1
0
mirror of https://github.com/mailcow/mailcow-dockerized.git synced 2024-12-14 10:52:49 +02:00
Commit Graph

89 Commits

Author SHA1 Message Date
Marcel Hofer
dd6d253ac0 add random masterpass for sogo admin login
add required headers for sogo proxy auth with password
add SOGoEncryptionKey
add SOGoTrustProxyAuthentication only conditionally if feature is enabled
2019-02-26 09:02:35 +01:00
andryyy
57312ad605
[Compose] Add ALLOW_ADMIN_EMAIL_LOGIN to sogo-mailcow to trigger bootstrap on change
[Compose] Static IPv4 for Dovecot
[SOGo] Remove SOGoIMAPServer from sogo.conf
[SOGo] Add SOGoIMAPServer to bootstrap process
[Nginx] Disallow editAccount for other accounts than 0 (own)
2019-02-25 00:00:32 +01:00
André Peters
9a9079baa5
Update sogo.auth_request.template.sh 2019-02-23 22:29:14 +01:00
André Peters
0c8f217f49
Update sogo.auth_request.template.sh
Don't want to split hairs! Just consistency. :)
2019-02-23 22:20:09 +01:00
Marcel Hofer
cac67db203 add config ALLOW_ADMIN_EMAIL_LOGIN and implement password-less SOGo login admins 2019-02-23 17:59:18 +01:00
andryyy
5efdf71120
[Nginx] Add qhandler rewrite
[Web] Move theme header include, fixes #2267
2019-02-06 10:14:56 +01:00
Tobias "Knight" S
c06e4c81cf
Enable TLSv1.3 finally
With Alpine 3.9 https://pkgs.alpinelinux.org/package/v3.9/main/x86/openssl we got OpenSSL 1.1.1a. 
With https://github.com/docker-library/official-images/pull/5377 it was merged into the Nginx upstream image and thus Nginx was built with it.
2019-02-01 01:04:13 +01:00
andryyy
6ad8798d5c [Nginx] Compress some files, don't compress proxy answers 2019-01-31 17:07:49 +01:00
andryyy
14901eed64
[Nginx] Remove broken locations 2019-01-31 15:58:35 +01:00
andryyy
60f9968134
[Nginx] Add compression, change expires 2019-01-31 15:45:57 +01:00
andryyy
e84dec3b56 [SOGo] Revert self-built SOGo 2018-12-21 19:54:32 +01:00
andryyy
534e83a218 [Nginx] New WebServerResources path 2018-12-19 09:37:07 +01:00
andryyy
e6625501e7 [Nginx] Remove Strict-Transport-Security for subdomains (prevented autoconfig from working without TLS) 2018-11-12 09:53:18 +01:00
André Peters
83a5eda762
Merge pull request #1434 from apoc4lyps/master
hardening http headers
2018-10-15 22:48:50 +02:00
André
c08149adef [SOGo] EAS changes, larger timeout 2018-10-05 11:12:55 +02:00
André
2f18eb5ad0 [Nginx] Avoid php extensions, use rewrite 2018-10-04 14:34:00 +02:00
André
ea4a26eabf [Nginx] Use SOGo web resources from local mount 2018-09-09 09:51:37 +02:00
apoc4lyps
cf56be1843
set Referrer-Policy to strict-origin 2018-08-06 09:24:34 +02:00
André
66d1bc12c0 [Nginx] Set client_max_body_size = 0 2018-08-05 22:37:07 +02:00
André
e79429beef [PHP-FPM, Nginx] Move some PHP parameters from Nginx to FPM configuration file 2018-06-10 14:31:24 +02:00
apoc4lyps
918343865e
hardening http headers 2018-05-28 12:28:23 +02:00
André
ef6644df34 [PHP-FPM] Delete old pool files
[Nginx] Remove dev code
2018-04-26 13:57:23 +02:00
André
7181ee4658 [Rspamd] Apply ratelimit against authenticated user instead of envelope from
[PHP-FPM] Create PHP-FPM listeners 9001 (system) and 9002 (web), drop 9000
[Rspamd] Parse quarantine messages as utf8
[Rspamd] Use new schema for Rspamd bayes hashes and expire them in Redis
[SOGo] Change default logo
[SOGo] Use different keyserver by default in Dockerfile
[Rspamd] Add bad ASN list (disabled by default)
[Watchdog] Change the way we check PHP-FPM, change SOGo check
[Nginx] Change ports according to new PHP-FPM listeners
[Update] Fix PHP-FPM ports for existing non-mailcow Nginx sites
2018-04-26 13:56:07 +02:00
André Peters
8a7664f7d5 [Nginx] Add larger map bucket size, fixes 1112 2018-03-01 07:28:06 +01:00
Kristian Klausen
63002cbb74 [Nginx] Reduce config duplication
It does not make sense having a seperate server block for both http
and https.
According to the nginx doc [1], using the same server block for both
should work.

[1] http://nginx.org/en/docs/http/configuring_https_servers.html#single_http_https_server
2018-02-15 21:23:07 +01:00
André Peters
e186e350ef [Nginx] Fixes #1033 2018-02-14 09:09:17 +01:00
André Peters
993c998716
Merge pull request #995 from Alireza2n/master
SOGO & Rspamd interface: adding "expire" header to static files, allowing browser to be able to cache them
2018-02-14 07:50:22 +01:00
André Peters
943598f705 [Nginx] Fix EAS... 2018-02-13 09:12:54 +01:00
André Peters
63f7e5930d [Nginx] Fix EAS 2018-02-13 09:07:44 +01:00
André Peters
74c804b9a3 [SOGo] SOGo refuses to bind to IPv6, so force IPv4 in proxy_pass, fixes #1006 2018-02-12 21:32:49 +01:00
André Peters
e5031accbb [Nginx] Remove auto-redirect to not break rp 2018-02-09 09:59:35 +01:00
André Peters
3a1e7b4ee1 [Nginx] Pass args when redirecting to https 2018-02-09 09:11:59 +01:00
Alireza
781a5eb69a Added expires directive and map to nginx, allowing browser to cache SOGO JS,CSS,WOFF files. 2018-02-02 18:38:18 +03:30
Alireza
1b898b1c7b Added expires directive and map to nginx, allowing browser to cache rspamd JS,CSS and image files. 2018-02-02 17:46:49 +03:30
Alireza
64fbc73582 Added expires directive and map to nginx, allowing browser to cache rspamd JS,CSS and image files. 2018-02-02 17:42:19 +03:30
andre.peters
70ac65d794 [Nginx] Fix IPv6 subnet, only rewrite to HTTPS when request is not internal 2018-02-01 13:36:01 +01:00
andre.peters
67ddc710a7 [Nginx] Set real IP from internal networks 2018-01-24 08:36:19 +01:00
andre.peters
83fb8c0fd8 [Nginx] Use names instead of IPs 2018-01-21 14:59:45 +01:00
andre.peters
ae56c3b59e Fix quarantaine 2017-12-11 10:44:46 +01:00
André
a3e966696f [Nginx] Revert to site splitting 2017-10-12 08:37:48 +02:00
andryyy
c5054ae7ed [Watchdog] Ignore null name in jq
[Nginx] Merge sites
[Scripts] Nextcloud helper script (testing!)
2017-10-11 22:56:22 +02:00
andryyy
874aac3c5e [Nginx, PHP-FPM] Do not expose PHP version, example for nextcloud site, include custom locations to site (add site.something.custom to data/conf/nginx) 2017-10-08 22:57:34 +02:00
Michael Kuron
c731a18f66 Preliminary support for Outlook 2016’s autodiscover.json 2017-09-26 22:11:01 +02:00
andryyy
f0df390d12 [Nginx] Stricter TLS settings 2017-09-14 13:34:07 +02:00
andryyy
92e6c9daae [Nginx] Fix SSL temp. 2017-09-11 17:37:25 +02:00
JOduMonT
b2b9731020 a little bit of security
Hide the version of NGINX, block XSS and more...

inspired by : https://gist.github.com/plentz/6737338
2017-09-09 23:10:36 +07:00
andryyy
e5faee9037 [Nginx] Disable client_max_body_size 2017-08-09 10:17:32 +02:00
andryyy
aabcf65c69 [Nginx] Set server_names_hash_bucket_size 64 2017-07-30 21:39:35 +02:00
andryyy
ba3fc47d5f Fix autodiscover, thanks to K2rool! 2017-06-15 23:03:10 +02:00
andryyy
83cb686e33 Fix fix for Apple dav.... 2017-06-14 23:17:31 +02:00