-
Notifications
You must be signed in to change notification settings - Fork 1
X FAQ X Use custom ports for HTTP HTTPS
In this scenario, a web server already runs on the host that also runs the mailserver container. The container cannot use port 80 / 443 because these are used by the host's webserver.
HTTP Port
HTTP is required for letsencrypt certificate requests and certificate renewals.
Letsencrypt does not support using a custom port for HTTP.
To work around this issue and still have the mailserver container handle the mailserver's certificates, add a proxy configuration to the hosts's webserver.
The proxy (i.e. the host's webserver) will accept connections on port 80 for the mailserver's HOSTNAME
and forward the connection to the mailserver container.
For this to work, the mailserver container needs to map its HTTP port to something else than port 80.
If you use monitoring, you can start the container's HTTPS server on a differen port (see below).
Without proxy
host webserver mailserver container
.--------------------------. .--------------------------.
--->|:80 www.mydomain.tld | ?????? :-( |
`--------------------------´ `--------------------------´
With proxy
host webserver
.------------------------------.
--->|:80 www.mydomain.tld |
| mail.mydomain.tld :12345--. mailserver container
`----------------------------´ | .--------------------------.
`-->|:12345 8-D |
`--------------------------´
Here's a very simple proxy definition for the above, for Apache Foundation's httpd:
<VirtualHost *:80>
ServerName mail.mydomain.tld.
ProxyPass / http://127.0.0.1:12345/
ProxyPassReverse / http://127.0.0.1:12345/
ProxyPreserveHost on
</VirtualHost>
Put this in a separate .conf
file in /etc/httpd/conf.d/
and run sudo systemd reload httpd
(Fedora, Red Hat, CentOS, etc.) / /etc/apache/sites-enabled/
(Debian, Ubuntu, etc.) and run sudo systemd reload apache
to activate.
The container start script offers custom ports for bot http and https.
In order for the monitoring dashboards to work on a custom HTTPS port, edit settings.env
and change
GF_SERVER_ROOT_URL=https://${HOSTNAME}/monitoring/
to
GF_SERVER_ROOT_URL=https://${HOSTNAME}:[PORT]/monitoring/
e.g. for HTTPS on port 23456, use
GF_SERVER_ROOT_URL=https://${HOSTNAME}:23456/monitoring/
The start_mailserver.sh
accepts custom HTTP and HTTPS ports as positional arguments.
$ ./start_mailserver.sh <http> <hhtps>
e.g. for http proxied to port 12345 and https served on port 23456, run:
$ ./start_mailserver.sh 12345 23456