edwin
/
mailcow-dockerized-proxy
mirror of https://github.com/practical-engelbart/mailcow-dockerized-proxy.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

Update mailcow.conf

Browse Source
master
Edwin Lyon 4 years ago committed by GitHub
parent ed39b8710d
commit e080b28e13
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 4 additions and 43 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Split View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 47
      nginx/mailcow.conf

47
nginx/mailcow.conf
Unescape View File

@ -1,56 +1,17 @@
server {
listen 80;
listen [::]:80;
server_name mail.example.com webmail.example.com autodiscover.* autoconfig.*;
;location ^~ /.well-known/acme-challenge/ {
allow all;
root /var/lib/letsencrypt/;
default_type "text/plain";
try_files $uri =404;
}
return 301 https://$host$request_uri;
}
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name mail.example.com webmail.example.com autodiscover.* autoconfig.*;
server_name mail.example.com autodiscover.example.com autoconfig.example.com;
ssl_certificate /opt/mailcow-dockerized/data/assets/ssl/fullchain.pem;
ssl_certificate_key /opt/mailcow-dockerized/data/assets/ssl/key.pem;
ssl_dhparam /opt/mailcow-dockerized/data/assets/ssl/dhparams.pem;
ssl_session_timeout 1d;
ssl_session_cache shared:SSL:10m;
ssl_session_tickets off;
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384;
ssl_prefer_server_ciphers off;
ssl_stapling on;
ssl_stapling_verify on;
include /etc/nginx/snippets/ssl.conf;
include /etc/nginx/stapling.conf;
ssl_trusted_certificate /opt/mailcow-dockerized/data/assets/ssl/chain.pem;
resolver 1.1.1.1:53 1.0.0.1:53 '[2606:4700:4700::1111]:53' '[2606:4700:4700::1001]:53' valid=300s;
resolver_timeout 30s;
add_header Strict-Transport-Security "max-age=63072000";
add_header X-Frame-Options "SAMEORIGIN" always;
add_header X-XSS-Protection "1; mode=block" always;
add_header X-Content-Type-Options "nosniff" always;
add_header Referrer-Policy "strict-origin-when-cross-origin" always;
add_header Content-Security-Policy "upgrade-insecure-requests" always;
add_header Feature-policy "accelerometer 'none'; camera 'none'; geolocation 'none'; gyroscope 'none'; magnetometer 'none'; microphone 'none'; payment 'none'" always;
location ^~ /.well-known/acme-challenge/ {
allow all;
root /var/lib/letsencrypt/;
default_type "text/plain";
try_files $uri =404;
}
include /etc/nginx/snippets/security.conf;
location /Microsoft-Server-ActiveSync {
proxy_pass http://127.0.0.1:8080/Microsoft-Server-ActiveSync;

Write Preview
Loading…
Cancel
Save