server {
  listen 443 ssl http2;
  listen [::]:443 ssl http2;
  server_name email.* autodiscover.* autoconfig.*;

  ssl_certificate /opt/mailcow-dockerized/data/assets/ssl/cert.pem;
  ssl_certificate_key /opt/mailcow-dockerized/data/assets/ssl/key.pem;
  ssl_dhparam /opt/mailcow-dockerized/data/assets/ssl/dhparams.pem;

  include /etc/nginx/snippets/ssl.conf;
  ssl_trusted_certificate /opt/mailcow-dockerized/data/assets/ssl/chain.pem;
  
  include /etc/nginx/snippets/mailcow-headers.conf;
  include /etc/nginx/snippets/letsencrypt.conf;

  location /Microsoft-Server-ActiveSync {
    proxy_pass http://127.0.0.1:8080/Microsoft-Server-ActiveSync;
    proxy_set_header Host $http_host;
    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header X-Forwarded-Proto $scheme;
    proxy_connect_timeout 75;
    proxy_send_timeout 3650;
    proxy_read_timeout 3650;
    proxy_buffers 64 256k;
    client_body_buffer_size 512k;
    client_max_body_size 0;
  }

  location / {
    proxy_pass http://127.0.0.1:8080/;
    proxy_set_header Host $http_host;
    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header X-Forwarded-Proto $scheme;
    client_max_body_size 0;
  }
  
  location /minio/ {
    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header X-Forwarded-Proto $scheme;
    proxy_set_header Host $http_host;
    proxy_connect_timeout 300;
    proxy_http_version 1.1;
    proxy_set_header Connection "";
    chunked_transfer_encoding off;
    proxy_pass http://localhost:9443;
  }
}

server {
  listen 443 ssl http2;
  listen [::]:443 ssl http2;
  server_name webmail.thelyoncompany.com;

  ssl_certificate /opt/mailcow-dockerized/data/assets/ssl/cert.pem;
  ssl_certificate_key /opt/mailcow-dockerized/data/assets/ssl/key.pem;
  ssl_dhparam /opt/mailcow-dockerized/data/assets/ssl/dhparams.pem;

  include /etc/nginx/snippets/ssl.conf;
  ssl_trusted_certificate /opt/mailcow-dockerized/data/assets/ssl/cert.pem;
 
  include /etc/nginx/snippets/letsencrypt.conf;

  if ($http_referer ~ "semalt\.com|badsite\.net|example\.com")  {
    return 444;
  }

  location / {
    return 301 https://email.thelyoncompany.com/SOGo;
    add_header Strict-Transport-Security "max-age=31536000";
    add_header X-Content-Type-Options nosniff;
    add_header X-XSS-Protection "1; mode=block";
    add_header Referrer-Policy "no-referrer-when-downgrade";
    add_header Content-Security-Policy "upgrade-insecure-requests";
  }
}