1
0
mirror of https://github.com/Mailu/Mailu.git synced 2024-12-14 10:53:30 +02:00

Deprecate nginx as a Web frontend

This commit is contained in:
kaiyou 2017-09-17 14:15:12 +02:00
parent a880bc908e
commit 0223999a04
9 changed files with 0 additions and 305 deletions

View File

@ -1,9 +0,0 @@
FROM nginx:alpine
RUN apk add --no-cache nginx-mod-http-lua
COPY nginx.conf.default /etc/nginx/nginx.conf.default
COPY start.sh /start.sh
CMD ["/start.sh"]

View File

@ -1,14 +0,0 @@
Mailu NGINX container
=====================
NGINX is a popular and highly efficient webserver and reverse proxy server
commonly used to power high performance websites. In the Mailu stack it is
used as the HTTP frontend tunneling requests to the public web services
provided by other containers.
Resources
---------
* [Report issues](https://github.com/Mailu/Mailu/issues) and
[send Pull Requests](https://github.com/Mailu/Mailu/pulls)
in the [main Mailu repository](https://github.com/Mailu/Mailu)

View File

@ -1,83 +0,0 @@
# Basic configuration
user nginx;
worker_processes 1;
error_log /dev/stderr info;
pid /var/run/nginx.pid;
include /etc/nginx/modules/devel_kit.conf;
include /etc/nginx/modules/http_lua.conf;
events {
worker_connections 1024;
}
# Environment variables used in the configuration
env WEBMAIL;
env WEBDAV;
env EXPOSE_ADMIN;
http {
# Standard HTTP configuration with slight hardening
include /etc/nginx/mime.types;
default_type application/octet-stream;
access_log /dev/stdout;
sendfile on;
keepalive_timeout 65;
server_tokens off;
client_max_body_size 25m;
server {
listen 80;
listen [::]:80;
# Load Lua variables
set_by_lua $webmail 'return os.getenv("WEBMAIL")';
set_by_lua $webdav 'return os.getenv("WEBDAV")';
set_by_lua $expose_admin 'return os.getenv("EXPOSE_ADMIN")';
# Actual logic
location / {
if ($webmail != none) {
return 301 $scheme://$host/webmail/;
}
if ($webmail = none) {
return 403;
}
}
location /webmail {
if ($webmail != none) {
proxy_pass http://webmail;
}
if ($webmail = none) {
return 403;
}
}
location /admin {
if ($expose_admin = yes) {
proxy_pass http://admin;
}
if ($expose_admin != yes) {
return 403;
}
}
location /webdav {
if ($webdav != none) {
proxy_pass http://webdav:5232;
}
if ($webdav = none) {
return 403;
}
}
location /.well-known/acme-challenge {
proxy_pass http://admin:8081;
}
}
}

View File

@ -1,5 +0,0 @@
#!/bin/sh
cp /etc/nginx/nginx.conf.default /etc/nginx/nginx.conf
nginx -g 'daemon off;'

View File

@ -1,10 +0,0 @@
FROM nginx:alpine
RUN apk add --no-cache nginx-mod-http-lua openssl
COPY nginx.conf.default /etc/nginx/nginx.conf.default
COPY nginx.conf.fallback /etc/nginx/nginx.conf.fallback
COPY start.sh /start.sh
CMD ["/start.sh"]

View File

@ -1,14 +0,0 @@
Mailu NGINX container
=====================
NGINX is a popular and highly efficient webserver and reverse proxy server
commonly used to power high performance websites. In the Mailu stack it is
used as the HTTP frontend tunneling requests to the public web services
provided by other containers.
Resources
---------
* [Report issues](https://github.com/Mailu/Mailu/issues) and
[send Pull Requests](https://github.com/Mailu/Mailu/pulls)
in the [main Mailu repository](https://github.com/Mailu/Mailu)

