An example using Stalwart using Docker + Traefik, Caddy, etc #206

shoutmarble · 2024-01-10T21:11:07Z

shoutmarble
Jan 10, 2024

Are there any examples available of Stalwart being used with a reverse proxy?

{edit}
Working Stalwart examples
Haproxy Stalwart

mdecimus · 2024-01-14T17:18:47Z

mdecimus
Jan 14, 2024
Maintainer

There are no examples because there is not much to configure. You just need to define the IP address(es) where your proxied connections are coming from as explained here.

0 replies

mannp · 2024-01-20T09:18:43Z

mannp
Jan 20, 2024

Hi @shoutmarble some nice docs of your efforts here.

Unclear, did you get it working with traefik in the end?

I tried before proxy protocol was added, so need to go back and retry with it now being supported.

2 replies

shoutmarble Feb 12, 2024
Author

@mannp, I got it working with both Traefik and Haproxy...

Working Stalwart examples
Stalwart with Haproxy

Stalwart with Traefik

mannp Feb 13, 2024

@mannp, I got it working with both Traefik and Haproxy...

Working Stalwart examples
Stalwart with Haproxy

Stalwart with Traefik

Cool, congrats 👌🏻🙂

mannp · 2024-01-20T14:46:04Z

mannp
Jan 20, 2024

Why would you need 'Traefik to send it's own "Treafik self-signed certificate" to the Stalwart Docker container.'?

Have you tried just getting the easier jmap working, as that is a standard https connection in traefik.

I had it working, except the incorrect remote IP was given as stalwart did not have proxy protocol at that point, but it should work now in theory.

0 replies

mannp · 2024-01-20T14:51:06Z

mannp
Jan 20, 2024

There are no examples because there is not much to configure. You just need to define the IP address(es) where your proxied connections are coming from as explained here.

Don't all the listeners need adjusting from external binds to internal only binds too?

0 replies

mannp · 2024-01-21T10:32:27Z

mannp
Jan 21, 2024

I would appreciate you sharing your Traefik+Stalwart configuration.

I use NixOS and only have a working config for 0.4.2 of SW, which did not support proxy protocol at that point, so I don't think it will be much help.

I have some config waiting for PP support, but I have not tried it with anything beyond 0.4.2

Posting all of these notes makes it impossible to read anything, so will let you use it as a paste pad.

Anything specific let me know, I might have tried it.

If these are your 'real' configs and not test ones, I'd remove them all from here :-/

0 replies

shoutmarble · 2024-02-11T20:43:35Z

shoutmarble
Feb 11, 2024
Author

Haproxy with Stalwart

haproxy.yaml

version: "3.8"

include:
    - /root/stalwart/stalwart.yml

networks:
    hap-network:
        name: "hap-network"
        driver: bridge
        ipam:
            driver: default
            config:
            - subnet: "192.168.168.0/24"
              gateway: "192.168.168.1"

services:

    haproxy:
        image: "haproxy:alpine"
        container_name: "haproxy"       # <--- name container_name may not be necessary
        hostname: "haproxy"             # <--- naming hostname may not be necessary 
        restart: "always"
        volumes:
            - "./haproxy.cfg:/usr/local/etc/haproxy/haproxy.cfg:ro"
            - "./certificates/:/etc/ssl/certs/"    # <== ACME TLS certificates are stored here
        networks:
            hap-network:
                ipv4_address: 192.168.168.200     # <-- The static IP to put in the Stalwart server.toml
        ports:
            - "80:80"
            - "443:443"
            - "9000:9000"
            # STALWART
            - "25:25"
            - "143:143"
            # - "443:443"
            - "465:465"
            - "587:587"
            - "993:993"
            - "4190:4190"
        depends_on:
            - "stalwart"

haproxy.cfg

global
        stats socket /var/lib/haproxy/stats.sock mode 0660 level admin group haproxy

        log stdout format raw local0 debug
        # log 127.0.0.1 local0 debug
        # log 127.0.0.1:514 local0 debug

defaults
        mode http

        log global
        # option httplog
        # option tcplog
        option dontlognull


       timeout connect 5s  # one of these timeouts fixes a IMAP error socket
        timeout client 50s
        timeout server 50s
        timeout http-request 10s
        timeout http-keep-alive 2s
        timeout queue 5s
        timeout tunnel 2m
        timeout client-fin 1s
        timeout server-fin 1s

