jeboehm / docker-mailserver

Docker Mailserver based on the famous ISPMail guide
MIT License
371 stars 97 forks source link

Question: Is reverse proxy included in the deployment #274

Closed cmonty14 closed 10 months ago

cmonty14 commented 10 months ago

Hello, I'm still in evaluation phase of this project. Therefore I would like to address this question: Is a reverse proxy included in the deployment of docker-mailserver? If yes, which? If no, why not?

THX

jeboehm commented 10 months ago

Hi @cmonty14, a reverse proxy is not included, since most of the users would serve several services behind it, therefor it would make no sense to include one in the project. I've documented in https://github.com/jeboehm/docker-mailserver/wiki/Howto:-Use-The-Web-Service-Behind-nginx-proxy how to use nginx-proxy. Currently I'm using Traefik by adding the required labels to the mailserver-web container.

cmonty14 commented 10 months ago

Hi, thanks for sharing this information. I totally agree that it makes no sense to use a reverse proxy w/o serving multiple services. However according to your documentation docker-mailserver is serving 3 services: Management Interface | http://127.0.0.1:81/manager/ Webmail | http://127.0.0.1:81/webmail/ Rspamd Webinterface | http://127.0.0.1:81/rspamd/

Therefore I thought it would make sense to include a reverse proxy.

jeboehm commented 10 months ago

But this would result in another container just in front of the one and only web container. What would be the benefit of that?

cmonty14 commented 10 months ago

Right. At the bottom line I would like to access all of the three services using this URL + SSL:

https://webmail.example.com
https://admin.example.com
https://rspamd.example.com

I assumed a reverse proxy would provide this function + managing the SSL certificates.

What is your use-case of using Traefik on docker-mailserver?

jeboehm commented 10 months ago

I use Traefik on my host to provide different services.

labels:
      - "traefik.enable=true"
      - "traefik.http.routers.rspamd.rule=Host(`rspamd.example.com`)"
      - "traefik.http.routers.rspamd.entrypoints=web"
      - "traefik.http.routers.rspamd.middlewares=rspamd-stripprefix"
      - "traefik.http.middlewares.rspamd-stripprefix.stripprefix.prefixes=/rspamd"

      - "traefik.http.routers.manager.rule=Host(`manager.example.com`)"
      - "traefik.http.routers.manager.entrypoints=web"
      - "traefik.http.routers.manager.middlewares=manager-stripprefix"
      - "traefik.http.middlewares.manager-stripprefix.stripprefix.prefixes=/manager"

      - "traefik.http.routers.webmail.rule=Host(`webmail.example.com`)"
      - "traefik.http.routers.webmail.entrypoints=web"
      - "traefik.http.routers.webmail.middlewares=webmail-stripprefix"
      - "traefik.http.middlewares.webmail-stripprefix.stripprefix.prefixes=/webmail"

These labels (on the web container) should configure a Traefik instance to serve each service on its own subdomain. I have not tested this.

cmonty14 commented 10 months ago

I think I'm gonna spin-up another server that serves other (central) services, e.g.

Then I don't need to blow the mail server with services that are useful for other servers, too.