diff --git a/docs/post_installation/reverse-proxy/r_p-apache24.de.md b/docs/post_installation/reverse-proxy/r_p-apache24.de.md index f8cbe248ae..0a30875f66 100644 --- a/docs/post_installation/reverse-proxy/r_p-apache24.de.md +++ b/docs/post_installation/reverse-proxy/r_p-apache24.de.md @@ -15,6 +15,7 @@ Let's Encrypt wird unserem Rewrite folgen, Zertifikatsanfragen in mailcow werden ServerName ZU MAILCOW HOSTNAMEN ÄNDERN ServerAlias autodiscover.* ServerAlias autoconfig.* + ServerAlias mta-sts.* RewriteEngine on RewriteCond %{HTTPS} off @@ -30,6 +31,7 @@ Let's Encrypt wird unserem Rewrite folgen, Zertifikatsanfragen in mailcow werden ServerName ZU MAILCOW HOSTNAMEN ÄNDERN ServerAlias autodiscover.* ServerAlias autoconfig.* + ServerAlias mta-sts.* # You should proxy to a plain HTTP session to offload SSL processing ProxyPass /Microsoft-Server-ActiveSync http://127.0.0.1:8080/Microsoft-Server-ActiveSync connectiontimeout=4000 diff --git a/docs/post_installation/reverse-proxy/r_p-apache24.en.md b/docs/post_installation/reverse-proxy/r_p-apache24.en.md index b4e2430ab7..00ba34e840 100644 --- a/docs/post_installation/reverse-proxy/r_p-apache24.en.md +++ b/docs/post_installation/reverse-proxy/r_p-apache24.en.md @@ -15,6 +15,7 @@ Let's Encrypt will follow our rewrite, certificate requests in mailcow will work ServerName CHANGE_TO_MAILCOW_HOSTNAME ServerAlias autodiscover.* ServerAlias autoconfig.* + ServerAlias mta-sts.* RewriteEngine on RewriteCond %{HTTPS} off @@ -30,6 +31,7 @@ Let's Encrypt will follow our rewrite, certificate requests in mailcow will work ServerName CHANGE_TO_MAILCOW_HOSTNAME ServerAlias autodiscover.* ServerAlias autoconfig.* + ServerAlias mta-sts.* # You should proxy to a plain HTTP session to offload SSL processing ProxyPass /Microsoft-Server-ActiveSync http://127.0.0.1:8080/Microsoft-Server-ActiveSync connectiontimeout=4000 diff --git a/docs/post_installation/reverse-proxy/r_p-caddy2.de.md b/docs/post_installation/reverse-proxy/r_p-caddy2.de.md index e7864b526a..23d2deb3ef 100644 --- a/docs/post_installation/reverse-proxy/r_p-caddy2.de.md +++ b/docs/post_installation/reverse-proxy/r_p-caddy2.de.md @@ -12,7 +12,7 @@ Bspw: ``` hl_lines="1 3 13" -MAILCOW_HOSTNAME autodiscover.MAILCOW_HOSTNAME autoconfig.MAILCOW_HOSTNAME { +MAILCOW_HOSTNAME autodiscover.MAILCOW_HOSTNAME autoconfig.MAILCOW_HOSTNAME mta-sts.MAILCOW_HOSTNAME { log { output file /var/log/caddy/MAILCOW_HOSTNAME.log { roll_disabled diff --git a/docs/post_installation/reverse-proxy/r_p-caddy2.en.md b/docs/post_installation/reverse-proxy/r_p-caddy2.en.md index b15e3d143d..3294cb2525 100644 --- a/docs/post_installation/reverse-proxy/r_p-caddy2.en.md +++ b/docs/post_installation/reverse-proxy/r_p-caddy2.en.md @@ -11,7 +11,7 @@ In the caddyfile you just have to create a section for the mailserver. For example ``` hl_lines="1 3 13" -MAILCOW_HOSTNAME autodiscover.MAILCOW_HOSTNAME autoconfig.MAILCOW_HOSTNAME { +MAILCOW_HOSTNAME autodiscover.MAILCOW_HOSTNAME autoconfig.MAILCOW_HOSTNAME mta-sts.MAILCOW_HOSTNAME { log { output file /var/log/caddy/MAILCOW_HOSTNAME.log { roll_disabled diff --git a/docs/post_installation/reverse-proxy/r_p-nginx.de.md b/docs/post_installation/reverse-proxy/r_p-nginx.de.md index 5b4b9b9787..f723fae8d8 100644 --- a/docs/post_installation/reverse-proxy/r_p-nginx.de.md +++ b/docs/post_installation/reverse-proxy/r_p-nginx.de.md @@ -9,13 +9,13 @@ Let's Encrypt folgt unserem Rewrite, Zertifikatsanfragen funktionieren problemlo server { listen 80 default_server; listen [::]:80 default_server; - server_name ZU MAILCOW HOSTNAMEN ÄNDERN autodiscover.