nginx-proxy-manager
nginx-proxy-manager copied to clipboard
NginxProxyManager
Proxy mail server
Is your feature request related to a problem? Please describe.
I am trying to proxy a mailserver but the task seams to be impossible at the moment with NPM whit this is possible to do with Nginx.
Describe the solution you'd like
I'd like the option to stream proxy mail serves as described here: https://docs.nginx.com/nginx/admin-guide/mail-proxy/mail-proxy/
I tried to stream the ports but the protocoles imap, smpt and pop3 are not supported by NPM.
Describe alternatives you've considered
The only alternative that I can think is manually configure the mailserver with the "Custom Nginx configuration" option but the reason why I am using NPM is because I don't know how to deal with Nginx directly.
While the version of Nginx (OpenResty) is built with mail extensions, this project doesn't really support this type of configuration as the nginx document describes. Certainly something that could be added in future, though I'd like to see more demand for it.
If anyone else is wanting this feature please add a thumbs up to @kennylajara's issue above.
Ok... so, meanwhile I am trying some workaround and need to mound my mailsever's .well-known directory with the proxy's .well-known directory but looks like the npm's .well-known directory is not being used. The .well-know directory that I found with some files is on the docker's overlay2 directory...
So... can you help me on that?
I'm bumping this issue. Is it possible to mount .well-known folder into nginx-proxy-manager?
I would like to use poste.io as my mail server, but to enable TLS certificate with let's encrypt I need to mount .well-known folder from poste.io.
I don't know how to use /data/letsencrypt-acme-challenge folder correctly.
As a workaround: you could mount a file with an nginx mail block into /data/nginx/custom/root.conf. (See custom mountpoints)
I am interested in this functionality as well!
@chaptergy would you provide an example or link to an example of how to add the mail block? I understand the location based on your previous link. There currently isn't a dir located at /data/nginx/custom/ to contain any conf files.
Well, you'll need to mount it into the docker container. So you would have to create a file on the host where docker is running, e.g. nginx-mail.conf with your desired nginx config. It could look something like this: Example by @aitkar
mail {
server_name mail.example.com;
auth_http localhost:9000/cgi-bin/nginxauth.cgi;
proxy_pass_error_message on;
ssl on;
ssl_certificate /etc/ssl/certs/server.crt;
ssl_certificate_key /etc/ssl/certs/server.key;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_session_cache shared:SSL:10m;
ssl_session_timeout 10m;
server {
listen 25;
protocol smtp;
smtp_auth login plain cram-md5;
}
server {
listen 110;
protocol pop3;
pop3_auth plain apop cram-md5;
}
server {
listen 143;
protocol imap;
}
}
Click to view note about certificates
Note: Certificate files are usually located at the following locations.
ssl_certificate /etc/letsencrypt/live/npm-<cert-id>/fullchain.pem; ssl_certificate_key /etc/letsencrypt/live/npm-<cert-id>/privkey.pem;The
<cert-id>can be found in the list of ssl certficates. In this case the<cert-id>would be3.
Then you have to edit you docker compose file to mount this file into the specific location inside the container and expose your ports:
services:
app:
image: 'jc21/nginx-proxy-manager:latest'
[...]
ports:
# Expose the ports you need for your mail
- '25:25'
- '110:110'
- '143:143'
- [...]
volumes:
- /path/to/nginx-mail.conf:/data/nginx/custom/root.conf # Add this line
- [...]
Is there and progress on this implementation or fearure request? Would love to see this natively in NPM. Having my mail services beging NPM with an ssl cert. (The described docker tip is too complex for me to understand).
Create with portainer:
Image: docker.io/mailserver/docker-mailserver:edge
Ports: 25:25 143:143 465:465 587:587 993:993
Volume: contrainer: /etc/letsencrypt -> volume: (indicate the volume from npm where the certificates are included)
Network: hostname: mail DomainName: example.vom
Environment variables:
ENABLE_FAIL2BAN=1
SSL_TYPE=manual
PERMIT_DOCKER=network
ONE_DIR=1
ENABLE_POSTGREY=0
ENABLE_CLAMAV=0
ENABLE_SPAMASSASSIN=0
SPOOF_PROTECTION=0
FETCHMAIL_POLL=300
POSTGREY_AUTO_WHITELIST_CLIENTS=5
POSTGREY_DELAY=300
POSTGREY_MAX_AGE=35
POSTGREY_TEXT=Delayed by Postgrey
SASLAUTHD_MECH_OPTIONS=
SSL_CERT_PATH=/etc/letsencrypt/live/npm-X/fullchain.pem
SSL_KEY_PATH=/etc/letsencrypt/live/npm-X/privkey.pem
TLS_LEVEL=modern
Container capabilities: NET_ADMIN SYS_PTRACE
After starting the container, apply the following commands in the console:
- setup email add [email protected] password (from adding accounts)
- setup config dkim
I don´t know if I arrive late to the party but here are my 2 cents. I do have NPM working for ports 25, 587 and 993 as streams for my mail server.
All I've done is:
- Modify the docker-compose file to expose ports 25, 587 and 993.
- Recreate de container with the new docker-compose file.
- Redirect traffic from pfsense firewall through the NPM.
- Create a stream for each port pointing to the backend server.
All seems do work perfectly fine from the outside.
I do have some other streams for other services working but seems like mail ports are more sensible.
Hope it helps!
I don´t know if I arrive late to the party but here are my 2 cents. I do have NPM working for ports 25, 587 and 993 as streams for my mail server.
All I've done is:
- Modify the docker-compose file to expose ports 25, 587 and 993.
- Recreate de container with the new docker-compose file.
- Redirect traffic from pfsense firewall through the NPM.
- Create a stream for each port pointing to the backend server.
All seems do work perfectly fine from the outside.
I do have some other streams for other services working but seems like mail ports are more sensible.
Hope it helps!
How did you do this?
i would love to get this working for me as i use my Asustor Nas and it has trouble getting certs. i would love to run my mail server thru my npm but i have not been able to get it to work
I don´t know if I arrive late to the party but here are my 2 cents. I do have NPM working for ports 25, 587 and 993 as streams for my mail server.
All I've done is:
- Modify the docker-compose file to expose ports 25, 587 and 993.
- Recreate de container with the new docker-compose file.
- Redirect traffic from pfsense firewall through the NPM.
- Create a stream for each port pointing to the backend server.
All seems do work perfectly fine from the outside.
I do have some other streams for other services working but seems like mail ports are more sensible.
Hope it helps!
I don´t know if I arrive late to the party but here are my 2 cents. I do have NPM working for ports 25, 587 and 993 as streams for my mail server.
All I've done is:
- Modify the docker-compose file to expose ports 25, 587 and 993.
- Recreate de container with the new docker-compose file.
- Redirect traffic from pfsense firewall through the NPM.
- Create a stream for each port pointing to the backend server.
All seems do work perfectly fine from the outside.
I do have some other streams for other services working but seems like mail ports are more sensible.
Hope it helps!
I try this by creating a proxy host my.domain.com:993 pointing to port 147 on the mailserver. Did you do it this way? It doesn't work for me
Thank you i will give this a try hopfully it will work as all my mail server is showing not trusted even though it is and my nextcloud or other services wont send emails because of it