external/mailinabox
1
0
Fork 0
mirror of https://github.com/mail-in-a-box/mailinabox.git synced 2026-03-13 17:17:23 +01:00
Code Issues Releases Wiki Activity

Update nginx files to discard non-essential locations for non-primary domains

Browse Source
This commit is contained in:
David Duque
2020-09-27 02:01:17 +01:00
parent 7725e6efe6
commit 4b7f6e20da
3 changed files with 15 additions and 35 deletions
Download Patch File Download Diff File Expand all files Collapse all files

31
conf/nginx-alldomains.conf
View File

@@ -1,6 +1,4 @@
# Expose this directory as static files.
root $ROOT;
index index.html index.htm;
# ADDITIONAL DIRECTIVES HERE
location = /robots.txt {
log_not_found off;
@@ -25,30 +23,6 @@
alias /var/lib/mailinabox/mta-sts.txt;
}
# Roundcube Webmail configuration.
rewrite ^/mail$ /mail/ redirect;
rewrite ^/mail/$ /mail/index.php;
location /mail/ {
index index.php;
alias /usr/local/lib/roundcubemail/;
}
location ~ /mail/config/.* {
# A ~-style location is needed to give this precedence over the next block.
return 403;
}
location ~ /mail/.*\.php {
# note: ~ has precendence over a regular location block
include fastcgi_params;
fastcgi_split_path_info ^/mail(/.*)()$;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME /usr/local/lib/roundcubemail/$fastcgi_script_name;
fastcgi_pass php-fpm;
# Outgoing mail also goes through this endpoint, so increase the maximum
# file upload limit to match the corresponding Postfix limit.
client_max_body_size 128M;
}
# Z-Push (Microsoft Exchange ActiveSync)
location /Microsoft-Server-ActiveSync {
include /etc/nginx/fastcgi_params;
@@ -68,9 +42,6 @@
fastcgi_pass php-fpm;
}
# ADDITIONAL DIRECTIVES HERE
# Disable viewing dotfiles (.htaccess, .svn, .git, etc.)
# This block is placed at the end. Nginx's precedence rules means this block
# takes precedence over all non-regex matches and only regex matches that

4
conf/nginx-primaryonly.conf
View File

@@ -1,3 +1,5 @@
# ADDITIONAL DIRECTIVES HERE
# Control Panel
# Proxy /admin to our Python based control panel daemon. It is
# listening on IPv4 only so use an IP address and not 'localhost'.
@@ -72,5 +74,3 @@
rewrite ^/.well-known/host-meta.json /cloud/public.php?service=host-meta-json last;
rewrite ^/.well-known/carddav /cloud/remote.php/carddav/ redirect;
rewrite ^/.well-known/caldav /cloud/remote.php/caldav/ redirect;
# ADDITIONAL DIRECTIVES HERE