7x31
/
mailcow-dockerized
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Update first_steps.md

This commit is contained in:
broedli 2017-03-02 21:33:11 +01:00 committed by GitHub
parent a4bb6f2650
commit d242cf87a3
1 changed files with 42 additions and 39 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

15
docs/first_steps.md
View File

@ -16,10 +16,10 @@ This is just an example of how to obtain certificates with certbot. There are se
```
wget https://dl.eff.org/certbot-auto -O /usr/local/sbin/certbot && chmod +x /usr/local/sbin/certbot
```
2. Make sure you set `HTTP_BIND=0.0.0.0` in `mailcow.conf` or setup a reverse proxy to enable connections to port 80. If you changed HTTP_BIND, then restart Nginx: `docker-compose restart nginx-mailcow`.
3. Request the certificate with the webroot method:
```
cd /path/to/git/clone/mailcow-dockerized
source mailcow.conf
@ -33,32 +33,35 @@ certbot certonly \
--agree-tos
```
3. Create hard links to the full path of the new certificates. Assuming you are still in the mailcow root folder:
4. Create hard links to the full path of the new certificates. Assuming you are still in the mailcow root folder:
```
mv data/assets/ssl/cert.{pem,pem.backup}
mv data/assets/ssl/key.{pem,pem.backup}
ln $(readlink -f /etc/letsencrypt/live/${MAILCOW_HOSTNAME}/fullchain.pem) data/assets/ssl/cert.pem
ln $(readlink -f /etc/letsencrypt/live/${MAILCOW_HOSTNAME}/privkey.pem) data/assets/ssl/key.pem
```
4. Restart containers which use the certificate:
5. Restart containers which use the certificate:
```
docker-compose restart postfix-mailcow dovecot-mailcow nginx-mailcow
```
When renewing certificates, run the last two steps (link + restart) as post-hook in a script.
# Rspamd Web UI
# Rspamd UI access
At first you may want to setup Rspamds web interface which provides some useful features and information.
1. Generate a Rspamd controller password hash:
```
docker-compose exec rspamd-mailcow rspamadm pw
```
2. Replace the default hash in `data/conf/rspamd/override.d/worker-controller.inc` by your newly generated:
```
enable_password = "myhash";
```
3. Restart rspamd:
3. Restart rspamd:
```
docker-compose restart rspamd-mailcow
```
@ -68,7 +71,7 @@ Open https://${MAILCOW_HOSTNAME}/rspamd in a browser and login!
# Optional: Reverse proxy
You don't need to change the Nginx site that comes with mailcow: dockerized.
mailcow: dockerized trusts the default gateway IP 172.22.1.1 as proxy. This is very important to control access to Rspamd's web UI.
mailcow: dockerized trusts the default gateway IP 172.22.1.1 as proxy. This is very important to control access to Rspamds web ui.
Make sure you change HTTP_BIND and HTTPS_BIND to a local address and set the ports accordingly, for example:
```