ProxMailcow/README.md

ProxMailcow — Proxmox + Nginx Proxy Manager + Mailcow

Full mail server stack for web.orbishosting.com hosted on Proxmox at 10.48.200.90.

Infrastructure Overview

Service	VM ID	Hostname	LAN IP	Role
Nginx Proxy Manager	200	npm.web.orbishosting.com	10.48.200.80	Reverse proxy, SSL termination
Mailcow	201	mail.web.orbishosting.com	10.48.200.82	Full mail server

External IP: 97.176.15.26
Domain: web.orbishosting.com
Gateway: 10.48.200.1 (FortiGate)
FusionPBX (do not disturb): orbisne.fortiddns.com — existing SIP rules left untouched

---

Quick Start Order

1. Configure DNS records         → docs/dns-records.md
2. Run Proxmox VM scripts        → proxmox/
3. Wait for VMs to boot (~5 min)
4. Configure NPM proxy hosts     → nginx-proxy-manager/
5. Configure FortiGate           → docs/fortigate-changes.md (REVIEW BEFORE APPLYING)
6. Set up Mailcow domains/users  → mailcow/

---

Default Credentials (Change Immediately!)

Service	URL	Username	Password
NPM Admin	http://10.48.200.80:81	admin@example.com	changeme
Mailcow Admin	https://mail.web.orbishosting.com	admin	moohoo
NPM VM SSH	10.48.200.80	ubuntu	mailstack2024!
Mailcow VM SSH	10.48.200.82	ubuntu	mailstack2024!

---

Architecture

Internet
   │
   ▼
FortiGate (97.176.15.26 / 10.48.200.1)
   │
   ├── Port 80, 443 ──────────────► NPM VM (10.48.200.80)
   │                                  │
   │                                  └── Proxies ──► Mailcow web UI (10.48.200.82:8080)
   │
   ├── Port 25, 465, 587 ─────────► Mailcow VM (10.48.200.82)
   └── Port 143, 993, 110, 995 ──► Mailcow VM (10.48.200.82)

SSL flow:

• NPM obtains Let's Encrypt cert for mail.web.orbishosting.com (web UI)
• Mailcow's internal ACME obtains its own cert via HTTP-01 challenge forwarded through NPM
• Mailcow uses its cert for all mail protocols (SMTP/IMAP/POP3)