Go to file
uzurka 7b657f81fe Changed: Added 'use_traefik: false' as default var 2023-09-07 17:18:06 +02:00
.github/workflows first commit 2023-06-29 22:46:24 +02:00
defaults/main Changed: Added 'use_traefik: false' as default var 2023-09-07 17:18:06 +02:00
handlers fixed ports error by replacing docker-compose with docker compose 2023-07-02 09:57:35 +02:00
meta first commit 2023-06-29 22:46:24 +02:00
tasks edited readme & main.yml 2023-07-02 09:51:35 +02:00
templates Changed: Added 'use_traefik: false' as default var 2023-09-07 17:18:06 +02:00
.ansible-lint first commit 2023-06-29 22:46:24 +02:00
.editorconfig first commit 2023-06-29 22:46:24 +02:00
.gitignore first commit 2023-06-29 22:46:24 +02:00
.yamllint first commit 2023-06-29 22:46:24 +02:00
LICENSE first commit 2023-06-29 22:46:24 +02:00
README.md edited readme & main.yml 2023-07-02 09:51:35 +02:00


Cloned from the official repo

This repo is a clone of the official mailcow-dockerized ansible role available here : https://github.com/mailcow/mailcow-ansiblerole
My purpose is to make it easily usable with Traefik, as the installation of mailcow behind traefik can easily be a mess.

Added variables:

Name Purpose default value note
use_traefik Template or not the docker-compose.override.yml file to add traefik labels must be set (true/false) If not set, the role will exec normally, with mailcow ports opened
traefik_http_entrypoint Tells the role the web entrypoint for traefik, for compose override labels Must be set
traefik_https_entrypoint Tells the role the websecure entrypoint for traefik, for compose override labels Must be set
traefik_certresolver Tells the role the traefik certificate resolver, for compose override labels Must be set
traefik_acme_location Define the folder where the traefik acme.json file is located Must be set Used by certdumper to convert traefik ssl certs to pem files for Mailcow
traefik_network Defines the traefik default network for the compose-override Must be set
domain The domain ONLY (domain.tld) Must be set Used for the Traefik labels to set rule Host to mail.domain.tld

Exemple playbook for installing Ansible behind a traefik reverse proxy

I assume you already have docker & traefik installed, and you know what are entrypoints, network, acme and certresolver !

- hosts: openmediavault
  name: Playbook pour la configuration du serveur OpenMediaVault
    use_traefik: "true"
    mailcow__hostname: mail.domain.tld
    mailcow__install_path: /opt/mailcow-dockerized
    mailcow__timezone: Europe/Paris
    mailcow__config_http_port: '81'
    mailcow__config_https_port: '444'
    mailcow__config_skip_lets_encrypt: "y"
    mailcow__config_skip_clamd: "y"
    traefik_http_entrypoint: web
    traefik_https_entrypoint: websecure
    traefik_certresolver: letsencrypt
    traefik_acme_location: /opt/traefik
    traefik_network: traefik
    - name: mailcow-ansiblerole

At the moment, and since my PR on Mailcow-dockerized haven't be accepted, you need to manually edit the docker-compose.yml file lines 381 & 382. Here's the replacement (probably fixed):


- "${HTTPS_BIND:-}:${HTTPS_PORT:-443}:${HTTPS_PORT:-443}"
- "${HTTP_BIND:-}:${HTTP_PORT:-80}:${HTTP_PORT:-80}"


- "${HTTPS_BIND:-}${HTTPS_PORT:-443}:${HTTPS_PORT:-443}"
- "${HTTP_BIND:-}${HTTP_PORT:-80}:${HTTP_PORT:-80}"

mailcow: dockerized - Ansible role 🐮 + 🐋 = 💕

This role will setup a mailcow dockerized email server.


  • Up and running Ubuntu/Debian host (other distributions not supported/tested for now)
  • Docker Compose v2 is required!


Requirements Description
docker ce Docker has to be installed on the host
docker-compose docker-compose is needed


This role will use by default the inventory_hostname as mailcow hostname, this means that you have to use the full qualified domain name as your inventory hostname e.g. mail.mailcow.tld or you set mailcow__hostname to the correct FQDN.


name purpose default value note
mailcow__hostname sets MAILCOW_HOSTNAME inventory_hostname needs to be an full qualified domain name
mailcow__install_path sets the path where the mailcow-dockerized repo will be cloned /opt/mailcow-dockerized
mailcow__git_version checkout a specific version of mailcow master
mailcow__timezone used to set the timezone your mailcow runs in during the config generation not set must be set
mailcow__docker_compose_project_name sets the docker-compose projectname to a user-defined string mailcowdockerized
mailcow__theme set the default mailcow theme in vars.local.inc.php lumen
mailcow__config_http_port sets HTTP_PORT in mailcow.conf 80
mailcow__config_http_bind sets HTTP_BIND in mailcow.conf none
mailcow__config_https_port sets HTTPS_PORT in mailcow.conf 443
mailcow__config_https_bind sets HTTPS_BIND in mailcow.conf none
mailcow__config_acl_anyone sets ACL_ANYONE disallow
mailcow__config_maildir_gc_time sets MAILDIR_GC_TIME in mailcow.conf 1440
mailcow__config_additional_san sets ADDITIONAL_SAN in mailcow.conf needs to be a list
mailcow__config_additional_server_names sets ADDITIONAL_SERVER_NAMES in mailcow.conf needs to be a list
mailcow__config_skip_lets_encrypt sets SKIP_LETS_ENCRYPT in mailcow.conf
mailcow__config_enable_ssl_sni sets ENABLE_SSL_SNI in mailcow.conf
mailcow__config_skip_ip_check sets SKIP_IP_CHECK in mailcow.conf
mailcow__config_skip_http_verification sets SKIP_HTTP_VERIFICATION in mailcow.conf n
mailcow__config_skip_clamd sets SKIP_CLAMD in mailcow.conf n
mailcow__config_skip_solr sets SKIP_SOLR in mailcow.conf n
mailcow__config_solr_heap sets SOLR_HEAP in mailcow.conf 1024
mailcow__config_skip_sogo sets SKIP_SOGO in mailcow.conf n
mailcow__config_allow_admin_email_login sets ALLOW_ADMIN_EMAIL_LOGIN in mailcow.conf n
mailcow__config_use_watchdog sets USE_WATCHDOG in mailcow.conf n
mailcow__config_watchdog_notify_email sets WATCHDOG_NOTIFY_EMAIL in mailcow.conf
mailcow__config_watchdog_notify_ban sets WATCHDOG_NOTIFY_BAN in mailcow.conf y
mailcow__config_watchdog_subject sets WATCHDOG_SUBJECT in mailcow.conf Watchdog ALERT
mailcow__config_log_lines sets LOG_LINES in mailcow.conf 9999
mailcow__config_sogo_expire_session sets SOGO_EXPIRE_SESSION in mailcow.conf 480
mailcow__install_updates if yes the mailcow ansible role will also update an existing installation yes
mailcow__redirect_http_to_https if yes, all requests via HTTP will be redirected to HTTPS no also see https://mailcow.github.io/mailcow-dockerized-docs/u_e-80_to_443/
mailcow__config_acme_contact sets ACME_CONTACT in mailcow.conf
mailcow__rspamd_clamd_servers configures the clamd server used by rspamd clamd:3310


Minimal playbook:


- name: Install Python3
  hosts: all
  become: true
  gather_facts: false
    - { role: raw,0.0, vars: {command: 'apt-get install -y python3 python3-pip'} }

- name: Main Playbook
  hosts: all
  become: true
  gather_facts: true
    mailcow__timezone: Europe/Berlin
    - Ansible-Roles.docker-ce
    - Ansible-Roles.docker-compose
    - Ansible-Roles.mailcow