Use an HTTP proxy for resolving the admin address dynamically

master
kaiyou 7 years ago
parent 7d348440d8
commit 2c8810d7d3

@ -19,6 +19,7 @@ http {
server_tokens off;
absolute_redirect off;
# Main HTTP server
server {
# Always listen over HTTP
listen 80;
@ -83,11 +84,20 @@ http {
{% endif %}
{% endif %}
}
# Forwarding authentication server
server {
listen 127.0.0.1:8000;
location /internal {
proxy_pass http://admin;
}
}
}
mail {
server_name {{ HOSTNAMES.split(",")[0] }};
auth_http http://{{ ADMIN_ADDRESS }}/internal/nginx;
auth_http http://127.0.0.1:8000/internal/nginx;
proxy_pass_error_message on;
{% if TLS and not TLS_ERROR %}
@ -132,18 +142,20 @@ mail {
imap_auth plain;
}
{% if TLS %}
server {
listen 465 ssl;
listen [::]:465 ssl;
listen 587;
listen [::]:587;
{% if TLS %}
starttls only;
{% endif %}
protocol smtp;
smtp_auth plain;
}
{% if TLS %}
server {
listen 587;
listen [::]:587;
starttls only;
listen 465 ssl;
listen [::]:465 ssl;
protocol smtp;
smtp_auth plain;
}

@ -2,15 +2,11 @@
import jinja2
import os
import socket
convert = lambda src, dst, args: open(dst, "w").write(jinja2.Template(open(src).read()).render(**args))
args = os.environ.copy()
if "ADMIN_ADDRESS" not in os.environ:
args["ADMIN_ADDRESS"] = socket.gethostbyname("admin")
args["TLS"] = {
"cert": ("/certs/cert.pem", "/certs/key.pem"),
"letsencrypt": ("/certs/letsencrypt/live/mailu/fullchain.pem",

Loading…
Cancel
Save