## $HOSTNAME # Redirect all HTTP to HTTPS. server { listen 80; listen [::]:80; server_name $HOSTNAME; root /tmp/invalid-path-nothing-here; rewrite ^/(.*)$ https://$HOSTNAME/$1 permanent; } # The secure HTTPS server. server { listen 443 ssl; server_name $HOSTNAME; ssl_certificate $SSL_CERTIFICATE; ssl_certificate_key $SSL_KEY; include /etc/nginx/nginx-ssl.conf; # Expose this directory as static files. root $ROOT; index index.html index.htm; location = /robots.txt { log_not_found off; access_log off; } location = /favicon.ico { log_not_found off; access_log off; } # Roundcube Webmail configuration. rewrite ^/mail$ /mail/ redirect; rewrite ^/mail/$ /mail/index.php; location /mail/ { index index.php; alias /usr/local/lib/roundcubemail/; } location ~ /mail/config/.* { # A ~-style location is needed to give this precedence over the next block. return 403; } location ~ /mail/.*\.php { # note: ~ has precendence over a regular location block include fastcgi_params; fastcgi_split_path_info ^/mail(/.*)()$; fastcgi_index index.php; fastcgi_param SCRIPT_FILENAME /usr/local/lib/roundcubemail/$fastcgi_script_name; fastcgi_pass php-fpm; client_max_body_size 20M; } # Webfinger configuration. location = /.well-known/webfinger { include fastcgi_params; fastcgi_param SCRIPT_FILENAME /usr/local/bin/mailinabox-webfinger.php; fastcgi_pass php-fpm; } # Z-Push (Microsoft Exchange ActiveSync) location /Microsoft-Server-ActiveSync { include /etc/nginx/fastcgi_params; fastcgi_param SCRIPT_FILENAME /usr/local/lib/z-push/index.php; fastcgi_param PHP_VALUE "include_path=.:/usr/share/php:/usr/share/pear:/usr/share/awl/inc"; fastcgi_read_timeout 1750s; fastcgi_send_timeout 1750s; fastcgi_pass php-fpm; } location /autodiscover/autodiscover.xml { include fastcgi_params; fastcgi_param SCRIPT_FILENAME /usr/local/lib/z-push/autodiscover/autodiscover.php; fastcgi_param PHP_VALUE "include_path=.:/usr/share/php:/usr/share/pear:/usr/share/awl/inc"; fastcgi_pass php-fpm; } # ADDITIONAL DIRECTIVES HERE }