KNet/knet-mailserver
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
knet-mailserver/coolify.md
karmacoma f7ce76e0c9 initial commit
2025-12-27 01:46:31 +01:00

51 lines
3.2 KiB
Markdown
Raw Blame History

# Deploying mailcow-dockerized with Coolify + Traefik
This repository ships the upstream `mailcow-dockerized` stack plus a small override (`mailcow-dockerized/docker-compose.coolify.yml`) to let Coolify's Traefik proxy front the web UI at `mail.karmacoma.dev` while leaving mail protocols (SMTP/IMAP/POP3/Sieve) bound directly on the host.
Official docs to keep handy:
- mailcow: https://docs.mailcow.email/
- Reverse proxy notes (mailcow): https://docs.mailcow.email/post_installation/reverse-proxy/
- Coolify: https://docs.coolify.io/
## Prerequisites
- DNS already points `mail.karmacoma.dev` A/AAAA and MX to this host; PTR records match.
- Host firewall allows TCP 25, 465, 587, 993, 995, 143, 110, 4190 and UDP/TCP 53 for DNS resolver traffic. Ports 80/443 stay open but will be used by Traefik.
- Coolify is running with its built-in Traefik proxy. Note the proxy network name (UI: Infrastructure → Networks or `docker network ls`), typically `coolify-proxy`.
## Prepare configuration
1. From `mailcow-dockerized/`, generate the base config if you have not already:
```sh
cd mailcow-dockerized
./generate_config.sh
```
2. Edit `mailcow.conf`:
- `MAILCOW_HOSTNAME=mail.karmacoma.dev`
- Leave `HTTP_PORT=80` and `HTTPS_PORT=443` (Traefik attaches via Docker network, not host binds).
- Ensure `HTTP_REDIRECT=n` so ACME HTTP-01 works through Traefik.
- Keep `SKIP_LETS_ENCRYPT=n` so mailcow issues its own cert for mail protocols.
- Optionally set `TRUSTED_PROXIES=172.16.0.0/12` (defaulted in the override) to trust Coolify's proxy IP range.
3. Create a small `.env` (or set in Coolify) for the Traefik network if the default differs:
```sh
echo "TRAEFIK_NETWORK=coolify-proxy" > .env
```
## Coolify deployment steps
1. Add a new **Docker Compose** service in Coolify pointing to this repository/branch.
2. Compose files:
- Primary: `mailcow-dockerized/docker-compose.yml`
- Override: `mailcow-dockerized/docker-compose.coolify.yml`
3. Environment file: point Coolify to `mailcow-dockerized/mailcow.conf` (and `.env` if you created one), or copy its contents into the UI env editor.
4. No additional ports need to be declared for HTTP/HTTPS—Traefik handles routing. Mail ports remain published by the base compose file.
5. Deploy. First start will pull all mailcow images and generate certificates in `mailcow-dockerized/data/assets/ssl`.
## Routing behavior
- Traefik forwards HTTP on entrypoint `web` to `nginx-mailcow` port 80 and enforces an HTTPS redirect.
- Traefik passes through TLS on entrypoint `websecure` to `nginx-mailcow` port 443 so mailcow presents its own certificate (also used by Postfix/Dovecot/SOGo).
- Other mail protocols continue to bind to the host as defined in the upstream compose.
## Post-deploy checks
- Browse https://mail.karmacoma.dev and ensure the UI loads through Traefik.
- Verify certificates exist in `mailcow-dockerized/data/assets/ssl/` and that Postfix/Dovecot advertise the correct hostname.
- Send/receive a test message and confirm DNSBL lookups work (unbound container must resolve outbound DNS).
If you need to adjust anything later, edit `mailcow.conf` or tweak `mailcow-dockerized/docker-compose.coolify.yml` and redeploy from Coolify.
Reference in a new issue View git blame Copy permalink