diff --git a/core/nginx/conf/nginx.conf b/core/nginx/conf/nginx.conf index 38cf7871..89eeb4bf 100644 --- a/core/nginx/conf/nginx.conf +++ b/core/nginx/conf/nginx.conf @@ -53,7 +53,7 @@ http { gzip_min_length 1024; # TODO: figure out how to server pre-compressed assets from admin container - {% if KUBERNETES_INGRESS != 'true' and TLS_FLAVOR in [ 'letsencrypt', 'cert' ] %} + {% if not KUBERNETES_INGRESS and TLS_FLAVOR in [ 'letsencrypt', 'cert' ] %} # Enable the proxy for certbot if the flavor is letsencrypt and not on kubernetes # server { @@ -91,7 +91,7 @@ http { client_max_body_size {{ MESSAGE_SIZE_LIMIT|int + 8388608 }}; # Listen on HTTP only in kubernetes or behind reverse proxy - {% if KUBERNETES_INGRESS == 'true' or TLS_FLAVOR in [ 'mail-letsencrypt', 'notls', 'mail' ] %} + {% if KUBERNETES_INGRESS or TLS_FLAVOR in [ 'mail-letsencrypt', 'notls', 'mail' ] %} listen 80; {% if SUBNET6 %} listen [::]:80; @@ -99,7 +99,7 @@ http { {% endif %} # Only enable HTTPS if TLS is enabled with no error and not on kubernetes - {% if KUBERNETES_INGRESS != 'true' and TLS and not TLS_ERROR %} + {% if not KUBERNETES_INGRESS and TLS and not TLS_ERROR %} listen 443 ssl http2; {% if SUBNET6 %} listen [::]:443 ssl http2; @@ -158,7 +158,7 @@ http { {% endif %} # If TLS is failing, prevent access to anything except certbot - {% if KUBERNETES_INGRESS != 'true' and TLS_ERROR and not (TLS_FLAVOR in [ 'mail-letsencrypt', 'mail' ]) %} + {% if not KUBERNETES_INGRESS and TLS_ERROR and not (TLS_FLAVOR in [ 'mail-letsencrypt', 'mail' ]) %} location / { return 403; } @@ -166,7 +166,7 @@ http { include /overrides/*.conf; # Actual logic - {% if ADMIN == 'true' or WEBMAIL != 'none' %} + {% if ADMIN or WEBMAIL != 'none' %} location ~ ^/(sso|static)/ { include /etc/nginx/proxy.conf; proxy_pass http://$admin; @@ -219,7 +219,7 @@ http { return 302 /sso/login; } {% endif %} - {% if ADMIN == 'true' %} + {% if ADMIN %} location {{ WEB_ADMIN }} { include /etc/nginx/proxy.conf; proxy_pass http://$admin;