Closed SmollClover closed 3 months ago
Hi,
I'm closing this as it is a configuration issue. The error you're seeing is because Traefik is not sending the proxy protocol headers as the error message explains. You need to make sure that Traefik is sending the proxy headers to Stalwart.
Well, I tried everything, including the exact configuration used on a completely fresh server detailed in the Docs, with no luck. I even tried setting every IP in Traefik as a trusted one for the Proxy Protocol, but still the same result.
I'll stick with my less-than-ideal solution then since I, for the life of me, can't figure out where the problem lies.
You can check this discussion for help. I've never used Traefik but other people have it working according to the comments.
You can check this discussion for help. I've never used Traefik but other people have it working according to the comments.
Yes, thank you so much! That discussion and the gist inside it was a real help.
After setting the proxy network override in just the SMTP and IMAP listeners and configuring traefik to trust the mailserver IP it now works with the proxy protocol set properly.
Oh, and since I had a few problems, I set the exact IP of my traefik container and not the subnet mask since that didn't seem to work.
Yes, thank you so much! That discussion and the gist inside it was a real help.
Could you share the configuration that worked for you so I add it to the documentation? Thanks!
Sure, here are the two different compose files, one for Traefik and one for Stalwart, with their relevant configs too.
In the Stalwart config I only included important stuff such as the listeners actually used.
The most important part here is to only set the proxy protocol override on the IMAPTLS and SUBMISSIONS listeners since when set on the HTTP or HTTPS listener it will result in the error I used to have.
Also of note is that I had to include the Subnetmask and the IP of the traefik container in the override, just using one of them didn't seem to work for me. And of course in the traefik config the IP of the Stalwart container should be trusted for it to work.
That is my setup, sorry if it's a bit much and a bit messy, though I am happy to explain parts of it when needed!
Oh, and traefik-certs-dumper
is just there to dump the certificates created by traefik which it stores in the acme.json to actual certificate files so that Stalwart can use them.
Thanks for the config @SmollClover !
It is important that you also enable the proxy protcol on the SMTP port, otherwise the wrong IP address is going to be used for SPF validation which will cause messages to be sent to the spam folder.
It is important that you also enable the proxy protcol on the SMTP port, otherwise the wrong IP address is going to be used for SPF validation which will cause messages to be sent to the spam folder.
Oh, you're right. I don't know how I forgot that. Thanks!
What happened?
So I've been using Stalwart for a bit now behind the Traefik reverse proxy without any issue, though one problem has been bugging me ever since setting Stalwart up.
In the documentation it says that I should set the reverse proxy network as a trusted network, which I have tried multiple times from setting the IP of the traefik container itself to using the subnetmask of the network traefik and stalwart communicate on, in my case
172.18.0.0/16
.But whenever I do set that and restart the container to make sure the new config is loaded, I receive a bad gateway error on every port of the Stalwart container through traefik.
Here's the portainer stack config I use for the Stalwart server.
I'm also doing TLS passthrough because Stalwart didn't like it when Traefik was handling the TLS connection. Therefore I linked the certs created by traefik into the Stalwart container so it can use them for the connection and handle all of the TLS stuff.
Also, I disabled https on port 443 of Stalwart since that is handled through Traefik itself.
How can we reproduce the problem?
Version
v0.8.x
What database are you using?
RocksDB
What blob storage are you using?
RocksDB
Where is your directory located?
Internal
What operating system are you using?
Docker
Relevant log output
Code of Conduct