diff --git a/data/conf/nginx/templates/listen_plain.template b/data/conf/nginx/templates/listen_plain.template new file mode 100644 index 000000000..a044b22f2 --- /dev/null +++ b/data/conf/nginx/templates/listen_plain.template @@ -0,0 +1,2 @@ +listen ${HTTP_PORT}; +listen [::]:${HTTP_PORT}; diff --git a/data/conf/nginx/templates/listen_ssl.template b/data/conf/nginx/templates/listen_ssl.template new file mode 100644 index 000000000..93ec80c6d --- /dev/null +++ b/data/conf/nginx/templates/listen_ssl.template @@ -0,0 +1,2 @@ +listen ${HTTPS_PORT} ssl http2; +listen [::]:${HTTPS_PORT} ssl http2; diff --git a/data/conf/nginx/templates/server_name.template b/data/conf/nginx/templates/server_name.template new file mode 100644 index 000000000..261a1eceb --- /dev/null +++ b/data/conf/nginx/templates/server_name.template @@ -0,0 +1 @@ +server_name ${MAILCOW_HOSTNAME} autodiscover.* autoconfig.*; diff --git a/data/conf/nginx/templates/sites.template.sh b/data/conf/nginx/templates/sites.template.sh index b9f587384..b2ca6f813 100644 --- a/data/conf/nginx/templates/sites.template.sh +++ b/data/conf/nginx/templates/sites.template.sh @@ -1,15 +1,13 @@ echo ' server { listen 127.0.0.1:65510; - listen '${HTTP_PORT}' default_server; - listen [::]:'${HTTP_PORT}' default_server; - listen '${HTTPS_PORT}' ssl http2 default_server; - listen [::]:'${HTTPS_PORT}' ssl http2 default_server; + include /etc/nginx/conf.d/listen_plain.active; + include /etc/nginx/conf.d/listen_ssl.active; ssl_certificate /etc/ssl/mail/cert.pem; ssl_certificate_key /etc/ssl/mail/key.pem; - server_name '${MAILCOW_HOSTNAME}' autodiscover.* autoconfig.*; + include /etc/nginx/conf.d/server_name.active; include /etc/nginx/conf.d/includes/site-defaults.conf; } @@ -18,15 +16,16 @@ for cert_dir in /etc/ssl/mail/*/ ; do if [[ ! -f ${cert_dir}domains ]] || [[ ! -f ${cert_dir}cert.pem ]] || [[ ! -f ${cert_dir}key.pem ]]; then continue fi - # remove hostname to not cause nginx warnings (hostname is covered in default server listen) - domains="$(cat ${cert_dir}domains | sed -e "s/\(^\| \)\($(echo ${MAILCOW_HOSTNAME} | sed 's/\./\\./g')\)\( \|$\)/ /g" | sed -e 's/^[[:space:]]*//')" - if [[ "${domains}" == "" ]]; then - continue - fi + # do not create vhost for default-certificate. the cert is already in the default server listen + domains="$(cat ${cert_dir}domains | sed -e 's/^[[:space:]]*//')" + case "${domains}" in + "") continue;; + "${MAILCOW_HOSTNAME}"*) continue;; + esac echo -n ' server { - listen '${HTTPS_PORT}' ssl http2; - listen [::]:'${HTTPS_PORT}' ssl http2; + include /etc/nginx/conf.d/listen_plain.active; + include /etc/nginx/conf.d/listen_ssl.active; ssl_certificate '${cert_dir}'cert.pem; ssl_certificate_key '${cert_dir}'key.pem; diff --git a/docker-compose.yml b/docker-compose.yml index 4f471edf4..a459a7636 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -275,7 +275,10 @@ services: image: nginx:mainline-alpine dns: - ${IPV4_NETWORK:-172.22.1}.254 - command: /bin/sh -c "envsubst < /etc/nginx/conf.d/templates/sogo.template > /etc/nginx/conf.d/sogo.active && + command: /bin/sh -c "envsubst < /etc/nginx/conf.d/templates/listen_plain.template > /etc/nginx/conf.d/listen_plain.active && + envsubst < /etc/nginx/conf.d/templates/listen_ssl.template > /etc/nginx/conf.d/listen_ssl.active && + envsubst < /etc/nginx/conf.d/templates/server_name.template > /etc/nginx/conf.d/server_name.active && + envsubst < /etc/nginx/conf.d/templates/sogo.template > /etc/nginx/conf.d/sogo.active && envsubst < /etc/nginx/conf.d/templates/sogo_eas.template > /etc/nginx/conf.d/sogo_eas.active && . /etc/nginx/conf.d/templates/sogo.auth_request.template.sh > /etc/nginx/conf.d/sogo_proxy_auth.active && . /etc/nginx/conf.d/templates/sites.template.sh > /etc/nginx/conf.d/sites.active &&