From 4381fb19dc6aa8e07d3a1bd2d1d75e00fe5c5217 Mon Sep 17 00:00:00 2001 From: croax Date: Sun, 14 Aug 2022 11:49:52 +0200 Subject: [PATCH] #83 webmail HTTP + #14 autoconfig --- config/nginx/autoconfig.a-lec.org | 38 ++++++++++++++++++++ config/nginx/{default => mail.a-lec.org} | 46 +++++++++++++----------- 2 files changed, 63 insertions(+), 21 deletions(-) create mode 100644 config/nginx/autoconfig.a-lec.org rename config/nginx/{default => mail.a-lec.org} (58%) diff --git a/config/nginx/autoconfig.a-lec.org b/config/nginx/autoconfig.a-lec.org new file mode 100644 index 0000000..d122b95 --- /dev/null +++ b/config/nginx/autoconfig.a-lec.org @@ -0,0 +1,38 @@ +# Configuration autoconfig.a-lec.org + +server { + set_real_ip_from 192.169.0.1; + real_ip_header proxy_protocol; + + ssi on; + ssi_last_modified on; + + listen 444 ssl proxy_protocol; + listen [::]:443 ssl; + listen 80; + listen [::]:80; + + # Important : PAS de HSTS ni redirection HTTPS + # Thunderbird fait une requête en clair (HTTP) + + ssl_certificate /etc/letsencrypt/live/mail.a-lec.org/fullchain.pem; # managed by Certbot + ssl_certificate_key /etc/letsencrypt/live/mail.a-lec.org/privkey.pem; # managed by Certbot + + include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot + ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot + + # Add index.php to the list if you are using PHP + root /var/www/html/autoconfig; + server_name autoconfig.a-lec.org; + + # Section dédiée mail, si un jour on souhaite délocaliser de cette VM + # le sous-domaine autoconfig et garder uniquement /mail + location /mail/ { + alias /var/www/html/autoconfig/mail/; + + location ~* ^/mail/config-v1\.1\.xml(\?.*)$ { + try_files /var/www/html/autoconfig/mail/config-v1.1.xml =404; + } + } +} + diff --git a/config/nginx/default b/config/nginx/mail.a-lec.org similarity index 58% rename from config/nginx/default rename to config/nginx/mail.a-lec.org index d225fa7..9e4b4b1 100644 --- a/config/nginx/default +++ b/config/nginx/mail.a-lec.org @@ -19,32 +19,33 @@ # Default server configuration # server { - set_real_ip_from 192.169.1.1; - real_ip_header proxy_protocol; + set_real_ip_from 192.168.0.1; + real_ip_header proxy_protocol; - listen 443 ssl proxy_protocol; - listen [::]:443 ssl; - ssl_certificate /etc/letsencrypt/live/mail.a-lec.org/fullchain.pem; # managed by Certbot - ssl_certificate_key /etc/letsencrypt/live/mail.a-lec.org/privkey.pem; # managed by Certbot - include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot - ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot + listen 444 ssl proxy_protocol; + listen [::]:443 ssl; - # Add index.php to the list if you are using PHP - root /var/www/html/roundcube; + ssl_certificate /etc/letsencrypt/live/mail.a-lec.org/fullchain.pem; # managed by Certbot + ssl_certificate_key /etc/letsencrypt/live/mail.a-lec.org/privkey.pem; # managed by Certbot + include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot + ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot - server_name mail.a-lec.org; + # Add index.php to the list if you are using PHP + root /var/www/html/roundcube; - client_max_body_size 100M; + server_name mail.a-lec.org; - # Add index.php to the list if you are using PHP - index index.html index.htm index.php; + client_max_body_size 100M; + + # Add index.php to the list if you are using PHP + index index.html index.htm index.php; - location / { - # First attempt to serve request as file, then - # as directory, then fall back to displaying a 404. - try_files $uri $uri/ /index.php?q=$uri&$args; - } + location / { + # First attempt to serve request as file, then + # as directory, then fall back to displaying a 404. + try_files $uri $uri/ /index.php?q=$uri&$args; + } # pass PHP scripts to FastCGI server # @@ -65,10 +66,13 @@ server { } server { - listen 80; + listen 80 proxy_protocol; listen [::]:80; - server_name a-lec.org; + set_real_ip_from 192.168.0.1; + real_ip_header proxy_protocol; + + server_name mail.a-lec.org; return 302 https://mail.a-lec.org$request_uri; }