2643: Fix nginx config r=mergify[bot] a=Diman0

Forgot to adapt some IF statements. All config is normalized now for front.

So true/false now matches the boolean value True/False. Instead if {% IF X == 'true' %} we should now use {% IF X %}

## What type of PR?

bug-fix

## What does this PR do?
Fixes a bug in the nginx config. This bug prevents the /admin endpoint from being exposed.

### Related issue(s)

## Prerequisites
Before we can consider review and merge, please make sure the following list is done and checked.
If an entry in not applicable, you can check it or remove it from the list.

- [ n/a] In case of feature or enhancement: documentation updated accordingly
- [ n/a] Unless it's docs or a minor change: add [changelog](https://mailu.io/master/contributors/workflow.html#changelog) entry file.


Co-authored-by: Dimitri Huisman <diman@huisman.xyz>
main
bors[bot] 2 years ago committed by GitHub
commit 5b4f2fb075
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23

@ -53,7 +53,7 @@ http {
gzip_min_length 1024; gzip_min_length 1024;
# TODO: figure out how to server pre-compressed assets from admin container # TODO: figure out how to server pre-compressed assets from admin container
{% if KUBERNETES_INGRESS != 'true' and TLS_FLAVOR in [ 'letsencrypt', 'cert' ] %} {% if not KUBERNETES_INGRESS and TLS_FLAVOR in [ 'letsencrypt', 'cert' ] %}
# Enable the proxy for certbot if the flavor is letsencrypt and not on kubernetes # Enable the proxy for certbot if the flavor is letsencrypt and not on kubernetes
# #
server { server {
@ -91,7 +91,7 @@ http {
client_max_body_size {{ MESSAGE_SIZE_LIMIT|int + 8388608 }}; client_max_body_size {{ MESSAGE_SIZE_LIMIT|int + 8388608 }};
# Listen on HTTP only in kubernetes or behind reverse proxy # Listen on HTTP only in kubernetes or behind reverse proxy
{% if KUBERNETES_INGRESS == 'true' or TLS_FLAVOR in [ 'mail-letsencrypt', 'notls', 'mail' ] %} {% if KUBERNETES_INGRESS or TLS_FLAVOR in [ 'mail-letsencrypt', 'notls', 'mail' ] %}
listen 80; listen 80;
{% if SUBNET6 %} {% if SUBNET6 %}
listen [::]:80; listen [::]:80;
@ -99,7 +99,7 @@ http {
{% endif %} {% endif %}
# Only enable HTTPS if TLS is enabled with no error and not on kubernetes # Only enable HTTPS if TLS is enabled with no error and not on kubernetes
{% if KUBERNETES_INGRESS != 'true' and TLS and not TLS_ERROR %} {% if not KUBERNETES_INGRESS and TLS and not TLS_ERROR %}
listen 443 ssl http2; listen 443 ssl http2;
{% if SUBNET6 %} {% if SUBNET6 %}
listen [::]:443 ssl http2; listen [::]:443 ssl http2;
@ -158,7 +158,7 @@ http {
{% endif %} {% endif %}
# If TLS is failing, prevent access to anything except certbot # If TLS is failing, prevent access to anything except certbot
{% if KUBERNETES_INGRESS != 'true' and TLS_ERROR and not (TLS_FLAVOR in [ 'mail-letsencrypt', 'mail' ]) %} {% if not KUBERNETES_INGRESS and TLS_ERROR and not (TLS_FLAVOR in [ 'mail-letsencrypt', 'mail' ]) %}
location / { location / {
return 403; return 403;
} }
@ -166,7 +166,7 @@ http {
include /overrides/*.conf; include /overrides/*.conf;
# Actual logic # Actual logic
{% if ADMIN == 'true' or WEBMAIL != 'none' %} {% if ADMIN or WEBMAIL != 'none' %}
location ~ ^/(sso|static)/ { location ~ ^/(sso|static)/ {
include /etc/nginx/proxy.conf; include /etc/nginx/proxy.conf;
proxy_pass http://$admin; proxy_pass http://$admin;
@ -219,7 +219,7 @@ http {
return 302 /sso/login; return 302 /sso/login;
} }
{% endif %} {% endif %}
{% if ADMIN == 'true' %} {% if ADMIN %}
location {{ WEB_ADMIN }} { location {{ WEB_ADMIN }} {
include /etc/nginx/proxy.conf; include /etc/nginx/proxy.conf;
proxy_pass http://$admin; proxy_pass http://$admin;

Loading…
Cancel
Save