## $HOSTNAME # Redirect all HTTP to HTTPS. server { listen 80; listen [::]:80; server_name $HOSTNAME; root /tmp/invalid-path-nothing-here; # Improve privacy: Hide version an OS information on # error pages and in the "Server" HTTP-Header. server_tokens off; # Redirect using the 'return' directive and the built-in # variable '$request_uri' to avoid any capturing, matching # or evaluation of regular expressions. return 301 https://$HOSTNAME$request_uri; } # The secure HTTPS server. server { listen 443 ssl; listen [::]:443 ssl; server_name $HOSTNAME; # Improve privacy: Hide version an OS information on # error pages and in the "Server" HTTP-Header. server_tokens off; ssl_certificate $SSL_CERTIFICATE; ssl_certificate_key $SSL_KEY; include /etc/nginx/nginx-ssl.conf; # Expose this directory as static files. root $ROOT; index index.html index.htm; location = /robots.txt { log_not_found off; access_log off; } location = /favicon.ico { log_not_found off; access_log off; } location = /mailinabox.mobileconfig { alias /var/lib/mailinabox/mobileconfig.xml; } location = /.well-known/autoconfig/mail/config-v1.1.xml { alias /var/lib/mailinabox/mozilla-autoconfig.xml; } # Disable viewing dotfiles (.htaccess, .svn, .git, etc.) location ~ /\.(ht|svn|git|hg|bzr) { log_not_found off; access_log off; deny all; } # Roundcube Webmail configuration. rewrite ^/mail$ $scheme://$http_host/mail/ redirect; rewrite ^/mail/$ /mail/index.php; location /mail/ { index index.php; alias /usr/local/lib/roundcubemail/; } location ~ /mail/config/.* { # A ~-style location is needed to give this precedence over the next block. return 403; } location ~ /mail/.*\.php { # note: ~ has precendence over a regular location block include fastcgi_params; fastcgi_split_path_info ^/mail(/.*)()$; fastcgi_index index.php; fastcgi_param SCRIPT_FILENAME /usr/local/lib/roundcubemail/$fastcgi_script_name; fastcgi_pass php-fpm; # Outgoing mail also goes through this endpoint, so increase the maximum # file upload limit to match the corresponding Postfix limit. client_max_body_size 128M; } # Z-Push (Microsoft Exchange ActiveSync) location /Microsoft-Server-ActiveSync { include /etc/nginx/fastcgi_params; fastcgi_param SCRIPT_FILENAME /usr/local/lib/z-push/index.php; fastcgi_param PHP_VALUE "include_path=.:/usr/share/php:/usr/share/pear:/usr/share/awl/inc"; fastcgi_read_timeout 630; fastcgi_pass php-fpm; # Outgoing mail also goes through this endpoint, so increase the maximum # file upload limit to match the corresponding Postfix limit. client_max_body_size 128M; } location /autodiscover/autodiscover.xml { include fastcgi_params; fastcgi_param SCRIPT_FILENAME /usr/local/lib/z-push/autodiscover/autodiscover.php; fastcgi_param PHP_VALUE "include_path=.:/usr/share/php:/usr/share/pear:/usr/share/awl/inc"; fastcgi_pass php-fpm; } # ADDITIONAL DIRECTIVES HERE }