502 BAD GATEWAY -Nginx

[dontknowanything23]

Hello,

i have the problem if i try to connect to mail.domain.tld my browser shows "Bad Gateway". I use the reverse proxy.

here is my config:

server {
    listen 443 ssl http2;
    server_name mail.mydomain autodiscovermydomain autoconfig.mydomain;

  ssl_certificate /etc/letsencrypt/live/mail.mydomain/fullchain.pem;
  ssl_certificate_key /etc/letsencrypt/live/mail.mydomain/privkey.pem;
  ssl_protocols TLSv1.2;
  ssl_ciphers 'ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHA$
  ssl_prefer_server_ciphers on;
  ssl_session_cache shared:SSL:10m;
  ssl_session_timeout 1d;
  ssl_session_tickets off;

location / {
        proxy_pass https://127.0.0.1:8080/;
        proxy_set_header Host $http_host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
        client_max_body_size 100m;
    }
}

nginx -t says everything is ok.

Thanks for your help.

[andryyy]

    proxy_pass https://127.0.0.1:8080/;

should probably be

    proxy_pass http://127.0.0.1:8080/;

[dontknowanything23]

Hello,

thanks, but this took no effect. 😞

[andryyy]

You know you need to reload nginx after changing this? You should also just curl the 127.0.0.1:8080 address.

[dontknowanything23]

Yes i did "service nginx restart" and a rebbot!

[dontknowanything23]

curl: (7) Failed to connect to 127.0.0.1 port 8080: Verbindungsaufbau abgelehnt

[dontknowanything23]

If i do netstat -an |grep LISTEN :8080 is not listed!

[ticevi]

I have a similar problem besides i am running my reverse proxy in a seperate docker container und can reach the local mailcow instance over 127.0.0.1:8080.

[andryyy]

You need to link both networks. And set the reverse proxy to point to nginx-mailcow:80. But that's not mailcow configuration.

[dontknowanything23]

Any help for me? Do you ned logs or configs to help me?

[andryyy]

@dontknowanything23 I cannot help with these basic things. :-( Read the docs, it is all there. You need to bind HTTP to 127.0.0.1 and port 8080, then start the stack. It is obviously not listening on 127.0.0.1:8080.

[ticevi]

@andryyy perfect. Your advise worked right away. I am new to the whole Docker env so tips like these help a lot

@dontknowanything23 Sorry i have captured your issue. I hope you will find a solution soon

[andryyy]

Once you understand the basics it is very easy and nice! :-) I understand most people don’t like it at first, but it is totally worth it.

[dontknowanything23]

Every host is working but Mailcow isn't.

I tried to change the listen port in

/etc/nginx/sites-enabled/mail.conf

I tried to change the port HTTP/HTTPS port in /opt/mailcow-dockerized/mailcow.conf

Sometimes my broser says the mail.mydomain page is using the certificate from php.mydomain but i have the correct letsencrypt path in the /etc/nginx/.../mail.conf

This site uses HTTP Strict Transport Security (HSTS) to communicate that Firefox should only communicate with it through secure connections. Therefore, it is not possible to create an exception for this certificate.

Here is my actual nginx config: https://pastebin.com/4L66s6n6

Here is my actual mailcow.conf https://pastebin.com/uni4H3En

Here is the mailcow nginx log: https://pastebin.com/TM7BCw1k

If you need more info I´ll send it to you 😄

[andryyy]

It is not working because 127.0.0.1 is not listening on port 8080.

You would need to edit mailcow.conf and check the bindings...

As long as it is not listening, how should the reverse proxy forward the requests?

[andryyy]

It is not a mailcow bug, if that’s what you mean. ;-)

[dontknowanything23]

No i know... but if i change the listening port to 8090 for example it isnt working too . -> In mailcow.conf and sites-enabled/mail.conf .

[andryyy]

Run docker-compose down and docker-compose up -d

[dontknowanything23]

Hey,

thanks, but now the Bad Gateway error is back.

and if i do docker-compose down this error is shown:

WARNING: The WATCHDOG_NOTIFY_EMAIL variable is not set. Defaulting to a blank string.
Removing network mailcowdockerized_mailcow-network
ERROR: network mailcowdockerized_mailcow-network id d2bd23bdab9ad98d7727fb99e8545e4f894f9214ce802fb8fcc9592826a627b8 has active endpoints

[dontknowanything23]

Do you guys think a reinstall of the mailserver will help? Is this possible?

