modernized nginx reverse proxy example
Dieser Commit ist enthalten in:
Ursprung
cd3de1749f
Commit
7275ca8f77
2 geänderte Dateien mit 19 neuen und 14 gelöschten Zeilen
|
@ -1,5 +1,5 @@
|
||||||
!!! warning
|
!!! warning
|
||||||
Changing the binding does not affect source NAT. See [SNAT](https://mailcow.github.io/mailcow-dockerized-docs/firststeps-snat/) for required steps.
|
Changing the binding does not affect source NAT. See [SNAT](https://mailcow.github.io/mailcow-dockerized-docs/firststeps-snat/) for required steps.
|
||||||
|
|
||||||
## IPv4 binding
|
## IPv4 binding
|
||||||
|
|
||||||
|
|
|
@ -93,7 +93,7 @@ Let's Encrypt will follow our rewrite, certificate requests will work fine.
|
||||||
|
|
||||||
**Take care of highlighted lines.**
|
**Take care of highlighted lines.**
|
||||||
|
|
||||||
``` hl_lines="4 10 12 13 18 32"
|
``` hl_lines="4 10 12 13 23 37"
|
||||||
server {
|
server {
|
||||||
listen 80 default_server;
|
listen 80 default_server;
|
||||||
listen [::]:80 default_server;
|
listen [::]:80 default_server;
|
||||||
|
@ -101,14 +101,19 @@ server {
|
||||||
return 301 https://$host$request_uri;
|
return 301 https://$host$request_uri;
|
||||||
}
|
}
|
||||||
server {
|
server {
|
||||||
listen 443 ssl;
|
listen 443 ssl http2;
|
||||||
listen [::]:443 ssl;
|
listen [::]:443 ssl http2;
|
||||||
server_name CHANGE_TO_MAILCOW_HOSTNAME autodiscover.* autoconfig.*;
|
server_name CHANGE_TO_MAILCOW_HOSTNAME autodiscover.* autoconfig.*;
|
||||||
|
|
||||||
ssl_certificate MAILCOW_PATH/data/assets/ssl/cert.pem;
|
ssl_certificate MAILCOW_PATH/data/assets/ssl/cert.pem;
|
||||||
ssl_certificate_key MAILCOW_PATH/data/assets/ssl/key.pem;
|
ssl_certificate_key MAILCOW_PATH/data/assets/ssl/key.pem;
|
||||||
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
|
ssl_session_timeout 1d;
|
||||||
ssl_ciphers HIGH:!aNULL:!MD5;
|
ssl_session_cache shared:SSL:50m;
|
||||||
|
ssl_session_tickets off;
|
||||||
|
|
||||||
|
ssl_protocols TLSv1.2 TLSv1.3;
|
||||||
|
ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384;
|
||||||
|
ssl_prefer_server_ciphers off;
|
||||||
|
|
||||||
location /Microsoft-Server-ActiveSync {
|
location /Microsoft-Server-ActiveSync {
|
||||||
proxy_pass http://127.0.0.1:8080/Microsoft-Server-ActiveSync;
|
proxy_pass http://127.0.0.1:8080/Microsoft-Server-ActiveSync;
|
||||||
|
@ -125,12 +130,12 @@ server {
|
||||||
}
|
}
|
||||||
|
|
||||||
location / {
|
location / {
|
||||||
proxy_pass http://127.0.0.1:8080/;
|
proxy_pass http://127.0.0.1:8080/;
|
||||||
proxy_set_header Host $http_host;
|
proxy_set_header Host $http_host;
|
||||||
proxy_set_header X-Real-IP $remote_addr;
|
proxy_set_header X-Real-IP $remote_addr;
|
||||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||||
proxy_set_header X-Forwarded-Proto $scheme;
|
proxy_set_header X-Forwarded-Proto $scheme;
|
||||||
client_max_body_size 0;
|
client_max_body_size 0;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
```
|
```
|
||||||
|
|
Laden …
In neuem Issue referenzieren