* autoconfig.*; + server_name ZU MAILCOW HOSTNAMEN ÄNDERN autodiscover.* autoconfig.* mta-sts.*; return 301 https://$host$request_uri; } server { listen 443 ssl http2; listen [::]:443 ssl http2; - server_name ZU MAILCOW HOSTNAMEN ÄNDERN autodiscover.* autoconfig.*; + server_name ZU MAILCOW HOSTNAMEN ÄNDERN autodiscover.* autoconfig.* mta-sts.*; ssl_certificate MAILCOW_PATH/data/assets/ssl/cert.pem; ssl_certificate_key MAILCOW_PATH/data/assets/ssl/key.pem; @@ -61,4 +61,4 @@ server { Beim Einsatz eines Proxys in einem anderen Subnetz müssen Sie die folgende Umgebungsvariable in die mailcow.conf einfügen, damit der nginx-Container die oben gesetzte X-Real-IP akzeptiert. ``` TRUSTED_PROXIES=#.#.#.# -``` \ No newline at end of file +``` diff --git a/docs/post_installation/reverse-proxy/r_p-nginx.en.md b/docs/post_installation/reverse-proxy/r_p-nginx.en.md index 43b44738db..3f887dd5c5 100644 --- a/docs/post_installation/reverse-proxy/r_p-nginx.en.md +++ b/docs/post_installation/reverse-proxy/r_p-nginx.en.md @@ -9,13 +9,13 @@ Let's Encrypt will follow our rewrite, certificate requests will work fine. server { listen 80 default_server; listen [::]:80 default_server; - server_name CHANGE_TO_MAILCOW_HOSTNAME autodiscover.* autoconfig.*; + server_name CHANGE_TO_MAILCOW_HOSTNAME autodiscover.* autoconfig.* mta-sts.*; return 301 https://$host$request_uri; } server { listen 443 ssl http2; listen [::]:443 ssl http2; - server_name CHANGE_TO_MAILCOW_HOSTNAME autodiscover.* autoconfig.*; + server_name CHANGE_TO_MAILCOW_HOSTNAME autodiscover.* autoconfig.* mta-sts.*; ssl_certificate MAILCOW_PATH/data/assets/ssl/cert.pem; ssl_certificate_key MAILCOW_PATH/data/assets/ssl/key.pem; @@ -61,4 +61,4 @@ server { When using a proxy on a different subnet you will need to add the following environment variable to the mailcow.conf to have the nginx container accept the X-Real-IP set above. ``` TRUSTED_PROXIES=#.#.#.# -``` \ No newline at end of file +``` diff --git a/docs/post_installation/reverse-proxy/r_p-traefik3.de.md b/docs/post_installation/reverse-proxy/r_p-traefik3.de.md index 925f36a546..ee28819042 100644 --- a/docs/post_installation/reverse-proxy/r_p-traefik3.de.md +++ b/docs/post_installation/reverse-proxy/r_p-traefik3.de.md @@ -16,7 +16,7 @@ Dieses Tutorial erklärt, wie man mailcow mit Traefik als Reverse-Proxy einricht Traefik übernimmt den gesamten eingehenden Webverkehr und leitet die entsprechenden Anfragen an mailcow weiter. Diese Konfiguration ermöglicht es Traefik: - SSL-Zertifikate zu verwalten -- Autodiscover- und Autoconfig-Dienste bereitzustellen +- Autodiscover-, Autoconfig- und MTA-STS-Dienste bereitzustellen - Die Frontend-Benutzeroberfläche zu bedienen - ACME-Challenge-Antworten für die Zertifikatsvalidierung des Mail-Servers