diff --git a/conf/nginx-primaryonly-no-nextcloud.conf b/conf/nginx-primaryonly-no-nextcloud.conf new file mode 100644 index 00000000..09e1f34a --- /dev/null +++ b/conf/nginx-primaryonly-no-nextcloud.conf @@ -0,0 +1,17 @@ + # Control Panel + # Proxy /admin to our Python based control panel daemon. It is + # listening on IPv4 only so use an IP address and not 'localhost'. + location /admin/assets { + alias /usr/local/lib/mailinabox/vendor/assets; + } + rewrite ^/admin$ /admin/; + rewrite ^/admin/munin$ /admin/munin/ redirect; + location /admin/ { + proxy_pass http://127.0.0.1:10222/; + proxy_set_header X-Forwarded-For $remote_addr; + add_header X-Frame-Options "DENY"; + add_header X-Content-Type-Options nosniff; + add_header Content-Security-Policy "frame-ancestors 'none';"; + } + + # ADDITIONAL DIRECTIVES HERE diff --git a/management/web_update.py b/management/web_update.py index 72295c21..b4939513 100644 --- a/management/web_update.py +++ b/management/web_update.py @@ -8,6 +8,7 @@ from mailconfig import get_mail_domains from dns_update import get_custom_dns_config, get_dns_zones from ssl_certificates import get_ssl_certificates, get_domain_ssl_files, check_certificate from utils import shell, safe_domain_name, sort_domains +from os import environ def get_web_domains(env, include_www_redirects=True, exclude_dns_elsewhere=True): # What domains should we serve HTTP(S) for? @@ -77,7 +78,11 @@ def do_web_update(env): # Load the templates. template0 = open(os.path.join(os.path.dirname(__file__), "../conf/nginx.conf")).read() template1 = open(os.path.join(os.path.dirname(__file__), "../conf/nginx-alldomains.conf")).read() - template2 = open(os.path.join(os.path.dirname(__file__), "../conf/nginx-primaryonly.conf")).read() + # Check if the user doesn't want Nextcloud. + if environ.get('DISABLE_NEXTCLOUD') == '1': + template2 = open(os.path.join(os.path.dirname(__file__), "../conf/nginx-primaryonly-no-nextcloud.conf")).read() + else: + template2 = open(os.path.join(os.path.dirname(__file__), "../conf/nginx-primaryonly.conf")).read() template3 = "\trewrite ^(.*) https://$REDIRECT_DOMAIN$1 permanent;\n" # Add the PRIMARY_HOST configuration first so it becomes nginx's default server.