Skip listen to v6 when SUBNET6 is not set

main
Alexander Graf 2 years ago
parent 1ad1d8d95d
commit 842be9b7c3
No known key found for this signature in database
GPG Key ID: B8A9DC143E075629

@ -59,7 +59,9 @@ http {
server { server {
# Listen over HTTP # Listen over HTTP
listen 80; listen 80;
{% if SUBNET6 %}
listen [::]:80; listen [::]:80;
{% endif %}
{% if TLS_FLAVOR == 'letsencrypt' %} {% if TLS_FLAVOR == 'letsencrypt' %}
location ^~ /.well-known/acme-challenge/ { location ^~ /.well-known/acme-challenge/ {
proxy_pass http://127.0.0.1:8008; proxy_pass http://127.0.0.1:8008;
@ -91,13 +93,17 @@ http {
# Listen on HTTP only in kubernetes or behind reverse proxy # Listen on HTTP only in kubernetes or behind reverse proxy
{% if KUBERNETES_INGRESS == 'true' or TLS_FLAVOR in [ 'mail-letsencrypt', 'notls', 'mail' ] %} {% if KUBERNETES_INGRESS == 'true' or TLS_FLAVOR in [ 'mail-letsencrypt', 'notls', 'mail' ] %}
listen 80; listen 80;
{% if SUBNET6 %}
listen [::]:80; listen [::]:80;
{% endif %}
{% endif %} {% endif %}
# Only enable HTTPS if TLS is enabled with no error and not on kubernetes # Only enable HTTPS if TLS is enabled with no error and not on kubernetes
{% if KUBERNETES_INGRESS != 'true' and TLS and not TLS_ERROR %} {% if KUBERNETES_INGRESS != 'true' and TLS and not TLS_ERROR %}
listen 443 ssl http2; listen 443 ssl http2;
{% if SUBNET6 %}
listen [::]:443 ssl http2; listen [::]:443 ssl http2;
{% endif %}
include /etc/nginx/tls.conf; include /etc/nginx/tls.conf;
ssl_stapling on; ssl_stapling on;
@ -341,7 +347,9 @@ mail {
# SMTP is always enabled, to avoid losing emails when TLS is failing # SMTP is always enabled, to avoid losing emails when TLS is failing
server { server {
listen 25; listen 25;
{% if SUBNET6 %}
listen [::]:25; listen [::]:25;
{% endif %}
{% if TLS and not TLS_ERROR %} {% if TLS and not TLS_ERROR %}
{% if TLS_FLAVOR in ['letsencrypt','mail-letsencrypt'] %} {% if TLS_FLAVOR in ['letsencrypt','mail-letsencrypt'] %}
ssl_certificate /certs/letsencrypt/live/mailu/fullchain.pem; ssl_certificate /certs/letsencrypt/live/mailu/fullchain.pem;
@ -363,7 +371,9 @@ mail {
{% if not TLS_ERROR %} {% if not TLS_ERROR %}
server { server {
listen 143; listen 143;
{% if SUBNET6 %}
listen [::]:143; listen [::]:143;
{% endif %}
{% if TLS %} {% if TLS %}
starttls only; starttls only;
{% endif %} {% endif %}
@ -376,7 +386,9 @@ mail {
server { server {
listen 110; listen 110;
{% if SUBNET6 %}
listen [::]:110; listen [::]:110;
{% endif %}
{% if TLS %} {% if TLS %}
starttls only; starttls only;
{% endif %} {% endif %}
@ -389,7 +401,9 @@ mail {
server { server {
listen 587; listen 587;
{% if SUBNET6 %}
listen [::]:587; listen [::]:587;
{% endif %}
{% if TLS %} {% if TLS %}
starttls only; starttls only;
{% endif %} {% endif %}
@ -401,7 +415,9 @@ mail {
{% if TLS %} {% if TLS %}
server { server {
listen 465 ssl; listen 465 ssl;
{% if SUBNET6 %}
listen [::]:465 ssl; listen [::]:465 ssl;
{% endif %}
protocol smtp; protocol smtp;
smtp_auth plain login; smtp_auth plain login;
auth_http_header Auth-Port 465; auth_http_header Auth-Port 465;
@ -409,7 +425,9 @@ mail {
server { server {
listen 993 ssl; listen 993 ssl;
{% if SUBNET6 %}
listen [::]:993 ssl; listen [::]:993 ssl;
{% endif %}
protocol imap; protocol imap;
imap_auth plain; imap_auth plain;
auth_http_header Auth-Port 993; auth_http_header Auth-Port 993;
@ -419,7 +437,9 @@ mail {
server { server {
listen 995 ssl; listen 995 ssl;
{% if SUBNET6 %}
listen [::]:995 ssl; listen [::]:995 ssl;
{% endif %}
protocol pop3; protocol pop3;
pop3_auth plain; pop3_auth plain;
auth_http_header Auth-Port 995; auth_http_header Auth-Port 995;

@ -14,7 +14,7 @@ queue_directory = /queue
message_size_limit = {{ MESSAGE_SIZE_LIMIT }} message_size_limit = {{ MESSAGE_SIZE_LIMIT }}
# Relayed networks # Relayed networks
mynetworks = 127.0.0.1/32 [::1]/128 {{ SUBNET }} {% if SUBNET6 %}{{ "[{}]/{}".format(*SUBNET6.split("/")) }}{% endif %} {% if RELAYNETS %}{{ RELAYNETS.split(",") | join(" ") }}{% endif %} mynetworks = 127.0.0.1/32 {{ SUBNET }} {% if SUBNET6 %}[::1]/128 {{ "[{}]/{}".format(*SUBNET6.translate({91: None, 93: None}).split("/")) }}{% endif %} {% if RELAYNETS %}{{ RELAYNETS.split(",") | join(" ") }}{% endif %}
# Empty alias list to override the configuration variable and disable NIS # Empty alias list to override the configuration variable and disable NIS
alias_maps = alias_maps =
@ -121,7 +121,7 @@ smtpd_relay_restrictions =
unverified_recipient_reject_reason = Address lookup failure unverified_recipient_reject_reason = Address lookup failure
smtpd_authorized_xclient_hosts={{ SUBNET }}{% if SUBNET6 %},[{{ SUBNET6 }}]{% endif %} smtpd_authorized_xclient_hosts={{ SUBNET }}{% if SUBNET6 %},{{ "[{}]/{}".format(*SUBNET6.translate({91: None, 93: None}).split("/")) }}{% endif %}
############### ###############
# Milter # Milter

@ -1,6 +1,8 @@
server { server {
listen 80 default_server; listen 80 default_server;
{% if SUBNET6 %}
listen [::]:80 default_server; listen [::]:80 default_server;
{% endif %}
resolver {{ RESOLVER }} valid=30s; resolver {{ RESOLVER }} valid=30s;
{% if WEBMAIL == 'roundcube' %} {% if WEBMAIL == 'roundcube' %}

Loading…
Cancel
Save