Эхлэл Бүгдийг харах Тусламж
Нэвтрэх
mirrors
/
mailcow-dockerized
-ын хуулбар https://github.com/mailcow/mailcow-dockerized
2
0
Салаа 0
Файлууд Асуудлууд 0 Мэдлэгийн сан
Эх сурвалжийг харах

Fix Nginx proxy pass

andryyy 8 жил өмнө
parent
ef3861d448
commit
7ca0d96bf6
1 өөрчлөгдсөн 8 нэмэгдсэн , 8 устгасан
Өөрчлөллтийг нэгтгэж харах Өөрчлөлтийн статистик харах
  1. 8 8
      docs/first_steps.md

+ 8 - 8
docs/first_steps.md
Файл харах 

@@ -13,17 +13,17 @@ mailcow uses 3 domain names that should be covered by your new certificate:
 
 This is just an example of how to obtain certificates with certbot. There are several methods!

 This is just an example of how to obtain certificates with certbot. There are several methods!

 

 

 1\. Get the certbot client:

 1\. Get the certbot client:

-```

+``` bash

 wget https://dl.eff.org/certbot-auto -O /usr/local/sbin/certbot && chmod +x /usr/local/sbin/certbot

 wget https://dl.eff.org/certbot-auto -O /usr/local/sbin/certbot && chmod +x /usr/local/sbin/certbot

 ```

 ```

 

 

 2\. Make sure you set `HTTP_BIND=0.0.0.0` in `mailcow.conf` or setup a reverse proxy to enable connections to port 80. If you changed HTTP_BIND, then restart Nginx:

 2\. Make sure you set `HTTP_BIND=0.0.0.0` in `mailcow.conf` or setup a reverse proxy to enable connections to port 80. If you changed HTTP_BIND, then restart Nginx:

-```

+``` bash

 docker-compose restart nginx-mailcow

 docker-compose restart nginx-mailcow

 ```

 ```

 

 

 3\. Request the certificate with the webroot method:

 3\. Request the certificate with the webroot method:

-```

+``` bash

 cd /path/to/git/clone/mailcow-dockerized

 cd /path/to/git/clone/mailcow-dockerized

 source mailcow.conf

 source mailcow.conf

 certbot certonly \

 certbot certonly \

@@ -37,7 +37,7 @@ certbot certonly \
 
 ```

 ```

     

     

 4\. Create hard links to the full path of the new certificates. Assuming you are still in the mailcow root folder:

 4\. Create hard links to the full path of the new certificates. Assuming you are still in the mailcow root folder:

-```

+``` bash

 mv data/assets/ssl/cert.{pem,pem.backup}

 mv data/assets/ssl/cert.{pem,pem.backup}

 mv data/assets/ssl/key.{pem,pem.backup}

 mv data/assets/ssl/key.{pem,pem.backup}

 ln $(readlink -f /etc/letsencrypt/live/${MAILCOW_HOSTNAME}/fullchain.pem) data/assets/ssl/cert.pem

 ln $(readlink -f /etc/letsencrypt/live/${MAILCOW_HOSTNAME}/fullchain.pem) data/assets/ssl/cert.pem

@@ -77,7 +77,7 @@ You don't need to change the Nginx site that comes with mailcow: dockerized.
 
 mailcow: dockerized trusts the default gateway IP 172.22.1.1 as proxy. This is very important to control access to Rspamd's web UI.

 mailcow: dockerized trusts the default gateway IP 172.22.1.1 as proxy. This is very important to control access to Rspamd's web UI.

 

 

 1\. Make sure you change HTTP_BIND and HTTPS_BIND in `mailcow.conf` to a local address and set the ports accordingly, for example:

 1\. Make sure you change HTTP_BIND and HTTPS_BIND in `mailcow.conf` to a local address and set the ports accordingly, for example:

-```

+``` bash

 HTTP_BIND=127.0.0.1

 HTTP_BIND=127.0.0.1

 HTTP_PORT=8080

 HTTP_PORT=8080

 HTTPS_PORT=127.0.0.1

 HTTPS_PORT=127.0.0.1

@@ -89,7 +89,7 @@ Recreate affected containers by running `docker-compose up -d`.
 
 2\. Configure your local webserver as reverse proxy:

 2\. Configure your local webserver as reverse proxy:

 

 

 ### Apache 2.4

 ### Apache 2.4

-```

+``` apache

 <VirtualHost *:443>

 <VirtualHost *:443>

     ServerName mail.example.org

     ServerName mail.example.org

     ServerAlias autodiscover.example.org

     ServerAlias autodiscover.example.org

@@ -123,8 +123,8 @@ server {
 
     [...]

     [...]

     your-ssl-configuration-here

     your-ssl-configuration-here

     location / {

     location / {

-        proxy_pass http://127.0.0.1:8080;

-        proxy_set_header Host $host;

+        proxy_pass http://127.0.0.1:8080/;

+        proxy_redirect http://127.0.0.1:8080/ $scheme://$host:$server_port/;

         proxy_set_header X-Real-IP $remote_addr;

         proxy_set_header X-Real-IP $remote_addr;

         proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

         proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

         proxy_set_header X-Forwarded-Proto $scheme;

         proxy_set_header X-Forwarded-Proto $scheme;