mirror of
https://github.com/mail-in-a-box/mailinabox.git
synced 2024-11-22 02:17:26 +00:00
owncloud will only let users access it from the PRIMARY_HOSTNAME (due to its trusted_domains option being set statically), so only include /cloud in the nginx configuration for PRIMARY_HOSTNAME
This commit is contained in:
parent
277f98aac8
commit
6e380ade17
41
conf/nginx-primaryonly.conf
Normal file
41
conf/nginx-primaryonly.conf
Normal file
@ -0,0 +1,41 @@
|
|||||||
|
# ownCloud configuration.
|
||||||
|
rewrite ^/cloud$ /cloud/ redirect;
|
||||||
|
rewrite ^/cloud/$ /cloud/index.php;
|
||||||
|
rewrite ^(/cloud/core/doc/[^\/]+/)$ $1/index.html;
|
||||||
|
location /cloud/ {
|
||||||
|
alias /usr/local/lib/owncloud/;
|
||||||
|
location ~ ^/(data|config|\.ht|db_structure\.xml|README) {
|
||||||
|
deny all;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
location ~ ^(/cloud)(/[^/]+\.php)(/.*)?$ {
|
||||||
|
# note: ~ has precendence over a regular location block
|
||||||
|
include fastcgi_params;
|
||||||
|
fastcgi_param SCRIPT_FILENAME /usr/local/lib/owncloud/$2;
|
||||||
|
fastcgi_param SCRIPT_NAME $1$2;
|
||||||
|
fastcgi_param PATH_INFO $3;
|
||||||
|
fastcgi_param MOD_X_ACCEL_REDIRECT_ENABLED on;
|
||||||
|
fastcgi_read_timeout 630;
|
||||||
|
fastcgi_pass php-fpm;
|
||||||
|
error_page 403 /cloud/core/templates/403.php;
|
||||||
|
error_page 404 /cloud/core/templates/404.php;
|
||||||
|
client_max_body_size 1G;
|
||||||
|
fastcgi_buffers 64 4K;
|
||||||
|
}
|
||||||
|
location ^~ /cloud/data {
|
||||||
|
# In order to support MOD_X_ACCEL_REDIRECT_ENABLED, we need to expose
|
||||||
|
# the data directory but only allow 'internal' redirects within nginx
|
||||||
|
# so that this is not exposed to the world.
|
||||||
|
internal;
|
||||||
|
alias $STORAGE_ROOT/owncloud;
|
||||||
|
}
|
||||||
|
location ~ ^/((caldav|carddav|webdav).*)$ {
|
||||||
|
# Z-Push doesn't like getting a redirect, and a plain rewrite didn't work either.
|
||||||
|
# Properly proxying like this seems to work fine.
|
||||||
|
proxy_pass https://$HOSTNAME/cloud/remote.php/$1;
|
||||||
|
}
|
||||||
|
rewrite ^/.well-known/host-meta /cloud/public.php?service=host-meta last;
|
||||||
|
rewrite ^/.well-known/host-meta.json /cloud/public.php?service=host-meta-json last;
|
||||||
|
rewrite ^/.well-known/carddav /cloud/remote.php/carddav/ redirect;
|
||||||
|
rewrite ^/.well-known/caldav /cloud/remote.php/caldav/ redirect;
|
||||||
|
|
@ -31,12 +31,10 @@ server {
|
|||||||
index index.php;
|
index index.php;
|
||||||
alias /usr/local/lib/roundcubemail/;
|
alias /usr/local/lib/roundcubemail/;
|
||||||
}
|
}
|
||||||
|
|
||||||
location ~ /mail/config/.* {
|
location ~ /mail/config/.* {
|
||||||
# A ~-style location is needed to give this precedence over the next block.
|
# A ~-style location is needed to give this precedence over the next block.
|
||||||
return 403;
|
return 403;
|
||||||
}
|
}
|
||||||
|
|
||||||
location ~ /mail/.*\.php {
|
location ~ /mail/.*\.php {
|
||||||
# note: ~ has precendence over a regular location block
|
# note: ~ has precendence over a regular location block
|
||||||
include fastcgi_params;
|
include fastcgi_params;
|
||||||
@ -47,51 +45,6 @@ server {
|
|||||||
client_max_body_size 20M;
|
client_max_body_size 20M;
