search

linuxserver / reverse-proxy-confs

These confs are pulled into our SWAG image: https://github.com/linuxserver/docker-swag
GNU General Public License v3.0
1.33k stars 300 forks source link

[BUG] Cannot acces to the admin UI via proxy #598

Closed reynum2 closed 1 year ago

reynum2 commented 1 year ago

Is there an existing issue for this?

Current Behavior

Hello

I try to make Mailu 2.0 works. I had a working 1.7 before but docker images are not available now

My nginx proxy is 

################ DOCKER MAILU
        server {
                listen    80;
                server_name  mailu.reynum.eu;

                location ^~ /.well-known/acme-challenge {
                        alias /var/www/dehydrated;
                }
                location / {
                        return 301 https://$server_name$request_uri;
                        #proxy_pass http://144.76.1.142:2080;
                        #proxy_set_header Host $host;
                        #proxy_set_header X-Forwarded-For $remote_addr;
                }

        }

        server {
                listen 443 ssl;
                server_name  mailu.reynum.eu;

                keepalive_timeout   70;

                ssl_certificate     /var/lib/dehydrated/certs/mailu.reynum.eu/fullchain.pem;
                ssl_certificate_key /var/lib/dehydrated/certs/mailu.reynum.eu/privkey.pem;
                ssl_protocols       TLSv1 TLSv1.1 TLSv1.2 TLSv1.3;
                ssl_ciphers         HIGH:!aNULL:!MD5;

                client_max_body_size 500M;

                location / {
                        proxy_set_header Host $host;
                        proxy_set_header X-Real-IP  $remote_addr;
                        proxy_set_header X-Forwarded-For $remote_addr;
                        proxy_set_header X-Forwarded-Proto $scheme;
                        proxy_pass https://144.76.1.142:20443;
                }
        }
################

The mailu.env

SECRET_KEY=************
SUBNET=172.50.0.0/16
DOMAIN=reynum.eu
HOSTNAMES=mail.reynum.eu, l-informaticien-libre.com
POSTMASTER=admin
TLS_FLAVOR=cert
AUTH_RATELIMIT_IP=5/hour
AUTH_RATELIMIT_USER=50/day
DISABLE_STATISTICS=False

###################################
# Optional features
###################################

ADMIN=true
WEBMAIL=roundcube
API=false
WEBDAV=none
ANTIVIRUS=clamav
SCAN_MACROS=true

###################################
# Mail settings
###################################

MESSAGE_SIZE_LIMIT=50000000
MESSAGE_RATELIMIT=200/day
RELAYNETS=
RELAYHOST=
FETCHMAIL_ENABLED=False
FETCHMAIL_DELAY=600
RECIPIENT_DELIMITER=+
DMARC_RUA=admin
DMARC_RUF=admin
WELCOME=false
WELCOME_SUBJECT=Welcome to your new email account
WELCOME_BODY=Welcome to your new email account, if you can read this, then it is configured properly!
COMPRESSION=
COMPRESSION_LEVEL=

###################################
# Web settings
###################################

WEBROOT_REDIRECT=/webmail
WEB_ADMIN=/admin
WEB_WEBMAIL=/webmail
WEB_API=
SITENAME=Mailu
WEBSITE=https://mailu.io

###################################
# Advanced settings
###################################
COMPOSE_PROJECT_NAME=mailu
CREDENTIAL_ROUNDS=12
REAL_IP_HEADER=X-Real-IP
REAL_IP_FROM=144.76.1.142
REJECT_UNLISTED_RECIPIENT=
LOG_LEVEL=WARNING
TZ=Etc/UTC
DEFAULT_SPAM_THRESHOLD=80
API_TOKEN=

And the docker-compose.yml

version: '2.2'

services:

  # External dependencies
  redis:
    image: redis:alpine
    restart: always
    volumes:
      - "./mailu/redis:/data"
    depends_on:
      - resolver
    dns:
      - 172.40.255.254

  # Core services
  front:
    image: ${DOCKER_ORG:-ghcr.io/mailu}/${DOCKER_PREFIX:-}nginx:${MAILU_VERSION:-2.0}
    restart: always
    env_file: mailu.env
    logging:
      driver: journald
      options:
        tag: mailu-front
    ports:
      - "144.76.1.142:2080:80"
      - "144.76.1.142:20443:443"
      - "144.76.1.142:25:25"
      - "144.76.1.142:465:465"
      - "144.76.1.142:587:587"
      - "144.76.1.142:110:110"
      - "144.76.1.142:995:995"
      - "144.76.1.142:143:143"
      - "144.76.1.142:993:993"
    networks:
      - default
      - webmail
    volumes:
      - "./mailu/certs:/certs"
      - "./mailu/overrides/nginx:/overrides:ro"
    depends_on:
      - resolver
    dns:
      - 172.40.255.254

  resolver:
    image: ${DOCKER_ORG:-ghcr.io/mailu}/${DOCKER_PREFIX:-}unbound:${MAILU_VERSION:-2.0}
    env_file: mailu.env
    restart: always
    networks:
      default:
        ipv4_address: 172.40.255.254

