Skip listen to v6 when SUBNET6 is not set

main
Alexander Graf 2 years ago
parent 1ad1d8d95d
commit 842be9b7c3
No known key found for this signature in database
GPG Key ID: B8A9DC143E075629

@ -59,7 +59,9 @@ http {
server {
# Listen over HTTP
listen 80;
{% if SUBNET6 %}
listen [::]:80;
{% endif %}
{% if TLS_FLAVOR == 'letsencrypt' %}
location ^~ /.well-known/acme-challenge/ {
proxy_pass http://127.0.0.1:8008;
@ -91,13 +93,17 @@ http {
# Listen on HTTP only in kubernetes or behind reverse proxy
{% if KUBERNETES_INGRESS == 'true' or TLS_FLAVOR in [ 'mail-letsencrypt', 'notls', 'mail' ] %}
listen 80;
{% if SUBNET6 %}
listen [::]:80;
{% endif %}
{% endif %}
# Only enable HTTPS if TLS is enabled with no error and not on kubernetes
{% if KUBERNETES_INGRESS != 'true' and TLS and not TLS_ERROR %}
listen 443 ssl http2;
{% if SUBNET6 %}
listen [::]:443 ssl http2;
{% endif %}
include /etc/nginx/tls.conf;
ssl_stapling on;
@ -341,7 +347,9 @@ mail {
# SMTP is always enabled, to avoid losing emails when TLS is failing
server {
listen 25;
{% if SUBNET6 %}
listen [::]:25;
{% endif %}
{% if TLS and not TLS_ERROR %}
{% if TLS_FLAVOR in ['letsencrypt','mail-letsencrypt'] %}
ssl_certificate /certs/letsencrypt/live/mailu/fullchain.pem;
@ -363,7 +371,9 @@ mail {
{% if not TLS_ERROR %}
server {
listen 143;
{% if SUBNET6 %}
listen [::]:143;
{% endif %}
{% if TLS %}
starttls only;
{% endif %}
@ -376,7 +386,9 @@ mail {
server {
listen 110;
{% if SUBNET6 %}
listen [::]:110;
{% endif %}
{% if TLS %}
starttls only;
{% endif %}
@ -389,7 +401,9 @@ mail {
server {
listen 587;
{% if SUBNET6 %}
listen [::]:587;
{% endif %}
{% if TLS %}
starttls only;
{% endif %}
@ -401,7 +415,9 @@ mail {
{% if TLS %}
server {
listen 465 ssl;
{% if SUBNET6 %}
listen [::]:465 ssl;
{% endif %}
protocol smtp;
smtp_auth plain login;
auth_http_header Auth-Port 465;
@ -409,7 +425,9 @@ mail {
server {
listen 993 ssl;
{% if SUBNET6 %}
listen [::]:993 ssl;
{% endif %}
protocol imap;
imap_auth plain;
auth_http_header Auth-Port 993;
@ -419,7 +437,9 @@ mail {
server {
listen 995 ssl;
{% if SUBNET6 %}
listen [::]:995 ssl;
{% endif %}
protocol pop3;
pop3_auth plain;
auth_http_header Auth-Port 995;

@ -14,7 +14,7 @@ queue_directory = /queue
message_size_limit = {{ MESSAGE_SIZE_LIMIT }}
# Relayed networks
mynetworks = 127.0.0.1/32 [::1]/128 {{ SUBNET }} {% if SUBNET6 %}{{ "[{}]/{}".format(*SUBNET6.split("/")) }}{% endif %} {% if RELAYNETS %}{{ RELAYNETS.split(",") | join(" ") }}{% endif %}
mynetworks = 127.0.0.1/32 {{ SUBNET }} {% if SUBNET6 %}[::1]/128 {{ "[{}]/{}".format(*SUBNET6.translate({91: None, 93: None}).split("/")) }}{% endif %} {% if RELAYNETS %}{{ RELAYNETS.split(",") | join(" ") }}{% endif %}
# Empty alias list to override the configuration variable and disable NIS
alias_maps =
@ -121,7 +121,7 @@ smtpd_relay_restrictions =
unverified_recipient_reject_reason = Address lookup failure
smtpd_authorized_xclient_hosts={{ SUBNET }}{% if SUBNET6 %},[{{ SUBNET6 }}]{% endif %}
smtpd_authorized_xclient_hosts={{ SUBNET }}{% if SUBNET6 %},{{ "[{}]/{}".format(*SUBNET6.translate({91: None, 93: None}).split("/")) }}{% endif %}
###############
# Milter

@ -1,6 +1,8 @@
server {
listen 80 default_server;
{% if SUBNET6 %}
listen [::]:80 default_server;
{% endif %}
resolver {{ RESOLVER }} valid=30s;
{% if WEBMAIL == 'roundcube' %}

Loading…
Cancel
Save