Skip to main content

Enabling HTTPS

RustMailer supports secure HTTPS connections for the Web UI, REST API, and gRPC API. This guide shows how to enable HTTPS using TLS certificates and environment variables.

1. Place TLS certificate files

You must provide the following files inside the directory specified by --rustmailer-root-dir:

  • cert.pem – The public TLS certificate
  • key.pem – The private TLS key

These files can be obtained in several ways:

  • Let's Encrypt (via Certbot or other tools)
  • Self-signed certificates for local development
  • Certificates from any commercial certificate authority (CA)

For local development, you can generate self-signed certificates using OpenSSL:

openssl req -x509 -newkey rsa:4096 -keyout key.pem -out cert.pem -days 365 -nodes

Place both cert.pem and key.pem in the root directory you pass to --rustmailer-root-dir.

2. Enable HTTPS via environment variables

To activate HTTPS support, set the following environment variables:

RUSTMAILER_ENABLE_REST_HTTPS=true
RUSTMAILER_ENABLE_GRPC_HTTPS=true

These control whether the REST and gRPC interfaces should use HTTPS.

You may also choose to enable only one of them if needed.

3. Set the public URL

RustMailer requires you to explicitly set your external public URL, which is used by the Web UI and some clients:

RUSTMAILER_PUBLIC_URL=https://mail.example.com

This must match the address clients will use to access RustMailer externally.

4. Configure allowed CORS origins

By default, RustMailer allows these origins:

http://localhost:5173, http://localhost:15630, http://192.168.3.2:15630

To avoid access issues in production, you must customize this list based on your actual deployment:

RUSTMAILER_CORS_ORIGINS=https://mail.example.com, https://admin.example.com

❗ Without proper CORS configuration, the Web UI may not load correctly when served over HTTPS.

✅ Summary

To enable HTTPS:

  1. Place cert.pem and key.pem in your --rustmailer-root-dir path
  2. Set RUSTMAILER_ENABLE_REST_HTTPS=true and/or RUSTMAILER_ENABLE_GRPC_HTTPS=true
  3. Configure RUSTMAILER_PUBLIC_URL and RUSTMAILER_CORS_ORIGINS appropriately

RustMailer will now serve encrypted traffic and support secure browser and client connections.