首页 发现 帮助
登录
mirrors
/
mailcow-dockerized
镜像自地址 https://github.com/mailcow/mailcow-dockerized
2
0
派生 0
文件 工单管理 0 Wiki
浏览代码

Merge pull request #6290 from mailcow/fix/nginx-vhosts

[Nginx] Use vhosts for additional server names
FreddleSpl0it 7 月之前
父节点
41ba7d97fa a2e87e0880
当前提交
bbdec0960a
共有 4 个文件被更改,包括 48 次插入8 次删除
分列视图 显示文件统计
  1. 4 2
      data/Dockerfiles/nginx/bootstrap.py
  2. 23 2
      data/conf/nginx/templates/nginx.conf.j2
  3. 19 3
      data/web/inc/functions.inc.php
  4. 2 1
      docker-compose.yml

+ 4 - 2
data/Dockerfiles/nginx/bootstrap.py
查看文件 

@@ -7,7 +7,7 @@ def includes_conf(env, template_vars):
 
   listen_plain = "listen_plain.active"
 
   listen_ssl = "listen_ssl.active"
 
 
-  server_name_config = f"server_name {template_vars['MAILCOW_HOSTNAME']} autodiscover.* autoconfig.* {template_vars['ADDITIONAL_SERVER_NAMES']};"
 
+  server_name_config = f"server_name {template_vars['MAILCOW_HOSTNAME']} autodiscover.* autoconfig.* {' '.join(template_vars['ADDITIONAL_SERVER_NAMES'])};"
 
   listen_plain_config = f"listen {template_vars['HTTP_PORT']};"
 
   listen_ssl_config = f"listen {template_vars['HTTPS_PORT']};"
 
   if not template_vars['DISABLE_IPv6']:
 
@@ -42,6 +42,8 @@ def nginx_conf(env, template_vars):
 
 
 def prepare_template_vars():
 
   ipv4_network = os.getenv("IPV4_NETWORK", "172.22.1")
 
+  additional_server_names = os.getenv("ADDITIONAL_SERVER_NAMES", "")
 
+
 
   template_vars = {
 
     'IPV4_NETWORK': ipv4_network,
 
     'TRUSTED_NETWORK': os.getenv("TRUSTED_NETWORK", False),
 
@@ -49,7 +51,7 @@ def prepare_template_vars():
 
     'SKIP_SOGO': os.getenv("SKIP_SOGO", "n").lower() in ("y", "yes"),
 
     'NGINX_USE_PROXY_PROTOCOL': os.getenv("NGINX_USE_PROXY_PROTOCOL", "n").lower() in ("y", "yes"),
 
     'MAILCOW_HOSTNAME': os.getenv("MAILCOW_HOSTNAME", ""),
 
-    'ADDITIONAL_SERVER_NAMES': os.getenv("ADDITIONAL_SERVER_NAMES", "").replace(',', ' '),
 
+    'ADDITIONAL_SERVER_NAMES': [item.strip() for item in additional_server_names.split(",")],
 
     'HTTP_PORT': os.getenv("HTTP_PORT", "80"),
 
     'HTTPS_PORT': os.getenv("HTTPS_PORT", "443"),
 
     'SOGOHOST': os.getenv("SOGOHOST", ipv4_network + ".248"),

+ 23 - 2
data/conf/nginx/templates/nginx.conf.j2
查看文件 

@@ -41,7 +41,7 @@ http {
 
         https https;
 
     }
 
 
-    # Default
 
+    # Default Server Name
 
     server {
 
         listen 127.0.0.1:65510; # sogo-auth verify internal
 
         listen {{ HTTP_PORT }}{% if NGINX_USE_PROXY_PROTOCOL %} proxy_protocol{%endif%};
 
@@ -55,11 +55,32 @@ http {
 
         ssl_certificate /etc/ssl/mail/cert.pem;
 
         ssl_certificate_key /etc/ssl/mail/key.pem;
 
 
-        server_name {{ MAILCOW_HOSTNAME }} autodiscover.* autoconfig.* {{ ADDITIONAL_SERVER_NAMES }};
 
