search

jeboehm / docker-mailserver

Docker Mailserver based on the famous ISPMail guide
MIT License
353 stars 92 forks source link

Question: Is reverse proxy included in the deployment #274

Closed cmonty14 closed 5 months ago

cmonty14 commented 5 months ago

Hello, I'm still in evaluation phase of this project. Therefore I would like to address this question: Is a reverse proxy included in the deployment of docker-mailserver? If yes, which? If no, why not?

THX

jeboehm commented 5 months ago

Hi @cmonty14, a reverse proxy is not included, since most of the users would serve several services behind it, therefor it would make no sense to include one in the project. I've documented in https://github.com/jeboehm/docker-mailserver/wiki/Howto:-Use-The-Web-Service-Behind-nginx-proxy how to use nginx-proxy. Currently I'm using Traefik by adding the required labels to the mailserver-web container.

cmonty14 commented 5 months ago

Hi, thanks for sharing this information. I totally agree that it makes no sense to use a reverse proxy w/o serving multiple services. However according to your documentation docker-mailserver is serving 3 services: Management Interface | http://127.0.0.1:81/manager/ Webmail | http://127.0.0.1:81/webmail/ Rspamd Webinterface | http://127.0.0.1:81/rspamd/

Therefore I thought it would make sense to include a reverse proxy.

jeboehm commented 5 months ago

But this would result in another container just in front of the one and only web container. What would be the benefit of that?

cmonty14 commented 5 months ago

Right. At the bottom line I would like to access all of the three services using this URL + SSL:

https://webmail.example.com
https://admin.example.com
https://rspamd.example.com

I assumed a reverse proxy would provide this function + managing the SSL certificates.

What is your use-case of using Traefik on docker-mailserver?

jeboehm commented 5 months ago

I use Traefik on my host to provide different services.

labels:
      - "traefik.enable=true"
      - "traefik.http.routers.rspamd.rule=Host(`rspamd.example.com`)"
      - "traefik.http.routers.rspamd.entrypoints=web"
      - "traefik.http.routers.rspamd.middlewares=rspamd-stripprefix"
      - "traefik.http.middlewares.rspamd-stripprefix.stripprefix.prefixes=/rspamd"

      - "traefik.http.routers.manager.rule=Host(`manager.example.com`)"
      - "traefik.http.routers.manager.entrypoints=web"
      - "traefik.http.routers.manager.middlewares=manager-stripprefix"
      - "traefik.http.middlewares.manager-stripprefix.stripprefix.prefixes=/manager"

      - "traefik.http.routers.webmail.rule=Host(`webmail.example.com`)"
      - "traefik.http.routers.webmail.entrypoints=web"
      - "traefik.http.routers.webmail.middlewares=webmail-stripprefix"
      - "traefik.http.middlewares.webmail-stripprefix.stripprefix.prefixes=/webmail"

These labels (on the web container) should configure a Traefik instance to serve each service on its own subdomain. I have not tested this.

cmonty14 commented 5 months ago

I think I'm gonna spin-up another server that serves other (central) services, e.g.

Then I don't need to blow the mail server with services that are useful for other servers, too.