mirror of
https://github.com/myronblair/ProxMailcow
synced 2026-06-30 17:50:40 -05:00
128 lines
3.2 KiB
Markdown
128 lines
3.2 KiB
Markdown
# Nginx Proxy Manager — Proxy Host Configuration
|
|
|
|
Admin UI: **http://10.48.200.80:81** (login: myronblair@outlook.com)
|
|
|
|
## Configured Routing (already set up)
|
|
|
|
| Incoming Domain | Routed To | Notes |
|
|
|-----------------|-----------|-------|
|
|
| `web.orbishosting.com` | → `mail.web.orbishosting.com` | Redirect |
|
|
| `mail.web.orbishosting.com` | `http://10.48.200.82:8080` | Mailcow web UI |
|
|
| `orbisne.fortiddns.com` | `https://10.48.200.96` | FusionPBX web admin |
|
|
|
|
**FusionPBX is at `10.48.200.96`** — SIP phones connect directly on LAN, not through NPM.
|
|
|
|
---
|
|
|
|
## Proxy Host 1: Mailcow Web UI (HTTPS)
|
|
|
|
Go to: **Hosts → Proxy Hosts → Add Proxy Host**
|
|
|
|
### Details Tab
|
|
| Field | Value |
|
|
|-------|-------|
|
|
| Domain Names | `mail.web.orbishosting.com` |
|
|
| Scheme | `http` |
|
|
| Forward Hostname / IP | `10.48.200.82` |
|
|
| Forward Port | `8080` |
|
|
| Cache Assets | Off |
|
|
| Block Common Exploits | On |
|
|
| Websockets Support | **On** (required for Mailcow) |
|
|
|
|
### SSL Tab
|
|
| Field | Value |
|
|
|-------|-------|
|
|
| SSL Certificate | Request a new SSL Certificate |
|
|
| Force SSL | On |
|
|
| HTTP/2 Support | On |
|
|
| HSTS Enabled | On |
|
|
| Let's Encrypt Email | postmaster@web.orbishosting.com |
|
|
| I Agree to ToS | Checked |
|
|
|
|
Click **Save** — NPM will automatically get a Let's Encrypt certificate.
|
|
|
|
---
|
|
|
|
## Proxy Host 2: NPM Admin UI (Optional — for remote management)
|
|
|
|
If you want to access the NPM admin panel via your domain:
|
|
|
|
### Details Tab
|
|
| Field | Value |
|
|
|-------|-------|
|
|
| Domain Names | `npm.web.orbishosting.com` |
|
|
| Scheme | `http` |
|
|
| Forward Hostname / IP | `127.0.0.1` |
|
|
| Forward Port | `81` |
|
|
| Block Common Exploits | On |
|
|
|
|
### SSL Tab
|
|
| Field | Value |
|
|
|-------|-------|
|
|
| SSL Certificate | Request a new SSL Certificate |
|
|
| Force SSL | On |
|
|
| Let's Encrypt Email | postmaster@web.orbishosting.com |
|
|
|
|
---
|
|
|
|
## Proxy Host 3: Redirect www → root domain (Optional)
|
|
|
|
### Details Tab
|
|
| Field | Value |
|
|
|-------|-------|
|
|
| Domain Names | `www.web.orbishosting.com` |
|
|
| Scheme | `https` |
|
|
| Forward Hostname / IP | `web.orbishosting.com` |
|
|
| Forward Port | `443` |
|
|
|
|
---
|
|
|
|
## Enable Mailcow's Own ACME (for mail protocol SSL)
|
|
|
|
After NPM proxy is working for `mail.web.orbishosting.com`, SSH into the Mailcow VM and enable its own Let's Encrypt:
|
|
|
|
```bash
|
|
ssh ubuntu@10.48.200.82
|
|
|
|
# Edit mailcow.conf
|
|
sudo nano /opt/mailcow-dockerized/mailcow.conf
|
|
|
|
# Ensure these settings:
|
|
# SKIP_LETS_ENCRYPT=n ← Mailcow will get its own cert via HTTP challenge
|
|
# HTTP_PORT=8080 ← NPM forwards port 80 → this port
|
|
# HTTPS_PORT=8443
|
|
# HTTPS_BIND=127.0.0.1
|
|
|
|
# Restart acme container
|
|
cd /opt/mailcow-dockerized
|
|
sudo docker compose restart acme-mailcow
|
|
|
|
# Watch the ACME container get the cert
|
|
sudo docker compose logs -f acme-mailcow
|
|
```
|
|
|
|
The ACME challenge goes:
|
|
`Let's Encrypt → port 80 → FortiGate → NPM → port 8080 on Mailcow → acme responds`
|
|
|
|
Once Mailcow's ACME succeeds, it will automatically use that cert for Postfix/Dovecot.
|
|
|
|
---
|
|
|
|
## Verify Everything Works
|
|
|
|
```bash
|
|
# From outside your network or use mxtoolbox.com:
|
|
|
|
# Test HTTPS web UI
|
|
curl -I https://mail.web.orbishosting.com
|
|
|
|
# Test SMTP banner
|
|
telnet 97.176.15.26 25
|
|
|
|
# Test IMAP
|
|
openssl s_client -connect 97.176.15.26:993
|
|
|
|
# Test SMTP with TLS
|
|
openssl s_client -starttls smtp -connect 97.176.15.26:587
|
|
```
|