[GH-ISSUE #450] [Feature Request] Set up a mail server behind Nginx Proxy Manager #380

New issue

Closed

opened 2026-02-26 06:32:37 +03:00 by kerem · 10 comments

kerem commented 2026-02-26 06:32:37 +03:00

Owner

Copy link

Originally created by @aitkar on GitHub (Jun 7, 2020).
Original GitHub issue: https://github.com/NginxProxyManager/nginx-proxy-manager/issues/450

Hi,

First of all, many thanks to have created this great tool to handle reverse proxy servers in a simple and great UI.

I need to "stream" some mails servers ports (25,110,143 etc...) following a sub domain e.g. mail.example.com

An example here:

mail {
    server_name mail.example.com;
    auth_http   localhost:9000/cgi-bin/nginxauth.cgi;

    proxy_pass_error_message on;

    ssl                 on;
    ssl_certificate     /etc/ssl/certs/server.crt;
    ssl_certificate_key /etc/ssl/certs/server.key;
    ssl_protocols       TLSv1 TLSv1.1 TLSv1.2;
    ssl_ciphers         HIGH:!aNULL:!MD5;
    ssl_session_cache   shared:SSL:10m;
    ssl_session_timeout 10m;

    server {
        listen     25;
        protocol   smtp;
        smtp_auth  login plain cram-md5;
    }

    server {
        listen    110;
        protocol  pop3;
        pop3_auth plain apop cram-md5;
}

     server {
        listen   143;
        protocol imap;
    }
}

I am using jc21/nginx-proxy-manager:latest 2.3

Thank you for considering this new feature request.

Originally created by @aitkar on GitHub (Jun 7, 2020). Original GitHub issue: https://github.com/NginxProxyManager/nginx-proxy-manager/issues/450 Hi, First of all, many thanks to have created this great tool to handle reverse proxy servers in a simple and great UI. I need to "stream" some mails servers ports (25,110,143 etc...) following a sub domain e.g. mail.example.com An example here: ``` mail { server_name mail.example.com; auth_http localhost:9000/cgi-bin/nginxauth.cgi; proxy_pass_error_message on; ssl on; ssl_certificate /etc/ssl/certs/server.crt; ssl_certificate_key /etc/ssl/certs/server.key; ssl_protocols TLSv1 TLSv1.1 TLSv1.2; ssl_ciphers HIGH:!aNULL:!MD5; ssl_session_cache shared:SSL:10m; ssl_session_timeout 10m; server { listen 25; protocol smtp; smtp_auth login plain cram-md5; } server { listen 110; protocol pop3; pop3_auth plain apop cram-md5; } server { listen 143; protocol imap; } } ``` I am using jc21/nginx-proxy-manager:latest 2.3 Thank you for considering this new feature request.

kerem closed this issue 2026-02-26 06:32:37 +03:00

kerem commented 2026-02-26 06:32:38 +03:00

Author

Owner

Copy link

@Shifter2600 commented on GitHub (Aug 21, 2020):

I would be interested in this as well. I was able to get reverse proxies going for pop but I don't have it working for imap. Wonder if anyone has imap working.

<!-- gh-comment-id:677986445 --> @Shifter2600 commented on GitHub (Aug 21, 2020): I would be interested in this as well. I was able to get reverse proxies going for pop but I don't have it working for imap. Wonder if anyone has imap working.

kerem commented 2026-02-26 06:32:38 +03:00

Author

Owner

Copy link

@kennylajara commented on GitHub (May 12, 2021):

Any update on this issue?

<!-- gh-comment-id:840130617 --> @kennylajara commented on GitHub (May 12, 2021): Any update on this issue?

kerem commented 2026-02-26 06:32:38 +03:00

Author

Owner

Copy link

@Tradeforlife commented on GitHub (Sep 6, 2021):

I would also like to see this thanks.

<!-- gh-comment-id:913602512 --> @Tradeforlife commented on GitHub (Sep 6, 2021): I would also like to see this thanks.

kerem commented 2026-02-26 06:32:38 +03:00

Author

Owner

Copy link

@b10126 commented on GitHub (Sep 10, 2021):

I would also recommend this feature.

Today the ports are routed directly from the fritzbox to my Mailserver, which is not behind the proxy. The certificate is copied manually to the Mailserver, very manual. :-(

Or does anyone has a workaround?

Many thanks.....

