Installing Dockerized Mailcow with custom ssl certificates

1. Follow official instructions

1. Prepare system.
2. Clone Mailcow repository.
3. Run generate_config.sh.

2. Use custom certificates (ref)

Generate SSL certificates manually e.g. using Certbot

Create docker-compose.override.yml file as follows:

version: '2.1'

services:
  dovecot-mailcow:
	volumes:
	  - ./data/assets/ssl:/etc/ssl/mail/:rw
	  - /mycerts/fullchain.pem:/etc/ssl/mail/cert.pem:ro
	  - /mycerts/privkey.pem:/etc/ssl/mail/key.pem:ro
		#- /opt/data/nginx/certs/dhparam.pem:/etc/ssl/mail/dhparams.pem:ro
  postfix-mailcow:
	volumes:
	  - ./data/assets/ssl:/etc/ssl/mail/:rw
	  - /mycerts/fullchain.pem:/etc/ssl/mail/cert.pem:ro
	  - /mycerts/privkey.pem:/etc/ssl/mail/key.pem:ro
  nginx-mailcow:
	volumes:
	  - ./data/assets/ssl:/etc/ssl/mail/:rw
	  - /mycerts/fullchain.pem:/etc/ssl/mail/cert.pem:ro
	  - /mycerts/privkey.pem:/etc/ssl/mail/key.pem:ro

Replace /mycerts/ with the directory where the certificates are e.g. /etc/letsencrypt/archive/....

Now, disable ACME. In mailcow.conf, set

```
SKIP_LETS_ENCRYPT=y
```

3. Nginx Proxy Manager

• Change ports in mailcow.conf, e.g.

    HTTP_PORT=8080
    HTTP_BIND=127.0.0.1
  

• If using Nginx Proxy Manager without network_mode: host, then we need to add nginx-mailcow to the network. In this case, we add the following to the docker-compose.override.yml above:

    services:
      nginx-mailcow:
        networks:
          - frontend
  
    networks:
      frontend:
        external: true
  

  Change the network frontend accordingly.

• We also have to increase Nginx buffer size for the web interface to work correctly (ref). Add the following to the Nginx reverse proxy config:

    proxy_buffer_size 128k;
    proxy_buffers 64 512k;
    proxy_busy_buffers_size 512k;