From dac97c72ce247c28701009a26d7874e6209ea9a7 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Sebasti=C3=A1n=20Ram=C3=ADrez?= <tiangolo@gmail.com>
Date: Thu, 23 Feb 2017 16:43:08 -0500
Subject: [PATCH 1/7] Fix nginx entrypoint

---
 nginx/start.sh | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/nginx/start.sh b/nginx/start.sh
index 2cb65f1a..9f1c874f 100755
--- a/nginx/start.sh
+++ b/nginx/start.sh
@@ -1,6 +1,6 @@
 #!/bin/sh
 
-if [[ -z ENABLE_CERTBOT || -f /certs/cert.pem ]]
+if [[ -z $ENABLE_CERTBOT || -f /certs/cert.pem ]]
 then
   cp /etc/nginx/nginx.conf.default /etc/nginx/nginx.conf
 else

From 5626ff93f704c2ead06e57ed80ff48c879a248d6 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Carlos=20Bern=C3=A1rdez?= <carlos@z4studios.com>
Date: Fri, 24 Feb 2017 00:28:25 +0100
Subject: [PATCH 2/7] Updated AUTHORS.md

---
 AUTHORS.md | 1 +
 1 file changed, 1 insertion(+)

diff --git a/AUTHORS.md b/AUTHORS.md
index a15a6478..c9f33e76 100644
--- a/AUTHORS.md
+++ b/AUTHORS.md
@@ -10,3 +10,4 @@ Other contributors:
 
  - Angedestenebres - Tests on development version & Current version
  - Stefan Auditor - German translation on POEditor.com
+ - [Carlos Bernárdez](https://github.com/jkarlosb) - [[Contributions in Mailu]](https://github.com/Mailu/Mailu/commits?author=jkarlosb)

From 7e469459c7a257a3414f5675074f08e648ffcc5f Mon Sep 17 00:00:00 2001
From: Andreas Faerber <andreas@faerber.me>
Date: Sat, 25 Feb 2017 09:53:53 +0100
Subject: [PATCH 3/7] Create and use ssl dhparam file if not mounted,
 NGINX_SSL_DHPARAM_BITS variable in .env.dist file

---
 nginx/nginx.conf.default  | 1 +
 nginx/nginx.conf.fallback | 1 +
 nginx/start.sh            | 4 ++++
 3 files changed, 6 insertions(+)

diff --git a/nginx/nginx.conf.default b/nginx/nginx.conf.default
index 0d57ca50..b7ed5179 100644
--- a/nginx/nginx.conf.default
+++ b/nginx/nginx.conf.default
@@ -35,6 +35,7 @@ http {
       ssl_session_cache shared:SSL:50m;
       ssl_certificate /certs/cert.pem;
       ssl_certificate_key /certs/key.pem;
+      ssl_dhparam /etc/nginx/dhparam.pem;
 
       add_header Strict-Transport-Security max-age=15768000;
 
diff --git a/nginx/nginx.conf.fallback b/nginx/nginx.conf.fallback
index bf5cd869..9a63a3c9 100644
--- a/nginx/nginx.conf.fallback
+++ b/nginx/nginx.conf.fallback
@@ -30,6 +30,7 @@ http {
       ssl_session_cache shared:SSL:50m;
       ssl_certificate /tmp/snakeoil.pem;
       ssl_certificate_key /tmp/snakeoil.pem;
+      ssl_dhparam /etc/nginx/dhparam.pem;
 
       add_header Strict-Transport-Security max-age=15768000;
 
diff --git a/nginx/start.sh b/nginx/start.sh
index 2cb65f1a..216e62f5 100755
--- a/nginx/start.sh
+++ b/nginx/start.sh
@@ -9,4 +9,8 @@ L=None/O=None/CN=$DOMAIN"
   cp /etc/nginx/nginx.conf.fallback /etc/nginx/nginx.conf
 fi
 
