Installing dockerized Mailcow with custom ssl certificates
1. Follow official instructions
- Prepare system.
- Clone Mailcow repository.
- Run
generate_config.sh.
2. Use custom certificates (ref)
Generate SSL certificates manually e.g. using Certbot
Create docker-compose.override.yml file as follows:
version: '2.1'
services:
dovecot-mailcow:
volumes:
- ./data/assets/ssl:/etc/ssl/mail/:rw
- /mycerts/fullchain.pem:/etc/ssl/mail/cert.pem:ro
- /mycerts/privkey.pem:/etc/ssl/mail/key.pem:ro
#- /opt/data/nginx/certs/dhparam.pem:/etc/ssl/mail/dhparams.pem:ro
postfix-mailcow:
volumes:
- ./data/assets/ssl:/etc/ssl/mail/:rw
- /mycerts/fullchain.pem:/etc/ssl/mail/cert.pem:ro
- /mycerts/privkey.pem:/etc/ssl/mail/key.pem:ro
nginx-mailcow:
volumes:
- ./data/assets/ssl:/etc/ssl/mail/:rw
- /mycerts/fullchain.pem:/etc/ssl/mail/cert.pem:ro
- /mycerts/privkey.pem:/etc/ssl/mail/key.pem:ro
Replace /mycerts/ with the directory where the certificates e.g.:
/etc/letsencrypt/archive/...- Caddy:
/var/lib/caddy/.local/share/caddy/certificates/...
Now, disable ACME. In mailcow.conf, set
```
SKIP_LETS_ENCRYPT=y
```
3. Nginx Proxy Manager
-
Change ports in
mailcow.conf, e.g.HTTP_PORT=8080 HTTP_BIND=127.0.0.1 -
If using Nginx Proxy Manager without
network_mode: host, then we need to addnginx-mailcowto the network. In this case, we add the following to thedocker-compose.override.ymlabove:services: nginx-mailcow: networks: - frontend networks: frontend: external: true
Change the network frontend accordingly.
-
We also have to increase Nginx buffer size for the web interface to work correctly (ref). Add the following to the Nginx reverse proxy config:
proxy_buffer_size 128k; proxy_buffers 64 512k; proxy_busy_buffers_size 512k;