edwin
/
mailcow-dockerized-proxy
mirror of https://github.com/practical-engelbart/mailcow-dockerized-proxy.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

Update mailcow.conf

Browse Source
master
Edwin Lyon 4 years ago committed by GitHub
parent 2a36069af5
commit 909a2790fc
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 36 additions and 17 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Unified View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 49
      nginx/mailcow.conf

49
nginx/mailcow.conf
Unescape View File

@ -1,23 +1,33 @@
server { server {
listen 443 ssl http2; listen 443 ssl http2;
listen [::]:443 ssl http2; listen [::]:443 ssl http2;
server_name email.* autodiscover.* autoconfig.*; server_name email.* autodiscover.* autoconfig.* im.* conference.im.* proxy.im.* pubsub.im.* upload.im.*;
ssl_certificate /opt/mailcow-dockerized/data/assets/ssl/cert.pem; ssl_certificate /opt/mailcow-dockerized/data/assets/ssl/cert.pem;
ssl_certificate_key /opt/mailcow-dockerized/data/assets/ssl/key.pem; ssl_certificate_key /opt/mailcow-dockerized/data/assets/ssl/key.pem;
ssl_dhparam /opt/mailcow-dockerized/data/assets/ssl/dhparams.pem; ssl_dhparam /opt/mailcow-dockerized/data/assets/ssl/dhparams.pem;
include /etc/nginx/snippets/ssl.conf; include /etc/nginx/snippets/ssl.conf;
ssl_trusted_certificate /opt/mailcow-dockerized/data/assets/ssl/chain.pem;
ssl_trusted_certificate /opt/mailcow-dockerized/data/assets/ssl/cert.pem;
include /etc/nginx/snippets/mailcow-headers.conf; include /etc/nginx/snippets/mailcow-headers.conf;
include /etc/nginx/snippets/letsencrypt.conf; include /etc/nginx/snippets/letsencrypt.conf;
error_page 404 /index.html;
if ($http_referer ~ "semalt\.com|badsite\.net|youtube\.com|leakix\.net|example\.com|httpbin\.org") {
return 404;
}
location /Microsoft-Server-ActiveSync { location /Microsoft-Server-ActiveSync {
proxy_pass http://127.0.0.1:8080/Microsoft-Server-ActiveSync; proxy_pass http://127.0.0.1:8080/Microsoft-Server-ActiveSync;
proxy_set_header Host $http_host; proxy_cache_bypass $http_upgrade;
proxy_set_header X-Real-IP $remote_addr; proxy_set_header Upgrade $http_upgrade;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header Connection $connection_upgrade;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme; proxy_set_header X-Forwarded-Proto $scheme;
proxy_connect_timeout 75; proxy_connect_timeout 75;
proxy_send_timeout 3650; proxy_send_timeout 3650;
@ -29,7 +39,10 @@ server {
location / { location / {
proxy_pass http://127.0.0.1:8080/; proxy_pass http://127.0.0.1:8080/;
proxy_set_header Host $http_host; proxy_cache_bypass $http_upgrade;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $connection_upgrade;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme; proxy_set_header X-Forwarded-Proto $scheme;
@ -37,22 +50,30 @@ server {
} }
location /minio/ { location /minio/ {
proxy_set_header X-Real-IP $remote_addr; proxy_cache_bypass $http_upgrade;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $connection_upgrade;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme; proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Host $http_host; proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Port $server_port;
proxy_connect_timeout 300; proxy_connect_timeout 300;
proxy_http_version 1.1; proxy_http_version 1.1;
proxy_set_header Connection ""; proxy_set_header Connection "";
chunked_transfer_encoding off; chunked_transfer_encoding off;
proxy_pass http://localhost:9443; proxy_pass http://localhost:9443;
add_header Strict-Transport-Security "max-age=31536000";
add_header X-Content-Type-Options nosniff;
add_header X-XSS-Protection "1; mode=block";
} }
} }
server { server {
listen 443 ssl http2; listen 443 ssl http2;
listen [::]:443 ssl http2; listen [::]:443 ssl http2;
server_name webmail.thelyoncompany.com; server_name webmail.*;
ssl_certificate /opt/mailcow-dockerized/data/assets/ssl/cert.pem; ssl_certificate /opt/mailcow-dockerized/data/assets/ssl/cert.pem;
ssl_certificate_key /opt/mailcow-dockerized/data/assets/ssl/key.pem; ssl_certificate_key /opt/mailcow-dockerized/data/assets/ssl/key.pem;
@ -61,11 +82,10 @@ server {
include /etc/nginx/snippets/ssl.conf; include /etc/nginx/snippets/ssl.conf;
ssl_trusted_certificate /opt/mailcow-dockerized/data/assets/ssl/cert.pem; ssl_trusted_certificate /opt/mailcow-dockerized/data/assets/ssl/cert.pem;
include /etc/nginx/snippets/letsencrypt.conf; add_header Strict-Transport-Security "max-age=16070400; includeSubDomains" always;
add_header Content-Security-Policy "upgrade-inecure-requests";
if ($http_referer ~ "semalt\.com|badsite\.net|example\.com") { include /etc/nginx/snippets/letsencrypt.conf;
return 444;
}
location / { location / {
return 301 https://email.thelyoncompany.com/SOGo; return 301 https://email.thelyoncompany.com/SOGo;
@ -73,6 +93,5 @@ server {
add_header X-Content-Type-Options nosniff; add_header X-Content-Type-Options nosniff;
add_header X-XSS-Protection "1; mode=block"; add_header X-XSS-Protection "1; mode=block";
add_header Referrer-Policy "no-referrer-when-downgrade"; add_header Referrer-Policy "no-referrer-when-downgrade";
add_header Content-Security-Policy "upgrade-insecure-requests";
} }
} }

Write Preview
Loading…
Cancel
Save