andryyy
6a8aa699d9
[SOGo, Nginx] Deny access to some extensions from SOGo web ui to mitigate security concerns
2021-05-12 10:44:42 +02:00
Maximilian
5df8a24c84
server_tokens off in default settings ( #4073 )
...
Co-authored-by: Maximilian Leith <accounts.maximilan@leith.de>
2021-04-26 13:20:23 +02:00
andryyy
b11764dff0
[Config] Add ADDITIONAL_SERVER_NAMES as optional config to define additional server_name parameters for mailcow UI
2021-02-16 16:38:28 +01:00
andryyy
666d344322
[Web] Remove XMPP site when disabling XMPP
2021-02-14 21:33:43 +01:00
andryyy
9407b55661
[PHP-FPM] Fix fastcgi timeouts
2020-12-26 10:19:52 +01:00
andryyy
8e15c56330
[SOGo] Increase timeout for SOGo to prevent failure on uploads
2020-11-25 16:11:02 +01:00
mcmufffin
93ac0d3864
Update site-defaults.conf ( #3780 )
2020-09-27 12:38:40 +02:00
André Peters
ba0b6963c7
Revert "Update site-defaults.conf ( #3778 )" ( #3779 )
...
This reverts commit b8ec9ad536
.
2020-09-26 22:53:53 +02:00
mcmufffin
b8ec9ad536
Update site-defaults.conf ( #3778 )
2020-09-26 22:15:43 +02:00
Jellyfrog
c31d0cee86
[Nginx] Refresh cipher suites ( #3669 )
...
Also turn ssl_prefer_server_ciphers off.
"The cipher suites are all strong and so we allow the client to choose, as they will know best if they have support for hardware-accelerated AES" - https://wiki.mozilla.org/Security/Server_Side_TLS#Intermediate_compatibility_.28recommended.29
2020-09-24 07:30:09 +02:00
andryyy
06c8f140b5
[Nginx] Mark script not executable
2020-07-14 13:24:37 +02:00
andryyy
4cd51017a7
[Nginx] Mark script executable
2020-07-14 13:20:50 +02:00
andryyy
d931083e0e
[SOGo] Disable EAS when SKIP_SOGO=y
2020-07-14 13:16:26 +02:00
andryyy
ad8acefb96
[SOGo] Disable EAS when SKIP_SOGO=y
2020-07-14 13:13:32 +02:00
Timo N
5fe9de0500
[API] Removed api_blueprint docs and use swagger ( #3595 )
...
* [NGINX] Removed api docs location
* [WEB] Removed api_blueprint api docs
* [WEB] Added openapi/swagger api viewer
* [WEB] Added openapi.yaml with api docs
* [WEB] Added request body for create app password endpoint
* [Web] Updated types in openapi.yaml
* [Web] Only define API docs auth header once
* [Web] Added 401 api response to docs
2020-06-07 20:46:17 +02:00
andryyy
84d205d728
[Nginx] Drop X-Powered-By via fastcgi_hide_header
2020-05-06 20:14:34 +02:00
andryyy
a4e5400f67
[Nginx] Add proxy_send_timeout and proxy_read_timeout of 300 to /SOGo
2020-02-19 21:40:45 +01:00
andryyy
0e6dfdd0fe
[Nginx] Catch case-insensitive /sogo$ request and redirect to /SOGo
2019-12-02 10:55:17 +01:00
andryyy
9257fa90d4
[Nginx] Fix 301 to SOGo
2019-11-28 19:14:23 +01:00
andryyy
ce15dda990
[Nginx] Redirect /S|sogo* to /SOGo
2019-11-28 15:08:11 +01:00
tinect
cc1bf5d426
deliver CSS and JS as external request
2019-10-20 21:25:58 +02:00
Marcel Hofer
f2b552c00d
Fix custom http redirects with TLS-SNI
...