+if [ ! -r /etc/nginx/dhparam.pem ]; then
+  openssl dhparam -out /etc/nginx/dhparam.pem $NGINX_SSL_DHPARAM_BITS
+fi
+
 nginx -g 'daemon off;'

From 49904c094520ccab6905e7b7cc6e86822b8a0c9b Mon Sep 17 00:00:00 2001
From: Andreas Faerber <andreas@faerber.me>
Date: Sat, 25 Feb 2017 09:55:00 +0100
Subject: [PATCH 4/7] Create and use ssl dhparam file if not existing
 (mounted), NGINX_SSL_DHPARAM_BITS variable in .env.dist file

---
 .env.dist | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/.env.dist b/.env.dist
index c29bbbac..1bea9f78 100644
--- a/.env.dist
+++ b/.env.dist
@@ -69,6 +69,13 @@ RELAYHOST=
 # Fetchmail delay
 FETCHMAIL_DELAY=600
 
+###################################
+# Nginx settings
+###################################
+
+# SSL DHPARAM Bits
+NGINX_SSL_DHPARAM_BITS=2048
+
 ###################################
 # Developers
 ###################################

From 8543d513a9e50f44f63f70bc8cbe50266ac717a7 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Sebasti=C3=A1n=20Ram=C3=ADrez?= <tiangolo@gmail.com>
Date: Wed, 1 Mar 2017 22:02:11 -0500
Subject: [PATCH 5/7] Add alternative frontend nginx-no-https

---
 .env.dist                         |  2 +-
 nginx-no-https/Dockerfile         |  9 ++++
 nginx-no-https/README.md          | 14 ++++++
 nginx-no-https/nginx.conf.default | 79 +++++++++++++++++++++++++++++++
 nginx-no-https/start.sh           |  5 ++
 5 files changed, 108 insertions(+), 1 deletion(-)
 create mode 100644 nginx-no-https/Dockerfile
 create mode 100644 nginx-no-https/README.md
 create mode 100644 nginx-no-https/nginx.conf.default
 create mode 100644 nginx-no-https/start.sh

diff --git a/.env.dist b/.env.dist
index 1bea9f78..1a1f3b67 100644
--- a/.env.dist
+++ b/.env.dist
@@ -36,7 +36,7 @@ COMPOSE_PROJECT_NAME=mailu
 # Optional features
 ###################################
 
-# Choose which frontend Web server to run if any (value: nginx, none)
+# Choose which frontend Web server to run if any (value: nginx, nginx-no-https, none)
 FRONTEND=none
 