|
||||||
}
|
}
|
||||||
|
|
||||||
# ownCloud configuration.
|
|
||||||
rewrite ^/cloud$ /cloud/ redirect;
|
|
||||||
rewrite ^/cloud/$ /cloud/index.php;
|
|
||||||
rewrite ^(/cloud/core/doc/[^\/]+/)$ $1/index.html;
|
|
||||||
location /cloud/ {
|
|
||||||
alias /usr/local/lib/owncloud/;
|
|
||||||
location ~ ^/(data|config|\.ht|db_structure\.xml|README) {
|
|
||||||
deny all;
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
location ~ ^(/cloud)(/[^/]+\.php)(/.*)?$ {
|
|
||||||
# note: ~ has precendence over a regular location block
|
|
||||||
include fastcgi_params;
|
|
||||||
fastcgi_param SCRIPT_FILENAME /usr/local/lib/owncloud/$2;
|
|
||||||
fastcgi_param SCRIPT_NAME $1$2;
|
|
||||||
fastcgi_param PATH_INFO $3;
|
|
||||||
fastcgi_param MOD_X_ACCEL_REDIRECT_ENABLED on;
|
|
||||||
fastcgi_read_timeout 630;
|
|
||||||
fastcgi_pass php-fpm;
|
|
||||||
error_page 403 /cloud/core/templates/403.php;
|
|
||||||
error_page 404 /cloud/core/templates/404.php;
|
|
||||||
client_max_body_size 1G;
|
|
||||||
fastcgi_buffers 64 4K;
|
|
||||||
}
|
|
||||||
location ^~ /cloud/data {
|
|
||||||
# In order to support MOD_X_ACCEL_REDIRECT_ENABLED, we need to expose
|
|
||||||
# the data directory but only allow 'internal' redirects within nginx
|
|
||||||
# so that this is not exposed to the world.
|
|
||||||
internal;
|
|
||||||
alias $STORAGE_ROOT/owncloud;
|
|
||||||
}
|
|
||||||
|
|
||||||
|
|
||||||
location ~ ^/((caldav|carddav|webdav).*)$ {
|
|
||||||
# Z-Push doesn't like getting a redirect, and a plain rewrite didn't work either.
|
|
||||||
# Properly proxying like this seems to work fine.
|
|
||||||
proxy_pass https://$HOSTNAME/cloud/remote.php/$1;
|
|
||||||
}
|
|
||||||
|
|
||||||
rewrite ^/.well-known/host-meta /cloud/public.php?service=host-meta last;
|
|
||||||
rewrite ^/.well-known/host-meta.json /cloud/public.php?service=host-meta-json last;
|
|
||||||
rewrite ^/.well-known/carddav /cloud/remote.php/carddav/ redirect;
|
|
||||||
rewrite ^/.well-known/caldav /cloud/remote.php/caldav/ redirect;
|
|
||||||
|
|
||||||
# Webfinger configuration.
|
# Webfinger configuration.
|
||||||
location = /.well-known/webfinger {
|
location = /.well-known/webfinger {
|
||||||
include fastcgi_params;
|
include fastcgi_params;
|
||||||
|
@ -43,9 +43,10 @@ def do_web_update(env):
|
|||||||
nginx_conf = open(os.path.join(os.path.dirname(__file__), "../conf/nginx-top.conf")).read()
|
nginx_conf = open(os.path.join(os.path.dirname(__file__), "../conf/nginx-top.conf")).read()
|
||||||
|
|
||||||
# Add configuration for each web domain.
|
# Add configuration for each web domain.
|
||||||
template = open(os.path.join(os.path.dirname(__file__), "../conf/nginx.conf")).read()
|
template1 = open(os.path.join(os.path.dirname(__file__), "../conf/nginx.conf")).read()
|
||||||
|
template2 = open(os.path.join(os.path.dirname(__file__), "../conf/nginx-primaryonly.conf")).read()
|
||||||
for domain in get_web_domains(env):
|
for domain in get_web_domains(env):
|
||||||
nginx_conf += make_domain_config(domain, template, env)
|
nginx_conf += make_domain_config(domain, template1, template2, env)
