lub
/
mailu
1
0
Fork 0
Code Issues Pull Requests Packages Releases Wiki Activity

Deprecate nginx as a Web frontend

Browse Source
master
kaiyou 7 years ago
parent a880bc908e
commit 0223999a04
9 changed files with 0 additions and 305 deletions
Show Stats Download Patch File Download Diff File

9
nginx-no-https/Dockerfile
Unescape Escape View File

@ -1,9 +0,0 @@
FROM nginx:alpine
RUN apk add --no-cache nginx-mod-http-lua
COPY nginx.conf.default /etc/nginx/nginx.conf.default
COPY start.sh /start.sh
CMD ["/start.sh"]

14
nginx-no-https/README.md
Unescape Escape View File

@ -1,14 +0,0 @@
Mailu NGINX container
=====================
NGINX is a popular and highly efficient webserver and reverse proxy server
commonly used to power high performance websites. In the Mailu stack it is
used as the HTTP frontend tunneling requests to the public web services
provided by other containers.
Resources
---------
* [Report issues](https://github.com/Mailu/Mailu/issues) and
[send Pull Requests](https://github.com/Mailu/Mailu/pulls)
in the [main Mailu repository](https://github.com/Mailu/Mailu)

83
nginx-no-https/nginx.conf.default
Unescape Escape View File

@ -1,83 +0,0 @@
# Basic configuration
user nginx;
worker_processes 1;
error_log /dev/stderr info;
pid /var/run/nginx.pid;
include /etc/nginx/modules/devel_kit.conf;
include /etc/nginx/modules/http_lua.conf;
events {
worker_connections 1024;
}
# Environment variables used in the configuration
env WEBMAIL;
env WEBDAV;
env EXPOSE_ADMIN;
http {
# Standard HTTP configuration with slight hardening
include /etc/nginx/mime.types;
default_type application/octet-stream;
access_log /dev/stdout;
sendfile on;
keepalive_timeout 65;
server_tokens off;
client_max_body_size 25m;
server {
listen 80;
listen [::]:80;
# Load Lua variables
set_by_lua $webmail 'return os.getenv("WEBMAIL")';
set_by_lua $webdav 'return os.getenv("WEBDAV")';
set_by_lua $expose_admin 'return os.getenv("EXPOSE_ADMIN")';
# Actual logic
location / {
if ($webmail != none) {
return 301 $scheme://$host/webmail/;
}
if ($webmail = none) {
return 403;
}
}
location /webmail {
if ($webmail != none) {
proxy_pass http://webmail;
}
if ($webmail = none) {
return 403;
}
}
location /admin {
if ($expose_admin = yes) {
proxy_pass http://admin;
}
if ($expose_admin != yes) {
return 403;
}
}
location /webdav {
if ($webdav != none) {
proxy_pass http://webdav:5232;
}
if ($webdav = none) {
return 403;
}
}
location /.well-known/acme-challenge {
proxy_pass http://admin:8081;
}
}
}

5
nginx-no-https/start.sh
Unescape Escape View File

@ -1,5 +0,0 @@
#!/bin/sh
cp /etc/nginx/nginx.conf.default /etc/nginx/nginx.conf
nginx -g 'daemon off;'

10
nginx/Dockerfile
Unescape Escape View File

@ -1,10 +0,0 @@
FROM nginx:alpine
RUN apk add --no-cache nginx-mod-http-lua openssl
COPY nginx.conf.default /etc/nginx/nginx.conf.default
COPY nginx.conf.fallback /etc/nginx/nginx.conf.fallback
COPY start.sh /start.sh
CMD ["/start.sh"]

14
nginx/README.md
Unescape Escape View File

@ -1,14 +0,0 @@
Mailu NGINX container
=====================
NGINX is a popular and highly efficient webserver and reverse proxy server
commonly used to power high performance websites. In the Mailu stack it is
used as the HTTP frontend tunneling requests to the public web services
provided by other containers.
Resources
---------
* [Report issues](https://github.com/Mailu/Mailu/issues) and
[send Pull Requests](https://github.com/Mailu/Mailu/pulls)
in the [main Mailu repository](https://github.com/Mailu/Mailu)

