Update nginx files to discard non-essential locations for non-primary domains

conf/nginx-alldomains.conf

@@ -1,6 +1,4 @@
-	# Expose this directory as static files.
-	root $ROOT;
-	index index.html index.htm;
+	# ADDITIONAL DIRECTIVES HERE
 
 	location = /robots.txt {
 		log_not_found off;
@@ -25,30 +23,6 @@
 		alias /var/lib/mailinabox/mta-sts.txt;
 	}
 
-	# Roundcube Webmail configuration.
-	rewrite ^/mail$ /mail/ redirect;
-	rewrite ^/mail/$ /mail/index.php;
-	location /mail/ {
-		index index.php;
-		alias /usr/local/lib/roundcubemail/;
-	}
-	location ~ /mail/config/.* {
-		# A ~-style location is needed to give this precedence over the next block.
-		return 403;
-	}
-	location ~ /mail/.*\.php {
-		# note: ~ has precendence over a regular location block
-		include fastcgi_params;
-		fastcgi_split_path_info ^/mail(/.*)()$;
-		fastcgi_index index.php;
-		fastcgi_param SCRIPT_FILENAME /usr/local/lib/roundcubemail/$fastcgi_script_name;
-		fastcgi_pass php-fpm;
-
-		# Outgoing mail also goes through this endpoint, so increase the maximum
-		# file upload limit to match the corresponding Postfix limit.
-		client_max_body_size 128M;
-	}
-
 	# Z-Push (Microsoft Exchange ActiveSync)
 	location /Microsoft-Server-ActiveSync {
 		include /etc/nginx/fastcgi_params;
@@ -68,9 +42,6 @@
 		fastcgi_pass php-fpm;
 	}
 
-
-	# ADDITIONAL DIRECTIVES HERE
-
 	# Disable viewing dotfiles (.htaccess, .svn, .git, etc.)
 	# This block is placed at the end. Nginx's precedence rules means this block
 	# takes precedence over all non-regex matches and only regex matches that

conf/nginx-primaryonly.conf

@@ -1,3 +1,5 @@
+	# ADDITIONAL DIRECTIVES HERE
+	
 	# Control Panel
 	# Proxy /admin to our Python based control panel daemon. It is
 	# listening on IPv4 only so use an IP address and not 'localhost'.
@@ -72,5 +74,3 @@
 	rewrite ^/.well-known/host-meta.json /cloud/public.php?service=host-meta-json last;
 	rewrite ^/.well-known/carddav /cloud/remote.php/carddav/ redirect;
 	rewrite ^/.well-known/caldav /cloud/remote.php/caldav/ redirect;
-
-	# ADDITIONAL DIRECTIVES HERE

management/web_update.py

@@ -195,8 +195,18 @@ def make_domain_config(domain, templates, ssl_certificates, env):
 
 	# Add in any user customizations in the includes/ folder.
 	nginx_conf_custom_include = os.path.join(env["STORAGE_ROOT"], "www", safe_domain_name(domain) + ".conf")
-	if os.path.exists(nginx_conf_custom_include):
-		nginx_conf_extra += "\tinclude %s;\n" % (nginx_conf_custom_include)
+	if not os.path.exists(nginx_conf_custom_include):
+		with open(nginx_conf_custom_include, "a+") as f:
+			f.writelines([
+				f"# Custom configurations for {domain} go here",
+				"# To use php: use the \"php-fpm\" alias",
+				""
+				f"root {root};",
+				"index index.html index.htm;"
+			])
+	
+	nginx_conf_extra += "\tinclude %s;\n" % (nginx_conf_custom_include)
+
 	# PUT IT ALL TOGETHER
 
 	# Combine the pieces. Iteratively place each template into the "# ADDITIONAL DIRECTIVES HERE" placeholder
@@ -208,7 +218,6 @@ def make_domain_config(domain, templates, ssl_certificates, env):
 	# Replace substitution strings in the template & return.
 	nginx_conf = nginx_conf.replace("$STORAGE_ROOT", env['STORAGE_ROOT'])
 	nginx_conf = nginx_conf.replace("$HOSTNAME", domain)
-	nginx_conf = nginx_conf.replace("$ROOT", root)
 	nginx_conf = nginx_conf.replace("$SSL_KEY", tls_cert["private-key"])
 	nginx_conf = nginx_conf.replace("$SSL_CERTIFICATE", tls_cert["certificate"])
 	nginx_conf = nginx_conf.replace("$REDIRECT_DOMAIN", re.sub(r"^www\.", "", domain)) # for default www redirects to parent domain