|
||||||
|
|
||||||
# Did the file change? If not, don't bother writing & restarting nginx.
|
# Did the file change? If not, don't bother writing & restarting nginx.
|
||||||
nginx_conf_fn = "/etc/nginx/conf.d/local.conf"
|
nginx_conf_fn = "/etc/nginx/conf.d/local.conf"
|
||||||
@ -63,7 +64,7 @@ def do_web_update(env):
|
|||||||
|
|
||||||
return "web updated\n"
|
return "web updated\n"
|
||||||
|
|
||||||
def make_domain_config(domain, template, env):
|
def make_domain_config(domain, template, template_for_primaryhost, env):
|
||||||
# How will we configure this domain.
|
# How will we configure this domain.
|
||||||
|
|
||||||
# Where will its root directory be for static files?
|
# Where will its root directory be for static files?
|
||||||
@ -77,8 +78,13 @@ def make_domain_config(domain, template, env):
|
|||||||
# available. Make a self-signed one now if one doesn't exist.
|
# available. Make a self-signed one now if one doesn't exist.
|
||||||
ensure_ssl_certificate_exists(domain, ssl_key, ssl_certificate, csr_path, env)
|
ensure_ssl_certificate_exists(domain, ssl_key, ssl_certificate, csr_path, env)
|
||||||
|
|
||||||
|
# Put pieces together.
|
||||||
|
nginx_conf_parts = re.split("\s*# ADDITIONAL DIRECTIVES HERE\s*", template)
|
||||||
|
nginx_conf = nginx_conf_parts[0] + "\n"
|
||||||
|
if domain == env['PRIMARY_HOSTNAME']:
|
||||||
|
nginx_conf += template_for_primaryhost + "\n"
|
||||||
|
|
||||||
# Replace substitution strings in the template & return.
|
# Replace substitution strings in the template & return.
|
||||||
nginx_conf = template
|
|
||||||
nginx_conf = nginx_conf.replace("$STORAGE_ROOT", env['STORAGE_ROOT'])
|
nginx_conf = nginx_conf.replace("$STORAGE_ROOT", env['STORAGE_ROOT'])
|
||||||
nginx_conf = nginx_conf.replace("$HOSTNAME", domain)
|
nginx_conf = nginx_conf.replace("$HOSTNAME", domain)
|
||||||
nginx_conf = nginx_conf.replace("$ROOT", root)
|
nginx_conf = nginx_conf.replace("$ROOT", root)
|
||||||
@ -86,17 +92,16 @@ def make_domain_config(domain, template, env):
|
|||||||
nginx_conf = nginx_conf.replace("$SSL_CERTIFICATE", ssl_certificate)
|
nginx_conf = nginx_conf.replace("$SSL_CERTIFICATE", ssl_certificate)
|
||||||
|
|
||||||
# Add in any user customizations.
|
# Add in any user customizations.
|
||||||
nginx_conf_parts = re.split("(# ADDITIONAL DIRECTIVES HERE\n)", nginx_conf)
|
|
||||||
nginx_conf_custom_fn = os.path.join(env["STORAGE_ROOT"], "www/custom.yaml")
|
nginx_conf_custom_fn = os.path.join(env["STORAGE_ROOT"], "www/custom.yaml")
|
||||||
if os.path.exists(nginx_conf_custom_fn):
|
if os.path.exists(nginx_conf_custom_fn):
|
||||||
yaml = rtyaml.load(open(nginx_conf_custom_fn))
|
yaml = rtyaml.load(open(nginx_conf_custom_fn))
|
||||||
if domain in yaml:
|
if domain in yaml:
|
||||||
yaml = yaml[domain]
|
yaml = yaml[domain]
|
||||||
if "proxy" in yaml:
|
if "proxy" in yaml:
|
||||||
nginx_conf_parts[1] += "\tlocation / {\n\t\tproxy_pass %s;\n\t}\n" % yaml["proxy"]
|
nginx_conf += "\tlocation / {\n\t\tproxy_pass %s;\n\t}\n" % yaml["proxy"]
|
||||||
|
|
||||||
# Put it all together.
|
# Ending.
|
||||||
nginx_conf = "".join(nginx_conf_parts)
|
nginx_conf += nginx_conf_parts[1]
|
||||||
|
|
||||||
return nginx_conf
|
return nginx_conf
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user