f2b552c00d
Disable http listener for SNI ssl hosts in nginx. This allows the use of the following config again: https://mailcow.github.io/mailcow-dockerized-docs/u_e-80_to_443/ However that documentation page should still be updated: https://github.com/mailcow/mailcow-dockerized-docs/pull/175/commits
39 lines
1020 B
Bash
39 lines
1020 B
Bash
echo '
|
|
server {
|
|
listen 127.0.0.1:65510;
|
|
include /etc/nginx/conf.d/listen_plain.active;
|
|
include /etc/nginx/conf.d/listen_ssl.active;
|
|
|
|
ssl_certificate /etc/ssl/mail/cert.pem;
|
|
ssl_certificate_key /etc/ssl/mail/key.pem;
|
|
|
|
include /etc/nginx/conf.d/server_name.active;
|
|
|
|
include /etc/nginx/conf.d/includes/site-defaults.conf;
|
|
}
|
|
';
|
|
for cert_dir in /etc/ssl/mail/*/ ; do
|
|
if [[ ! -f ${cert_dir}domains ]] || [[ ! -f ${cert_dir}cert.pem ]] || [[ ! -f ${cert_dir}key.pem ]]; then
|
|
continue
|
|
fi
|
|
# do not create vhost for default-certificate. the cert is already in the default server listen
|
|
domains="$(cat ${cert_dir}domains | sed -e 's/^[[:space:]]*//')"
|
|
case "${domains}" in
|
|
"") continue;;
|
|
"${MAILCOW_HOSTNAME}"*) continue;;
|
|
esac
|
|
echo -n '
|
|
server {
|
|
include /etc/nginx/conf.d/listen_ssl.active;
|
|
|
|
ssl_certificate '${cert_dir}'cert.pem;
|
|
ssl_certificate_key '${cert_dir}'key.pem;
|
|
';
|
|
echo -n '
|
|
server_name '${domains}';
|
|
|
|
include /etc/nginx/conf.d/includes/site-defaults.conf;
|
|
}
|
|
';
|
|
done
|