#83 webmail HTTP + #14 autoconfig

2022-08-14 11:49:52 +02:00 · 2022-08-14 11:49:52 +02:00 · 4381fb19dc
commit 4381fb19dc
parent 07ea083614
2 changed files with 63 additions and 21 deletions
--- a/config/nginx/autoconfig.a-lec.org
+++ b/config/nginx/autoconfig.a-lec.org
@ -0,0 +1,38 @@
+# Configuration autoconfig.a-lec.org
+
+server {
+    set_real_ip_from  192.169.0.1;
+    real_ip_header proxy_protocol;
+
+    ssi on;
+    ssi_last_modified on;
+
+    listen 444 ssl proxy_protocol;
+    listen [::]:443 ssl;
+    listen 80;
+    listen [::]:80;
+
+    # Important : PAS de HSTS ni redirection HTTPS
+    # Thunderbird fait une requête en clair (HTTP)
+
+    ssl_certificate /etc/letsencrypt/live/mail.a-lec.org/fullchain.pem; # managed by Certbot
+    ssl_certificate_key /etc/letsencrypt/live/mail.a-lec.org/privkey.pem; # managed by Certbot
+    
+    include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
+    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
+
+    # Add index.php to the list if you are using PHP
+    root /var/www/html/autoconfig;
+    server_name autoconfig.a-lec.org;
+
+    # Section dédiée mail, si un jour on souhaite délocaliser de cette VM 
+    # le sous-domaine autoconfig et garder uniquement /mail
+    location /mail/ {
+         alias /var/www/html/autoconfig/mail/;
+
+	 location ~* ^/mail/config-v1\.1\.xml(\?.*)$ {
+	     try_files /var/www/html/autoconfig/mail/config-v1.1.xml =404;
+         }
+    }
+}
+
--- a/config/nginx/mail.a-lec.org
+++ b/config/nginx/mail.a-lec.org
@ -19,32 +19,33 @@
 # Default server configuration
 #
 server {
-        set_real_ip_from  192.169.1.1;
-        real_ip_header proxy_protocol;
+    set_real_ip_from  192.168.0.1;
+    real_ip_header proxy_protocol;

-	listen 443 ssl proxy_protocol;
-	listen [::]:443 ssl;
-    ssl_certificate /etc/letsencrypt/live/mail.a-lec.org/fullchain.pem; # managed by Certbot
-    ssl_certificate_key /etc/letsencrypt/live/mail.a-lec.org/privkey.pem; # managed by Certbot
-	include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
-	ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
+     listen 444 ssl proxy_protocol;
+     listen [::]:443 ssl;

-	# Add index.php to the list if you are using PHP
-	root /var/www/html/roundcube;
+     ssl_certificate /etc/letsencrypt/live/mail.a-lec.org/fullchain.pem; # managed by Certbot
+     ssl_certificate_key /etc/letsencrypt/live/mail.a-lec.org/privkey.pem; # managed by Certbot
+     include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
+     ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot

-	server_name mail.a-lec.org;
+     # Add index.php to the list if you are using PHP
+     root /var/www/html/roundcube;

-	client_max_body_size 100M;
+     server_name mail.a-lec.org;

-	# Add index.php to the list if you are using PHP
-        index index.html index.htm index.php;
+     client_max_body_size 100M;
+
+     # Add index.php to the list if you are using PHP
+     index index.html index.htm index.php;


-	location / {
-		# First attempt to serve request as file, then
-		# as directory, then fall back to displaying a 404.
-		try_files $uri $uri/ /index.php?q=$uri&$args;
-	}
+     location / {
+	# First attempt to serve request as file, then
+	# as directory, then fall back to displaying a 404.
+	try_files $uri $uri/ /index.php?q=$uri&$args;
+     }

 	# pass PHP scripts to FastCGI server
 	#
@ -65,10 +66,13 @@ server {
 }

 server {
-        listen 80;
+        listen 80 proxy_protocol;
        listen [::]:80;

-        server_name a-lec.org;
+        set_real_ip_from  192.168.0.1;
+        real_ip_header proxy_protocol;
+
+        server_name mail.a-lec.org;

        return 302 https://mail.a-lec.org$request_uri;
 }