        timeout http-request 10s

        log global

frontend stats
        mode    http
        bind    *:9000  ssl crt /etc/ssl/certs/example.com.pem
        stats                   enable
        stats                   uri     /
        stats                   auth USERNAME:PASSWORD
        stats                   hide-version
        http-request    redirect scheme https unless { ssl_fc }

frontend FRONT_STALWART
        mode tcp
        bind 0.0.0.0:443        # JMAP
        bind 0.0.0.0:4190                       # SIEVE
        bind 0.0.0.0:25                                         # SMTP
        bind 0.0.0.0:465                                        # SMTP
        bind 0.0.0.0:587                                        # SMTP
        bind 0.0.0.0:143                                                        # IMAP
        bind 0.0.0.0:993                                                        # IMAP

        log stdout format raw local0 debug

        default_backend BACK_STALWART

backend BACK_STALWART
        mode    tcp

        log             stdout format raw local0 debug

        server  STALWART        stalwart send-proxy-v2 check port 443

stalwart.yml

version: "3.8"

services:

    stalwart:
        image: stalwartlabs/mail-server:latest
        container_name: "stalwart"      <--- naming the container for HAProxy
        # ports:
            # - "25:25"
            # - "143:143"
            # - "443:443"
            # - "465:465"
            # - "587:587"
            # - "993:993"
            # - "4190:4190"
        volumes:
            - "/root/stalwart/opt/stalwart-mail:/opt/stalwart-mail"
        networks:
            hap-network:
                ipv4_address: 192.168.168.100        # <-- this may not be necessary may just include hap-network

.
├── acme
├── certs
│   └── mail.example.com
│      └── fullchain.pem  <-- replace these two ACME PEM TLS Certs with your ACME certs
│      └── privkey.pem
├── common
│   ├── server.toml         <== uncomment and use the static ip of your haproxy server
│   └── ......                 [server.proxy]
│                              trusted-networks = {"192.168.168.200"}
│   
├── config.toml
├── directory
│   └── ......
├── dkim
│   └── ......
├── imap
│   └── ......
├── jmap
│   └── ......
├── smtp
│   └── ......
├── spamfilter
│   ├── maps
│   │   └── ......
│   └── scripts
│       └── ......
└── store
    └── ......

Then verify that you can connect to all the Stalwart ports

### SMTP 25
openssl s_client -quiet -crlf -starttls smtp -connect mail.example.com:25

### SMTP 587
openssl s_client -starttls smtp -quiet -crlf -connect mail.example.com:587

### SMTP 465
openssl s_client -quiet -crlf -connect mail.example.com:465

### IMAP 143
openssl s_client -crlf -connect mail.example.com:143 -starttls imap -servername mail.example.com

### IMAP 993
openssl s_client -quiet -crlf -connect mail.example.com:993

### SIEVE 4190
openssl s_client -showcerts -servername mail.example.com -connect mail.example.com:4190

### JMAP 443
curl -u admin:PASSWORD https://mail.example.com/.well-known/jmap

0 replies

shoutmarble · 2024-02-12T08:22:30Z

shoutmarble
Feb 12, 2024
Author

Here Traefik standalone running Stalwart Server.

traefik.yml

version: "3.8"

include:
    - /root/stalwart/stalwart_TRAEFIK.yml
    
networks:
    hap-network:
        name: "hap-network"
        driver: bridge
        ipam:
            driver: default
            config:
            - subnet: "192.168.168.0/24"
              gateway: "192.168.168.1"

services:

    traefik:
        image: "traefik:latest"
        container_name: "traefik"
        networks:
            hap-network:
                ipv4_address: 192.168.168.200   # <-- important to set a static IP for Stalwart and Proxy-Protocol
        ports:
            - "80:80"
            - "8080:8080"

            - "443:443"
            - "25:25"
            - "465:465"
            - "587:587"
            - "143:143"
            - "993:993"
            - "4190:4190"
        volumes:
            - "/var/run/docker.sock:/var/run/docker.sock:ro"
            - "./certificates/:/etc/certs/:ro" # tls certificates
        command:
            - "--log.level=INFO" # DEBUG, INFO, WARN, ERROR, FATAL, and PANIC

