# Deploying mailcow-dockerized with Coolify + Traefik This repository ships the upstream `mailcow-dockerized` stack plus a small override (`mailcow-dockerized/docker-compose.coolify.yml`) to let Coolify's Traefik proxy front the web UI at `mail.karmacoma.dev` while leaving mail protocols (SMTP/IMAP/POP3/Sieve) bound directly on the host. Official docs to keep handy: - mailcow: https://docs.mailcow.email/ - Reverse proxy notes (mailcow): https://docs.mailcow.email/post_installation/reverse-proxy/ - Coolify: https://docs.coolify.io/ ## Prerequisites - DNS already points `mail.karmacoma.dev` A/AAAA and MX to this host; PTR records match. - Host firewall allows TCP 25, 465, 587, 993, 995, 143, 110, 4190 and UDP/TCP 53 for DNS resolver traffic. Ports 80/443 stay open but will be used by Traefik. - Coolify is running with its built-in Traefik proxy. Note the proxy network name (UI: Infrastructure → Networks or `docker network ls`), typically `coolify-proxy`. ## Prepare configuration 1. From `mailcow-dockerized/`, generate the base config if you have not already: ```sh cd mailcow-dockerized ./generate_config.sh ``` 2. Edit `mailcow.conf`: - `MAILCOW_HOSTNAME=mail.karmacoma.dev` - Leave `HTTP_PORT=80` and `HTTPS_PORT=443` (Traefik attaches via Docker network, not host binds). - Ensure `HTTP_REDIRECT=n` so ACME HTTP-01 works through Traefik. - Keep `SKIP_LETS_ENCRYPT=n` so mailcow issues its own cert for mail protocols. - Optionally set `TRUSTED_PROXIES=172.16.0.0/12` (defaulted in the override) to trust Coolify's proxy IP range. 3. Create a small `.env` (or set in Coolify) for the Traefik network if the default differs: ```sh echo "TRAEFIK_NETWORK=coolify-proxy" > .env ``` ## Coolify deployment steps 1. Add a new **Docker Compose** service in Coolify pointing to this repository/branch. 2. Compose files: - Primary: `mailcow-dockerized/docker-compose.yml` - Override: `mailcow-dockerized/docker-compose.coolify.yml` 3. Environment file: point Coolify to `mailcow-dockerized/mailcow.conf` (and `.env` if you created one), or copy its contents into the UI env editor. 4. No additional ports need to be declared for HTTP/HTTPS—Traefik handles routing. Mail ports remain published by the base compose file. 5. Deploy. First start will pull all mailcow images and generate certificates in `mailcow-dockerized/data/assets/ssl`. ## Routing behavior - Traefik forwards HTTP on entrypoint `web` to `nginx-mailcow` port 80 and enforces an HTTPS redirect. - Traefik passes through TLS on entrypoint `websecure` to `nginx-mailcow` port 443 so mailcow presents its own certificate (also used by Postfix/Dovecot/SOGo). - Other mail protocols continue to bind to the host as defined in the upstream compose. ## Post-deploy checks - Browse https://mail.karmacoma.dev and ensure the UI loads through Traefik. - Verify certificates exist in `mailcow-dockerized/data/assets/ssl/` and that Postfix/Dovecot advertise the correct hostname. - Send/receive a test message and confirm DNSBL lookups work (unbound container must resolve outbound DNS). If you need to adjust anything later, edit `mailcow.conf` or tweak `mailcow-dockerized/docker-compose.coolify.yml` and redeploy from Coolify.