From 2fea636a01abc0d014f8d9da71ce7c504cf8e648 Mon Sep 17 00:00:00 2001 From: andryyy Date: Tue, 28 Feb 2017 10:02:02 +0100 Subject: [PATCH] Add Nginx HTTP listener --- data/conf/nginx/listen_plain.template | 1 + .../{listen.template => listen_ssl.template} | 0 data/conf/nginx/site.conf | 141 +++++++++++++++++- 3 files changed, 139 insertions(+), 3 deletions(-) create mode 100644 data/conf/nginx/listen_plain.template rename data/conf/nginx/{listen.template => listen_ssl.template} (100%) diff --git a/data/conf/nginx/listen_plain.template b/data/conf/nginx/listen_plain.template new file mode 100644 index 00000000..68133480 --- /dev/null +++ b/data/conf/nginx/listen_plain.template @@ -0,0 +1 @@ +listen ${HTTP_PORT}; diff --git a/data/conf/nginx/listen.template b/data/conf/nginx/listen_ssl.template similarity index 100% rename from data/conf/nginx/listen.template rename to data/conf/nginx/listen_ssl.template diff --git a/data/conf/nginx/site.conf b/data/conf/nginx/site.conf index 43f4fb5c..4742bb7a 100644 --- a/data/conf/nginx/site.conf +++ b/data/conf/nginx/site.conf @@ -1,6 +1,6 @@ proxy_cache_path /tmp levels=1:2 keys_zone=sogo:10m inactive=24h max_size=1g; server { - include /etc/nginx/conf.d/listen.active; + include /etc/nginx/conf.d/listen_ssl.active; include /etc/nginx/mime.types; charset utf-8; override_charset on; @@ -24,7 +24,142 @@ server { real_ip_recursive on; location = /principals/ { - rewrite ^ https://$host/SOGo/dav; + rewrite ^ $scheme://$host:$server_port/SOGo/dav; + allow all; + } + + location ~ \.php$ { + try_files $uri =404; + fastcgi_split_path_info ^(.+\.php)(/.+)$; + fastcgi_pass phpfpm:9000; + fastcgi_index index.php; + include /etc/nginx/fastcgi_params; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + fastcgi_param PATH_INFO $fastcgi_path_info; + fastcgi_param PHP_VALUE "max_execution_time = 1200 + max_input_time = 1200 + memory_limit = 64M"; + fastcgi_read_timeout 1200; + } + + rewrite ^(/save.+)$ /rspamd$1 last; + location /rspamd/ { + proxy_pass http://172.22.1.253:11334/; + proxy_set_header Host $host; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Real-IP $remote_addr; + add_header Strict-Transport-Security "max-age=31536000; includeSubdomains"; + add_header X-Content-Type-Options nosniff; + add_header X-Frame-Options SAMEORIGIN; + add_header X-XSS-Protection "1; mode=block"; + } + + location ^~ /inc/init.sql { + deny all; + } + + if ($host ~* autodiscover\.(.*)) { + rewrite ^(.*) /autodiscover.php last; + } + + if ($host ~* autoconfig\.(.*)) { + rewrite ^(.*) /autoconfig.php last; + } + + location ^~ /Microsoft-Server-ActiveSync { + proxy_pass http://172.22.1.252:20000/SOGo/Microsoft-Server-ActiveSync; + proxy_connect_timeout 1000; + proxy_next_upstream timeout error; + proxy_send_timeout 1000; + proxy_read_timeout 1000; + proxy_buffer_size 8k; + proxy_buffers 4 32k; + proxy_temp_file_write_size 64k; + proxy_busy_buffers_size 64k; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header Host $host; + proxy_set_header x-webobjects-server-protocol HTTP/1.0; + proxy_set_header x-webobjects-remote-host $remote_addr; + proxy_set_header x-webobjects-server-name $server_name; + proxy_set_header x-webobjects-server-url $scheme://$host:$server_port; + proxy_set_header x-webobjects-server-port $server_port; + client_body_buffer_size 128k; + client_max_body_size 100m; + } + + location ^~ /SOGo { + proxy_pass http://172.22.1.252:20000; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header Host $host; + proxy_set_header x-webobjects-server-protocol HTTP/1.0; + proxy_set_header x-webobjects-remote-host $remote_addr; + proxy_set_header x-webobjects-server-name $server_name; + proxy_set_header x-webobjects-server-url $scheme://$host:$server_port; + proxy_set_header x-webobjects-server-port $server_port; + client_body_buffer_size 128k; + client_max_body_size 100m; + break; + } + + location /SOGo.woa/WebServerResources/ { + proxy_pass http://172.22.1.252:9192/WebServerResources/; + proxy_set_header Host $host; + proxy_cache sogo; + proxy_cache_valid 200 1d; + proxy_cache_use_stale error timeout invalid_header updating http_500 http_502 http_503 http_504; + #alias /usr/lib/GNUstep/SOGo/WebServerResources/; + allow all; + } + + location /.woa/WebServerResources/ { + proxy_pass http://172.22.1.252:9192/WebServerResources/; + proxy_set_header Host $host; + proxy_cache sogo; + proxy_cache_valid 200 1d; + proxy_cache_use_stale error timeout invalid_header updating http_500 http_502 http_503 http_504; + #alias /usr/lib/GNUstep/SOGo/WebServerResources/; + allow all; + } + + location /SOGo/WebServerResources/ { + proxy_pass http://172.22.1.252:9192/WebServerResources/; + proxy_set_header Host $host; + proxy_cache sogo; + proxy_cache_valid 200 1d; + proxy_cache_use_stale error timeout invalid_header updating http_500 http_502 http_503 http_504; + #alias /usr/lib/GNUstep/SOGo/WebServerResources/; + allow all; + } + + location (^/SOGo/so/ControlPanel/Products/[^/]*UI/Resources/.*\.(jpg|png|gif|css|js)$ { + proxy_pass http://172.22.1.252:9192/$1.SOGo/Resources/$2; + proxy_set_header Host $host; + proxy_cache sogo; + proxy_cache_valid 200 1d; + proxy_cache_use_stale error timeout invalid_header updating http_500 http_502 http_503 http_504; + #alias /usr/lib/GNUstep/SOGo/$1.SOGo/Resources/$2; + } +} +server { + include /etc/nginx/conf.d/listen_plain.active; + include /etc/nginx/mime.types; + charset utf-8; + override_charset on; + index index.php index.html; + server_name _ autodiscover.* autoconfig.*; + error_log /var/log/nginx/error.log; + access_log /var/log/nginx/access.log; + root /web; + + # If behind reverse proxy, forwards the correct IP + set_real_ip_from 172.22.1.1; + real_ip_header X-Forwarded-For; + real_ip_recursive on; + + location = /principals/ { + rewrite ^ $scheme://$host:$server_port/SOGo/dav; allow all; } @@ -142,4 +277,4 @@ server { #alias /usr/lib/GNUstep/SOGo/$1.SOGo/Resources/$2; } -} +} \ No newline at end of file