Home Explore Help
Sign In
mirrors
/
mailcow-dockerized
mirror of https://github.com/mailcow/mailcow-dockerized
2
0
Fork 0
Files Issues 0 Wiki
Browse Source

Fix Nginx proxy pass

andryyy 8 years ago
parent
ef3861d448
commit
7ca0d96bf6
1 changed files with 8 additions and 8 deletions
Split View Show Diff Stats
  1. 8 8
      docs/first_steps.md

+ 8 - 8
docs/first_steps.md
View File 

@@ -13,17 +13,17 @@ mailcow uses 3 domain names that should be covered by your new certificate:
 
 This is just an example of how to obtain certificates with certbot. There are several methods!

 

 1\. Get the certbot client:

-```

+``` bash

 wget https://dl.eff.org/certbot-auto -O /usr/local/sbin/certbot && chmod +x /usr/local/sbin/certbot

 ```

 

 2\. Make sure you set `HTTP_BIND=0.0.0.0` in `mailcow.conf` or setup a reverse proxy to enable connections to port 80. If you changed HTTP_BIND, then restart Nginx:

-```

+``` bash

 docker-compose restart nginx-mailcow

 ```

 

 3\. Request the certificate with the webroot method:

-```

+``` bash

 cd /path/to/git/clone/mailcow-dockerized

 source mailcow.conf

 certbot certonly \

@@ -37,7 +37,7 @@ certbot certonly \
 
 ```

     

 4\. Create hard links to the full path of the new certificates. Assuming you are still in the mailcow root folder:

-```

+``` bash

 mv data/assets/ssl/cert.{pem,pem.backup}

 mv data/assets/ssl/key.{pem,pem.backup}

 ln $(readlink -f /etc/letsencrypt/live/${MAILCOW_HOSTNAME}/fullchain.pem) data/assets/ssl/cert.pem

@@ -77,7 +77,7 @@ You don't need to change the Nginx site that comes with mailcow: dockerized.
 
 mailcow: dockerized trusts the default gateway IP 172.22.1.1 as proxy. This is very important to control access to Rspamd's web UI.

 

 1\. Make sure you change HTTP_BIND and HTTPS_BIND in `mailcow.conf` to a local address and set the ports accordingly, for example:

-```

+``` bash

 HTTP_BIND=127.0.0.1

 HTTP_PORT=8080

 HTTPS_PORT=127.0.0.1

@@ -89,7 +89,7 @@ Recreate affected containers by running `docker-compose up -d`.
 
 2\. Configure your local webserver as reverse proxy:

 

 ### Apache 2.4

-```

+``` apache

 <VirtualHost *:443>

     ServerName mail.example.org

     ServerAlias autodiscover.example.org

@@ -123,8 +123,8 @@ server {
 
     [...]

     your-ssl-configuration-here

     location / {

-        proxy_pass http://127.0.0.1:8080;

-        proxy_set_header Host $host;

+        proxy_pass http://127.0.0.1:8080/;

+        proxy_redirect http://127.0.0.1:8080/ $scheme://$host:$server_port/;

         proxy_set_header X-Real-IP $remote_addr;

         proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

         proxy_set_header X-Forwarded-Proto $scheme;