modernized nginx reverse proxy example
Dieser Commit ist enthalten in:
Ursprung
cd3de1749f
Commit
7275ca8f77
2 geänderte Dateien mit 19 neuen und 14 gelöschten Zeilen
|
@ -1,4 +1,4 @@
|
|||
!!! warning
|
||||
!!! warning
|
||||
Changing the binding does not affect source NAT. See [SNAT](https://mailcow.github.io/mailcow-dockerized-docs/firststeps-snat/) for required steps.
|
||||
|
||||
## IPv4 binding
|
||||
|
|
|
@ -93,7 +93,7 @@ Let's Encrypt will follow our rewrite, certificate requests will work fine.
|
|||
|
||||
**Take care of highlighted lines.**
|
||||
|
||||
``` hl_lines="4 10 12 13 18 32"
|
||||
``` hl_lines="4 10 12 13 23 37"
|
||||
server {
|
||||
listen 80 default_server;
|
||||
listen [::]:80 default_server;
|
||||
|
@ -101,14 +101,19 @@ server {
|
|||
return 301 https://$host$request_uri;
|
||||
}
|
||||
server {
|
||||
listen 443 ssl;
|
||||
listen [::]:443 ssl;
|
||||
listen 443 ssl http2;
|
||||
listen [::]:443 ssl http2;
|
||||
server_name CHANGE_TO_MAILCOW_HOSTNAME autodiscover.* autoconfig.*;
|
||||
|
||||
ssl_certificate MAILCOW_PATH/data/assets/ssl/cert.pem;
|
||||
ssl_certificate_key MAILCOW_PATH/data/assets/ssl/key.pem;
|
||||
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
|
||||
ssl_ciphers HIGH:!aNULL:!MD5;
|
||||
ssl_session_timeout 1d;
|
||||
ssl_session_cache shared:SSL:50m;
|
||||
ssl_session_tickets off;
|
||||
|
||||
ssl_protocols TLSv1.2 TLSv1.3;
|
||||
ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384;
|
||||
ssl_prefer_server_ciphers off;
|
||||
|
||||
location /Microsoft-Server-ActiveSync {
|
||||
proxy_pass http://127.0.0.1:8080/Microsoft-Server-ActiveSync;
|
||||
|
|
Laden …
In neuem Issue referenzieren