# The HTTP (not SSL) server. server { listen 80; listen [::]:80 default_server ipv6only=on; server_name $PUBLIC_HOSTNAME; # We'll expose this directory publicly over http. root $STORAGE_ROOT/www/static; index index.html index.htm; location / { # First attempt to serve request as file, then # as directory, then fall back to displaying a 404. try_files $uri $uri/ /index.html; } # Convenience redirect to https. rewrite ^/mail(/.*)?$ https://$PUBLIC_HOSTNAME/mail$1 permanent; } # The secure HTTPS server. server { listen 443 ssl; server_name $PUBLIC_HOSTNAME; ssl_certificate $STORAGE_ROOT/ssl/ssl_certificate.pem; ssl_certificate_key $STORAGE_ROOT/ssl/ssl_private_key.pem; # We'll expose the same static directory under https. root $STORAGE_ROOT/www/static; index index.html index.htm; # Roundcube Webmail configuration. rewrite ^/mail$ /mail/ redirect; rewrite ^/mail/$ /mail/index.php; location /mail/ { index index.php; alias /var/lib/roundcube/; } location ~ /mail/.*\.php { include fastcgi_params; fastcgi_split_path_info ^/mail(/.*)()$; fastcgi_index index.php; fastcgi_param SCRIPT_FILENAME /var/lib/roundcube/$fastcgi_script_name; fastcgi_pass unix:/tmp/php-fastcgi.www-data.sock; client_max_body_size 20M; } }