cominfra/mail
cominfra/mail
8
0
Fork 0
Code Issues 8 Pull requests Activity

#84 HSTS

Browse source
This commit is contained in:
croax 2022-08-14 15:32:46 +02:00 committed by croax
parent 4381fb19dc
commit 32e65bc0f9
2 changed files with 26 additions and 49 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
config/nginx/autoconfig.a-lec.org
View file

@ -25,6 +25,8 @@ server {
root /var/www/html/autoconfig;
server_name autoconfig.a-lec.org;
add_header Strict-Transport-Security "max-age=31536000" always;
# Section dédiée mail, si un jour on souhaite délocaliser de cette VM
# le sous-domaine autoconfig et garder uniquement /mail
location /mail/ {

73
config/nginx/mail.a-lec.org
View file

@ -1,56 +1,32 @@
##
# You should look at the following URL's in order to grasp a solid understanding
# of Nginx configuration files in order to fully unleash the power of Nginx.
# https://www.nginx.com/resources/wiki/start/
# https://www.nginx.com/resources/wiki/start/topics/tutorials/config_pitfalls/
# https://wiki.debian.org/Nginx/DirectoryStructure
#
# In most cases, administrators will remove this file from sites-enabled/ and
# leave it as reference inside of sites-available where it will continue to be
# updated by the nginx packaging team.
#
# This file will automatically load configuration files provided by other
# applications, such as Drupal or Wordpress. These applications will be made
# available underneath a path with that package name, such as /drupal8.
#
# Please see /usr/share/doc/nginx-doc/examples/ for more detailed examples.
##
# Default server configuration
#
server {
server_name mail.a-lec.org;
listen 444 ssl proxy_protocol;
listen [::]:443 ssl;
set_real_ip_from 192.168.0.1;
real_ip_header proxy_protocol;
listen 444 ssl proxy_protocol;
listen [::]:443 ssl;
ssl_certificate /etc/letsencrypt/live/mail.a-lec.org/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/mail.a-lec.org/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
# Add index.php to the list if you are using PHP
root /var/www/html/roundcube;
server_name mail.a-lec.org;
client_max_body_size 100M;
# Add index.php to the list if you are using PHP
index index.html index.htm index.php;
ssl_certificate /etc/letsencrypt/live/mail.a-lec.org/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/mail.a-lec.org/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
location / {
# First attempt to serve request as file, then
# as directory, then fall back to displaying a 404.
client_max_body_size 100M;
root /var/www/html/roundcube;
add_header Strict-Transport-Security "max-age=31536000" always;
index index.html index.htm index.php;
location / {
try_files $uri $uri/ /index.php?q=$uri&$args;
}
# pass PHP scripts to FastCGI server
#
location ~ \.php$ {
include snippets/fastcgi-php.conf;
location ~ \.php$ {
include snippets/fastcgi-php.conf;
# # With php-fpm (or other unix sockets):
fastcgi_pass unix:/run/php/php7.4-fpm.sock;
# # With php-cgi (or other tcp sockets):
@ -59,20 +35,19 @@ server {
include fastcgi_params;
}
location ^~ /data {
deny all;
}
location ^~ /data {
deny all;
}
}
server {
server_name mail.a-lec.org;
listen 80 proxy_protocol;
listen [::]:80;
set_real_ip_from 192.168.0.1;
real_ip_header proxy_protocol;
server_name mail.a-lec.org;
return 302 https://mail.a-lec.org$request_uri;
}