mirror of
https://github.com/Mailu/Mailu.git
synced 2025-01-16 02:46:44 +02:00
Prepare nginx as a unique frontend
This commit is contained in:
kaiyou
parent
995147f444
commit
755d9f0520
@ -1,9 +1,8 @@
|
||||
FROM alpine:edge
|
||||
|
||||
RUN echo "@testing http://nl.alpinelinux.org/alpine/edge/testing" >> /etc/apk/repositories \
|
||||
&& apk add --no-cache nginx nginx-mod-mail py-setuptools jinja2-cli@testing
|
||||
RUN apk add --no-cache nginx nginx-mod-mail python py-jinja2
|
||||
|
||||
COPY conf /conf
|
||||
COPY start.sh /start.sh
|
||||
COPY start.py /start.py
|
||||
|
||||
CMD /start.sh
|
||||
CMD /start.py
|
||||
|
||||
@ -1,6 +1,6 @@
|
||||
# Basic configuration
|
||||
user nginx;
|
||||
worker_processes 1;
|
||||
worker_processes 4;
|
||||
error_log /dev/stderr info;
|
||||
pid /var/run/nginx.pid;
|
||||
load_module "modules/ngx_mail_module.so";
|
||||
@ -21,7 +21,26 @@ http {
|
||||
server {
|
||||
listen 80;
|
||||
|
||||
{% if TLS_FLAVOR != 'notls' %}
|
||||
listen 443 ssl;
|
||||
|
||||
ssl_protocols TLSv1.1 TLSv1.2;
|
||||
ssl_ciphers 'EDH+CAMELLIA:EDH+aRSA:EECDH+aRSA+AESGCM:EECDH+aRSA+SHA256:EECDH:+CAMELLIA128:+AES128:+SSLv3:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!DSS:!RC4:!SEED:!IDEA:!ECDSA:kEDH:CAMELLIA128-SHA:AES128-SHA';
|
||||
ssl_prefer_server_ciphers on;
|
||||
ssl_session_timeout 5m;
|
||||
ssl_session_cache shared:SSL:50m;
|
||||
ssl_certificate /certs/cert.pem;
|
||||
ssl_certificate_key /certs/key.pem;
|
||||
|
||||
add_header Strict-Transport-Security max-age=15768000;
|
||||
|
||||
if ($scheme = http) {
|
||||
return 301 https://$host$request_uri;
|
||||
}
|
||||
{% endif %}
|
||||
|
||||
# Actual logic
|
||||
{% if WEBMAIL != 'none' %}
|
||||
location / {
|
||||
return 301 $scheme://$host/webmail/;
|
||||
}
|
||||
@ -29,20 +48,25 @@ http {
|
||||
location /webmail {
|
||||
proxy_pass http://webmail;
|
||||
}
|
||||
{% endif %}
|
||||
|
||||
{% if ADMIN == 'true' %}
|
||||
location /admin {
|
||||
proxy_pass http://admin;
|
||||
}
|
||||
{% endif %}
|
||||
|
||||
{% if WEBDAV != 'none' %}
|
||||
location /webdav {
|
||||
proxy_pass http://webdav:5232;
|
||||
}
|
||||
{% endif %}
|
||||
}
|
||||
}
|
||||
|
||||
mail {
|
||||
server_name test.mailu.io;
|
||||
auth_http http://172.18.0.1:5000/nginx;
|
||||
server_name {{ HOSTNAME }};
|
||||
auth_http http://{{ ADMIN_ADDRESS }}/nginx;
|
||||
proxy_pass_error_message on;
|
||||
|
||||
server {
|
||||
@ -56,6 +80,4 @@ mail {
|
||||
protocol imap;
|
||||
imap_auth plain;
|
||||
}
|
||||
|
||||
|
||||
}
|
||||
|
||||
12
nginx/start.py
Executable file
12
nginx/start.py
Executable file
@ -0,0 +1,12 @@
|
||||
#!/usr/bin/python
|
||||
|
||||
import jinja2
|
||||
import os
|
||||
import socket
|
||||
|
||||
convert = lambda src, dst: open(dst, "w").write(jinja2.Template(open(src).read()).render(**os.environ))
|
||||
|
||||
# Actual startup script
|
||||
os.environ["ADMIN_ADDRESS"] = socket.gethostbyname("admin")
|
||||
convert("/conf/nginx.conf", "/etc/nginx/nginx.conf")
|
||||
os.execv("/usr/sbin/nginx", ["nginx", "-g", "daemon off;"])
|
||||
@ -1,5 +0,0 @@
|
||||
#!/bin/sh
|
||||
|
||||
jinja2 /conf/nginx.conf > /etc/nginx/nginx.conf
|
||||
|
||||
exec nginx -g 'daemon off;'
|
||||
Loading…
Reference in New Issue
Block a user