Files
ProxMailcow/nginx-proxy-manager/npm-proxy-setup.md
T

128 lines
3.2 KiB
Markdown

# Nginx Proxy Manager — Proxy Host Configuration
Admin UI: **http://10.48.200.80:81** (login: myronblair@outlook.com)
## Configured Routing (already set up)
| Incoming Domain | Routed To | Notes |
|-----------------|-----------|-------|
| `web.orbishosting.com` | → `mail.web.orbishosting.com` | Redirect |
| `mail.web.orbishosting.com` | `http://10.48.200.82:8080` | Mailcow web UI |
| `orbisne.fortiddns.com` | `https://10.48.200.96` | FusionPBX web admin |
**FusionPBX is at `10.48.200.96`** — SIP phones connect directly on LAN, not through NPM.
---
## Proxy Host 1: Mailcow Web UI (HTTPS)
Go to: **Hosts → Proxy Hosts → Add Proxy Host**
### Details Tab
| Field | Value |
|-------|-------|
| Domain Names | `mail.web.orbishosting.com` |
| Scheme | `http` |
| Forward Hostname / IP | `10.48.200.82` |
| Forward Port | `8080` |
| Cache Assets | Off |
| Block Common Exploits | On |
| Websockets Support | **On** (required for Mailcow) |
### SSL Tab
| Field | Value |
|-------|-------|
| SSL Certificate | Request a new SSL Certificate |
| Force SSL | On |
| HTTP/2 Support | On |
| HSTS Enabled | On |
| Let's Encrypt Email | postmaster@web.orbishosting.com |
| I Agree to ToS | Checked |
Click **Save** — NPM will automatically get a Let's Encrypt certificate.
---
## Proxy Host 2: NPM Admin UI (Optional — for remote management)
If you want to access the NPM admin panel via your domain:
### Details Tab
| Field | Value |
|-------|-------|
| Domain Names | `npm.web.orbishosting.com` |
| Scheme | `http` |
| Forward Hostname / IP | `127.0.0.1` |
| Forward Port | `81` |
| Block Common Exploits | On |
### SSL Tab
| Field | Value |
|-------|-------|
| SSL Certificate | Request a new SSL Certificate |
| Force SSL | On |
| Let's Encrypt Email | postmaster@web.orbishosting.com |
---
## Proxy Host 3: Redirect www → root domain (Optional)
### Details Tab
| Field | Value |
|-------|-------|
| Domain Names | `www.web.orbishosting.com` |
| Scheme | `https` |
| Forward Hostname / IP | `web.orbishosting.com` |
| Forward Port | `443` |
---
## Enable Mailcow's Own ACME (for mail protocol SSL)
After NPM proxy is working for `mail.web.orbishosting.com`, SSH into the Mailcow VM and enable its own Let's Encrypt:
```bash
ssh ubuntu@10.48.200.82
# Edit mailcow.conf
sudo nano /opt/mailcow-dockerized/mailcow.conf
# Ensure these settings:
# SKIP_LETS_ENCRYPT=n ← Mailcow will get its own cert via HTTP challenge
# HTTP_PORT=8080 ← NPM forwards port 80 → this port
# HTTPS_PORT=8443
# HTTPS_BIND=127.0.0.1
# Restart acme container
cd /opt/mailcow-dockerized
sudo docker compose restart acme-mailcow
# Watch the ACME container get the cert
sudo docker compose logs -f acme-mailcow
```
The ACME challenge goes:
`Let's Encrypt → port 80 → FortiGate → NPM → port 8080 on Mailcow → acme responds`
Once Mailcow's ACME succeeds, it will automatically use that cert for Postfix/Dovecot.
---
## Verify Everything Works
```bash
# From outside your network or use mxtoolbox.com:
# Test HTTPS web UI
curl -I https://mail.web.orbishosting.com
# Test SMTP banner
telnet 97.176.15.26 25
# Test IMAP
openssl s_client -connect 97.176.15.26:993
# Test SMTP with TLS
openssl s_client -starttls smtp -connect 97.176.15.26:587
```