Disable http listener for SNI ssl hosts in nginx. This allows the use of the following config again:
https://mailcow.github.io/mailcow-dockerized-docs/u_e-80_to_443/
However that documentation page should still be updated: https://github.com/mailcow/mailcow-dockerized-docs/pull/175/commits
2019-10-20 20:24:16 +02:00
Marcel Hofer
05e7c95829
[SSL] fix wildcard compare for non-bash shell
2019-10-20 17:02:54 +02:00
Marcel Hofer
dcd50b2245
[SSL] restore old nginx templates. fix possible issues with custom nginx sites
2019-10-20 16:41:53 +02:00
Marcel Hofer
84c5f43438
[SSL] re-add nginx site.conf
2019-10-19 12:49:23 +02:00
Marcel Hofer
2e35da6816
[SSL] create individual domain certificates, add SNI configs for Postfix/Dovecot/Nginx
2019-10-19 12:48:56 +02:00
andryyy
a606f60b54
[Nginx] Modify site to catch failed logins to /rspamd
2019-10-12 13:16:49 +02:00
andryyy
1580e4b2a5
[Nginx, SOGo] Adjustments for EAS
2019-10-06 10:12:46 +02:00
ntimo
6ab1304579
[Nginx] Make api docs browsable using /api and /api/ uri
2019-10-03 11:27:44 +02:00
ntimo
7c43e2e120
[Nginx] Fix nginx config for API docs
2019-10-03 11:19:17 +02:00
ntimo
5cf74f6b85
[NGINX] Make API docs accessible using /api/
2019-10-02 22:13:47 +02:00
andryyy
9b7668d912
[Nginx] Custom 502
2019-09-24 06:53:13 +02:00
andryyy
fae34b8a89
I'm an idiot
2019-04-01 22:52:45 +02:00
andryyy
bb12ce9edc
[Nginx] Fix site when ALLOW_ADMIN_EMAIL_LOGIN=y and reverse proxy is used, fixes #2489
2019-04-01 22:46:13 +02:00
Marcel Hofer
a110378000
always check basic auth against user database for EAS and SOGo if ALLOW_ADMIN_EMAIL_LOGIN is enabled
2019-02-27 23:06:19 +01:00
andryyy
38911034c3
Don't break DAV
2019-02-26 22:13:37 +01:00
Marcel Hofer
dd6d253ac0
add random masterpass for sogo admin login
...
add required headers for sogo proxy auth with password
add SOGoEncryptionKey
add SOGoTrustProxyAuthentication only conditionally if feature is enabled
2019-02-26 09:02:35 +01:00
andryyy
57312ad605
[Compose] Add ALLOW_ADMIN_EMAIL_LOGIN to sogo-mailcow to trigger bootstrap on change
...
[Compose] Static IPv4 for Dovecot
[SOGo] Remove SOGoIMAPServer from sogo.conf
[SOGo] Add SOGoIMAPServer to bootstrap process
[Nginx] Disallow editAccount for other accounts than 0 (own)
2019-02-25 00:00:32 +01:00
André Peters
9a9079baa5
Update sogo.auth_request.template.sh
2019-02-23 22:29:14 +01:00
André Peters
0c8f217f49
Update sogo.auth_request.template.sh
...
Don't want to split hairs! Just consistency. :)
2019-02-23 22:20:09 +01:00
Marcel Hofer
cac67db203
add config ALLOW_ADMIN_EMAIL_LOGIN and implement password-less SOGo login admins
2019-02-23 17:59:18 +01:00
andryyy
5efdf71120
[Nginx] Add qhandler rewrite
...
[Web] Move theme header include, fixes #2267
2019-02-06 10:14:56 +01:00
Tobias "Knight" S
c06e4c81cf
Enable TLSv1.3 finally
...
With Alpine 3.9 https://pkgs.alpinelinux.org/package/v3.9/main/x86/openssl we got OpenSSL 1.1.1a.
With https://github.com/docker-library/official-images/pull/5377 it was merged into the Nginx upstream image and thus Nginx was built with it.
2019-02-01 01:04:13 +01:00
andryyy
6ad8798d5c
[Nginx] Compress some files, don't compress proxy answers
2019-01-31 17:07:49 +01:00
andryyy
14901eed64
[Nginx] Remove broken locations
2019-01-31 15:58:35 +01:00
andryyy
60f9968134
[Nginx] Add compression, change expires
2019-01-31 15:45:57 +01:00
andryyy
e84dec3b56
[SOGo] Revert self-built SOGo
2018-12-21 19:54:32 +01:00
andryyy
534e83a218
[Nginx] New WebServerResources path
2018-12-19 09:37:07 +01:00
andryyy
e6625501e7
[Nginx] Remove Strict-Transport-Security for subdomains (prevented autoconfig from working without TLS)
2018-11-12 09:53:18 +01:00
André Peters
83a5eda762
Merge pull request #1434 from apoc4lyps/master
...
hardening http headers
2018-10-15 22:48:50 +02:00