Marcel Hofer
f2b552c00d
Fix custom http redirects with TLS-SNI
...
Disable http listener for SNI ssl hosts in nginx. This allows the use of the following config again:
https://mailcow.github.io/mailcow-dockerized-docs/u_e-80_to_443/
However that documentation page should still be updated: https://github.com/mailcow/mailcow-dockerized-docs/pull/175/commits
2019-10-20 20:24:16 +02:00
Marcel Hofer
05e7c95829
[SSL] fix wildcard compare for non-bash shell
2019-10-20 17:02:54 +02:00
Marcel Hofer
dcd50b2245
[SSL] restore old nginx templates. fix possible issues with custom nginx sites
2019-10-20 16:41:53 +02:00
Marcel Hofer
84c5f43438
[SSL] re-add nginx site.conf
2019-10-19 12:49:23 +02:00
Marcel Hofer
2e35da6816
[SSL] create individual domain certificates, add SNI configs for Postfix/Dovecot/Nginx
2019-10-19 12:48:56 +02:00
andryyy
a606f60b54
[Nginx] Modify site to catch failed logins to /rspamd
2019-10-12 13:16:49 +02:00
andryyy
1580e4b2a5
[Nginx, SOGo] Adjustments for EAS
2019-10-06 10:12:46 +02:00
ntimo
6ab1304579
[Nginx] Make api docs browsable using /api and /api/ uri
2019-10-03 11:27:44 +02:00
ntimo
7c43e2e120
[Nginx] Fix nginx config for API docs
2019-10-03 11:19:17 +02:00
ntimo
5cf74f6b85
[NGINX] Make API docs accessible using /api/
2019-10-02 22:13:47 +02:00
andryyy
9b7668d912
[Nginx] Custom 502
2019-09-24 06:53:13 +02:00
andryyy
fae34b8a89
I'm an idiot
2019-04-01 22:52:45 +02:00
andryyy
bb12ce9edc
[Nginx] Fix site when ALLOW_ADMIN_EMAIL_LOGIN=y and reverse proxy is used, fixes #2489
2019-04-01 22:46:13 +02:00
Marcel Hofer
a110378000
always check basic auth against user database for EAS and SOGo if ALLOW_ADMIN_EMAIL_LOGIN is enabled
2019-02-27 23:06:19 +01:00
andryyy
38911034c3
Don't break DAV
2019-02-26 22:13:37 +01:00
Marcel Hofer
dd6d253ac0
add random masterpass for sogo admin login
...
add required headers for sogo proxy auth with password
add SOGoEncryptionKey
add SOGoTrustProxyAuthentication only conditionally if feature is enabled
2019-02-26 09:02:35 +01:00
andryyy
57312ad605
[Compose] Add ALLOW_ADMIN_EMAIL_LOGIN to sogo-mailcow to trigger bootstrap on change
...
[Compose] Static IPv4 for Dovecot
[SOGo] Remove SOGoIMAPServer from sogo.conf
[SOGo] Add SOGoIMAPServer to bootstrap process
[Nginx] Disallow editAccount for other accounts than 0 (own)
2019-02-25 00:00:32 +01:00
André Peters
9a9079baa5
Update sogo.auth_request.template.sh
2019-02-23 22:29:14 +01:00
André Peters
0c8f217f49
Update sogo.auth_request.template.sh
...
Don't want to split hairs! Just consistency. :)
2019-02-23 22:20:09 +01:00
Marcel Hofer
cac67db203
add config ALLOW_ADMIN_EMAIL_LOGIN and implement password-less SOGo login admins
2019-02-23 17:59:18 +01:00
andryyy
5efdf71120
[Nginx] Add qhandler rewrite
...
[Web] Move theme header include, fixes #2267
2019-02-06 10:14:56 +01:00
Tobias "Knight" S
c06e4c81cf
Enable TLSv1.3 finally
...
With Alpine 3.9 https://pkgs.alpinelinux.org/package/v3.9/main/x86/openssl we got OpenSSL 1.1.1a.
With https://github.com/docker-library/official-images/pull/5377 it was merged into the Nginx upstream image and thus Nginx was built with it.