  admin:
    image: ${DOCKER_ORG:-ghcr.io/mailu}/${DOCKER_PREFIX:-}admin:${MAILU_VERSION:-2.0}
    restart: always
    env_file: mailu.env
    logging:
      driver: journald
      options:
        tag: mailu-admin
    volumes:
      - "./mailu/data:/data"
      - "./mailu/dkim:/dkim"
    depends_on:
      - redis
      - resolver
    dns:
      - 172.40.255.254

  imap:
    image: ${DOCKER_ORG:-ghcr.io/mailu}/${DOCKER_PREFIX:-}dovecot:${MAILU_VERSION:-2.0}
    restart: always
    env_file: mailu.env
    logging:
      driver: journald
      options:
        tag: mailu-imap
    volumes:
      - "./mailu/mail:/mail"
      - "./mailu/overrides/dovecot:/overrides:ro"
    depends_on:
      - front
      - resolver
    dns:
      - 172.40.255.254

  smtp:
    image: ${DOCKER_ORG:-ghcr.io/mailu}/${DOCKER_PREFIX:-}postfix:${MAILU_VERSION:-2.0}
    restart: always
    env_file: mailu.env
    logging:
      driver: journald
      options:
        tag: mailu-smtp
    volumes:
      - "./mailu/mailqueue:/queue"
      - "./mailu/overrides/postfix:/overrides:ro"
    depends_on:
      - front
      - resolver
    dns:
      - 172.40.255.254

  oletools:
    image: ${DOCKER_ORG:-ghcr.io/mailu}/${DOCKER_PREFIX:-}oletools:${MAILU_VERSION:-2.0}
    hostname: oletools
    restart: always
    networks:
      - noinet
    depends_on:
      - resolver
    dns:
      - 172.40.255.254

  antispam:
    image: ${DOCKER_ORG:-ghcr.io/mailu}/${DOCKER_PREFIX:-}rspamd:${MAILU_VERSION:-2.0}
    hostname: antispam
    restart: always
    env_file: mailu.env
    logging:
      driver: journald
      options:
        tag: mailu-antispam
    networks:
      - default
      - noinet
    volumes:
      - "./mailu/filter:/var/lib/rspamd"
      - "./mailu/overrides/rspamd:/overrides:ro"
    depends_on:
      - front
      - redis
      - oletools
      - antivirus
      - resolver
    dns:
      - 172.40.255.254

  # Optional services
  antivirus:
    image: ${DOCKER_ORG:-ghcr.io/mailu}/${DOCKER_PREFIX:-}clamav:${MAILU_VERSION:-2.0}
    restart: always
    env_file: mailu.env
    volumes:
      - "./mailu/filter:/data"
    depends_on:
      - resolver
    dns:
      - 172.40.255.254

  # Webmail
  webmail:
    image: ${DOCKER_ORG:-ghcr.io/mailu}/${DOCKER_PREFIX:-}webmail:${MAILU_VERSION:-2.0}
    restart: always
    env_file: mailu.env
    volumes:
      - "./mailu/webmail:/data"
      - "./mailu/overrides/roundcube:/overrides:ro"
    networks:
      - webmail
    depends_on:
      - front

networks:
  default:
    driver: bridge
    ipam:
      driver: default
      config:
        - subnet: 172.40.0.0/16
  webmail:
    driver: bridge
  noinet:
    driver: bridge
    internal: true

When I try to connect to mailu.reynum.eu I have 

wget https://mailu.reynum.eu/admin
--2023-08-15 18:28:13--  https://mailu.reynum.eu/admin
Resolving mailu.reynum.eu (mailu.reynum.eu)... 144.76.1.142
Connecting to mailu.reynum.eu (mailu.reynum.eu)|144.76.1.142|:443... connected.
HTTP request sent, awaiting response... 502 Bad Gateway
2023-08-15 18:28:13 ERROR 502: Bad Gateway.

I tried many things but nothing works

Expected Behavior

Access to the admin UI

Steps To Reproduce

Use the files posted files in the description Change the ip values And try to access to the UI

reynum2 commented 1 year ago

Is it possible to have the docker images used for Mailu V1.7 ? I worked fine with this version. But the docker-compose does not work anymore :,-(

j0nnymoe commented 1 year ago

We don't build a mailu container nor do we have any interest to. You need to ask them how to use the older version.

reynum2 commented 1 year ago

Thanks for your reply, I don't talked about Mailu container but images of the version 1.7 (nginx, admin, dovecot, ...)

Anyway I found the information about the server change (https://github.com/Mailu/Mailu/pull/2705) and modify my old docker-compose.yml to work with ghcr.io and Mailu version 1.9. And it works fine

But the problem still exists with Mailu version 2.0

I think if somebody use a proxy like me it is good to let the UI use the port 80 because the TLS transfer is already done between the browser and the proxy. So it is not necessary to make this transfer again with the docker container (for the UI I mean).

drizuid commented 1 year ago

we have no plans to work on this

reynum2 commented 10 months ago

What I wanted to say is my proxy doesn't work with 2.X ! It work fine in 1.X I think it is a bug, not a feature to implement.