This guide is optimized for installing Mailcow: Dockerized on a VPS running Nginx Proxy Manager (NPM) and Portainer. It includes fixes for common issues like Redirect Loops and 504 Gateway Timeout Errors.
1. Prerequisites
- VPS with Docker & Docker Compose pre-installed.
- Domain name:
mail.khaisanfood.vn(pointing to VPS IP). - Nginx Proxy Manager is running in a Docker container.
DNS record
| Type | Name | Value | Proxy Status |
|---|---|---|---|
| A | Your VPS IP | DNS Only | |
| CNAME | autodiscover | mail.khaisanfood.vn | DNS Only |
| CNAME | autoconfig | mail.khaisanfood.vn | DNS Only |
| MX | @ | mail.khaisanfood.vn | Priority 10 |
| TXT | @ | v=spf1 mx ~all | – |
2. Installation Steps
Step 1: Clone Mailcow
cd /opt
git clone https://github.com/mailcow/mailcow-dockerized
cd mailcow-dockerizedStep 2: Generate Configuration
./generate_config.sh
Hostname: mail.khaisanfood.vn
Timezone: Asia/HoChiMinh
ClamAV: Y (if RAM > 4GB) or N.Step 3: Configure mailcow.conf (Important)
Edit the configuration to avoid conflicts and loops.
nano mailcow.confChange the following variables:
- Prevent Redirect Loops:
HTTP_REDIRECT=n
(We let Nginx Proxy Manager handle HTTPS, so turn off Mailcow's internal redirection). - Bind to All Interfaces (so NPM can see it):
HTTP_BIND=0.0.0.0HTTPS_BIND=0.0.0.0 - Change Ports (to avoid 80/443 conflicts):
HTTP_PORT=8080HTTPS_PORT=8443 - Avoid IP Conflicts (Fix “Pool overlaps”):
IPV4_NETWORK=192.168.201
Step 4: Firewall Setup (Fix 504 Error)
Ensure Docker containers can communicate with each other.
ufw allow from 172.16.0.0/12 to anyStep 5: Start Mailcow
docker compose pull
docker compose up -d3. Nginx Proxy Manager Configuration
Access Nginx Proxy Manager and add a new Proxy Host.
Details Tab
- Domain Names:
mail.khaisanfood.vn - Scheme:
http(Important! Connect via HTTP) - Forward Hostname / IP:
172.17.0.1
(This is the standard Docker Gateway IP. Checkip addr show docker0to confirm). - Forward Port:
8080 - Cache Assets: Disabled
- Block Common Exploits: Enabled
SSL Tab
- SSL Certificate: Request a new Let's Encrypt certificate.
- Force SSL: Enabled.
- HTTP/2 Support: Enabled.
Click Save. Now you can access https://mail.khaisanfood.vn.
4. Post-Installation
Sync SSL Certificates (For Email Clients)
NPM handles web SSL, but Mailcow needs certificates for SMTP/IMAP. You need to copy them from the NPM Docker volume on the host.
Find your NPM Certificate ID: Check the NPM dashboard or look in the directory. Example Host Path: /var/lib/docker/volumes/nginx-proxy-managernpmletsencrypt/_data/live/npm-21 (id 21 will be different for each domain).
Sync Command:
# Update this path to match your Host Path found above
NPMCERTPATH="/var/lib/docker/volumes/nginx-proxy-managernpmletsencrypt/_data/live/npm-21"
cp "$NPMCERTPATH/fullchain.pem" /opt/mailcow-dockerized/data/assets/ssl/cert.pem
cp "$NPMCERTPATH/privkey.pem" /opt/mailcow-dockerized/data/assets/ssl/key.pem
cd /opt/mailcow-dockerized
docker compose restart postfix-mailcow dovecot-mailcow nginx-mailcowReset Admin Password
If admin / moohoo not working:
cd /opt/mailcow-dockerized/helper-scripts
bash mailcow-reset-admin.shDNS / DKIM
Log in to Mailcow UI -> Configuration -> Mail Setup -> DNS to get the DKIM record and add it to your DNS provider.
5. Adding Additional Domains (Multi-Domain Setup)
You can host multiple email domains (e.g., @dpsmedia.vn) on this same server.
A. Add Domain in Mailcow
- Log in to Mailcow UI as Admin.
- Go to Configuration -> Mail Setup -> Domains.
- Click Add Domain.
- Domain:
dpsmedia.vn(or your new domain). - Click Add Domain and restart SOGo.
B. DNS for New Domain (dpsmedia.vn)
Go to the DNS provider for dpsmedia.vn and add these records. Important: Point them to your current mail server URL (mail.khaisanfood.vn).
| Type | Name | Value | Status |
|---|---|---|---|
| MX | @ | mail.khaisanfood.vn | Priority 10 |
| TXT | @ | v=spf1 mx include:mail.khaisanfood.vn ~all | – |
| CNAME | autodiscover | mail.khaisanfood.vn | DNS Only |
| CNAME | autoconfig | mail.khaisanfood.vn | DNS Only |
| TXT | dkim._domainkey | (Copy value from Mailcow UI -> DNS) | – |
| TXT | _dmarc | v=DMARC1; p=none; | – |
(You do NOT need a new IP address. Everything goes through the main IPs).
C. (Optional) Access Mailcow UI via mail.dpsmedia.vn
If you want to access the Admin UI via https://mail.dpsmedia.vn:
Edit Config:
nano mailcow.conf
ADDITIONALSERVERNAMES=mail.dpsmedia.vn
docker compose up -dNginx Proxy Manager: Copy the exact settings of mail.khaisanfood.vn.
D. SSL Certificates for Additional Domains
Option 1: (Recommended) Use mail.khaisanfood.vn for Incoming/Outgoing Server.
Option 2: (Advanced) Enable ENABLESSLSNI=y in config, create a separate SSL directory and sync the new certificate there.
6. Fix Email Sending (Gmail Block)
If you encounter an error 550-5.7.1, it means your IP has low reputation.
A. Set Up Reverse DNS (PTR) – Mandatory
Go to your VPS provider's Dashboard, set the PTR Record for your IP to mail.khaisanfood.vn.
B. Use SMTP Relay
If the IP is blacklisted, use Amazon SES, SendGrid, or Mailgun as a Relay.
7. Uninstallation Guide
Warning: This will delete ALL email data.
cd /opt/mailcow-dockerized
docker compose down -v
cd /opt
rm -rf mailcow-dockerizedDelete Proxy Host in NPM.