zu übernehmen @@ -62,6 +62,13 @@ SKIP_LETS_ENCRYPT=y tls: certResolver: cloudflare + mailcow-mta-sts: + entryPoints: "websecure" + rule: "(Host(`mta-sts.domain.com`) && Path(`/.well-known/mta-sts.txt`))" + service: mailcow-svc + tls: + certResolver: cloudflare + services: mailcow: loadBalancer: @@ -107,6 +114,11 @@ SKIP_LETS_ENCRYPT=y - traefik.http.routers.mailcow-autoconfig.tls.certresolver=cloudflare - traefik.http.routers.mailcow-autoconfig.service=mailcow-svc + - traefik.http.routers.mailcow-mta-sts.entrypoints=websecure + - traefik.http.routers.mailcow-mta-sts.rule=Host(`mta-sts.domain.com`)&& Path(`/.well-known/mta-sts.txt`) + - traefik.http.routers.mailcow-mta-sts.tls.certresolver=cloudflare + - traefik.http.routers.mailcow-mta-sts.service=mailcow-svc + - traefik.http.routers.mailcow.entrypoints=websecure - traefik.http.routers.mailcow.rule=Host(`mail.domain.com`) - traefik.http.routers.mailcow.tls=true @@ -125,7 +137,7 @@ SKIP_LETS_ENCRYPT=y **Wichtige Hinweise zu dieser Konfiguration:** -- Ersetzen Sie `mail.domain.com`, `autoconfig.domain.com` und `autodiscover.domain.com` durch Ihre tatsächlichen Domainnamen +- Ersetzen Sie `mail.domain.com`, `autoconfig.domain.com`, `autodiscover.domain.com` und `mta-sts.domain.com` durch Ihre tatsächlichen Domainnamen - `entryPoints: "websecure"` - ersetzen Sie dies durch Ihren tatsächlichen Traefik-HTTPS-Entrypoint - `certResolver: cloudflare` - ersetzen Sie dies durch Ihren tatsächlichen Zertifikatsresolver diff --git a/docs/post_installation/reverse-proxy/r_p-traefik3.en.md b/docs/post_installation/reverse-proxy/r_p-traefik3.en.md index cc04bfab2b..e85c4fb71b 100644 --- a/docs/post_installation/reverse-proxy/r_p-traefik3.en.md +++ b/docs/post_installation/reverse-proxy/r_p-traefik3.en.md @@ -62,6 +62,13 @@ SKIP_LETS_ENCRYPT=y tls: certResolver: cloudflare + mailcow-mta-sts: + entryPoints: "websecure" + rule: "(Host(`mta-sts.domain.com`) && Path(`/.well-known/mta-sts.txt`))" + service: mailcow-svc + tls: + certResolver: cloudflare + services: mailcow: loadBalancer: @@ -107,6 +114,11 @@ SKIP_LETS_ENCRYPT=y - traefik.http.routers.mailcow-autoconfig.tls.certresolver=cloudflare - traefik.http.routers.mailcow-autoconfig.service=mailcow-svc + - traefik.http.routers.mailcow-mta-sts.entrypoints=websecure + - traefik.http.routers.mailcow-mta-sts.rule=Host(`mta-sts.domain.com`)&& Path(`/.well-known/mta-sts.txt`) + - traefik.http.routers.mailcow-mta-sts.tls.certresolver=cloudflare + - traefik.http.routers.mailcow-mta-sts.service=mailcow-svc + - traefik.http.routers.mailcow.entrypoints=websecure - traefik.http.routers.mailcow.rule=Host(`mail.domain.com`) - traefik.http.routers.mailcow.tls=true @@ -125,7 +137,7 @@ SKIP_LETS_ENCRYPT=y **Important notes about this configuration:** -- Replace `mail.domain.com`, `autoconfig.domain.com`, and `autodiscover.domain.com` with your actual domain names +- Replace `mail.domain.com`, `autoconfig.domain.com` `autoconfig.domain.com`, and `mta-sts.domain.com` with your actual domain names - `entryPoints: "websecure"` - replace it with your actual Traefik https entrypoint - `certResolver: cloudflare` - replace it with your actual certificate resolver