<!-- gh-comment-id:916633319 --> @b10126 commented on GitHub (Sep 10, 2021): I would also recommend this feature. Today the ports are routed directly from the fritzbox to my Mailserver, which is not behind the proxy. The certificate is copied manually to the Mailserver, very manual. :-( Or does anyone has a workaround? Many thanks.....

kerem commented 2026-02-26 06:32:38 +03:00

Author

Owner

Copy link

@mpldr commented on GitHub (Oct 8, 2021):

Or does anyone has a workaround?

I am using TCP Streams to forward to the ports bound to loopback. Unfortunately that does not seem to work with STARTTLS and I am not quite happy sending my credentials over the wire unencrypted.

<!-- gh-comment-id:938424625 --> @mpldr commented on GitHub (Oct 8, 2021): > Or does anyone has a workaround? I am using TCP Streams to forward to the ports bound to loopback. Unfortunately that does not seem to work with STARTTLS and I am not quite happy sending my credentials over the wire unencrypted.

kerem commented 2026-02-26 06:32:38 +03:00

Author

Owner

Copy link

@vincemd22 commented on GitHub (Dec 25, 2021):

Hello,
I am very interested in the function of proxymail
Is it possible to manually add an SSL on a stream on the current version of NPM ?

<!-- gh-comment-id:1000994270 --> @vincemd22 commented on GitHub (Dec 25, 2021): Hello, I am very interested in the function of proxymail Is it possible to manually add an SSL on a stream on the current version of NPM ?

kerem commented 2026-02-26 06:32:38 +03:00

Author

Owner

Copy link

@chaptergy commented on GitHub (Dec 25, 2021):

@vincemd22 No, that's unfortunately not possible. The way streams work in nginx a stream can't do basically anything because it does not look at the body of a request. Streams work on the TCP / UDP, so protocol specific things like SSL can't be done there. SSL termination only work within the nginx http block (so normal proxy hosts in npm) or in a mail block, which does not exist in npm and is what this feature request is about.

<!-- gh-comment-id:1001007755 --> @chaptergy commented on GitHub (Dec 25, 2021): @vincemd22 No, that's unfortunately not possible. The way streams work in nginx a stream can't do basically anything because it does not look at the body of a request. Streams work on the TCP / UDP, so protocol specific things like SSL can't be done there. SSL termination only work within the nginx http block (so normal proxy hosts in npm) or in a mail block, which does not exist in npm and is what this feature request is about.

kerem commented 2026-02-26 06:32:38 +03:00

Author

Owner

Copy link

@ahknight commented on GitHub (Dec 27, 2021):

Nginx can do it. mailu is a project that uses nginx as a TLS proxy for HTTP, SMTP, IMAP, and POP. Here's their config: https://github.com/Mailu/Mailu/blob/master/core/nginx/conf/nginx.conf

<!-- gh-comment-id:1001716613 --> @ahknight commented on GitHub (Dec 27, 2021): Nginx can do it. mailu is a project that uses nginx as a TLS proxy for HTTP, SMTP, IMAP, and POP. Here's their config: https://github.com/Mailu/Mailu/blob/master/core/nginx/conf/nginx.conf

kerem commented 2026-02-26 06:32:38 +03:00

Author

Owner

Copy link

@chaptergy commented on GitHub (Dec 27, 2021):

@ahknight I said it is not possible using streams, as was the question. It is possible in general in nginx, just not in npm. It currently has no way to add servers inside a mail block, expect by mounting your own mail block into /data/nginx/custom/root.conf. (See custom mountpoints)

<!-- gh-comment-id:1001726767 --> @chaptergy commented on GitHub (Dec 27, 2021): @ahknight I said it is not possible using streams, as was the question. It is possible in general in nginx, just not in npm. It currently has no way to add servers inside a [mail block](https://github.com/Mailu/Mailu/blob/master/core/nginx/conf/nginx.conf#L254), expect by mounting your own `mail` block into `/data/nginx/custom/root.conf`. (See [custom mountpoints](https://nginxproxymanager.com/advanced-config/#custom-nginx-configurations))

kerem commented 2026-02-26 06:32:38 +03:00

Author

Owner

Copy link

@chaptergy commented on GitHub (Dec 27, 2021):

Also closing this in favor of https://github.com/jc21/nginx-proxy-manager/issues/1110, since it has more upvotes.

<!-- gh-comment-id:1001739534 --> @chaptergy commented on GitHub (Dec 27, 2021): Also closing this in favor of https://github.com/jc21/nginx-proxy-manager/issues/1110, since it has more upvotes.