View File

@ -1,105 +0,0 @@
# Basic configuration
user nginx;
worker_processes 1;
error_log /dev/stderr info;
pid /var/run/nginx.pid;
include /etc/nginx/modules/devel_kit.conf;
include /etc/nginx/modules/http_lua.conf;
events {
worker_connections 1024;
}
# Environment variables used in the configuration
env WEBMAIL;
env WEBDAV;
env EXPOSE_ADMIN;
http {
# Standard HTTP configuration with slight hardening
include /etc/nginx/mime.types;
default_type application/octet-stream;
access_log /dev/stdout;
sendfile on;
keepalive_timeout 65;
server_tokens off;
client_max_body_size 25m;
server {
listen 80;
listen [::]:80;
location /.well-known/acme-challenge {
proxy_pass http://admin:8081;
}
location / {
return 301 https://$host$request_uri;
}
}
server {
listen 443 ssl;
listen [::]:443 ssl;
# TLS configuration hardened according to:
# https://bettercrypto.org/static/applied-crypto-hardening.pdf
ssl_protocols TLSv1.1 TLSv1.2;
ssl_ciphers 'EDH+CAMELLIA:EDH+aRSA:EECDH+aRSA+AESGCM:EECDH+aRSA+SHA256:EECDH:+CAMELLIA128:+AES128:+SSLv3:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!DSS:!RC4:!SEED:!IDEA:!ECDSA:kEDH:CAMELLIA128-SHA:AES128-SHA';
ssl_prefer_server_ciphers on;
ssl_session_timeout 5m;
ssl_session_cache shared:SSL:50m;
ssl_certificate /certs/cert.pem;
ssl_certificate_key /certs/key.pem;
ssl_dhparam /etc/nginx/dhparam.pem;
add_header Strict-Transport-Security max-age=15768000;
# Load Lua variables
set_by_lua $webmail 'return os.getenv("WEBMAIL")';
set_by_lua $webdav 'return os.getenv("WEBDAV")';
set_by_lua $expose_admin 'return os.getenv("EXPOSE_ADMIN")';
# Actual logic
location / {
if ($webmail != none) {
return 301 $scheme://$host/webmail/;
}
if ($webmail = none) {
return 403;
}
}
location /webmail {
if ($webmail != none) {
proxy_pass http://webmail;
}
if ($webmail = none) {
return 403;
}
}
location /admin {
if ($expose_admin = yes) {
proxy_pass http://admin;
}
if ($expose_admin != yes) {
return 403;
}
}
location /webdav {
if ($webdav != none) {
proxy_pass http://webdav:5232;
}
if ($webdav = none) {
return 403;
}
}
}
}

View File

@ -1,50 +0,0 @@
# Basic configuration
user nginx;
worker_processes 1;
error_log /dev/stderr info;
pid /var/run/nginx.pid;
include /etc/nginx/modules/devel_kit.conf;
include /etc/nginx/modules/http_lua.conf;
events {
worker_connections 1024;
}
http {
# Standard HTTP configuration with slight hardening
include /etc/nginx/mime.types;
default_type application/octet-stream;
access_log /dev/stdout;
sendfile on;
keepalive_timeout 65;
server_tokens off;
client_max_body_size 25m;
server {
listen 80;
listen 443 ssl;
listen [::]:80;
listen [::]:443 ssl;
# TLS configuration hardened according to:
# https://bettercrypto.org/static/applied-crypto-hardening.pdf
ssl_protocols TLSv1.1 TLSv1.2;
ssl_ciphers 'EDH+CAMELLIA:EDH+aRSA:EECDH+aRSA+AESGCM:EECDH+aRSA+SHA256:EECDH:+CAMELLIA128:+AES128:+SSLv3:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!DSS:!RC4:!SEED:!IDEA:!ECDSA:kEDH:CAMELLIA128-SHA:AES128-SHA';
ssl_prefer_server_ciphers on;
ssl_session_timeout 5m;
ssl_session_cache shared:SSL:50m;
ssl_certificate /tmp/snakeoil.pem;
ssl_certificate_key /tmp/snakeoil.pem;
ssl_dhparam /etc/nginx/dhparam.pem;
add_header Strict-Transport-Security max-age=15768000;
if ($scheme = http) {
return 301 https://$host$request_uri;
}
location /.well-known/acme-challenge {
proxy_pass http://admin:8081;
}
}
}

View File

@ -1,15 +0,0 @@
#!/bin/sh
if [ -z $ENABLE_CERTBOT ] || [ -f /certs/cert.pem ]
then
cp /etc/nginx/nginx.conf.default /etc/nginx/nginx.conf
else
openssl req -newkey rsa:2048 -x509 -keyout /tmp/snakeoil.pem -out /tmp/snakeoil.pem -days 365 -nodes -subj "/C=NA/ST=None/L=None/O=None/CN=$DOMAIN"
cp /etc/nginx/nginx.conf.fallback /etc/nginx/nginx.conf
fi
if [ ! -r /etc/nginx/dhparam.pem ]; then
openssl dhparam -out /etc/nginx/dhparam.pem $NGINX_SSL_DHPARAM_BITS
fi
nginx -g 'daemon off;'