|
|
|
|
@ -1,10 +1,3 @@ |
|
|
|
|
server { |
|
|
|
|
listen 80; |
|
|
|
|
listen [::]:80; |
|
|
|
|
server_name email.* webmail.* autodiscover.* autoconfig.*; |
|
|
|
|
return 301 https://$host$request_uri; |
|
|
|
|
} |
|
|
|
|
|
|
|
|
|
server { |
|
|
|
|
listen 443 ssl http2; |
|
|
|
|
listen [::]:443 ssl http2; |
|
|
|
|
@ -68,9 +61,6 @@ server { |
|
|
|
|
include /etc/nginx/snippets/ssl.conf; |
|
|
|
|
ssl_trusted_certificate /opt/mailcow-dockerized/data/assets/ssl/cert.pem; |
|
|
|
|
|
|
|
|
|
add_header Strict-Transport-Security "max-age=16070400"; |
|
|
|
|
add_header Content-Security-Policy "upgrade-insecure-requests"; |
|
|
|
|
|
|
|
|
|
include /etc/nginx/snippets/letsencrypt.conf; |
|
|
|
|
|
|
|
|
|
if ($http_referer ~ "semalt\.com|badsite\.net|example\.com") { |
|
|
|
|
@ -79,5 +69,10 @@ server { |
|
|
|
|
|
|
|
|
|
location / { |
|
|
|
|
return 301 https://email.thelyoncompany.com/SOGo; |
|
|
|
|
add_header Strict-Transport-Security "max-age=31536000"; |
|
|
|
|
add_header X-Content-Type-Options nosniff; |
|
|
|
|
add_header X-XSS-Protection "1; mode=block"; |
|
|
|
|
add_header Referrer-Policy "no-referrer-when-downgrade"; |
|
|
|
|
add_header Content-Security-Policy "upgrade-insecure-requests"; |
|
|
|
|
} |
|
|
|
|
} |
|
|
|
|
|
Edwin Lyon
3 years ago
committed by
GitHub