# Nginx setup
* https://hub.docker.com/_/nginx

## Set up reverse proxy in mailcow
* https://mailcow.github.io/mailcow-dockerized-docs/firststeps-rp/
* `vim /opt/mailcow-dockerized/mailcow.conf`
```
HTTP_BIND=127.0.0.1
HTTP_PORT=8080
HTTPS_BIND=127.0.0.1
HTTPS_PORT=8443
```

```bash
./generate_config.sh
cp mailcow.conf_backup mailcow.conf
docker-compose up -d
```

```
docker run --name tmp-nginx-container -d nginx
docker cp tmp-nginx-container:/etc/nginx /opt/nginx/
docker rm -f tmp-nginx-container
```

* `vim /opt/nginx/nginx/conf.d/mailcow.conf`
```
server {
  listen 80 default_server;
  listen [::]:80 default_server;
  server_name srv01.dreckbu.de autodiscover.* autoconfig.*;
  return 301 https://$host$request_uri;
}
server {
  listen 443;
  listen [::]:443;
  server_name srv01.dreckbu.de autodiscover.* autoconfig.*;

  ssl on;
  ssl_certificate /var/ssl/cert.pem;
  ssl_certificate_key /var/ssl/key.pem;
  ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
  ssl_ciphers HIGH:!aNULL:!MD5;

  location /Microsoft-Server-ActiveSync {
    proxy_pass http://nginx-mailcow:8080/Microsoft-Server-ActiveSync;
    proxy_set_header Host $http_host;
    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header X-Forwarded-Proto $scheme;
    proxy_connect_timeout 75;
    proxy_send_timeout 3650;
    proxy_read_timeout 3650;
    proxy_buffers 64 256k;
    client_body_buffer_size 512k;
    client_max_body_size 0;
  }

  location / {
      proxy_pass http://nginx-mailcow:8080/;
      proxy_set_header Host $http_host;
      proxy_set_header X-Real-IP $remote_addr;
      proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
      proxy_set_header X-Forwarded-Proto $scheme;
      client_max_body_size 0;
  }
}
```

## set up main host for serving static html pages

* `vim /opt/nginx/nginx/conf.d/main.conf`
```
# HTTP
server {
    listen 80;
    listen [::]:80;
    server_name dreckbu.de www.dreckbu.de;
    # enforce https
    return 301 https://$server_name$request_uri;
}

# HTTPS
server {
    listen 443;
    listen [::]:443;
    server_name dreckbu.de www.dreckbu.de;

    ssl on;
    ssl_certificate /var/ssl/cert.pem;
    ssl_certificate_key /var/ssl/key.pem;
    ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
    ssl_ciphers HIGH:!aNULL:!MD5;

    index index.php index.html index.htm;

    location / {
        root /var/www;
    }
}
```

## test the reverse proxy 

* `docker run --name nginx-reverse-proxy -p 80:80 -p 443:443 --network mailcowdockerized_mailcow-network -v /opt/nginx/nginx:/etc/nginx:ro -v /opt/mailcow-dockerized/data/assets/ssl:/var/ssl -v /opt/nginx/www:/var/www -d nginx`

* `vim /opt/nginx/docker-compose.yml`
```
version: "2"
networks:
  mailcowdockerized_mailcow-network:
    external: true
services:
  nginx-reverse-proxy:
    image: nginx
    volumes:
      - /opt/nginx/nginx:/etc/nginx:ro
      - /opt/mailcow-dockerized/data/assets/ssl:/var/ssl
      - /opt/nginx/www:/var/www
    ports:
      - "80:80"
      - "443:443"
    restart: always
    networks:
      - mailcowdockerized_mailcow-network
```

* https://stackoverflow.com/questions/38088279/communication-between-multiple-docker-compose-projects