VPS haproxy setup to pass emails to home email server

i have configured haproxy to forward ports but now my question is how do i configure mailcow to listen on my ports that are being forwarded from vps? also when i start mailcow in docker nginx netfilter and php restart nonstop.

In order to help everyone help you dump the systemD journal logs of the restarts if you can from the docker container or simply all the docker logs (sanitized of course)

Seems your close though

I will as soon as im home. But in the meantime can you help me with a few questions?

  1. Since my mail DNS name mal.example.co points to my vps at linode. What do i set the fqdn name as for mailcow. Since it runs on my local machine.

  2. Since this is being forwarded from vps to local mailcow server should i skip letsencrypt and let haprox on vps add the certs to the traffic coming to my local mailcow.

Also just for more info. My vps has wiregaurd installed. I have connection from my vps to my local mailcow through the tunnel.

And just for some background info.

I want to host my mail server 100% in my home lab. I have multiple dell servers and i host everything else.

I was told on these fourms the best way to do it was to forward the email ports with ha proxy on vps becauas i dont have a static public ip at home. I have a dynamic ip and only one. I tried to port forward but it didnt work.

So i just want the vps to be public facing and just hand everything off to my local server running mailcow

If you have the nginx config i am pretty good at converting it to h haproxy. The mail setup is more the part im struggling with. I cant even get to the web admin gui on the local machine

1 Like

anyone have any idea why my nginx container restarts constantly in mailcow? I’m stuck and frustrated.

1 Like

What is your container name?

Please output sudo docker logs (container-ID)

It will tell us something

Not at the moment im in the middle of a revamp of my stuff myself

how do i get the logs for you once i do docker compose up -d? is there a way to use docker compose to show logs?

Yes the command is

“docker logs (container-ID)”

If you need help understanding that I would rake a trip to dockers documentation.

Compose is only to upstart your containers. After that you dont need to type docker compose. You use the other docker arguments in the CLI

This is the log i get for nginx in mailcow

root@mailserver:/opt/mailcow-dockerized# docker logs mailcowdockerized-nginx-mailcow-1
2023/07/06 06:58:20 [warn] 15#15: the “listen … http2” directive is deprecated, use the “http2” directive instead in /etc/nginx/conf.d/listen_ssl.active:1
nginx: [warn] the “listen … http2” directive is deprecated, use the “http2” directive instead in /etc/nginx/conf.d/listen_ssl.active:1
2023/07/06 06:58:20 [warn] 15#15: the “listen … http2” directive is deprecated, use the “http2” directive instead in /etc/nginx/conf.d/listen_ssl.active:2
nginx: [warn] the “listen … http2” directive is deprecated, use the “http2” directive instead in /etc/nginx/conf.d/listen_ssl.active:2
2023/07/06 06:58:20 [emerg] 15#15: socket() [::]:8081 failed (97: Address family not supported by protocol)
nginx: [emerg] socket() [::]:8081 failed (97: Address family not supported by protocol)
nginx: configuration file /etc/nginx/nginx.conf test failed
2023/07/06 06:58:23 [warn] 15#15: the “listen … http2” directive is deprecated, use the “http2” directive instead in /etc/nginx/conf.d/listen_ssl.active:1

This is for netfilter

Clearing all bans
Traceback (most recent call last):
File “/server.py”, line 558, in
clear()
File “/server.py”, line 297, in clear
filter6_table = iptc.Table6(iptc.Table6.FILTER)
File “/usr/lib/python3.10/site-packages/iptc/ip6tc.py”, line 589, in new
obj._init(name, autocommit)
File “/usr/lib/python3.10/site-packages/iptc/ip6tc.py”, line 606, in _init
self.refresh()
File “/usr/lib/python3.10/site-packages/iptc/ip4tc.py”, line 1634, in refresh
raise IPTCError(“can’t initialize %s: %s” % (self.name,
iptc.ip4tc.IPTCError: can’t initialize filter: b’Address family not supported by protocol’

i think i fixed the http2 thing now i get this

023/07/06 07:44:09 [emerg] 13#13: socket() [::]:8081 failed (97: Address family not supported by protocol)
nginx: [emerg] socket() [::]:8081 failed (97: Address family not supported by protocol)
nginx: configuration file /etc/nginx/nginx.conf test failed
2023/07/06 07:44:12 [emerg] 14#14: socket() [::]:8081 failed (97: Address family not supported by protocol)
nginx: [emerg] socket() [::]:8081 failed (97: Address family not supported by protocol)
nginx: configuration file /etc/nginx/nginx.conf test failed
2023/07/06 07:44:14 [emerg] 13#13: socket() [::]:8081 failed (97: Address family not supported by protocol)
nginx: [emerg] socket() [::]:8081 failed (97: Address family not supported by protocol)
nginx: configuration file /etc/nginx/nginx.conf test failed
2023/07/06 07:44:15 [emerg] 14#14: socket() [::]:8081 failed (97: Address family not supported by protocol)
nginx: [emerg] socket() [::]:8081 failed (97: Address family not supported by protocol)
nginx: configuration file /etc/nginx/nginx.conf test failed
2023/07/06 07:44:17 [emerg] 14#14: socket() [::]:8081 failed (97: Address family not supported by protocol)
nginx: [emerg] socket() [::]:8081 failed (97: Address family not supported by protocol)
nginx: configuration file /etc/nginx/nginx.conf test failed
2023/07/06 07:44:19 [emerg] 14#14: socket() [::]:8081 failed (97: Address family not supported by protocol)
nginx: [emerg] socket() [::]:8081 failed (97: Address family not supported by protocol)
nginx: configuration file /etc/nginx/nginx.conf test failed
2023/07/06 07:44:24 [emerg] 15#15: socket() [::]:8081 failed (97: Address family not supported by protocol)
nginx: [emerg] socket() [::]:8081 failed (97: Address family not supported by protocol)
nginx: configuration file /etc/nginx/nginx.conf test failed

so i figured it out. i dont use ipv6 on any of my servers. in fact i use ipv6.disable =1 in grub.

anyways even after setting ipv6 to false in docker compose for some reason all of the config files were still trying to use ipv6. I removed the ipv6 listen addresses from nginx config and changed the ports in php-fpm.d pools.conf to Listen = 9001 and Listen = 9002 instead of Listen = [::]:9001

1 Like

Sorry m8 I wish others were replying. Im not going to be much help this weekend… Ive got a ton of data work to do with zfs

Heres nginx documentation on mail server proxying

If you can translate off that youll figure the haproxy part out

Lol i believe i got it for most part. I have haproxy up. Now that i can actually get to email and have it running i think i can handle rest. Right now working with certbot to issue auto cert updates to haproxy on vps. Just a quick side question. I use acme on opnsense to get certs for local services. Can i pull certs on both machines even if the domains match

I do the same with ipv6.disable and have encountered ther same problem, irritating as it is. Server won’t start in basic config, always check for ipv6 listen. I guess this will go into your tool kit too.