7x31
/
mailcow-dockerized
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
6,268 Commits 18 Branches 41 Tags 51 MiB
Commit Graph

139 Commits

Author SHA1 Message Date
Marcel Hofer dd6d253ac0 add random masterpass for sogo admin login 
add required headers for sogo proxy auth with password
add SOGoEncryptionKey
add SOGoTrustProxyAuthentication only conditionally if feature is enabled
 2019-02-26 09:02:35 +01:00
andryyy 57312ad605
[Compose] Add ALLOW_ADMIN_EMAIL_LOGIN to sogo-mailcow to trigger bootstrap on change 
[Compose] Static IPv4 for Dovecot
[SOGo] Remove SOGoIMAPServer from sogo.conf
[SOGo] Add SOGoIMAPServer to bootstrap process
[Nginx] Disallow editAccount for other accounts than 0 (own)
 2019-02-25 00:00:32 +01:00
André Peters 9a9079baa5
Update sogo.auth_request.template.sh 2019-02-23 22:29:14 +01:00
André Peters 0c8f217f49
Update sogo.auth_request.template.sh 
Don't want to split hairs! Just consistency. :)
 2019-02-23 22:20:09 +01:00
Marcel Hofer cac67db203 add config ALLOW_ADMIN_EMAIL_LOGIN and implement password-less SOGo login admins 2019-02-23 17:59:18 +01:00
andryyy 5efdf71120
[Nginx] Add qhandler rewrite 
[Web] Move theme header include, fixes #2267
 2019-02-06 10:14:56 +01:00
Tobias "Knight" S c06e4c81cf
Enable TLSv1.3 finally 
With Alpine 3.9 https://pkgs.alpinelinux.org/package/v3.9/main/x86/openssl we got OpenSSL 1.1.1a. 
With https://github.com/docker-library/official-images/pull/5377 it was merged into the Nginx upstream image and thus Nginx was built with it.
 2019-02-01 01:04:13 +01:00
andryyy 6ad8798d5c [Nginx] Compress some files, don't compress proxy answers 2019-01-31 17:07:49 +01:00
andryyy 14901eed64
[Nginx] Remove broken locations 2019-01-31 15:58:35 +01:00
andryyy 60f9968134
[Nginx] Add compression, change expires 2019-01-31 15:45:57 +01:00
andryyy e84dec3b56 [SOGo] Revert self-built SOGo 2018-12-21 19:54:32 +01:00
andryyy 534e83a218 [Nginx] New WebServerResources path 2018-12-19 09:37:07 +01:00
andryyy e6625501e7 [Nginx] Remove Strict-Transport-Security for subdomains (prevented autoconfig from working without TLS) 2018-11-12 09:53:18 +01:00
André Peters 83a5eda762
Merge pull request #1434 from apoc4lyps/master 
hardening http headers
 2018-10-15 22:48:50 +02:00
André c08149adef [SOGo] EAS changes, larger timeout 2018-10-05 11:12:55 +02:00
André 2f18eb5ad0 [Nginx] Avoid php extensions, use rewrite 2018-10-04 14:34:00 +02:00
André ea4a26eabf [Nginx] Use SOGo web resources from local mount 2018-09-09 09:51:37 +02:00
apoc4lyps cf56be1843
set Referrer-Policy to strict-origin 2018-08-06 09:24:34 +02:00
André 66d1bc12c0 [Nginx] Set client_max_body_size = 0 2018-08-05 22:37:07 +02:00
André e79429beef [PHP-FPM, Nginx] Move some PHP parameters from Nginx to FPM configuration file 2018-06-10 14:31:24 +02:00
apoc4lyps 918343865e
hardening http headers 2018-05-28 12:28:23 +02:00
André ef6644df34 [PHP-FPM] Delete old pool files 
[Nginx] Remove dev code
 2018-04-26 13:57:23 +02:00
André 7181ee4658 [Rspamd] Apply ratelimit against authenticated user instead of envelope from 
[PHP-FPM] Create PHP-FPM listeners 9001 (system) and 9002 (web), drop 9000
[Rspamd] Parse quarantine messages as utf8
[Rspamd] Use new schema for Rspamd bayes hashes and expire them in Redis
[SOGo] Change default logo
[SOGo] Use different keyserver by default in Dockerfile
[Rspamd] Add bad ASN list (disabled by default)
[Watchdog] Change the way we check PHP-FPM, change SOGo check
[Nginx] Change ports according to new PHP-FPM listeners
[Update] Fix PHP-FPM ports for existing non-mailcow Nginx sites
 2018-04-26 13:56:07 +02:00
André Peters 8a7664f7d5 [Nginx] Add larger map bucket size, fixes 1112 2018-03-01 07:28:06 +01:00
Kristian Klausen 63002cbb74 [Nginx] Reduce config duplication 
It does not make sense having a seperate server block for both http
and https.
