diff --git a/conf/nginx-default.conf b/conf/nginx-alldomains.conf similarity index 98% rename from conf/nginx-default.conf rename to conf/nginx-alldomains.conf index ad7f14e5..4c81e3f3 100644 --- a/conf/nginx-default.conf +++ b/conf/nginx-alldomains.conf @@ -78,7 +78,7 @@ # we're blocking dotfiles in the static hosted sites but not the FastCGI- # handled locations for Nextcloud (which serves user-uploaded files that might # have this pattern, see #414) or some of the other services. - location ~ /\.(ht|svn|git|hg|bzr|.*\.conf) { + location ~ /\.(ht|svn|git|hg|bzr) { log_not_found off; access_log off; deny all; diff --git a/conf/nginx-custom.conf b/conf/nginx-custom.conf deleted file mode 100644 index addb8155..00000000 --- a/conf/nginx-custom.conf +++ /dev/null @@ -1,36 +0,0 @@ - # Expose this directory as static files. - root $ROOT; - index index.html index.htm; - - # If you want to use the PHP socket, use the "php-fpm" alias. - - # DON'T DELETE THE LINE BELOW - # ADDITIONAL DIRECTIVES HERE - - # Ensure we have the MTA-STS policy enabled - location = /.well-known/mta-sts.txt { - alias /var/lib/mailinabox/mta-sts.txt; - } - - # Disable error logs for these - location = /robots.txt { - log_not_found off; - access_log off; - } - location = /favicon.ico { - log_not_found off; - access_log off; - } - - # Disable viewing dotfiles (.htaccess, .svn, .git, etc.) - # This block is placed at the end. Nginx's precedence rules means this block - # takes precedence over all non-regex matches and only regex matches that - # come after it (i.e. none of those, since this is the last one.) That means - # we're blocking dotfiles in the static hosted sites but not the FastCGI- - # handled locations for Nextcloud (which serves user-uploaded files that might - # have this pattern, see #414) or some of the other services. - location ~ /\.(ht|svn|git|hg|bzr|.*\.conf) { - log_not_found off; - access_log off; - deny all; - } diff --git a/management/web_update.py b/management/web_update.py index 534d9924..d8844f3c 100644 --- a/management/web_update.py +++ b/management/web_update.py @@ -80,20 +80,12 @@ def do_web_update(env): # Load the templates. template0 = open(os.path.join(os.path.dirname(__file__), "../conf/nginx.conf")).read() - template1 = open(os.path.join(os.path.dirname(__file__), "../conf/nginx-default.conf")).read() + template1 = open(os.path.join(os.path.dirname(__file__), "../conf/nginx-alldomains.conf")).read() template2 = open(os.path.join(os.path.dirname(__file__), "../conf/nginx-primaryonly.conf")).read() - template3 = open(os.path.join(os.path.dirname(__file__), "../conf/nginx-custom.conf")).read() - template4 = "\trewrite ^(.*) https://$REDIRECT_DOMAIN$1 permanent;\n" + template3 = "\trewrite ^(.*) https://$REDIRECT_DOMAIN$1 permanent;\n" # Add the PRIMARY_HOST configuration first so it becomes nginx's default server. - default_conf = make_domain_config(env['PRIMARY_HOSTNAME'], [template0, template1, template2], ssl_certificates, env) - default_conf_file = os.path.join(get_web_root(env['PRIMARY_HOSTNAME'], env), ".nginx.conf") - if not os.path.exists(default_conf_file): - with open(default_conf_file, "w") as f: - f.write(default_conf) - - nginx_conf += default_conf - + nginx_conf += make_domain_config(env['PRIMARY_HOSTNAME'], [template0, template1, template2], ssl_certificates, env) # Add configuration all other web domains. has_root_proxy_or_redirect = get_web_domains_with_root_overrides(env) @@ -104,23 +96,13 @@ def do_web_update(env): continue if domain in web_domains_not_redirect: # This is a regular domain. - local_conf = "" - nginx_conf_custom = os.path.join(get_web_root(domain, env), ".nginx.conf") - if os.path.exists(nginx_conf_custom) and not is_default_web_root(domain, env): - with open(nginx_conf_custom, "r") as f: - local_conf = f.read() - elif domain not in has_root_proxy_or_redirect: - local_conf = make_domain_config(domain, [template0, template3], ssl_certificates, env) + if domain not in has_root_proxy_or_redirect: + nginx_conf += make_domain_config(domain, [template0, template1], ssl_certificates, env) else: - local_conf = make_domain_config(domain, [template0], ssl_certificates, env) - nginx_conf += local_conf - - if not is_default_web_root(domain, env): - with open(nginx_conf_custom, "w+") as f: - f.write(local_conf) + nginx_conf += make_domain_config(domain, [template0], ssl_certificates, env) else: # Add default 'www.' redirect. - nginx_conf += make_domain_config(domain, [template0, template4], ssl_certificates, env) + nginx_conf += make_domain_config(domain, [template0, template3], ssl_certificates, env) # Did the file change? If not, don't bother writing & restarting nginx. nginx_conf_fn = "/etc/nginx/conf.d/local.conf"