            - "--providers.file.filename=/etc/certs/traefik-dynamic.yml"
            - "--providers.file.watch=true"

            - "--api=true"
            - "--api.insecure=true"
            - "--api.dashboard=true"
            - "--api.debug=true"

            - "--providers.docker=true"
            - "--providers.docker.exposedbydefault=false"

            - "--global.sendAnonymousUsage"

            - "--providers.docker.network=hap-network"

            - "--entrypoints.web.address=:80"
            - "--entrypoints.websecure.address=:443"
            - "--entrypoints.web.http.redirections.entryPoint.to=websecure"

            # - "--entryPoints.jmap.address=:443"
            - "--entryPoints.websecure.proxyProtocol.trustedIPs=192.168.168.100,192.168.168.200"

            - "--entryPoints.smtp.address=:25"
            - "--entryPoints.smtp.proxyProtocol.trustedIPs=192.168.168.100,192.168.168.200"

            - "--entryPoints.smtp-ssl.address=:465"
            - "--entryPoints.smtp-ssl.proxyProtocol.trustedIPs=192.168.168.100,192.168.168.200"

            - "--entryPoints.smtp-tls.address=:587"
            - "--entryPoints.smtp-tls.proxyProtocol.trustedIPs=192.168.168.100,192.168.168.200"

            - "--entryPoints.imap.address=:143"
            - "--entryPoints.imap.proxyProtocol.trustedIPs=192.168.168.100,192.168.168.200"

            - "--entryPoints.imap-tls.address=:993"
            - "--entryPoints.imap-tls.proxyProtocol.trustedIPs=192.168.168.100,192.168.168.200"

            - "--entryPoints.sieve.address=:4190"
            - "--entryPoints.sieve.proxyProtocol.trustedIPs=192.168.168.100,192.168.168.200"
        labels:
            - "traefik.enable=true"
            - "traefik.http.routers.dashboard.rule=Host(`traefik.example.com`) && (PathPrefix(`/api`) || PathPrefix(`/dashboard`))"
            - "traefik.http.routers.dashboard.tls=true"
            - "traefik.http.routers.dashboard.entrypoints=websecure"
            - "traefik.http.routers.dashboard.service=api@internal"
            - "traefik.http.routers.dashboard.middlewares=auth"
            - "traefik.http.middlewares.auth.basicauth.users=test:$$2Am"

        depends_on:
            - "stalwart"
#TRAEFIK PASSWORD
#echo $(htpasswd -nB test) | sed -e s/\\$/\\$\\$/g
#New password:
#Re-type new password:
#test:$$y$$05

tree /root/traefik/

.
├── certificates
│   ├── example.com.crt
│   ├── example.com.issuer.crt
│   ├── example.com.json
│   ├── example.com.key
│   ├── example.com.pem
│   └── traefik-dynamic.yml
└── traefik.yml

traefik-dynamic.yml

#dynamic configuration

tls:
    stores:
        default:
            defaultCertificate:
                certFile: /etc/certs/example.com.pem
                keyFile: /etc/certs/example.com.key

stalwart_TRAEFIK.yml

version: "3.8"

services:

    stalwart:
        image: "stalwartlabs/mail-server:latest"
        container_name: "stalwart"
        # ports:
        # - "25:25"
        # - "143:143"
        # - "443:443"
        # - "465:465"
        # - "587:587"
        # - "993:993"
        # - "4190:4190"
        volumes:
            - "/root/stalwart/opt/stalwart-mail:/opt/stalwart-mail"
        networks:
            hap-network:
                ipv4_address: 192.168.168.100
        labels:
            # Explicitly tell Traefik to expose this container
            - "traefik.enable=true"
            - "traefik.http.routers.whoami.rule=Host(`mail.example.com`)"
            - "traefik.http.routers.whoami.entrypoints=web"

            - "traefik.tcp.routers.websecure.rule=HostSNI(`*`)"
            - "traefik.tcp.routers.websecure.entrypoints=websecure"
            - "traefik.tcp.routers.websecure.tls.passthrough=true"
            - "traefik.tcp.routers.websecure.service=websecure"
            - "traefik.tcp.services.websecure.loadbalancer.server.port=443"
            - "traefik.tcp.services.websecure.loadbalancer.proxyProtocol.version=2"

