paxton
/
mailcow
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Merge pull request #3068 from mhofer117/tls-sni 

Fix custom nginx sites with tls-sni
master
André Peters 2019-10-20 17:58:15 +02:00 committed by GitHub
parent 24e1293e72 05e7c95829
commit caf57e86b5
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
5 changed files with 20 additions and 13 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
data/conf/nginx/templates/listen_plain.template 100644
View File

@ -0,0 +1,2 @@
listen ${HTTP_PORT};
listen [::]:${HTTP_PORT};

2
data/conf/nginx/templates/listen_ssl.template 100644
View File

@ -0,0 +1,2 @@
listen ${HTTPS_PORT} ssl http2;
listen [::]:${HTTPS_PORT} ssl http2;

1
data/conf/nginx/templates/server_name.template 100644
View File

@ -0,0 +1 @@
server_name ${MAILCOW_HOSTNAME} autodiscover.* autoconfig.*;

23
data/conf/nginx/templates/sites.template.sh
View File

@ -1,15 +1,13 @@
echo '
server {
listen 127.0.0.1:65510;
listen '${HTTP_PORT}' default_server;
listen [::]:'${HTTP_PORT}' default_server;
listen '${HTTPS_PORT}' ssl http2 default_server;
listen [::]:'${HTTPS_PORT}' ssl http2 default_server;
include /etc/nginx/conf.d/listen_plain.active;
include /etc/nginx/conf.d/listen_ssl.active;
ssl_certificate /etc/ssl/mail/cert.pem;
ssl_certificate_key /etc/ssl/mail/key.pem;
server_name '${MAILCOW_HOSTNAME}' autodiscover.* autoconfig.*;
include /etc/nginx/conf.d/server_name.active;
include /etc/nginx/conf.d/includes/site-defaults.conf;
}
@ -18,15 +16,16 @@ for cert_dir in /etc/ssl/mail/*/ ; do
if [[ ! -f ${cert_dir}domains ]] || [[ ! -f ${cert_dir}cert.pem ]] || [[ ! -f ${cert_dir}key.pem ]]; then
continue
fi
# remove hostname to not cause nginx warnings (hostname is covered in default server listen)
domains="$(cat ${cert_dir}domains | sed -e "s/\(^\| \)\($(echo ${MAILCOW_HOSTNAME} | sed 's/\./\\./g')\)\( \|$\)/ /g" | sed -e 's/^[[:space:]]*//')"
if [[ "${domains}" == "" ]]; then
continue
fi
# do not create vhost for default-certificate. the cert is already in the default server listen
domains="$(cat ${cert_dir}domains | sed -e 's/^[[:space:]]*//')"
case "${domains}" in
"") continue;;
"${MAILCOW_HOSTNAME}"*) continue;;
esac
echo -n '
server {
listen '${HTTPS_PORT}' ssl http2;
listen [::]:'${HTTPS_PORT}' ssl http2;
include /etc/nginx/conf.d/listen_plain.active;
include /etc/nginx/conf.d/listen_ssl.active;
ssl_certificate '${cert_dir}'cert.pem;
ssl_certificate_key '${cert_dir}'key.pem;

5
docker-compose.yml
View File

@ -275,7 +275,10 @@ services:
image: nginx:mainline-alpine
dns:
- ${IPV4_NETWORK:-172.22.1}.254
command: /bin/sh -c "envsubst < /etc/nginx/conf.d/templates/sogo.template > /etc/nginx/conf.d/sogo.active &&
command: /bin/sh -c "envsubst < /etc/nginx/conf.d/templates/listen_plain.template > /etc/nginx/conf.d/listen_plain.active &&
envsubst < /etc/nginx/conf.d/templates/listen_ssl.template > /etc/nginx/conf.d/listen_ssl.active &&
envsubst < /etc/nginx/conf.d/templates/server_name.template > /etc/nginx/conf.d/server_name.active &&
envsubst < /etc/nginx/conf.d/templates/sogo.template > /etc/nginx/conf.d/sogo.active &&
envsubst < /etc/nginx/conf.d/templates/sogo_eas.template > /etc/nginx/conf.d/sogo_eas.active &&
. /etc/nginx/conf.d/templates/sogo.auth_request.template.sh > /etc/nginx/conf.d/sogo_proxy_auth.active &&
. /etc/nginx/conf.d/templates/sites.template.sh > /etc/nginx/conf.d/sites.active &&