...loading

Using SWAG TLS for Mailrise

Published: 7 months ago
mailrise swag nginx docker tls smtp

A short tutorial on managing TLS termination for Mailrise docker container using SWAG (NGINX) reverse proxy.

Assumptions

Before continuing, we will assume you already have:

  1. Working Mailrise[^1] docker container
  2. Mailrise config option tls.mode is set to off
  3. Working SWAG[^2] (NGINX) reverse proxy
  4. Mailrise docker container is named mailrise using default listening port 8025

This tutorial is based on the folder and file (including certificate file) structure of SWAG docker container, but similar approach will work for pure NGINX too.

Also, remember to replace example.com parts with your domain name.

Goal

At the end of tutorial we want to access mailrise SMTP server via smtp.example.com on port 465.

NGINX settings

As we are going to use NGINX stream to route requests to our smtp subdomain on specified port, we need to mount /etc/nginx/stream.d folder of SWAG container (the conf files in this directory are loaded as streams for NGINX). In SWAG docker compose file that would mean additional entries for exposed volumes and ports:

volumes:
	- <folder_of_your_choice>:/etc/nginx/stream.d
ports:
	- 465:465

Secondly, in the <folder_of_your_choice> we create a new file with .conf ending, for example, mailrise.conf with following content:

map $ssl_server_name $stream_backend {
	smtp.example.com	mailrise_backend;
}

upstream mailrise_backend {
	server	mailrise:8025;
}

server {
	listen	465		ssl;
	listen	[::]:465	ssl;

	ssl_certificate		/config/keys/cert.crt;
	ssl_certificate_key	/config/keys/cert.key;

	ssl_protocols	TLSv1.2	TLSv1.3;

	include	/config/nginx/resolver.conf;
	proxy_pass	$stream_backend;
}

Some settings explained:

  • Lines 1-3: When the end-user sends a request targeting smtp.example.com, NGINX will look up the destination upstream
  • Line 5-7: Definition of the upstream which connects to the Mailrise container
  • Lines 10-11: Ports where NGINX is listening for requests
  • Lines 13-14: Certificate files and their path to be used for TLS
  • Line 18: DNS resolver to be able to access container by its name

Restart SWAG.

Try to send email to smtp.example.com on port 465.

[^1]: Mailrise Github [^2]: linuxserver.io

On This Page