Inital Commit
This commit is contained in:
root
146
sites-available/email.conf
Normal file
146
sites-available/email.conf
Normal file
@@ -0,0 +1,146 @@
|
||||
add_header X-Robots-Tag "noindex, nofollow, nosnippet, noarchive";
|
||||
|
||||
proxy_cache_path /tmp/email/ levels=1:2 keys_zone=my_cache_email:10m max_size=10g
|
||||
inactive=60m use_temp_path=off;
|
||||
|
||||
|
||||
server{
|
||||
listen 80;
|
||||
server_name email.egonetix.de autodiscover.egonetix.de mail.egonetix.de;
|
||||
return 301 https://$server_name/webapp$request_uri;
|
||||
|
||||
}
|
||||
|
||||
server {
|
||||
listen 10.0.0.29:443 ssl http2;
|
||||
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
|
||||
|
||||
# SSL config
|
||||
ssl on;
|
||||
ssl_certificate /etc/letsencrypt/live/email.egonetix.de/fullchain.pem;
|
||||
ssl_certificate_key /etc/letsencrypt/live/email.egonetix.de/privkey.pem;
|
||||
ssl_dhparam /etc/ssl/certs/dhparam.pem;
|
||||
|
||||
# Make site accessible from http://localhost/
|
||||
server_name email.egonetix.de autodiscover.egonetix.de mail.egonetix.de;
|
||||
|
||||
access_log /var/log/nginx/email-access_log;
|
||||
error_log /var/log/nginx/email-error_log;
|
||||
|
||||
|
||||
set $upstream 10.0.0.23;
|
||||
|
||||
rewrite ^/$ /egroupware;
|
||||
|
||||
location /egroupware {
|
||||
|
||||
proxy_cache my_cache_email;
|
||||
proxy_cache_revalidate on;
|
||||
proxy_cache_min_uses 3;
|
||||
proxy_cache_use_stale error timeout updating http_500 http_502 http_503 http_504;
|
||||
proxy_cache_lock on;
|
||||
proxy_pass_header Authorization;
|
||||
proxy_pass https://$upstream;
|
||||
proxy_set_header Host $host;
|
||||
proxy_set_header X-Real-IP $remote_addr;
|
||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||
proxy_http_version 1.1;
|
||||
proxy_set_header Connection "";
|
||||
proxy_buffering off;
|
||||
client_max_body_size 0;
|
||||
proxy_read_timeout 36000s;
|
||||
proxy_redirect off;
|
||||
proxy_ssl_session_reuse off;
|
||||
}
|
||||
location /Microsoft-Server-ActiveSync {
|
||||
proxy_cache my_cache_email;
|
||||
proxy_cache_revalidate on;
|
||||
proxy_cache_min_uses 3;
|
||||
proxy_cache_use_stale error timeout updating http_500 http_502 http_503 http_504;
|
||||
proxy_cache_lock on;
|
||||
proxy_pass_header Authorization;
|
||||
proxy_pass https://$upstream;
|
||||
proxy_set_header Host $host;
|
||||
proxy_set_header X-Real-IP $remote_addr;
|
||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||
proxy_http_version 1.1;
|
||||
proxy_set_header Connection "";
|
||||
proxy_buffering off;
|
||||
client_max_body_size 0;
|
||||
proxy_read_timeout 36000s;
|
||||
proxy_redirect off;
|
||||
proxy_ssl_session_reuse off;
|
||||
|
||||
}
|
||||
|
||||
location ~* /Autodiscover/Autodiscover.xml {
|
||||
access_log /var/log/nginx/z-push-autodiscover-access.log;
|
||||
error_log /var/log/nginx/z-push-autodiscover-error.log;
|
||||
fastcgi_param SCRIPT_FILENAME /usr/share/z-push/autodiscover/autodiscover.php;
|
||||
fastcgi_param HTTP_PROXY ""; # Mitigate https://httpoxy.org/ vulnerabilities
|
||||
fastcgi_read_timeout 3660; # Z-Push Ping might run 3600s, but to be safe
|
||||
fastcgi_pass unix:/var/run/php-fpm/php-fpm.sock;
|
||||
include fastcgi_params;
|
||||
proxy_cache my_cache_email;
|
||||
proxy_cache_revalidate on;
|
||||
proxy_cache_min_uses 3;
|
||||
proxy_cache_use_stale error timeout updating http_500 http_502 http_503 http_504;
|
||||
proxy_cache_lock on;
|
||||
proxy_pass_header Authorization;
|
||||
proxy_pass https://$upstream;
|
||||
proxy_set_header Host $host;
|
||||
proxy_set_header X-Real-IP $remote_addr;
|
||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||
proxy_http_version 1.1;
|
||||
proxy_set_header Connection "";
|
||||
proxy_buffering off;
|
||||
client_max_body_size 0;
|
||||
proxy_read_timeout 36000s;
|
||||
proxy_redirect off;
|
||||
proxy_ssl_session_reuse off;
|
||||
}
|
||||
|
||||
location /email {
|
||||
proxy_cache my_cache_email;
|
||||
proxy_cache_revalidate on;
|
||||
proxy_cache_min_uses 3;
|
||||
proxy_cache_use_stale error timeout updating http_500 http_502 http_503 http_504;
|
||||
proxy_cache_lock on;
|
||||
proxy_pass_header Authorization;
|
||||
proxy_pass https://$upstream;
|
||||
proxy_set_header Host $host;
|
||||
proxy_set_header X-Real-IP $remote_addr;
|
||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||
proxy_http_version 1.1;
|
||||
proxy_set_header Connection "";
|
||||
proxy_buffering off;
|
||||
client_max_body_size 0;
|
||||
proxy_read_timeout 36000s;
|
||||
proxy_redirect off;
|
||||
proxy_ssl_session_reuse off;
|
||||
|
||||
}
|
||||
|
||||
location /caldav {
|
||||
proxy_cache my_cache_email;
|
||||
proxy_cache_revalidate on;
|
||||
proxy_cache_min_uses 3;
|
||||
proxy_cache_use_stale error timeout updating http_500 http_502 http_503 http_504;
|
||||
proxy_cache_lock on;
|
||||
proxy_pass_header Authorization;
|
||||
proxy_pass http://$upstream:8080;
|
||||
proxy_set_header Host $host;
|
||||
proxy_set_header X-Real-IP $remote_addr;
|
||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||
proxy_http_version 1.1;
|
||||
proxy_set_header Connection "";
|
||||
proxy_buffering off;
|
||||
client_max_body_size 0;
|
||||
proxy_read_timeout 36000s;
|
||||
proxy_redirect off;
|
||||
proxy_ssl_session_reuse off;
|
||||
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user