Marcel Hofer
a110378000
always check basic auth against user database for EAS and SOGo if ALLOW_ADMIN_EMAIL_LOGIN is enabled
2019-02-27 23:06:19 +01:00
andryyy
38911034c3
Don't break DAV
2019-02-26 22:13:37 +01:00
Marcel Hofer
dd6d253ac0
add random masterpass for sogo admin login
...
add required headers for sogo proxy auth with password
add SOGoEncryptionKey
add SOGoTrustProxyAuthentication only conditionally if feature is enabled
2019-02-26 09:02:35 +01:00
andryyy
57312ad605
[Compose] Add ALLOW_ADMIN_EMAIL_LOGIN to sogo-mailcow to trigger bootstrap on change
...
[Compose] Static IPv4 for Dovecot
[SOGo] Remove SOGoIMAPServer from sogo.conf
[SOGo] Add SOGoIMAPServer to bootstrap process
[Nginx] Disallow editAccount for other accounts than 0 (own)
2019-02-25 00:00:32 +01:00
André Peters
9a9079baa5
Update sogo.auth_request.template.sh
2019-02-23 22:29:14 +01:00
André Peters
0c8f217f49
Update sogo.auth_request.template.sh
...
Don't want to split hairs! Just consistency. :)
2019-02-23 22:20:09 +01:00
Marcel Hofer
cac67db203
add config ALLOW_ADMIN_EMAIL_LOGIN and implement password-less SOGo login admins
2019-02-23 17:59:18 +01:00
andryyy
5efdf71120
[Nginx] Add qhandler rewrite
...
[Web] Move theme header include, fixes #2267
2019-02-06 10:14:56 +01:00
Tobias "Knight" S
c06e4c81cf
Enable TLSv1.3 finally
...
With Alpine 3.9 https://pkgs.alpinelinux.org/package/v3.9/main/x86/openssl we got OpenSSL 1.1.1a.
With https://github.com/docker-library/official-images/pull/5377 it was merged into the Nginx upstream image and thus Nginx was built with it.
2019-02-01 01:04:13 +01:00
andryyy
6ad8798d5c
[Nginx] Compress some files, don't compress proxy answers
2019-01-31 17:07:49 +01:00
andryyy
14901eed64
[Nginx] Remove broken locations
2019-01-31 15:58:35 +01:00
andryyy
60f9968134
[Nginx] Add compression, change expires
2019-01-31 15:45:57 +01:00
andryyy
e84dec3b56
[SOGo] Revert self-built SOGo
2018-12-21 19:54:32 +01:00
andryyy
534e83a218
[Nginx] New WebServerResources path
2018-12-19 09:37:07 +01:00
andryyy
e6625501e7
[Nginx] Remove Strict-Transport-Security for subdomains (prevented autoconfig from working without TLS)
2018-11-12 09:53:18 +01:00
André Peters
83a5eda762
Merge pull request #1434 from apoc4lyps/master
...
hardening http headers
2018-10-15 22:48:50 +02:00
André
c08149adef
[SOGo] EAS changes, larger timeout
2018-10-05 11:12:55 +02:00
André
2f18eb5ad0
[Nginx] Avoid php extensions, use rewrite
2018-10-04 14:34:00 +02:00
André
ea4a26eabf
[Nginx] Use SOGo web resources from local mount
2018-09-09 09:51:37 +02:00
apoc4lyps
cf56be1843
set Referrer-Policy to strict-origin
2018-08-06 09:24:34 +02:00
André
66d1bc12c0
[Nginx] Set client_max_body_size = 0
2018-08-05 22:37:07 +02:00
André
e79429beef
[PHP-FPM, Nginx] Move some PHP parameters from Nginx to FPM configuration file
2018-06-10 14:31:24 +02:00
apoc4lyps
918343865e
hardening http headers
2018-05-28 12:28:23 +02:00
André
ef6644df34
[PHP-FPM] Delete old pool files
...
[Nginx] Remove dev code
2018-04-26 13:57:23 +02:00
André
7181ee4658
[Rspamd] Apply ratelimit against authenticated user instead of envelope from
...
