## $HOSTNAME # Redirect all HTTP to HTTPS. server { listen 80; listen [::]:80; server_name $HOSTNAME; root /tmp/invalid-path-nothing-here; rewrite ^/(.*)$ https://$HOSTNAME/$1 permanent; } # The secure HTTPS server. server { listen 443 ssl; server_name $HOSTNAME; ssl_certificate $SSL_CERTIFICATE; ssl_certificate_key $SSL_KEY; include /etc/nginx/nginx-ssl.conf; # Expose this directory as static files. root $ROOT; index index.html index.htm; # Control Panel rewrite ^/admin$ /admin/; location /admin/ { proxy_pass http://localhost:10222/; } # Roundcube Webmail configuration. rewrite ^/mail$ /mail/ redirect; rewrite ^/mail/$ /mail/index.php; location /mail/ { index index.php; alias /usr/local/lib/roundcubemail/; } location ~ /mail/config/.* { # A ~-style location is needed to give this precedence over the next block. return 403; } location ~ /mail/.*\.php { # note: ~ has precendence over a regular location block include fastcgi_params; fastcgi_split_path_info ^/mail(/.*)()$; fastcgi_index index.php; fastcgi_param SCRIPT_FILENAME /usr/local/lib/roundcubemail/$fastcgi_script_name; fastcgi_pass php-fpm; client_max_body_size 20M; } # Webfinger configuration. location = /.well-known/webfinger { include fastcgi_params; fastcgi_param SCRIPT_FILENAME /usr/local/bin/mailinabox-webfinger.php; fastcgi_pass php-fpm; } # Microsoft Exchange autodiscover.xml for email location /autodiscover/autodiscover.xml { include fastcgi_params; fastcgi_param SCRIPT_FILENAME /usr/local/lib/z-push/autodiscover/autodiscover.php; fastcgi_param PHP_VALUE "short_open_tag=Off"; fastcgi_pass php-fpm; } # Z-Push (Microsoft Exchange ActiveSync) location /Microsoft-Server-ActiveSync { include /etc/nginx/fastcgi_params; fastcgi_param SCRIPT_FILENAME /usr/local/lib/z-push/index.php; fastcgi_param PHP_VALUE "include_path=.:/usr/share/php:/usr/share/pear:/usr/share/awl/inc"; fastcgi_read_timeout 630; fastcgi_pass php-fpm; } # ADDITIONAL DIRECTIVES HERE }