[Support] Poste.io Free version


Jcloud

59 posts in this topic Last Reply

Recommended Posts

On 1/31/2021 at 1:50 AM, aterfax said:

I am not using the letsencrypt docker, I am using swag which is a meaningless distinction since they are the same project with a different name due to copyright issues. You do not really appear to be reading anything linked properly nor understanding anything fully. 


I'm not continuing with this dialogue.

Fair point, I am surprised you went as far as you did. You were trying to help out and basically were yelled at by a Karen. I followed what was being said and can confirm "/mnt/user/appdata/swag/keys/letsencrypt/" is just a link to to "/mnt/user/appdata/swag/etc/letsencrypt/live/domain.com/".

Thanks for the guide, it helped me understand mapping and best practice from a security perspective. *thumbsup

Link to post
  • Replies 58
  • Created
  • Last Reply

Top Posters In This Topic

Top Posters In This Topic

Popular Posts

You may want to flag this container as advanced users only or post other warnings. I can definitely see it being useful for some folks, but not on a normal consumer level ISP. Fixed IP is a must,

For users who want the letsencrypt in Poste IO working but are already using a letsencrypt docker, all you need to do is share the .well-known folders between your Poste IO and letsencrypt docker i.e.

Most common residential ISP's in the past millennium turn and even at this present time participate in banning outgoing port 25 with absolutely no support to accommodate your request to open it. Make

Posted Images

3 hours ago, brucejobs said:

Hello,

 

I have been able to get to the admin login page. What I failing to comprehend is the login credentials that I must use and how to set about creating those.

I think it may all be in vein because the PTR for my static ip shows my ISP. I have added a PTR on my cloudflared but I dont see that working out. Might have to call my ISP and beg but first, how in the binaries do I get access to my own site. I feel so noob.

Please help.

I have attempted to reset the password in the sqlite db using this suggestion "https://tothecloud.dev/reset-poste-io-admin-account/" but getting "no such table" error
# doveadm pw -s SHA512-CRYPT
Enter new password:
Retype new password:
{SHA512-CRYPT}$6$emDaT2RKQD2DgukV$0l5bwcYqsVVenw4fhd3Nrq8QJ/53ImgBtlGcS82UWRkEN.zGeOUu0WaFVtOXOx8dTiHZM1ObL7AA9M/oMDH210
# sqlite3 users.db
SQLite version 3.27.2 2019-02-25 16:06:06
Enter ".help" for usage hints.
sqlite> UPDATE users
   ...> SET password = '{SHA512-CRYPT}$6$emDaT2RKQD2DgukV$0l5bwcYqsVVenw4fhd3Nrq8QJ/53ImgBtlGcS82UWRkEN.zGeOUu0WaFVtOXOx8dTiHZM1ObL7AA9M/oMDH210'
   ...> WHERE address = 'admin@poste.io';
Error: no such table: users
sqlite> .exit

This is quickly stepping beyond the realms I normally work in but im happy to learn. Any help?

Link to post

Found the answer, by accidental discovery. Delete the "server.ini" file in data folder. When you restart it will prompt the "First poste.io configuration" page.

Now, to get reverse proxy working...

Edited by brucejobs
Link to post
  • 2 weeks later...
On 3/30/2021 at 12:56 PM, brucejobs said:

The reason is explained at the top on the first page. I tried to quote but I am lacking the understanding how multi-quote works across pages.

 

I had another look, but is till can not see it, i've tried changing ports and disabling Https, still does not work.

Link to post
  • 2 weeks later...
On 4/7/2021 at 11:18 PM, schuu said:

has anyone got this working with swag? looking for a proxy conf file if possible not sure how to make one myself. cheers

Yes I managed to get this working with swag - made my own proxy conf file. Try the attached conf file. i included screen shots of the config. Turn off HTTPS if using SWAG.
And I added some screen shots of cert mapping, it wasn't abundantly clear in previous posts.
The full string for each. Replace YOURDOMAIN with your actual domain name. Screenshots show you how to configure each.
/mnt/user/appdata/swag/etc/letsencrypt/live/YOURDOMAIN.com/chain.pem
/mnt/user/appdata/swag/etc/letsencrypt/live/YOURDOMAIN.com/privkey.pem
/mnt/user/appdata/swag/etc/letsencrypt/live/YOURDOMAIN.com/privkey.pem
/mnt/user/appdata/swag/etc/letsencrypt/live/YOURDOMAIN.com/fullchain.pem


Let me know how you get on. Good luck.

poste.subdomain.conf

Capture1.PNG

Capture2.PNG

Capture3.PNG

Capture4.PNG

Capture5.PNG

Capture6.PNG

Capture7.PNG

Edited by brucejobs
Added Screen shots
Link to post
On 4/16/2021 at 4:53 PM, brucejobs said:

