noah
/
dreckbude-docs-pub
1
0
Förgrening 0
Kod Ärenden 0 Pull-förfrågningar 0 Släpp 0 Wiki Aktiviteter
Du kan inte välja fler än 25 ämnen Ämnen måste starta med en bokstav eller siffra, kan innehålla bindestreck ('-') och vara max 35 tecken långa.
1 Commit
1 Gren
22 KiB
 
Träd: 75b7a85427
Grenar Taggar
${ item.name }
Skapa branchen ${ searchTerm }
från '75b7a85427'
${ noResults }
dreckbude-docs-pub/04_nginx_setup.md

3.1 KiB
Blame Historik

Nginx setup

Set up reverse proxy in mailcow

HTTP_BIND=127.0.0.1
HTTP_PORT=8080
HTTPS_BIND=127.0.0.1
HTTPS_PORT=8443

./generate_config.sh
cp mailcow.conf_backup mailcow.conf
docker-compose up -d

docker run --name tmp-nginx-container -d nginx
docker cp tmp-nginx-container:/etc/nginx /opt/nginx/
docker rm -f tmp-nginx-container
  • vim /opt/nginx/nginx/conf.d/mailcow.conf
server {
  listen 80 default_server;
  listen [::]:80 default_server;
  server_name srv01.dreckbu.de autodiscover.* autoconfig.*;
  return 301 https://$host$request_uri;
}
server {
  listen 443;
  listen [::]:443;
  server_name srv01.dreckbu.de autodiscover.* autoconfig.*;

  ssl on;
  ssl_certificate /var/ssl/cert.pem;
  ssl_certificate_key /var/ssl/key.pem;
  ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
  ssl_ciphers HIGH:!aNULL:!MD5;

  location /Microsoft-Server-ActiveSync {
    proxy_pass http://nginx-mailcow:8080/Microsoft-Server-ActiveSync;
    proxy_set_header Host $http_host;
    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header X-Forwarded-Proto $scheme;
    proxy_connect_timeout 75;
    proxy_send_timeout 3650;
    proxy_read_timeout 3650;
    proxy_buffers 64 256k;
    client_body_buffer_size 512k;
    client_max_body_size 0;
  }

  location / {
      proxy_pass http://nginx-mailcow:8080/;
      proxy_set_header Host $http_host;
      proxy_set_header X-Real-IP $remote_addr;
      proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
      proxy_set_header X-Forwarded-Proto $scheme;
      client_max_body_size 0;
  }
}

set up main host for serving static html pages

  • vim /opt/nginx/nginx/conf.d/main.conf
# HTTP
server {
    listen 80;
    listen [::]:80;
    server_name dreckbu.de www.dreckbu.de;
    # enforce https
    return 301 https://$server_name$request_uri;
}

# HTTPS
server {
    listen 443;
    listen [::]:443;
    server_name dreckbu.de www.dreckbu.de;

    ssl on;
    ssl_certificate /var/ssl/cert.pem;
    ssl_certificate_key /var/ssl/key.pem;
    ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
    ssl_ciphers HIGH:!aNULL:!MD5;

    index index.php index.html index.htm;

    location / {
        root /var/www;
    }
}

test the reverse proxy

  • docker run --name nginx-reverse-proxy -p 80:80 -p 443:443 --network mailcowdockerized_mailcow-network -v /opt/nginx/nginx:/etc/nginx:ro -v /opt/mailcow-dockerized/data/assets/ssl:/var/ssl -v /opt/nginx/www:/var/www -d nginx

  • vim /opt/nginx/docker-compose.yml

version: "2"
networks:
  mailcowdockerized_mailcow-network:
    external: true
services:
  nginx-reverse-proxy:
    image: nginx
    volumes:
      - /opt/nginx/nginx:/etc/nginx:ro
      - /opt/mailcow-dockerized/data/assets/ssl:/var/ssl
      - /opt/nginx/www:/var/www
    ports:
      - "80:80"
      - "443:443"
    restart: always
    networks:
      - mailcowdockerized_mailcow-network