Im trying to setup Zimbra behind Traefik (reverse proxy) and I want Traefik to handle SSL termination. Anything between Traefik and Zimbra should be in http and certificates are handles on Traefik's side.
Im testing locally with self-signed certificates generated with openssl under a "certs" folder.
hostname "email.domain.com" is also routed locally in /etc/hosts.
Here is my docker-compose.yml file:
Code: Select all
version: '3.5'
services:
traefik:
image: traefik:alpine
command: --api --docker --logLevel=DEBUG
ports:
- "80:80"
- "443:443"
networks:
- traefik
volumes:
- /var/run/docker.sock:/var/run/docker.sock:ro
- ./traefik.toml:/traefik.toml
- ./certs:/certs
container_name: traefik
zimbra:
image: custom/zimbra
build: .
restart: always
networks:
- traefik
hostname: email.domain.com
ports:
- 25:25
- 465:465
- 587:587
- 110:110
- 143:143
- 993:993
- 995:995
- 8080:8080
- 8443:8443
- 7071:7071
- 9071:9071
dns:
- 127.0.0.1
- 8.8.8.8
labels:
- traefik.zimbra.frontend.rule=Host:email.domain.com
- traefik.zimbra.port=8080
- traefik.zimbra.protocol=http
- traefik.zimbra-admin.frontend.rule=Host:admin.domain.com
- traefik.zimbra-admin.port=7071
- traefik.zimbra-admin.protocol=http
environment:
- "PASSWORD=zimbra-password"
container_name: zimbra
networks:
traefik:
Code: Select all
FROM jorgedlcruz/zimbra
RUN rm -r /var/lib/apt/lists/*
RUN mkdir /var/lib/apt/lists/partial
RUN apt-get update -y
RUN apt-get install -y software-properties-common
RUN apt-get install -y language-pack-en-base
RUN export LC_ALL=en_US.UTF-8 && export LANG=en_US.UTF-8
RUN apt-get update -y && apt-get install -y iputils-ping
Code: Select all
InsecureSkipVerify = true
defaultEntryPoints = ["http","https"]
[entryPoints]
[entryPoints.http]
address = ":80"
[entryPoints.http.redirect]
entryPoint = "https"
[entryPoints.https]
address = ":443"
[entryPoints.https.tls]
[[entryPoints.https.tls.certificates]]
certFile = "/certs/cert.crt"
keyFile = "/certs/cert.key"
Is there a way to debug this. Can SSL be disabled altogether in Zimbra? do I need to override Zimbra's internal nginx config?