 # Choose which webmail to run if any (values: roundcube, rainloop, none)
diff --git a/nginx-no-https/Dockerfile b/nginx-no-https/Dockerfile
new file mode 100644
index 00000000..ee5355fe
--- /dev/null
+++ b/nginx-no-https/Dockerfile
@@ -0,0 +1,9 @@
+FROM nginx:alpine
+
+RUN apk add --no-cache nginx-lua openssl
+
+COPY nginx.conf.default /etc/nginx/nginx.conf.default
+
+COPY start.sh /start.sh
+
+CMD ["/start.sh"]
diff --git a/nginx-no-https/README.md b/nginx-no-https/README.md
new file mode 100644
index 00000000..2a89f3b1
--- /dev/null
+++ b/nginx-no-https/README.md
@@ -0,0 +1,14 @@
+Mailu NGINX container
+=====================
+
+NGINX is a popular and highly efficient webserver and reverse proxy server
+commonly used to power high performance websites. In the Mailu stack it is
+used as the HTTP frontend tunneling requests to the public web services
+provided by other containers.
+
+Resources
+---------
+
+ * [Report issues](https://github.com/Mailu/Mailu/issues) and
+    [send Pull Requests](https://github.com/Mailu/Mailu/pulls)
+    in the [main Mailu repository](https://github.com/Mailu/Mailu)
\ No newline at end of file
diff --git a/nginx-no-https/nginx.conf.default b/nginx-no-https/nginx.conf.default
new file mode 100644
index 00000000..b1f6c816
--- /dev/null
+++ b/nginx-no-https/nginx.conf.default
@@ -0,0 +1,79 @@
+#  Basic configuration
+user nginx;
+worker_processes  1;
+error_log /dev/stderr info;
+pid /var/run/nginx.pid;
+
+events {
+    worker_connections  1024;
+}
+
+# Environment variables used in the configuration
+env WEBMAIL;
+env WEBDAV;
+env EXPOSE_ADMIN;
+
+http {
+    # Standard HTTP configuration with slight hardening
+    include /etc/nginx/mime.types;
+    default_type application/octet-stream;
+    access_log /dev/stdout;
+    sendfile on;
+    keepalive_timeout  65;
+    server_tokens off;
+
+    server {
+      listen 80;
+
+      # Load Lua variables
+      set_by_lua $webmail 'return os.getenv("WEBMAIL")';
+      set_by_lua $webdav 'return os.getenv("WEBDAV")';
+      set_by_lua $expose_admin 'return os.getenv("EXPOSE_ADMIN")';
+
+      # Actual logic
+
+      location / {
+        if ($webmail != none) {
+          return 301 $scheme://$host/webmail/;
+        }
+
+        if ($webmail = none) {
+          return 403;
+        }
+      }
+
+      location /webmail {
+        if ($webmail != none) {
+          proxy_pass http://webmail;
+        }
+
+        if ($webmail = none) {
+          return 403;
+        }
+      }
+
+      location /admin {
+        if ($expose_admin = yes) {
+          proxy_pass http://admin;
+        }
+
+        if ($expose_admin != yes) {
+          return 403;
+        }
+      }
+
+      location /webdav {
+        if ($webdav != none) {
+          proxy_pass http://webdav:5232;
+        }
+
+        if ($webdav = none) {
+          return 403;
+        }
+      }
+
+      location /.well-known/acme-challenge {
+        proxy_pass http://admin:8081;
+      }
+    }
+}
diff --git a/nginx-no-https/start.sh b/nginx-no-https/start.sh
new file mode 100644
index 00000000..e4bc34d3
--- /dev/null
+++ b/nginx-no-https/start.sh
@@ -0,0 +1,5 @@
+#!/bin/sh
+
+cp /etc/nginx/nginx.conf.default /etc/nginx/nginx.conf
+
+nginx -g 'daemon off;'

From 79a1c6a16638b8459d831fd3054e503f99952fa5 Mon Sep 17 00:00:00 2001
From: binor <binor@users.noreply.github.com>
Date: Thu, 2 Mar 2017 09:06:31 +0100
Subject: [PATCH 6/7] Add dulwich for git support

Radicale supports automatic versioning of calendar event changes if a git repository was initialized in the data directory. For this to work, Radicale needs dulwich as an interface to the git repository.

http://radicale.org/user_documentation/#idgit-support
---
 radicale/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/radicale/Dockerfile b/radicale/Dockerfile
index b42548e6..dce888b5 100644
--- a/radicale/Dockerfile
+++ b/radicale/Dockerfile
@@ -1,7 +1,7 @@
 FROM alpine:edge
 
 RUN echo "@testing http://nl.alpinelinux.org/alpine/edge/testing" >> /etc/apk/repositories \
- && apk add --no-cache radicale@testing
+ && apk add --no-cache radicale@testing py-dulwich@testing
 
 COPY radicale.conf /radicale.conf
 

From a6e1da5a4382d50149aba55ff3e74aafd1d49032 Mon Sep 17 00:00:00 2001
From: Hugues Morisset <morisset.hugues@gmail.com>
Date: Wed, 8 Mar 2017 17:29:25 +0100
Subject: [PATCH 7/7] Add execute permission on start.sh for nginx-no-https

---
 nginx-no-https/start.sh | 0
 1 file changed, 0 insertions(+), 0 deletions(-)
 mode change 100644 => 100755 nginx-no-https/start.sh

diff --git a/nginx-no-https/start.sh b/nginx-no-https/start.sh
old mode 100644
new mode 100755