From d9a6777d9dbda8118ba1874adfec7fb4a9757174 Mon Sep 17 00:00:00 2001 From: Dimitri Huisman Date: Wed, 1 Feb 2023 08:51:53 +0000 Subject: [PATCH 1/2] Forgot to adapt some IF statements. All config is normalized now for front. So true/false now matches the boolean value True/False. Instead if {% IF X == 'true' %} we should now use {% IF X %} --- core/nginx/conf/nginx.conf | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/core/nginx/conf/nginx.conf b/core/nginx/conf/nginx.conf index 38cf7871..ec2e2029 100644 --- a/core/nginx/conf/nginx.conf +++ b/core/nginx/conf/nginx.conf @@ -91,7 +91,7 @@ http { client_max_body_size {{ MESSAGE_SIZE_LIMIT|int + 8388608 }}; # Listen on HTTP only in kubernetes or behind reverse proxy - {% if KUBERNETES_INGRESS == 'true' or TLS_FLAVOR in [ 'mail-letsencrypt', 'notls', 'mail' ] %} + {% if KUBERNETES_INGRESS or TLS_FLAVOR in [ 'mail-letsencrypt', 'notls', 'mail' ] %} listen 80; {% if SUBNET6 %} listen [::]:80; @@ -166,7 +166,7 @@ http { include /overrides/*.conf; # Actual logic - {% if ADMIN == 'true' or WEBMAIL != 'none' %} + {% if ADMIN or WEBMAIL != 'none' %} location ~ ^/(sso|static)/ { include /etc/nginx/proxy.conf; proxy_pass http://$admin; @@ -219,7 +219,7 @@ http { return 302 /sso/login; } {% endif %} - {% if ADMIN == 'true' %} + {% if ADMIN %} location {{ WEB_ADMIN }} { include /etc/nginx/proxy.conf; proxy_pass http://$admin; From 44ad14811d64a8e75d7e857fb3cbf927962adb3d Mon Sep 17 00:00:00 2001 From: Dimitri Huisman Date: Wed, 1 Feb 2023 11:12:05 +0000 Subject: [PATCH 2/2] Missed some IF statements that must be modified for normalized config. --- core/nginx/conf/nginx.conf | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/core/nginx/conf/nginx.conf b/core/nginx/conf/nginx.conf index ec2e2029..89eeb4bf 100644 --- a/core/nginx/conf/nginx.conf +++ b/core/nginx/conf/nginx.conf @@ -53,7 +53,7 @@ http { gzip_min_length 1024; # TODO: figure out how to server pre-compressed assets from admin container - {% if KUBERNETES_INGRESS != 'true' and TLS_FLAVOR in [ 'letsencrypt', 'cert' ] %} + {% if not KUBERNETES_INGRESS and TLS_FLAVOR in [ 'letsencrypt', 'cert' ] %} # Enable the proxy for certbot if the flavor is letsencrypt and not on kubernetes # server { @@ -99,7 +99,7 @@ http { {% endif %} # Only enable HTTPS if TLS is enabled with no error and not on kubernetes - {% if KUBERNETES_INGRESS != 'true' and TLS and not TLS_ERROR %} + {% if not KUBERNETES_INGRESS and TLS and not TLS_ERROR %} listen 443 ssl http2; {% if SUBNET6 %} listen [::]:443 ssl http2; @@ -158,7 +158,7 @@ http { {% endif %} # If TLS is failing, prevent access to anything except certbot - {% if KUBERNETES_INGRESS != 'true' and TLS_ERROR and not (TLS_FLAVOR in [ 'mail-letsencrypt', 'mail' ]) %} + {% if not KUBERNETES_INGRESS and TLS_ERROR and not (TLS_FLAVOR in [ 'mail-letsencrypt', 'mail' ]) %} location / { return 403; }