            - "traefik.tcp.routers.smtp.rule=HostSNI(`*`)"
            - "traefik.tcp.routers.smtp.entrypoints=smtp"
            - "traefik.tcp.routers.smtp.service=smtp"
            - "traefik.tcp.services.smtp.loadbalancer.server.port=25"
            - "traefik.tcp.services.smtp.loadbalancer.proxyProtocol.version=2"

            - "traefik.tcp.routers.smtp-ssl.rule=HostSNI(`*`)"
            - "traefik.tcp.routers.smtp-ssl.entrypoints=smtp-ssl"
            - "traefik.tcp.routers.smtp-ssl.tls.passthrough=true"
            - "traefik.tcp.routers.smtp-ssl.service=smtp-ssl"
            - "traefik.tcp.services.smtp-ssl.loadbalancer.server.port=465"
            - "traefik.tcp.services.smtp-ssl.loadbalancer.proxyProtocol.version=2"

            - "traefik.tcp.routers.smtp-tls.rule=HostSNI(`*`)"
            - "traefik.tcp.routers.smtp-tls.entrypoints=smtp-tls"
            - "traefik.tcp.routers.smtp-tls.service=smtp-tls"
            - "traefik.tcp.services.smtp-tls.loadbalancer.server.port=587"
            - "traefik.tcp.services.smtp-tls.loadbalancer.proxyProtocol.version=2"

            - "traefik.tcp.routers.imap.rule=HostSNI(`*`)"
            - "traefik.tcp.routers.imap.entrypoints=imap"
            - "traefik.tcp.routers.imap.service=imap"
            - "traefik.tcp.services.imap.loadbalancer.server.port=143"
            - "traefik.tcp.services.imap.loadbalancer.proxyProtocol.version=2"

            - "traefik.tcp.routers.imap-tls.rule=HostSNI(`*`)"
            - "traefik.tcp.routers.imap-tls.entrypoints=imap-tls"
            - "traefik.tcp.routers.imap-tls.service=imap-tls"
            - "traefik.tcp.routers.imap-tls.tls.passthrough=true"
            - "traefik.tcp.services.imap-tls.loadbalancer.server.port=993"
            - "traefik.tcp.services.imap-tls.loadbalancer.proxyProtocol.version=2"

            - "traefik.tcp.routers.sieve.rule=HostSNI(`*`)"
            - "traefik.tcp.routers.sieve.entrypoints=sieve"
            - "traefik.tcp.routers.sieve.service=sieve"
            - "traefik.tcp.services.sieve.loadbalancer.server.port=4190"
            - "traefik.tcp.services.sieve.loadbalancer.proxyProtocol.version=2"

/root/stalwart/opt/stalwart-mail/etc# tree

.
├── acme
├── certs
│   ├── mail.example.com
│   │   ├── certificates  # local copy of ACME TLS certs
│   │   │   ├── example.com.crt
│   │   │   ├── example.com.issuer.crt
│   │   │   ├── example.com.json
│   │   │   ├── example.com.key
│   │   │   └── example.com.pem
│   │   ├── fullchain.pem   # <-- overwrite fullchain.pem with example.com.pem
│   │   └── privkey.pem   # <-- overwrite privkey.pem with example.com.key
│   └── mail.example.com_orig   # <-- backup of the original folder
│       ├── fullchain.pem
│       └── privkey.pem
├── common
│   ├── server.toml   # <-- [server.proxy]  # uncomment and add to server.toml
│   ├── ...                  # <-- trusted-networks = {"192.168.168.200"}  # the static IP of Traefik
│   └── tracing.toml
├── config.toml
├── directory
│   ├── imap.toml
│   ├── ...
│   └── sql.toml
├── dkim
│   ├── example.com.cert
│   ├── example.com.key
│   └── example.com.readme
├── imap
│   ├── listener.toml
│   └── settings.toml
├── jmap
│   ├── auth.toml
│   ├── ...
│   └── websockets.toml
├── smtp
│   ├── auth.toml
│   ├── ...
│   └── spamfilter.toml
├── spamfilter
│   ├── maps
│   │   ├── allow_dmarc.list
│   │   ├── ...
│   │   └── url_redirectors.list
│   └── scripts
│       ├── bayes_classify.sieve
│       ├── ...
│       └── url.sieve
└── store
    ├── elasticsearch.toml
    ├── ...
    └── sqlite.toml

0 replies

shoutmarble · 2024-02-13T20:40:54Z

shoutmarble
Feb 13, 2024
Author

TRaefik running Stalwart

Although this is "working," I do not think it is optimal. It is not using Proxy-Protocol.
There are TRaefik proxy-protocol load-balancers but they could be replaced with
just normal TRaefik load-balancers possibly?

