Using SWAG TLS for Mailrise
A short tutorial on managing TLS termination for Mailrise docker container using SWAG (NGINX) reverse proxy.
Assumptions
Before continuing, we will assume you already have:
- Working Mailrise[^1] docker container
- Mailrise config option
tls.mode
is set tooff
- Working SWAG[^2] (NGINX) reverse proxy
- Mailrise docker container is named
mailrise
using default listening port8025
This tutorial is based on the folder and file (including certificate file) structure of SWAG docker container, but similar approach will work for pure NGINX too.
Also, remember to replace example.com
parts with your domain name.
Goal
At the end of tutorial we want to access mailrise SMTP server via smtp.example.com
on port 465
.
NGINX settings
As we are going to use NGINX stream to route requests to our smtp
subdomain on specified port, we need to mount /etc/nginx/stream.d
folder of SWAG container (the conf files in this directory are loaded as streams for NGINX).
In SWAG docker compose file that would mean additional entries for exposed volumes and ports:
volumes:
- <folder_of_your_choice>:/etc/nginx/stream.d
ports:
- 465:465
Secondly, in the <folder_of_your_choice>
we create a new file with .conf
ending, for example, mailrise.conf
with following content:
map $ssl_server_name $stream_backend {
smtp.example.com mailrise_backend;
}
upstream mailrise_backend {
server mailrise:8025;
}
server {
listen 465 ssl;
listen [::]:465 ssl;
ssl_certificate /config/keys/cert.crt;
ssl_certificate_key /config/keys/cert.key;
ssl_protocols TLSv1.2 TLSv1.3;
include /config/nginx/resolver.conf;
proxy_pass $stream_backend;
}
Some settings explained:
- Lines 1-3: When the end-user sends a request targeting
smtp.example.com
, NGINX will look up the destination upstream - Line 5-7: Definition of the upstream which connects to the Mailrise container
- Lines 10-11: Ports where NGINX is listening for requests
- Lines 13-14: Certificate files and their path to be used for TLS
- Line 18: DNS resolver to be able to access container by its name
Restart SWAG.
Try to send email to smtp.example.com
on port 465
.
[^1]: Mailrise Github [^2]: linuxserver.io