首页 发现 帮助
登录
mirrors
/
mailcow-dockerized
镜像自地址 https://github.com/mailcow/mailcow-dockerized
2
0
派生 0
文件 工单管理 0 Wiki
浏览代码

[Nginx] Generate includes for custom configs

FreddleSpl0it 7 月之前
父节点
ee7a8624fc
当前提交
7bcd61ecb5
共有 4 个文件被更改,包括 34 次插入8 次删除
合并视图 显示文件统计
  1. 24 5
      data/Dockerfiles/nginx/bootstrap.py
  2. 8 2
      data/conf/nginx/templates/nginx.conf.j2
  3. 0 0
      data/conf/nginx/templates/sites-default.conf.j2
  4. 2 1
      docker-compose.yml

+ 24 - 5
data/Dockerfiles/nginx/bootstrap.py
查看文件 

@@ -2,6 +2,27 @@ import os
 
 import subprocess
 
 import subprocess
 
 from jinja2 import Environment, FileSystemLoader
 
 from jinja2 import Environment, FileSystemLoader
 
 
 
+def includes_conf(env, template_vars):
 
+  server_name = "server_name.active"
 
+  listen_plain = "listen_plain.active"
 
+  listen_ssl = "listen_ssl.active"
 
+
 
+  server_name_config = f"server_name {template_vars['MAILCOW_HOSTNAME']} autodiscover.* autoconfig.* {template_vars['ADDITIONAL_SERVER_NAMES']};"
 
+  listen_plain_config = f"listen {template_vars['HTTP_PORT']};"
 
+  listen_ssl_config = f"listen {template_vars['HTTPS_PORT']};"
 
+  if not template_vars['DISABLE_IPv6']:
 
+    listen_plain_config += f"\nlisten [::]:{template_vars['HTTP_PORT']};"
 
+    listen_ssl_config += f"\nlisten [::]:{template_vars['HTTPS_PORT']} ssl;"
 
+  listen_ssl_config += "\nhttp2 on;"
 
+
 
+  with open(f"/etc/nginx/conf.d/{server_name}", "w") as f:
 
+    f.write(server_name_config)
 
+
 
+  with open(f"/etc/nginx/conf.d/{listen_plain}", "w") as f:
 
+    f.write(listen_plain_config)
 
+
 
+  with open(f"/etc/nginx/conf.d/{listen_ssl}", "w") as f:
 
+    f.write(listen_ssl_config)
 
 
 
 def sites_default_conf(env, template_vars):
 
 def sites_default_conf(env, template_vars):
 
   config_name = "sites-default.conf"
 
   config_name = "sites-default.conf"
 
@@ -34,6 +55,7 @@ def prepare_template_vars():
 
     'SOGOHOST': os.getenv("SOGOHOST", ipv4_network + ".248"),
 
     'SOGOHOST': os.getenv("SOGOHOST", ipv4_network + ".248"),
 
     'RSPAMDHOST': os.getenv("RSPAMDHOST", "rspamd-mailcow"),
 
     'RSPAMDHOST': os.getenv("RSPAMDHOST", "rspamd-mailcow"),
 
     'PHPFPMHOST': os.getenv("PHPFPMHOST", "php-fpm-mailcow"),
 
     'PHPFPMHOST': os.getenv("PHPFPMHOST", "php-fpm-mailcow"),
 
+    'DISABLE_IPv6': os.getenv("DISABLE_IPv6", "n").lower() in ("y", "yes"),
 
   }
 
   }
 
 
 
   ssl_dir = '/etc/ssl/mail/'
 
   ssl_dir = '/etc/ssl/mail/'
 
@@ -60,17 +82,14 @@ def prepare_template_vars():
 
   return template_vars
 
   return template_vars
 
 
 
 def main():
 
 def main():
 
-  env = Environment(loader=FileSystemLoader('./etc/nginx/conf.d'))
 
+  env = Environment(loader=FileSystemLoader('./etc/nginx/conf.d/templates'))
 
 
 
   # Render config
 
   # Render config
 
   print("Render config")
 
   print("Render config")
 
   template_vars = prepare_template_vars()
 
   template_vars = prepare_template_vars()
 
   sites_default_conf(env, template_vars)
 
   sites_default_conf(env, template_vars)
 
   nginx_conf(env, template_vars)
 
   nginx_conf(env, template_vars)
 
-
 
-  # Validate config
 
-  print("Validate config")
 
-  subprocess.run(["nginx", "-qt"])
 
+  includes_conf(env, template_vars)
 
 
 
 
 
 if __name__ == "__main__":
 
 if __name__ == "__main__":

+ 8 - 2
data/conf/nginx/nginx.conf.j2 → data/conf/nginx/templates/nginx.conf.j2
查看文件 

@@ -27,6 +27,8 @@ http {
 
 
 
     #gzip  on;
 
     #gzip  on;
 
 
 
+    include /etc/nginx/conf.d/*.conf;
 
+
 
     # map-size.conf:
 
     # map-size.conf:
 
     map_hash_max_size 256;
 
     map_hash_max_size 256;
 
     map_hash_bucket_size 256;
 
     map_hash_bucket_size 256;
 
