Caddy反向代理搭建Mailu邮局踩坑记录
Caddy反向代理搭建Mailu邮局踩坑记录
网络要求
首先安装docker,并确保服务器的25端口开放,可使用telnet检查
telnet smtp.163.com 25
若出现以下信息,证明25端口可用
Trying 111.124.203.45...
Connected to smtp163.mail.ntes53.netease.com.
Escape character is '^]'.
220 163.com Anti-spam GT for Coremail System (163com[20141201])
添加DNS记录
- 添加A/AAAA记录,解析
mail.example.com
安装docker
详细教程请参考Docker CE 软件仓库
生成Mailu配置文件
前往Mailu Setup,根据需求更改
注意:
- 因为我们要用到Caddy的反代,所以不需要Mailu自动获取
Let's Encrypt的证书,需要手动配置,因此Choose how you wish to handle security只能选择mail Enable Web email client选择一个顺眼的,默认不使用,其他功能按需启用- 在
Setp 3内,IPv4 listen address请填入本机真实IP,可以是内网IP(一般服务器都有)
修改配置文件
修改Mailu配置
配置完成后点击Setup Mailu,将docker-compose.yml和mailu.env下载到本地进行修改
对于docker-compose.yml
# This file is auto-generated by the Mailu configuration wizard.
# Please read the documentation before attempting any change.
# Generated for compose flavor
services:
# External dependencies
redis:
image: redis:alpine
restart: always
volumes:
- "/mailu/redis:/data"
depends_on:
- resolver
dns:
- 192.168.203.254
# Core services
front:
image: ghcr.nju.edu.cn/mailu/${DOCKER_PREFIX:-}nginx:${MAILU_VERSION:-2024.06}
restart: always
env_file: mailu.env
logging:
driver: journald
options:
tag: mailu-front
ports:
#只要不占用Caddy的80/443端口即可!
- "172..10.0.1:8080:80"
- "172..10.0.1:4433:443"
- "172..10.0.1:25:25"
- "172..10.0.1:465:465"
- "172..10.0.1:587:587"
- "172..10.0.1:110:110"
- "172..10.0.1:995:995"
- "172..10.0.1:143:143"
- "172..10.0.1:993:993"
- "172..10.0.1:4190:4190"
networks:
- default
- webmail
- radicale
volumes:
- "/mailu/certs:/certs"
- "/mailu/overrides/nginx:/overrides:ro"
depends_on:
- resolver
dns:
- 192.168.203.254
......
networks:
default:
driver: bridge
ipam:
driver: default
config:
- subnet: 192.168.203.0/24
radicale:
driver: bridge
webmail:
driver: bridge
oletools:
driver: bridge
internal: true
只需要在front:里修改80和443的端口即可
对于mailu.env,修改以下内容,防止Caddy反代出现502错误 **!很重要!**折腾了一晚上才搞明白
REAL_IP_HEADER=X-Real-IP
REAL_IP_FROM=172.10.0.1#你的IP地址
TLS_FLAVOR=mail
Caddy反代配置
mail.example.com {
encode gzip zstd
tls {
protocols tls1.3
}
header {
Strict-Transport-Security "max-age=63072000; includeSubDomains; preload" # HSTS
Referrer-Policy strict-origin-when-cross-origin
X-Permitted-Cross-Domain-Policies "none"
X-Frame-Options SAMEORIGIN
X-Content-Type-Options nosniff
X-XSS-Protection "1; mode=block"
-Server
}
reverse_proxy 172.16.0.3:8080 #请自行修改
}
接下来,重启Caddy,让Caddy自动获取证书
Caddy 的默认证书目录为 /var/lib/caddy/.local/share/caddy/certificates/
mail.exmaple.com.crt对应/mailu/certs/cert.pemmail.exmaple.com.key对应/mailu/certs/key.pem
运行Mailu
上传配置,启动docker
docker-compose -p mailu up -d
创建管理员账户
docker-compose -p mailu exec admin flask mailu admin hi MAIL.EXAMPLE.COM 'PASSWORD'
请修改域名和密码后再运行
配置记录...
其他的自行设置
详细配置请参考:
Copyright Notice: Unless otherwise stated, this article is an original work. Copyright belongs to VConet的杂物间. Licensed under CC BY-NC-SA 4.0. Please cite the source when reprinting!
Article URL: https://old.vconet.top/archives/mailu-with-caddy.html