38 lines
1.7 KiB
YAML
38 lines
1.7 KiB
YAML
# Compose override for running mailcow behind Coolify's Traefik proxy
|
|
# Keep the base mailcow-dockerized/docker-compose.yml untouched and load this as an override.
|
|
services:
|
|
nginx-mailcow:
|
|
# Disable direct host bindings for 80/443 and let Traefik terminate/reroute traffic.
|
|
ports: []
|
|
networks:
|
|
mailcow-network:
|
|
aliases:
|
|
- nginx
|
|
traefik-proxy: {}
|
|
environment:
|
|
# Keep HTTP reachable for ACME HTTP-01 via Traefik; avoid forced redirect.
|
|
HTTP_REDIRECT: ${HTTP_REDIRECT:-n}
|
|
# Trust Coolify's proxy range so real client IPs are logged correctly.
|
|
TRUSTED_PROXIES: ${TRUSTED_PROXIES:-172.16.0.0/12}
|
|
labels:
|
|
traefik.enable: "true"
|
|
traefik.docker.network: ${TRAEFIK_NETWORK:-coolify-proxy}
|
|
|
|
traefik.http.routers.mailcow-http.rule: Host(`mail.karmacoma.dev`)
|
|
traefik.http.routers.mailcow-http.entrypoints: web
|
|
traefik.http.routers.mailcow-http.service: mailcow-http
|
|
traefik.http.middlewares.mailcow-https-redirect.redirectscheme.scheme: https
|
|
traefik.http.routers.mailcow-http.middlewares: mailcow-https-redirect
|
|
traefik.http.services.mailcow-http.loadbalancer.server.port: 80
|
|
|
|
# HTTPS is passed through so mailcow can present its own certificate.
|
|
traefik.tcp.routers.mailcow-https.rule: HostSNI(`mail.karmacoma.dev`)
|
|
traefik.tcp.routers.mailcow-https.entrypoints: websecure
|
|
traefik.tcp.routers.mailcow-https.tls.passthrough: "true"
|
|
traefik.tcp.routers.mailcow-https.service: mailcow-https
|
|
traefik.tcp.services.mailcow-https.loadbalancer.server.port: 443
|
|
|
|
networks:
|
|
traefik-proxy:
|
|
external: true
|
|
name: ${TRAEFIK_NETWORK:-coolify-proxy}
|