provide redirects from www subdomains of zones to their parent domain

* Split the nginx templates again so we have just the part needed to make a domain do a redirect separate from the rest.
* Add server blocks to the nginx config for these domains.
* List these domains in the SSL certificate install admin panel.
* Generate default 'www' records just for domains we provide default redirects for.

Fixes #321.

conf/nginx-alldomains.conf

@@ -0,0 +1,79 @@
+	# Expose this directory as static files.
+	root $ROOT;
+	index index.html index.htm;
+
+	location = /robots.txt {
+		log_not_found off;
+		access_log off;
+	}
+
+	location = /favicon.ico {
+		log_not_found off;
+		access_log off;
+	}
+
+	location = /mailinabox.mobileconfig {
+		alias /var/lib/mailinabox/mobileconfig.xml;
+	}
+	location = /.well-known/autoconfig/mail/config-v1.1.xml {
+		alias /var/lib/mailinabox/mozilla-autoconfig.xml;
+	}
+
+	# Roundcube Webmail configuration.
+	rewrite ^/mail$ /mail/ redirect;
+	rewrite ^/mail/$ /mail/index.php;
+	location /mail/ {
+		index index.php;
+		alias /usr/local/lib/roundcubemail/;
+	}
+	location ~ /mail/config/.* {
+		# A ~-style location is needed to give this precedence over the next block.
+		return 403;
+	}
+	location ~ /mail/.*\.php {
+		# note: ~ has precendence over a regular location block
+		include fastcgi_params;
+		fastcgi_split_path_info ^/mail(/.*)()$;
+		fastcgi_index index.php;
+		fastcgi_param SCRIPT_FILENAME /usr/local/lib/roundcubemail/$fastcgi_script_name;
+		fastcgi_pass php-fpm;
+
+		# Outgoing mail also goes through this endpoint, so increase the maximum
+		# file upload limit to match the corresponding Postfix limit.
+		client_max_body_size 128M;
+	}
+
+	# Z-Push (Microsoft Exchange ActiveSync)
+	location /Microsoft-Server-ActiveSync {
+		include /etc/nginx/fastcgi_params;
+		fastcgi_param SCRIPT_FILENAME /usr/local/lib/z-push/index.php;
+		fastcgi_param PHP_VALUE "include_path=.:/usr/share/php:/usr/share/pear:/usr/share/awl/inc";
+		fastcgi_read_timeout 630;
+		fastcgi_pass php-fpm;
+
+		# Outgoing mail also goes through this endpoint, so increase the maximum
+		# file upload limit to match the corresponding Postfix limit.
+		client_max_body_size 128M;
+	}
+	location /autodiscover/autodiscover.xml {
+		include fastcgi_params;
+		fastcgi_param SCRIPT_FILENAME /usr/local/lib/z-push/autodiscover/autodiscover.php;
+		fastcgi_param PHP_VALUE "include_path=.:/usr/share/php:/usr/share/pear:/usr/share/awl/inc";
+		fastcgi_pass php-fpm;
+	}
+
+
+	# ADDITIONAL DIRECTIVES HERE
+
+	# Disable viewing dotfiles (.htaccess, .svn, .git, etc.)
+	# This block is placed at the end. Nginx's precedence rules means this block
+	# takes precedence over all non-regex matches and only regex matches that
+	# come after it (i.e. none of those, since this is the last one.) That means
+	# we're blocking dotfiles in the static hosted sites but not the FastCGI-
+	# handled locations for ownCloud (which serves user-uploaded files that might
+	# have this pattern, see #414) or some of the other services.
+	location ~ /\.(ht|svn|git|hg|bzr) {
+		log_not_found off;
+		access_log off;
+		deny all;
+	}

conf/nginx-primaryonly.conf

@@ -58,3 +58,4 @@
 	rewrite ^/.well-known/carddav /cloud/remote.php/carddav/ redirect;
 	rewrite ^/.well-known/caldav /cloud/remote.php/caldav/ redirect;
 
+	# ADDITIONAL DIRECTIVES HERE

conf/nginx.conf

@@ -33,84 +33,5 @@ server {
 	ssl_certificate_key $SSL_KEY;
 	include /etc/nginx/nginx-ssl.conf;
 
-	# Expose this directory as static files.
-	root $ROOT;
-	index index.html index.htm;
-
-	location = /robots.txt {
-		log_not_found off;
-		access_log off;
-	}
-
-	location = /favicon.ico {
-		log_not_found off;
-		access_log off;
-	}
-
-	location = /mailinabox.mobileconfig {
-		alias /var/lib/mailinabox/mobileconfig.xml;
-	}
-	location = /.well-known/autoconfig/mail/config-v1.1.xml {
-		alias /var/lib/mailinabox/mozilla-autoconfig.xml;
-	}
-
-	# Roundcube Webmail configuration.
-	rewrite ^/mail$ /mail/ redirect;
-	rewrite ^/mail/$ /mail/index.php;
-	location /mail/ {
-		index index.php;
-		alias /usr/local/lib/roundcubemail/;
-	}
-	location ~ /mail/config/.* {
-		# A ~-style location is needed to give this precedence over the next block.
-		return 403;
-	}
-	location ~ /mail/.*\.php {
-		# note: ~ has precendence over a regular location block
-		include fastcgi_params;
-		fastcgi_split_path_info ^/mail(/.*)()$;
-		fastcgi_index index.php;
-		fastcgi_param SCRIPT_FILENAME /usr/local/lib/roundcubemail/$fastcgi_script_name;
-		fastcgi_pass php-fpm;
-
-		# Outgoing mail also goes through this endpoint, so increase the maximum
-		# file upload limit to match the corresponding Postfix limit.
-		client_max_body_size 128M;
-	}
-
-	# Z-Push (Microsoft Exchange ActiveSync)
-	location /Microsoft-Server-ActiveSync {
-		include /etc/nginx/fastcgi_params;
-		fastcgi_param SCRIPT_FILENAME /usr/local/lib/z-push/index.php;
-		fastcgi_param PHP_VALUE "include_path=.:/usr/share/php:/usr/share/pear:/usr/share/awl/inc";
-		fastcgi_read_timeout 630;
-		fastcgi_pass php-fpm;
-
-		# Outgoing mail also goes through this endpoint, so increase the maximum
-		# file upload limit to match the corresponding Postfix limit.
-		client_max_body_size 128M;
-	}
-	location /autodiscover/autodiscover.xml {
-		include fastcgi_params;
-		fastcgi_param SCRIPT_FILENAME /usr/local/lib/z-push/autodiscover/autodiscover.php;
-		fastcgi_param PHP_VALUE "include_path=.:/usr/share/php:/usr/share/pear:/usr/share/awl/inc";
-		fastcgi_pass php-fpm;
-	}
-
-
 	# ADDITIONAL DIRECTIVES HERE
-
-	# Disable viewing dotfiles (.htaccess, .svn, .git, etc.)
-	# This block is placed at the end. Nginx's precedence rules means this block
-	# takes precedence over all non-regex matches and only regex matches that
-	# come after it (i.e. none of those, since this is the last one.) That means
-	# we're blocking dotfiles in the static hosted sites but not the FastCGI-
-	# handled locations for ownCloud (which serves user-uploaded files that might
-	# have this pattern, see #414) or some of the other services.
-	location ~ /\.(ht|svn|git|hg|bzr) {
-		log_not_found off;
-		access_log off;
-		deny all;
-	}
-
 }