1 (edited by donnyy2200 2021-09-03 13:39:26)

Topic: [SOLVED]Running mail behind nginx reverse proxy on a separate server

==== REQUIRED BASIC INFO OF YOUR IREDMAIL SERVER ====
- iRedMail version (check /etc/iredmail-release): 1.4
- Deployed with iRedMail Easy or the downloadable installer?installer
- Linux/BSD distribution name and version: Ubuntu focal
- Store mail accounts in which backend (LDAP/MySQL/PGSQL): mariadb
- Web server (Apache or Nginx):nginx
- Manage mail accounts with iRedAdmin-Pro?no
- [IMPORTANT] Related original log or error message is required if you're experiencing an issue.Unable to access mail outside LAN, but fine locally
====

Hello, I have newly installed iredmail on a fresh Ubuntu server within my LAN. I was wondering if there are any guides to installing behind a nginx reverse proxy that's on separate machine within my LAN? All of my current servers are behind my single proxy server. I usually setup a new nginx conf on the proxy server for each machine but am having problems with accessing iredmail.

Some details:

My proxy server handles all of my SSL. iredmail is installed on a clean server via the installation script. I use google domains and have my DNS setup as follows within the google DNS panel:

host name: mydomain.com | type: MX | data: 10 mail.mydomain.com
host name: mail.mydomain.com | type: CNAME | data: mydomain.com

I was wondering what my nginx confs should look like, on the iredmail local install as well as the proxy server nginx conf. Are there any example confs I can look at? The various ports to include as well? Thanks.

----

Spider Email Archiver: On-Premises, lightweight email archiving software developed by iRedMail team. Supports Amazon S3 compatible storage and custom branding.

2

Re: [SOLVED]Running mail behind nginx reverse proxy on a separate server

Just in case someone else finds themself in the same situation, here is the solution. First I forwarded all the ports at the router to the mail server from this page: https://docs.iredmail.org/network.ports.html

Except for 80 and 443, as 443 is forwarded to my proxy server. Also didn't forward any ports with NO at the end.

The nginx reverse proxy conf for the mail server within sites-enabled is this:

server {
    listen 443 ssl http2;
    server_name mail.myserver.com
    location / {
        proxy_pass [url]https://192.168.57.171:443[/url];
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header Host      $host;
    }

replace proxy pass ip with your local mail server ip port 443, then run certbot to get your cert.