@@ -45,9 +47,11 @@ http {
 
     server {
 
     server {
 
         listen 127.0.0.1:65510; # sogo-auth verify internal
 
         listen 127.0.0.1:65510; # sogo-auth verify internal
 
         listen {{ HTTP_PORT }}{% if NGINX_USE_PROXY_PROTOCOL %} proxy_protocol{%endif%};
 
         listen {{ HTTP_PORT }}{% if NGINX_USE_PROXY_PROTOCOL %} proxy_protocol{%endif%};
 
-        listen [::]:{{ HTTP_PORT }}{% if NGINX_USE_PROXY_PROTOCOL %} proxy_protocol{%endif%};
 
         listen {{ HTTPS_PORT }}{% if NGINX_USE_PROXY_PROTOCOL %} proxy_protocol{%endif%} ssl;
 
         listen {{ HTTPS_PORT }}{% if NGINX_USE_PROXY_PROTOCOL %} proxy_protocol{%endif%} ssl;
 
+        {% if not DISABLE_IPv6 %}
 
+        listen [::]:{{ HTTP_PORT }}{% if NGINX_USE_PROXY_PROTOCOL %} proxy_protocol{%endif%};
 
         listen [::]:{{ HTTPS_PORT }}{% if NGINX_USE_PROXY_PROTOCOL %} proxy_protocol{%endif%} ssl;
 
         listen [::]:{{ HTTPS_PORT }}{% if NGINX_USE_PROXY_PROTOCOL %} proxy_protocol{%endif%} ssl;
 
+        {%endif%}
 
         http2 on;
 
         http2 on;
 
 
 
         ssl_certificate /etc/ssl/mail/cert.pem;
 
         ssl_certificate /etc/ssl/mail/cert.pem;
 
@@ -103,9 +107,11 @@ http {
 
     {% for cert in valid_cert_dirs %}
 
     {% for cert in valid_cert_dirs %}
 
     server {
 
     server {
 
         listen {{ HTTP_PORT }}{% if NGINX_USE_PROXY_PROTOCOL %} proxy_protocol{%endif%};
 
         listen {{ HTTP_PORT }}{% if NGINX_USE_PROXY_PROTOCOL %} proxy_protocol{%endif%};
 
-        listen [::]:{{ HTTP_PORT }}{% if NGINX_USE_PROXY_PROTOCOL %} proxy_protocol{%endif%};
 
         listen {{ HTTPS_PORT }}{% if NGINX_USE_PROXY_PROTOCOL %} proxy_protocol{%endif%} ssl;
 
         listen {{ HTTPS_PORT }}{% if NGINX_USE_PROXY_PROTOCOL %} proxy_protocol{%endif%} ssl;
 
+        {% if not DISABLE_IPv6 %}
 
+        listen [::]:{{ HTTP_PORT }}{% if NGINX_USE_PROXY_PROTOCOL %} proxy_protocol{%endif%};
 
         listen [::]:{{ HTTPS_PORT }}{% if NGINX_USE_PROXY_PROTOCOL %} proxy_protocol{%endif%} ssl;
 
         listen [::]:{{ HTTPS_PORT }}{% if NGINX_USE_PROXY_PROTOCOL %} proxy_protocol{%endif%} ssl;
 
+        {%endif%}
 
         http2 on;
 
         http2 on;
 
 
 
         ssl_certificate {{ cert.cert_path }}cert.pem;
 
         ssl_certificate {{ cert.cert_path }}cert.pem;

+ 0 - 0
data/conf/nginx/sites-default.conf.j2 → data/conf/nginx/templates/sites-default.conf.j2
查看文件


+ 2 - 1
docker-compose.yml
查看文件 

@@ -372,7 +372,7 @@ services:
 
         - php-fpm-mailcow
 
         - php-fpm-mailcow
 
         - sogo-mailcow
 
         - sogo-mailcow
 
         - rspamd-mailcow
 
         - rspamd-mailcow
 
-      image: mailcow/nginx:1.00
 
+      image: mailcow/nginx:1.01
 
       dns:
 
       dns:
 
         - ${IPV4_NETWORK:-172.22.1}.254
 
         - ${IPV4_NETWORK:-172.22.1}.254
 
       environment:
 
       environment:
 
@@ -383,6 +383,7 @@ services:
 
         - TZ=${TZ}
 
         - TZ=${TZ}
 
         - SKIP_SOGO=${SKIP_SOGO:-n}
 
         - SKIP_SOGO=${SKIP_SOGO:-n}
 
         - SKIP_RSPAMD=${SKIP_RSPAMD:-n}
 
         - SKIP_RSPAMD=${SKIP_RSPAMD:-n}
 
+        - DISABLE_IPv6=${DISABLE_IPv6:-n}
 
         - PHPFPMHOST=${PHPFPMHOST:-}
 
         - PHPFPMHOST=${PHPFPMHOST:-}
 
         - SOGOHOST=${SOGOHOST:-}
 
         - SOGOHOST=${SOGOHOST:-}
 
         - RSPAMDHOST=${RSPAMDHOST:-}
 
         - RSPAMDHOST=${RSPAMDHOST:-}