Commit Graph

122 Commits

Author SHA1 Message Date
apoc4lyps
cf56be1843
set Referrer-Policy to strict-origin 2018-08-06 09:24:34 +02:00
André
66d1bc12c0 [Nginx] Set client_max_body_size = 0 2018-08-05 22:37:07 +02:00
André
e79429beef [PHP-FPM, Nginx] Move some PHP parameters from Nginx to FPM configuration file 2018-06-10 14:31:24 +02:00
apoc4lyps
918343865e
hardening http headers 2018-05-28 12:28:23 +02:00
André
ef6644df34 [PHP-FPM] Delete old pool files
[Nginx] Remove dev code
2018-04-26 13:57:23 +02:00
André
7181ee4658 [Rspamd] Apply ratelimit against authenticated user instead of envelope from
[PHP-FPM] Create PHP-FPM listeners 9001 (system) and 9002 (web), drop 9000
[Rspamd] Parse quarantine messages as utf8
[Rspamd] Use new schema for Rspamd bayes hashes and expire them in Redis
[SOGo] Change default logo
[SOGo] Use different keyserver by default in Dockerfile
[Rspamd] Add bad ASN list (disabled by default)
[Watchdog] Change the way we check PHP-FPM, change SOGo check
[Nginx] Change ports according to new PHP-FPM listeners
[Update] Fix PHP-FPM ports for existing non-mailcow Nginx sites
2018-04-26 13:56:07 +02:00
André Peters
8a7664f7d5 [Nginx] Add larger map bucket size, fixes 1112 2018-03-01 07:28:06 +01:00
Kristian Klausen
63002cbb74 [Nginx] Reduce config duplication
It does not make sense having a seperate server block for both http
and https.
According to the nginx doc [1], using the same server block for both
should work.

[1] http://nginx.org/en/docs/http/configuring_https_servers.html#single_http_https_server
2018-02-15 21:23:07 +01:00
André Peters
e186e350ef [Nginx] Fixes #1033 2018-02-14 09:09:17 +01:00
André Peters
993c998716
Merge pull request #995 from Alireza2n/master
SOGO & Rspamd interface: adding "expire" header to static files, allowing browser to be able to cache them
2018-02-14 07:50:22 +01:00
André Peters
943598f705 [Nginx] Fix EAS... 2018-02-13 09:12:54 +01:00
André Peters
63f7e5930d [Nginx] Fix EAS 2018-02-13 09:07:44 +01:00
André Peters
74c804b9a3 [SOGo] SOGo refuses to bind to IPv6, so force IPv4 in proxy_pass, fixes #1006 2018-02-12 21:32:49 +01:00
André Peters
e5031accbb [Nginx] Remove auto-redirect to not break rp 2018-02-09 09:59:35 +01:00
André Peters
3a1e7b4ee1 [Nginx] Pass args when redirecting to https 2018-02-09 09:11:59 +01:00
Alireza
781a5eb69a Added expires directive and map to nginx, allowing browser to cache SOGO JS,CSS,WOFF files. 2018-02-02 18:38:18 +03:30
Alireza
1b898b1c7b Added expires directive and map to nginx, allowing browser to cache rspamd JS,CSS and image files. 2018-02-02 17:46:49 +03:30
Alireza
64fbc73582 Added expires directive and map to nginx, allowing browser to cache rspamd JS,CSS and image files. 2018-02-02 17:42:19 +03:30
andre.peters
70ac65d794 [Nginx] Fix IPv6 subnet, only rewrite to HTTPS when request is not internal 2018-02-01 13:36:01 +01:00
andre.peters
67ddc710a7 [Nginx] Set real IP from internal networks 2018-01-24 08:36:19 +01:00
andre.peters
83fb8c0fd8 [Nginx] Use names instead of IPs 2018-01-21 14:59:45 +01:00
andre.peters
ae56c3b59e Fix quarantaine 2017-12-11 10:44:46 +01:00
André
a3e966696f [Nginx] Revert to site splitting 2017-10-12 08:37:48 +02:00
andryyy
c5054ae7ed [Watchdog] Ignore null name in jq
[Nginx] Merge sites
[Scripts] Nextcloud helper script (testing!)
2017-10-11 22:56:22 +02:00
andryyy
874aac3c5e [Nginx, PHP-FPM] Do not expose PHP version, example for nextcloud site, include custom locations to site (add site.something.custom to data/conf/nginx) 2017-10-08 22:57:34 +02:00
Michael Kuron
c731a18f66 Preliminary support for Outlook 2016’s autodiscover.json 2017-09-26 22:11:01 +02:00
andryyy
f0df390d12 [Nginx] Stricter TLS settings 2017-09-14 13:34:07 +02:00
andryyy
92e6c9daae [Nginx] Fix SSL temp. 2017-09-11 17:37:25 +02:00
JOduMonT
b2b9731020 a little bit of security
Hide the version of NGINX, block XSS and more...

inspired by : https://gist.github.com/plentz/6737338
2017-09-09 23:10:36 +07:00
andryyy
e5faee9037 [Nginx] Disable client_max_body_size 2017-08-09 10:17:32 +02:00
andryyy
aabcf65c69 [Nginx] Set server_names_hash_bucket_size 64 2017-07-30 21:39:35 +02:00
andryyy
ba3fc47d5f Fix autodiscover, thanks to K2rool! 2017-06-15 23:03:10 +02:00
andryyy
83cb686e33 Fix fix for Apple dav.... 2017-06-14 23:17:31 +02:00
andryyy
495bf05fb8 Fix for Apple autoconfiguration (dav) 2017-06-14 23:14:41 +02:00
andryyy
e99fa9433e Fix dav url detection for apple 2017-06-14 23:10:50 +02:00
andryyy
e15795e112 Enable http2 2017-06-06 21:59:27 +02:00
andryyy
e159eb7522 Fix listener 2017-05-29 21:48:41 +02:00
andryyy
813207c694 Listen on internal IPv6 2017-05-25 10:59:57 +02:00
andryyy
466b8137e5 Add log_helper to Rspamd, add IPv6 for http maps in Nginx, make Bind listen on v6 and add acl for internal network 2017-05-23 22:23:34 +02:00
andryyy
edc41b48d1 Add map for scheme... 2017-05-03 22:26:10 +02:00
andryyy
2f0129539b Hopefully fix all Nginx reverse proxy issues, see documentation updates! 2017-05-03 18:05:13 +02:00
andryyy
8f213e8df9 Changes to api path 2017-04-29 16:36:41 +02:00
andryyy
a03b36e0c3 Add object to Nginx api configuration 2017-04-26 23:37:55 +02:00
andryyy
e4310cafb3 Revert RP changes 2017-04-25 10:49:38 +02:00
Michael Kuron
d350c009b9 Fix login redirect behind reverse proxy 2017-04-20 19:53:56 +02:00
Michael Kuron
06e64c585c Fix CalDAV/CardDAV URLs displayed in SOGo web interface when used behind a reverse proxy 2017-04-18 20:24:43 +02:00
andryyy
8b7e3c718d API format changes 2017-03-28 11:51:31 +02:00
André P
d8cf921e35 Add ignore 2017-03-21 10:04:26 +01:00
root
892f2197cb Add footable 2017-03-21 10:02:23 +01:00
andryyy
50eb49ab71 Better autodiscover/autoconfig config in Nginx, add new ignores 2017-02-28 14:27:19 +01:00
andryyy
6d7c3423ba Change Nginx templates 2017-02-28 10:12:18 +01:00
andryyy
2fea636a01 Add Nginx HTTP listener 2017-02-28 10:02:02 +01:00
andryyy
26906caa07 Pass IP even if behind (second) reverse proxy, add new SOGo resource path 2017-02-23 16:05:42 +01:00
andryyy
8883960d5a Add mime types and full path to fcgi params 2017-02-08 19:11:25 +01:00
andryyy
7c3a8a5819 Use IPs to not emerg Nginx when host does not exist 2017-02-02 10:09:44 +01:00
andryyy
a294cd04e5 Add charset 2017-01-25 19:04:01 +01:00
andryyy
3ece7cc7fd Get SOGo web resources from SOGo httpd, enable caching 2017-01-21 11:46:56 +01:00
andryyy
308c2f7e03 Fix EAS for SOGo 2017-01-15 17:37:25 +01:00
andryyy
89b5d9bde6 Easier container names, allow to set HTTPS port, Typo fix 2017-01-12 21:40:42 +01:00
andryyy
86a8dc195e Change ciphers 2017-01-09 20:22:44 +01:00
andryyy
ebfc45df9f Set huge timeout in PHP for SOGo childs to stop 2017-01-03 11:47:09 +01:00
andryyy
d486a9bb70 Fix Dav discovery on iOS, thanks Brad! 2016-12-27 20:28:30 +01:00
andryyy
184a35da24 Format 2016-12-22 12:20:26 +01:00
andryyy
49e09d3ca0 Add autodiscover and autoconfig 2016-12-21 12:16:05 +01:00
andryyy
220ea526f7 Thanks to https://gist.github.com/croessner/64ae8150b3fa3636ec002b812c4ab2ff 2016-12-16 12:23:04 +01:00
andryyy
774320d5e8 Use env vars for PHP app 2016-12-14 21:10:11 +01:00
andryyy
9e8a003508 Remove old file 2016-12-14 15:56:30 +01:00
andryyy
5e883b6f51 Some last changes 2016-12-12 21:53:58 +01:00
andryyy
47a5166383 Add pdns resolver, changed some other files 2016-12-11 18:58:29 +01:00
andryyy
7d6c5ff071 First commit for rspamd settings 2016-12-10 00:39:27 +01:00
andryyy
e9b97e98ec Some changes 2016-12-09 21:10:11 +01:00
andryyy
5f04dc0b04 mailcow dockerized 2016-12-09 20:39:02 +01:00