Yes I managed to get this working with swag - made my own proxy conf file. Try the attached conf file. i included screen shots of the config. Turn off HTTPS if using SWAG.
And I added some screen shots of cert mapping, it wasn't abundantly clear in previous posts.
The full string for each. Replace YOURDOMAIN with your actual domain name. Screenshots show you how to configure each.
/mnt/user/appdata/swag/etc/letsencrypt/live/YOURDOMAIN.com/chain.pem
/mnt/user/appdata/swag/etc/letsencrypt/live/YOURDOMAIN.com/privkey.pem
/mnt/user/appdata/swag/etc/letsencrypt/live/YOURDOMAIN.com/privkey.pem
/mnt/user/appdata/swag/etc/letsencrypt/live/YOURDOMAIN.com/fullchain.pem


Let me know how you get on. Good luck.

poste.subdomain.conf 968 B · 0 downloads

 

this is awesome thank you, i will try it out when i can

Link to post
  • 4 weeks later...
Posted (edited)

To be explicit with my volume mounts for SSL working:
 

/data/ssl/server.crt → /mnt/user/appdata/letsencrypt/etc/letsencrypt/live/mailonlycert.DOMAIN.com/cert.pem
/data/ssl/ca.crt → /mnt/user/appdata/letsencrypt/etc/letsencrypt/live/mailonlycert.DOMAIN.com/chain.pem
/data/ssl/server.key → /mnt/user/appdata/letsencrypt/etc/letsencrypt/live/mailonlycert.DOMAIN.com/privkey.pem


I do not recall the exact details of why the above is optimal but I suspect that Poste is handling making it's own full chain cert which results in some cert mangling if you do give it your fullchain cert rather than each separately (various internal services inside the docker need different formats) - I believe that without the mounts as above the administration portal will be unable to log you in.

@brucejobs You might want to check if this is working for you / Poste may have fixed the above.

----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

To move back to the Swag docker itself.

My own nginx reverse proxy config for the Swag docker looks like:

# mail
server {
	listen 443 ssl http2;

    server_name                     mailonlycert.DOMAIN.com;

	ssl_certificate /etc/letsencrypt/live/mailonlycert.DOMAIN.com/fullchain.pem;
	ssl_certificate_key /etc/letsencrypt/live/mailonlycert.DOMAIN.com/privkey.pem;
	ssl_dhparam /config/nginx/dhparams.pem;
	ssl_ciphers 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA';
	ssl_prefer_server_ciphers on;

    location / {
        proxy_set_header        Host $host;
        proxy_set_header        X-Real-IP $remote_addr;
        proxy_set_header        X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header        X-Forwarded-Proto $scheme;
        proxy_pass              https://10.0.0.1:444;
        proxy_read_timeout      90;
        proxy_redirect          https://10.0.0.1:444 https://mailonlycert.DOMAIN.com;
    }
}


Some adjusting if you have multiple SSL certs would be needed and you should take care if using specific domain certs ala documentation here: https://certbot.eff.org/docs/using.html#where-are-my-certificates
 
The SSL configuration is effectively duplicated from: /config/nginx/ssl.conf thus could be simplified if you are only using one certificate file with:

include /config/nginx/ssl.conf



Likewise for the proxy configuration you can simplify if content with the options in /config/nginx/proxy.conf with:

include /config/nginx/proxy.conf;


----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

When using includes just be sure that the included file has what you need e.g.
 

The option:

proxy_http_version 1.1; 

Is particularly important if you are using websockets on the internal service.


In some cases (Jellyfin perhaps) you may also want additional statements like the following for connection rate limiting:


Outside your server block:

limit_conn_zone $binary_remote_addr zone=barfoo:10m;


Inside your server block:

location ~ Items\/.*\/Download.* {
	proxy_buffering on;
	limit_rate_after 5M;
	limit_rate       1050k;
	limit_conn barfoo 1;
	limit_conn_status 429;
}


----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

Cheers, (hope there's no typos!)

Edited by aterfax
Styling adjustment.
Link to post
  • 2 months later...
On 3/7/2018 at 7:22 AM, gxs said:

I can't enter the web interface screen. Port 8280 (webui port) only forwards me to  https://myserver/admin/install/server. The problem is that this then shows my unraid interface.

Adding the port like https://myserver:8280/admin/install/server or even changing it to http doesn't do anything.

 

Is there anything I'm missing?

 

has anyone actually figured this out that couldn't? seems like its been mentioned a few times here that cant get it to load because it forwards to HTTPS, and either ignored or followed up by an explanation that really doesn't solve the issue for someone from the outside looking at this thread lol.

 

I have tried google and forums for literally hours tonight to get this running.....and have had no luck at all.

The best attempt i believe i have made based on everything i have seen, is I tried adding the -e "HTTPS=OFF" to the extra parameters field in the advanced view when you create the docker......and still cannot access the interface on port 8280.....

 

I noticed when i start or update the container i notice in the "command:" field its putting it at the end, just before the Repository, but in the instructions it says to place it before the image name and i cannot figure out how to accomplish that....

 

Any help would be great!!

Link to post

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.