TRaefik is only forwarding IP traffic not using Proxy-Protocol.

The Stalwart Proxy-Protocol is being used Stalwart (trusted IPs uncommented in server.toml) and they may be connecting to
the TRaefik load balancers and that is making this work?

The log messages show that connections "sometimes get socket closed errors"

All the ports are working...but sometimes with the openssl client you have to retry to connect

root@server:~/stalwart# cat stalwart_TRAEFIK.yml

version: "3.8"

services:

    stalwart:
        image: "stalwartlabs/mail-server:latest"
        container_name: "stalwart"
        # ports:
        # - "25:25"
        # - "143:143"
        # - "443:443"
        # - "465:465"
        # - "587:587"
        # - "993:993"
        # - "4190:4190"
        volumes:
            - "/root/stalwart/opt/stalwart-mail:/opt/stalwart-mail"
        networks:
            hap-network:
                ipv4_address: 192.168.168.100
        labels:
            - "traefik.enable=true"

            # - "traefik.http.routers.websecure.rule=Host(`mail.example.com`)"
            # - "traefik.http.routers.websecure.entrypoints=web"

            - "traefik.tcp.routers.websecure.rule=HostSNI(`*`)"
            - "traefik.tcp.routers.websecure.entrypoints=websecure"
            - "traefik.tcp.routers.websecure.tls.passthrough=true"
            - "traefik.tcp.routers.websecure.service=websecure"
            - "traefik.tcp.services.websecure.loadbalancer.server.port=443"
            - "traefik.tcp.services.websecure.loadbalancer.proxyProtocol.version=2"

            - "traefik.tcp.routers.smtp.rule=HostSNI(`*`)"
            - "traefik.tcp.routers.smtp.entrypoints=smtp"
            - "traefik.tcp.routers.smtp.service=smtp"
            - "traefik.tcp.services.smtp.loadbalancer.server.port=25"
            - "traefik.tcp.services.smtp.loadbalancer.proxyProtocol.version=2"

            - "traefik.tcp.routers.smtp-ssl.rule=HostSNI(`*`)"
            - "traefik.tcp.routers.smtp-ssl.entrypoints=smtp-ssl"
            - "traefik.tcp.routers.smtp-ssl.tls.passthrough=true"
            - "traefik.tcp.routers.smtp-ssl.service=smtp-ssl"
            - "traefik.tcp.services.smtp-ssl.loadbalancer.server.port=465"
            - "traefik.tcp.services.smtp-ssl.loadbalancer.proxyProtocol.version=2"

            - "traefik.tcp.routers.smtp-tls.rule=HostSNI(`*`)"
            - "traefik.tcp.routers.smtp-tls.entrypoints=smtp-tls"
            # - "traefik.tcp.routers.smtp-tls.tls.passthrough=true"
            - "traefik.tcp.routers.smtp-tls.service=smtp-tls"
            - "traefik.tcp.services.smtp-tls.loadbalancer.server.port=587"
            - "traefik.tcp.services.smtp-tls.loadbalancer.proxyProtocol.version=2"

            - "traefik.tcp.routers.imap.rule=HostSNI(`*`)"
            - "traefik.tcp.routers.imap.entrypoints=imap"
            - "traefik.tcp.routers.imap.service=imap-svc"
            # - "traefik.tcp.routers.imap.tls.passthrough=true"
            - "traefik.tcp.services.imap-svc.loadbalancer.server.port=143"
            - "traefik.tcp.services.imap-svc.loadbalancer.proxyProtocol.version=2"

            - "traefik.tcp.routers.imap-tls.rule=HostSNI(`*`)"
            - "traefik.tcp.routers.imap-tls.entrypoints=imap-tls"
            - "traefik.tcp.routers.imap-tls.service=imap-tls"
            - "traefik.tcp.routers.imap-tls.tls.passthrough=true"
            - "traefik.tcp.services.imap-tls.loadbalancer.server.port=993"
            - "traefik.tcp.services.imap-tls.loadbalancer.proxyProtocol.version=2"

            - "traefik.tcp.routers.sieve.rule=HostSNI(`*`)"
            - "traefik.tcp.routers.sieve.entrypoints=sieve"
            - "traefik.tcp.routers.sieve.service=sieve"
            - "traefik.tcp.services.sieve.loadbalancer.server.port=4190"
            - "traefik.tcp.services.sieve.loadbalancer.proxyProtocol.version=2"

root@server:~/stalwart# tree .

