modernized nginx reverse proxy example

Dieser Commit ist enthalten in:
Alexandre 2020-04-23 02:24:57 -04:00
Ursprung cd3de1749f
Commit 7275ca8f77
2 geänderte Dateien mit 19 neuen und 14 gelöschten Zeilen

Datei anzeigen

@ -1,5 +1,5 @@
!!! warning !!! warning
Changing the binding does not affect source NAT. See [SNAT](https://mailcow.github.io/mailcow-dockerized-docs/firststeps-snat/) for required steps. Changing the binding does not affect source NAT. See [SNAT](https://mailcow.github.io/mailcow-dockerized-docs/firststeps-snat/) for required steps.
## IPv4 binding ## IPv4 binding

Datei anzeigen

@ -93,7 +93,7 @@ Let's Encrypt will follow our rewrite, certificate requests will work fine.
**Take care of highlighted lines.** **Take care of highlighted lines.**
``` hl_lines="4 10 12 13 18 32" ``` hl_lines="4 10 12 13 23 37"
server { server {
listen 80 default_server; listen 80 default_server;
listen [::]:80 default_server; listen [::]:80 default_server;
@ -101,14 +101,19 @@ server {
return 301 https://$host$request_uri; return 301 https://$host$request_uri;
} }
server { server {
listen 443 ssl; listen 443 ssl http2;
listen [::]:443 ssl; listen [::]:443 ssl http2;
server_name CHANGE_TO_MAILCOW_HOSTNAME autodiscover.* autoconfig.*; server_name CHANGE_TO_MAILCOW_HOSTNAME autodiscover.* autoconfig.*;
ssl_certificate MAILCOW_PATH/data/assets/ssl/cert.pem; ssl_certificate MAILCOW_PATH/data/assets/ssl/cert.pem;
ssl_certificate_key MAILCOW_PATH/data/assets/ssl/key.pem; ssl_certificate_key MAILCOW_PATH/data/assets/ssl/key.pem;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2; ssl_session_timeout 1d;
ssl_ciphers HIGH:!aNULL:!MD5; ssl_session_cache shared:SSL:50m;
ssl_session_tickets off;
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384;
ssl_prefer_server_ciphers off;
location /Microsoft-Server-ActiveSync { location /Microsoft-Server-ActiveSync {
proxy_pass http://127.0.0.1:8080/Microsoft-Server-ActiveSync; proxy_pass http://127.0.0.1:8080/Microsoft-Server-ActiveSync;
@ -125,12 +130,12 @@ server {
} }
location / { location / {
proxy_pass http://127.0.0.1:8080/; proxy_pass http://127.0.0.1:8080/;
proxy_set_header Host $http_host; proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme; proxy_set_header X-Forwarded-Proto $scheme;
client_max_body_size 0; client_max_body_size 0;
} }
} }
``` ```