[TUTORIAL] Building Cloudron Apps using Urgero.org's Ubuntu VM

@murgero Hey this was a really cool project to simplify things for others. I see its 2 years old already and the mega link is down but you provided a good template to replicate your setup. Thanks!

@girish I suppose I could run a VPC but the idea behind using Cloudron was to have everything under one compute instance. It may not fully resolve the certificate issue. I may be able to use certbot on that separate instance but I need everything under the same domain. Can two severs be served the same wildcard cert?
Someone has already documented this solution: https://lder.dev/posts/Fixing-ProtonMail-Bridge-SSL-errors-with-Lets-Encrypt/
But I already have cloudron grabbing certs for the domain

For Haraka is Outbound treated differently than relay? Because I see here I can specify ciphers and even disable TLS
https://haraka.github.io/core/Outbound/

@subven Yes, I understand what you were saying it is the best practice which I gladly implement if I can resolve the cert issue

@subven Hi installing this on a separate server would defeat its purpose. It shouldn't be public facing. The bridge itself works and I moved it to a docker container to separate even more from the Cloudron host. The issue is getting it to play nice with Haraka.

The only ideas I have as a work around are:
Altering Haraka's config to allow the connection
Replacing the Bridge's certificates with Cloudron's wildcard certs
Using postfix as a relay to the relay

Your app proxy link requires a login but I will see what info I can find online

@timconsidine Hi Tim this information is no longer correct. The protonmail bridge has a CLI mode for headless servers for a long while now. There are many users that run this off of headless linux servers to serve the needs of their domain versus installing the bridge client on every instance that needs to send and/or receive email.

@girish Yes it does, I can send emails at the domain level. I've successfully sent emails from postifx as no-reply and the others that Cloudron uses.

My issue is that the bridge wont connect with Haraka directly. Which seems to stem from its self signed certificate when used for STARTTLS.

Since Cloudron already generates a wildcard cert I was hoping as a work-around I could possibly use those or change the Haraka config to allow my connection from the bridge.

Hi big fan of Cloudron, enough to have an annual subscription!
I use ProtonMail for all of my email needs, they have a Bridge that allows the use of SMTP and IMAP thru ProtonMail.

I have the relay configured using this ansible script (same results with manual config): https://github.com/moismailzai/ansible-role-protonmail-bridge-headless

Connecting the ProtonMail Bridge directly as an SMTP Relay does not work. PMB uses a self signed certificate and initializes the TLS handshake using it, which may cause an issue. The message shows up in the mail queue but never gets sent.

I have postfix setup for use with the PMB. Using postfix I am able to successfully send emails using the PMB.

Is there a way to set up the external SMTP relay to ignore STARTTLS?

Since I have postfix set up and working can I use Postfix to relay emails from Cloudron and then Postfix sends it to the PMB? (I tried this but I get the too many received headers error)

If none of the above are an option can I use the wildcard LetsEncrypt certificate for PMB?

I've been at this for a few days and am almost ready to give up on having any email working in Cloudron.

Thank you any guidance would be much appreciated!