2014-08-12 11:00:54 +00:00
|
|
|
## $HOSTNAME
|
2014-07-06 12:16:50 +00:00
|
|
|
|
2014-05-14 12:15:11 +00:00
|
|
|
# Redirect all HTTP to HTTPS.
|
2013-09-01 14:24:49 +00:00
|
|
|
server {
|
|
|
|
listen 80;
|
2014-06-20 01:16:38 +00:00
|
|
|
listen [::]:80;
|
2013-09-01 14:24:49 +00:00
|
|
|
|
2014-06-20 01:16:38 +00:00
|
|
|
server_name $HOSTNAME;
|
2014-05-14 12:15:11 +00:00
|
|
|
root /tmp/invalid-path-nothing-here;
|
2015-02-01 19:13:03 +00:00
|
|
|
|
|
|
|
# Improve privacy: Hide version an OS information on
|
|
|
|
# error pages and in the "Server" HTTP-Header.
|
|
|
|
server_tokens off;
|
|
|
|
|
2015-02-01 00:32:07 +00:00
|
|
|
# Redirect using the 'return' directive and the built-in
|
|
|
|
# variable '$request_uri' to avoid any capturing, matching
|
|
|
|
# or evaluation of regular expressions.
|
|
|
|
return 301 https://$HOSTNAME$request_uri;
|
2013-09-07 20:53:25 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
# The secure HTTPS server.
|
|
|
|
server {
|
|
|
|
listen 443 ssl;
|
2014-11-28 14:40:02 +00:00
|
|
|
listen [::]:443 ssl;
|
2013-09-01 14:24:49 +00:00
|
|
|
|
2014-06-20 01:16:38 +00:00
|
|
|
server_name $HOSTNAME;
|
2013-09-07 20:53:25 +00:00
|
|
|
|
2015-02-01 19:13:03 +00:00
|
|
|
# Improve privacy: Hide version an OS information on
|
|
|
|
# error pages and in the "Server" HTTP-Header.
|
|
|
|
server_tokens off;
|
|
|
|
|
2014-06-20 01:16:38 +00:00
|
|
|
ssl_certificate $SSL_CERTIFICATE;
|
|
|
|
ssl_certificate_key $SSL_KEY;
|
2014-04-18 00:27:52 +00:00
|
|
|
include /etc/nginx/nginx-ssl.conf;
|
2013-09-14 14:11:47 +00:00
|
|
|
|
2014-08-12 11:36:40 +00:00
|
|
|
# Expose this directory as static files.
|
|
|
|
root $ROOT;
|
2013-09-07 20:53:25 +00:00
|
|
|
index index.html index.htm;
|
|
|
|
|
2014-09-10 19:27:59 +00:00
|
|
|
location = /robots.txt {
|
|
|
|
log_not_found off;
|
|
|
|
access_log off;
|
|
|
|
}
|
|
|
|
|
|
|
|
location = /favicon.ico {
|
|
|
|
log_not_found off;
|
|
|
|
access_log off;
|
|
|
|
}
|
|
|
|
|
2014-11-06 14:33:08 +00:00
|
|
|
location = /mailinabox.mobileconfig {
|
|
|
|
alias /var/lib/mailinabox/mobileconfig.xml;
|
|
|
|
}
|
2015-01-31 21:33:18 +00:00
|
|
|
location = /.well-known/autoconfig/mail/config-v1.1.xml {
|
|
|
|
alias /var/lib/mailinabox/mozilla-autoconfig.xml;
|
|
|
|
}
|
2014-11-06 14:33:08 +00:00
|
|
|
|
2015-05-27 16:33:24 +00:00
|
|
|
# Disable viewing dotfiles (.htaccess, .svn, .git, etc.), but not under php-controlled pages
|
|
|
|
location ~ ^/(?!.*\.php).*/\.(ht|svn|git|bzr)$ {
|
2015-02-09 17:41:42 +00:00
|
|
|
log_not_found off;
|
|
|
|
access_log off;
|
|
|
|
deny all;
|
|
|
|
}
|
|
|
|
|
2014-08-12 11:36:40 +00:00
|
|
|
# Roundcube Webmail configuration.
|
|
|
|
rewrite ^/mail$ /mail/ redirect;
|
|
|
|
rewrite ^/mail/$ /mail/index.php;
|
|
|
|
location /mail/ {
|
|
|
|
index index.php;
|
|
|
|
alias /usr/local/lib/roundcubemail/;
|
2014-08-11 14:30:39 +00:00
|
|
|
}
|
2014-08-12 11:36:40 +00:00
|
|
|
location ~ /mail/config/.* {
|
|
|
|
# A ~-style location is needed to give this precedence over the next block.
|
|
|
|
return 403;
|
2014-08-11 18:17:38 +00:00
|
|
|
}
|
2014-08-12 11:36:40 +00:00
|
|
|
location ~ /mail/.*\.php {
|
|
|
|
# note: ~ has precendence over a regular location block
|
|
|
|
include fastcgi_params;
|
|
|
|
fastcgi_split_path_info ^/mail(/.*)()$;
|
|
|
|
fastcgi_index index.php;
|
|
|
|
fastcgi_param SCRIPT_FILENAME /usr/local/lib/roundcubemail/$fastcgi_script_name;
|
2014-08-12 11:00:54 +00:00
|
|
|
fastcgi_pass php-fpm;
|
2014-10-16 21:49:28 +00:00
|
|
|
|
|
|
|
# Outgoing mail also goes through this endpoint, so increase the maximum
|
|
|
|
# file upload limit to match the corresponding Postfix limit.
|
|
|
|
client_max_body_size 128M;
|
2014-07-08 00:37:53 +00:00
|
|
|
}
|
2014-08-11 14:24:29 +00:00
|
|
|
|
2014-07-12 00:02:32 +00:00
|
|
|
# Z-Push (Microsoft Exchange ActiveSync)
|
|
|
|
location /Microsoft-Server-ActiveSync {
|
2014-08-13 05:30:32 +00:00
|
|
|
include /etc/nginx/fastcgi_params;
|
2014-07-12 00:02:32 +00:00
|
|
|
fastcgi_param SCRIPT_FILENAME /usr/local/lib/z-push/index.php;
|
2014-08-17 22:53:15 +00:00
|
|
|
fastcgi_param PHP_VALUE "include_path=.:/usr/share/php:/usr/share/pear:/usr/share/awl/inc";
|
2014-08-13 05:30:32 +00:00
|
|
|
fastcgi_read_timeout 630;
|
2014-08-12 11:00:54 +00:00
|
|
|
fastcgi_pass php-fpm;
|
2014-10-16 21:49:28 +00:00
|
|
|
|
|
|
|
# Outgoing mail also goes through this endpoint, so increase the maximum
|
|
|
|
# file upload limit to match the corresponding Postfix limit.
|
|
|
|
client_max_body_size 128M;
|
2014-07-12 00:02:32 +00:00
|
|
|
}
|
2014-08-19 12:07:54 +00:00
|
|
|
location /autodiscover/autodiscover.xml {
|
|
|
|
include fastcgi_params;
|
|
|
|
fastcgi_param SCRIPT_FILENAME /usr/local/lib/z-push/autodiscover/autodiscover.php;
|
2014-08-19 15:07:55 +00:00
|
|
|
fastcgi_param PHP_VALUE "include_path=.:/usr/share/php:/usr/share/pear:/usr/share/awl/inc";
|
2014-08-19 12:07:54 +00:00
|
|
|
fastcgi_pass php-fpm;
|
|
|
|
}
|
|
|
|
|
2014-07-12 00:02:32 +00:00
|
|
|
|
2014-07-09 12:31:32 +00:00
|
|
|
# ADDITIONAL DIRECTIVES HERE
|
2013-09-01 14:24:49 +00:00
|
|
|
}
|