Skip to content

Instantly share code, notes, and snippets.

@RikoDEV

RikoDEV/docker-compose.yml

Last active March 10, 2025 23:38
Show Gist options
  • Save RikoDEV/e6a8c3df43b892b6143e4368048240da to your computer and use it in GitHub Desktop.
Save RikoDEV/e6a8c3df43b892b6143e4368048240da to your computer and use it in GitHub Desktop.
Download ZIP
Poste.io + Traefik v3 | Docker Compose Setup
Raw
docker-compose.yml
networks:
traefik-proxy:
name: traefik_gateway
external: true
services:
mailserver:
image: analogic/poste.io
container_name: mailserver
hostname: mail.example.com
restart: always
environment:
- DISABLE_CLAMAV=TRUE
volumes:
- /etc/localtime:/etc/localtime:ro
- ./data:/data
labels:
- "traefik.enable=true"
- "traefik.http.routers.mailserver.entrypoints=web"
- "traefik.http.routers.mailserver.rule=Host(`mail.example.com`)"
- "traefik.http.routers.mailserver.service=mailserver"
- "traefik.http.services.mailserver.loadbalancer.server.port=80"
- "traefik.tcp.routers.mailserver.entrypoints=websecure"
- "traefik.tcp.routers.mailserver.rule=HostSNI(`mail.example.com`)"
- "traefik.tcp.routers.mailserver.service=mailserver"
- "traefik.tcp.routers.mailserver.tls.passthrough=true"
- "traefik.tcp.services.mailserver.loadbalancer.server.port=443"
networks:
- traefik-proxy
extra_hosts:
- "host.docker.internal:host-gateway"
ports:
- "25:25"
- "110:110"
- "143:143"
- "465:465"
- "587:587"
- "993:993"
- "995:995"
@YnievesDotNet
Copy link

I try use that, but fail when i call the LE Challenge

[2024-09-11T14:53:42.767553+00:00] LEScript.INFO: ACME Client: analogic-lescript/0.3.0
[2024-09-11T14:53:42.767842+00:00] LEScript.INFO: Getting list of URLs for API
[2024-09-11T14:53:42.835801+00:00] LEScript.INFO: Requesting new nonce for client communication
[2024-09-11T14:53:42.937584+00:00] LEScript.INFO: Account already registered. Continuing.
[2024-09-11T14:53:42.937689+00:00] LEScript.INFO: Sending registration to letsencrypt server
[2024-09-11T14:53:42.965160+00:00] LEScript.INFO: Sending signed request to https://acme-v02.api.letsencrypt.org/acme/new-acct
[2024-09-11T14:53:43.050776+00:00] LEScript.INFO: Account: https://acme-v02.api.letsencrypt.org/acme/acct/1941147216
[2024-09-11T14:53:43.050900+00:00] LEScript.INFO: Starting certificate generation process for domains
[2024-09-11T14:53:43.051727+00:00] LEScript.INFO: Requesting challenge for mail.domain.com
[2024-09-11T14:53:43.078353+00:00] LEScript.INFO: Sending signed request to https://acme-v02.api.letsencrypt.org/acme/new-order
[2024-09-11T14:53:43.194587+00:00] LEScript.INFO: Sending signed request to https://acme-v02.api.letsencrypt.org/acme/authz-v3/402299506156
[2024-09-11T14:53:43.343344+00:00] LEScript.INFO: Got challenge token for mail.domain.com
[2024-09-11T14:53:43.343899+00:00] LEScript.INFO: Token for mail.domain.com saved at /opt/www//.well-known/acme-challenge/aYq1hgW_7oFJIDZPLyvcTvfbo-q4mCSAavVG5OU2gKI and should be available at http://mail.domain.com/.well-known/acme-challenge/aYq1hgW_7oFJIDZPLyvcTvfbo-q4mCSAavVG5OU2gKI
[2024-09-11T14:53:43.343977+00:00] LEScript.INFO: Sending request to challenge
[2024-09-11T14:53:43.371022+00:00] LEScript.INFO: Sending signed request to https://acme-v02.api.letsencrypt.org/acme/chall-v3/402299506156/ewZ6eQ
[2024-09-11T14:53:43.459346+00:00] LEScript.INFO: Verification pending, sleeping 1s
[2024-09-11T14:53:44.486901+00:00] LEScript.INFO: Sending signed request to https://acme-v02.api.letsencrypt.org/acme/chall-v3/402299506156/ewZ6eQ
[2024-09-11T14:53:44.619196+00:00] LEScript.ERROR: 400 {   "type": "urn:ietf:params:acme:error:malformed",   "detail": "Unable to update challenge :: authorization must be pending",   "status": 400 }
[2024-09-11T14:53:44.619339+00:00] LEScript.ERROR: #0 /opt/admin/vendor/analogic/lescript/Lescript.php(580): Analogic\ACME\Client->curl()
[2024-09-11T14:53:44.619400+00:00] LEScript.ERROR: #1 /opt/admin/vendor/analogic/lescript/Lescript.php(448): Analogic\ACME\Client->post()
[2024-09-11T14:53:44.619448+00:00] LEScript.ERROR: #2 /opt/admin/vendor/analogic/lescript/Lescript.php(164): Analogic\ACME\Lescript->signedRequest()
[2024-09-11T14:53:44.619494+00:00] LEScript.ERROR: #3 /opt/admin/src/Base/Handler/LeHandler.php(62): Analogic\ACME\Lescript->signDomains()
[2024-09-11T14:53:44.619537+00:00] LEScript.ERROR: #4 /opt/admin/src/Base/Controller/LeController.php(71): App\Base\Handler\LeHandler->renew()
[2024-09-11T14:53:44.619581+00:00] LEScript.ERROR: #5 /opt/admin/vendor/symfony/http-kernel/HttpKernel.php(163): App\Base\Controller\LeController->issueAction()
[2024-09-11T14:53:44.619625+00:00] LEScript.ERROR: #6 /opt/admin/vendor/symfony/http-kernel/HttpKernel.php(75): Symfony\Component\HttpKernel\HttpKernel->handleRaw()
[2024-09-11T14:53:44.619696+00:00] LEScript.ERROR: #7 /opt/admin/vendor/symfony/http-kernel/Kernel.php(202): Symfony\Component\HttpKernel\HttpKernel->handle()
[2024-09-11T14:53:44.619761+00:00] LEScript.ERROR: #8 /opt/admin/public/index.php(27): Symfony\Component\HttpKernel\Kernel->handle()
[2024-09-11T14:53:44.619806+00:00] LEScript.ERROR: #9 {main}