According to the nginx doc [1], using the same server block for both
should work.

[1] http://nginx.org/en/docs/http/configuring_https_servers.html#single_http_https_server
 2018-02-15 21:23:07 +01:00
André Peters e186e350ef [Nginx] Fixes #1033 2018-02-14 09:09:17 +01:00
André Peters 993c998716
Merge pull request #995 from Alireza2n/master 
SOGO & Rspamd interface: adding "expire" header to static files, allowing browser to be able to cache them
 2018-02-14 07:50:22 +01:00
André Peters 943598f705 [Nginx] Fix EAS... 2018-02-13 09:12:54 +01:00
André Peters 63f7e5930d [Nginx] Fix EAS 2018-02-13 09:07:44 +01:00
André Peters 74c804b9a3 [SOGo] SOGo refuses to bind to IPv6, so force IPv4 in proxy_pass, fixes #1006 2018-02-12 21:32:49 +01:00
André Peters e5031accbb [Nginx] Remove auto-redirect to not break rp 2018-02-09 09:59:35 +01:00
André Peters 3a1e7b4ee1 [Nginx] Pass args when redirecting to https 2018-02-09 09:11:59 +01:00
Alireza 781a5eb69a Added expires directive and map to nginx, allowing browser to cache SOGO JS,CSS,WOFF files. 2018-02-02 18:38:18 +03:30
Alireza 1b898b1c7b Added expires directive and map to nginx, allowing browser to cache rspamd JS,CSS and image files. 2018-02-02 17:46:49 +03:30
Alireza 64fbc73582 Added expires directive and map to nginx, allowing browser to cache rspamd JS,CSS and image files. 2018-02-02 17:42:19 +03:30
andre.peters 70ac65d794 [Nginx] Fix IPv6 subnet, only rewrite to HTTPS when request is not internal 2018-02-01 13:36:01 +01:00
andre.peters 67ddc710a7 [Nginx] Set real IP from internal networks 2018-01-24 08:36:19 +01:00
andre.peters 83fb8c0fd8 [Nginx] Use names instead of IPs 2018-01-21 14:59:45 +01:00
andre.peters ae56c3b59e Fix quarantaine 2017-12-11 10:44:46 +01:00
André a3e966696f [Nginx] Revert to site splitting 2017-10-12 08:37:48 +02:00
andryyy c5054ae7ed [Watchdog] Ignore null name in jq 
[Nginx] Merge sites
[Scripts] Nextcloud helper script (testing!)
 2017-10-11 22:56:22 +02:00
andryyy 874aac3c5e [Nginx, PHP-FPM] Do not expose PHP version, example for nextcloud site, include custom locations to site (add site.something.custom to data/conf/nginx) 2017-10-08 22:57:34 +02:00
Michael Kuron c731a18f66 Preliminary support for Outlook 2016’s autodiscover.json 2017-09-26 22:11:01 +02:00
andryyy f0df390d12 [Nginx] Stricter TLS settings 2017-09-14 13:34:07 +02:00
andryyy 92e6c9daae [Nginx] Fix SSL temp. 2017-09-11 17:37:25 +02:00
JOduMonT b2b9731020 a little bit of security 
Hide the version of NGINX, block XSS and more...

