Use an HTTP proxy for resolving the admin address dynamically

7 years ago · 2c8810d7d3
parent 7d348440d8
commit 2c8810d7d3
2 changed files with 19 additions and 11 deletions
--- a/nginx/conf/nginx.conf
+++ b/nginx/conf/nginx.conf
@ -19,6 +19,7 @@ http {
    server_tokens off;
    absolute_redirect off;

+    # Main HTTP server
    server {
      # Always listen over HTTP
      listen 80;
@ -83,11 +84,20 @@ http {
      {% endif %}
      {% endif %}
    }
+
+    # Forwarding authentication server
+    server {
+      listen 127.0.0.1:8000;
+
+      location /internal {
+        proxy_pass http://admin;
+      }
+    }
 }

 mail {
    server_name {{ HOSTNAMES.split(",")[0] }};
-    auth_http http://{{ ADMIN_ADDRESS }}/internal/nginx;
+    auth_http http://127.0.0.1:8000/internal/nginx;
    proxy_pass_error_message on;

    {% if TLS and not TLS_ERROR %}
@ -132,18 +142,20 @@ mail {
      imap_auth plain;
    }

-    {% if TLS %}
    server {
-      listen 465 ssl;
-      listen [::]:465 ssl;
+      listen 587;
+      listen [::]:587;
+      {% if TLS %}
+      starttls only;
+      {% endif %}
      protocol smtp;
      smtp_auth plain;
    }

+    {% if TLS %}
    server {
-      listen 587;
-      listen [::]:587;
-      starttls only;
+      listen 465 ssl;
+      listen [::]:465 ssl;
      protocol smtp;
      smtp_auth plain;
    }
--- a/nginx/config.py
+++ b/nginx/config.py
@ -2,15 +2,11 @@

 import jinja2
 import os
-import socket
 	
 convert = lambda src, dst, args: open(dst, "w").write(jinja2.Template(open(src).read()).render(**args))

 args = os.environ.copy()

-if "ADMIN_ADDRESS" not in os.environ:
-    args["ADMIN_ADDRESS"] = socket.gethostbyname("admin")
-
 args["TLS"] = {
    "cert": ("/certs/cert.pem", "/certs/key.pem"),
    "letsencrypt": ("/certs/letsencrypt/live/mailu/fullchain.pem",