Use an HTTP proxy for resolving the admin address dynamically

nginx/conf/nginx.conf

@@ -19,6 +19,7 @@ http {
     server_tokens off;
     absolute_redirect off;
 
+    # Main HTTP server
     server {
       # Always listen over HTTP
       listen 80;
@@ -83,11 +84,20 @@ http {
       {% endif %}
       {% endif %}
     }
+
+    # Forwarding authentication server
+    server {
+      listen 127.0.0.1:8000;
+
+      location /internal {
+        proxy_pass http://admin;
+      }
+    }
 }
 
 mail {
     server_name {{ HOSTNAMES.split(",")[0] }};
-    auth_http http://{{ ADMIN_ADDRESS }}/internal/nginx;
+    auth_http http://127.0.0.1:8000/internal/nginx;
     proxy_pass_error_message on;
 
     {% if TLS and not TLS_ERROR %}
@@ -132,18 +142,20 @@ mail {
       imap_auth plain;
     }
 
-    {% if TLS %}
     server {
-      listen 465 ssl;
+      listen 587;
-      listen [::]:465 ssl;
+      listen [::]:587;
+      {% if TLS %}
+      starttls only;
+      {% endif %}
       protocol smtp;
       smtp_auth plain;
     }
 
+    {% if TLS %}
     server {
-      listen 587;
+      listen 465 ssl;
-      listen [::]:587;
+      listen [::]:465 ssl;
-      starttls only;
       protocol smtp;
       smtp_auth plain;
     }

nginx/config.py

@@ -2,15 +2,11 @@
 
 import jinja2
 import os
-import socket
 	
 convert = lambda src, dst, args: open(dst, "w").write(jinja2.Template(open(src).read()).render(**args))
 
 args = os.environ.copy()
 
-if "ADMIN_ADDRESS" not in os.environ:
-    args["ADMIN_ADDRESS"] = socket.gethostbyname("admin")
-
 args["TLS"] = {
     "cert": ("/certs/cert.pem", "/certs/key.pem"),
     "letsencrypt": ("/certs/letsencrypt/live/mailu/fullchain.pem",