8 سال پیش · 06e64c585c
--- a/data/conf/nginx/site.conf
+++ b/data/conf/nginx/site.conf
@@ -1,4 +1,23 @@
 
				 proxy_cache_path /tmp levels=1:2 keys_zone=sogo:10m inactive=24h  max_size=1g;
			
 
				+
			
 
				+# use the non-standard X-Forwarded-* headers for WebObjects
			
 
				+map $http_x_forwarded_proto $maybe_real_scheme {
			
 
				+  default $http_x_forwarded_proto;
			
 
				+  ''      $scheme;
			
 
				+}
			
 
				+map $http_x_forwarded_port $maybe_real_port {
			
 
				+  default $http_x_forwarded_port;
			
 
				+  ''      $server_port;
			
 
				+}
			
 
				+map $realip_remote_addr $real_scheme {
			
 
				+  default $scheme;
			
 
				+  172.22.1.1 $maybe_real_scheme;
			
 
				+}
			
 
				+map $realip_remote_addr $real_port {
			
 
				+  default $server_port;
			
 
				+  172.22.1.1 $maybe_real_port;
			
 
				+}
			
 
				+
			
 
				 server {
			
 
				   include /etc/nginx/conf.d/listen_ssl.active;
			
 
				   include /etc/nginx/mime.types;
			
@@ -34,7 +53,7 @@ server {
 
				   real_ip_recursive on;
			
 
				 
			
 
				   location = /principals/ {
			
 
				-    rewrite ^ $scheme://$host:$server_port/SOGo/dav;
			
 
				+    rewrite ^ $real_scheme://$host:$real_port/SOGo/dav;
			
 
				     allow all;
			
 
				   }
			
 
				 
			
@@ -100,8 +119,8 @@ server {
 
				     proxy_set_header x-webobjects-server-protocol HTTP/1.0;
			
 
				     proxy_set_header x-webobjects-remote-host $remote_addr;
			
 
				     proxy_set_header x-webobjects-server-name $server_name;
			
 
				-    proxy_set_header x-webobjects-server-url $scheme://$host:$server_port;
			
 
				-    proxy_set_header x-webobjects-server-port $server_port;
			
 
				+    proxy_set_header x-webobjects-server-url $real_scheme://$host:$real_port;
			
 
				+    proxy_set_header x-webobjects-server-port $real_port;
			
 
				     client_body_buffer_size 128k;
			
 
				     client_max_body_size 100m;
			
 
				   }
			
@@ -114,8 +133,8 @@ server {
 
				     proxy_set_header x-webobjects-server-protocol HTTP/1.0;
			
 
				     proxy_set_header x-webobjects-remote-host $remote_addr;
			
 
				     proxy_set_header x-webobjects-server-name $server_name;
			
 
				-    proxy_set_header x-webobjects-server-url $scheme://$host:$server_port;
			
 
				-    proxy_set_header x-webobjects-server-port $server_port;
			
 
				+    proxy_set_header x-webobjects-server-url $real_scheme://$host:$real_port;
			
 
				+    proxy_set_header x-webobjects-server-port $real_port;
			
 
				     client_body_buffer_size 128k;
			
 
				     client_max_body_size 100m;
			
 
				     break;
			
@@ -187,7 +206,7 @@ server {
 
				   real_ip_recursive on;
			
 
				 
			
 
				   location = /principals/ {
			
 
				-    rewrite ^ $scheme://$host:$server_port/SOGo/dav;
			
 
				+    rewrite ^ $real_scheme://$host:$real_port/SOGo/dav;
			
 
				     allow all;
			
 
				   }
			
 
				 
			
@@ -253,8 +272,8 @@ server {
 
				     proxy_set_header x-webobjects-server-protocol HTTP/1.0;
			
 
				     proxy_set_header x-webobjects-remote-host $remote_addr;
			
 
				     proxy_set_header x-webobjects-server-name $server_name;
			
 
				-    proxy_set_header x-webobjects-server-url $scheme://$host:$server_port;
			
 
				-    proxy_set_header x-webobjects-server-port $server_port;
			
 
				+    proxy_set_header x-webobjects-server-url $real_scheme://$host:$real_port;
			
 
				+    proxy_set_header x-webobjects-server-port $real_port;
			
 
				     client_body_buffer_size 128k;
			
 
				     client_max_body_size 100m;
			
 
				   }
			
@@ -267,8 +286,8 @@ server {
 
				     proxy_set_header x-webobjects-server-protocol HTTP/1.0;
			
 
				     proxy_set_header x-webobjects-remote-host $remote_addr;
			
 
				     proxy_set_header x-webobjects-server-name $server_name;
			
 
				-    proxy_set_header x-webobjects-server-url $scheme://$host:$server_port;
			
 
				-    proxy_set_header x-webobjects-server-port $server_port;
			
 
				+    proxy_set_header x-webobjects-server-url $real_scheme://$host:$real_port;
			
 
				+    proxy_set_header x-webobjects-server-port $real_port;
			
 
				     client_body_buffer_size 128k;
			
 
				     client_max_body_size 100m;
			
 
				     break;
			
--- a/docs/first_steps.md
+++ b/docs/first_steps.md
@@ -103,6 +103,8 @@ Recreate affected containers by running `docker-compose up -d`.
 
				     ProxyPass / http://127.0.0.1:8080/

			
 
				     ProxyPassReverse / http://127.0.0.1:8080/

			
 
				     ProxyPreserveHost Off

			
 
				+    RequestHeader set X-Forwarded-Proto "https"

			
 
				+    RequestHeader set X-Forwarded-Port "443"

			
 
				     your-ssl-configuration-here

			
 
				     [...]

			
 
				 

			
@@ -127,15 +129,28 @@ server {
 
				     your-ssl-configuration-here

			
 
				     location / {

			
 
				         proxy_pass http://127.0.0.1:8080/;

			
 
				-        proxy_redirect http://127.0.0.1:8080/ $scheme://$host:$server_port/;

			
 
				         proxy_set_header X-Real-IP $remote_addr;

			
 
				         proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

			
 
				         proxy_set_header X-Forwarded-Proto $scheme;

			
 
				+        proxy_set_header X-Forwarded-Port $server_port;

			
 
				     }

			
 
				     [...]

			
 
				 }

			
 
				 ```

			
 
				 

			
 
				+### HAProxy

			
 
				+```

			
 
				+frontend https-in

			
 
				+  bind :::443 v4v6 ssl crt mailcow.pem

			
 
				+  default_backend mailcow

			
 
				+

			
 
				+backend mailcow

			
 
				+  option forwardfor

			
 
				+  http-request set-header X-Forwarded-Proto https

			
 
				+  http-request set-header X-Forwarded-Port %[dst_port]

			
 
				+  server mailcow 127.0.0.1:8080 check

			
 
				+```

			
 
				+

			
 
				 ## Optional: Setup a relayhost

			
 
				 

			
 
				 Insert these lines to `data/conf/postfix/main.cf`. "relayhost" does already exist (empty), just change its value.