nginx.conf 2.89 KB
Newer Older
1
## $HOSTNAME
2

3
# Redirect all HTTP to HTTPS.
4 5
server {
	listen 80;
6
	listen [::]:80;
7

8
	server_name $HOSTNAME;
9
	root /tmp/invalid-path-nothing-here;
10 11 12 13 14

	# Improve privacy: Hide version an OS information on
	# error pages and in the "Server" HTTP-Header.
	server_tokens off;

15 16 17 18
	# Redirect using the 'return' directive and the built-in
	# variable '$request_uri' to avoid any capturing, matching
	# or evaluation of regular expressions.
	return 301 https://$HOSTNAME$request_uri;
19 20 21 22 23
}

# The secure HTTPS server.
server {
	listen 443 ssl;
24
	listen [::]:443 ssl;
25

26
	server_name $HOSTNAME;
27

28 29 30 31
	# Improve privacy: Hide version an OS information on
	# error pages and in the "Server" HTTP-Header.
	server_tokens off;

32 33
	ssl_certificate $SSL_CERTIFICATE;
	ssl_certificate_key $SSL_KEY;
34
	include /etc/nginx/nginx-ssl.conf;
35

36 37
	# Expose this directory as static files.
	root $ROOT;
38 39
	index index.html index.htm;

40 41 42 43 44 45 46 47 48 49
	location = /robots.txt {
		log_not_found off;
		access_log off;
	}

	location = /favicon.ico {
		log_not_found off;
		access_log off;
	}

Norman's avatar
Norman committed
50 51 52
	location = /mailinabox.mobileconfig {
		alias /var/lib/mailinabox/mobileconfig.xml;
	}
53 54 55
	location = /.well-known/autoconfig/mail/config-v1.1.xml {
		alias /var/lib/mailinabox/mozilla-autoconfig.xml;
	}
Norman's avatar
Norman committed
56

57 58 59 60 61 62 63
	# Disable viewing dotfiles (.htaccess, .svn, .git, etc.)
	location ~ /\.(ht|svn|git|hg|bzr) {
		log_not_found off;
		access_log off;
		deny all;
	}

64 65 66 67 68 69
	# Roundcube Webmail configuration.
	rewrite ^/mail$ /mail/ redirect;
	rewrite ^/mail/$ /mail/index.php;
	location /mail/ {
		index index.php;
		alias /usr/local/lib/roundcubemail/;
jkaberg's avatar
jkaberg committed
70
	}
71 72 73
	location ~ /mail/config/.* {
		# A ~-style location is needed to give this precedence over the next block.
		return 403;
74
	}
75 76 77 78 79 80
	location ~ /mail/.*\.php {
		# note: ~ has precendence over a regular location block
		include fastcgi_params;
		fastcgi_split_path_info ^/mail(/.*)()$;
		fastcgi_index index.php;
		fastcgi_param SCRIPT_FILENAME /usr/local/lib/roundcubemail/$fastcgi_script_name;
81
		fastcgi_pass php-fpm;
82 83 84 85

		# Outgoing mail also goes through this endpoint, so increase the maximum
		# file upload limit to match the corresponding Postfix limit.
		client_max_body_size 128M;
86
	}
87

88 89
	# Z-Push (Microsoft Exchange ActiveSync)
	location /Microsoft-Server-ActiveSync {
90
		include /etc/nginx/fastcgi_params;
91
		fastcgi_param SCRIPT_FILENAME /usr/local/lib/z-push/index.php;
92
		fastcgi_param PHP_VALUE "include_path=.:/usr/share/php:/usr/share/pear:/usr/share/awl/inc";
93
		fastcgi_read_timeout 630;
94
		fastcgi_pass php-fpm;
95 96 97 98

		# Outgoing mail also goes through this endpoint, so increase the maximum
		# file upload limit to match the corresponding Postfix limit.
		client_max_body_size 128M;
99
	}
100 101 102
	location /autodiscover/autodiscover.xml {
		include fastcgi_params;
		fastcgi_param SCRIPT_FILENAME /usr/local/lib/z-push/autodiscover/autodiscover.php;
103
		fastcgi_param PHP_VALUE "include_path=.:/usr/share/php:/usr/share/pear:/usr/share/awl/inc";
104 105 106
		fastcgi_pass php-fpm;
	}

107

108
	# ADDITIONAL DIRECTIVES HERE
109
}