105
nginx/nginx.conf.default
Unescape Escape View File

@ -1,105 +0,0 @@
# Basic configuration
user nginx;
worker_processes 1;
error_log /dev/stderr info;
pid /var/run/nginx.pid;
include /etc/nginx/modules/devel_kit.conf;
include /etc/nginx/modules/http_lua.conf;
events {
worker_connections 1024;
}
# Environment variables used in the configuration
env WEBMAIL;
env WEBDAV;
env EXPOSE_ADMIN;
http {
# Standard HTTP configuration with slight hardening
include /etc/nginx/mime.types;
default_type application/octet-stream;
access_log /dev/stdout;
sendfile on;
keepalive_timeout 65;
server_tokens off;
client_max_body_size 25m;
server {
listen 80;
listen [::]:80;
location /.well-known/acme-challenge {
proxy_pass http://admin:8081;
}
location / {
return 301 https://$host$request_uri;
}
}
server {
listen 443 ssl;
listen [::]:443 ssl;
# TLS configuration hardened according to:
# https://bettercrypto.org/static/applied-crypto-hardening.pdf
ssl_protocols TLSv1.1 TLSv1.2;
ssl_ciphers 'EDH+CAMELLIA:EDH+aRSA:EECDH+aRSA+AESGCM:EECDH+aRSA+SHA256:EECDH:+CAMELLIA128:+AES128:+SSLv3:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!DSS:!RC4:!SEED:!IDEA:!ECDSA:kEDH:CAMELLIA128-SHA:AES128-SHA';
ssl_prefer_server_ciphers on;
ssl_session_timeout 5m;
ssl_session_cache shared:SSL:50m;
ssl_certificate /certs/cert.pem;
ssl_certificate_key /certs/key.pem;
ssl_dhparam /etc/nginx/dhparam.pem;
add_header Strict-Transport-Security max-age=15768000;
# Load Lua variables
set_by_lua $webmail 'return os.getenv("WEBMAIL")';
set_by_lua $webdav 'return os.getenv("WEBDAV")';
set_by_lua $expose_admin 'return os.getenv("EXPOSE_ADMIN")';
# Actual logic
location / {
if ($webmail != none) {
return 301 $scheme://$host/webmail/;
}
if ($webmail = none) {
return 403;
}
}
location /webmail {
if ($webmail != none) {
proxy_pass http://webmail;
}
if ($webmail = none) {
return 403;
}
}
location /admin {
if ($expose_admin = yes) {
proxy_pass http://admin;
}
if ($expose_admin != yes) {
return 403;
}
}
location /webdav {
if ($webdav != none) {
proxy_pass http://webdav:5232;
}
if ($webdav = none) {
return 403;
}
}
}
}

50
nginx/nginx.conf.fallback
Unescape Escape View File

@ -1,50 +0,0 @@
# Basic configuration
user nginx;
worker_processes 1;
error_log /dev/stderr info;
pid /var/run/nginx.pid;
include /etc/nginx/modules/devel_kit.conf;
include /etc/nginx/modules/http_lua.conf;
events {
worker_connections 1024;
}
http {
# Standard HTTP configuration with slight hardening
include /etc/nginx/mime.types;
default_type application/octet-stream;
access_log /dev/stdout;
sendfile on;
keepalive_timeout 65;
server_tokens off;
client_max_body_size 25m;
server {
listen 80;
listen 443 ssl;
listen [::]:80;
listen [::]:443 ssl;
# TLS configuration hardened according to:
# https://bettercrypto.org/static/applied-crypto-hardening.pdf
ssl_protocols TLSv1.1 TLSv1.2;
ssl_ciphers 'EDH+CAMELLIA:EDH+aRSA:EECDH+aRSA+AESGCM:EECDH+aRSA+SHA256:EECDH:+CAMELLIA128:+AES128:+SSLv3:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!DSS:!RC4:!SEED:!IDEA:!ECDSA:kEDH:CAMELLIA128-SHA:AES128-SHA';
ssl_prefer_server_ciphers on;
ssl_session_timeout 5m;
ssl_session_cache shared:SSL:50m;
ssl_certificate /tmp/snakeoil.pem;
ssl_certificate_key /tmp/snakeoil.pem;
ssl_dhparam /etc/nginx/dhparam.pem;
add_header Strict-Transport-Security max-age=15768000;
if ($scheme = http) {
return 301 https://$host$request_uri;
}
location /.well-known/acme-challenge {
proxy_pass http://admin:8081;
}
}
}

15
nginx/start.sh
Unescape Escape View File

@ -1,15 +0,0 @@
#!/bin/sh
if [ -z $ENABLE_CERTBOT ] || [ -f /certs/cert.pem ]
then
cp /etc/nginx/nginx.conf.default /etc/nginx/nginx.conf
else
openssl req -newkey rsa:2048 -x509 -keyout /tmp/snakeoil.pem -out /tmp/snakeoil.pem -days 365 -nodes -subj "/C=NA/ST=None/L=None/O=None/CN=$DOMAIN"
cp /etc/nginx/nginx.conf.fallback /etc/nginx/nginx.conf
fi
if [ ! -r /etc/nginx/dhparam.pem ]; then
openssl dhparam -out /etc/nginx/dhparam.pem $NGINX_SSL_DHPARAM_BITS
fi
nginx -g 'daemon off;'
Write Preview
Loading…
Cancel
Save