Did you use the documentation to figure out the proxying? I can't see a clear path of how to reconcile giving the responsibility of certs to another software, but still having stalwart use them for imap and smtp tls. And do you have the stalwart web interface running on www.yourdomain, or did you manage to get it working on a different subdomain? I don't see the config syntax in the docs for changing that
The documentation needs a lot of work, especially since a lot of it is outdated. But in short, if you setup a reverse proxy, the listeners in Stalwart will listen to anything forwarded to it, so you'll generally want to refer to the HTTP endpoints to map it to the right subdomain. https://stalw.art/docs/http/overview
For instance, you can simply point something like mailadmin.domain.com to Stalwart on port 8080 and it'll just work. In this case, whatever your mail server's host name (i.e. mail.domain.com or whatever) wouldn't really matter.
But then your reverse proxy can handle the other endpoints like /dav/, /.well-known/ on a different subdomain. And mta_sts.domain.com directly handling /.well-known/mta-sts.txt for instance.
For my stack, outside of Caddy's https handling, I kept things simple and exposed 25, 465, 587, 993, and 4190 (smtp, smtps, imaps, and ManageSieve) TCP services binded directly to the host.
But it leaves it to you to map things. For instance, if both Caddy and Stalwart are containerized, it's easy to get mixed up on where the bind-mounted or named volumes (depending on how you set it up) will end up placing them. But it does work... just so flexible that it's out-of-scope for Stalwart to document everything.