.
├── opt
│   └── stalwart-mail
│       ├── bin
│       ├── data
│       │   └── .....
│       ├── etc
│       │   ├── acme
│       │   ├── certs
│       │   │   ├── certificates  #<-- a local copy of your ACME TLS certs from Certbot, etc
│       │   │   │   ├── example.com.crt 
│       │   │   │   ├── example.com.issuer.crt
│       │   │   │   ├── example.com.json
│       │   │   │   ├── example.com.key # --------------- 
│       │   │   │   ├── example.com.pem     # -------   |
│       │   │   │   └── traefik-dynamic.yml         |   |  over write local certs 
│       │   │   └── mail.example.com                |   |  with Certbot certs
│       │   │       ├── fullchain.pem   #<-----------   |
│       │   │       └── privkey.pem #<-------------------
│       │   ├── common
│       │   │   ├── server.toml  #<-- uncomment the following in server.toml
│       │   │   ├── sieve.toml     [server.proxy]		
│       │   │   ├── store.toml     trusted-networks = {"192.168.168.200"}
│       │   │   ├── tls.toml              
│       │   │   └── tracing.toml
│       │   ├── config.toml
│       │   ├── directory
│       │   │   └── .....
│       │   ├── dkim
│       │   │   └── .....
│       │   ├── imap
│       │   │   └── .....
│       │   ├── jmap
│       │   │   └── .....
│       │   ├── smtp
│       │   │   └── .....
│       │   ├── spamfilter
│       │   │   ├── maps
│       │   │   │   └── .....
│       │   │   └── scripts
│       │   │       └── .....
│       │   └── store
│       │       └── .....
│       ├── logs
│       │   └── stalwart.log.2024-02-13
│       ├── queue
│       │   └── 9 .....
│       └── reports
│           └── 62
│               └── .....
└── stalwart_TRAEFIK.yml    # <-- TRaefik docker include

root@server:~/traefik# tree

.
├── certificates
│   ├── example.com.crt
│   ├── example.com.issuer.crt
│   ├── example.com.json
│   ├── example.com.key
│   ├── example.com.pem
│   └── traefik-dynamic.yml
└── traefik.yml

root@server:~/traefik/certificates# cat traefik-dynamic.yml

#dynamic configuration

tls:
    stores:
        default:
            defaultCertificate:
                certFile: /etc/certs/example.com.pem
                keyFile: /etc/certs/example.com.key

root@server:~/traefik# cat traefik.yml

version: "3.8"

include:
    - /root/stalwart/stalwart_TRAEFIK.yml		# <-- LOAD Stalwart Docker

networks:
    hap-network:
        name: "hap-network"
        driver: bridge
        ipam:
            driver: default
            config:
            - subnet: "192.168.168.0/24"
              gateway: "192.168.168.1"

services:

    traefik:
        image: "traefik:latest"
        container_name: "traefik"
        networks:
            hap-network:
                ipv4_address: 192.168.168.200  # <-- TRaefik Docker static IP
        ports:
            - "80:80"
            - "8080:8080"

            - "443:443"
            - "25:25"
            - "465:465"
            - "587:587"
            - "143:143"
            - "993:993"
            - "4190:4190"
        volumes:
            - "/var/run/docker.sock:/var/run/docker.sock:ro"
            - "./certificates/:/etc/certs/:ro" # tls certificates  # <-- path TRaefik will use to locate ACME TLS Certs
        command:
            - "--log.level=DEBUG" # DEBUG, INFO, WARN, ERROR, FATAL, and PANIC

            - "--providers.file.filename=/etc/certs/traefik-dynamic.yml" #<-- load ACME TLS Certs using TRaefik
            - "--providers.file.watch=true"

