KNet/knet-mailserver
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
knet-mailserver/coolify.md
karmacoma f7ce76e0c9 initial commit
2025-12-27 01:46:31 +01:00

3.2 KiB
Raw Blame History

Deploying mailcow-dockerized with Coolify + Traefik

This repository ships the upstream mailcow-dockerized stack plus a small override (mailcow-dockerized/docker-compose.coolify.yml) to let Coolify's Traefik proxy front the web UI at mail.karmacoma.dev while leaving mail protocols (SMTP/IMAP/POP3/Sieve) bound directly on the host.

Official docs to keep handy:

Prerequisites

  • DNS already points mail.karmacoma.dev A/AAAA and MX to this host; PTR records match.
  • Host firewall allows TCP 25, 465, 587, 993, 995, 143, 110, 4190 and UDP/TCP 53 for DNS resolver traffic. Ports 80/443 stay open but will be used by Traefik.
  • Coolify is running with its built-in Traefik proxy. Note the proxy network name (UI: Infrastructure → Networks or docker network ls), typically coolify-proxy.

Prepare configuration

  1. From mailcow-dockerized/, generate the base config if you have not already: 
    cd mailcow-dockerized
./generate_config.sh
  2. Edit mailcow.conf:
    • MAILCOW_HOSTNAME=mail.karmacoma.dev
    • Leave HTTP_PORT=80 and HTTPS_PORT=443 (Traefik attaches via Docker network, not host binds).
    • Ensure HTTP_REDIRECT=n so ACME HTTP-01 works through Traefik.
    • Keep SKIP_LETS_ENCRYPT=n so mailcow issues its own cert for mail protocols.
    • Optionally set TRUSTED_PROXIES=172.16.0.0/12 (defaulted in the override) to trust Coolify's proxy IP range.
  3. Create a small .env (or set in Coolify) for the Traefik network if the default differs: 
    echo "TRAEFIK_NETWORK=coolify-proxy" > .env

Coolify deployment steps

  1. Add a new Docker Compose service in Coolify pointing to this repository/branch.
  2. Compose files:
    • Primary: mailcow-dockerized/docker-compose.yml
    • Override: mailcow-dockerized/docker-compose.coolify.yml
  3. Environment file: point Coolify to mailcow-dockerized/mailcow.conf (and .env if you created one), or copy its contents into the UI env editor.
  4. No additional ports need to be declared for HTTP/HTTPS—Traefik handles routing. Mail ports remain published by the base compose file.
  5. Deploy. First start will pull all mailcow images and generate certificates in mailcow-dockerized/data/assets/ssl.

Routing behavior

  • Traefik forwards HTTP on entrypoint web to nginx-mailcow port 80 and enforces an HTTPS redirect.
  • Traefik passes through TLS on entrypoint websecure to nginx-mailcow port 443 so mailcow presents its own certificate (also used by Postfix/Dovecot/SOGo).
  • Other mail protocols continue to bind to the host as defined in the upstream compose.

Post-deploy checks

  • Browse https://mail.karmacoma.dev and ensure the UI loads through Traefik.
  • Verify certificates exist in mailcow-dockerized/data/assets/ssl/ and that Postfix/Dovecot advertise the correct hostname.
  • Send/receive a test message and confirm DNSBL lookups work (unbound container must resolve outbound DNS).

If you need to adjust anything later, edit mailcow.conf or tweak mailcow-dockerized/docker-compose.coolify.yml and redeploy from Coolify.