Replies: 4 comments 2 replies
-
|
Hi, Automatic certificate renewals are on the roadmap but not yet implemented. In the time being you need to manually update them. A reverse proxy could work but it will disable many of the authentication features such as SPF and DMARC which require the remote SMTP server address. |
Beta Was this translation helpful? Give feedback.
-
|
running this in a setup with caddy would be incredibly sweet. That way it would be easy to run in docker containers and have it setup in no time. |
Beta Was this translation helpful? Give feedback.
-
SSL CERTSCreating hardlinks from where you want stalwart to look to where caddy creates them should work. It's just crt and key files. |
Beta Was this translation helpful? Give feedback.
-
|
Seems that even behind reverse proxy, there might be a way to pass source IP: |
Beta Was this translation helpful? Give feedback.
-
|
I run a stalwart server behind a HAProxy that I can set it to layer 4 mode. Caddy run behind HAProxy, other HTTP services behind Caddy. Caddy is layer 7 proxy so it need to handle SSL itself. |
Beta Was this translation helpful? Give feedback.
-
|
There are plans to implement the PROXY protocol, which I believe is supported by Caddy as well. You can use Caddy without this feature anyway but Stalwart will treat the session as plain text. |
Beta Was this translation helpful? Give feedback.
-
Hi,
it currently is not mentioned in documentation (https://stalw.art/smtp/get-started/linux/) on how to use this behind reverse proxy like traefik. Traefik (and caddy) can be configured with automatic lets encrypt renewals so it is quite convenient.
Would it work fine or the smtp server really needs to have certificates loaded/managed by itself?
Thanks
Beta Was this translation helpful? Give feedback.
All reactions