Files
ProxMailcow/nginx-proxy-manager/npm-proxy-setup.md
T
myron b60db8a0d0 Initial infrastructure: NPM + Mailcow on Proxmox
- VM 200: Nginx Proxy Manager (10.48.200.80)
- VM 201: Mailcow email server (10.48.200.82)
- Cloud-init automation for both VMs
- FortiGate VIP/policy documentation
- DNS records for web.orbishosting.com
- NPM proxy host setup guide
- Mailcow post-install checklist
- Cert sync script (NPM → Mailcow)

External IP: 97.176.15.26
2026-04-23 04:37:56 +00:00

120 lines
2.9 KiB
Markdown

# Nginx Proxy Manager — Proxy Host Configuration
After NPM is running, configure it via the web UI at **http://10.48.200.80:81**
Default login: `admin@example.com` / `changeme`**change immediately**
---
## Proxy Host 1: Mailcow Web UI (HTTPS)
Go to: **Hosts → Proxy Hosts → Add Proxy Host**
### Details Tab
| Field | Value |
|-------|-------|
| Domain Names | `mail.web.orbishosting.com` |
| Scheme | `http` |
| Forward Hostname / IP | `10.48.200.82` |
| Forward Port | `8080` |
| Cache Assets | Off |
| Block Common Exploits | On |
| Websockets Support | **On** (required for Mailcow) |
### SSL Tab
| Field | Value |
|-------|-------|
| SSL Certificate | Request a new SSL Certificate |
| Force SSL | On |
| HTTP/2 Support | On |
| HSTS Enabled | On |
| Let's Encrypt Email | postmaster@web.orbishosting.com |
| I Agree to ToS | Checked |
Click **Save** — NPM will automatically get a Let's Encrypt certificate.
---
## Proxy Host 2: NPM Admin UI (Optional — for remote management)
If you want to access the NPM admin panel via your domain:
### Details Tab
| Field | Value |
|-------|-------|
| Domain Names | `npm.web.orbishosting.com` |
| Scheme | `http` |
| Forward Hostname / IP | `127.0.0.1` |
| Forward Port | `81` |
| Block Common Exploits | On |
### SSL Tab
| Field | Value |
|-------|-------|
| SSL Certificate | Request a new SSL Certificate |
| Force SSL | On |
| Let's Encrypt Email | postmaster@web.orbishosting.com |
---
## Proxy Host 3: Redirect www → root domain (Optional)
### Details Tab
| Field | Value |
|-------|-------|
| Domain Names | `www.web.orbishosting.com` |
| Scheme | `https` |
| Forward Hostname / IP | `web.orbishosting.com` |
| Forward Port | `443` |
---
## Enable Mailcow's Own ACME (for mail protocol SSL)
After NPM proxy is working for `mail.web.orbishosting.com`, SSH into the Mailcow VM and enable its own Let's Encrypt:
```bash
ssh ubuntu@10.48.200.82
# Edit mailcow.conf
sudo nano /opt/mailcow-dockerized/mailcow.conf
# Ensure these settings:
# SKIP_LETS_ENCRYPT=n ← Mailcow will get its own cert via HTTP challenge
# HTTP_PORT=8080 ← NPM forwards port 80 → this port
# HTTPS_PORT=8443
# HTTPS_BIND=127.0.0.1
# Restart acme container
cd /opt/mailcow-dockerized
sudo docker compose restart acme-mailcow
# Watch the ACME container get the cert
sudo docker compose logs -f acme-mailcow
```
The ACME challenge goes:
`Let's Encrypt → port 80 → FortiGate → NPM → port 8080 on Mailcow → acme responds`
Once Mailcow's ACME succeeds, it will automatically use that cert for Postfix/Dovecot.
---
## Verify Everything Works
```bash
# From outside your network or use mxtoolbox.com:
# Test HTTPS web UI
curl -I https://mail.web.orbishosting.com
# Test SMTP banner
telnet 97.176.15.26 25
# Test IMAP
openssl s_client -connect 97.176.15.26:993
# Test SMTP with TLS
openssl s_client -starttls smtp -connect 97.176.15.26:587
```