NGINX SSL Pass-thru and Docker
Solution 1:
You cannot have multiple application layer protocols on the same combination of IP address and port. This means that you cannot have both HTTP and HTTPS at the same port but also that you cannot have HTTP and stream (i.e. unspecified application layer protocol) on the same ip:port.
But given that you actually use stream to forward HTTP and HTTPS you might just use normal reverse proxies (proxy_pass) instead of stream, i.e. have virtual hosts for foo.com
and bar.com
as you currently have and then have another virtual host for mail.foo.com
which is a reverse proxy to your mailcow instance. Since this will be a real HTTP/HTTPS reverse proxy and not a TCP level pass-thru the certificate for mailcow need to be installed on nginx. You also can simply forward both the external HTTPS and HTTP to the HTTP interface of mailcow and let only nginx deal with HTTPS. The setup would look something like this:
server {
listen 80;
servername mail.foo.com;
location / {
proxy_pass http://127.0.0.1:3333;
}
}
server {
listen 443 ssl;
servername mail.foo.com;
ssl_certificate ...
ssl_certificate_key ...
location / {
proxy_pass http://127.0.0.1:3333;
}
}