Support for nginx installed on the docker host
zell-mbc opened this issue · comments
I am trying to add this image to my existing server which is already running Nextcloud (Docker) with Nginx installed on the host.
Having multiple docker services run in parallel on the same host with one reverse proxy (native or Docker) managing the SSL side of things seems to be a common use case to me, so I hope someone has maybe looked into what needs to be done to make this work?
What I did:
- Removed port 443 from docker config
- Redirecting host Nginx to port 8080, and map 8080:80 in the docker config
- Tried to get rid of the nginx 00-default*.conf files which force the container nginx to ssl, they keep on coming back (obviously)
What I get:
- Browser redirects to https://localhost, which obviously gives me an empty page
What I am looking for:
- Some examples/ideas for the Nginx conf installed on the host
- A way to switch off the SSL requirement for Nginx inside the container
- Confirmation if this is even possible given that the state of this repo is beta.
I converted the docker command to a docker-compose file:
version: '3.3'
services:
iredmail:
container_name: iredmail
environment:
HOSTNAME: mail.mydomain.co.uk
FIRST_MAIL_DOMAIN: mydomain.co.uk
FIRST_MAIL_DOMAIN_ADMIN_PASSWORD: ${ADMIN_PASSWORD}
MLMMJADMIN_API_TOKEN: ${API_TOKEN}
ROUNDCUBE_DES_KEY: ${ROUNDCUBE_KEY}
ports:
- '8080:80'
# - '443:443'
- '110:110'
- '995:995'
- '143:143'
- '993:993'
- '25:25'
- '465:465'
- '587:587'
volumes:
- ./data/backup:/var/vmail/backup
- ./data/mailboxes:/var/vmail/vmail1
- ./data/mlmmj:/var/vmail/mlmmj
- ./data/mlmmj_archive:/var/vmail/mlmmj-archive
- ./data/imapsieve_copy:/var/vmail/imapsieve_copy
- ./data/custom:/opt/iredmail/custom
- ./data/ssl:/opt/iredmail/ssl
- ./data/mysql:/var/lib/mysql
- ./data/clamav:/var/lib/clamav
- ./data/sa_rules:/var/lib/spamassassin
- ./data/postfix_queue:/var/spool/postfix
image: 'iredmail/mariadb:stable'
And finally my host nginx configuration:
server {
server_name webmail.mydomain.co.uk;
add_header X-XSS-Protection "1; mode=block";
add_header Referrer-Policy no-referrer;
add_header Permissions-Policy interest-cohort=();
add_header X-Frame-Options SAMEORIGIN;
location = /robots.txt {
allow all;
log_not_found off;
access_log off;
}
error_page 403 /core/templates/403.php;
error_page 404 /core/templates/404.php;
location / {
proxy_set_header Host $host;
proxy_pass http://127.0.0.1:8080/;
}
listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/webmail.mydomain.co.uk/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/webmail.mydomain.co.uk/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}
server {
if ($host = webmail.mydomain.co.uk) {
return 301 https://$host$request_uri;
} # managed by Certbot
server_name webmail.mydomain.co.uk;
listen 80;
return 404; # managed by Certbot
}
Dear @zell-mbc
Unfortunately we have no plan to support such setup. I'm afraid that you're on your own.
@zell-mbc did you get it to work? :)
Didn't invest much more time I am afraid. I ended up installing locally but meanwhile I have abandoned iRedMail because the feature set which comes for free isn't sufficient for my needs.