[HesselTjeerdsma]

You should make sure that either mailcow-nginx and your reverse proxy nginx are linked via docker, or that they are in the same network. Take a look at https://docs.docker.com/config/containers/container-networking/. And have a look at portainer, this is a management UI for docker which help simply things a lot.

[dontknowanything23]

Ok, thank you. I'll give it a try.

[dontknowanything23]

No sorry ... i dont understand how to publish ports for docker.

[dontknowanything23]

I cant find a solution.

[dontknowanything23]

Hello, now i added in docker-compose.yml:

• 9099:80/tcp

 nginx-mailcow:
      depends_on:
        - sogo-mailcow
        - php-fpm-mailcow
        - redis-mailcow
      image: nginx:mainline-alpine
      command: /bin/sh -c "envsubst < /etc/nginx/conf.d/templates/listen_plain.template > /etc/nginx/conf.d/listen_p$
        envsubst < /etc/nginx/conf.d/templates/listen_ssl.template > /etc/nginx/conf.d/listen_ssl.active &&
        envsubst < /etc/nginx/conf.d/templates/server_name.template > /etc/nginx/conf.d/server_name.active &&
        envsubst < /etc/nginx/conf.d/templates/sogo.template > /etc/nginx/conf.d/sogo.active &&
        envsubst < /etc/nginx/conf.d/templates/sogo_eas.template > /etc/nginx/conf.d/sogo_eas.active &&
        nginx -qt &&
        until ping phpfpm -c1 > /dev/null; do sleep 1; done &&
        until ping sogo -c1 > /dev/null; do sleep 1; done &&
        until ping redis -c1 > /dev/null; do sleep 1; done &&
        until ping rspamd -c1 > /dev/null; do sleep 1; done &&
        exec nginx -g 'daemon off;'"
      environment:
        - HTTPS_PORT=${HTTPS_PORT:-443}
        - HTTP_PORT=${HTTP_PORT:-80}
        - MAILCOW_HOSTNAME=${MAILCOW_HOSTNAME}
        - IPV4_NETWORK=${IPV4_NETWORK:-172.22.1}
        - TZ=${TZ}
      volumes:
        - ./data/web:/web:ro
        - ./data/conf/rspamd/dynmaps:/dynmaps:ro
        - ./data/assets/ssl/:/etc/ssl/mail/:ro
        - ./data/conf/nginx/:/etc/nginx/conf.d/:rw
        - ./data/conf/rspamd/meta_exporter:/meta_exporter:ro
      ports:      
        - 9099:80/tcp 
        - "${HTTPS_BIND:-0.0.0.0}:${HTTPS_PORT:-443}:${HTTPS_PORT:-443}"
        - "${HTTP_BIND:-0.0.0.0}:${HTTP_PORT:-80}:${HTTP_PORT:-80}"
      restart: always
      dns:
        - ${IPV4_NETWORK:-172.22.1}.254
      networks:
        mailcow-network:
          aliases:
            - nginx

NOW this error occures:

ERROR: for mailcowdockerized_nginx-mailcow_1  Cannot start service nginx-mailcow: driver failed programming external connectivity on endpoint mailcowdockerized_nginx-mailcow_1 (83f5082a1a2d26454eefca385fb857ca17de7eb1d35f98bee83677e152293b4e): Error starting userland proxy: listen tcp 127.0.0.1:9099: bind: address already in use

ERROR: for nginx-mailcow  Cannot start service nginx-mailcow: driver failed programming external connectivity on endpoint mailcowdockerized_nginx-mailcow_1 (83f5082a1a2d26454eefca385fb857ca17de7eb1d35f98bee83677e152293b4e): Error starting userland proxy: listen tcp 127.0.0.1:9099: bind: address already in use

Bad Gateway is still there. And yes, i know that the error message means that this port is already used. But i tried it with a differen port and nothing changed.

[HesselTjeerdsma]

Try running the reverse proxy direct on your host and not in a docker container. This way is much easier.

[dontknowanything23]

https://felixmoessbauer.com/blog-reader/mailcow-reverse-proxy-letsencrypt.html

This helped!

[dontknowanything23]

https://felixmoessbauer.com/blog-reader/mailcow-reverse-proxy-letsencrypt.html