;
proxy_set_header Host $host; proxy_redirect http://127.0.0.1:8080/ $scheme://$host:$server_port/;
proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme; proxy_set_header X-Forwarded-Proto $scheme;