Home Verkennen Help
Inloggen
mirrors
/
mailcow-dockerized
spiegel van https://github.com/mailcow/mailcow-dockerized
2
0
Vork 0
Bestanden Issues 0 Wiki
Bladeren bron

Fix login redirect behind reverse proxy

Michael Kuron 8 jaren geleden
bovenliggende
06e64c585c
commit
d350c009b9
2 gewijzigde bestanden met toevoegingen van 17 en 7 verwijderingen
Zij-aan-zij weergave Toon Diff Stats
  1. 14 6
      data/conf/nginx/site.conf
  2. 3 1
      docs/first_steps.md

+ 14 - 6
data/conf/nginx/site.conf
Bestand weergeven 

@@ -9,6 +9,10 @@ map $http_x_forwarded_port $maybe_real_port {
 
   default $http_x_forwarded_port;
 
   ''      $server_port;
 
 }
 
+map $http_x_forwarded_host $maybe_real_host {
 
+  default $http_x_forwarded_host;
 
+  ''      $host:$real_port;
 
+}
 
 map $realip_remote_addr $real_scheme {
 
   default $scheme;
 
   172.22.1.1 $maybe_real_scheme;
 
@@ -17,6 +21,10 @@ map $realip_remote_addr $real_port {
 
   default $server_port;
 
   172.22.1.1 $maybe_real_port;
 
 }
 
+map $realip_remote_addr $real_host {
 
+  default $scheme;
 
+  172.22.1.1 $maybe_real_host;
 
+}
 
 
 server {
 
   include /etc/nginx/conf.d/listen_ssl.active;
 
@@ -53,7 +61,7 @@ server {
 
   real_ip_recursive on;
 
 
   location = /principals/ {
 
-    rewrite ^ $real_scheme://$host:$real_port/SOGo/dav;
 
+    rewrite ^ $real_scheme://$real_host/SOGo/dav;
 
     allow all;
 
   }
 
 
@@ -119,7 +127,7 @@ server {
 
     proxy_set_header x-webobjects-server-protocol HTTP/1.0;
 
     proxy_set_header x-webobjects-remote-host $remote_addr;
 
     proxy_set_header x-webobjects-server-name $server_name;
 
-    proxy_set_header x-webobjects-server-url $real_scheme://$host:$real_port;
 
+    proxy_set_header x-webobjects-server-url $real_scheme://$real_host;
 
     proxy_set_header x-webobjects-server-port $real_port;
 
     client_body_buffer_size 128k;
 
     client_max_body_size 100m;
 
@@ -133,7 +141,7 @@ server {
 
     proxy_set_header x-webobjects-server-protocol HTTP/1.0;
 
     proxy_set_header x-webobjects-remote-host $remote_addr;
 
     proxy_set_header x-webobjects-server-name $server_name;
 
-    proxy_set_header x-webobjects-server-url $real_scheme://$host:$real_port;
 
+    proxy_set_header x-webobjects-server-url $real_scheme://$real_host;
 
     proxy_set_header x-webobjects-server-port $real_port;
 
     client_body_buffer_size 128k;
 
     client_max_body_size 100m;
 
@@ -206,7 +214,7 @@ server {
 
   real_ip_recursive on;
 
 
   location = /principals/ {
 
-    rewrite ^ $real_scheme://$host:$real_port/SOGo/dav;
 
+    rewrite ^ $real_scheme://$real_host/SOGo/dav;
 
     allow all;
 
   }
 
 
@@ -272,7 +280,7 @@ server {
 
     proxy_set_header x-webobjects-server-protocol HTTP/1.0;
 
     proxy_set_header x-webobjects-remote-host $remote_addr;
 
     proxy_set_header x-webobjects-server-name $server_name;
 
-    proxy_set_header x-webobjects-server-url $real_scheme://$host:$real_port;
 
+    proxy_set_header x-webobjects-server-url $real_scheme://$real_host;
 
     proxy_set_header x-webobjects-server-port $real_port;
 
     client_body_buffer_size 128k;
 
     client_max_body_size 100m;
 
@@ -286,7 +294,7 @@ server {
 
     proxy_set_header x-webobjects-server-protocol HTTP/1.0;
 
     proxy_set_header x-webobjects-remote-host $remote_addr;
 
     proxy_set_header x-webobjects-server-name $server_name;
 
-    proxy_set_header x-webobjects-server-url $real_scheme://$host:$real_port;
 
+    proxy_set_header x-webobjects-server-url $real_scheme://$real_host;
 
     proxy_set_header x-webobjects-server-port $real_port;
 
     client_body_buffer_size 128k;
 
     client_max_body_size 100m;

+ 3 - 1
docs/first_steps.md
Bestand weergeven 

@@ -101,8 +101,8 @@ Recreate affected containers by running `docker-compose up -d`.
 
     [...]

     # You should proxy to a plain HTTP session to offload SSL processing

     ProxyPass / http://127.0.0.1:8080/

-    ProxyPassReverse / http://127.0.0.1:8080/

     ProxyPreserveHost Off

+    RequestHeader set X-Forwarded-Host "mail.example.org"

     RequestHeader set X-Forwarded-Proto "https"

     RequestHeader set X-Forwarded-Port "443"

     your-ssl-configuration-here

@@ -131,6 +131,7 @@ server {
 
         proxy_pass http://127.0.0.1:8080/;

         proxy_set_header X-Real-IP $remote_addr;

         proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

+        proxy_set_header X-Forwarded-Host $host:$server_port;

         proxy_set_header X-Forwarded-Proto $scheme;

         proxy_set_header X-Forwarded-Port $server_port;

     }

@@ -146,6 +147,7 @@ frontend https-in
 
 

 backend mailcow

   option forwardfor

+  http-request set-header X-Forwarded-Host %[req.hdr(Host)]

   http-request set-header X-Forwarded-Proto https

   http-request set-header X-Forwarded-Port %[dst_port]

   server mailcow 127.0.0.1:8080 check