adding an subdomain for Sogo (nginx reverse proxy)

[xiaoveiti]

Everthing works like a charm. I set up a new vps, installed nginx, than docker and than mailcow. I use the ssl certificates from mailcow for the reverse proxy - everything fine!

but it is possible to use another domain for sogo? I tried a new nginx config file for sogo.domain.tld and tried to point to sogo:

location / {
    proxy_pass http://127.0.0.1:8080/SoGo/;
    proxy_set_header Host $http_host;
    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header X-Forwarded-Proto $scheme;
    client_max_body_size 100m;

..

But it doesnt work, I just got a 404 Error

Would be happy for any help :)

[sinuscosinustan]

location / {
    proxy_pass http://127.0.0.1:8080/SOGo/;
    proxy_set_header Host $http_host;
    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header X-Forwarded-Proto $scheme;
    client_max_body_size 100m;
}

Could you please try that?

Best Regards Tom Siewert

[xiaoveiti]

thanks, but it's actually what I've tried before, ...

[sinuscosinustan]

Please look at the URL. You wrote SoGo, but it is SOGo.

[xiaoveiti]

Sorry, didn't notice, but doesn't change anything 🤔

[sinuscosinustan]

Could you please run curl -I http://127.0.0.1:8080/SOGo and send us the result?

[xiaoveiti]

Hey guys, here is the output:

root@r3v:~# curl -I http://127.0.0.1:8080/SOGo HTTP/1.1 302 Found Server: nginx Date: Mon, 21 May 2018 19:29:02 GMT Content-Type: text/plain Content-Length: 0 Connection: keep-alive Location: /SOGo/index Strict-Transport-Security: max-age=15768000; includeSubDomains X-Content-Type-Options: nosniff X-XSS-Protection: 1; mode=block X-Robots-Tag: none X-Download-Options: noopen X-Permitted-Cross-Domain-Policies: none

And I will add one screen as well. the site load, but it seems like css, pictures and anything else doesnt load.

[sinuscosinustan]

Is the screenshot from your subdomain, or from your main domain (mx01.domain.tld/SOGo)?

[xiaoveiti]

From sogo.domain.tld. From mail.domain.tld/SOGo, everything works like a charm 😊

[axd]

@gxf0 We've been discussing this since a long time ago with no good results. For now this thread https://github.com/mailcow/mailcow-dockerized/issues/393 is the most well documented -nearest- workaround for what you want, also there's a config file that I've post to start to play with, sadly this is "test and fail" method.

Sorry to tell you that this has not been achieved yet.

[xiaoveiti]

thanks a lot, I give up- haha. Is not that important. I will just use a 301 redirect

server {
    listen 80;
    listen 443 ssl http2;
    index index.php index.html index.htm;
    server_name sogo.domain.tld; 

    location / {
    return 301 https://mail.domain.tld/SOGo$request_uri;
    }
}

but I really would like to at least use the reverse proxy for the nextcloud setup. Is this possible? I tried all kind of way, but it faild multimple times :/

[asifbacchus]

This works for me. I had to use a rewrite not a redirect, but works smoothly. The rewrite rule simple changes "/" to "/SOGo".

 location / {
      rewrite ^/$ /SOGo;
      proxy_pass http://127.0.0.1:8080;
      proxy_set_header Host $http_host;
      proxy_set_header X-Real-IP $remote_addr;
      proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
      proxy_set_header X-Forwarded-Proto $scheme;
      client_max_body_size 100m;
 }

If you want to see my full setup with a reverse proxy, check out my gists. Hope this helps you, I just figured this out myself and so far haven't run into any problems but I welcome opinions since I'm still learning.

[xiaoveiti]

thanks a lot man, this not really solve the subdomain problem totaly, but its a nice work around to use a differen subdomain :)

I will check out your gists

[asifbacchus]

What issue is it not solving for you? Maybe I can help you out?

[EnriqCG]

So @asifbacchus solution is working fine for me. Is there any alternative for removing /SOGo in the subdomain? It would be nice to have only webmail.example.com.

[asifbacchus]

With the rewrite, you shouldn't ever have to type /SOGo again... but if you mean actually getting rid of the subdirectory, I don't think that's (easily) possible. I know SOGo itself, as a raw install, requires that subdirectory in the domain. So you'd have to set up a bunch of redirects -- a reverse proxy, in this case, is just easier. I don't know if that helped answer your question?

[EnriqCG]

Yeah I was talking about getting rid of /SOGo subdirectory. Doesn't seem reasonable to get rid of it if it requires a lot of stuff to be done on the reverse proxy. Thanks for your help.

[asifbacchus]

I don't think it's possible, because of how SOGo is designed. Glad I could help you out though.

[xiaoveiti]

Ah okay, thanks for the infos. If SoGo relies on the subdirectory I guess it's okay. Don't want to reconfigure any small thing through reverse proxy - too much work and to big chance to screw it up.

I guess I will go with @asifbacchus rewrite methode - good enough for me.

