Rancher Catalog for Mailu.io mail server.
- Just add
https://github.com/Mailu/Rancher.git
to Rancher custom catalog in "Admin -> Settings -> Catalog". - You need to provide a
cert.pem
andkey.pem
files in${ROOT}/certs
. For example, in/mailu/certs/
.
The Let's Encrypt stack from the Rancher Catalog uses: janeczku/rancher-letsencrypt
.
That stack takes care of generating TLS / SSL certificates with Let's Encrypt, updating them and adding the certificates to your Rancher Certificate "store".
You can read the full updated documentation for that stack in the GitHub repository: https://github.com/janeczku/rancher-letsencrypt.
You need to pay special attention to the configuration for certificate renewal. You can configure it with several DNS providers or do it just using a Rancher Load Balancer and redirecting a specific route (example.com/.well-known/acme-challenge
) to the Let's Encrypt stack service: https://github.com/janeczku/rancher-letsencrypt#http.
For Mailu you also need to have those certificates in a path in the host, for example in /mailu/certs/
.
To use the Let's Encrypt stack to generate the certificates and use them inside Mailu, you can do the following:
Note: for this example let's assume that your domain is example.com
and that the Mailu ${ROOT}
directory is at /mailu/
. Update it as according to your configuration.
- Create the Let's Encrypt stack from the Rancher Catalog following its documentation.
- Enter in the Let's Encrypt stack and click the "upgrade" button of the
letsencrypt
service. - Go to the "Volumes" tab, it will have a Docker named volume as
lets-encrypt:/etc/letsencrypt
. - Update that named volume to be a host volume, for example:
/etc/letsencrypt-example.com:/etc/letsencrypt
. - Now, after creating the certificates (or renovating them) you will have your certificates as:
fullchain.pem
andprivkey.pem
. - Those certificates will be under the path:
/etc/letsencrypt-example.com/production/certs/example.com/
. - Now, you have your certificates in your host in that path, but you need them inside the Mailu path, i.e. in:
/mailu/certs/cert.pem
and/mailu/certs/key.pem
. - To achieve that, create the
/mailu/certs/
directory (if you haven't already):
mkdir -p /mailu/certs/
- Go to that directory:
cd /mailu/certs/
- And there, create a link (a hard link, not a symbolic link) to those files, but with the names that you need to have inside (
key.pem
andcert.pem
):
ln /etc/letsencrypt-example.com/production/certs/example.com/privkey.pem key.pem
ln /etc/letsencrypt-example.com/production/certs/example.com/fullchain.pem cert.pem
-
Now you can start (or re-start) your Mailu Stack.
-
As you are using the Rancher Catalog Let's Encrypt stack to generate your certificates, you shouldn't use the integrated certbot with the variable
ENABLE_CERTBOT
, mark it asFalse
. -
If you want to use a Rancher Load Balancer to handle HTTPS connections with the certificate generated with the Let's Encrypt stack (working as a TLS / SSL termination proxy) you should choose the alternative frontend that doesn't implement HTTPS itself (giving that task to the Rancher Load Balancer), so instead of
nginx
as frontend, you can use:
nginx-no-https
- Then, to make sure that every
http
request gets redirected tohttps
you can start a service (container) that just redirects anyhttp
tohttps
, for example using the Docker image:jamessharp/docker-nginx-https-redirect
and configuring routes in your Rancher Load Balancer pointing anyhttp
to that container so that it gets converted tohttps
.
- If you need jwilder/nginx support and JrCs/docker-letsencrypt-nginx-proxy-companion, you need to manually symlink cert produce by JrCs/docker-letsencrypt-nginx-proxy-companion to
cert.pem
andkey.pem
in ${ROOT}/certs of your Mailu install.