            - "--api=true"
            - "--api.insecure=true"		# <-- this may be cruft
            - "--api.dashboard=true"
            - "--api.debug=true"

            - "--providers.docker=true"
            - "--providers.docker.exposedbydefault=false"

            - "--global.sendAnonymousUsage"

            - "--providers.docker.network=hap-network"

            - "--entrypoints.web.address=:80"
            - "--entrypoints.websecure.address=:443"
            - "--entrypoints.web.http.redirections.entryPoint.to=websecure"

            - "--entryPoints.smtp.address=:25"
            - "--entryPoints.smtp-ssl.address=:465"
            - "--entryPoints.smtp-tls.address=:587"

            - "--entryPoints.imap.address=:143"
            - "--entryPoints.imap-tls.address=:993"

            - "--entryPoints.sieve.address=:4190"
        labels:
            - "traefik.enable=true"
            - "traefik.http.routers.dashboard.rule=Host(`traefik.example.com`) && (PathPrefix(`/api`) || PathPrefix(`/dashboard`))"
            - "traefik.http.routers.dashboard.tls=true"
            - "traefik.http.routers.dashboard.entrypoints=websecure"
            - "traefik.http.routers.dashboard.service=api@internal"
            - "traefik.http.routers.dashboard.middlewares=auth"
            - "traefik.http.middlewares.auth.basicauth.users=test:PASSWORD"
        depends_on:                                                   ^
            - "stalwart"                                              |
                                                                      |
#  TRAEFIK PASSWORD  # GENERATE DASHBOARD PASSWORD --------------------
#  echo $(htpasswd -nB test) | sed -e s/\\$/\\$\\$/g
#  New password:
#  Re-type new password:
#  test:PASSWORD

0 replies

LVitus · 2024-02-18T16:00:30Z

LVitus
Feb 18, 2024

Anyone got an example for Caddy?

This is my first time setting up anykind of server and it's quite a lot to learn. Since Caddy doesn't suppot SMTP, IMAP or POP3 does this even work with Caddy?

If it does, can I just set up the Caddyfile like this?

mail.<domain> {
     reverse_proxy <docker_container_name>
}

0 replies

s4msy · 2024-04-21T09:46:36Z

s4msy
Apr 21, 2024

Anyone got an example for Caddy?

Trying the same, and I know from my other mailserver this wouldnt work with just simply adding things to the Caddyfile.
My workaround is simple let caddy generate the certs and tell the mailserver where the keys are stored.

Stalwart so far doesnt seem to have actually a simple "use the keys over there" - feature. A working workaround would be putting the key contents in the Server -> TLS - > Certificates-fields. But this isnt a useful solution for automatic renewables, but for testing purposes.

1 reply

mdecimus Apr 22, 2024
Maintainer

You can read external certificates using a file macro:

https://stalw.art/docs/configuration/macros/#types-of-macros

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

An example using Stalwart using Docker + Traefik, Caddy, etc #206

{{title}}

{{editor}}'s edit

{{editor}}'s edit

Replies: 10 comments 3 replies

{{title}}

{{title}}

{{editor}}'s edit

{{editor}}'s edit

{{title}}

{{title}}

{{title}}

{{title}}

{{title}}

{{editor}}'s edit

{{editor}}'s edit

{{title}}

{{editor}}'s edit

{{editor}}'s edit

{{title}}

{{editor}}'s edit

{{editor}}'s edit

{{title}}

{{editor}}'s edit

{{editor}}'s edit

{{title}}

{{title}}

{{title}}

Select a reply

An example using Stalwart using Docker + Traefik, Caddy, etc #206

Replies: 10 comments · 3 replies

mdecimus Jan 14, 2024 Maintainer

shoutmarble Feb 12, 2024 Author

shoutmarble Feb 11, 2024 Author

shoutmarble Feb 12, 2024 Author

shoutmarble Feb 13, 2024 Author

mdecimus Apr 22, 2024 Maintainer

Replies: 10 comments 3 replies

mdecimus
Jan 14, 2024
Maintainer

shoutmarble Feb 12, 2024
Author

shoutmarble
Feb 11, 2024
Author

shoutmarble
Feb 12, 2024
Author

shoutmarble
Feb 13, 2024
Author

mdecimus Apr 22, 2024
Maintainer