Commit Graph

80 Commits (f2d1a5610457a7f5d6a20b4be0c70e8c04de185f)

Author SHA1 Message Date
andryyy fae34b8a89
I'm an idiot 2019-04-01 22:52:45 +02:00
andryyy bb12ce9edc
[Nginx] Fix site when ALLOW_ADMIN_EMAIL_LOGIN=y and reverse proxy is used, fixes #2489 2019-04-01 22:46:13 +02:00
Marcel Hofer a110378000 always check basic auth against user database for EAS and SOGo if ALLOW_ADMIN_EMAIL_LOGIN is enabled 2019-02-27 23:06:19 +01:00
andryyy 38911034c3
Don't break DAV 2019-02-26 22:13:37 +01:00
Marcel Hofer cac67db203 add config ALLOW_ADMIN_EMAIL_LOGIN and implement password-less SOGo login admins 2019-02-23 17:59:18 +01:00
andryyy 5efdf71120
[Nginx] Add qhandler rewrite
[Web] Move theme header include, fixes #2267
2019-02-06 10:14:56 +01:00
Tobias "Knight" S c06e4c81cf
Enable TLSv1.3 finally
With Alpine 3.9 https://pkgs.alpinelinux.org/package/v3.9/main/x86/openssl we got OpenSSL 1.1.1a. 
With https://github.com/docker-library/official-images/pull/5377 it was merged into the Nginx upstream image and thus Nginx was built with it.
2019-02-01 01:04:13 +01:00
andryyy 6ad8798d5c [Nginx] Compress some files, don't compress proxy answers 2019-01-31 17:07:49 +01:00
andryyy 14901eed64
[Nginx] Remove broken locations 2019-01-31 15:58:35 +01:00
andryyy 60f9968134
[Nginx] Add compression, change expires 2019-01-31 15:45:57 +01:00
andryyy e84dec3b56 [SOGo] Revert self-built SOGo 2018-12-21 19:54:32 +01:00
andryyy 534e83a218 [Nginx] New WebServerResources path 2018-12-19 09:37:07 +01:00
andryyy e6625501e7 [Nginx] Remove Strict-Transport-Security for subdomains (prevented autoconfig from working without TLS) 2018-11-12 09:53:18 +01:00
André Peters 83a5eda762
Merge pull request #1434 from apoc4lyps/master
hardening http headers
2018-10-15 22:48:50 +02:00
André c08149adef [SOGo] EAS changes, larger timeout 2018-10-05 11:12:55 +02:00
André 2f18eb5ad0 [Nginx] Avoid php extensions, use rewrite 2018-10-04 14:34:00 +02:00
André ea4a26eabf [Nginx] Use SOGo web resources from local mount 2018-09-09 09:51:37 +02:00
apoc4lyps cf56be1843
set Referrer-Policy to strict-origin 2018-08-06 09:24:34 +02:00
André 66d1bc12c0 [Nginx] Set client_max_body_size = 0 2018-08-05 22:37:07 +02:00
André e79429beef [PHP-FPM, Nginx] Move some PHP parameters from Nginx to FPM configuration file 2018-06-10 14:31:24 +02:00
apoc4lyps 918343865e
hardening http headers 2018-05-28 12:28:23 +02:00
André ef6644df34 [PHP-FPM] Delete old pool files
[Nginx] Remove dev code
2018-04-26 13:57:23 +02:00
André 7181ee4658 [Rspamd] Apply ratelimit against authenticated user instead of envelope from
[PHP-FPM] Create PHP-FPM listeners 9001 (system) and 9002 (web), drop 9000
[Rspamd] Parse quarantine messages as utf8
[Rspamd] Use new schema for Rspamd bayes hashes and expire them in Redis
[SOGo] Change default logo
[SOGo] Use different keyserver by default in Dockerfile
[Rspamd] Add bad ASN list (disabled by default)
[Watchdog] Change the way we check PHP-FPM, change SOGo check
[Nginx] Change ports according to new PHP-FPM listeners
[Update] Fix PHP-FPM ports for existing non-mailcow Nginx sites
2018-04-26 13:56:07 +02:00
Kristian Klausen 63002cbb74 [Nginx] Reduce config duplication
It does not make sense having a seperate server block for both http
and https.
According to the nginx doc [1], using the same server block for both
should work.

