Page MenuHomekolab.org
Differential D3845 Diff 11186 docker/proxy/rootfs/etc/nginx/nginx.conf

Changeset View

Standalone View

View Options

docker/proxy/rootfs/etc/nginx/nginx.conf

Show First 20 LinesShow All 49 Lines▼ Show 20 Line(s)
server_name APP_WEBSITE_DOMAIN; server_name APP_WEBSITE_DOMAIN;
root /usr/share/nginx/html; root /usr/share/nginx/html;
# Load configuration files for the default server block. # Load configuration files for the default server block.
include /etc/nginx/default.d/*.conf; include /etc/nginx/default.d/*.conf;
location / { location / {
proxy_pass http://127.0.0.1:8000; proxy_pass http://webapp:8000;
proxy_redirect off; proxy_redirect off;
proxy_set_header Host $host; proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Host $host; proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Proto $scheme; proxy_set_header X-Forwarded-Proto $scheme;
proxy_no_cache 1; proxy_no_cache 1;
proxy_cache_bypass 1; proxy_cache_bypass 1;
# Mostly for files, swoole has a 10MB limit # Mostly for files, swoole has a 10MB limit
client_max_body_size 11m; client_max_body_size 11m;
} }
location /meetmedia { location /meetmedia {
proxy_pass https://127.0.0.1:12443; proxy_pass https://meet:12443;
proxy_http_version 1.1; proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade; proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $connection_upgrade; proxy_set_header Connection $connection_upgrade;
proxy_set_header Host $host; proxy_set_header Host $host;
} }
location /meetmedia/api { location /meetmedia/api {
proxy_pass https://127.0.0.1:12443; proxy_pass https://meet:12443;
proxy_redirect off; proxy_redirect off;
proxy_set_header Host $host; proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Host $host; proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Proto $scheme; proxy_set_header X-Forwarded-Proto $scheme;
proxy_no_cache 1; proxy_no_cache 1;
proxy_cache_bypass 1; proxy_cache_bypass 1;
} }
location /roundcubemail { location /roundcubemail {
proxy_pass http://127.0.0.1:9080; proxy_pass http://kolab:9080;
proxy_redirect off; proxy_redirect off;
proxy_set_header Host $host; proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Host $host; proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Proto $scheme; proxy_set_header X-Forwarded-Proto $scheme;
proxy_no_cache 1; proxy_no_cache 1;
proxy_cache_bypass 1; proxy_cache_bypass 1;
} }
location /kolab-webadmin { location /kolab-webadmin {
proxy_pass http://127.0.0.1:9080; proxy_pass http://kolab:9080;
proxy_redirect off; proxy_redirect off;
proxy_set_header Host $host; proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Host $host; proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Proto $scheme; proxy_set_header X-Forwarded-Proto $scheme;
proxy_no_cache 1; proxy_no_cache 1;
proxy_cache_bypass 1; proxy_cache_bypass 1;
} }
location /Microsoft-Server-ActiveSync { location /Microsoft-Server-ActiveSync {
auth_request /auth; auth_request /auth;
#auth_request_set $auth_status $upstream_status; #auth_request_set $auth_status $upstream_status;
proxy_pass http://127.0.0.1:9080; proxy_pass http://kolab:9080;
proxy_set_header Host $host; proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_send_timeout 910s; proxy_send_timeout 910s;
proxy_read_timeout 910s; proxy_read_timeout 910s;
fastcgi_send_timeout 910s; fastcgi_send_timeout 910s;
fastcgi_read_timeout 910s; fastcgi_read_timeout 910s;
} }
location ~* ^/\\.well-known/(caldav|carddav) { location ~* ^/\\.well-known/(caldav|carddav) {
proxy_pass http://127.0.0.1:9080; proxy_pass http://kolab:9080;
proxy_set_header Host $host; proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
} }
location /iRony { location /iRony {
auth_request /auth; auth_request /auth;
#auth_request_set $auth_status $upstream_status; #auth_request_set $auth_status $upstream_status;
proxy_pass http://127.0.0.1:9080; proxy_pass http://kolab:9080;
proxy_set_header Host $host; proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
} }
location = /auth { location = /auth {
internal; internal;
proxy_pass http://127.0.0.1:8000/api/webhooks/nginx-httpauth; proxy_pass http://webapp:8000/api/webhooks/nginx-httpauth;
proxy_pass_request_body off; proxy_pass_request_body off;
proxy_set_header Host services.APP_WEBSITE_DOMAIN; proxy_set_header Host services.APP_WEBSITE_DOMAIN;
proxy_set_header Content-Length ""; proxy_set_header Content-Length "";
proxy_set_header X-Original-URI $request_uri; proxy_set_header X-Original-URI $request_uri;
proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme; proxy_set_header X-Forwarded-Proto $scheme;
} }
error_page 404 /404.html; error_page 404 /404.html;
location = /40x.html { location = /40x.html {
} }
error_page 500 502 503 504 /50x.html; error_page 500 502 503 504 /50x.html;
location = /50x.html { location = /50x.html {
} }
} }
} }
mail { mail {
server_name imap.hosted.com; server_name imap.hosted.com;
auth_http 127.0.0.1:8000/api/webhooks/nginx; auth_http webapp:8000/api/webhooks/nginx;
auth_http_header Host services.APP_WEBSITE_DOMAIN; auth_http_header Host services.APP_WEBSITE_DOMAIN;
proxy_pass_error_message on; proxy_pass_error_message on;
server { server {
listen 143; listen 143;
protocol imap; protocol imap;
proxy on; proxy on;
starttls on; starttls on;
ssl_certificate SSL_CERTIFICATE_CERT; ssl_certificate SSL_CERTIFICATE_CERT;
ssl_certificate_key SSL_CERTIFICATE_KEY; ssl_certificate_key SSL_CERTIFICATE_KEY;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2; ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers HIGH:!aNULL:!MD5; ssl_ciphers HIGH:!aNULL:!MD5;
} }
# Roundcube specific imap endpoint with proxy-protocol enabled # Roundcube specific imap endpoint with proxy-protocol enabled
server { server {
listen 144 proxy_protocol; listen 144 proxy_protocol;
protocol imap; protocol imap;
auth_http 127.0.0.1:8000/api/webhooks/nginx-roundcube; auth_http webapp:8000/api/webhooks/nginx-roundcube;
proxy on; proxy on;
starttls on; starttls on;
ssl_certificate SSL_CERTIFICATE_CERT; ssl_certificate SSL_CERTIFICATE_CERT;
ssl_certificate_key SSL_CERTIFICATE_KEY; ssl_certificate_key SSL_CERTIFICATE_KEY;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2; ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
▲ Show 20 LinesShow All 43 LinesShow Last 20 Lines