KNet/knet-mailserver
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
knet-mailserver/coolify.md
karmacoma 3f2a1ba179 update
2025-12-27 02:01:38 +01:00

48 lines
3.1 KiB
Markdown
Raw Blame History

# Deploying mailcow-dockerized with Coolify + Traefik
This repository ships the upstream `mailcow-dockerized` stack plus a single Coolify-ready compose file (`docker-compose.coolify.yml`) that already contains the Traefik wiring for `mail.karmacoma.dev`. Mail protocols (SMTP/IMAP/POP3/Sieve) stay bound directly on the host; only HTTP/HTTPS are proxied by Traefik.
Official docs to keep handy:
- mailcow: https://docs.mailcow.email/
- Reverse proxy notes (mailcow): https://docs.mailcow.email/post_installation/reverse-proxy/
- Coolify: https://docs.coolify.io/
## Prerequisites
- DNS already points `mail.karmacoma.dev` A/AAAA and MX to this host; PTR records match.
- Host firewall allows TCP 25, 465, 587, 993, 995, 143, 110, 4190 and UDP/TCP 53 for DNS resolver traffic. Ports 80/443 stay open but will be used by Traefik.
- Coolify is running with its built-in Traefik proxy. Note the proxy network name (UI: Infrastructure → Networks or `docker network ls`), typically `coolify-proxy`.
## Prepare configuration
1. From the repo root, generate the base config if you have not already:
```sh
./generate_config.sh
```
2. Edit `mailcow.conf`:
- `MAILCOW_HOSTNAME=mail.karmacoma.dev`
- Leave `HTTP_PORT=80` and `HTTPS_PORT=443` (Traefik attaches via Docker network, not host binds).
- Ensure `HTTP_REDIRECT=n` so ACME HTTP-01 works through Traefik.
- Keep `SKIP_LETS_ENCRYPT=n` so mailcow issues its own cert for mail protocols.
- Optionally set `TRUSTED_PROXIES=172.16.0.0/12` (defaulted in the compose) to trust Coolify's proxy IP range.
3. Create a small `.env` (or set in Coolify) for the Traefik network if the default differs:
```sh
echo "TRAEFIK_NETWORK=coolify-proxy" > .env
```
## Coolify deployment steps
1. Add a new **Docker Compose** service in Coolify pointing to this repository/branch.
2. Compose file: select only `docker-compose.coolify.yml` (it already includes the upstream stack plus Traefik labels/network).
3. Environment file: point Coolify to `mailcow.conf` (and `.env` if you created one), or copy its contents into the UI env editor.
4. No additional ports need to be declared for HTTP/HTTPS—Traefik handles routing. Mail ports remain published as defined in the compose.
5. Deploy. First start will pull all mailcow images and generate certificates in `data/assets/ssl`.
## Routing behavior
- Traefik forwards HTTP on entrypoint `web` to `nginx-mailcow` port 80 and enforces an HTTPS redirect.
- Traefik passes through TLS on entrypoint `websecure` to `nginx-mailcow` port 443 so mailcow presents its own certificate (also used by Postfix/Dovecot/SOGo).
- Other mail protocols continue to bind to the host as defined in the compose.
## Post-deploy checks
- Browse https://mail.karmacoma.dev and ensure the UI loads through Traefik.
- Verify certificates exist in `data/assets/ssl/` and that Postfix/Dovecot advertise the correct hostname.
- Send/receive a test message and confirm DNSBL lookups work (unbound container must resolve outbound DNS).
If you need to adjust anything later, edit `mailcow.conf` or tweak `docker-compose.coolify.yml` and redeploy from Coolify.
Reference in a new issue View git blame Copy permalink