2019-02-01 01:04:13 +01:00
andryyy
6ad8798d5c
[Nginx] Compress some files, don't compress proxy answers
2019-01-31 17:07:49 +01:00
andryyy
14901eed64
[Nginx] Remove broken locations
2019-01-31 15:58:35 +01:00
andryyy
60f9968134
[Nginx] Add compression, change expires
2019-01-31 15:45:57 +01:00
andryyy
e84dec3b56
[SOGo] Revert self-built SOGo
2018-12-21 19:54:32 +01:00
andryyy
534e83a218
[Nginx] New WebServerResources path
2018-12-19 09:37:07 +01:00
andryyy
e6625501e7
[Nginx] Remove Strict-Transport-Security for subdomains (prevented autoconfig from working without TLS)
2018-11-12 09:53:18 +01:00
André Peters
83a5eda762
Merge pull request #1434 from apoc4lyps/master
...
hardening http headers
2018-10-15 22:48:50 +02:00
André
c08149adef
[SOGo] EAS changes, larger timeout
2018-10-05 11:12:55 +02:00
André
2f18eb5ad0
[Nginx] Avoid php extensions, use rewrite
2018-10-04 14:34:00 +02:00
André
ea4a26eabf
[Nginx] Use SOGo web resources from local mount
2018-09-09 09:51:37 +02:00
apoc4lyps
cf56be1843
set Referrer-Policy to strict-origin
2018-08-06 09:24:34 +02:00
André
66d1bc12c0
[Nginx] Set client_max_body_size = 0
2018-08-05 22:37:07 +02:00
André
e79429beef
[PHP-FPM, Nginx] Move some PHP parameters from Nginx to FPM configuration file
2018-06-10 14:31:24 +02:00
apoc4lyps
918343865e
hardening http headers
2018-05-28 12:28:23 +02:00
André
ef6644df34
[PHP-FPM] Delete old pool files
...
[Nginx] Remove dev code
2018-04-26 13:57:23 +02:00
André
7181ee4658
[Rspamd] Apply ratelimit against authenticated user instead of envelope from
...
[PHP-FPM] Create PHP-FPM listeners 9001 (system) and 9002 (web), drop 9000
[Rspamd] Parse quarantine messages as utf8
[Rspamd] Use new schema for Rspamd bayes hashes and expire them in Redis
[SOGo] Change default logo
[SOGo] Use different keyserver by default in Dockerfile
[Rspamd] Add bad ASN list (disabled by default)
[Watchdog] Change the way we check PHP-FPM, change SOGo check
[Nginx] Change ports according to new PHP-FPM listeners
[Update] Fix PHP-FPM ports for existing non-mailcow Nginx sites
2018-04-26 13:56:07 +02:00
André Peters
8a7664f7d5
[Nginx] Add larger map bucket size, fixes 1112
2018-03-01 07:28:06 +01:00
Kristian Klausen
63002cbb74
[Nginx] Reduce config duplication
...
It does not make sense having a seperate server block for both http
and https.
According to the nginx doc [1], using the same server block for both
should work.
[1] http://nginx.org/en/docs/http/configuring_https_servers.html#single_http_https_server
2018-02-15 21:23:07 +01:00
André Peters
e186e350ef
[Nginx] Fixes #1033
2018-02-14 09:09:17 +01:00
André Peters
993c998716
Merge pull request #995 from Alireza2n/master
...
SOGO & Rspamd interface: adding "expire" header to static files, allowing browser to be able to cache them
2018-02-14 07:50:22 +01:00
André Peters
943598f705
[Nginx] Fix EAS...
2018-02-13 09:12:54 +01:00
André Peters
63f7e5930d
[Nginx] Fix EAS
2018-02-13 09:07:44 +01:00
André Peters
74c804b9a3
[SOGo] SOGo refuses to bind to IPv6, so force IPv4 in proxy_pass, fixes #1006
2018-02-12 21:32:49 +01:00
André Peters
e5031accbb
[Nginx] Remove auto-redirect to not break rp
2018-02-09 09:59:35 +01:00
André Peters
3a1e7b4ee1
[Nginx] Pass args when redirecting to https
2018-02-09 09:11:59 +01:00
Alireza
781a5eb69a
Added expires directive and map to nginx, allowing browser to cache SOGO JS,CSS,WOFF files.
2018-02-02 18:38:18 +03:30
Alireza
1b898b1c7b
Added expires directive and map to nginx, allowing browser to cache rspamd JS,CSS and image files.
2018-02-02 17:46:49 +03:30
Alireza
64fbc73582
Added expires directive and map to nginx, allowing browser to cache rspamd JS,CSS and image files.
2018-02-02 17:42:19 +03:30