# Expose this directory as static files. root $ROOT; index index.html index.htm; location = /robots.txt { log_not_found off; access_log off; } location = /favicon.ico { log_not_found off; access_log off; } location = /mailinabox.mobileconfig { alias /var/lib/mailinabox/mobileconfig.xml; } location = /.well-known/autoconfig/mail/config-v1.1.xml { alias /var/lib/mailinabox/mozilla-autoconfig.xml; } # Roundcube Webmail configuration. rewrite ^/mail$ /mail/ redirect; rewrite ^/mail/$ /mail/index.php; location /mail/ { index index.php; alias /usr/local/lib/roundcubemail/; } location ~ ^/mail/(config|temp|logs|bin|SQL)/ { deny all; } location ~ ^/mail/(README|INSTALL|LICENSE|CHANGELOG|UPGRADING)$ { deny all; } location ~ ^/mail/(.+\.md|composer\.json.*|package\.xml|Dockerfile)$ { deny all; } location ~ ^/mail/\. { deny all; access_log off; log_not_found off; } location ~ /mail/.*\.php { # note: ~ has precendence over a regular location block include fastcgi_params; fastcgi_split_path_info ^/mail(/.*)()$; fastcgi_index index.php; fastcgi_param SCRIPT_FILENAME /usr/local/lib/roundcubemail/$fastcgi_script_name; fastcgi_pass php-fpm; # Outgoing mail also goes through this endpoint, so increase the maximum # file upload limit to match the corresponding Postfix limit. client_max_body_size 128M; } # Z-Push (Microsoft Exchange ActiveSync) location /Microsoft-Server-ActiveSync { include /etc/nginx/fastcgi_params; fastcgi_param SCRIPT_FILENAME /usr/local/lib/z-push/index.php; fastcgi_param PHP_VALUE "include_path=.:/usr/share/php:/usr/share/pear:/usr/share/awl/inc"; fastcgi_read_timeout 630; fastcgi_pass php-fpm; # Outgoing mail also goes through this endpoint, so increase the maximum # file upload limit to match the corresponding Postfix limit. client_max_body_size 128M; } location ~* ^/autodiscover/autodiscover.xml$ { include fastcgi_params; fastcgi_param SCRIPT_FILENAME /usr/local/lib/z-push/autodiscover/autodiscover.php; fastcgi_param PHP_VALUE "include_path=.:/usr/share/php:/usr/share/pear:/usr/share/awl/inc"; fastcgi_pass php-fpm; } # ADDITIONAL DIRECTIVES HERE # Disable viewing dotfiles (.htaccess, .svn, .git, etc.) # This block is placed at the end. Nginx's precedence rules means this block # takes precedence over all non-regex matches and only regex matches that # come after it (i.e. none of those, since this is the last one.) That means # we're blocking dotfiles in the static hosted sites but not the FastCGI- # handled locations for ownCloud (which serves user-uploaded files that might # have this pattern, see #414) or some of the other services. location ~ /\.(ht|svn|git|hg|bzr) { log_not_found off; access_log off; deny all; }