Skip to content

Instantly share code, notes, and snippets.

@analogic
Last active June 6, 2024 12:12
Show Gist options
  • Save analogic/51fbe91b580d7913b72320f89bf994cc to your computer and use it in GitHub Desktop.
Save analogic/51fbe91b580d7913b72320f89bf994cc to your computer and use it in GitHub Desktop.
Poste.io (with Lets Encrypt) + Nginx reverse proxy + Nginx Lets encrypt companion
version: '3'
services:
nginx-proxy:
image: jwilder/nginx-proxy
labels:
com.github.jrcs.letsencrypt_nginx_proxy_companion.nginx_proxy: "true"
container_name: nginx-proxy
restart: unless-stopped
ports:
- "80:80"
- "443:443"
volumes:
- /data/nginx/conf.d:/etc/nginx/conf.d
- /data/nginx/vhost.d:/etc/nginx/vhost.d
- /data/nginx/html:/usr/share/nginx/html
- /data/nginx/certs:/etc/nginx/certs:ro
- /var/run/docker.sock:/tmp/docker.sock:ro
nginx-letsencrypt:
image: jrcs/letsencrypt-nginx-proxy-companion
container_name: nginx-letsencrypt
restart: unless-stopped
volumes:
- /data/nginx/conf.d:/etc/nginx/conf.d
- /data/nginx/vhost.d:/etc/nginx/vhost.d
- /data/nginx/html:/usr/share/nginx/html
- /data/nginx/certs:/etc/nginx/certs:rw
- /var/run/docker.sock:/var/run/docker.sock:ro
environment:
- NGINX_DOCKER_GEN_CONTAINER=nginx-proxy
- NGINX_PROXY_CONTAINER=nginx-proxy
mailserver:
image: poste.io/mailserver:dev
container_name: mailserver
restart: unless-stopped
ports:
- "25:25"
- "110:110"
- "143:143"
- "587:587"
- "993:993"
- "995:995"
- "4190:4190"
environment:
- LETSENCRYPT_EMAIL=info@analogic.cz
- LETSENCRYPT_HOST=mail.poste.io
- VIRTUAL_HOST=mail.poste.io
- HTTPS=OFF
volumes:
- /etc/localtime:/etc/localtime:ro
- /data/nginx/html/.well-known:/opt/www/.well-known
- /data/mailserver:/data
@dominickj-tdi
Copy link

I believe there may be a mistake in the above code. If I'm not mistaken, the environment variables on lines 31 and 32 should be set to "nginx-proxy" to match the container name of the nginx container.

@analogic
Copy link
Author

I believe there may be a mistake in the above code. If I'm not mistaken, the environment variables on lines 31 and 32 should be set to "nginx-proxy" to match the container name of the nginx container.

Thanks, fixed!

@johandroid
Copy link

Hi, I'm trying to use something similar to this, but with separated docker-compose.yml files like this:

For nginx-proxy and lets-encrypt

version: "3.8"
services:
  # nginx-proxy
  nginx-proxy:
    image: jwilder/nginx-proxy
    container_name: MyProxy
    restart: always
    ports:
      - "80:80"
      - "443:443"
    volumes:
      - "/var/run/docker.sock:/tmp/docker.sock:ro"
      - "./certs:/etc/nginx/certs"
      - "./vhost.d:/etc/nginx/vhost.d"
      - "./html:/usr/share/nginx/html"
      - "./conf.d:/etc/nginx/conf.d"
    networks:
      - "net"
  # lets-encrypt
  letsencrypt-nginx-proxy-companion:
    image: jrcs/letsencrypt-nginx-proxy-companion
    container_name: lets-encrypt
    depends_on:
      - nginx-proxy
    restart: always
    environment:
      - NGINX_DOCKER_GEN_CONTAINER=MyProxy
      - NGINX_PROXY_CONTAINER=MyProxy
    volumes:
      - "/var/run/docker.sock:/tmp/docker.sock:ro"
      - "./certs:/etc/nginx/certs"
      - "./vhost.d:/etc/nginx/vhost.d"
      - "./html:/usr/share/nginx/html"
      - "/var/run/docker.sock:/var/run/docker.sock:ro"
    networks:
      - net
networks:
  net:
    external: true

And for poste.io:

version: '3.8'

services:
  mailserver:
    image: analogic/poste.io:latest
    container_name: mailserver
    hostname: mail
    domainname: johandroid.com
    restart: unless-stopped
    ports:
      - "25:25"
      - "110:110"
      - "143:143"
      - "587:587"
      - "993:993"
      - "995:995"
      - "4190:4190"
      - "465:465"
    environment:
      - LETSENCRYPT_EMAIL=info@johandroid.com
      - LETSENCRYPT_HOST=mail.johandroid.com
      - VIRTUAL_HOST=mail.johandroid.com,smtp.johandroid.com,imap.johandroid.com
      - DISABLE_CLAMAV=TRUE
      - HTTPS=OFF
    volumes:
      - "/etc/localtime:/etc/localtime:ro"
      - "~/nginx/nginx-proxy/html/.well-known:/opt/www/.well-known"
      - "./data/mailserver:/data"
    networks:
      - "net"

networks:
  net:
    external: true

This is working nice and smooth, I can login into the admin or webclient, and even use thunderbird as mail client, I can send and recieve mail ... But, when I try to use the gmail app for android, it complains about the certificate, it says the issuer of certificate is poste and not my lets-encrypt certificate, actually the expiration date is Sep 17, 2020

How can I make it use my certificates?

@try2codesecure
Copy link

try2codesecure commented Jan 2, 2021

Hi johandroid.
I got the same problem. Link the letsencrypt certs from the nginx proxy to the poste.io container =>

    volumes:
      - NGINX_PROXY_PATH/ssl/certs/mail.YOUR_DOMAIN.com/key.pem:/data/ssl/server.key:ro
      - NGINX_PROXY_PATH/ssl/certs/mail.YOUR_DOMAIN.com/fullchain.pem:/data/ssl/ca.crt:ro
      - NGINX_PROXY_PATH/ssl/certs/mail.YOUR_DOMAIN.com/cert.pem:/data/ssl/server.crt:ro

=> https://www.cloudrocket.at/posts/self-hosted-mail-server-with-poste.io-and-nginx/#the-tls-termination-problem

@fedeaguilera
Copy link

Hi johandroid. I got the same problem. Link the letsencrypt certs from the nginx proxy to the poste.io container =>

    volumes:
      - NGINX_PROXY_PATH/ssl/certs/mail.YOUR_DOMAIN.com/key.pem:/data/ssl/server.key:ro
      - NGINX_PROXY_PATH/ssl/certs/mail.YOUR_DOMAIN.com/fullchain.pem:/data/ssl/ca.crt:ro
      - NGINX_PROXY_PATH/ssl/certs/mail.YOUR_DOMAIN.com/cert.pem:/data/ssl/server.crt:ro

=> https://www.cloudrocket.at/posts/self-hosted-mail-server-with-poste.io-and-nginx/#the-tls-termination-problem

hi guys. if you have a 2 domains. works only one certificate?

@gadonski
Copy link

gadonski commented Jun 6, 2024

using by this way, the BIMI logo will point to wrong address.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment