Your question
I’m trying to log into my newly created stalwart admin account. There’s a couple problems preventing me from doing so, and workaround I have used so far.
-
Stalwart being in a stream in the recommended nginx config prevents me from having it on the same port as other services running https; my workaround is simply using a different port
-
Issue 2 is an extension of this; stalwart being on port 444 instead of 443 still tries to redirect to an address with port 443 when logging in, sending me to an unknown page of my other service.
It would very much help me if there was either some way to have stalwart share port 443, or change where it redirects the user.
I understand that topics in this category are triaged by a bot first but a human reply will follow up. If I’d prefer a human-only reply, I’ll add the no-ai tag to my topic.
on
The stream block in the nginx guide is TLS passthrough, so it takes over the whole port. To share 443 with other HTTPS services, terminate TLS in nginx and use a normal vhost keyed by hostname instead: server { listen 443 ssl; server_name mail.example.com; location / { proxy_pass http://stalwart-backend; } }. That lets nginx route by server_name and coexist with your other sites.
The “:443 to the wrong page” is because Stalwart returns relative redirects, and the browser resolves them against whatever host:port is in the address bar; reaching it on the proper hostname over the standard port (through the http proxy) fixes it, rather than the 444 workaround. If you specifically need TLS passthrough (e.g. to keep ACME/TLS-ALPN inside Stalwart), you can still share the port with an nginx stream using ssl_preread to route different server_names to different upstreams. Which of the two do you need? Terminating TLS in nginx is the simpler path.