inspired by : https://gist.github.com/plentz/6737338
 2017-09-09 23:10:36 +07:00
andryyy e5faee9037 [Nginx] Disable client_max_body_size 2017-08-09 10:17:32 +02:00
andryyy aabcf65c69 [Nginx] Set server_names_hash_bucket_size 64 2017-07-30 21:39:35 +02:00
andryyy ba3fc47d5f Fix autodiscover, thanks to K2rool! 2017-06-15 23:03:10 +02:00
andryyy 83cb686e33 Fix fix for Apple dav.... 2017-06-14 23:17:31 +02:00
andryyy 495bf05fb8 Fix for Apple autoconfiguration (dav) 2017-06-14 23:14:41 +02:00
andryyy e99fa9433e Fix dav url detection for apple 2017-06-14 23:10:50 +02:00
andryyy e15795e112 Enable http2 2017-06-06 21:59:27 +02:00
andryyy e159eb7522 Fix listener 2017-05-29 21:48:41 +02:00
andryyy 813207c694 Listen on internal IPv6 2017-05-25 10:59:57 +02:00
andryyy 466b8137e5 Add log_helper to Rspamd, add IPv6 for http maps in Nginx, make Bind listen on v6 and add acl for internal network 2017-05-23 22:23:34 +02:00
andryyy edc41b48d1 Add map for scheme... 2017-05-03 22:26:10 +02:00
andryyy 2f0129539b Hopefully fix all Nginx reverse proxy issues, see documentation updates! 2017-05-03 18:05:13 +02:00
andryyy 8f213e8df9 Changes to api path 2017-04-29 16:36:41 +02:00
andryyy a03b36e0c3 Add object to Nginx api configuration 2017-04-26 23:37:55 +02:00
andryyy e4310cafb3 Revert RP changes 2017-04-25 10:49:38 +02:00
Michael Kuron d350c009b9 Fix login redirect behind reverse proxy 2017-04-20 19:53:56 +02:00
Michael Kuron 06e64c585c Fix CalDAV/CardDAV URLs displayed in SOGo web interface when used behind a reverse proxy 2017-04-18 20:24:43 +02:00
andryyy 8b7e3c718d API format changes 2017-03-28 11:51:31 +02:00
André P d8cf921e35 Add ignore 2017-03-21 10:04:26 +01:00
root 892f2197cb Add footable 2017-03-21 10:02:23 +01:00
andryyy 50eb49ab71 Better autodiscover/autoconfig config in Nginx, add new ignores 2017-02-28 14:27:19 +01:00
andryyy 6d7c3423ba Change Nginx templates 2017-02-28 10:12:18 +01:00
andryyy 2fea636a01 Add Nginx HTTP listener 2017-02-28 10:02:02 +01:00
andryyy 26906caa07 Pass IP even if behind (second) reverse proxy, add new SOGo resource path 2017-02-23 16:05:42 +01:00
andryyy 8883960d5a Add mime types and full path to fcgi params 2017-02-08 19:11:25 +01:00
andryyy 7c3a8a5819 Use IPs to not emerg Nginx when host does not exist 2017-02-02 10:09:44 +01:00
andryyy a294cd04e5 Add charset 2017-01-25 19:04:01 +01:00
andryyy 3ece7cc7fd Get SOGo web resources from SOGo httpd, enable caching 2017-01-21 11:46:56 +01:00
andryyy 308c2f7e03 Fix EAS for SOGo 2017-01-15 17:37:25 +01:00
andryyy 89b5d9bde6 Easier container names, allow to set HTTPS port, Typo fix 2017-01-12 21:40:42 +01:00
andryyy 86a8dc195e Change ciphers 2017-01-09 20:22:44 +01:00
andryyy ebfc45df9f Set huge timeout in PHP for SOGo childs to stop 2017-01-03 11:47:09 +01:00
andryyy d486a9bb70 Fix Dav discovery on iOS, thanks Brad! 2016-12-27 20:28:30 +01:00
andryyy 184a35da24 Format 2016-12-22 12:20:26 +01:00
andryyy 49e09d3ca0 Add autodiscover and autoconfig 2016-12-21 12:16:05 +01:00
andryyy 220ea526f7 Thanks to https://gist.github.com/croessner/64ae8150b3fa3636ec002b812c4ab2ff 2016-12-16 12:23:04 +01:00
andryyy 774320d5e8 Use env vars for PHP app 2016-12-14 21:10:11 +01:00
andryyy 9e8a003508 Remove old file 2016-12-14 15:56:30 +01:00
andryyy 5e883b6f51 Some last changes 2016-12-12 21:53:58 +01:00
andryyy 47a5166383 Add pdns resolver, changed some other files 2016-12-11 18:58:29 +01:00
andryyy 7d6c5ff071 First commit for rspamd settings 2016-12-10 00:39:27 +01:00
andryyy e9b97e98ec Some changes 2016-12-09 21:10:11 +01:00
andryyy 5f04dc0b04 mailcow dockerized 2016-12-09 20:39:02 +01:00