From ec5a75f6031496ea89822f383608d93515fa353a Mon Sep 17 00:00:00 2001
From: Pierre Jaury <pierre@jaury.eu>
Date: Sat, 10 Sep 2016 11:45:34 +0200
Subject: [PATCH] Proxify to webmail only if enabled, related to #40

---
 nginx/Dockerfile |  4 +++-
 nginx/nginx.conf | 19 ++++++++++++++++---
 2 files changed, 19 insertions(+), 4 deletions(-)

diff --git a/nginx/Dockerfile b/nginx/Dockerfile
index d6eac3e8..df815de8 100644
--- a/nginx/Dockerfile
+++ b/nginx/Dockerfile
@@ -1,3 +1,5 @@
-FROM nginx
+FROM nginx:alpine
+
+RUN apk add --update nginx-lua && rm -rf /var/cache/apk/*
 
 COPY nginx.conf /etc/nginx/nginx.conf
diff --git a/nginx/nginx.conf b/nginx/nginx.conf
index 11e459de..d8fb2183 100644
--- a/nginx/nginx.conf
+++ b/nginx/nginx.conf
@@ -1,6 +1,6 @@
-user www-data;
+#  Basic configuration
+user nginx;
 worker_processes  1;
-
 error_log /dev/stderr info;
 pid /var/run/nginx.pid;
 
@@ -8,7 +8,11 @@ events {
     worker_connections  1024;
 }
 
+# Environment variables used in the configuration
+env WEBMAIL;
+
 http {
+    # Standard HTTP configuration with slight hardening
     include /etc/nginx/mime.types;
     default_type application/octet-stream;
     access_log /dev/stdout;
@@ -36,8 +40,17 @@ http {
     		return 301 https://$host$request_uri;
     	}
 
+      # Load Lua variables
+      set_by_lua $webmail 'return os.getenv("WEBMAIL")';
+
+      # Actual logic
+
       location / {
-        proxy_pass http://webmail;
+        if ($webmail != none) {
+          proxy_pass http://webmail;
+        }
+
+        return 403;
       }
 
       location /admin {