Thank you guys for all your input! I will close the topic :)

[TheCataliasTNT2k]

Ok, I found a solution without a rewrite and without any subdirectories or something. This is my nginx block:

location / {
                #rewrite ^/$ /SOGo;
                proxy_http_version 1.1;
                proxy_set_header Host $http_host;
                proxy_set_header Referer $http_referer;
                proxy_set_header X-Real-IP $remote_addr;
                proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
                proxy_set_header X-Forwarded-Proto https;
                proxy_set_header X-Forwarded-Ssl on;
                #proxy_set_header X-Nginx-Proxy true;
                proxy_set_header X-Client-Verify $ssl_client_verify;
                proxy_set_header X-Client-DN $ssl_client_s_dn;
                proxy_set_header X-SSL-Issuer $ssl_client_i_dn;
                proxy_set_header Upgrade $http_upgrade;
                proxy_set_header Connection "upgrade";
                proxy_pass http://172.22.1.11:1380/SOGo/SOGo/;
        }

I came to this solution, because I am using pihole which has a similar issue, because it only works if you append /admin to the proxy_pass like this: proxy_pass http://172.20.0.2/admin/; EDIT: This is only working if you set the hostname in mailcow.conf to "domain.com", not to "mail.domain.com". Otherwwise you do not get the wanted page...

[xiaoveiti]

Thanks for sharing! But seems like also not working for me. I guess I will have to check it, when I have a little bit more time 😊

[theoneandonly-vector]

This works for me. I had to use a rewrite not a redirect, but works smoothly. The rewrite rule simple changes "/" to "/SOGo".

 location / {
      rewrite ^/$ /SOGo;
      proxy_pass http://127.0.0.1:8080;
      proxy_set_header Host $http_host;
      proxy_set_header X-Real-IP $remote_addr;
      proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
      proxy_set_header X-Forwarded-Proto $scheme;
      client_max_body_size 100m;
 }

If you want to see my full setup with a reverse proxy, check out my gists. Hope this helps you, I just figured this out myself and so far haven't run into any problems but I welcome opinions since I'm still learning.

Is this possible without installing a seperate nginx? if yes.. which files do I need to create for this in "/mailcow-dockerized/data/conf/nginx" ?

[asifbacchus]

@theoneandonly-vector I've never really tried it without a reverse-proxy... can't guarantee that updates wouldn't overwrite the configuration changes but it seems like you'd have to edit .../data/conf/nginx/includes/site-defaults.conf.

I would probably try adding the rewrites before the root location block (line 51ish) and then letting the already defined location blocks handle it from there. To be honest though, just spinning up an nginx container to act as a reverse proxy might be easier.

Good luck!

[theoneandonly-vector]

@theoneandonly-vector I've never really tried it without a reverse-proxy... can't guarantee that updates wouldn't overwrite the configuration changes but it seems like you'd have to edit .../data/conf/nginx/includes/site-defaults.conf.

I would probably try adding the rewrites before the root location block (line 51ish) and then letting the already defined location blocks handle it from there. To be honest though, just spinning up an nginx container to act as a reverse proxy might be easier.

Good luck!

hey there

thx for the reply :) I just went with the solution to hide admin from everyone but admins-IP from the linked issue.

[andreashurst]

My EasySolution...

EDIT: nano mailcow-dockerized/data/web/index.php

INSERT IN LINE 22: if(!isset($_GET['setup'])) { header('Location: /SOGo');
exit; }

Now you can reach Webmail at... mail.domain.tld

...and Setup Webmail at: mail.domain.tld?setup

[ThatAnonyG]

This works for me. I had to use a rewrite not a redirect, but works smoothly. The rewrite rule simple changes "/" to "/SOGo".

 location / {
      rewrite ^/$ /SOGo;
      proxy_pass http://127.0.0.1:8080;
      proxy_set_header Host $http_host;
      proxy_set_header X-Real-IP $remote_addr;
      proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
      proxy_set_header X-Forwarded-Proto $scheme;
      client_max_body_size 100m;
 }

If you want to see my full setup with a reverse proxy, check out my gists. Hope this helps you, I just figured this out myself and so far haven't run into any problems but I welcome opinions since I'm still learning.

Hey there! I tried this with my Mailcow setup and I am getting 502 error on login. I am running Mailcow in docker and another Nginx on my base system. I am proxying from base system nginx to my HTTP binding port which is exposed from the docker container. It would be really nice if you can help.

[asifbacchus]

@ThatAnonyG A 502 means the gateway is unavailable. I'm confused how you would get that after login since it should happen right away if there are problems. I would need to see your docker-compose.yml and your nginx vserver file (or nginx.conf if you're using a single-file setup) from the host machine.

Usually this kinda thing is caused by redirecting to the wrong port by accident, redirecting from HTTP -> HTTPS or vice-versa, or when the docker mapping is incorrect. But, it would just be easier seeing the config files. If you don't want to post here, you can feel free to message me privately or shoot me an email at the address on my profile. I'll be happy to try helping!

[darioackermann]

To configure a working webmail on the root of a subdomain, you can do this:

<VirtualHost *:443>
  ServerName webmail.YOUR_MAIL_FQDN
  ServerAlias webmail.*

  # SOGo resources
  ProxyPass /SOGo.woa http://127.0.0.1:8080/SOGo.woa
  ProxyPassReverse /SOGo.woa http://127.0.0.1:8080/SOGo.woa

  # ACME Verification
  ProxyPass /.well-known http://127.0.0.1:8080/.well-known
  ProxyPassReverse /.well-known http://127.0.0.1:8080/.well-known

  # Rest
  ProxyPass / http://127.0.0.1:8080/SOGo/
  ProxyPassReverse / http://127.0.0.1:8080/SOGo/

  ProxyPreserveHost On
  ProxyAddHeaders On
  RequestHeader set X-Forwarded-Proto "https"

  SSLCertificateFile /opt/mailcow-dockerized/data/assets/ssl/cert.pem
  SSLCertificateKeyFile /opt/mailcow-dockerized/data/assets/ssl/key.pem
</VirtualHost>

This will

1. Render SOGo at the root of your webmail doamin
2. Allow resources to make their way to SOGo
3. work with ACME

Happy mailing!