mirror of
https://github.com/myronblair/ProxMailcow
synced 2026-06-30 17:50:40 -05:00
b60db8a0d0
- VM 200: Nginx Proxy Manager (10.48.200.80) - VM 201: Mailcow email server (10.48.200.82) - Cloud-init automation for both VMs - FortiGate VIP/policy documentation - DNS records for web.orbishosting.com - NPM proxy host setup guide - Mailcow post-install checklist - Cert sync script (NPM → Mailcow) External IP: 97.176.15.26
2.9 KiB
2.9 KiB
Nginx Proxy Manager — Proxy Host Configuration
After NPM is running, configure it via the web UI at http://10.48.200.80:81
Default login: admin@example.com / changeme — change immediately
Proxy Host 1: Mailcow Web UI (HTTPS)
Go to: Hosts → Proxy Hosts → Add Proxy Host
Details Tab
| Field | Value |
|---|---|
| Domain Names | mail.web.orbishosting.com |
| Scheme | http |
| Forward Hostname / IP | 10.48.200.82 |
| Forward Port | 8080 |
| Cache Assets | Off |
| Block Common Exploits | On |
| Websockets Support | On (required for Mailcow) |
SSL Tab
| Field | Value |
|---|---|
| SSL Certificate | Request a new SSL Certificate |
| Force SSL | On |
| HTTP/2 Support | On |
| HSTS Enabled | On |
| Let's Encrypt Email | postmaster@web.orbishosting.com |
| I Agree to ToS | Checked |
Click Save — NPM will automatically get a Let's Encrypt certificate.
Proxy Host 2: NPM Admin UI (Optional — for remote management)
If you want to access the NPM admin panel via your domain:
Details Tab
| Field | Value |
|---|---|
| Domain Names | npm.web.orbishosting.com |
| Scheme | http |
| Forward Hostname / IP | 127.0.0.1 |
| Forward Port | 81 |
| Block Common Exploits | On |
SSL Tab
| Field | Value |
|---|---|
| SSL Certificate | Request a new SSL Certificate |
| Force SSL | On |
| Let's Encrypt Email | postmaster@web.orbishosting.com |
Proxy Host 3: Redirect www → root domain (Optional)
Details Tab
| Field | Value |
|---|---|
| Domain Names | www.web.orbishosting.com |
| Scheme | https |
| Forward Hostname / IP | web.orbishosting.com |
| Forward Port | 443 |
Enable Mailcow's Own ACME (for mail protocol SSL)
After NPM proxy is working for mail.web.orbishosting.com, SSH into the Mailcow VM and enable its own Let's Encrypt:
ssh ubuntu@10.48.200.82
# Edit mailcow.conf
sudo nano /opt/mailcow-dockerized/mailcow.conf
# Ensure these settings:
# SKIP_LETS_ENCRYPT=n ← Mailcow will get its own cert via HTTP challenge
# HTTP_PORT=8080 ← NPM forwards port 80 → this port
# HTTPS_PORT=8443
# HTTPS_BIND=127.0.0.1
# Restart acme container
cd /opt/mailcow-dockerized
sudo docker compose restart acme-mailcow
# Watch the ACME container get the cert
sudo docker compose logs -f acme-mailcow
The ACME challenge goes:
Let's Encrypt → port 80 → FortiGate → NPM → port 8080 on Mailcow → acme responds
Once Mailcow's ACME succeeds, it will automatically use that cert for Postfix/Dovecot.
Verify Everything Works
# From outside your network or use mxtoolbox.com:
# Test HTTPS web UI
curl -I https://mail.web.orbishosting.com
# Test SMTP banner
telnet 97.176.15.26 25
# Test IMAP
openssl s_client -connect 97.176.15.26:993
# Test SMTP with TLS
openssl s_client -starttls smtp -connect 97.176.15.26:587