Use an HTTP proxy for resolving the admin address dynamically

master
kaiyou 7 years ago
parent 7d348440d8
commit 2c8810d7d3

@ -19,6 +19,7 @@ http {
server_tokens off; server_tokens off;
absolute_redirect off; absolute_redirect off;
# Main HTTP server
server { server {
# Always listen over HTTP # Always listen over HTTP
listen 80; listen 80;
@ -83,11 +84,20 @@ http {
{% endif %} {% endif %}
{% endif %} {% endif %}
} }
# Forwarding authentication server
server {
listen 127.0.0.1:8000;
location /internal {
proxy_pass http://admin;
}
}
} }
mail { mail {
server_name {{ HOSTNAMES.split(",")[0] }}; server_name {{ HOSTNAMES.split(",")[0] }};
auth_http http://{{ ADMIN_ADDRESS }}/internal/nginx; auth_http http://127.0.0.1:8000/internal/nginx;
proxy_pass_error_message on; proxy_pass_error_message on;
{% if TLS and not TLS_ERROR %} {% if TLS and not TLS_ERROR %}
@ -132,18 +142,20 @@ mail {
imap_auth plain; imap_auth plain;
} }
{% if TLS %}
server { server {
listen 465 ssl; listen 587;
listen [::]:465 ssl; listen [::]:587;
{% if TLS %}
starttls only;
{% endif %}
protocol smtp; protocol smtp;
smtp_auth plain; smtp_auth plain;
} }
{% if TLS %}
server { server {
listen 587; listen 465 ssl;
listen [::]:587; listen [::]:465 ssl;
starttls only;
protocol smtp; protocol smtp;
smtp_auth plain; smtp_auth plain;
} }

@ -2,15 +2,11 @@
import jinja2 import jinja2
import os import os
import socket
convert = lambda src, dst, args: open(dst, "w").write(jinja2.Template(open(src).read()).render(**args)) convert = lambda src, dst, args: open(dst, "w").write(jinja2.Template(open(src).read()).render(**args))
args = os.environ.copy() args = os.environ.copy()
if "ADMIN_ADDRESS" not in os.environ:
args["ADMIN_ADDRESS"] = socket.gethostbyname("admin")
args["TLS"] = { args["TLS"] = {
"cert": ("/certs/cert.pem", "/certs/key.pem"), "cert": ("/certs/cert.pem", "/certs/key.pem"),
"letsencrypt": ("/certs/letsencrypt/live/mailu/fullchain.pem", "letsencrypt": ("/certs/letsencrypt/live/mailu/fullchain.pem",

Loading…
Cancel
Save