Computers | Matt LaPaglia, MCSD

I use NginxProxyManager as the main entry point of web traffic onto my local server. I exclusively use it as a proxy host for multiple subdomains. Each subdomain managed by NPM gets proxied to a docker container. Adding new services is mostly setting up the docker container and using NPM to create a ssl certificate with letsencrypt and directing the traffic from that subdomain to the container.

A few weeks ago I randomly discovered Poste.io through the community apps page of unraid. It’s an all-in-one dockerized email server. Since Unraid has a template for it, installing was a breeze:

Community Applications plugin has a template ready to go

Email requires more ports than just 443/80, but following their documentation I was able to get it up and running. Thanks to my local ISP I am able to have port 25 and all the rest unblocked, normally ISPs don’t allow these ports.

The docker container comes complete with an admin site for managing users, domains, and server settings. The mail app isn’t half bad either:

Once I tried to connect Thunderbird though I got SSL verification errors. I soon found out even through NPM handles the SSL offloading for port 443 (HTTPS web traffic), it doesn’t do the same for the mail ports (143, 993, etc). Thunderbird was getting a generic mail.poste.io SSL certificate instead of mail.mattlapaglia.com!

Poste.io does support LetsEncrypt, but trying to run LE validation behind another LE instance (NPM) is problematic. When the Poste.IO LE tries to validate domain ownership the LE server ends up calling the NPM LE, which says “uh, what, 404 for me I guess”.

LE servers not able to validate that I own the domain name 🙁

I tried getting the LE functionality in Poste.io to work with the NPM LE but couldn’t come up with a solution that would result in automatic SSL certificate renewals in the future. Then I thought to myself, “NPM LE stores the certificates in the AppData folder of Unraid, I could use that!”

I went back to the Poste.io docker configuration page and added 4 paths to map:

ca.crt
server.key
server.crt
server-combined.crt

I mapped them from the NPM appdata folder to the Poste container.

/mnt/user/appdata/NginxProxyManager/letsencrypt/live/npm-33/chain.pem
/mnt/user/appdata/NginxProxyManager/letsencrypt/live/npm-33/privkey.pem
/mnt/user/appdata/NginxProxyManager/letsencrypt/live/npm-33/cert.pem
/mnt/user/appdata/NginxProxyManager/letsencrypt/live/npm-33/fullchain.pem

were mapped to:

/etc/ssl/ca.crt
/etc/ssl/server.key
/etc/ssl/server.crt
/etc/ssl/server-combined.crt

After this I was able to successfully connect to the email server from my computer and other devices! Now when NPM updates the mail.mattlapaglia.com domain name automatically, poste will directly reference the new certificates without any manual intervention.

A Lenovo W540 was overheating, peaking at 99° before the Intel Core i7 4700MQ would automatically throttle down the speed to prevent permanent damage. A nasty side effect of this is reduced performance. A workstation-grade laptop should be able to handle this kind of heat without issue, what was going wrong!? This was obviously something hardware related since the fan would run at 100% while the air coming out of the fan was room temperature and the CPU was ready to boil water. After disassembling the machine I noticed the heat sink compound wasn’t “smooshed” against the CPU like it should be:

Take a closer look at the image above. What is that desiccant ball doing in there, keeping the heatsink from pressing against the CPU correctly??

Close up of the heat culprit:

I’m going to assume this mistakenly fell in during initial assembly and isn’t an intended feature. After removing the ball and securing the heatsink the compound spread much more evenly:

Prime95 was also happy with the results:

Matt LaPaglia, MCSD

Category Archives: Computers

Self Hosted Email Server With Unraid and Poste.IO

Overheating Lenovo W540

To Infinity, Recursively!