+        server_name {{ MAILCOW_HOSTNAME }} autodiscover.* autoconfig.*;
 
 
         include /etc/nginx/includes/sites-default.conf;
 
     }
 
 
+    # Additional Server Names
 
+    {% for SERVER_NAME in ADDITIONAL_SERVER_NAMES %}
 
+    server {
 
+        listen 127.0.0.1:65510; # sogo-auth verify internal
 
+        listen {{ HTTP_PORT }}{% if NGINX_USE_PROXY_PROTOCOL %} proxy_protocol{%endif%};
 
+        listen {{ HTTPS_PORT }}{% if NGINX_USE_PROXY_PROTOCOL %} proxy_protocol{%endif%} ssl;
 
+        {% if not DISABLE_IPv6 %}
 
+        listen [::]:{{ HTTP_PORT }}{% if NGINX_USE_PROXY_PROTOCOL %} proxy_protocol{%endif%};
 
+        listen [::]:{{ HTTPS_PORT }}{% if NGINX_USE_PROXY_PROTOCOL %} proxy_protocol{%endif%} ssl;
 
+        {%endif%}
 
+        http2 on;
 
+
 
+        ssl_certificate /etc/ssl/mail/cert.pem;
 
+        ssl_certificate_key /etc/ssl/mail/key.pem;
 
+
 
+        server_name {{ SERVER_NAME }};
 
+
 
+        include /etc/nginx/includes/sites-default.conf;
 
+    }
 
+    {% endfor %}
 
+
 
     # rspamd dynmaps:
 
     server {
 
         listen 8081;

+ 19 - 3
data/web/inc/functions.inc.php
查看文件 

@@ -2275,9 +2275,25 @@ function cors($action, $data = null) {
 
     break;

   }

 }

-function getBaseURL() {

-  $protocol = isset($_SERVER['HTTPS']) && $_SERVER['HTTPS'] === 'on' ? 'https' : 'http';

-  $host = $_SERVER['HTTP_HOST'];

+function getBaseURL($protocol = null) {

+  // Get current server name

+  $host = strtolower($_SERVER['SERVER_NAME']);

+

+  // craft allowed server name list

+  $mailcow_hostname = strtolower(getenv("MAILCOW_HOSTNAME"));

+  $additional_server_names = strtolower(getenv("ADDITIONAL_SERVER_NAMES")) ?: "";

+  $additional_server_names = preg_replace('/\s+/', '', $additional_server_names);

+  $allowed_server_names = $additional_server_names !== "" ? explode(',', $additional_server_names) : array();

+  array_push($allowed_server_names, $mailcow_hostname);

+

+  // Fallback to MAILCOW HOSTNAME if current server name is not in allowed list

+  if (!in_array($host, $allowed_server_names)) {

+    $host = $mailcow_hostname;

+  }

+

+  if (!isset($protocol)) {

+    $protocol = isset($_SERVER['HTTPS']) && $_SERVER['HTTPS'] === 'on' ? 'https' : 'http';

+  }

   $base_url = $protocol . '://' . $host;

 

   return $base_url;

+ 2 - 1
docker-compose.yml
查看文件 

@@ -174,6 +174,7 @@ services:
 
         - DEMO_MODE=${DEMO_MODE:-n}
 
         - WEBAUTHN_ONLY_TRUSTED_VENDORS=${WEBAUTHN_ONLY_TRUSTED_VENDORS:-n}
 
         - CLUSTERMODE=${CLUSTERMODE:-}
 
+        - ADDITIONAL_SERVER_NAMES=${ADDITIONAL_SERVER_NAMES:-}
 
       restart: always
 
       networks:
 
         mailcow-network:
 
@@ -372,7 +373,7 @@ services:
 
         - php-fpm-mailcow
 
         - sogo-mailcow
 
         - rspamd-mailcow
 
-      image: mailcow/nginx:1.01
 
+      image: mailcow/nginx:1.02
 
       dns:
 
         - ${IPV4_NETWORK:-172.22.1}.254
 
       environment: