paxton
/
mailcow
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
2,641 Commits
1 Branch
0 Tags
32 MiB
Commit Graph

89 Commits (9f3b79b361788061cd9530e920d4c64be782b755)

Author SHA1 Message Date
Marcel Hofer dd6d253ac0 add random masterpass for sogo admin login 
add required headers for sogo proxy auth with password
add SOGoEncryptionKey
add SOGoTrustProxyAuthentication only conditionally if feature is enabled
 2019-02-26 09:02:35 +01:00
andryyy 57312ad605
[Compose] Add ALLOW_ADMIN_EMAIL_LOGIN to sogo-mailcow to trigger bootstrap on change 
[Compose] Static IPv4 for Dovecot
[SOGo] Remove SOGoIMAPServer from sogo.conf
[SOGo] Add SOGoIMAPServer to bootstrap process
[Nginx] Disallow editAccount for other accounts than 0 (own)
 2019-02-25 00:00:32 +01:00
André Peters 9a9079baa5
Update sogo.auth_request.template.sh 2019-02-23 22:29:14 +01:00
André Peters 0c8f217f49
Update sogo.auth_request.template.sh 
Don't want to split hairs! Just consistency. :)
 2019-02-23 22:20:09 +01:00
Marcel Hofer cac67db203 add config ALLOW_ADMIN_EMAIL_LOGIN and implement password-less SOGo login admins 2019-02-23 17:59:18 +01:00
andryyy 5efdf71120
[Nginx] Add qhandler rewrite 
[Web] Move theme header include, fixes #2267
 2019-02-06 10:14:56 +01:00
Tobias "Knight" S c06e4c81cf
Enable TLSv1.3 finally 
With Alpine 3.9 https://pkgs.alpinelinux.org/package/v3.9/main/x86/openssl we got OpenSSL 1.1.1a. 
With https://github.com/docker-library/official-images/pull/5377 it was merged into the Nginx upstream image and thus Nginx was built with it.
 2019-02-01 01:04:13 +01:00
andryyy 6ad8798d5c [Nginx] Compress some files, don't compress proxy answers 2019-01-31 17:07:49 +01:00
andryyy 14901eed64
[Nginx] Remove broken locations 2019-01-31 15:58:35 +01:00
andryyy 60f9968134
[Nginx] Add compression, change expires 2019-01-31 15:45:57 +01:00
andryyy e84dec3b56 [SOGo] Revert self-built SOGo 2018-12-21 19:54:32 +01:00
andryyy 534e83a218 [Nginx] New WebServerResources path 2018-12-19 09:37:07 +01:00
andryyy e6625501e7 [Nginx] Remove Strict-Transport-Security for subdomains (prevented autoconfig from working without TLS) 2018-11-12 09:53:18 +01:00
André Peters 83a5eda762
Merge pull request #1434 from apoc4lyps/master 
hardening http headers
 2018-10-15 22:48:50 +02:00
André c08149adef [SOGo] EAS changes, larger timeout 2018-10-05 11:12:55 +02:00
André 2f18eb5ad0 [Nginx] Avoid php extensions, use rewrite 2018-10-04 14:34:00 +02:00
André ea4a26eabf [Nginx] Use SOGo web resources from local mount 2018-09-09 09:51:37 +02:00
apoc4lyps cf56be1843
set Referrer-Policy to strict-origin 2018-08-06 09:24:34 +02:00
André 66d1bc12c0 [Nginx] Set client_max_body_size = 0 2018-08-05 22:37:07 +02:00
André e79429beef [PHP-FPM, Nginx] Move some PHP parameters from Nginx to FPM configuration file 2018-06-10 14:31:24 +02:00
apoc4lyps 918343865e
hardening http headers 2018-05-28 12:28:23 +02:00
André ef6644df34 [PHP-FPM] Delete old pool files 
[Nginx] Remove dev code
 2018-04-26 13:57:23 +02:00
André 7181ee4658 [Rspamd] Apply ratelimit against authenticated user instead of envelope from 
[PHP-FPM] Create PHP-FPM listeners 9001 (system) and 9002 (web), drop 9000
[Rspamd] Parse quarantine messages as utf8
[Rspamd] Use new schema for Rspamd bayes hashes and expire them in Redis
[SOGo] Change default logo
[SOGo] Use different keyserver by default in Dockerfile
[Rspamd] Add bad ASN list (disabled by default)
[Watchdog] Change the way we check PHP-FPM, change SOGo check
[Nginx] Change ports according to new PHP-FPM listeners
[Update] Fix PHP-FPM ports for existing non-mailcow Nginx sites
 2018-04-26 13:56:07 +02:00
André Peters 8a7664f7d5 [Nginx] Add larger map bucket size, fixes 1112 2018-03-01 07:28:06 +01:00
Kristian Klausen 63002cbb74 [Nginx] Reduce config duplication 
It does not make sense having a seperate server block for both http
and https.
According to the nginx doc [1], using the same server block for both
should work.

[1] http://nginx.org/en/docs/http/configuring_https_servers.html#single_http_https_server
 2018-02-15 21:23:07 +01:00
André Peters e186e350ef [Nginx] Fixes #1033 2018-02-14 09:09:17 +01:00
André Peters 993c998716
Merge pull request #995 from Alireza2n/master 
SOGO & Rspamd interface: adding "expire" header to static files, allowing browser to be able to cache them
 2018-02-14 07:50:22 +01:00
André Peters 943598f705 [Nginx] Fix EAS... 2018-02-13 09:12:54 +01:00
André Peters 63f7e5930d [Nginx] Fix EAS 2018-02-13 09:07:44 +01:00
André Peters 74c804b9a3 [SOGo] SOGo refuses to bind to IPv6, so force IPv4 in proxy_pass, fixes #1006 2018-02-12 21:32:49 +01:00
André Peters e5031accbb [Nginx] Remove auto-redirect to not break rp 2018-02-09 09:59:35 +01:00
André Peters 3a1e7b4ee1 [Nginx] Pass args when redirecting to https 2018-02-09 09:11:59 +01:00
Alireza 781a5eb69a Added expires directive and map to nginx, allowing browser to cache SOGO JS,CSS,WOFF files. 2018-02-02 18:38:18 +03:30
Alireza 1b898b1c7b Added expires directive and map to nginx, allowing browser to cache rspamd JS,CSS and image files. 2018-02-02 17:46:49 +03:30
Alireza 64fbc73582 Added expires directive and map to nginx, allowing browser to cache rspamd JS,CSS and image files. 2018-02-02 17:42:19 +03:30
andre.peters 70ac65d794 [Nginx] Fix IPv6 subnet, only rewrite to HTTPS when request is not internal 2018-02-01 13:36:01 +01:00
andre.peters 67ddc710a7 [Nginx] Set real IP from internal networks 2018-01-24 08:36:19 +01:00
andre.peters 83fb8c0fd8 [Nginx] Use names instead of IPs 2018-01-21 14:59:45 +01:00
andre.peters ae56c3b59e Fix quarantaine 2017-12-11 10:44:46 +01:00
André a3e966696f [Nginx] Revert to site splitting 2017-10-12 08:37:48 +02:00
andryyy c5054ae7ed [Watchdog] Ignore null name in jq 
[Nginx] Merge sites
[Scripts] Nextcloud helper script (testing!)
 2017-10-11 22:56:22 +02:00
andryyy 874aac3c5e [Nginx, PHP-FPM] Do not expose PHP version, example for nextcloud site, include custom locations to site (add site.something.custom to data/conf/nginx) 2017-10-08 22:57:34 +02:00
Michael Kuron c731a18f66 Preliminary support for Outlook 2016’s autodiscover.json 2017-09-26 22:11:01 +02:00
andryyy f0df390d12 [Nginx] Stricter TLS settings 2017-09-14 13:34:07 +02:00
andryyy 92e6c9daae [Nginx] Fix SSL temp. 2017-09-11 17:37:25 +02:00
JOduMonT b2b9731020 a little bit of security 
Hide the version of NGINX, block XSS and more...

inspired by : https://gist.github.com/plentz/6737338
 2017-09-09 23:10:36 +07:00
andryyy e5faee9037 [Nginx] Disable client_max_body_size 2017-08-09 10:17:32 +02:00
andryyy aabcf65c69 [Nginx] Set server_names_hash_bucket_size 64 2017-07-30 21:39:35 +02:00
andryyy ba3fc47d5f Fix autodiscover, thanks to K2rool! 2017-06-15 23:03:10 +02:00
andryyy 83cb686e33 Fix fix for Apple dav.... 2017-06-14 23:17:31 +02:00