[1] http://nginx.org/en/docs/http/configuring_https_servers.html#single_http_https_server
2018-02-15 21:23:07 +01:00
André Peters e186e350ef [Nginx] Fixes #1033 2018-02-14 09:09:17 +01:00
André Peters 993c998716
Merge pull request #995 from Alireza2n/master
SOGO & Rspamd interface: adding "expire" header to static files, allowing browser to be able to cache them
2018-02-14 07:50:22 +01:00
André Peters 943598f705 [Nginx] Fix EAS... 2018-02-13 09:12:54 +01:00
André Peters 63f7e5930d [Nginx] Fix EAS 2018-02-13 09:07:44 +01:00
André Peters 74c804b9a3 [SOGo] SOGo refuses to bind to IPv6, so force IPv4 in proxy_pass, fixes #1006 2018-02-12 21:32:49 +01:00
André Peters e5031accbb [Nginx] Remove auto-redirect to not break rp 2018-02-09 09:59:35 +01:00
André Peters 3a1e7b4ee1 [Nginx] Pass args when redirecting to https 2018-02-09 09:11:59 +01:00
Alireza 781a5eb69a Added expires directive and map to nginx, allowing browser to cache SOGO JS,CSS,WOFF files. 2018-02-02 18:38:18 +03:30
Alireza 1b898b1c7b Added expires directive and map to nginx, allowing browser to cache rspamd JS,CSS and image files. 2018-02-02 17:46:49 +03:30
Alireza 64fbc73582 Added expires directive and map to nginx, allowing browser to cache rspamd JS,CSS and image files. 2018-02-02 17:42:19 +03:30
andre.peters 70ac65d794 [Nginx] Fix IPv6 subnet, only rewrite to HTTPS when request is not internal 2018-02-01 13:36:01 +01:00
andre.peters 67ddc710a7 [Nginx] Set real IP from internal networks 2018-01-24 08:36:19 +01:00
andre.peters 83fb8c0fd8 [Nginx] Use names instead of IPs 2018-01-21 14:59:45 +01:00
André a3e966696f [Nginx] Revert to site splitting 2017-10-12 08:37:48 +02:00
andryyy c5054ae7ed [Watchdog] Ignore null name in jq
[Nginx] Merge sites
[Scripts] Nextcloud helper script (testing!)
2017-10-11 22:56:22 +02:00
andryyy 874aac3c5e [Nginx, PHP-FPM] Do not expose PHP version, example for nextcloud site, include custom locations to site (add site.something.custom to data/conf/nginx) 2017-10-08 22:57:34 +02:00
Michael Kuron c731a18f66 Preliminary support for Outlook 2016’s autodiscover.json 2017-09-26 22:11:01 +02:00
andryyy f0df390d12 [Nginx] Stricter TLS settings 2017-09-14 13:34:07 +02:00
andryyy 92e6c9daae [Nginx] Fix SSL temp. 2017-09-11 17:37:25 +02:00
JOduMonT b2b9731020 a little bit of security
Hide the version of NGINX, block XSS and more...

inspired by : https://gist.github.com/plentz/6737338
2017-09-09 23:10:36 +07:00
andryyy e5faee9037 [Nginx] Disable client_max_body_size 2017-08-09 10:17:32 +02:00
andryyy aabcf65c69 [Nginx] Set server_names_hash_bucket_size 64 2017-07-30 21:39:35 +02:00
andryyy ba3fc47d5f Fix autodiscover, thanks to K2rool! 2017-06-15 23:03:10 +02:00
andryyy 83cb686e33 Fix fix for Apple dav.... 2017-06-14 23:17:31 +02:00
andryyy 495bf05fb8 Fix for Apple autoconfiguration (dav) 2017-06-14 23:14:41 +02:00
andryyy e99fa9433e Fix dav url detection for apple 2017-06-14 23:10:50 +02:00