[PHP-FPM] Create PHP-FPM listeners 9001 (system) and 9002 (web), drop 9000
[Rspamd] Parse quarantine messages as utf8
[Rspamd] Use new schema for Rspamd bayes hashes and expire them in Redis
[SOGo] Change default logo
[SOGo] Use different keyserver by default in Dockerfile
[Rspamd] Add bad ASN list (disabled by default)
[Watchdog] Change the way we check PHP-FPM, change SOGo check
[Nginx] Change ports according to new PHP-FPM listeners
[Update] Fix PHP-FPM ports for existing non-mailcow Nginx sites
2018-04-26 13:56:07 +02:00
André Peters
8a7664f7d5
[Nginx] Add larger map bucket size, fixes 1112
2018-03-01 07:28:06 +01:00
Kristian Klausen
63002cbb74
[Nginx] Reduce config duplication
...
It does not make sense having a seperate server block for both http
and https.
According to the nginx doc [1], using the same server block for both
should work.
[1] http://nginx.org/en/docs/http/configuring_https_servers.html#single_http_https_server
2018-02-15 21:23:07 +01:00
André Peters
e186e350ef
[Nginx] Fixes #1033
2018-02-14 09:09:17 +01:00
André Peters
993c998716
Merge pull request #995 from Alireza2n/master
...
SOGO & Rspamd interface: adding "expire" header to static files, allowing browser to be able to cache them
2018-02-14 07:50:22 +01:00
André Peters
943598f705
[Nginx] Fix EAS...
2018-02-13 09:12:54 +01:00
André Peters
63f7e5930d
[Nginx] Fix EAS
2018-02-13 09:07:44 +01:00
André Peters
74c804b9a3
[SOGo] SOGo refuses to bind to IPv6, so force IPv4 in proxy_pass, fixes #1006
2018-02-12 21:32:49 +01:00
André Peters
e5031accbb
[Nginx] Remove auto-redirect to not break rp
2018-02-09 09:59:35 +01:00
André Peters
3a1e7b4ee1
[Nginx] Pass args when redirecting to https
2018-02-09 09:11:59 +01:00
Alireza
781a5eb69a
Added expires directive and map to nginx, allowing browser to cache SOGO JS,CSS,WOFF files.
2018-02-02 18:38:18 +03:30
Alireza
1b898b1c7b
Added expires directive and map to nginx, allowing browser to cache rspamd JS,CSS and image files.
2018-02-02 17:46:49 +03:30
Alireza
64fbc73582
Added expires directive and map to nginx, allowing browser to cache rspamd JS,CSS and image files.
2018-02-02 17:42:19 +03:30
andre.peters
70ac65d794
[Nginx] Fix IPv6 subnet, only rewrite to HTTPS when request is not internal
2018-02-01 13:36:01 +01:00
andre.peters
67ddc710a7
[Nginx] Set real IP from internal networks
2018-01-24 08:36:19 +01:00
andre.peters
83fb8c0fd8
[Nginx] Use names instead of IPs
2018-01-21 14:59:45 +01:00
andre.peters
ae56c3b59e
Fix quarantaine
2017-12-11 10:44:46 +01:00
André
a3e966696f
[Nginx] Revert to site splitting
2017-10-12 08:37:48 +02:00
andryyy
c5054ae7ed
[Watchdog] Ignore null name in jq
...
[Nginx] Merge sites
[Scripts] Nextcloud helper script (testing!)
2017-10-11 22:56:22 +02:00
andryyy
874aac3c5e
[Nginx, PHP-FPM] Do not expose PHP version, example for nextcloud site, include custom locations to site (add site.something.custom to data/conf/nginx)
2017-10-08 22:57:34 +02:00
Michael Kuron
c731a18f66
Preliminary support for Outlook 2016’s autodiscover.json
2017-09-26 22:11:01 +02:00
andryyy
f0df390d12
[Nginx] Stricter TLS settings
2017-09-14 13:34:07 +02:00
andryyy
92e6c9daae
[Nginx] Fix SSL temp.
2017-09-11 17:37:25 +02:00
JOduMonT
b2b9731020
a little bit of security
...
Hide the version of NGINX, block XSS and more...
inspired by : https://gist.github.com/plentz/6737338
2017-09-09 23:10:36 +07:00
andryyy
e5faee9037
[Nginx] Disable client_max_body_size
2017-08-09 10:17:32 +02:00
andryyy
aabcf65c69
[Nginx] Set server_names_hash_bucket_size 64
2017-07-30 21:39:35 +02:00