# Nginx Proxy Manager — Proxy Host Configuration After NPM is running, configure it via the web UI at **http://10.48.200.80:81** Default login: `admin@example.com` / `changeme` — **change immediately** --- ## Proxy Host 1: Mailcow Web UI (HTTPS) Go to: **Hosts → Proxy Hosts → Add Proxy Host** ### Details Tab | Field | Value | |-------|-------| | Domain Names | `mail.web.orbishosting.com` | | Scheme | `http` | | Forward Hostname / IP | `10.48.200.82` | | Forward Port | `8080` | | Cache Assets | Off | | Block Common Exploits | On | | Websockets Support | **On** (required for Mailcow) | ### SSL Tab | Field | Value | |-------|-------| | SSL Certificate | Request a new SSL Certificate | | Force SSL | On | | HTTP/2 Support | On | | HSTS Enabled | On | | Let's Encrypt Email | postmaster@web.orbishosting.com | | I Agree to ToS | Checked | Click **Save** — NPM will automatically get a Let's Encrypt certificate. --- ## Proxy Host 2: NPM Admin UI (Optional — for remote management) If you want to access the NPM admin panel via your domain: ### Details Tab | Field | Value | |-------|-------| | Domain Names | `npm.web.orbishosting.com` | | Scheme | `http` | | Forward Hostname / IP | `127.0.0.1` | | Forward Port | `81` | | Block Common Exploits | On | ### SSL Tab | Field | Value | |-------|-------| | SSL Certificate | Request a new SSL Certificate | | Force SSL | On | | Let's Encrypt Email | postmaster@web.orbishosting.com | --- ## Proxy Host 3: Redirect www → root domain (Optional) ### Details Tab | Field | Value | |-------|-------| | Domain Names | `www.web.orbishosting.com` | | Scheme | `https` | | Forward Hostname / IP | `web.orbishosting.com` | | Forward Port | `443` | --- ## Enable Mailcow's Own ACME (for mail protocol SSL) After NPM proxy is working for `mail.web.orbishosting.com`, SSH into the Mailcow VM and enable its own Let's Encrypt: ```bash ssh ubuntu@10.48.200.82 # Edit mailcow.conf sudo nano /opt/mailcow-dockerized/mailcow.conf # Ensure these settings: # SKIP_LETS_ENCRYPT=n ← Mailcow will get its own cert via HTTP challenge # HTTP_PORT=8080 ← NPM forwards port 80 → this port # HTTPS_PORT=8443 # HTTPS_BIND=127.0.0.1 # Restart acme container cd /opt/mailcow-dockerized sudo docker compose restart acme-mailcow # Watch the ACME container get the cert sudo docker compose logs -f acme-mailcow ``` The ACME challenge goes: `Let's Encrypt → port 80 → FortiGate → NPM → port 8080 on Mailcow → acme responds` Once Mailcow's ACME succeeds, it will automatically use that cert for Postfix/Dovecot. --- ## Verify Everything Works ```bash # From outside your network or use mxtoolbox.com: # Test HTTPS web UI curl -I https://mail.web.orbishosting.com # Test SMTP banner telnet 97.176.15.26 25 # Test IMAP openssl s_client -connect 97.176.15.26:993 # Test SMTP with TLS openssl s_client -starttls smtp -connect 97.176.15.26:587 ```