paxton
/
mailcow
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Fix Nginx proxy pass

master
andryyy 2017-03-07 21:44:51 +01:00
parent ef3861d448
commit 7ca0d96bf6
1 changed files with 8 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

16
docs/first_steps.md
View File

@ -13,17 +13,17 @@ mailcow uses 3 domain names that should be covered by your new certificate:
This is just an example of how to obtain certificates with certbot. There are several methods!
1\. Get the certbot client:
```
``` bash
wget https://dl.eff.org/certbot-auto -O /usr/local/sbin/certbot && chmod +x /usr/local/sbin/certbot
```
2\. Make sure you set `HTTP_BIND=0.0.0.0` in `mailcow.conf` or setup a reverse proxy to enable connections to port 80. If you changed HTTP_BIND, then restart Nginx:
```
``` bash
docker-compose restart nginx-mailcow
```
3\. Request the certificate with the webroot method:
```
``` bash
cd /path/to/git/clone/mailcow-dockerized
source mailcow.conf
certbot certonly \
@ -37,7 +37,7 @@ certbot certonly \
```
4\. Create hard links to the full path of the new certificates. Assuming you are still in the mailcow root folder:
```
``` bash
mv data/assets/ssl/cert.{pem,pem.backup}
mv data/assets/ssl/key.{pem,pem.backup}
ln $(readlink -f /etc/letsencrypt/live/${MAILCOW_HOSTNAME}/fullchain.pem) data/assets/ssl/cert.pem
@ -77,7 +77,7 @@ You don't need to change the Nginx site that comes with mailcow: dockerized.
mailcow: dockerized trusts the default gateway IP 172.22.1.1 as proxy. This is very important to control access to Rspamd's web UI.
1\. Make sure you change HTTP_BIND and HTTPS_BIND in `mailcow.conf` to a local address and set the ports accordingly, for example:
```
``` bash
HTTP_BIND=127.0.0.1
HTTP_PORT=8080
HTTPS_PORT=127.0.0.1
@ -89,7 +89,7 @@ Recreate affected containers by running `docker-compose up -d`.
2\. Configure your local webserver as reverse proxy:
### Apache 2.4
```
``` apache
<VirtualHost *:443>
ServerName mail.example.org
ServerAlias autodiscover.example.org
@ -123,8 +123,8 @@ server {
[...]
your-ssl-configuration-here
location / {
proxy_pass http://127.0.0.1:8080;
proxy_set_header Host $host;
proxy_pass http://127.0.0.1:8080/;
proxy_redirect http://127.0.0.1:8080/ $scheme://$host:$server_port/;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;