And I see the challenge is taken by traefik and not by PosteIO

2024-09-11T14:54:14Z ERR Cannot retrieve the ACME challenge for mail.domain.com (token "aYq1hgW_7oFJIDZPLyvcTvfbo-q4mCSAavVG5OU2gKI") providerName=acme

thanks

@hhftechnology
Copy link

2024-09-11T14:54:14Z ERR Cannot retrieve the ACME challenge for mail.domain.com (token "aYq1hgW_7oFJIDZPLyvcTvfbo-q4mCSAavVG5OU2gKI") providerName=acme

networks:
  traefik-proxy:
    name: traefik_gateway
    external: true

services:
  mailserver:
    image: analogic/poste.io
    container_name: mailserver
    hostname: mail.example.com
    restart: always
    environment:
      - DISABLE_CLAMAV=TRUE
      # Disable Poste.io's built-in Let's Encrypt
      - DISABLE_LETSENCRYPT=TRUE 
    volumes:
      - /etc/localtime:/etc/localtime:ro
      - ./data:/data
    labels:
      - "traefik.enable=true"
      
      # HTTP
      - "traefik.http.routers.mailserver.entrypoints=web"
      - "traefik.http.routers.mailserver.rule=Host(`mail.example.com`)"
      - "traefik.http.routers.mailserver.service=mailserver"
      - "traefik.http.services.mailserver.loadbalancer.server.port=80"
      
      # HTTPS
      - "traefik.http.routers.mailserver-secure.entrypoints=websecure"
      - "traefik.http.routers.mailserver-secure.rule=Host(`mail.example.com`)"
      - "traefik.http.routers.mailserver-secure.service=mailserver"
      - "traefik.http.routers.mailserver-secure.tls=true"
      - "traefik.http.routers.mailserver-secure.tls.certresolver=le" # Assuming your Traefik is configured with a certresolver named 'le'

      # Mail ports
      - "traefik.tcp.routers.smtp.entrypoints=smtp"
      - "traefik.tcp.routers.smtp.rule=HostSNI(`*`)"
      - "traefik.tcp.routers.smtp.service=smtp"
      - "traefik.tcp.services.smtp.loadbalancer.server.port=25"

      - "traefik.tcp.routers.smtps.entrypoints=smtps"
      - "traefik.tcp.routers.smtps.rule=HostSNI(`*`)"
      - "traefik.tcp.routers.smtps.service=smtps"
      - "traefik.tcp.services.smtps.loadbalancer.server.port=465"

      # Add similar configurations for other mail ports (587, 993, etc.)
    networks:
      - traefik-proxy
    extra_hosts:
      - "host.docker.internal:host-gateway"
    ports:
      - "25:25"
      - "110:110"
      - "143:143"
      - "465:465"
      - "587:587"
      - "993:993"
      - "995:995"

Traefik configuration snippet

# traefik.yml
certificatesResolvers:
  le:
    acme:
      email: [email protected]
      storage: acme.json
      httpChallenge:
        entryPoint: web

entryPoints:
  web:
    address: ":80"
  websecure:
    address: ":443"
  smtp:
    address: ":25"
  smtps:
    address: ":465"
  # Define other mail ports as needed

@YnievesDotNet
Copy link

I did that but continue with fail on the tcp connections.

continue showing the last certificate and not the new

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment