mailinabox/conf/nginx.conf

## $HOSTNAME

# Redirect all HTTP to HTTPS.
server {
	listen 80;
	listen [::]:80;

	server_name $HOSTNAME;
	root /tmp/invalid-path-nothing-here;

	# Improve privacy: Hide version an OS information on
	# error pages and in the "Server" HTTP-Header.
	server_tokens off;

	# Redirect using the 'return' directive and the built-in
	# variable '$request_uri' to avoid any capturing, matching
	# or evaluation of regular expressions.
	return 301 https://$HOSTNAME$request_uri;
}

# The secure HTTPS server.
server {
	listen 443 ssl;
	listen [::]:443 ssl;

	server_name $HOSTNAME;

	# Improve privacy: Hide version an OS information on
	# error pages and in the "Server" HTTP-Header.
	server_tokens off;

	ssl_certificate $SSL_CERTIFICATE;
	ssl_certificate_key $SSL_KEY;
	include /etc/nginx/nginx-ssl.conf;

	# ADDITIONAL DIRECTIVES HERE
}
use php5-fpm rather than our own custom launcher script for PHP+FastCGI 2014-08-12 11:00:54 +00:00			`## $HOSTNAME`
when adding/removing mail addresses also update nginx's config 2014-07-06 12:16:50 +00:00
redirect all HTTP to HTTPS and enable HSTS, closes #18 2014-05-14 12:15:11 +00:00			`# Redirect all HTTP to HTTPS.`
preliminary script for nginx 2013-09-01 14:24:49 +00:00			`server {`
			`listen 80;`
manage the nginx conf in the management daemon too so we can have nginx operate on all domains that we serve mail for 2014-06-20 01:16:38 +00:00			`listen [::]:80;`
preliminary script for nginx 2013-09-01 14:24:49 +00:00
manage the nginx conf in the management daemon too so we can have nginx operate on all domains that we serve mail for 2014-06-20 01:16:38 +00:00			`server_name $HOSTNAME;`
redirect all HTTP to HTTPS and enable HSTS, closes #18 2014-05-14 12:15:11 +00:00			`root /tmp/invalid-path-nothing-here;`
hide nginx version an OS information for better privacy. 2015-02-01 19:13:03 +00:00
			`# Improve privacy: Hide version an OS information on`
			`# error pages and in the "Server" HTTP-Header.`
			`server_tokens off;`

do better redirection from http to https Redirect using the 'return' directive and the built-in variable '$request_uri' to avoid any capturing, matching or evaluation of regular expressions. It's best practice. See: http://wiki.nginx.org/Pitfalls#Taxing_Rewrites 2015-02-01 00:32:07 +00:00			`# Redirect using the 'return' directive and the built-in`
			`# variable '$request_uri' to avoid any capturing, matching`
			`# or evaluation of regular expressions.`
			`return 301 https://$HOSTNAME$request_uri;`
web and roundcube webmail 2013-09-07 20:53:25 +00:00			`}`

			`# The secure HTTPS server.`
			`server {`
			`listen 443 ssl;`
nginx: explicitly listen on both ipv4 and ipv6 (works even if ipv6 isn't present) 2014-11-28 14:40:02 +00:00			`listen [::]:443 ssl;`
preliminary script for nginx 2013-09-01 14:24:49 +00:00
manage the nginx conf in the management daemon too so we can have nginx operate on all domains that we serve mail for 2014-06-20 01:16:38 +00:00			`server_name $HOSTNAME;`
web and roundcube webmail 2013-09-07 20:53:25 +00:00
hide nginx version an OS information for better privacy. 2015-02-01 19:13:03 +00:00			`# Improve privacy: Hide version an OS information on`
			`# error pages and in the "Server" HTTP-Header.`
			`server_tokens off;`

manage the nginx conf in the management daemon too so we can have nginx operate on all domains that we serve mail for 2014-06-20 01:16:38 +00:00			`ssl_certificate $SSL_CERTIFICATE;`
			`ssl_certificate_key $SSL_KEY;`
update to @konklone's latest nginx SSL configuration recommendations 2014-04-18 00:27:52 +00:00			`include /etc/nginx/nginx-ssl.conf;`
apply @konklone's nginx https: recommendations from https://gist.github.com/konklone/6532544 2013-09-14 14:11:47 +00:00
new nginx configuration yaml file to allow proxying of whole domains elsewhere 2014-07-09 12:31:32 +00:00			`# ADDITIONAL DIRECTIVES HERE`
preliminary script for nginx 2013-09-01 14:24:49 +00:00			`}`