7x31
/
mailcow-dockerized
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Update first_steps.md

This commit is contained in:
broedli 2017-03-02 21:33:11 +01:00 committed by GitHub
parent a4bb6f2650
commit d242cf87a3
1 changed files with 42 additions and 39 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

15
docs/first_steps.md
View File

@ -16,10 +16,10 @@ This is just an example of how to obtain certificates with certbot. There are se
``` ```
wget https://dl.eff.org/certbot-auto -O /usr/local/sbin/certbot && chmod +x /usr/local/sbin/certbot wget https://dl.eff.org/certbot-auto -O /usr/local/sbin/certbot && chmod +x /usr/local/sbin/certbot
``` ```
2. Make sure you set `HTTP_BIND=0.0.0.0` in `mailcow.conf` or setup a reverse proxy to enable connections to port 80. If you changed HTTP_BIND, then restart Nginx: `docker-compose restart nginx-mailcow`. 2. Make sure you set `HTTP_BIND=0.0.0.0` in `mailcow.conf` or setup a reverse proxy to enable connections to port 80. If you changed HTTP_BIND, then restart Nginx: `docker-compose restart nginx-mailcow`.
3. Request the certificate with the webroot method: 3. Request the certificate with the webroot method:
``` ```
cd /path/to/git/clone/mailcow-dockerized cd /path/to/git/clone/mailcow-dockerized
source mailcow.conf source mailcow.conf
@ -33,32 +33,35 @@ certbot certonly \
--agree-tos --agree-tos
``` ```
3. Create hard links to the full path of the new certificates. Assuming you are still in the mailcow root folder: 4. Create hard links to the full path of the new certificates. Assuming you are still in the mailcow root folder:
``` ```
mv data/assets/ssl/cert.{pem,pem.backup} mv data/assets/ssl/cert.{pem,pem.backup}
mv data/assets/ssl/key.{pem,pem.backup} mv data/assets/ssl/key.{pem,pem.backup}
ln $(readlink -f /etc/letsencrypt/live/${MAILCOW_HOSTNAME}/fullchain.pem) data/assets/ssl/cert.pem ln $(readlink -f /etc/letsencrypt/live/${MAILCOW_HOSTNAME}/fullchain.pem) data/assets/ssl/cert.pem
ln $(readlink -f /etc/letsencrypt/live/${MAILCOW_HOSTNAME}/privkey.pem) data/assets/ssl/key.pem ln $(readlink -f /etc/letsencrypt/live/${MAILCOW_HOSTNAME}/privkey.pem) data/assets/ssl/key.pem
``` ```
4. Restart containers which use the certificate:
5. Restart containers which use the certificate:
``` ```
docker-compose restart postfix-mailcow dovecot-mailcow nginx-mailcow docker-compose restart postfix-mailcow dovecot-mailcow nginx-mailcow
``` ```
When renewing certificates, run the last two steps (link + restart) as post-hook in a script. When renewing certificates, run the last two steps (link + restart) as post-hook in a script.
# Rspamd Web UI # Rspamd UI access
At first you may want to setup Rspamds web interface which provides some useful features and information. At first you may want to setup Rspamds web interface which provides some useful features and information.
1. Generate a Rspamd controller password hash: 1. Generate a Rspamd controller password hash:
``` ```
docker-compose exec rspamd-mailcow rspamadm pw docker-compose exec rspamd-mailcow rspamadm pw
``` ```
2. Replace the default hash in `data/conf/rspamd/override.d/worker-controller.inc` by your newly generated: 2. Replace the default hash in `data/conf/rspamd/override.d/worker-controller.inc` by your newly generated:
``` ```
enable_password = "myhash"; enable_password = "myhash";
``` ```
3. Restart rspamd:
3. Restart rspamd:
``` ```
docker-compose restart rspamd-mailcow docker-compose restart rspamd-mailcow
``` ```
@ -68,7 +71,7 @@ Open https://${MAILCOW_HOSTNAME}/rspamd in a browser and login!
# Optional: Reverse proxy # Optional: Reverse proxy
You don't need to change the Nginx site that comes with mailcow: dockerized. You don't need to change the Nginx site that comes with mailcow: dockerized.
mailcow: dockerized trusts the default gateway IP 172.22.1.1 as proxy. This is very important to control access to Rspamd's web UI. mailcow: dockerized trusts the default gateway IP 172.22.1.1 as proxy. This is very important to control access to Rspamds web ui.
Make sure you change HTTP_BIND and HTTPS_BIND to a local address and set the ports accordingly, for example: Make sure you change HTTP_BIND and HTTPS_BIND to a local address and set the ports accordingly, for example:
``` ```