From 8543d513a9e50f44f63f70bc8cbe50266ac717a7 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Sebasti=C3=A1n=20Ram=C3=ADrez?= Date: Wed, 1 Mar 2017 22:02:11 -0500 Subject: [PATCH] Add alternative frontend nginx-no-https --- .env.dist | 2 +- nginx-no-https/Dockerfile | 9 ++++ nginx-no-https/README.md | 14 ++++++ nginx-no-https/nginx.conf.default | 79 +++++++++++++++++++++++++++++++ nginx-no-https/start.sh | 5 ++ 5 files changed, 108 insertions(+), 1 deletion(-) create mode 100644 nginx-no-https/Dockerfile create mode 100644 nginx-no-https/README.md create mode 100644 nginx-no-https/nginx.conf.default create mode 100644 nginx-no-https/start.sh diff --git a/.env.dist b/.env.dist index 1bea9f78..1a1f3b67 100644 --- a/.env.dist +++ b/.env.dist @@ -36,7 +36,7 @@ COMPOSE_PROJECT_NAME=mailu # Optional features ################################### -# Choose which frontend Web server to run if any (value: nginx, none) +# Choose which frontend Web server to run if any (value: nginx, nginx-no-https, none) FRONTEND=none # Choose which webmail to run if any (values: roundcube, rainloop, none) diff --git a/nginx-no-https/Dockerfile b/nginx-no-https/Dockerfile new file mode 100644 index 00000000..ee5355fe --- /dev/null +++ b/nginx-no-https/Dockerfile @@ -0,0 +1,9 @@ +FROM nginx:alpine + +RUN apk add --no-cache nginx-lua openssl + +COPY nginx.conf.default /etc/nginx/nginx.conf.default + +COPY start.sh /start.sh + +CMD ["/start.sh"] diff --git a/nginx-no-https/README.md b/nginx-no-https/README.md new file mode 100644 index 00000000..2a89f3b1 --- /dev/null +++ b/nginx-no-https/README.md @@ -0,0 +1,14 @@ +Mailu NGINX container +===================== + +NGINX is a popular and highly efficient webserver and reverse proxy server +commonly used to power high performance websites. In the Mailu stack it is +used as the HTTP frontend tunneling requests to the public web services +provided by other containers. + +Resources +--------- + + * [Report issues](https://github.com/Mailu/Mailu/issues) and + [send Pull Requests](https://github.com/Mailu/Mailu/pulls) + in the [main Mailu repository](https://github.com/Mailu/Mailu) \ No newline at end of file diff --git a/nginx-no-https/nginx.conf.default b/nginx-no-https/nginx.conf.default new file mode 100644 index 00000000..b1f6c816 --- /dev/null +++ b/nginx-no-https/nginx.conf.default @@ -0,0 +1,79 @@ +# Basic configuration +user nginx; +worker_processes 1; +error_log /dev/stderr info; +pid /var/run/nginx.pid; + +events { + worker_connections 1024; +} + +# Environment variables used in the configuration +env WEBMAIL; +env WEBDAV; +env EXPOSE_ADMIN; + +http { + # Standard HTTP configuration with slight hardening + include /etc/nginx/mime.types; + default_type application/octet-stream; + access_log /dev/stdout; + sendfile on; + keepalive_timeout 65; + server_tokens off; + + server { + listen 80; + + # Load Lua variables + set_by_lua $webmail 'return os.getenv("WEBMAIL")'; + set_by_lua $webdav 'return os.getenv("WEBDAV")'; + set_by_lua $expose_admin 'return os.getenv("EXPOSE_ADMIN")'; + + # Actual logic + + location / { + if ($webmail != none) { + return 301 $scheme://$host/webmail/; + } + + if ($webmail = none) { + return 403; + } + } + + location /webmail { + if ($webmail != none) { + proxy_pass http://webmail; + } + + if ($webmail = none) { + return 403; + } + } + + location /admin { + if ($expose_admin = yes) { + proxy_pass http://admin; + } + + if ($expose_admin != yes) { + return 403; + } + } + + location /webdav { + if ($webdav != none) { + proxy_pass http://webdav:5232; + } + + if ($webdav = none) { + return 403; + } + } + + location /.well-known/acme-challenge { + proxy_pass http://admin:8081; + } + } +} diff --git a/nginx-no-https/start.sh b/nginx-no-https/start.sh new file mode 100644 index 00000000..e4bc34d3 --- /dev/null +++ b/nginx-no-https/start.sh @@ -0,0 +1,5 @@ +#!/bin/sh + +cp /etc/nginx/nginx.conf.default /etc/nginx/nginx.conf + +nginx -g 'daemon off;'