Sign in to join this conversation.

No Branch/Tag specified

Branches Tags

develop

dependabot/npm_and_yarn/backend/liquidjs-10.25.7

dependabot/npm_and_yarn/frontend/prod-minor-updates-2a16bf3987

dependabot/npm_and_yarn/frontend/dev-patch-updates-754666cf41

dependabot/npm_and_yarn/backend/basic-ftp-5.3.0

dependabot/npm_and_yarn/test/follow-redirects-1.16.0

dependabot/npm_and_yarn/test/axios-1.15.0

dependabot/npm_and_yarn/frontend/lodash-4.18.1

dependabot/npm_and_yarn/backend/lodash-4.18.1

dependabot/npm_and_yarn/test/lodash-4.18.1

dependabot/npm_and_yarn/frontend/vite-7.3.2

dependabot/npm_and_yarn/backend/prod-minor-updates-5ec19a7f21

dependabot/npm_and_yarn/frontend/lodash-es-4.18.1

dependabot/npm_and_yarn/frontend/happy-dom-20.8.9

dependabot/npm_and_yarn/backend/path-to-regexp-8.4.0

dependabot/npm_and_yarn/frontend/picomatch-4.0.4

dependabot/npm_and_yarn/backend/picomatch-2.3.2

dependabot/npm_and_yarn/frontend/yaml-1.10.3

dependabot/npm_and_yarn/test/flatted-3.4.2

dependabot/npm_and_yarn/test/tar-7.5.11

dependabot/npm_and_yarn/frontend/immutable-5.1.5

master

dependabot/npm_and_yarn/test/glob-10.5.0

dependabot/npm_and_yarn/frontend/mdast-util-to-hast-13.2.1

dependabot/npm_and_yarn/test/form-data-4.0.4

v3-abandoned

bump-freedns

openidc

ssl-passthrough-hosts

static-content

v2.14.0

v2.13.7

v2.13.6

v2.13.5

v2.13.4

v2.13.3

v2.13.2

v2.13.1

v2.13.0

v2.12.6

v2.12.5

v2.12.4

v2.12.3

v2.12.2

v2.12.1

v2.12.0

v2.11.3

v2.11.2

v2.11.1

v2.11.0

v2.10.4

v2.10.3

v2.10.2

v2.10.1

v2.10.0

v2.9.22

v2.9.21

v2.9.20

v2.9.19

v2.9.18

v2.9.17

v2.9.16

v2.9.15

v2.9.14

v2.9.13

v2.9.12

v2.9.11

v2.9.10

v2.9.9

v2.9.8

v2.9.7

v2.9.6

v2.9.5

v2.9.4

v2.9.3

v2.9.2

v2.9.1

v2.9.0

v2.8.1

v2.8.0

v2.7.3

v2.7.2

v2.7.1

v2.7.0

v2.6.2

v2.6.1

v2.6.0

v2.5.0

v2.4.0

v2.3.1

v2.3.0

v2.2.4

v2.2.3

v2.2.2

v2.2.1

v2.2.0

v2.1.2

v2.1.1

v2.1.0

2.0.14

2.0.13

2.0.12

2.0.11

2.0.10

2.0.9

2.0.8

2.0.7

2.0.6

2.0.5

2.0.4

2.0.3

2.0.2

2.0.0

v2.0.0

1.1.2

1.1.1

1.0.1

Labels

Clear labels   

awaiting feedback

  

bug

  

cannot reproduce

  

dns provider request

  

duplicate

  

enhancement

  

enhancement

  

enhancement

  

good first issue

  

help wanted

  

invalid

  

need more info

  

no certbot plugin available

  

product-support

  

pull-request

Mirrored from GitHub Pull Request

  

question

  

stale

  

troll

  

upstream issue

  

v2

  

v2

  

v2

  

v3

  

wontfix

No labels

awaiting feedback

bug

cannot reproduce

dns provider request

duplicate

enhancement

enhancement

enhancement

good first issue

help wanted

invalid

need more info

no certbot plugin available

product-support

pull-request

question

stale

troll

upstream issue

v2

v2

v2

v3

wontfix

Milestone

Clear milestone

No items

No milestone

Projects

Clear projects

No items

No project

Assignees

Clear assignees

No assignees

1 participant

Notifications

Subscribe

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference

starred/nginx-proxy-manager-NginxProxyManager#380

No description provided.