I use NginxProxyManager as the main entry point of web traffic onto my local server. I exclusively use it as a proxy host for multiple subdomains. Each subdomain managed by NPM gets proxied to a docker container. Adding new services is mostly setting up the docker container and using NPM to create a ssl certificate with letsencrypt and directing the traffic from that subdomain to the container.
A few weeks ago I randomly discovered Poste.io through the community apps page of unraid. It’s an all-in-one dockerized email server. Since Unraid has a template for it, installing was a breeze:
Email requires more ports than just 443/80, but following their documentation I was able to get it up and running. Thanks to my local ISP I am able to have port 25 and all the rest unblocked, normally ISPs don’t allow these ports.
The docker container comes complete with an admin site for managing users, domains, and server settings. The mail app isn’t half bad either:
Once I tried to connect Thunderbird though I got SSL verification errors. I soon found out even through NPM handles the SSL offloading for port 443 (HTTPS web traffic), it doesn’t do the same for the mail ports (143, 993, etc). Thunderbird was getting a generic mail.poste.io SSL certificate instead of mail.mattlapaglia.com!
Poste.io does support LetsEncrypt, but trying to run LE validation behind another LE instance (NPM) is problematic. When the Poste.IO LE tries to validate domain ownership the LE server ends up calling the NPM LE, which says “uh, what, 404 for me I guess”.
I tried getting the LE functionality in Poste.io to work with the NPM LE but couldn’t come up with a solution that would result in automatic SSL certificate renewals in the future. Then I thought to myself, “NPM LE stores the certificates in the AppData folder of Unraid, I could use that!”
I went back to the Poste.io docker configuration page and added 4 paths to map:
ca.crtserver.keyserver.crtserver-combined.crt
I mapped them from the NPM appdata folder to the Poste container.
/mnt/user/appdata/NginxProxyManager/letsencrypt/live/npm-33/chain.pem/mnt/user/appdata/NginxProxyManager/letsencrypt/live/npm-33/privkey.pem/mnt/user/appdata/NginxProxyManager/letsencrypt/live/npm-33/cert.pem/mnt/user/appdata/NginxProxyManager/letsencrypt/live/npm-33/fullchain.pem
were mapped to:
/etc/ssl/ca.crt/etc/ssl/server.key/etc/ssl/server.crt/etc/ssl/server-combined.crt
After this I was able to successfully connect to the email server from my computer and other devices! Now when NPM updates the mail.mattlapaglia.com domain name automatically, poste will directly reference the new certificates without any manual intervention.
Hello!
I am pretty new to hosting my own content. I have a nice little set up for my content using unRAID and it’s working excellently. I even got NPM working properly with my personal domain.
I have a calibre server set up that I want to connect with a self hosted email server to send my books to my kindle. This is how I came across this post. I had planned on following your set up but I am confused with your comment on Email requiring more ports than 443/80. I do understand that SMTP and other features do need other ports to be forwarded. The part I’m tripped up on is the hyperlinked article at the end of that paragraph. Are you using the article to help explain why ISPs block those ports or are you suggesting using AuthSMTP’s services?
Thanks in advance!
hello all
please i installed free version of poste.io then few hours later my server won’t load what could be the issue
I have had this and found i have been havign to restart the Container quite frequently for it to be working which isnt the best experience so far.
but i have found it the easiest and well rounded for what i wanted to play with which is a shame