Skip to content

X FAQ X Use custom ports for HTTP HTTPS

Jump to bottom
Thilo Fromm edited this page May 2, 2023 · 1 revision

In this scenario, a web server already runs on the host that also runs the mailserver container. The container cannot use port 80 / 443 because these are used by the host's webserver.

HTTP Port HTTP is required for letsencrypt certificate requests and certificate renewals. Letsencrypt does not support using a custom port for HTTP. To work around this issue and still have the mailserver container handle the mailserver's certificates, add a proxy configuration to the hosts's webserver. The proxy (i.e. the host's webserver) will accept connections on port 80 for the mailserver's HOSTNAME and forward the connection to the mailserver container. For this to work, the mailserver container needs to map its HTTP port to something else than port 80.

If you use monitoring, you can start the container's HTTPS server on a differen port (see below).

Without proxy

           host webserver                   mailserver container
    .--------------------------.        .--------------------------.
--->|:80   www.mydomain.tld    |     ??????        :-(             |
    `--------------------------´        `--------------------------´

With proxy

           host webserver          
    .------------------------------.
--->|:80   www.mydomain.tld        |
    |     mail.mydomain.tld :12345--.      mailserver container
     `----------------------------´ |   .--------------------------.
                                    `-->|:12345     8-D            |
                                        `--------------------------´

Here's a very simple proxy definition for the above, for Apache Foundation's httpd:

<VirtualHost *:80>
        ServerName mail.mydomain.tld.
        ProxyPass / http://127.0.0.1:12345/
        ProxyPassReverse / http://127.0.0.1:12345/
        ProxyPreserveHost on
</VirtualHost>

Put this in a separate .conf file in /etc/httpd/conf.d/ and run sudo systemd reload httpd (Fedora, Red Hat, CentOS, etc.) / /etc/apache/sites-enabled/ (Debian, Ubuntu, etc.) and run sudo systemd reload apache to activate.

The container start script offers custom ports for bot http and https. In order for the monitoring dashboards to work on a custom HTTPS port, edit settings.env and change

GF_SERVER_ROOT_URL=https://${HOSTNAME}/monitoring/

to

GF_SERVER_ROOT_URL=https://${HOSTNAME}:[PORT]/monitoring/

e.g. for HTTPS on port 23456, use

GF_SERVER_ROOT_URL=https://${HOSTNAME}:23456/monitoring/

The start_mailserver.sh accepts custom HTTP and HTTPS ports as positional arguments.

$ ./start_mailserver.sh <http> <hhtps>

e.g. for http proxied to port 12345 and https served on port 23456, run:

$ ./start_mailserver.sh 12345 23456
Clone this wiki locally